public static function countByCodename($codename, $id = null) { $sql = 'SELECT count(*) as count from mod_object_oembed_definition where codename_mood = "' . io::sanitizeSQLString($codename) . '"'; if ($id) { $sql .= ' AND id_mood <> ' . $id; } $query = new CMS_query($sql); $data = array_pop($query->getAll()); return (int) $data['count']; }
/** * Returns a CMS_website by a given codename * Static function. * * @param string $codename The codename of the wanted CMS_website * @return CMS_website or false on failure to find it * @access public */ static function getByCodename($codename) { static $websites; if (!isset($websites[$codename])) { $sql = "\n\t\t\t\tselect\n\t\t\t\t\tid_web\n\t\t\t\tfrom\n\t\t\t\t\twebsites\n\t\t\t\twhere\n\t\t\t\t\tcodename_web='" . io::sanitizeSQLString($codename) . "'\n\t\t\t"; $q = new CMS_query($sql); if ($q->getNumRows()) { $websites[$codename] = CMS_websitesCatalog::getByID($q->getValue('id_web')); } else { $websites[$codename] = false; } } return $websites[$codename]; }
/** * get all the values * * @return array the values * @access public */ public function getValues($id) { $aLabels = array(); $oQuery = new CMS_query(' SELECT `code_i18nm`, `value_i18nm` FROM `mod_object_i18nm` WHERE `id_i18nm` = ' . io::sanitizeSQLString($id) . ' '); if ($oQuery->getNumRows() > 0) { foreach ($oQuery->getAll(PDO::FETCH_ASSOC) as $aRow) { $aLabels[$aRow['code_i18nm']] = $aRow['value_i18nm']; } } return $aLabels; }
* Checks all unpublished pages to delete them, etc. * * @package Automne * @subpackage scripts * @author Cédric Soret <*****@*****.**> & * @author Antoine Pouch <*****@*****.**> */ //must calculate the document root first (for compatibility with old scripts) $_SERVER["DOCUMENT_ROOT"] = realpath(substr(dirname(__FILE__), 0, strlen(dirname(__FILE__)) - strpos(strrev(dirname(__FILE__)), "enmotua") - strlen("automne") - 1)); //include required file require_once dirname(__FILE__) . '/../../../cms_rc_admin.php'; $modules = CMS_modulesCatalog::getAll(); foreach ($modules as $aModule) { if ($aModule->getCodename() == MOD_STANDARD_CODENAME) { //module standard auto check if daily routine is already done today $aModule->processDailyRoutine(); } else { //see if the action was done today $sql = "\n\t\t\tselect\n\t\t\t\t1\n\t\t\tfrom\n\t\t\t\tactionsTimestamps\n\t\t\twhere\n\t\t\t\tto_days(date_at) = to_days(now())\n\t\t\t\tand type_at='DAILY_ROUTINE'\n\t\t\t\tand module_at='" . io::sanitizeSQLString($aModule->getCodename()) . "'\n\t\t"; $q = new CMS_query($sql); if (!$q->getNumRows()) { //process module daily routine $aModule->processDailyRoutine(); //update the timestamp $sql = "\n\t\t\t\tdelete from\n\t\t\t\t\tactionsTimestamps\n\t\t\t\twhere\n\t\t\t\t\ttype_at='DAILY_ROUTINE'\n\t\t\t\t\tand module_at='" . io::sanitizeSQLString($aModule->getCodename()) . "'\n\t\t\t"; $q = new CMS_query($sql); $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tactionsTimestamps\n\t\t\t\tset\n\t\t\t\t\ttype_at='DAILY_ROUTINE',\n\t\t\t\t\tdate_at=now(),\n\t\t\t\t\tmodule_at='" . io::sanitizeSQLString($aModule->getCodename()) . "'\n\t\t\t"; $q = new CMS_query($sql); } } }
/** * Search messages * Static function. * * @param string module : module to search messages * @param string search : search message by value * @param array languagesOnly : limit search to given languages codes * @param array options : search options * @param string direction : search is ordered by results id. Specify order direction (asc or desc). Default : asc * @param integer start : search start offset * @param integer limit : search limit (default : 0 : unlimited) * @param integer resultsnb : return results count by reference * @return array(id => msg) * @access public */ static function searchMessages($module, $search = '', $languagesOnly = array(), $options = array(), $direction = 'asc', $start = 0, $limit = 0, &$resultsnb) { $start = (int) $start; $limit = (int) $limit; $direction = in_array(io::strtolower($direction), array('asc', 'desc')) ? io::strtolower($direction) : 'asc'; $emptyOnly = $idsOnly = false; if (is_array($options)) { $emptyOnly = isset($options['empty']) && $options['empty'] ? true : false; $idsOnly = isset($options['ids']) && is_array($options['ids']) ? $options['ids'] : false; } $keywordsWhere = $languagesWhere = $emptyWhere = $orderBy = $orderClause = $idsWhere = ''; //get ids for which one message is missing if ($emptyOnly) { $qLanguages = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct language_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t"); $qIds = new CMS_query("\n\t\t\t\tselect \n\t\t\t\t\tdistinct id_mes\n\t\t\t\tfrom \n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t"); $allIds = $qIds->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0); $missingIds = array(); while ($language = $qLanguages->getValue('language_mes')) { $qLang = new CMS_query("\n\t\t\t\t\tselect \n\t\t\t\t\t\tdistinct id_mes\n\t\t\t\t\tfrom \n\t\t\t\t\t\tmessages\n\t\t\t\t\twhere\n\t\t\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\t\t\tand language_mes='" . $language . "'\n\t\t\t\t\t\tand message_mes != ''\n\t\t\t\t"); $ids = $qLang->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0); $missingIds = array_merge($missingIds, array_diff($allIds, $ids)); } if (!$missingIds) { $resultsnb = 0; return array(); } $emptyWhere = ' and id_mes in (' . implode($missingIds, ',') . ')'; } if ($idsOnly) { $idsWhere = ' and id_mes in (' . io::sanitizeSQLString(implode($idsOnly, ',')) . ')'; } if ($search) { //clean user keywords (never trust user input, user is evil) $search = strtr($search, ",;", " "); if (isset($options['phrase']) && $options['phrase']) { $search = str_replace(array('%', '_'), array('\\%', '\\_'), $search); if (htmlentities($search) != $search) { $keywordsWhere .= " and (\n\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($search)) . "%'\n\t\t\t\t\t)"; } else { $keywordsWhere .= " and message_mes like '%" . sensitiveIO::sanitizeSQLString($search) . "%'"; } } else { $words = array(); $words = array_map("trim", array_unique(explode(" ", io::strtolower($search)))); $cleanedWords = array(); foreach ($words as $aWord) { if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) { $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord); $cleanedWords[] = $aWord; } } if (!$cleanedWords) { //if no words after cleaning, return return array(); } foreach ($cleanedWords as $cleanedWord) { $keywordsWhere .= $keywordsWhere ? " and " : ''; if (htmlentities($aWord) != $aWord) { $keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%' or message_mes like '%" . sensitiveIO::sanitizeSQLString(htmlentities($cleanedWord)) . "%'\n\t\t\t\t\t\t)"; } else { $keywordsWhere .= " (\n\t\t\t\t\t\t\tmessage_mes like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\t\t)"; } } $keywordsWhere = ' and (' . $keywordsWhere . ')'; } } if (is_array($languagesOnly) && $languagesOnly) { $languagesWhere = ' and language_mes in (\'' . implode($languagesOnly, '\',\'') . '\')'; } $orderClause = "order by\n\t\t\tid_mes\n\t\t\t" . $direction; $sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t" . $keywordsWhere . "\n\t\t\t" . $languagesWhere . "\n\t\t\t" . $emptyWhere . "\n\t\t\t" . $idsWhere . "\n\t\t"; $q = new CMS_query($sql); if (!$q->getNumRows()) { $resultsnb = 0; return array(); } $messageIds = array(); $messageIds = $q->getAll(PDO::FETCH_COLUMN | PDO::FETCH_UNIQUE, 0); $sql = "\n\t\t\tselect\n\t\t\t\tid_mes as id,\n\t\t\t\tmodule_mes as module,\n\t\t\t\tlanguage_mes as language,\n\t\t\t\tmessage_mes as message\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere \n\t\t\t\tmodule_mes = '" . io::sanitizeSQLString($module) . "'\n\t\t\t\tand id_mes in (" . implode($messageIds, ',') . ")\n\t\t\t\t" . $orderClause . "\n\t\t"; $q = new CMS_query($sql); if (!$q->getNumRows()) { $resultsnb = 0; return array(); } $messageGroups = array(); $messageGroups = $q->getAll(PDO::FETCH_GROUP | PDO::FETCH_ASSOC); $resultsnb = count($messageGroups); if ($limit) { $messageGroups = array_slice($messageGroups, $start, $limit, true); } $messages = array(); foreach ($messageGroups as $key => $messageGroup) { $messages[$key]['id'] = $key; foreach ($messageGroup as $message) { $messages[$key][$message['language']] = $message['message']; } } return $messages; }
/** * Does given uuid already exists for categories * * @param string $uuid The category uuid to check * @return boolean * @access public */ static function uuidExists($uuid) { if (!$uuid) { CMS_grandFather::raiseError("uuid must be set"); return false; } $q = new CMS_query("\n\t\t\tselect \n\t\t\t\tid_mca\n\t\t\tfrom \n\t\t\t\tmodulesCategories \n\t\t\twhere\n\t\t\t\tuuid_mca='" . io::sanitizeSQLString($uuid) . "'\n\t\t\t\tand parent_mca != '" . CMS_moduleCategory::LINEAGE_PARK_POSITION . "'\n\t\t"); return $q->getNumRows() ? true : false; }
/** * Checks if current session exists in session table * * @return void * @access private */ function _checkSession($userId) { if (io::isPositiveInteger($userId)) { $sql = "\n\t\t\t\tselect\n\t\t\t\t\t*\n\t\t\t\tfrom\n\t\t\t\t\tsessions\n\t\t\t\twhere\n\t\t\t\t\tphpid_ses='" . io::sanitizeSQLString(Zend_Session::getId()) . "'\n\t\t\t\t\tand user_ses='" . io::sanitizeSQLString($userId) . "'\n\t\t\t\t\tand UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(lastTouch_ses) <= " . io::sanitizeSQLString(APPLICATION_SESSION_TIMEOUT) . "\n\t\t\t"; if (CHECK_REMOTE_IP_MASK && isset($_SERVER['REMOTE_ADDR'])) { //Check for a range in IPv4 or for the exact address in IPv6 if (filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { $a_ip_seq = explode(".", $_SERVER['REMOTE_ADDR']); $sql .= " and remote_addr_ses like '" . io::sanitizeSQLString($a_ip_seq[0] . "." . $a_ip_seq[1] . ".") . "%'\n\t\t\t\t\t"; } else { $sql .= " and remote_addr_ses = '" . io::sanitizeSQLString($_SERVER['REMOTE_ADDR']) . "'\n\t\t\t\t\t"; } } $q = new CMS_query($sql); if ($q->getNumRows()) { return true; } } return false; }
/** * Destroy the module * * @return void * @access public */ function destroy() { global $cms_user; // Check module exists and is polymod if (!$this->isDestroyable()) { return false; } // CHECK USED ROWS $rowsIds = CMS_rowsCatalog::getByModules(array($this->_codename), false, false); //delete all module rows foreach ($rowsIds as $rowId) { $row = CMS_rowsCatalog::getByID($rowId); if (is_object($row)) { $row->destroy(); } } // TREAT CATEGORIES $attrs = array("module" => $this->_codename, "language" => CMS_languagesCatalog::getDefaultLanguage(), "level" => -1, "root" => -1, "cms_user" => $cms_user, "clearanceLevel" => CLEARANCE_MODULE_EDIT, "strict" => false); $cats = CMS_moduleCategories_catalog::getAll($attrs); if ($cats) { foreach ($cats as $cat) { // Destroy category $cat->destroy(); } } // TREAT MODULE & VALIDATIONS RIGHTS $sql = "\n\t\t\tselect \n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tprofiles\n\t\t\twhere\n\t\t\t\tmoduleClearancesStack_pr like '" . io::sanitizeSQLString($this->_codename) . ",%'\n\t\t\t\t or moduleClearancesStack_pr like '%;" . io::sanitizeSQLString($this->_codename) . ",%'\n\t\t "; $q = new CMS_query($sql); if ($q->getNumRows()) { while ($r = $q->getArray()) { $stack = new CMS_stack(); $stack->setTextDefinition($r['moduleClearancesStack_pr']); $stack->delAllWithOneKey($this->_codename); $qInsert = new CMS_query("update profiles set moduleClearancesStack_pr='" . io::sanitizeSQLString($stack->getTextDefinition()) . "' where id_pr='" . $r['id_pr'] . "'"); } } $sql = "\n\t\t\tselect \n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tprofiles\n\t\t\twhere\n\t\t\t\tvalidationClearancesStack_pr like '" . io::sanitizeSQLString($this->_codename) . ";%'\n\t\t\t\t or validationClearancesStack_pr like '%;" . io::sanitizeSQLString($this->_codename) . ";%'\n\t\t\t\t or validationClearancesStack_pr = '" . io::sanitizeSQLString($this->_codename) . "'\n\t\t\t"; $q = new CMS_query($sql); if ($q->getNumRows()) { while ($r = $q->getArray()) { $stack = new CMS_stack(); $stack->setTextDefinition($r['validationClearancesStack_pr']); $stack->delAllWithOneKey($this->_codename); $qInsert = new CMS_query("update profiles set validationClearancesStack_pr='" . io::sanitizeSQLString($stack->getTextDefinition()) . "' where id_pr='" . $r['id_pr'] . "'"); } } //remove module files if (CMS_file::deltreeSimulation(PATH_MODULES_FILES_FS . '/' . $this->_codename, true)) { CMS_file::deltree(PATH_MODULES_FILES_FS . '/' . $this->_codename, true); } //remove JS and CSS if (is_dir(PATH_JS_FS . '/modules/' . $this->_codename) && CMS_file::deltreeSimulation(PATH_JS_FS . '/modules/' . $this->_codename, true)) { CMS_file::deltree(PATH_JS_FS . '/modules/' . $this->_codename, true); } if (is_dir(PATH_CSS_FS . '/modules/' . $this->_codename) && CMS_file::deltreeSimulation(PATH_CSS_FS . '/modules/' . $this->_codename, true)) { CMS_file::deltree(PATH_CSS_FS . '/modules/' . $this->_codename, true); } $cssFiles = $this->getCSSFiles('', true); foreach ($cssFiles as $mediaCssFiles) { foreach ($mediaCssFiles as $cssFile) { CMS_file::deleteFile(PATH_REALROOT_FS . '/' . $cssFile); } } //Clear polymod cache //CMS_cache::clearTypeCacheByMetas('polymod', array('module' => $this->_codename)); CMS_cache::clearTypeCache('polymod'); // Destroy module return parent::destroy(); }
/** * Delete current session datas * * @param boolean $force : force removing persistent session (default false) * @return void * @access public * @static */ static function deleteSession($force = false) { //clear session storage $authStorage = new Zend_Auth_Storage_Session('atm-auth'); $authStorage->clear(); //clear session table $sql = "\n\t\t\tdelete\n\t\t\tfrom\n\t\t\t\tsessions\n\t\t\twhere\n\t\t\t\tphpid_ses='" . io::sanitizeSQLString(Zend_Session::getId()) . "'\n\t\t"; if (!$force) { //keep session with persistent cookie $sql .= "\n\t\t\t\tand (\n\t\t\t\t\tUNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(lastTouch_ses) > " . io::sanitizeSQLString(APPLICATION_SESSION_TIMEOUT) . "\n\t\t\t\t\tand cookie_expire_ses = '0000-00-00 00:00:00'\n\t\t\t\t) or (\n\t\t\t\t\tcookie_expire_ses != '0000-00-00 00:00:00'\n\t\t\t\t\tand TO_DAYS(NOW()) >= cookie_expire_ses\n\t\t\t\t)\n\t\t\t"; } else { //remove autologin cookie if exists if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) { //remove cookie CMS_session::setCookie(CMS_session::getAutoLoginCookieName()); } } $q = new CMS_query($sql); //remove phpMyAdmin cookies if any @setcookie(session_name(), false, time() - 3600, PATH_REALROOT_WR . '/automne/phpMyAdmin/', '', 0); @setcookie('phpMyAdmin', false, time() - 3600, PATH_REALROOT_WR . '/automne/phpMyAdmin/', '', 0); return true; }
/** * Get all the aliases for a given name * * @param string $name The name to get aliases of * @param boolean $returnObject function return array of id or array of CMS_resource_cms_aliases (default) * @return array * @access public * @static */ static function getByName($name, $returnObject = true) { if (!$name || $name != sensitiveIO::sanitizeAsciiString($name, '@')) { return array(); } $sql = "\n\t\t\tselect\n\t\t\t\tid_ma\n\t\t\tfrom\n\t\t\t\tmod_cms_aliases\n\t\t\twhere \n\t\t\t\talias_ma='" . io::sanitizeSQLString($name) . "'\n\t\t\torder by id_ma asc"; $q = new CMS_query($sql); $result = array(); while ($arr = $q->getArray()) { if ($returnObject) { $alias = CMS_module_cms_aliases::getByID($arr["id_ma"]); if ($alias && !$alias->hasError()) { $result[$arr["id_ma"]] = $alias; } } else { $result[$arr["id_ma"]] = $arr["id_ma"]; } } return $result; }
/** * Sets the redirection page * * @param CMS_page $page The page to set * @return boolean true on success, false on failure * @access public */ function setPage($page) { if (is_a($page, "CMS_page") && !$page->hasError()) { if ($this->_replace) { //check if another alias already replace this page URL $sql = "\n\t\t\t\t\tselect \n\t\t\t\t\t\tid_ma\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_cms_aliases\n\t\t\t\t\twhere\n\t\t\t\t\t\tpage_ma='" . io::sanitizeSQLString($page->getID()) . "'\n\t\t\t\t\t\tand replace_ma='1'"; if ($this->getID()) { $sql .= " and id_ma != '" . $this->getID() . "'"; } $q = new CMS_query($sql); if ($q->getNumRows()) { return false; } } $this->_pageID = $page->getID(); $this->_url = ''; return true; } else { return false; } }
/** * Does given uuid already exists for rows * * @param string $uuid The uuid to check * @return boolean * @access public */ static function uuidExists($uuid) { if (!$uuid) { CMS_grandFather::raiseError("uuid must be set"); return false; } $q = new CMS_query("\n\t\t\tselect \n\t\t\t\tid_row\n\t\t\tfrom \n\t\t\t\tmod_standard_rows \n\t\t\twhere\n\t\t\t\tuuid_row='" . io::sanitizeSQLString($uuid) . "'\n\t\t"); return $q->getNumRows() ? true : false; }
</ul>'; //Ini file infos $return = CMS_patch::executeCommand('"' . $cliPath . '" --ini', $error); if (!$error && $return) { $content .= '<code>' . str_replace("\n", '<br />', $return) . '</code>'; } $content .= ' </fieldset>'; } //Daily Routine if ($mysqlOk) { $modules = CMS_modulesCatalog::getAll(); $drContent = ''; foreach ($modules as $aModule) { //see if the action was done today $sql = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tactionsTimestamps\n\t\t\twhere\n\t\t\t\ttype_at='DAILY_ROUTINE'\n\t\t\t\tand module_at='" . io::sanitizeSQLString($aModule->getCodename()) . "'\n\t\t"; $q = new CMS_query($sql); if ($q->getNumRows()) { $drContent .= '<li class="atm-pic-ok">OK for "' . $aModule->getLabel($cms_language) . '". Last execution: ' . $q->getValue('date_at') . '</li>'; } } if ($drContent) { $content .= '<br /> <fieldset style="padding:5px;"> <legend>Test Daily Routine</legend> <ul class="atm-server"> ' . $drContent . ' </ul> </fieldset>'; } }
case 'demofr': $error = ''; if (!patch(dirname(__FILE__) . '/' . $demoFr, $error)) { die(sprintf($error_step3_Demo_script, $error)); } break; case 'clean': //Import DB structure $structureScript = PATH_MAIN_FS . "/sql/automne4.sql"; if (file_exists($structureScript) && CMS_patch::executeSqlScript($structureScript, true)) { CMS_patch::executeSqlScript($structureScript); } else { die(sprintf($error_step3_SQL_script, $structureScript)); } //Set websites language like the current installation language $q = new CMS_query("update websites set language_web='" . io::sanitizeSQLString($install_language) . "'"); break; } //Import DB messages //get all SQL files of the message dir $files = glob(PATH_MAIN_FS . "/sql/messages/*/*.sql", GLOB_NOSORT); if (is_array($files)) { foreach ($files as $file) { if (file_exists($file) && CMS_patch::executeSqlScript($file, true)) { CMS_patch::executeSqlScript($file); } else { die(sprintf($error_step3_SQL_script, $file)); } } } else { die(sprintf($error_step3_SQL_script, PATH_MAIN_FS . "/sql/messages/*/*.sql"));
/** * End prefetching for a given module * - End constant declarion comparaison * - Get all messages for all new constants declared * * @param string $module The codename of the module owner of the message * @return boolean * @access public */ function endPrefetch($module = MOD_STANDARD_CODENAME) { $constants = get_defined_constants(); if (!is_array($constants)) { return false; } if (!isset($this->_prefetchStatus[$module]) || !is_array($this->_prefetchStatus[$module])) { $this->raiseError("Try to end message prefetch which not already started"); return false; } $diff = array_diff_assoc((array) @$constants, $this->_prefetchStatus[$module]); if (!$diff) { return true; } $sql = "\n\t\t\tselect\n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tmessages\n\t\t\twhere\n\t\t\t\tid_mes in (" . implode($diff, ',') . ")\n\t\t\t\tand module_mes = '" . $module . "'\n\t\t\t\tand language_mes = '" . io::sanitizeSQLString($this->_code) . "'\n\t\t"; $q = new CMS_query($sql); if ($q->getNumRows()) { while ($data = $q->getArray()) { $this->_storeMessage($data['id_mes'], $data['module_mes'], $data['message_mes']); } } return true; }
/** * Returns all the page Templates, sorted by label. * Static function. * * @param boolean $includeInactive If set to true, don't watch inactive templates * @return array(CMS_pageTemplate) * @access public */ static function getAll($includeInactive = false, $keyword = '', $groups = array(), $website = '', $tplIds = array(), $user = false, $start = 0, $limit = 0, $returnObjects = true, &$score = array()) { $where = 'private_pt=0'; $select = 'id_pt'; //keywords if ($keyword) { //clean user keywords (never trust user input, user is evil) $keyword = strtr($keyword, ",;", " "); $words = array(); $words = array_map("trim", array_unique(explode(" ", io::strtolower($keyword)))); $cleanedWords = array(); foreach ($words as $aWord) { if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) { $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord); $cleanedWords[] = $aWord; } } if (!$cleanedWords) { //if no words after cleaning, return return array(); } //extract row: keywords which are used by general search engine to filter templates by row usage $rows = array(); foreach ($cleanedWords as $key => $word) { if (io::strpos($word, 'row:') === 0) { unset($cleanedWords[$key]); $rows[] = substr($word, 4); } } if ($cleanedWords) { $keywordWhere = ''; foreach ($cleanedWords as $cleanedWord) { $keywordWhere .= $keywordWhere ? ' and ' : ''; $keywordWhere .= " (\n\t\t\t\t\t\tdescription_pt like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\t\tor label_pt like '%" . sensitiveIO::sanitizeSQLString($cleanedWord) . "%'\n\t\t\t\t\t)"; } $where .= $where ? ' and ' : ''; $where .= " ((" . $keywordWhere . ") or MATCH (label_pt, description_pt) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') )"; $select .= " , MATCH (label_pt, description_pt) AGAINST ('" . sensitiveIO::sanitizeSQLString($keyword) . "') as m "; } if ($rows) { $q = new CMS_query("\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct(template_cs)\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_standard_clientSpaces_edited\n\t\t\t\t\twhere\n\t\t\t\t\t\ttype_cs in (" . io::sanitizeSQLString(implode($rows, ',')) . ")\n\t\t\t\t"); if ($q->getNumRows()) { while ($r = $q->getArray()) { $tplIds[] = $r['template_cs']; } } } } $sql = "\n\t\t\tselect\n\t\t\t\t" . $select . "\n\t\t\tfrom\n\t\t\t\tpageTemplates\n\t\t"; //groups if ($groups) { foreach ($groups as $group) { $where .= $where ? ' and ' : ''; $where .= " (\n\t\t\t\t\tgroupsStack_pt='" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t\tor groupsStack_pt like '%;" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_pt like '" . sensitiveIO::sanitizeSQLString($group) . ";%'\n\t\t\t\t\tor groupsStack_pt like '%;" . sensitiveIO::sanitizeSQLString($group) . "'\n\t\t\t\t)"; } } //website if ($website) { $where .= $where ? ' and ' : ''; $where .= " (\n\t\t\t\twebsitesdenied_pt != '" . sensitiveIO::sanitizeSQLString($website) . "'\n\t\t\t\tand websitesdenied_pt not like '%;" . sensitiveIO::sanitizeSQLString($website) . ";%'\n\t\t\t\tand websitesdenied_pt not like '" . sensitiveIO::sanitizeSQLString($website) . ";%'\n\t\t\t\tand websitesdenied_pt not like '%;" . sensitiveIO::sanitizeSQLString($website) . "'\n\t\t\t)"; } //useable if (!$includeInactive) { $where .= $where ? ' and ' : ''; $where .= " inUse_pt=1 "; $where .= " and definitionFile_pt!='' "; } //tplIds if ($tplIds) { $where .= $where ? ' and ' : ''; $where .= " id_pt in (" . implode(',', $tplIds) . ") "; } //user if (is_object($user) && !$user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) { $groupsDenied = $user->getTemplateGroupsDenied()->getElements(); if ($groupsDenied && is_array($groupsDenied) && sizeof($groupsDenied)) { $where .= $where ? ' and (' : '('; foreach ($groupsDenied as $group) { $where .= " (\n\t\t\t\t\t\tgroupsStack_pt != '" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t\tand groupsStack_pt not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_pt not like '" . sensitiveIO::sanitizeSQLString($group[0]) . ";%'\n\t\t\t\t\t\tand groupsStack_pt not like '%;" . sensitiveIO::sanitizeSQLString($group[0]) . "'\n\t\t\t\t\t) and "; } //remove last "and " and append ) $where = io::substr($where, 0, -4) . ')'; } } $sql = $sql . ($where ? ' where ' . $where : ''); //order if (io::strpos($sql, 'MATCH') === false) { $sql .= " order by label_pt "; } else { $sql .= " order by m desc "; } //limit if ($start || $limit) { $sql .= " limit " . sensitiveIO::sanitizeSQLString($start) . "," . sensitiveIO::sanitizeSQLString($limit); } //pr($sql); $q = new CMS_query($sql); $pts = array(); while ($r = $q->getArray()) { $id = $r['id_pt']; //set match score if exists if (isset($r['m'])) { $score[$id] = $r['m']; } if ($returnObjects) { $pt = new CMS_pageTemplate($id); if (!$pt->hasError()) { $pts[$pt->getID()] = $pt; } } else { $pts[$id] = $id; } } return $pts; }
/** * Duplicate this block * Used to duplicate a CMS_page. * * @param CMS_page $destinationPage, the page receiving a copy of this block * @param boolean $public The precision needed for USERSPACE location * @return CMS_block object */ function duplicate(&$destinationPage, $public = false) { if (SensitiveIO::isPositiveInteger($this->_dbID)) { $table = $this->_getDataTableName(RESOURCE_LOCATION_USERSPACE, $public); $str_set = "\n\t\t\t\t\tpage='" . io::sanitizeSQLString($destinationPage->getID()) . "',\n\t\t\t\t\tclientSpaceID='" . io::sanitizeSQLString($this->_clientSpaceID) . "',\n\t\t\t\t\trowID='" . io::sanitizeSQLString($this->_rowID) . "',\n\t\t\t\t\tblockID='" . io::sanitizeSQLString($this->_tagID) . "',\n\t\t\t\t\tvalue='" . io::sanitizeSQLString($this->_value) . "'\n\t\t\t"; $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\t" . $table . "\n\t\t\t\tset\n\t\t\t\t\t" . $str_set . "\n\t\t\t"; $q = new CMS_query($sql); if (!$q->hasError()) { //Table Edition $sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\t" . $this->_getDataTableName(RESOURCE_LOCATION_EDITION, false) . "\n\t\t\t\t\tset\n\t\t\t\t\t\tid='',\n\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t"; $q = new CMS_query($sql); return !$q->hasError(); } else { $this->raiseError("Duplicate, insertion failed: " . $sql); } } else { $this->raiseError("Duplicate, object does not have a DB ID, not initialized"); } return false; }
//Definition $definitionValue = $polymod->convertDefinitionString($_POST["definition"], false); $definitionErrors = $RSSDefinition->setValue("definition", $definitionValue); if ($definitionErrors !== true) { $cms_message .= "\n" . $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage(MESSAGE_PAGE_FIELD_DEFINITION) . ' : ' . $definitionErrors)); } if (!$RSSDefinition->setValue("link", $_POST["link"])) { $cms_message .= "\n" . $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage(MESSAGE_PAGE_FIELD_LINK, false, MOD_POLYMOD_CODENAME))); } if (!$RSSDefinition->setValue("author", $_POST["author"])) { $cms_message .= "\n" . $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage(MESSAGE_PAGE_FIELD_AUTHOR, false, MOD_POLYMOD_CODENAME))); } if (!$RSSDefinition->setValue("copyright", $_POST["copyright"])) { $cms_message .= "\n" . $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage(MESSAGE_PAGE_FIELD_COPYRIGHT, false, MOD_POLYMOD_CODENAME))); } if (!$RSSDefinition->setValue("namespaces", io::sanitizeSQLString($_POST["namespaces"]))) { $cms_message .= "\n" . $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage(MESSAGE_PAGE_FIELD_NAMESPACE, false, MOD_POLYMOD_CODENAME))); } if (!$RSSDefinition->setValue("categories", $_POST["categories"])) { $cms_message .= "\n" . $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage(MESSAGE_PAGE_FIELD_CATEGORIES, false, MOD_POLYMOD_CODENAME))); } if ($_POST["email"] && !$RSSDefinition->setValue("email", $_POST["email"])) { $cms_message .= "\n" . $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage(MESSAGE_PAGE_FIELD_EMAIL, false, MOD_POLYMOD_CODENAME))); } //TTL (Time to live in minutes)//TTL $baseList = array('hourly' => 60, 'daily' => 1440, 'weekly' => 10080, 'monthly' => 43200, 'yearly' => 525600); if (!sensitiveIO::isPositiveInteger($_POST['frequency'])) { $_POST['frequency'] = 1; } $ttl = (int) ($baseList[$_POST['update']] / $_POST['frequency']); if (!$ttl) {
/** * Finds an Object Definition based on the uuid * * @param string $uuid The object uuid to look for * @return CMS_poly_object_definition|boolean * @access public */ public static function getDefinitionFromUuid($uuid) { if (!$uuid) { CMS_grandFather::raiseError("uuid must be set"); return false; } $q = new CMS_query("\n\t\t\tselect\n\t\t\t\tid_mod\n\t\t\tfrom\n\t\t\t\tmod_object_definition\n\t\t\twhere\n\t\t\t\tuuid_mod='" . io::sanitizeSQLString($uuid) . "'\n\t\t"); return $q->getNumRows() == 1 ? new CMS_poly_object_definition($q->getValue('id_mod')) : false; }
/** * Returns true if the page is in the public tree * Static function. * * @param mixed $page The CMS_page to check or the page Id * @return boolean true on success, false if the page is not in the public tree * @access public */ static function isInPublicTree($page) { if (io::isPositiveInteger($page)) { $pageId = $page; } elseif (is_a($page, "CMS_page")) { $pageId = $page->getID(); } else { CMS_grandFather::raiseError("Page must be instance of CMS_page or a positive integer"); return false; } $sql = "\n\t\t\tselect\n\t\t\t\t1\n\t\t\tfrom\n\t\t\t\tlinx_tree_public\n\t\t\twhere\n\t\t\t\tsibling_ltr='" . io::sanitizeSQLString($pageId) . "'\n\t\t"; $q = new CMS_query($sql); if ($q->getNumRows()) { return true; } else { return false; } }