/**
* Apply a basic filter
*
* @param string|array $var
* @param bool $isNumeric
* @return string|array
*/
public static function applyFilter($var, $isNumeric = false)
{
if (is_array($var)) {
return array_map(__METHOD__, $var);
}
if (is_callable('COM_applyBasicFilter')) {
$var = COM_applyBasicFilter($var);
} else {
// Simulate COM_applyBasicFilter
$var = \GLText::remove4byteUtf8Chars($var);
$var = strip_tags($var);
if (is_callable('COM_killJS')) {
$var = COM_killJS($var);
// doesn't help a lot right now, but still ...
} else {
$var = preg_replace('/(\\s)+[oO][nN](\\w*) ?=/', '\\1in\\2=', $var);
}
if ($isNumeric) {
// Note: PHP's is_numeric() accepts values like 4e4 as numeric
if (!is_numeric($var) || preg_match('/^-?\\d+$/', $var) == 0) {
$var = 0;
}
} else {
$var = preg_replace('/\\/\\*.*/', '', $var);
$var = explode("'", $var);
$var = explode('"', $var[0]);
$var = explode('`', $var[0]);
$var = explode(';', $var[0]);
$var = explode(',', $var[0]);
$var = explode('\\', $var[0]);
$var = $var[0];
}
}
return $var;
}
/**
* Constructor
* Sets up private search variables
*
* @author Tony Bibbs, tony AT geeklog DOT net
*/
public function __construct()
{
global $_CONF, $_TABLES;
// Set search criteria
if (isset($_GET['query'])) {
$query = COM_stripslashes($_GET['query']);
$query = GLText::remove4byteUtf8Chars($query);
$this->_query = strip_tags($query);
}
if (isset($_GET['topic'])) {
// see if topic exists
$tid = COM_applyFilter($_GET['topic']);
// If it exists and user has access to it, it will return itself else an empty string
$tid = DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'" . COM_getPermSQL('AND', 0, 2));
$this->_topic = $tid;
} else {
if ($_CONF['search_use_topic']) {
$last_topic = SESS_getVariable('topic');
if ($last_topic != '') {
$this->_topic = $last_topic;
}
}
}
if (isset($_GET['datestart'])) {
$this->_dateStart = COM_applyFilter($_GET['datestart']);
}
if (isset($_GET['dateend'])) {
$this->_dateEnd = COM_applyFilter($_GET['dateend']);
}
if (isset($_GET['author'])) {
$this->_author = COM_applyFilter($_GET['author']);
// In case we got a username instead of uid, convert it. This should
// make custom themes for search page easier.
if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') {
$this->_author = DB_getItem($_TABLES['users'], 'uid', 'username=\'' . DB_escapeString($this->_author) . '\'');
}
if ($this->_author < 1) {
$this->_author = '';
}
}
$this->_type = isset($_GET['type']) ? COM_applyFilter($_GET['type']) : 'all';
$this->_keyType = isset($_GET['keyType']) ? COM_applyFilter($_GET['keyType']) : $_CONF['search_def_keytype'];
$this->_titlesOnly = isset($_GET['title']) ? true : false;
}
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param int $inherit whether to inherit
* @param int $hidden whether to hide
* @param string $parent_id Parent ID
* @param string $imageUrl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortNum number for sort order in "Topics" block
* @param int $limitNews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
// Check if tid is a restricted name
$restricted_tid = false;
if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) {
$restricted_tid = true;
}
// Check if tid is used by another topic
$duplicate_tid = false;
$old_tid = '';
if (isset($_POST['old_tid'])) {
$old_tid = COM_applyFilter($_POST['old_tid']);
if (!empty($old_tid)) {
$old_tid = COM_sanitizeID($old_tid);
// See if new topic id
if (strcasecmp($tid, $old_tid)) {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
} else {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
}
// Make sure parent id exists
$parent_id_found = false;
if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) {
$parent_id_found = true;
}
// Check if parent archive topic, if so bail
$archive_parent = false;
$archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
if ($parent_id == $archive_tid) {
$archive_parent = true;
}
// If archive topic, make sure no child topics else bail
$archive_child = false;
$is_archive = $is_archive == 'on' ? 1 : 0;
if ($is_archive) {
if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) {
$archive_child = true;
}
}
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} else {
// Now check access to parent topic
if ($parent_id != TOPIC_ROOT) {
if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
$in_Group = SEC_inGroup($A['group_id']);
} else {
$access = 3;
$in_Group = true;
}
if ($access < 3 || !$in_Group) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}.");
} elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) {
if ($imageUrl === '/images/topics/') {
$imageUrl = '';
}
$topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
$topic = DB_escapeString($topic);
$meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
$meta_keywords = DB_escapeString($meta_keywords);
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archive_tid != $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
// Set hidden and inherit to false since archive topic now
$inherit = '';
$hidden = '';
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archive_tid == $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.statuscode = 0\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
}
$inherit = $inherit == 'on' ? 1 : 0;
$hidden = $hidden == 'on' ? 1 : 0;
// Cannot hide root topics so switch if needed
if ($parent_id == TOPIC_ROOT && $hidden == 1) {
$hidden = 0;
}
// If not a new topic and id change then...
if (!empty($old_tid)) {
if ($tid != $old_tid) {
changetopicid($tid, $old_tid);
$old_tid = DB_escapeString($old_tid);
DB_delete($_TABLES['topics'], 'tid', $old_tid);
}
}
DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if ($old_tid != $tid) {
PLG_itemSaved($tid, 'topic', $old_tid);
} else {
PLG_itemSaved($tid, 'topic');
}
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article', $tid);
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13');
} elseif ($restricted_tid) {
$retval .= COM_errorLog($LANG27[31], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($duplicate_tid) {
$retval .= COM_errorLog($LANG27[49], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_parent) {
$retval .= COM_errorLog($LANG27[46], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_child) {
$retval .= COM_errorLog($LANG27[47], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif (!$parent_id_found) {
$retval .= COM_errorLog($LANG27[48], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} else {
$retval .= COM_errorLog($LANG27[7], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
}
}
return $retval;
}
/**
* Convert wiki-formatted text to (X)HTML
*
* @param string $wikitext wiki-formatted text
* @return string XHTML formatted text
*
*/
function COM_renderWikiText($wikitext)
{
global $_CONF;
if (!$_CONF['wikitext_editor']) {
return $wikitext;
}
require_once $_CONF['path_system'] . 'classes/gltext.class.php';
return GLText::renderWikiText($wikitext);
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array $args Contains all the data provided by the client
* @param string $output OUTPUT parameter containing the returned text
* @param string $svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied']));
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_format', 'postmode');
$par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (!TOPIC_checkTopicSelectionControl()) {
$svc_msg['error_desc'] = 'No topic selected.';
return PLG_RET_ERROR;
}
if (!TOPIC_hasMultiTopicAccess('topic') < 3) {
$svc_msg['error_desc'] = 'Do not have access to one or more of selected topics.';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
$args['draft_flag'] = 'on';
}
if (empty($args['cache_time'])) {
$args['cache_time'] = $_SP_CONF['default_cache_time'];
}
if (empty($args['template_flag'])) {
$args['template_flag'] = '';
}
if (empty($args['template_id'])) {
$args['template_id'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_title = $args['sp_title'];
$sp_page_title = $args['sp_page_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_onhits = $args['sp_onhits'];
$sp_onlastupdate = $args['sp_onlastupdate'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
} else {
// If empty but menu on then use title as default
if ($sp_onmenu == 'on') {
$sp_label = $sp_title;
}
}
$meta_description = $args['meta_description'];
$meta_keywords = $args['meta_keywords'];
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$draft_flag = $args['draft_flag'];
$cache_time = $args['cache_time'];
$template_flag = $args['template_flag'];
$template_id = $args['template_id'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor']));
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content) && TOPIC_checkTopicSelectionControl() && TOPIC_hasMultiTopicAccess('topic') == 3) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_onhits == 'on') {
$sp_onhits = 1;
} else {
$sp_onhits = 0;
}
if ($sp_onlastupdate == 'on') {
$sp_onlastupdate = 1;
} else {
$sp_onlastupdate = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
if ($draft_flag == 'on') {
$draft_flag = 1;
} else {
$draft_flag = 0;
}
if ($template_flag == 'on') {
$template_flag = 1;
} else {
$template_flag = 0;
}
// Remove any autotags the user doesn't have permission to use
$sp_content = PLG_replaceTags($sp_content, '', true);
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_content = GLText::remove4byteUtf8Chars($sp_content);
$sp_title = strip_tags($sp_title);
$sp_title = GLText::remove4byteUtf8Chars($sp_title);
$sp_page_title = strip_tags($sp_page_title);
$sp_page_title = GLText::remove4byteUtf8Chars($sp_page_title);
$sp_label = strip_tags($sp_label);
$sp_label = GLText::remove4byteUtf8Chars($sp_label);
$meta_description = strip_tags($meta_description);
$meta_description = GLText::remove4byteUtf8Chars($meta_description);
$meta_keywords = strip_tags($meta_keywords);
$meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
$sp_help = GLText::remove4byteUtf8Chars($sp_help);
$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_page_title = DB_escapeString($sp_page_title);
$sp_label = DB_escapeString($sp_label);
$meta_description = DB_escapeString($meta_description);
$meta_keywords = DB_escapeString($meta_keywords);
$sp_help = DB_escapeString($sp_help);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// If PHP page then no cache
if ($sp_php == 0) {
if ($cache_time < -1) {
$cache_time = $_SP_CONF['default_cache_time'];
}
} else {
$cache_time = $_SP_CONF['default_cache_time'];
}
// If marked as a template then set id to nothing and other default settings
if ($template_flag == 1) {
$template_id = '';
$sp_onmenu = 0;
$sp_onhits = $_SP_CONF['show_hits'];
$sp_onlastupdate = $_SP_CONF['show_date'];
$sp_label = "";
$sp_centerblock = 0;
$sp_php = 0;
$cache_time = 0;
$sp_inblock = 0;
$sp_nf = 0;
$sp_hits = 0;
$meta_description = "";
$meta_keywords = "";
} else {
// See if it was a template before, if so and option changed, remove use from other pages
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
if ($template_id != '') {
// If using a template, make sure php disabled
$sp_php = 0;
// Double check template id exists and is still a template
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
$template_id = '';
}
}
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
// Retrieve Topic data
TOPIC_getDataTopicSelectionControl($topic_option, $tids, $inherit_tids, $default_tid);
$sql = "UPDATE {$_TABLES['staticpage']},{$_TABLES['topic_assignments']} ta SET sp_centerblock = 0\n WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (draft_flag = 0)\n AND ta.type = 'staticpages' AND ta.id = sp_id ";
if ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION) {
$sql .= " AND (ta.tid = '{$topic_option}')";
} else {
$sql .= " AND (ta.tid IN ('" . implode("','", $tids) . "'))";
}
// if we're in a multi-language setup, we need to allow one "entire
// page" centerblock for 'all' or 'none' per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION)) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND ta.tid LIKE '%\\_{$lang_id}'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Retrieve created date
$dateCreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
if ($dateCreated == '') {
$dateCreated = date('Y-m-d H:i:s');
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_onhits,sp_onlastupdate,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,cache_time,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$dateCreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},{$sp_onhits},{$sp_onlastupdate},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$cache_time},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
TOPIC_saveTopicSelectionControl('staticpages', $sp_id);
if ($delete_old_page && !empty($sp_old_id)) {
// If a template and the id changed, update any staticpages that use it
if ($template_flag == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
// Delete Topic Assignments for this old staticpage since we just created new ones
TOPIC_deleteTopicAssignments('staticpages', $sp_old_id);
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
}
if (empty($sp_old_id) || $sp_id == $sp_old_id) {
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages');
// Clear Cache
$cacheInstance = 'staticpage__' . $sp_id . '__';
CACHE_remove_instance($cacheInstance);
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
// Clear Cache
$cacheInstance = 'staticpage__' . $A['sp_id'] . '__';
CACHE_remove_instance($cacheInstance);
}
}
} else {
DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
// Clear Cache
$cacheInstance = 'staticpage__' . $sp_old_id . '__';
CACHE_remove_instance($cacheInstance);
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
// Clear Cache
$cacheInstance = 'staticpage__' . $A['sp_id'] . '__';
CACHE_remove_instance($cacheInstance);
}
}
}
$url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor']));
return PLG_RET_ERROR;
}
}
/**
* Apply filters to the text element
*
* @param string $text
* @param string $postMode
* @return string
*/
private function _applyTextFilter($text, $postMode)
{
$text = GLText::remove4byteUtf8Chars($text);
if ($this->_text_version == GLTEXT_FIRST_VERSION) {
// first version
// Remove any autotags the user doesn't have permission to use
$text = PLG_replaceTags($text, '', true);
$text = COM_checkWords($text, 'story');
if (in_array($postMode, array('html', 'adveditor', 'wikitext'))) {
// html or wikitext
$text = GLText::checkHTML($text, 'story.edit');
} else {
// plaintext
$text = COM_makeClickableLinks(htmlspecialchars($text));
}
} else {
// latest version
// Now not do anything here to hold the raw text.
// And do all of the text processing just before display.
}
return $text;
}
/**
* Saves a poll
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainPage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statusCode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideResults Checkbox: hide results until closed
* @param int $commentCode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_group Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @param bool $allow_multipleanswers
* @param string $topic_description
* @param string $description
* @return string|void
*/
function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$topic = COM_checkHTML($topic);
$topic_description = strip_tags(COM_stripslashes($topic_description));
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) {
$retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
// Retrieve Created Date before delete
$created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
if ($created_date == '') {
$created_date = date('Y-m-d H:i:s');
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = GLText::remove4byteUtf8Chars($topic);
$topic = DB_escapeString($topic);
$topic_description = GLText::remove4byteUtf8Chars($topic_description);
$topic_description = DB_escapeString($topic_description);
$meta_description = GLText::remove4byteUtf8Chars($meta_description);
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
$meta_keywords = DB_escapeString($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
// first dimension of array are the questions
$num_questions = count($Q);
$num_total_votes = 0;
$num_questions_exist = 0;
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
$Q[$i] = COM_checkHTML($Q[$i]);
$Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]);
$allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i]));
$description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i])));
if ($allow_multipleanswers[$i] == 'on') {
$allow_multipleanswers[$i] = 1;
} else {
$allow_multipleanswers[$i] = 0;
}
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$num_questions_exist++;
$Q[$i] = DB_escapeString($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
$A[$i][$j] = COM_checkHTML($A[$i][$j]);
$A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]);
$R[$i][$j] = COM_stripslashes($R[$i][$j]);
$R[$i][$j] = COM_checkHTML($R[$i][$j]);
$R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = DB_escapeString($A[$i][$j]);
$R[$i][$j] = DB_escapeString($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$num_total_votes = $num_total_votes + $V[$i][$j];
}
}
$k++;
}
}
// determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime'])
if ($num_questions_exist > 0) {
$numVoters = $num_total_votes / $num_questions_exist;
} else {
// This shouldn't happen
$numVoters = $num_total_votes;
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s');
if ($mainPage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideResults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls'));
DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
}
/**
* Filters comment text and appends necessary tags (sig and/or edit)
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd, wenerd87 AT gmail DOT com
* @param string $comment comment text
* @param string $postMode ('html', 'plaintext', ...)
* @param string $type Type of item (article, polls, etc.)
* @param boolean $edit if true append edit tag
* @param int $cid comment id if editing comment (for proper sig)
* @return string of comment text
*/
function CMT_prepareText($comment, $postMode, $type, $edit = false, $cid = null)
{
global $_USER, $_TABLES, $LANG03, $_CONF;
// Remove any autotags the user doesn't have permission to use
$comment = PLG_replaceTags($comment, '', true);
$comment = GLText::remove4byteUtf8Chars($comment);
if ($postMode === 'html') {
$html_perm = $type == 'article' ? 'story.edit' : "{$type}.edit";
$comment = COM_checkWords(COM_checkHTML(COM_stripslashes($comment), $html_perm), 'comment');
} else {
// plaintext
$comment = htmlspecialchars(COM_checkWords(COM_stripslashes($comment), 'comment'));
$newComment = COM_makeClickableLinks($comment);
if (strcmp($comment, $newComment) != 0) {
$comment = COM_nl2br($newComment);
}
}
if ($edit) {
$comment .= '<div class="comment-edit">' . $LANG03[30] . ' ' . strftime($_CONF['date'], time()) . ' ' . $LANG03[31] . ' ' . $_USER['username'] . '</div><!-- /COMMENTEDIT -->';
}
if (empty($_USER['uid'])) {
$uid = 1;
} elseif ($edit && is_numeric($cid)) {
//if comment moderator
$uid = DB_getItem($_TABLES['comments'], 'uid', "cid = '{$cid}'");
} else {
$uid = $_USER['uid'];
}
if ($uid > 1) {
$sig = DB_getItem($_TABLES['users'], 'sig', "uid = '{$uid}'");
if (!empty($sig)) {
$comment .= '<!-- COMMENTSIG --><div class="comment-sig">';
if ($postMode == 'html') {
$comment .= '---<br' . XHTML . '>' . COM_nl2br($sig);
} else {
$comment .= '---' . LB . $sig;
}
$comment .= '</div><!-- /COMMENTSIG -->';
}
}
return $comment;
}
function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17;
// Convert array values to numeric permission values
if (is_array($perm_owner) || is_array($perm_group) || is_array($perm_members) || is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = COM_checkHTML(COM_checkWords($description), 'links.edit');
$description = GLText::remove4byteUtf8Chars($description);
$description = DB_escapeString($description);
$category = COM_checkHTML(COM_checkWords($category), 'links.edit');
$category = GLText::remove4byteUtf8Chars($category);
$category = DB_escapeString($category);
$pid = DB_escapeString(strip_tags($pid));
$cid = DB_escapeString(strip_tags($cid));
$old_cid = DB_escapeString(strip_tags($old_cid));
if (empty($category) || empty($description)) {
return 7;
}
// Check cid to make sure not illegal
if ($cid == DB_escapeString($_LI_CONF['root']) || $cid === 'user') {
return 11;
}
if (!empty($cid) && $cid != $old_cid) {
// this is either a new category or an attempt to change the cid
// - check that cid doesn't exist yet
$ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'");
if (!empty($ctrl)) {
if (isset($PLG_links_MESSAGE17)) {
return 17;
} else {
return 11;
}
}
}
// Check that they didn't delete the cid. If so, get the hidden one
if (empty($cid) && !empty($old_cid)) {
$cid = $old_cid;
}
// Make sure they aren't making a parent category child of one of it's own
// children. This would create orphans
if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) {
return 12;
}
if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) {
// update existing item, but new cid so get access from database with old cid
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
// set flag
$update = "existing";
} elseif (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// update existing item, same cid, so get access from database with existing cid
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
// set flag
$update = 'same';
} else {
// new item, so use passed values
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
// set flag
$update = 'new';
}
if ($access < 3) {
// no access rights: user should not be here
COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid));
return 6;
} else {
// save item
if ($update === 'existing') {
// update an existing item but new cid
$sql = "UPDATE {$_TABLES['linkcategories']}\n SET cid='{$cid}',\n pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$old_cid}'";
$result = DB_query($sql);
// Also need to update links for this category
$sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'";
$result = DB_query($sql);
} elseif ($update === 'same') {
// update an existing item
$sql = "UPDATE {$_TABLES['linkcategories']}\n SET pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$cid}'";
$result = DB_query($sql);
} else {
// insert a new item
if (empty($cid)) {
$cid = COM_makeSid();
}
$sql = "INSERT INTO {$_TABLES['linkcategories']}\n (cid, pid, category, description, tid,\n created,modified,\n owner_id, group_id, perm_owner, perm_group,\n perm_members, perm_anon)\n VALUES\n ('{$cid}','{$pid}','{$category}',\n '{$description}','{$tid}',\n NOW(),NOW(),\n '{$owner_id}','{$group_id}','{$perm_owner}',\n '{$perm_group}','{$perm_members}','{$perm_anon}')";
$result = DB_query($sql);
}
if ($update === 'existing' && $cid != $old_cid) {
PLG_itemSaved($cid, 'links.category', $old_cid);
} else {
PLG_itemSaved($cid, 'links.category');
}
}
return 10;
// success message
}
function dlformat(&$T, &$A, $isListing = false, $cid = ROOTID)
{
global $_CONF, $_TABLES, $LANG01, $_DLM_CONF, $LANG_DLM, $mytree;
$A['rating'] = number_format($A['rating'], 2);
$A['title'] = DLM_htmlspecialchars($A['title']);
$A['project'] = DLM_htmlspecialchars($A['project']);
$A['url'] = DLM_htmlspecialchars($A['url']);
$A['homepage'] = DLM_htmlspecialchars($A['homepage']);
$A['version'] = DLM_htmlspecialchars($A['version']);
$A['size'] = DLM_htmlspecialchars($A['size']);
$A['md5'] = DLM_htmlspecialchars($A['md5']);
$A['logourl'] = DLM_htmlspecialchars($A['logourl']);
$A['postmode'] = DLM_htmlspecialchars($A['postmode']);
$A['tags'] = DLM_htmlspecialchars($A['tags']);
$A['datetime'] = strftime($_DLM_CONF['date_format'], $A['date']);
if (version_compare(VERSION, '2.1.0') >= 0) {
require_once $_CONF['path_system'] . 'classes/gltext.class.php';
$A['description'] = GLText::getDisplayText($A['description'], $A['postmode'], 2);
$A['detail'] = GLText::getDisplayText($A['detail'], $A['postmode'], 2);
} else {
require_once $_CONF['path'] . 'plugins/downloads/include/gltext.class.php';
$gltext = new GLPText();
$A['description'] = $gltext->getDisplayText($A['description'], $A['postmode']);
$A['detail'] = $gltext->getDisplayText($A['detail'], $A['postmode']);
}
$filedetail_url = COM_buildURL($_CONF['site_url'] . '/downloads/index.php?id=' . $A['lid']);
$visitfile_url = COM_buildURL($_CONF['site_url'] . '/downloads/visit.php?id=' . $A['lid']);
if ($isListing && !empty($A['detail'])) {
$A['description'] .= '<p class="download-break">' . COM_createLink($LANG_DLM['more'], $filedetail_url) . '</p>';
}
$result = DB_query("SELECT username, fullname, photo " . "FROM {$_TABLES['users']} " . "WHERE uid = {$A['owner_id']}");
$B = DB_fetchArray($result);
$submitter_name = COM_getDisplayName($A['owner_id'], $B['username'], $B['fullname']);
if (empty($submitter_name)) {
$submitter_name = $LANG_DLM['unknown_uid'];
} else {
$submitter_name = COM_createLink($submitter_name, $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['owner_id']);
}
$path = $mytree->getNicePathFromId($A['cid'], 'title', $_CONF['site_url'] . '/downloads/index.php');
$temp = $mytree->getSepalator();
$path = substr($path, 0, strlen($path) - strlen($temp));
$path = str_replace($temp, ' <img src="' . $_CONF['site_url'] . '/downloads/images/arrow.gif" alt="arrow"' . XHTML . '> ', $path);
$tags = '-';
if (!empty($A['tags'])) {
$tags = getTagList($A['tags']);
if (empty($tags)) {
$tags = '-';
}
}
$notags = $tags == '-' ? 'dlm_notags' : '';
$T->set_var('lang_category', $LANG_DLM['category']);
$T->set_var('category_path', $path);
$T->set_var('lang_tags', $LANG_DLM['tags']);
$T->set_var('tags', $tags);
$T->set_var('notags', $notags);
$T->set_var('lang_submitter', $LANG_DLM['submitter']);
$T->set_var('submitter_name', $submitter_name);
$T->set_var('lid', $A['lid']);
$T->set_var('cid', $A['cid']);
$T->set_var('lang_dlnow', $LANG_DLM['dlnow']);
$T->set_var('dtitle', $A['title']);
$T->set_var('filedetail_url', $filedetail_url);
$T->set_var('visitfile_url', $visitfile_url);
$T->set_var('listing_cid', $cid);
$T->set_var('lang_download_button', $LANG_DLM['download_button']);
$startdate = time() - 60 * 60 * 24 * 7;
if ($startdate < $A['date']) {
$image_new = COM_createImage($_CONF['site_url'] . '/downloads/images/newred.gif', $LANG_DLM['newthisweek']);
$newdownload = '<span class="badgenew">NEW</span>';
}
$T->set_var('image_newdownload', $image_new);
// Image (New)
$T->set_var('newdownload', $newdownload);
// Badge (New)
if ($A['hits'] >= $_DLM_CONF['download_popular']) {
$image_pop = COM_createImage($_CONF['site_url'] . '/downloads/images/pop.gif', $LANG_DLM['popular']);
$popdownload = '<span class="badgepop">POP</span>';
}
$T->set_var('image_popular', $image_pop);
// Image (Pop)
$T->set_var('popdownload', $popdownload);
// Badge (Pop)
// category image
$cat_title = DLM_htmlspecialchars($A['cat_title']);
if ($_DLM_CONF['download_useshots'] && !empty($A['imgurl'])) {
$imgurl = $_DLM_CONF['snapcat_url'] . '/' . DLM_htmlspecialchars($A['imgurl']);
} else {
$imgurl = $_CONF['site_url'] . '/downloads/images/download.png';
}
$category_image = COM_createImage($imgurl, $cat_title, array('width' => $_DLM_CONF['download_shotwidth']));
$T->set_var('category_image', $category_image);
$T->set_var('download_title', $LANG_DLM['click2dl'] . ': ' . $A['url']);
$T->set_var('url', $A['url']);
$T->set_var('file_description', $A['description']);
$T->set_var('file_detail', $A['detail']);
$T->set_var('rating', $A['rating']);
if ($A['rating'] != "0" || $A['rating'] != "0.00") {
$votestring = sprintf($LANG_DLM['numvotes'], $A['votes']);
}
$T->set_var('votestring', $votestring);
if (!empty($A['mg_autotag'])) {
// use the mediagallery autotag as a snapshot.
$mg_autotag = str_replace(array('[', ']'), '', $A['mg_autotag']);
$mg_autotag = '[' . $mg_autotag . ' width:' . $_DLM_CONF['max_tnimage_width'] . ' height:' . $_DLM_CONF['max_tnimage_height'] . ' align:left]';
$T->set_var('mg_autotag', PLG_replaceTags($mg_autotag, 'mediagallery'));
$T->set_var('snapshot', '');
$T->set_var('snaplinkicon', '');
} elseif (!empty($A['logourl'])) {
$safename = DLM_createSafeFileName($A['logourl']);
$imgpath = $_DLM_CONF['path_tnstore'] . $safename;
$imgpath = DLM_modTNPath($imgpath);
$tnimgurl = $_DLM_CONF['tnstore_url'] . '/' . $safename;
$tnimgurl = substr($tnimgurl, 0, -3) . substr($imgpath, -3);
// align the extension
$sizeattributes = DLM_getImgSizeAttr($imgpath);
$T->set_var('snapshot_url', $_DLM_CONF['snapstore_url'] . '/' . $safename);
$T->set_var('thumbnail_url', $tnimgurl);
$T->set_var('snapshot_sizeattr', $sizeattributes);
$T->set_var('lang_click2see', $LANG_DLM['click2see']);
$T->set_var('show_snapshoticon', '');
$T->set_var('show_snapshoticon_na', 'none');
$T->set_var('mg_autotag', '');
if ($_DLM_CONF['show_tn_image']) {
$T->parse('snapshot', 'tsnapshot');
} else {
$T->parse('snaplinkicon', 'tsnaplinkicon');
}
} else {
$tnimgurl = $_CONF['site_url'] . '/downloads/images/blank.png';
$T->set_var('thumbnail_url', $tnimgurl);
$T->set_var('snapshot_url', $_CONF['site_url'] . '/downloads/index.php');
$T->set_var('snapshot_sizeattr', 'width="200" height="200" ');
$T->set_var('show_snapshoticon', 'none');
$T->set_var('show_snapshoticon_na', '');
$T->parse('snapshot', 'tsnapshot');
$T->set_var('snaplinkicon', '');
$T->set_var('mg_autotag', '');
}
$T->set_var('lang_version', $LANG_DLM['ver']);
$T->set_var('lang_rating', $LANG_DLM['ratingc']);
$T->set_var('lang_submitdate', $LANG_DLM['submitdate']);
$T->set_var('lang_size', $LANG_DLM['size']);
$T->set_var('datetime', $A['datetime']);
$T->set_var('version', $A['version']);
// Check if restricted access has been enabled for download report to admin's only
if ($A['hits'] > 0 && DLM_hasAccess_history()) {
$T->set_var('begin_dlreport_link', '<a href="' . COM_buildURL($_CONF['site_url'] . '/downloads/history.php?lid=' . $A['lid']) . '">');
$T->set_var('end_dlreport_link', '</a>');
} else {
$T->set_var('begin_dlreport_link', '');
$T->set_var('end_dlreport_link', '');
}
$T->set_var('download_times', sprintf($LANG_DLM['dltimes'], $A['hits']));
$T->set_var('download_count', $A['hits']);
$T->set_var('lang_popularity', $LANG_DLM['popularity']);
$T->set_var('lang_filesize', $LANG_DLM['filesize']);
$T->set_var('file_size', DLM_PrettySize($A['size']));
$T->set_var('homepage_url', $A['homepage']);
$T->set_var('homepage_link', '-');
if (!empty($A['homepage'])) {
$T->set_var('homepage_link', COM_makeClickableLinks($A['homepage']));
}
$T->set_var('lang_homepage', $LANG_DLM['homepage']);
$T->set_var('lang_download', $LANG_DLM['download']);
$T->set_var('lang_filelink', $LANG_DLM['filelink']);
$T->set_var('lang_permalink', $LANG_DLM['permalink']);
$T->set_var('lang_ratethisfile', $LANG_DLM['ratethisfile']);
$T->set_var('lang_edit', $LANG_DLM['edit']);
$T->set_var('show_editlink', $_DLM_CONF['has_edit_rights'] ? '' : 'none');
$T->set_var('lang_md5_checksum', $LANG_DLM['md5_checksum']);
$T->set_var('md5_checksum', $A['md5']);
if ($A['commentcode'] == 0) {
$commentCount = DB_count($_TABLES['comments'], 'sid', addslashes($A['lid']));
$recentPostMessage = $LANG_DLM['commentswanted'];
if ($commentCount > 0) {
$result4 = DB_query("SELECT cid, UNIX_TIMESTAMP(date) AS day, username " . "FROM {$_TABLES['comments']}, {$_TABLES['users']} " . "WHERE {$_TABLES['users']}.uid = {$_TABLES['comments']}.uid " . "AND sid = '" . addslashes($A['lid']) . "' " . "ORDER BY date DESC LIMIT 1");
$C = DB_fetchArray($result4);
$recentPostMessage = $LANG01[27] . ': ' . strftime($_CONF['daytime'], $C['day']) . ' ' . $LANG01[104] . ' ' . $C['username'];
$comment_link = COM_createLink($commentCount . ' ' . $LANG01[3], $filedetail_url, array('title' => $recentPostMessage));
} else {
$A['title'] = str_replace(''', "'", $A['title']);
$A['title'] = str_replace('&', '&', $A['title']);
$url = $_CONF['site_url'] . '/comment.php?type=downloads&sid=' . $A['lid'] . '&title=' . rawurlencode($A['title']);
$comment_link = COM_createLink($LANG_DLM['entercomment'], $url, array('title' => $recentPostMessage));
}
$T->set_var('comment_link', $comment_link);
$T->set_var('show_comments', '');
} else {
$T->set_var('show_comments', 'none');
}
}
/**
* Convert wiki-formatted text to (X)HTML
*
* @param string $wikiText wiki-formatted text
* @return string XHTML formatted text
*/
function COM_renderWikiText($wikiText)
{
global $_CONF;
if (!$_CONF['wikitext_editor']) {
return $wikiText;
}
return GLText::renderWikiText($wikiText);
}
/**
* Saves link to the database
*
* @param string $lid ID for link
* @param string $old_lid old ID for link
* @param string $cid cid of category link belongs to
* @param string $categoryDd Category links belong to
* @param string $url URL of link to save
* @param string $description Description of link
* @param string $title Title of link
* @param int $hits Number of hits for link
* @param int $owner_id ID of owner
* @param int $group_id ID of group link belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
*/
function savelink($lid, $old_lid, $cid, $categoryDd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) || is_array($perm_group) || is_array($perm_members) || is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = COM_checkHTML(COM_checkWords($description), 'links.edit');
$description = GLText::remove4byteUtf8Chars($description);
$description = DB_escapeString($description);
$title = strip_tags(COM_checkWords($title));
$title = GLText::remove4byteUtf8Chars($title);
$title = DB_escapeString($title);
$cid = GLText::remove4byteUtf8Chars($cid);
$cid = DB_escapeString($cid);
if (empty($owner_id)) {
// this is new link from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Links Admin'])) {
$group_id = $_GROUPS['Links Admin'];
} else {
$group_id = SEC_getFeatureGroup('links.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
$lid = COM_sanitizeID($lid);
$old_lid = COM_sanitizeID($old_lid);
if (empty($lid)) {
if (empty($old_lid)) {
$lid = COM_makeSid();
} else {
$lid = $old_lid;
}
}
// check for link id change
if (!empty($old_lid) && $lid != $old_lid) {
// check if new lid is already in use
if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
// TBD: abort, display editor with all content intact again
$lid = $old_lid;
// for now ...
}
}
$access = 0;
$old_lid = DB_escapeString($old_lid);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
COM_output($display);
exit;
} elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categoryDd != $LANG_LINKS_ADMIN[7] && !empty($categoryDd)) {
$cid = DB_escapeString($categoryDd);
} elseif ($categoryDd != $LANG_LINKS_ADMIN[7]) {
COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
DB_delete($_TABLES['links'], 'lid', $old_lid);
DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (empty($old_lid) || $old_lid == $lid) {
PLG_itemSaved($lid, 'links');
} else {
PLG_itemSaved($lid, 'links', $old_lid);
}
// Get category for rdf check
$category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
COM_rdfUpToDateCheck('links', $category, $lid);
return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
} else {
// missing fields
$retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$retval .= editlink('edit', $old_lid);
} else {
$retval .= editlink('edit', '');
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
return $retval;
}
}
function gf_preparefordb($message, $postmode)
{
global $CONF_FORUM, $_CONF;
// if magic quotes is on, remove the slashes from the $_POST
if (get_magic_quotes_gpc()) {
$message = stripslashes($message);
}
// Remove Icons if database cannot store them (ie table collation needs to be utf8mb4)
$message = GLText::remove4byteUtf8Chars($message);
if ($CONF_FORUM['use_glfilter'] == 1 && ($postmode == 'html' || $postmode == 'HTML')) {
$message = gf_checkHTMLforSQL($message, $postmode);
}
if ($CONF_FORUM['use_censor']) {
$message = COM_checkWords($message);
}
$message = addslashes($message);
return $message;
}
function _saveToDatabase($mode = '')
{
global $_CONF, $_TABLES;
$sql_additions = '';
if (version_compare(VERSION, '2.1.0') >= 0) {
$this->_text_version = GLTEXT_LATEST_VERSION;
$text_version = $this->_text_version;
$sql_additions = "text_version='{$text_version}', ";
// Apply HTML filter to the text just before save
// with the permissions of current editor
require_once $_CONF['path_system'] . 'classes/gltext.class.php';
$description = GLText::applyHTMLFilter($this->_description, $this->_postmode, 'story.edit', $this->_text_version);
$detail = GLText::applyHTMLFilter($this->_detail, $this->_postmode, 'story.edit', $this->_text_version);
} else {
$description = $this->_description;
$detail = $this->_detail;
}
$lid = addslashes($this->_lid);
$cid = addslashes($this->_cid);
$title = addslashes($this->_title);
$url = addslashes($this->_url);
$homepage = addslashes($this->_homepage);
$version = addslashes($this->_version);
$size = (int) $this->_size;
$md5 = addslashes($this->_md5);
$logourl = addslashes($this->_logourl);
$mg_autotag = addslashes($this->_mg_autotag);
$tags = addslashes($this->_tags);
$date = (int) $this->_date;
$commentcode = (int) $this->_commentcode;
$project = addslashes($this->_project);
$description = addslashes($description);
$detail = addslashes($detail);
$owner_id = (int) $this->_owner_id;
$postmode = addslashes($this->_postmode);
$is_released = (int) $this->_is_released;
$is_listing = (int) $this->_is_listing;
$createddate = addslashes($this->_createddate);
$table = empty($mode) ? $_TABLES['downloads'] : $_TABLES['downloadsubmission'];
DB_query("UPDATE {$table} " . "SET lid='{$lid}', cid='{$cid}', title='{$title}', url='{$url}', mg_autotag='{$mg_autotag}', tags='{$tags}', " . "homepage='{$homepage}', project='{$project}', description='{$description}', detail='{$detail}', " . "version='{$version}', size={$size}, md5='{$md5}', commentcode={$commentcode}, owner_id={$owner_id}, " . "postmode='{$postmode}', logourl='{$logourl}', is_released={$is_released}, is_listing={$is_listing}, " . $sql_additions . "date={$date}, createddate='{$createddate}' " . "WHERE lid='{$this->_old_lid}'");
if ($this->_old_lid == $this->_lid) {
PLG_itemSaved($this->_lid, 'downloads');
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($this->_lid), array('sid', 'type'), array(addslashes($this->_old_lid), 'downloads'));
PLG_itemSaved($this->_lid, 'downloads', $this->_old_lid);
}
COM_rdfUpToDateCheck('downloads', $this->_cid, $this->_lid);
}