Exemple #1
0
 /**
  * Apply a basic filter
  *
  * @param  string|array $var
  * @param  bool         $isNumeric
  * @return string|array
  */
 public static function applyFilter($var, $isNumeric = false)
 {
     if (is_array($var)) {
         return array_map(__METHOD__, $var);
     }
     if (is_callable('COM_applyBasicFilter')) {
         $var = COM_applyBasicFilter($var);
     } else {
         // Simulate COM_applyBasicFilter
         $var = \GLText::remove4byteUtf8Chars($var);
         $var = strip_tags($var);
         if (is_callable('COM_killJS')) {
             $var = COM_killJS($var);
             // doesn't help a lot right now, but still ...
         } else {
             $var = preg_replace('/(\\s)+[oO][nN](\\w*) ?=/', '\\1in\\2=', $var);
         }
         if ($isNumeric) {
             // Note: PHP's is_numeric() accepts values like 4e4 as numeric
             if (!is_numeric($var) || preg_match('/^-?\\d+$/', $var) == 0) {
                 $var = 0;
             }
         } else {
             $var = preg_replace('/\\/\\*.*/', '', $var);
             $var = explode("'", $var);
             $var = explode('"', $var[0]);
             $var = explode('`', $var[0]);
             $var = explode(';', $var[0]);
             $var = explode(',', $var[0]);
             $var = explode('\\', $var[0]);
             $var = $var[0];
         }
     }
     return $var;
 }
Exemple #2
0
 /**
  * Constructor
  * Sets up private search variables
  *
  * @author Tony Bibbs, tony AT geeklog DOT net
  */
 public function __construct()
 {
     global $_CONF, $_TABLES;
     // Set search criteria
     if (isset($_GET['query'])) {
         $query = COM_stripslashes($_GET['query']);
         $query = GLText::remove4byteUtf8Chars($query);
         $this->_query = strip_tags($query);
     }
     if (isset($_GET['topic'])) {
         // see if topic exists
         $tid = COM_applyFilter($_GET['topic']);
         // If it exists and user has access to it, it will return itself else an empty string
         $tid = DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'" . COM_getPermSQL('AND', 0, 2));
         $this->_topic = $tid;
     } else {
         if ($_CONF['search_use_topic']) {
             $last_topic = SESS_getVariable('topic');
             if ($last_topic != '') {
                 $this->_topic = $last_topic;
             }
         }
     }
     if (isset($_GET['datestart'])) {
         $this->_dateStart = COM_applyFilter($_GET['datestart']);
     }
     if (isset($_GET['dateend'])) {
         $this->_dateEnd = COM_applyFilter($_GET['dateend']);
     }
     if (isset($_GET['author'])) {
         $this->_author = COM_applyFilter($_GET['author']);
         // In case we got a username instead of uid, convert it.  This should
         // make custom themes for search page easier.
         if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') {
             $this->_author = DB_getItem($_TABLES['users'], 'uid', 'username=\'' . DB_escapeString($this->_author) . '\'');
         }
         if ($this->_author < 1) {
             $this->_author = '';
         }
     }
     $this->_type = isset($_GET['type']) ? COM_applyFilter($_GET['type']) : 'all';
     $this->_keyType = isset($_GET['keyType']) ? COM_applyFilter($_GET['keyType']) : $_CONF['search_def_keytype'];
     $this->_titlesOnly = isset($_GET['title']) ? true : false;
 }
Exemple #3
0
/**
 * Save topic to the database
 *
 * @param    string $tid              Topic ID
 * @param    string $topic            Name of topic (what the user sees)
 * @param    int    $inherit          whether to inherit
 * @param    int    $hidden           whether to hide
 * @param    string $parent_id        Parent ID
 * @param    string $imageUrl         (partial) URL to topic image
 * @param    string $meta_description Topic meta description
 * @param    string $meta_keywords    Topic meta keywords
 * @param    int    $sortNum          number for sort order in "Topics" block
 * @param    int    $limitNews        number of stories per page for this topic
 * @param    int    $owner_id         ID of owner
 * @param    int    $group_id         ID of group topic belongs to
 * @param    int    $perm_owner       Permissions the owner has
 * @param    int    $perm_group       Permissions the group has
 * @param    int    $perm_members     Permissions members have
 * @param    int    $perm_anon        Permissions anonymous users have
 * @param    string $is_default       'on' if this is the default topic
 * @param    string $is_archive       'on' if this is the archive topic
 * @return   string                   HTML redirect or error message
 */
function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
    global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $tid = COM_sanitizeID($tid);
    // Check if tid is a restricted name
    $restricted_tid = false;
    if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) {
        $restricted_tid = true;
    }
    // Check if tid is used by another topic
    $duplicate_tid = false;
    $old_tid = '';
    if (isset($_POST['old_tid'])) {
        $old_tid = COM_applyFilter($_POST['old_tid']);
        if (!empty($old_tid)) {
            $old_tid = COM_sanitizeID($old_tid);
            // See if new topic id
            if (strcasecmp($tid, $old_tid)) {
                if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
                    $duplicate_tid = true;
                }
            }
        } else {
            if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
                $duplicate_tid = true;
            }
        }
    }
    // Make sure parent id exists
    $parent_id_found = false;
    if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) {
        $parent_id_found = true;
    }
    // Check if parent archive topic, if so bail
    $archive_parent = false;
    $archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
    if ($parent_id == $archive_tid) {
        $archive_parent = true;
    }
    // If archive topic, make sure no child topics else bail
    $archive_child = false;
    $is_archive = $is_archive == 'on' ? 1 : 0;
    if ($is_archive) {
        if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) {
            $archive_child = true;
        }
    }
    if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
    } else {
        // Now check access to parent topic
        if ($parent_id != TOPIC_ROOT) {
            if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) {
                $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'");
                $A = DB_fetchArray($result);
                $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
            }
            $in_Group = SEC_inGroup($A['group_id']);
        } else {
            $access = 3;
            $in_Group = true;
        }
        if ($access < 3 || !$in_Group) {
            $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}.");
        } elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) {
            if ($imageUrl === '/images/topics/') {
                $imageUrl = '';
            }
            $topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
            $topic = DB_escapeString($topic);
            $meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
            $meta_description = DB_escapeString($meta_description);
            $meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
            $meta_keywords = DB_escapeString($meta_keywords);
            if ($is_default == 'on') {
                $is_default = 1;
                DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
            } else {
                $is_default = 0;
            }
            if ($is_archive) {
                // $tid is the archive topic
                // - if it wasn't already, mark all its stories "archived" now
                if ($archive_tid != $tid) {
                    $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n                            SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n                            WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
                    DB_query($sql);
                    $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
                    DB_query($sql);
                }
                // Set hidden and inherit to false since archive topic now
                $inherit = '';
                $hidden = '';
            } else {
                // $tid is not the archive topic
                // - if it was until now, reset the "archived" status of its stories
                if ($archive_tid == $tid) {
                    $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n                            SET s.statuscode = 0\n                            WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
                    DB_query($sql);
                    $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
                    DB_query($sql);
                }
            }
            $inherit = $inherit == 'on' ? 1 : 0;
            $hidden = $hidden == 'on' ? 1 : 0;
            // Cannot hide root topics so switch if needed
            if ($parent_id == TOPIC_ROOT && $hidden == 1) {
                $hidden = 0;
            }
            // If not a new topic and id change then...
            if (!empty($old_tid)) {
                if ($tid != $old_tid) {
                    changetopicid($tid, $old_tid);
                    $old_tid = DB_escapeString($old_tid);
                    DB_delete($_TABLES['topics'], 'tid', $old_tid);
                }
            }
            DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
            if ($old_tid != $tid) {
                PLG_itemSaved($tid, 'topic', $old_tid);
            } else {
                PLG_itemSaved($tid, 'topic');
            }
            // Reorder Topics, Delete topic cache and reload topic tree
            reorderTopics();
            // update feed(s)
            COM_rdfUpToDateCheck('article', $tid);
            COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13');
        } elseif ($restricted_tid) {
            $retval .= COM_errorLog($LANG27[31], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif ($duplicate_tid) {
            $retval .= COM_errorLog($LANG27[49], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif ($archive_parent) {
            $retval .= COM_errorLog($LANG27[46], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif ($archive_child) {
            $retval .= COM_errorLog($LANG27[47], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif (!$parent_id_found) {
            $retval .= COM_errorLog($LANG27[48], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } else {
            $retval .= COM_errorLog($LANG27[7], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        }
    }
    return $retval;
}
/**
* Convert wiki-formatted text to (X)HTML
*
* @param    string  $wikitext   wiki-formatted text
* @return   string              XHTML formatted text
*
*/
function COM_renderWikiText($wikitext)
{
    global $_CONF;
    if (!$_CONF['wikitext_editor']) {
        return $wikitext;
    }
    require_once $_CONF['path_system'] . 'classes/gltext.class.php';
    return GLText::renderWikiText($wikitext);
}
Exemple #5
0
/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array  $args    Contains all the data provided by the client
 * @param   string $output  OUTPUT parameter containing the returned text
 * @param   string $svc_msg OUTPUT parameter containing any service messages
 * @return  int          Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']);
        $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied']));
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_format', 'postmode');
        $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
        $args['sp_where'] = 0;
    }
    if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
        $args['sp_php'] = 0;
    }
    if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
        $args['commentcode'] = $_CONF['comment_code'];
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_SP_CONF['default_permissions'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_SP_CONF['default_permissions'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['sp_onmenu'])) {
            $args['sp_onmenu'] = '';
        } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
            $svc_msg['error_desc'] = 'Menu label missing';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_content'])) {
            $svc_msg['error_desc'] = 'No content';
            return PLG_RET_ERROR;
        }
        if (!TOPIC_checkTopicSelectionControl()) {
            $svc_msg['error_desc'] = 'No topic selected.';
            return PLG_RET_ERROR;
        }
        if (!TOPIC_hasMultiTopicAccess('topic') < 3) {
            $svc_msg['error_desc'] = 'Do not have access to one or more of selected topics.';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
            $args['sp_inblock'] = 'on';
        }
        if (empty($args['sp_centerblock'])) {
            $args['sp_centerblock'] = '';
        }
        if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
            $args['draft_flag'] = 'on';
        }
        if (empty($args['cache_time'])) {
            $args['cache_time'] = $_SP_CONF['default_cache_time'];
        }
        if (empty($args['template_flag'])) {
            $args['template_flag'] = '';
        }
        if (empty($args['template_id'])) {
            $args['template_id'] = '';
        }
    }
    // END: Staticpages defaults
    $sp_id = $args['sp_id'];
    $sp_title = $args['sp_title'];
    $sp_page_title = $args['sp_page_title'];
    $sp_content = $args['sp_content'];
    $sp_hits = $args['sp_hits'];
    $sp_format = $args['sp_format'];
    $sp_onmenu = $args['sp_onmenu'];
    $sp_onhits = $args['sp_onhits'];
    $sp_onlastupdate = $args['sp_onlastupdate'];
    $sp_label = '';
    if (!empty($args['sp_label'])) {
        $sp_label = $args['sp_label'];
    } else {
        // If empty but menu on then use title as default
        if ($sp_onmenu == 'on') {
            $sp_label = $sp_title;
        }
    }
    $meta_description = $args['meta_description'];
    $meta_keywords = $args['meta_keywords'];
    $commentcode = $args['commentcode'];
    $owner_id = $args['owner_id'];
    $group_id = $args['group_id'];
    $perm_owner = $args['perm_owner'];
    $perm_group = $args['perm_group'];
    $perm_members = $args['perm_members'];
    $perm_anon = $args['perm_anon'];
    $sp_php = $args['sp_php'];
    $sp_nf = '';
    if (!empty($args['sp_nf'])) {
        $sp_nf = $args['sp_nf'];
    }
    $sp_old_id = $args['sp_old_id'];
    $sp_centerblock = $args['sp_centerblock'];
    $draft_flag = $args['draft_flag'];
    $cache_time = $args['cache_time'];
    $template_flag = $args['template_flag'];
    $template_id = $args['template_id'];
    $sp_help = '';
    if (!empty($args['sp_help'])) {
        $sp_help = $args['sp_help'];
    }
    $sp_where = $args['sp_where'];
    $sp_inblock = $args['sp_inblock'];
    $postmode = $args['postmode'];
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original staticpage to check if it has been modified
        $o = array();
        $s = array();
        $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
        if ($r == PLG_RET_OK) {
            if ($args['gl_etag'] != $o['updated']) {
                $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
            return PLG_RET_ERROR;
        }
    }
    // Check for unique page ID
    $duplicate_id = false;
    $delete_old_page = false;
    if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
        if ($sp_id != $sp_old_id) {
            $duplicate_id = true;
        }
    } elseif (!empty($sp_old_id)) {
        if ($sp_id != $sp_old_id) {
            $delete_old_page = true;
        }
    }
    if ($duplicate_id) {
        $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor']));
        $svc_msg['error_desc'] = 'Duplicate ID';
        return PLG_RET_ERROR;
    } elseif (!empty($sp_title) && !empty($sp_content) && TOPIC_checkTopicSelectionControl() && TOPIC_hasMultiTopicAccess('topic') == 3) {
        if (empty($sp_hits)) {
            $sp_hits = 0;
        }
        if ($sp_onmenu == 'on') {
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_onhits == 'on') {
            $sp_onhits = 1;
        } else {
            $sp_onhits = 0;
        }
        if ($sp_onlastupdate == 'on') {
            $sp_onlastupdate = 1;
        } else {
            $sp_onlastupdate = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        if ($draft_flag == 'on') {
            $draft_flag = 1;
        } else {
            $draft_flag = 0;
        }
        if ($template_flag == 'on') {
            $template_flag = 1;
        } else {
            $template_flag = 0;
        }
        // Remove any autotags the user doesn't have permission to use
        $sp_content = PLG_replaceTags($sp_content, '', true);
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_content = GLText::remove4byteUtf8Chars($sp_content);
        $sp_title = strip_tags($sp_title);
        $sp_title = GLText::remove4byteUtf8Chars($sp_title);
        $sp_page_title = strip_tags($sp_page_title);
        $sp_page_title = GLText::remove4byteUtf8Chars($sp_page_title);
        $sp_label = strip_tags($sp_label);
        $sp_label = GLText::remove4byteUtf8Chars($sp_label);
        $meta_description = strip_tags($meta_description);
        $meta_description = GLText::remove4byteUtf8Chars($meta_description);
        $meta_keywords = strip_tags($meta_keywords);
        $meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
        $sp_help = GLText::remove4byteUtf8Chars($sp_help);
        $sp_content = DB_escapeString($sp_content);
        $sp_title = DB_escapeString($sp_title);
        $sp_page_title = DB_escapeString($sp_page_title);
        $sp_label = DB_escapeString($sp_label);
        $meta_description = DB_escapeString($meta_description);
        $meta_keywords = DB_escapeString($meta_keywords);
        $sp_help = DB_escapeString($sp_help);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // If PHP page then no cache
        if ($sp_php == 0) {
            if ($cache_time < -1) {
                $cache_time = $_SP_CONF['default_cache_time'];
            }
        } else {
            $cache_time = $_SP_CONF['default_cache_time'];
        }
        // If marked as a template then set id to nothing and other default settings
        if ($template_flag == 1) {
            $template_id = '';
            $sp_onmenu = 0;
            $sp_onhits = $_SP_CONF['show_hits'];
            $sp_onlastupdate = $_SP_CONF['show_date'];
            $sp_label = "";
            $sp_centerblock = 0;
            $sp_php = 0;
            $cache_time = 0;
            $sp_inblock = 0;
            $sp_nf = 0;
            $sp_hits = 0;
            $meta_description = "";
            $meta_keywords = "";
        } else {
            // See if it was a template before, if so and option changed, remove use from other pages
            if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            if ($template_id != '') {
                // If using a template, make sure php disabled
                $sp_php = 0;
                // Double check template id exists and is still a template
                $perms = SP_getPerms();
                if (!empty($perms)) {
                    $perms = ' AND ' . $perms;
                }
                if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
                    $template_id = '';
                }
            }
        }
        // make sure there's only one "entire page" static page per topic
        if ($sp_centerblock == 1 && $sp_where == 0) {
            // Retrieve Topic data
            TOPIC_getDataTopicSelectionControl($topic_option, $tids, $inherit_tids, $default_tid);
            $sql = "UPDATE {$_TABLES['staticpage']},{$_TABLES['topic_assignments']} ta SET sp_centerblock = 0\n                WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (draft_flag = 0)\n                 AND ta.type = 'staticpages' AND ta.id = sp_id ";
            if ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION) {
                $sql .= " AND (ta.tid = '{$topic_option}')";
            } else {
                $sql .= " AND (ta.tid IN ('" . implode("','", $tids) . "'))";
            }
            // if we're in a multi-language setup, we need to allow one "entire
            // page" centerblock for 'all' or 'none' per language
            if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION)) {
                $ids = explode('_', $sp_id);
                if (count($ids) > 1) {
                    $lang_id = array_pop($ids);
                    $sql .= " AND ta.tid LIKE '%\\_{$lang_id}'";
                }
            }
            DB_query($sql);
        }
        $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
        if (!in_array($sp_format, $formats)) {
            $sp_format = 'allblocks';
        }
        if (!$args['gl_svc']) {
            list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
        }
        // Retrieve created date
        $dateCreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
        if ($dateCreated == '') {
            $dateCreated = date('Y-m-d H:i:s');
        }
        DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_onhits,sp_onlastupdate,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,cache_time,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$dateCreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},{$sp_onhits},{$sp_onlastupdate},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$cache_time},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
        TOPIC_saveTopicSelectionControl('staticpages', $sp_id);
        if ($delete_old_page && !empty($sp_old_id)) {
            // If a template and the id changed, update any staticpages that use it
            if ($template_flag == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            // Delete Topic Assignments for this old staticpage since we just created new ones
            TOPIC_deleteTopicAssignments('staticpages', $sp_old_id);
            DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
        }
        if (empty($sp_old_id) || $sp_id == $sp_old_id) {
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages');
                // Clear Cache
                $cacheInstance = 'staticpage__' . $sp_id . '__';
                CACHE_remove_instance($cacheInstance);
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                    // Clear Cache
                    $cacheInstance = 'staticpage__' . $A['sp_id'] . '__';
                    CACHE_remove_instance($cacheInstance);
                }
            }
        } else {
            DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
                // Clear Cache
                $cacheInstance = 'staticpage__' . $sp_old_id . '__';
                CACHE_remove_instance($cacheInstance);
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                    // Clear Cache
                    $cacheInstance = 'staticpage__' . $A['sp_id'] . '__';
                    CACHE_remove_instance($cacheInstance);
                }
            }
        }
        $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
        $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
        $svc_msg['id'] = $sp_id;
        return PLG_RET_OK;
    } else {
        $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor']));
        return PLG_RET_ERROR;
    }
}
Exemple #6
0
 /**
  * Apply filters to the text element
  *
  * @param  string $text
  * @param  string $postMode
  * @return string
  */
 private function _applyTextFilter($text, $postMode)
 {
     $text = GLText::remove4byteUtf8Chars($text);
     if ($this->_text_version == GLTEXT_FIRST_VERSION) {
         // first version
         // Remove any autotags the user doesn't have permission to use
         $text = PLG_replaceTags($text, '', true);
         $text = COM_checkWords($text, 'story');
         if (in_array($postMode, array('html', 'adveditor', 'wikitext'))) {
             // html or wikitext
             $text = GLText::checkHTML($text, 'story.edit');
         } else {
             // plaintext
             $text = COM_makeClickableLinks(htmlspecialchars($text));
         }
     } else {
         // latest version
         // Now not do anything here to hold the raw text.
         // And do all of the text processing just before display.
     }
     return $text;
 }
Exemple #7
0
/**
 * Saves a poll
 * Saves a poll topic and potential answers to the database
 *
 * @param    string $pid          Poll topic ID
 * @param    string $old_pid      Previous poll topic ID
 * @param    array  $Q            Array of poll questions
 * @param    string $mainPage     Checkbox: poll appears on homepage
 * @param    string $topic        The text for the topic
 * @param    string $meta_description
 * @param    string $meta_keywords
 * @param    int    $statusCode   (unused)
 * @param    string $open         Checkbox: poll open for voting
 * @param    string $hideResults  Checkbox: hide results until closed
 * @param    int    $commentCode  Indicates if users can comment on poll
 * @param    array  $A            Array of possible answers
 * @param    array  $V            Array of vote per each answer
 * @param    array  $R            Array of remark per each answer
 * @param    int    $owner_id     ID of poll owner
 * @param    int    $group_id     ID of group poll belongs to
 * @param    int    $perm_owner   Permissions the owner has on poll
 * @param    int    $perm_group   Permissions the group has on poll
 * @param    int    $perm_members Permissions logged in members have on poll
 * @param    int    $perm_anon    Permissions anonymous users have on poll
 * @param    bool   $allow_multipleanswers
 * @param    string $topic_description
 * @param    string $description
 * @return   string|void
 */
function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
    global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $topic = COM_stripslashes($topic);
    $topic = COM_checkHTML($topic);
    $topic_description = strip_tags(COM_stripslashes($topic_description));
    $meta_description = strip_tags(COM_stripslashes($meta_description));
    $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
    $pid = COM_sanitizeID($pid);
    $old_pid = COM_sanitizeID($old_pid);
    if (empty($pid)) {
        if (empty($old_pid)) {
            $pid = COM_makeSid();
        } else {
            $pid = $old_pid;
        }
    }
    // check if any question was entered
    if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) {
        $retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
        return $retval;
    }
    if (!SEC_checkToken()) {
        COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
        COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
    }
    // check for poll id change
    if (!empty($old_pid) && $pid != $old_pid) {
        // check if new pid is already in use
        if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
            // TBD: abort, display editor with all content intact again
            $pid = $old_pid;
            // for now ...
        }
    }
    // start processing the poll topic
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
        $P = DB_fetchArray($result);
        $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
        COM_output($display);
        exit;
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('owner permissions: ' . $perm_owner, 1);
        COM_errorLog('group permissions: ' . $perm_group, 1);
        COM_errorLog('member permissions: ' . $perm_members, 1);
        COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
    }
    // we delete everything and re-create it with the input from the form
    $del_pid = $pid;
    if (!empty($old_pid) && $pid != $old_pid) {
        $del_pid = $old_pid;
        // delete by old pid, create using new pid below
    }
    // Retrieve Created Date before delete
    $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
    if ($created_date == '') {
        $created_date = date('Y-m-d H:i:s');
    }
    DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
    DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
    DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
    $topic = GLText::remove4byteUtf8Chars($topic);
    $topic = DB_escapeString($topic);
    $topic_description = GLText::remove4byteUtf8Chars($topic_description);
    $topic_description = DB_escapeString($topic_description);
    $meta_description = GLText::remove4byteUtf8Chars($meta_description);
    $meta_description = DB_escapeString($meta_description);
    $meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
    $meta_keywords = DB_escapeString($meta_keywords);
    $k = 0;
    // set up a counter to make sure we do assign a straight line of question id's
    // first dimension of array are the questions
    $num_questions = count($Q);
    $num_total_votes = 0;
    $num_questions_exist = 0;
    for ($i = 0; $i < $num_questions; $i++) {
        $Q[$i] = COM_stripslashes($Q[$i]);
        $Q[$i] = COM_checkHTML($Q[$i]);
        $Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]);
        $allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i]));
        $description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i])));
        if ($allow_multipleanswers[$i] == 'on') {
            $allow_multipleanswers[$i] = 1;
        } else {
            $allow_multipleanswers[$i] = 0;
        }
        if (strlen($Q[$i]) > 0) {
            // only insert questions that exist
            $num_questions_exist++;
            $Q[$i] = DB_escapeString($Q[$i]);
            DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'");
            // within the questions, we have another dimensions with answers,
            // votes and remarks
            $num_answers = count($A[$i]);
            for ($j = 0; $j < $num_answers; $j++) {
                $A[$i][$j] = COM_stripslashes($A[$i][$j]);
                $A[$i][$j] = COM_checkHTML($A[$i][$j]);
                $A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]);
                $R[$i][$j] = COM_stripslashes($R[$i][$j]);
                $R[$i][$j] = COM_checkHTML($R[$i][$j]);
                $R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]);
                if (strlen($A[$i][$j]) > 0) {
                    // only insert answers etc that exist
                    if (!is_numeric($V[$i][$j])) {
                        $V[$i][$j] = "0";
                    }
                    $A[$i][$j] = DB_escapeString($A[$i][$j]);
                    $R[$i][$j] = DB_escapeString($R[$i][$j]);
                    $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
                    DB_query($sql);
                    $num_total_votes = $num_total_votes + $V[$i][$j];
                }
            }
            $k++;
        }
    }
    // determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime'])
    if ($num_questions_exist > 0) {
        $numVoters = $num_total_votes / $num_questions_exist;
    } else {
        // This shouldn't happen
        $numVoters = $num_total_votes;
    }
    // save topics after the questions so we can include question count into table
    $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s');
    if ($mainPage == 'on') {
        $sql .= "',1";
    } else {
        $sql .= "',0";
    }
    if ($open == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    if ($hideResults == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    $sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'";
    // Save poll topic
    DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql);
    if (empty($old_pid) || $old_pid == $pid) {
        PLG_itemSaved($pid, 'polls');
    } else {
        DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls'));
        DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid));
        PLG_itemSaved($pid, 'polls', $old_pid);
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
}
Exemple #8
0
/**
 * Filters comment text and appends necessary tags (sig and/or edit)
 *
 * @copyright Jared Wenerd 2008
 * @author    Jared Wenerd, wenerd87 AT gmail DOT com
 * @param string  $comment  comment text
 * @param string  $postMode ('html', 'plaintext', ...)
 * @param string  $type     Type of item (article, polls, etc.)
 * @param boolean $edit     if true append edit tag
 * @param int     $cid      comment id if editing comment (for proper sig)
 * @return string of comment text
 */
function CMT_prepareText($comment, $postMode, $type, $edit = false, $cid = null)
{
    global $_USER, $_TABLES, $LANG03, $_CONF;
    // Remove any autotags the user doesn't have permission to use
    $comment = PLG_replaceTags($comment, '', true);
    $comment = GLText::remove4byteUtf8Chars($comment);
    if ($postMode === 'html') {
        $html_perm = $type == 'article' ? 'story.edit' : "{$type}.edit";
        $comment = COM_checkWords(COM_checkHTML(COM_stripslashes($comment), $html_perm), 'comment');
    } else {
        // plaintext
        $comment = htmlspecialchars(COM_checkWords(COM_stripslashes($comment), 'comment'));
        $newComment = COM_makeClickableLinks($comment);
        if (strcmp($comment, $newComment) != 0) {
            $comment = COM_nl2br($newComment);
        }
    }
    if ($edit) {
        $comment .= '<div class="comment-edit">' . $LANG03[30] . ' ' . strftime($_CONF['date'], time()) . ' ' . $LANG03[31] . ' ' . $_USER['username'] . '</div><!-- /COMMENTEDIT -->';
    }
    if (empty($_USER['uid'])) {
        $uid = 1;
    } elseif ($edit && is_numeric($cid)) {
        //if comment moderator
        $uid = DB_getItem($_TABLES['comments'], 'uid', "cid = '{$cid}'");
    } else {
        $uid = $_USER['uid'];
    }
    if ($uid > 1) {
        $sig = DB_getItem($_TABLES['users'], 'sig', "uid = '{$uid}'");
        if (!empty($sig)) {
            $comment .= '<!-- COMMENTSIG --><div class="comment-sig">';
            if ($postMode == 'html') {
                $comment .= '---<br' . XHTML . '>' . COM_nl2br($sig);
            } else {
                $comment .= '---' . LB . $sig;
            }
            $comment .= '</div><!-- /COMMENTSIG -->';
        }
    }
    return $comment;
}
Exemple #9
0
function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17;
    // Convert array values to numeric permission values
    if (is_array($perm_owner) || is_array($perm_group) || is_array($perm_members) || is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    $description = COM_checkHTML(COM_checkWords($description), 'links.edit');
    $description = GLText::remove4byteUtf8Chars($description);
    $description = DB_escapeString($description);
    $category = COM_checkHTML(COM_checkWords($category), 'links.edit');
    $category = GLText::remove4byteUtf8Chars($category);
    $category = DB_escapeString($category);
    $pid = DB_escapeString(strip_tags($pid));
    $cid = DB_escapeString(strip_tags($cid));
    $old_cid = DB_escapeString(strip_tags($old_cid));
    if (empty($category) || empty($description)) {
        return 7;
    }
    // Check cid to make sure not illegal
    if ($cid == DB_escapeString($_LI_CONF['root']) || $cid === 'user') {
        return 11;
    }
    if (!empty($cid) && $cid != $old_cid) {
        // this is either a new category or an attempt to change the cid
        // - check that cid doesn't exist yet
        $ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'");
        if (!empty($ctrl)) {
            if (isset($PLG_links_MESSAGE17)) {
                return 17;
            } else {
                return 11;
            }
        }
    }
    // Check that they didn't delete the cid. If so, get the hidden one
    if (empty($cid) && !empty($old_cid)) {
        $cid = $old_cid;
    }
    // Make sure they aren't making a parent category child of one of it's own
    // children. This would create orphans
    if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) {
        return 12;
    }
    if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) {
        // update existing item, but new cid so get access from database with old cid
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
        // set flag
        $update = "existing";
    } elseif (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) {
        // update existing item, same cid, so get access from database with existing cid
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
        // set flag
        $update = 'same';
    } else {
        // new item, so use passed values
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
        // set flag
        $update = 'new';
    }
    if ($access < 3) {
        // no access rights: user should not be here
        COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid));
        return 6;
    } else {
        // save item
        if ($update === 'existing') {
            // update an existing item but new cid
            $sql = "UPDATE {$_TABLES['linkcategories']}\n                    SET cid='{$cid}',\n                        pid='{$pid}',\n                        tid='{$tid}',category='{$category}',\n                        description='{$description}',\n                        modified=NOW(),\n                        owner_id='{$owner_id}',group_id='{$group_id}',\n                        perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n                        perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n                    WHERE cid = '{$old_cid}'";
            $result = DB_query($sql);
            // Also need to update links for this category
            $sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'";
            $result = DB_query($sql);
        } elseif ($update === 'same') {
            // update an existing item
            $sql = "UPDATE {$_TABLES['linkcategories']}\n                    SET pid='{$pid}',\n                        tid='{$tid}',category='{$category}',\n                        description='{$description}',\n                        modified=NOW(),\n                        owner_id='{$owner_id}',group_id='{$group_id}',\n                        perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n                        perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n                    WHERE cid = '{$cid}'";
            $result = DB_query($sql);
        } else {
            // insert a new item
            if (empty($cid)) {
                $cid = COM_makeSid();
            }
            $sql = "INSERT INTO {$_TABLES['linkcategories']}\n                    (cid, pid, category, description, tid,\n                    created,modified,\n                    owner_id, group_id, perm_owner, perm_group,\n                    perm_members, perm_anon)\n                    VALUES\n                    ('{$cid}','{$pid}','{$category}',\n                    '{$description}','{$tid}',\n                    NOW(),NOW(),\n                    '{$owner_id}','{$group_id}','{$perm_owner}',\n                    '{$perm_group}','{$perm_members}','{$perm_anon}')";
            $result = DB_query($sql);
        }
        if ($update === 'existing' && $cid != $old_cid) {
            PLG_itemSaved($cid, 'links.category', $old_cid);
        } else {
            PLG_itemSaved($cid, 'links.category');
        }
    }
    return 10;
    // success message
}
Exemple #10
0
function dlformat(&$T, &$A, $isListing = false, $cid = ROOTID)
{
    global $_CONF, $_TABLES, $LANG01, $_DLM_CONF, $LANG_DLM, $mytree;
    $A['rating'] = number_format($A['rating'], 2);
    $A['title'] = DLM_htmlspecialchars($A['title']);
    $A['project'] = DLM_htmlspecialchars($A['project']);
    $A['url'] = DLM_htmlspecialchars($A['url']);
    $A['homepage'] = DLM_htmlspecialchars($A['homepage']);
    $A['version'] = DLM_htmlspecialchars($A['version']);
    $A['size'] = DLM_htmlspecialchars($A['size']);
    $A['md5'] = DLM_htmlspecialchars($A['md5']);
    $A['logourl'] = DLM_htmlspecialchars($A['logourl']);
    $A['postmode'] = DLM_htmlspecialchars($A['postmode']);
    $A['tags'] = DLM_htmlspecialchars($A['tags']);
    $A['datetime'] = strftime($_DLM_CONF['date_format'], $A['date']);
    if (version_compare(VERSION, '2.1.0') >= 0) {
        require_once $_CONF['path_system'] . 'classes/gltext.class.php';
        $A['description'] = GLText::getDisplayText($A['description'], $A['postmode'], 2);
        $A['detail'] = GLText::getDisplayText($A['detail'], $A['postmode'], 2);
    } else {
        require_once $_CONF['path'] . 'plugins/downloads/include/gltext.class.php';
        $gltext = new GLPText();
        $A['description'] = $gltext->getDisplayText($A['description'], $A['postmode']);
        $A['detail'] = $gltext->getDisplayText($A['detail'], $A['postmode']);
    }
    $filedetail_url = COM_buildURL($_CONF['site_url'] . '/downloads/index.php?id=' . $A['lid']);
    $visitfile_url = COM_buildURL($_CONF['site_url'] . '/downloads/visit.php?id=' . $A['lid']);
    if ($isListing && !empty($A['detail'])) {
        $A['description'] .= '<p class="download-break">' . COM_createLink($LANG_DLM['more'], $filedetail_url) . '</p>';
    }
    $result = DB_query("SELECT username, fullname, photo " . "FROM {$_TABLES['users']} " . "WHERE uid = {$A['owner_id']}");
    $B = DB_fetchArray($result);
    $submitter_name = COM_getDisplayName($A['owner_id'], $B['username'], $B['fullname']);
    if (empty($submitter_name)) {
        $submitter_name = $LANG_DLM['unknown_uid'];
    } else {
        $submitter_name = COM_createLink($submitter_name, $_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $A['owner_id']);
    }
    $path = $mytree->getNicePathFromId($A['cid'], 'title', $_CONF['site_url'] . '/downloads/index.php');
    $temp = $mytree->getSepalator();
    $path = substr($path, 0, strlen($path) - strlen($temp));
    $path = str_replace($temp, ' <img src="' . $_CONF['site_url'] . '/downloads/images/arrow.gif" alt="arrow"' . XHTML . '> ', $path);
    $tags = '-';
    if (!empty($A['tags'])) {
        $tags = getTagList($A['tags']);
        if (empty($tags)) {
            $tags = '-';
        }
    }
    $notags = $tags == '-' ? 'dlm_notags' : '';
    $T->set_var('lang_category', $LANG_DLM['category']);
    $T->set_var('category_path', $path);
    $T->set_var('lang_tags', $LANG_DLM['tags']);
    $T->set_var('tags', $tags);
    $T->set_var('notags', $notags);
    $T->set_var('lang_submitter', $LANG_DLM['submitter']);
    $T->set_var('submitter_name', $submitter_name);
    $T->set_var('lid', $A['lid']);
    $T->set_var('cid', $A['cid']);
    $T->set_var('lang_dlnow', $LANG_DLM['dlnow']);
    $T->set_var('dtitle', $A['title']);
    $T->set_var('filedetail_url', $filedetail_url);
    $T->set_var('visitfile_url', $visitfile_url);
    $T->set_var('listing_cid', $cid);
    $T->set_var('lang_download_button', $LANG_DLM['download_button']);
    $startdate = time() - 60 * 60 * 24 * 7;
    if ($startdate < $A['date']) {
        $image_new = COM_createImage($_CONF['site_url'] . '/downloads/images/newred.gif', $LANG_DLM['newthisweek']);
        $newdownload = '<span class="badgenew">NEW</span>';
    }
    $T->set_var('image_newdownload', $image_new);
    // Image (New)
    $T->set_var('newdownload', $newdownload);
    // Badge (New)
    if ($A['hits'] >= $_DLM_CONF['download_popular']) {
        $image_pop = COM_createImage($_CONF['site_url'] . '/downloads/images/pop.gif', $LANG_DLM['popular']);
        $popdownload = '<span class="badgepop">POP</span>';
    }
    $T->set_var('image_popular', $image_pop);
    // Image (Pop)
    $T->set_var('popdownload', $popdownload);
    // Badge (Pop)
    // category image
    $cat_title = DLM_htmlspecialchars($A['cat_title']);
    if ($_DLM_CONF['download_useshots'] && !empty($A['imgurl'])) {
        $imgurl = $_DLM_CONF['snapcat_url'] . '/' . DLM_htmlspecialchars($A['imgurl']);
    } else {
        $imgurl = $_CONF['site_url'] . '/downloads/images/download.png';
    }
    $category_image = COM_createImage($imgurl, $cat_title, array('width' => $_DLM_CONF['download_shotwidth']));
    $T->set_var('category_image', $category_image);
    $T->set_var('download_title', $LANG_DLM['click2dl'] . ': ' . $A['url']);
    $T->set_var('url', $A['url']);
    $T->set_var('file_description', $A['description']);
    $T->set_var('file_detail', $A['detail']);
    $T->set_var('rating', $A['rating']);
    if ($A['rating'] != "0" || $A['rating'] != "0.00") {
        $votestring = sprintf($LANG_DLM['numvotes'], $A['votes']);
    }
    $T->set_var('votestring', $votestring);
    if (!empty($A['mg_autotag'])) {
        // use the mediagallery autotag as a snapshot.
        $mg_autotag = str_replace(array('[', ']'), '', $A['mg_autotag']);
        $mg_autotag = '[' . $mg_autotag . ' width:' . $_DLM_CONF['max_tnimage_width'] . ' height:' . $_DLM_CONF['max_tnimage_height'] . ' align:left]';
        $T->set_var('mg_autotag', PLG_replaceTags($mg_autotag, 'mediagallery'));
        $T->set_var('snapshot', '');
        $T->set_var('snaplinkicon', '');
    } elseif (!empty($A['logourl'])) {
        $safename = DLM_createSafeFileName($A['logourl']);
        $imgpath = $_DLM_CONF['path_tnstore'] . $safename;
        $imgpath = DLM_modTNPath($imgpath);
        $tnimgurl = $_DLM_CONF['tnstore_url'] . '/' . $safename;
        $tnimgurl = substr($tnimgurl, 0, -3) . substr($imgpath, -3);
        // align the extension
        $sizeattributes = DLM_getImgSizeAttr($imgpath);
        $T->set_var('snapshot_url', $_DLM_CONF['snapstore_url'] . '/' . $safename);
        $T->set_var('thumbnail_url', $tnimgurl);
        $T->set_var('snapshot_sizeattr', $sizeattributes);
        $T->set_var('lang_click2see', $LANG_DLM['click2see']);
        $T->set_var('show_snapshoticon', '');
        $T->set_var('show_snapshoticon_na', 'none');
        $T->set_var('mg_autotag', '');
        if ($_DLM_CONF['show_tn_image']) {
            $T->parse('snapshot', 'tsnapshot');
        } else {
            $T->parse('snaplinkicon', 'tsnaplinkicon');
        }
    } else {
        $tnimgurl = $_CONF['site_url'] . '/downloads/images/blank.png';
        $T->set_var('thumbnail_url', $tnimgurl);
        $T->set_var('snapshot_url', $_CONF['site_url'] . '/downloads/index.php');
        $T->set_var('snapshot_sizeattr', 'width="200" height="200" ');
        $T->set_var('show_snapshoticon', 'none');
        $T->set_var('show_snapshoticon_na', '');
        $T->parse('snapshot', 'tsnapshot');
        $T->set_var('snaplinkicon', '');
        $T->set_var('mg_autotag', '');
    }
    $T->set_var('lang_version', $LANG_DLM['ver']);
    $T->set_var('lang_rating', $LANG_DLM['ratingc']);
    $T->set_var('lang_submitdate', $LANG_DLM['submitdate']);
    $T->set_var('lang_size', $LANG_DLM['size']);
    $T->set_var('datetime', $A['datetime']);
    $T->set_var('version', $A['version']);
    // Check if restricted access has been enabled for download report to admin's only
    if ($A['hits'] > 0 && DLM_hasAccess_history()) {
        $T->set_var('begin_dlreport_link', '<a href="' . COM_buildURL($_CONF['site_url'] . '/downloads/history.php?lid=' . $A['lid']) . '">');
        $T->set_var('end_dlreport_link', '</a>');
    } else {
        $T->set_var('begin_dlreport_link', '');
        $T->set_var('end_dlreport_link', '');
    }
    $T->set_var('download_times', sprintf($LANG_DLM['dltimes'], $A['hits']));
    $T->set_var('download_count', $A['hits']);
    $T->set_var('lang_popularity', $LANG_DLM['popularity']);
    $T->set_var('lang_filesize', $LANG_DLM['filesize']);
    $T->set_var('file_size', DLM_PrettySize($A['size']));
    $T->set_var('homepage_url', $A['homepage']);
    $T->set_var('homepage_link', '-');
    if (!empty($A['homepage'])) {
        $T->set_var('homepage_link', COM_makeClickableLinks($A['homepage']));
    }
    $T->set_var('lang_homepage', $LANG_DLM['homepage']);
    $T->set_var('lang_download', $LANG_DLM['download']);
    $T->set_var('lang_filelink', $LANG_DLM['filelink']);
    $T->set_var('lang_permalink', $LANG_DLM['permalink']);
    $T->set_var('lang_ratethisfile', $LANG_DLM['ratethisfile']);
    $T->set_var('lang_edit', $LANG_DLM['edit']);
    $T->set_var('show_editlink', $_DLM_CONF['has_edit_rights'] ? '' : 'none');
    $T->set_var('lang_md5_checksum', $LANG_DLM['md5_checksum']);
    $T->set_var('md5_checksum', $A['md5']);
    if ($A['commentcode'] == 0) {
        $commentCount = DB_count($_TABLES['comments'], 'sid', addslashes($A['lid']));
        $recentPostMessage = $LANG_DLM['commentswanted'];
        if ($commentCount > 0) {
            $result4 = DB_query("SELECT cid, UNIX_TIMESTAMP(date) AS day, username " . "FROM {$_TABLES['comments']}, {$_TABLES['users']} " . "WHERE {$_TABLES['users']}.uid = {$_TABLES['comments']}.uid " . "AND sid = '" . addslashes($A['lid']) . "' " . "ORDER BY date DESC LIMIT 1");
            $C = DB_fetchArray($result4);
            $recentPostMessage = $LANG01[27] . ': ' . strftime($_CONF['daytime'], $C['day']) . ' ' . $LANG01[104] . ' ' . $C['username'];
            $comment_link = COM_createLink($commentCount . '&nbsp;' . $LANG01[3], $filedetail_url, array('title' => $recentPostMessage));
        } else {
            $A['title'] = str_replace('&#039;', "'", $A['title']);
            $A['title'] = str_replace('&amp;', '&', $A['title']);
            $url = $_CONF['site_url'] . '/comment.php?type=downloads&amp;sid=' . $A['lid'] . '&amp;title=' . rawurlencode($A['title']);
            $comment_link = COM_createLink($LANG_DLM['entercomment'], $url, array('title' => $recentPostMessage));
        }
        $T->set_var('comment_link', $comment_link);
        $T->set_var('show_comments', '');
    } else {
        $T->set_var('show_comments', 'none');
    }
}
/**
 * Convert wiki-formatted text to (X)HTML
 *
 * @param    string $wikiText wiki-formatted text
 * @return   string              XHTML formatted text
 */
function COM_renderWikiText($wikiText)
{
    global $_CONF;
    if (!$_CONF['wikitext_editor']) {
        return $wikiText;
    }
    return GLText::renderWikiText($wikiText);
}
Exemple #12
0
/**
 * Saves link to the database
 *
 * @param    string $lid          ID for link
 * @param    string $old_lid      old ID for link
 * @param    string $cid          cid of category link belongs to
 * @param    string $categoryDd   Category links belong to
 * @param    string $url          URL of link to save
 * @param    string $description  Description of link
 * @param    string $title        Title of link
 * @param    int    $hits         Number of hits for link
 * @param    int    $owner_id     ID of owner
 * @param    int    $group_id     ID of group link belongs to
 * @param    int    $perm_owner   Permissions the owner has
 * @param    int    $perm_group   Permissions the group has
 * @param    int    $perm_members Permissions members have
 * @param    int    $perm_anon    Permissions anonymous users have
 * @return   string               HTML redirect or error message
 */
function savelink($lid, $old_lid, $cid, $categoryDd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    if (is_array($perm_owner) || is_array($perm_group) || is_array($perm_members) || is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    $description = COM_checkHTML(COM_checkWords($description), 'links.edit');
    $description = GLText::remove4byteUtf8Chars($description);
    $description = DB_escapeString($description);
    $title = strip_tags(COM_checkWords($title));
    $title = GLText::remove4byteUtf8Chars($title);
    $title = DB_escapeString($title);
    $cid = GLText::remove4byteUtf8Chars($cid);
    $cid = DB_escapeString($cid);
    if (empty($owner_id)) {
        // this is new link from admin, set default values
        $owner_id = $_USER['uid'];
        if (isset($_GROUPS['Links Admin'])) {
            $group_id = $_GROUPS['Links Admin'];
        } else {
            $group_id = SEC_getFeatureGroup('links.edit');
        }
        $perm_owner = 3;
        $perm_group = 2;
        $perm_members = 2;
        $perm_anon = 2;
    }
    $lid = COM_sanitizeID($lid);
    $old_lid = COM_sanitizeID($old_lid);
    if (empty($lid)) {
        if (empty($old_lid)) {
            $lid = COM_makeSid();
        } else {
            $lid = $old_lid;
        }
    }
    // check for link id change
    if (!empty($old_lid) && $lid != $old_lid) {
        // check if new lid is already in use
        if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
            // TBD: abort, display editor with all content intact again
            $lid = $old_lid;
            // for now ...
        }
    }
    $access = 0;
    $old_lid = DB_escapeString($old_lid);
    if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
        COM_output($display);
        exit;
    } elseif (!empty($title) && !empty($description) && !empty($url)) {
        if ($categoryDd != $LANG_LINKS_ADMIN[7] && !empty($categoryDd)) {
            $cid = DB_escapeString($categoryDd);
        } elseif ($categoryDd != $LANG_LINKS_ADMIN[7]) {
            COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php');
        }
        DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
        DB_delete($_TABLES['links'], 'lid', $old_lid);
        DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        if (empty($old_lid) || $old_lid == $lid) {
            PLG_itemSaved($lid, 'links');
        } else {
            PLG_itemSaved($lid, 'links', $old_lid);
        }
        // Get category for rdf check
        $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
        COM_rdfUpToDateCheck('links', $category, $lid);
        return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
    } else {
        // missing fields
        $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
        if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
            $retval .= editlink('edit', $old_lid);
        } else {
            $retval .= editlink('edit', '');
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
        return $retval;
    }
}
Exemple #13
0
function gf_preparefordb($message, $postmode)
{
    global $CONF_FORUM, $_CONF;
    // if magic quotes is on, remove the slashes from the $_POST
    if (get_magic_quotes_gpc()) {
        $message = stripslashes($message);
    }
    // Remove Icons if database cannot store them (ie table collation needs to be utf8mb4)
    $message = GLText::remove4byteUtf8Chars($message);
    if ($CONF_FORUM['use_glfilter'] == 1 && ($postmode == 'html' || $postmode == 'HTML')) {
        $message = gf_checkHTMLforSQL($message, $postmode);
    }
    if ($CONF_FORUM['use_censor']) {
        $message = COM_checkWords($message);
    }
    $message = addslashes($message);
    return $message;
}
 function _saveToDatabase($mode = '')
 {
     global $_CONF, $_TABLES;
     $sql_additions = '';
     if (version_compare(VERSION, '2.1.0') >= 0) {
         $this->_text_version = GLTEXT_LATEST_VERSION;
         $text_version = $this->_text_version;
         $sql_additions = "text_version='{$text_version}', ";
         // Apply HTML filter to the text just before save
         // with the permissions of current editor
         require_once $_CONF['path_system'] . 'classes/gltext.class.php';
         $description = GLText::applyHTMLFilter($this->_description, $this->_postmode, 'story.edit', $this->_text_version);
         $detail = GLText::applyHTMLFilter($this->_detail, $this->_postmode, 'story.edit', $this->_text_version);
     } else {
         $description = $this->_description;
         $detail = $this->_detail;
     }
     $lid = addslashes($this->_lid);
     $cid = addslashes($this->_cid);
     $title = addslashes($this->_title);
     $url = addslashes($this->_url);
     $homepage = addslashes($this->_homepage);
     $version = addslashes($this->_version);
     $size = (int) $this->_size;
     $md5 = addslashes($this->_md5);
     $logourl = addslashes($this->_logourl);
     $mg_autotag = addslashes($this->_mg_autotag);
     $tags = addslashes($this->_tags);
     $date = (int) $this->_date;
     $commentcode = (int) $this->_commentcode;
     $project = addslashes($this->_project);
     $description = addslashes($description);
     $detail = addslashes($detail);
     $owner_id = (int) $this->_owner_id;
     $postmode = addslashes($this->_postmode);
     $is_released = (int) $this->_is_released;
     $is_listing = (int) $this->_is_listing;
     $createddate = addslashes($this->_createddate);
     $table = empty($mode) ? $_TABLES['downloads'] : $_TABLES['downloadsubmission'];
     DB_query("UPDATE {$table} " . "SET lid='{$lid}', cid='{$cid}', title='{$title}', url='{$url}', mg_autotag='{$mg_autotag}', tags='{$tags}', " . "homepage='{$homepage}', project='{$project}', description='{$description}', detail='{$detail}', " . "version='{$version}', size={$size}, md5='{$md5}', commentcode={$commentcode}, owner_id={$owner_id}, " . "postmode='{$postmode}', logourl='{$logourl}', is_released={$is_released}, is_listing={$is_listing}, " . $sql_additions . "date={$date}, createddate='{$createddate}' " . "WHERE lid='{$this->_old_lid}'");
     if ($this->_old_lid == $this->_lid) {
         PLG_itemSaved($this->_lid, 'downloads');
     } else {
         DB_change($_TABLES['comments'], 'sid', addslashes($this->_lid), array('sid', 'type'), array(addslashes($this->_old_lid), 'downloads'));
         PLG_itemSaved($this->_lid, 'downloads', $this->_old_lid);
     }
     COM_rdfUpToDateCheck('downloads', $this->_cid, $this->_lid);
 }