/** * create or edit a page * * @return array status of the edit */ function Core_adminPageEdit() { /** * function for recursively updating a page (and its children) template * * @param int $id the page id * @param string $template the template name * * @return null */ function recursivelyUpdatePageTemplates($id, $template) { $pages = Pages::getInstancesByParent($id, false); $ids = array(); foreach ($pages->pages as $page) { $ids[] = $page->id; recursivelyUpdatePageTemplates($page->id, $template); } if (!count($ids)) { return; } dbQuery('update pages set template="' . addslashes($template) . '" where id in (' . join(',', $ids) . ')'); } $id = (int) @$_REQUEST['id']; $pid = $id ? dbOne('select parent from pages where id=' . $id, 'parent') : (int) $_REQUEST['parent']; $special = 0; if (isset($_REQUEST['special'])) { $specials = $_REQUEST['special']; if (is_array($specials)) { foreach ($specials as $a => $b) { $special += pow(2, $a); } } $homes = dbOne("select count(id) as ids from pages where (special&1)" . ($id ? " AND id!={$id}" : ""), 'ids'); if ($special & 1) { // there can be only one homepage if ($homes != 0) { dbQuery("update pages set special=special-1 where special&1"); } } else { if ($homes == 0) { $special += 1; } } } $keywords = @$_REQUEST['keywords']; $title = @$_REQUEST['title']; $description = @$_REQUEST['description']; $date_publish = isset($_REQUEST['date_publish']) ? $_REQUEST['date_publish'] : '0000-00-00 00:00:00'; $date_unpublish = isset($_REQUEST['date_unpublish']) ? $_REQUEST['date_unpublish'] : '0000-00-00 00:00:00'; $importance = (double) @$_REQUEST['importance']; if (!isset($_REQUEST['body'])) { $_REQUEST['body'] = ''; } if ($importance < 0.1) { $importance = 0.5; } if ($importance > 1) { $importance = 1; } // { name, alias $name = trim($_REQUEST['name']); if (!$name) { $name = __('No page name provided'); } else { // check to see if name is already in use $sql = 'select id from pages where name="' . addslashes($name) . '" and parent=' . $pid . ' and id!=' . $id; if (dbOne($sql, 'id')) { $i = 2; while (dbOne('select id from pages where name="' . addslashes($name . $i) . '" and parent=' . $pid . ' and id!="' . $id . '"', 'id')) { $i++; } $msgs .= '<em>' . __('A page named "%1" already exists. Page name amended to "%2"', $name, $name . $i) . '</em>'; $name .= $i; } } $alias = transcribe(__FromJson($name, true)); // } // { body if (@$_REQUEST['page_vars']['_body']) { $_REQUEST['body'] = $_REQUEST['page_vars']['_body']; unset($_REQUEST['page_vars']['_body']); } if (!$id) { $original_body = '<h1>' . htmlspecialchars($name) . '</h1><p> </p>'; } else { $lim = (int) @$GLOBALS['DBVARS']['site_page_length_limit']; if (is_array($_REQUEST['body'])) { if ($lim) { foreach ($_REQUEST['body'] as $k => $v) { if (strlen($v) > $lim) { $_REQUEST['body'][$k] = preg_replace('/<[^>]*$/', '', substr($v, 0, $lim)); } } } $original_body = json_encode($_REQUEST['body']); } else { $original_body = $_REQUEST['body']; if ($lim && strlen($original_body) > $lim) { $original_body = preg_replace('/<[^>]*$/', '', substr($original_body, 0, $lim)); } } } foreach ($GLOBALS['PLUGINS'] as $plugin) { if (isset($plugin['admin']['body_override'])) { $original_body = $plugin['admin']['body_override'](false); } } $body = $original_body; $body = Core_sanitiseHtml($body); // } // { template $template = @$_REQUEST['template']; if ($template == '' && $pid) { $template = dbOne('select template from pages where id=' . $pid, 'template'); } if (isset($_REQUEST['recursively_update_page_templates'])) { recursivelyUpdatePageTemplates($id, $template); } // } if ($id != 0) { //if we don't create a page //i.e. we edit it $page = Page::getInstance($id); $page->initValues(); if (isset($page->plugin)) { //if this page it's a plugin $type = $page->plugin; //we find the plugin's name(plugin type) } if (@$GLOBALS['PLUGINS'][$type]['do-not-delete']) { // don't modify type $type = dbOne('select type from pages where id=' . $id, 'type'); if ($type != $_REQUEST['type']) { echo '<script>alert("' . addslashes(__("The type of the page couldn't be changed")) . '")</script>'; } } else { //We can change the type $type = $_REQUEST['type']; } } else { //if we create the page $type = $_REQUEST['type']; } $destType = preg_replace('/\\|.*/', '', $_REQUEST['type']); if (@$GLOBALS['PLUGINS'][$destType]['only-one-page-instance'] == true) { //we count how many pages of this type //we have $howMany = dbOne('select COUNT(type) FROM pages WHERE type="' . $_REQUEST['type'] . '"' . ' and id!=' . $id, 'COUNT(type)'); if ($howMany >= 1) { //If we already have a page echo "<script>alert('" . addslashes(__('You already have one page of that type')) . "');</script>"; return array('error' => __('You can have only one page of this type')); } } $associated_date = isset($_REQUEST['associated_date']) ? $_REQUEST['associated_date'] : date('Y-m-d H:i:s'); $q = 'pages set importance=' . $importance . ',template="' . addslashes($template) . '",edate=now()' . ',type="' . addslashes($type) . '"' . ',date_unpublish="' . addslashes($date_unpublish) . '"' . ',date_publish="' . addslashes($date_publish) . '"' . ',associated_date="' . addslashes($associated_date) . '"' . ',keywords="' . addslashes($keywords) . '"' . ',description="' . addslashes($description) . '"' . ',name="' . addslashes($name) . '"' . ',title="' . addslashes($title) . '"' . ',original_body="' . addslashes(Core_sanitiseHtmlEssential($original_body)) . '"' . ',link="' . addslashes(__FromJson($name, true)) . '"' . ',body="' . addslashes($body) . '"' . ',alias="' . $alias . '",parent=' . $pid . ',special=' . $special; if (!$id) { // ord $ord = dbOne('select ord from pages where parent=' . $pid . ' order by ord desc limit 1', 'ord') + 1; $q .= ',ord=' . $ord . ',cdate=now()'; } // { insert the page if ($id) { $q = 'update ' . $q . ' where id=' . $id; } else { $onlyOnePageInstance = false; $pluginType = preg_replace('/\\|.*/', '', $_REQUEST['type']); if (isset($GLOBALS['PLUGINS'][$pluginType]['only-one-page-instance'])) { $onlyOnePageInstance = $GLOBALS['PLUGINS'][$pluginType]['only-one-page-instance']; } $alreadyAtInstancesLimit = $onlyOnePageInstance ? dbOne('select COUNT(type) FROM pages WHERE type="' . $_REQUEST['type'] . '"', 'COUNT(type)') : 0; $q = 'INSERT into ' . $q . ',category=""'; if ($onlyOnePageInstance == true) { if ($howMany >= 1) { return array('error' => __('You can have only one page of this type')); } } } dbQuery($q); if (!$id) { $id = dbOne('select last_insert_id() as id', 'id'); } // } // { page_vars dbQuery('delete from page_vars where page_id="' . $id . '"'); $pagevars = isset($_REQUEST['page_vars']) ? $_REQUEST['page_vars'] : array(); if (@$_REQUEST['short_url']) { dbQuery('insert into short_urls set cdate=now(),page_id=' . $id . ',short_url="' . addslashes($_REQUEST['short_url']) . '"'); $pagevars['_short_url'] = 1; } else { dbQuery('delete from short_urls where page_id=' . $id); unset($pagevars['_short_url']); } if (is_array($pagevars)) { if (isset($pagevars['google-site-verification'])) { $pagevars['google-site-verification'] = preg_replace('#.*content="([^"]*)".*#', '\\1', $pagevars['google-site-verification']); } foreach ($pagevars as $k => $v) { if (is_array($v)) { $v = json_encode($v); } dbQuery('insert into page_vars (name,value,page_id) values("' . addslashes($k) . '","' . addslashes($v) . '",' . $id . ')'); } } // } if ($_POST['type'] == 4) { $page_summary_parent = isset($_POST['page_summary_parent']) ? $_POST['page_summary_parent'] : $id; $r2 = dbRow('select * from page_summaries where page_id="' . $id . '"'); $do = 1; if ($r2) { if (isset($_POST['page_summary_parent']) && $r2['parent_id'] != $page_summary_parent) { dbQuery('delete from page_summaries where page_id="' . $id . '"'); } else { $do = 0; } } if ($do) { dbQuery('insert into page_summaries set page_id="' . $id . '",parent_id="' . $page_summary_parent . '",rss=""'); } require_once SCRIPTBASE . '/ww.incs/page.summaries.php'; PageSummaries_getHtml($id); } // { clean up and return dbQuery('update page_summaries set rss=""'); if (@$GLOBALS['DBVARS']['cron-next']) { unset($GLOBALS['DBVARS']['cron-next']); } Core_cacheClear(); Core_configRewrite(); return array('id' => $id, 'pid' => $pid, 'alias' => $alias, 'sql' => $q); // } }
/** * edit a product type * * @return array */ function Products_adminTypeEdit() { $d = $_REQUEST['data']; $data_fields = json_encode($d['data_fields']); $sql = 'update products_types set name="' . addslashes($d['name']) . '"' . ', allowcomments="' . (int) $d['allowcomments'] . '"' . ', multiview_template="' . addslashes(Core_sanitiseHtmlEssential($d['multiview_template'])) . '",singleview_template="' . addslashes(Core_sanitiseHtmlEssential($d['singleview_template'])) . '",data_fields="' . addslashes($data_fields) . '"' . ', is_for_sale=' . (int) $d['is_for_sale'] . ', has_userdefined_price=' . (int) @$d['user_defined_price'] . ', is_voucher=' . (int) $d['is_voucher'] . ', stock_control=' . (int) $d['stock_control'] . ', default_category=' . (int) $d['default_category'] . ', voucher_template="' . addslashes(Core_sanitiseHtmlEssential($d['voucher_template'])) . '",' . 'prices_based_on_usergroup="' . addslashes($d['prices_based_on_usergroup']) . '",multiview_template_header="' . addslashes(Core_sanitiseHtmlEssential($d['multiview_template_header'])) . '",template_expired_notification="' . addslashes(Core_sanitiseHtmlEssential(@$d['template_expired_notification'])) . '",multiview_template_footer="' . addslashes(Core_sanitiseHtmlEssential($d['multiview_template_footer'])) . '" where id=' . (int) $d['id']; dbQuery($sql); Core_cacheClear(); return array('ok' => 1); }
/** * thoroughly clean up HTML * * @param string $original_html the original HTML * * @return string sanitised HTML */ function Core_sanitiseHtml($original_html) { $original_html = Core_sanitiseHtmlEssential($original_html); $original_html = Core_fixImageResizes($original_html); $original_html = str_replace("\n", '{{N}}', $original_html); $original_html = str_replace("\r", '{{R}}', $original_html); do { $html = $original_html; // { clean white-space $html = str_replace('{{R}}{{N}}', "{{N}}", $html); $html = str_replace('>{{N}}', '>', $html); $html = str_replace('{{N}}{{N}}', '{{N}}', $html); $html = preg_replace("/<p>\\s*/", '<p>', $html); $html = preg_replace("#\\s*<br( ?/)?>\\s*#", '<br />', $html); $html = preg_replace("#\\s*<li>\\s*#", '<li>', $html); $html = str_replace(">\t", '>', $html); $html = preg_replace('#<p([^>]*)>\\s*\\ \\s*</p>#', '<p\\1></p>', $html); // } // { remove empty elements and parameters $html = preg_replace('/<!--[^>]*-->/', '', $html); // } // { combine nested elements $html = preg_replace('#<span style="([^"]*?);?">(\\s*)<span style="([^"]*)">([^<]*|<img[^>]' . '*>)</span>(\\s*)</span>#', '\\2<span style="\\1;\\3">\\4</span>\\5', $html); $html = preg_replace('#<a href="([^"]*)">(\\s*)<span style="([^"]*)">([^<]*|<img[^>]*>)</sp' . 'an>(\\s*)</a>#', '\\2<a href="\\1" style="\\3">\\4</a>\\5', $html); $html = preg_replace('#<strong>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</strong>#', '<strong style="\\2">\\1\\3\\4</strong>', $html); $html = preg_replace('#<b>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</b>#', '<b style="\\2">\\1\\3\\4</b>', $html); $html = preg_replace('#<li>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</li>#', '<li style="\\2">\\1\\3\\4</li>', $html); $html = preg_replace('#<p>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</p>#', '<p style="\\2">\\1\\3\\4</p>', $html); $html = preg_replace('#<span style="([^"]*)">(\\s*)<strong>([^<]*)</strong>(\\s*)</span>#', '\\2<strong style="\\1">\\3</strong>\\4', $html); $html = preg_replace('#<span style="([^"]*?);?">(\\s*)<strong style="([^"]*)">([^<]*)</stro' . 'ng>(\\s*)</span>#', '\\2<strong style="\\1;\\3">\\4</strong>\\5', $html); $html = preg_replace("/<p>\\s*(<img[^>]*>)\\s*<\\/p>/", '\\1', $html); $html = preg_replace('/<span( style="font-[^:]*:[^"]*")?>\\s*(<img[^>]*>)\\s*<\\/span>/', '\\2', $html); $html = preg_replace("/<strong>\\s*(<img[^>]*>)\\s*<\\/strong>/", '\\1', $html); // } // { remove unnecessary elements $html = preg_replace('#<meta [^>]*>(.*?)</meta>#', '\\1', $html); // } // { strip repeated CSS inline elements (TODO: make this more efficient...) $html = str_replace('font-size: large;font-size: large', 'font-size: large', $html); // } // { strip useless CSS $sillystuff = ' style="([^"]*)(color:[^;"]*|font-size:[^;"]*|font-family:' . '[^;"]*|line-height:[^;"]*);([^"]*)"'; $html = preg_replace('#\\s*<span' . $sillystuff . '>\\s*</span>\\s*#', '<span style="\\1\\3"></span>', $html); $html = str_replace('<span style=""></span>', '<span></span>', $html); $html = preg_replace('#\\s*<p' . $sillystuff . '>\\s*</p>\\s*#', '<p style="\\1\\3"></p>', $html); $html = str_replace('<p style=""></p>', '<p></p>', $html); // } $has_changed = $html != $original_html; $original_html = $html; } while ($has_changed); // { old-style tabs if (strpos($html, '%TABPAGE%')) { $rand = md5(mt_rand()); $test = preg_replace('/<p>[^<]*(%TAB[^%]*%)[^<]*<\\/p>/', '\\1', $html); $test = str_replace('%TABEND%', '</div></div><script>$(function(){$("#' . $rand . '").tabs();});</script>', $test); $parts = preg_split('/%TAB[^%]*%/', $test); $headings = array(); for ($i = 1; $i < count($parts); ++$i) { $headings[] = preg_replace('/<[^>]*>/', '', preg_replace('/^[^<]*<h2[^>]*>(.*?)<\\/h2>.*/', '\\1', $parts[$i])); $replacement = ($i > 1 ? '</div>' : '') . '<div id="' . $rand . '-' . strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $headings[$i - 1])) . '">'; $parts[$i] = preg_replace('/^[^<]*<h2[^>]*>(.*?)<\\/h2>/', $replacement, $parts[$i]); } $menu = '<div id="' . $rand . '" class="tabs"><ul>'; foreach ($headings as $h) { $menu .= '<li><a href="#' . $rand . '-' . strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $h)) . '">' . htmlspecialchars($h) . '</a></li>'; } $parts[0] .= $menu . '</ul>'; $html = join('', $parts); } // } $html = str_replace('{{N}}', "\n", $html); $html = str_replace('{{R}}', "\r", $html); return $html; }