$commenttext = substr($commenttext, 0, $pos); } //get format mode if (preg_match('/<.*>/', $commenttext) != 0) { $postmode = 'html'; } else { $postmode = 'plaintext'; } } else { COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } return COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode) . COM_siteFooter(); } // MAIN CMT_updateCommentcodes(); $display = ''; // If reply specified, force comment submission form if (isset($_REQUEST['reply'])) { $_REQUEST['mode'] = ''; } $mode = ''; if (!empty($_REQUEST['mode'])) { $mode = COM_applyFilter($_REQUEST['mode']); } $formtype = ''; if (!empty($_REQUEST['formtype'])) { $formtype = COM_applyFilter($_REQUEST['formtype']); } switch ($mode) { case $LANG03[28]:
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); return PLG_RET_AUTH_FAILED; } require_once $_CONF['path_system'] . 'lib-comment.php'; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } // Store the first CATEGORY as the Topic ID if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } // - START: Set all the defaults - /* if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } */ /* This is a solution for above but the above has issues if (!TOPIC_checkTopicSelectionControl()) { $svc_msg['error_desc'] = 'No topics selected or available'; return PLG_RET_ERROR; } */ if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } // - END: Set all the defaults - // TEST CODE /* foreach ($args as $k => $v) { if (!is_array($v)) { echo "$k => $v\r\n"; } else { echo "$k => $v\r\n"; foreach ($v as $k1 => $v1) { echo " $k1 => $v1\r\n"; } } }*/ // exit (); // END TEST CODE if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH); } else { $args['sid'] = COM_makeSid(); } } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { // First load the original story to check if it has been modified $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } // This function is also doing the security checks $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); // Check if topics selected if not prompt required field if ($result == STORY_LOADED_OK) { if (!TOPIC_checkTopicSelectionControl()) { $result = STORY_EMPTY_REQUIRED_FIELDS; } } switch ($result) { case STORY_DUPLICATE_SID: $output .= COM_errorLog($LANG24[24], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5])); return PLG_RET_ERROR; break; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_NO_ACCESS_PARAMS: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_EMPTY_REQUIRED_FIELDS: $output .= COM_errorLog($LANG24[31], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output); return PLG_RET_ERROR; break; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new Upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $z . '.' . $fextension; } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')"); next($filenames); } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkAttachedImages(); if (count($errors) > 0) { $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG24[55] . LB . '<ul>' . LB; foreach ($errors as $err) { $output .= '<li>' . $err . '</li>' . LB; } $output .= '</ul>' . LB; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= storyeditor($sid); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54])); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_rdfUpToDateCheck('comment'); STORY_updateLastArticlePublished(); CMT_updateCommentcodes(); if ($story->type == 'submission') { $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9'); } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }
/** * Returns the site header * * This loads the proper templates, does variable substitution and returns the * HTML for the site header with or without blocks depending on the value of $what * * Programming Note: * * The two functions COM_siteHeader and COM_siteFooter provide the framework for * page display in glFusion. COM_siteHeader controls the display of the Header * and left blocks and COM_siteFooter controls the dsiplay of the right blocks * and the footer. You use them like a sandwich. Thus the following code will * display a glFusion page with both right and left blocks displayed. * * <code> * <?php * require_once('lib-common.php'); * $display .= COM_siteHeader(); //Change to COM_siteHeader('none') to not display left blocks * $display .= "Here is your html for display"; * $display .= COM_siteFooter(true); // Change to COM_siteFooter() to not display right blocks * echo $display; * ? > * </code> * * Note that the default for the header is to display the left blocks and the * default of the footer is to not display the right blocks. * * This sandwich produces code like this (greatly simplified) * <code> * // COM_siteHeader * <table><tr><td colspan="3">Header</td></tr> * <tr><td>Left Blocks</td><td> * * // Your HTML goes here * Here is your html for display * * // COM_siteFooter * </td><td>Right Blocks</td></tr> * <tr><td colspan="3">Footer</td></table> * </code> * * @param string $what If 'none' then no left blocks are returned, if * 'menu' (default) then right blocks are returned * @param string $pagetitle optional content for the page's <title> * @param string $headercode optional code to go into the page's <head> * @return string Formatted HTML containing the site header * @see function COM_siteFooter * */ function COM_siteHeader($what = 'menu', $pagetitle = '', $headercode = '') { global $_CONF, $_SYSTEM, $_VARS, $_TABLES, $_USER, $LANG01, $LANG_BUTTONS, $LANG_DIRECTION, $_IMAGE_TYPE, $topic, $_COM_VERBOSE, $theme_what, $theme_pagetitle, $theme_headercode, $theme_layout, $blockInterface; if (!isset($_USER['theme']) || $_USER['theme'] == '') { $_USER['theme'] = $_CONF['theme']; } $function = $_USER['theme'] . '_siteHeader'; if (function_exists($function)) { return $function($what, $pagetitle, $headercode); } $dt = new Date('now', $_USER['tzid']); static $headerCalled = 0; if ($headerCalled == 1) { return ''; } $headerCalled = 1; if (is_array($what)) { $theme_what = array(); } $theme_pagetitle = $pagetitle; $theme_headercode = $headercode; if (isset($blockInterface['left'])) { $currentURL = COM_getCurrentURL(); if (strpos($currentURL, $_CONF['site_admin_url']) === 0) { if ($blockInterface['left']['location'] == 'right' || $blockInterface['left']['location'] == 'left') { $theme_what = 'none'; } else { $theme_what = $what; } } else { $theme_what = $what; } } else { $theme_what = $what; } $header = new Template($_CONF['path_layout']); $header->set_file('header', 'htmlheader.thtml'); $cacheID = SESS_getVar('cacheID'); if (empty($cacheID) || $cacheID == '') { if (!isset($_VARS['cacheid'])) { $cacheID = 'css_' . md5(time()); $_VARS['cacheid'] = $cacheID; } else { $cacheID = $_VARS['cacheid']; } SESS_setVar('cacheID', $cacheID); } // give the theme a chance to load stuff.... $function = $_USER['theme'] . '_headerVars'; if (function_exists($function)) { $function($header); } // get topic if not on home page if (!isset($_GET['topic'])) { if (isset($_GET['story'])) { $sid = COM_applyFilter($_GET['story']); } elseif (isset($_GET['sid'])) { $sid = COM_applyFilter($_GET['sid']); } elseif (isset($_POST['story'])) { $sid = COM_applyFilter($_POST['story']); } if (empty($sid) && $_CONF['url_rewrite'] && strpos($_SERVER['PHP_SELF'], 'article.php') !== false) { COM_setArgNames(array('story', 'mode')); $sid = COM_applyFilter(COM_getArgument('story')); } if (!empty($sid)) { $topic = DB_getItem($_TABLES['stories'], 'tid', "sid='" . DB_escapeString($sid) . "'"); } } else { $topic = COM_applyFilter($_GET['topic']); } $feed_url = array(); if ($_CONF['backend'] == 1) { // add feed-link to header if applicable if (SESS_isSet('feedurl')) { $feed_url = unserialize(SESS_getVar('feedurl')); } else { $baseurl = SYND_getFeedUrl(); $sql = 'SELECT format, filename, title, language FROM ' . $_TABLES['syndication'] . " WHERE (header_tid = 'all')"; if (!empty($topic)) { $sql .= " OR (header_tid = '" . DB_escapeString($topic) . "')"; } $result = DB_query($sql); $numRows = DB_numRows($result); for ($i = 0; $i < $numRows; $i++) { $A = DB_fetchArray($result); if (!empty($A['filename'])) { $format = explode('-', $A['format']); $format_type = strtolower($format[0]); $format_name = ucwords($format[0]); $feed_url[] = '<link rel="alternate" type="application/' . $format_type . '+xml"' . ' href="' . $baseurl . $A['filename'] . '" title="' . $format_name . ' Feed: ' . $A['title'] . '"/>'; } } SESS_setVar('feedurl', serialize($feed_url)); } } $header->set_var('feed_url', implode(LB, $feed_url)); $relLinks = array(); if (!COM_onFrontpage()) { $relLinks['home'] = '<link rel="home" href="' . $_CONF['site_url'] . '/" title="' . $LANG01[90] . '"/>'; } else { CMT_updateCommentcodes(); } $loggedInUser = !COM_isAnonUser(); if ($loggedInUser || $_CONF['loginrequired'] == 0 && $_CONF['searchloginrequired'] == 0) { if (substr($_SERVER['PHP_SELF'], -strlen('/search.php')) != '/search.php' || isset($_GET['mode'])) { $relLinks['search'] = '<link rel="search" href="' . $_CONF['site_url'] . '/search.php" title="' . $LANG01[75] . '"/>'; } } if ($loggedInUser || $_CONF['loginrequired'] == 0 && $_CONF['directoryloginrequired'] == 0) { if (strpos($_SERVER['PHP_SELF'], '/article.php') !== false) { $relLinks['contents'] = '<link rel="contents" href="' . $_CONF['site_url'] . '/directory.php" title="' . $LANG01[117] . '"/>'; } } if (!$_CONF['disable_webservices']) { $relLinks['service'] = '<link rel="service" ' . 'type="application/atomsvc+xml" ' . 'href="' . $_CONF['site_url'] . '/webservices/atom/index.php?introspection" ' . 'title="' . $LANG01[130] . '"/>' . LB; } $header->set_var('rel_links', implode(LB, $relLinks)); if (empty($pagetitle) && isset($_CONF['pagetitle'])) { $pagetitle = $_CONF['pagetitle']; } if (empty($pagetitle)) { if (empty($topic)) { $pagetitle = $_CONF['site_slogan']; } else { $pagetitle = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($topic) . "'"); } } if (!empty($pagetitle)) { $header->set_var('page_site_splitter', ' - '); } else { $header->set_var('page_site_splitter', ''); } $header->set_var('page_title', $pagetitle); $header->set_var('site_name', $_CONF['site_name']); if (COM_onFrontpage()) { $title_and_name = $_CONF['site_name']; if (!empty($pagetitle)) { $title_and_name .= ' - ' . $pagetitle; } } else { $title_and_name = ''; if (!empty($pagetitle)) { $title_and_name = $pagetitle . ' - '; } $title_and_name .= $_CONF['site_name']; } $header->set_var('page_title_and_site_name', $title_and_name); $rdf = substr_replace($_CONF['rdf_file'], $_CONF['site_url'], 0, strlen($_CONF['path_html']) - 1) . LB; list($cacheFile, $style_cache_url) = COM_getStyleCacheLocation(); list($cacheFile, $js_cache_url) = COM_getJSCacheLocation(); $header->set_var(array('site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'rdf_file' => $rdf, 'rss_url' => $rdf, 'css_url' => $_CONF['layout_url'] . '/style.css', 'theme' => $_USER['theme'], 'style_cache_url' => $style_cache_url, 'js_cache_url' => $js_cache_url, 'charset' => COM_getCharset(), 'cacheid' => $_USER['theme'] . $cacheID, 'direction' => empty($LANG_DIRECTION) ? 'ltr' : $LANG_DIRECTION, 'plg_headercode' => $headercode . PLG_getHeaderCode())); // Call to plugins to set template variables in the header PLG_templateSetVars('header', $header); $header->parse('index_header', 'header'); $retval = $header->finish($header->get_var('index_header')); echo $retval; // Start caching / capturing output from glFusion / plugins ob_start(); return ''; }