if (!fwrite($output_handle, $buffer)) { Safe::header('500 Internal Server Error'); Logger::error('Impossible to write to local file'); break; } } fclose($output_handle); // also update the database $item['file_size'] = $new_size; $item['edit_name'] = $user['nick_name']; $item['edit_id'] = $user['id']; $item['edit_address'] = $user['email']; if (!($item['id'] = Files::post($item, 'A'))) { Safe::header('500 Internal Server Error'); } else { Files::clear($item); Safe::header('200 OK'); } } // clear assignment information, if any } elseif ($action == 'release' && ($anchor->is_assigned() || isset($item['assign_id']) && Surfer::is($item['assign_id']))) { // change page title $context['page_title'] = sprintf(i18n::s('%s: %s'), i18n::s('Release reservation'), $context['page_title']); // clear assignment information if (Files::assign($item['id'], NULL)) { // inform surfer $context['text'] .= '<p>' . i18n::s('You have released this file, and other surfers can reserve it for revision.') . '</p>'; // help the surfer } else { Logger::error(i18n::s('Operation has failed.')); }
/** * transcode some references * * @param array of pairs of strings to be used in preg_replace() * * @see images/images.php */ function transcode($transcoded) { global $context; // no item bound if (!isset($this->item['id'])) { return; } // prepare preg_replace() $from = array(); $to = array(); foreach ($transcoded as $pair) { $from[] = $pair[0]; $to[] = $pair[1]; } // transcode various fields $this->item['description'] = preg_replace($from, $to, $this->item['description']); // update the database $query = "UPDATE " . SQL::table_name('files') . " SET " . " description = '" . SQL::escape($this->item['description']) . "'" . " WHERE id = " . SQL::escape($this->item['id']); SQL::query($query); // always clear the cache, even on no update Files::clear($this->item); }
// follow-up commands -- do not use #_attachments, because of thread layout, etc. $menu = array(); if (is_object($anchor)) { $menu = array_merge($menu, array($anchor->get_url('files') => i18n::s('Back to main page'))); } if (is_object($anchor) && Surfer::may_upload()) { $menu = array_merge($menu, array('files/edit.php?anchor=' . $anchor->get_reference() => i18n::s('Upload another file'))); } $follow_up .= Skin::build_list($menu, 'menu_bar'); $context['text'] .= Skin::build_block($follow_up, 'bottom'); // forward to the updated page } else { // touch the related anchor $anchor->touch('file:update', $_REQUEST['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y'); // clear cache Files::clear($_REQUEST); // increment the post counter of the surfer Users::increment_posts(Surfer::get_id()); // record surfer activity Activities::post('file:' . $_REQUEST['id'], 'upload'); if ($render_overlaid) { echo 'post done'; die; } // forward to the anchor page Safe::redirect($anchor->get_url('files')); } // display the form on GET } else { $with_form = TRUE; }
/** * change only some attributes * * @param array an array of fields * @return TRUE on success, or FALSE on error **/ public static function put_attributes(&$fields) { global $context; // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); // quey components $query = array(); // change access rights if (isset($fields['active_set'])) { // anchor cannot be empty if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // determine the actual right $fields['active'] = $anchor->ceil_rights($fields['active_set']); // remember these in this record $query[] = "active='" . SQL::escape($fields['active']) . "'"; $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'"; // cascade anchor access rights Anchors::cascade('file:' . $fields['id'], $fields['active']); } // anchor this page to another place if (isset($fields['anchor'])) { $query[] = "anchor='" . SQL::escape($fields['anchor']) . "'"; $query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)"; $query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)"; } // other fields that can be modified individually if (isset($fields['behaviors'])) { $query[] = "behaviors='" . SQL::escape($fields['behaviors']) . "'"; } if (isset($fields['description'])) { $query[] = "description='" . SQL::escape($fields['description']) . "'"; } if (isset($fields['icon_url'])) { $query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'"; } if (isset($fields['overlay'])) { $query[] = "overlay='" . SQL::escape($fields['overlay']) . "'"; } if (isset($fields['overlay_id'])) { $query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'"; } if (isset($fields['rank'])) { $query[] = "rank='" . SQL::escape($fields['rank']) . "'"; } if (isset($fields['source'])) { $query[] = "source='" . SQL::escape($fields['source']) . "'"; } if (isset($fields['thumbnail_url'])) { $query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'"; } if (isset($fields['keywords'])) { $query[] = "keywords='" . SQL::escape($fields['keywords']) . "'"; } if (isset($fields['title'])) { $fields['title'] = strip_tags($fields['title'], '<br>'); $query[] = "title='" . SQL::escape($fields['title']) . "'"; } // nothing to update if (!count($query)) { return TRUE; } // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'"; $query[] = "edit_id=" . SQL::escape($fields['edit_id']); $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'"; $query[] = "edit_action='article:update'"; $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query $query = "UPDATE " . SQL::table_name('files') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']); if (!SQL::query($query)) { return FALSE; } // clear the cache Files::clear($fields); // end of job return TRUE; }