function update()
{
if (User::is_admin()) {
$item_id = EClassApi::getParam('item_id');
$info = EClassApi::getParam('id');
if ($info == 'description') {
$value = Url::get('value');
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
require_once ROOT_PATH . 'includes/htmLawed.php';
$config = array('safe' => 1, 'elements' => '*', 'deny_attribute' => 'class, id');
$spec = 'a = title, href;';
// The 'a' element can have only these attributes
$value = htmLawed($value, $config, $spec);
$value = EClassApi::clean_value($value);
} else {
/* $value = EClassApi::cleanHtml(EClassApi::filter_title(Url::get('value')));
$value = EClassApi::trimSpace(str_replace("\n"," ",$value));
*/
$value = EClassApi::getParam('value');
mb_internal_encoding("UTF-8");
$value = mb_strtoupper(mb_substr($value, 0, 1)) . mb_substr($value, 1);
}
$info_array = array('name', 'description');
if (!in_array($info, $info_array)) {
die("no_info");
}
$row = Item::get_item($item_id);
$item_memcache = $row;
if ($info == 'description' && strlen(EClassApi::plainText(EClassApi::post_db_parse_html($value))) < 15) {
echo "unsuccess";
exit;
}
/* if(!User::is_foodnet_team()){
$arr_badwords = EClassApi::checkBadWord($value,true);
$value_badwords = $arr_badwords["bad"]."@enbac@".$arr_badwords["bad_key"];
if((strlen(trim($row['bad_words']))!=strlen(trim($value_badwords))) && strlen($arr_badwords["bad"])>0){
die('bad_content');
}
} */
//if( $item_id && User::is_login()){
if ($item_id) {
//if(($row["user_id"] == User::id() && !User::is_block()) || User::have_permit(ADMIN_ITEM) || User::have_cat_permit($row["category_id"])){
if ($info == 'name' && strlen($value) >= 5 && strlen($value) <= 150) {
$input = array('name' => $value);
$item_memcache['name'] = $value;
$output = $value;
if ($value != $row['name'] && $row['is_up_auto'] == 1) {
//Nếu thay đổi tên thì cập nhật cho cả lịch up tin
DB::query("UPDATE up_item_schedule SET des='{$value}' WHERE item_id=" . $row['id']);
}
} else {
if ($info == 'description') {
$sapo = EClassApi::word_limit(String::html2txt(EClassApi::post_db_parse_html($value)), 30, '');
$input = array('description' => $value, 'sapo' => $sapo);
$item_memcache['description'] = $value;
$output = preg_replace("/\\[([\\s]*[0-9]{1,2}[\\s]*)\\]/eis", "\$this->embeded('\$1','{$item_id}')", EClassApi::parseBBCode(Url::get('value')));
} else {
$input = array();
}
}
$item_memcache['modify_user_name'] = User::user_name();
$item_memcache['filter_des'] = "";
$input['modify_user_name'] = User::user_name();
if ($row["status"] == 2) {
$item_memcache['modify_time_user'] = TIME_NOW;
$input['modify_time_user'] = TIME_NOW;
}
if ($input) {
DB::Update('item', $input, "id='" . $item_id . "'");
///update realtime
if (SORL_FILTER_ON) {
$solr = new Solr_Search();
$solr->doUpdateItem($item_id);
}
//-----
if (MEMCACHE_ON) {
eb_memcache::do_put("item:{$item_id}", $item_memcache);
}
}
echo $output;
exit;
/* }
else{
die("no_permission");
} */
}
}
die("no_perm");
}
