$_CONF['advanced_editor'] = false; } } $display = ''; if ($mode == $LANG_ADMIN['delete'] && !empty($LANG_ADMIN['delete'])) { $sid = COM_applyFilter($_POST['sid']); $type = ''; if (isset($_POST['type'])) { $type = COM_applyFilter($_POST['type']); } if (!isset($sid) || empty($sid)) { COM_errorLog('Attempted to delete story sid=' . $sid); echo COM_refresh($_CONF['site_admin_url'] . '/story.php'); } else { if ($type == 'submission') { if (TOPIC_hasMultiTopicAccess('article', $sid) < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } else { if (SEC_checkToken()) { // Delete Topic Assignments for this submission TOPIC_deleteTopicAssignments('article', $sid); DB_delete($_TABLES['storysubmission'], 'sid', $sid, $_CONF['site_admin_url'] . '/moderation.php'); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } } } else { if (SEC_checkToken()) { echo STORY_deleteStory($sid);
/** * Check if the current user is allowed to delete trackback comments. * * @param string $sid ID of the parent object of the comment * @param string $type type of the parent object ('article' = story, etc.) * @return boolean true = user can delete the comment, false = nope * */ function TRB_allowDelete($sid, $type) { global $_TABLES; $allowed = false; if ($type == 'article') { $sid = DB_escapeString($sid); $sql = "SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'" . COM_getPermSql('AND', 0, 3); $result = DB_query($sql); $A = DB_fetchArray($result); if (SEC_hasRights('story.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && TOPIC_hasMultiTopicAccess('article', $sid) == 3) { $allowed = true; } else { $allowed = false; } } else { $allowed = PLG_handlePingComment($type, $sid, 'delete'); } return $allowed; }
/** * Delete an existing story * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_delete_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER; if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } if ($args['gl_svc']) { $args['sid'] = COM_applyBasicFilter($args['sid']); } $sid = $args['sid']; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); $access = min($access, TOPIC_hasMultiTopicAccess('article', $sid)); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete story {$sid}."); $output = COM_refresh($_CONF['site_admin_url'] . '/story.php'); if ($_USER['uid'] > 1) { return PLG_RET_PERMISSION_DENIED; } else { return PLG_RET_AUTH_FAILED; } } STORY_doDeleteThisStoryNow($sid); $output = COM_refresh($_CONF['site_admin_url'] . '/story.php?msg=10'); return PLG_RET_OK; }
/** * used for the list of stories in admin/story.php * * @param string $fieldName * @param string $fieldValue * @param array $A * @param array $icon_arr * @return string */ function ADMIN_getListField_stories($fieldName, $fieldValue, $A, $icon_arr) { global $_CONF, $_TABLES, $LANG24, $LANG_ACCESS, $_IMAGE_TYPE; static $topics; if (!isset($topics)) { $topics = array(); } $retval = ''; switch ($fieldName) { case 'unixdate': $currentTime = COM_getUserDateTimeFormat($A['unixdate']); $retval = strftime($_CONF['daytime'], $currentTime[1]); break; case 'title': $A['title'] = str_replace('$', '$', $A['title']); $article_url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']); $attr = array(); if (!empty($A['page_title'])) { $attr['title'] = htmlspecialchars($A['page_title']); } $retval = COM_createLink(stripslashes($A['title']), $article_url, $attr); break; case 'draft_flag': if ($A['draft_flag'] == 1) { $retval = $LANG24[35]; } else { $retval = $LANG24[36]; } break; case 'access': case 'copy': case 'edit': case 'edit_adv': $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access == 3) { if (TOPIC_hasMultiTopicAccess('article', $A['sid']) == 3) { $access = $LANG_ACCESS['edit']; } else { $access = $LANG_ACCESS['readonly']; } } else { $access = $LANG_ACCESS['readonly']; } if ($fieldName === 'access') { $retval = $access; } elseif ($access === $LANG_ACCESS['edit']) { if ($fieldName == 'edit_adv') { $editMode = 'adv'; } elseif ($fieldName === 'edit') { $editMode = 'std'; } if ($fieldName === 'copy') { $copyUrl = $_CONF['site_admin_url'] . '/story.php?mode=clone&sid=' . $A['sid']; $retval = COM_createLink($icon_arr['copy'], $copyUrl); } else { $editUrl = $_CONF['site_admin_url'] . '/story.php?mode=edit&editor=' . $editMode . '&sid=' . $A['sid']; $retval = COM_createLink($icon_arr['edit'], $editUrl); } } break; case 'featured': if ($A['featured'] == 1) { $retval = $LANG24[35]; } else { $retval = $LANG24[36]; } break; case 'ping': // Allow ping if all topics allow anonymous access that story belongs too $topic_anon = 0; $tids = TOPIC_getTopicIdsForObject('article', $A['sid']); foreach ($tids as $tid) { $current_access = DB_getItem($_TABLES['topics'], 'perm_anon', "tid = '" . DB_escapeString($tid) . "'"); if ($topic_anon < $current_access) { $topic_anon = $current_access; } } if ($A['draft_flag'] == 0 && $A['unixdate'] < time() && $A['perm_anon'] != 0 && $topic_anon != 0) { $pingico = '<img src="' . $_CONF['layout_url'] . '/images/sendping.' . $_IMAGE_TYPE . '" alt="' . $LANG24[21] . '" title="' . $LANG24[21] . '"' . XHTML . '>'; $url = $_CONF['site_admin_url'] . '/trackback.php?mode=sendall&id=' . $A['sid']; $retval = COM_createLink($pingico, $url); } else { $retval = ''; } break; case 'tid': $retval = TOPIC_getTopicAdminColumn('article', $A['sid']); break; case 'username': case 'fullname': $retval = COM_getDisplayName($A['uid'], $A['username'], $A['fullname']); break; default: $retval = $fieldValue; break; } return $retval; }
/** * Delete a block * * @param string $bid id of block to delete * @return string HTML redirect or error message * */ function deleteBlock($bid) { global $_CONF, $_TABLES, $_USER; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}."); return COM_refresh($_CONF['site_admin_url'] . '/block.php'); } TOPIC_deleteTopicAssignments('block', $bid); DB_delete($_TABLES['blocks'], 'bid', $bid); $cacheInstance = 'block__' . $bid . '__'; // remove any of this blocks instances if exists CACHE_remove_instance($cacheInstance); return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12'); }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied'])); return PLG_RET_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_format', 'postmode'); $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 3) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (!TOPIC_checkTopicSelectionControl()) { $svc_msg['error_desc'] = 'No topic selected.'; return PLG_RET_ERROR; } if (!TOPIC_hasMultiTopicAccess('topic') < 3) { $svc_msg['error_desc'] = 'Do not have access to one or more of selected topics.'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') { $args['draft_flag'] = 'on'; } if (empty($args['cache_time'])) { $args['cache_time'] = $_SP_CONF['default_cache_time']; } if (empty($args['template_flag'])) { $args['template_flag'] = ''; } if (empty($args['template_id'])) { $args['template_id'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_title = $args['sp_title']; $sp_page_title = $args['sp_page_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } else { // If empty but menu on then use title as default if ($sp_onmenu == 'on') { $sp_label = $sp_title; } } $meta_description = $args['meta_description']; $meta_keywords = $args['meta_keywords']; $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $draft_flag = $args['draft_flag']; $cache_time = $args['cache_time']; $template_flag = $args['template_flag']; $template_id = $args['template_id']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor'])); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content) && TOPIC_checkTopicSelectionControl() && TOPIC_hasMultiTopicAccess('topic') == 3) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } if ($draft_flag == 'on') { $draft_flag = 1; } else { $draft_flag = 0; } if ($template_flag == 'on') { $template_flag = 1; } else { $template_flag = 0; } // Remove any autotags the user doesn't have permission to use $sp_content = PLG_replaceTags($sp_content, '', true); // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_page_title = strip_tags($sp_page_title); $sp_label = strip_tags($sp_label); $meta_description = strip_tags($meta_description); $meta_keywords = strip_tags($meta_keywords); $sp_content = DB_escapeString($sp_content); $sp_title = DB_escapeString($sp_title); $sp_page_title = DB_escapeString($sp_page_title); $sp_label = DB_escapeString($sp_label); $meta_description = DB_escapeString($meta_description); $meta_keywords = DB_escapeString($meta_keywords); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // If PHP page then no cache if ($sp_php == 0) { if ($cache_time < -1) { $cache_time = $_SP_CONF['default_cache_time']; } } else { $cache_time = $_SP_CONF['default_cache_time']; } // If marked as a template then set id to nothing and other default settings if ($template_flag == 1) { $template_id = ''; $sp_onmenu = 0; $sp_label = ""; $sp_centerblock = 0; $sp_php = 0; $cache_time = 0; $sp_inblock = 0; $sp_nf = 0; $sp_hits = 0; $meta_description = ""; $meta_keywords = ""; } else { // See if it was a template before, if so and option changed, remove use from other pages if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } if ($template_id != '') { // If using a template, make sure php disabled $sp_php = 0; // Double check template id exists and is still a template $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) { $template_id = ''; } } } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { // Retrieve Topic data TOPIC_getDataTopicSelectionControl($topic_option, $tids, $inherit_tids, $default_tid); $sql = "UPDATE {$_TABLES['staticpage']},{$_TABLES['topic_assignments']} ta SET sp_centerblock = 0\n WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (draft_flag = 0)\n AND ta.type = 'staticpages' AND ta.id = sp_id "; if ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION) { $sql .= " AND (ta.tid = '{$topic_option}')"; } else { $sql .= " AND (ta.tid IN ('" . implode("','", $tids) . "'))"; } // if we're in a multi-language setup, we need to allow one "entire // page" centerblock for 'all' or 'none' per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION)) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND ta.tid LIKE '%\\_{$lang_id}'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Retrieve created date $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'"); if ($datecreated == '') { $datecreated = date('Y-m-d H:i:s'); } DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,cache_time,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$cache_time},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'"); TOPIC_saveTopicSelectionControl('staticpages', $sp_id); if ($delete_old_page && !empty($sp_old_id)) { // If a template and the id changed, update any staticpages that use it if ($template_flag == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } // Delete Topic Assignments for this old staticpage since we just created new ones TOPIC_deleteTopicAssignments('staticpages', $sp_old_id); DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); } if (empty($sp_old_id) || $sp_id == $sp_old_id) { if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages'); // Clear Cache $cacheInstance = 'staticpage__' . $sp_id . '__'; CACHE_remove_instance($cacheInstance); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); // Clear Cache $cacheInstance = 'staticpage__' . $A['sp_id'] . '__'; CACHE_remove_instance($cacheInstance); } } } else { DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages')); if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages', $sp_old_id); // Clear Cache $cacheInstance = 'staticpage__' . $sp_old_id . '__'; CACHE_remove_instance($cacheInstance); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); // Clear Cache $cacheInstance = 'staticpage__' . $A['sp_id'] . '__'; CACHE_remove_instance($cacheInstance); } } } $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor'])); return PLG_RET_ERROR; } }
/** * Handles comment processing * * @param string $mode Mode of comment processing * @param string $type Type of item (article, polls, etc.) * @param string $title Title of item * @param string $sid ID for item to show comments for * @param string $format 'threaded', 'nested', or 'flat' * @return string HTML formated */ function CMT_handleComment($mode = '', $type = '', $title = '', $sid = '', $format = '') { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG_ADMIN, $topic, $_PLUGINS; $commentmode = ''; if (!empty($_REQUEST[CMT_MODE])) { $commentmode = COM_applyFilter($_REQUEST[CMT_MODE]); } if (empty($mode)) { $mode = COM_applyFilter(COM_getArgument(CMT_MODE)); } if (empty($commentmode) && !empty($mode)) { $commentmode = $mode; } if (empty($sid) && !empty($_REQUEST[CMT_SID])) { $sid = COM_applyFilter($_REQUEST[CMT_SID]); } $pid = 0; if (!empty($_REQUEST[CMT_PID])) { $pid = COM_applyFilter($_REQUEST[CMT_PID], true); } if (empty($type) && !empty($_REQUEST[CMT_TYPE])) { $type = COM_applyFilter($_REQUEST[CMT_TYPE]); } if (!empty($_REQUEST['title'])) { $title = $_REQUEST['title']; // apply filters later in CMT_commentForm or CMT_saveComment } if (!empty($_REQUEST[CMT_UID])) { $uid = COM_applyFilter($_REQUEST[CMT_UID]); } else { $uid = 1; if (!empty($_USER['uid'])) { $uid = $_USER['uid']; } } $postmode = $_CONF['postmode']; if (isset($_REQUEST['postmode'])) { $postmode = COM_applyFilter($_REQUEST['postmode']); } $formtype = ''; if (!empty($_REQUEST['formtype'])) { $formtype = COM_applyFilter($_REQUEST['formtype']); } // Get comment id, may not be there...will handle in function $cid = 0; if (isset($_REQUEST[CMT_CID])) { $cid = COM_applyFilter($_REQUEST[CMT_CID], true); } TOPIC_getTopic('comment', $cid); if (empty($format) && isset($_REQUEST['format'])) { $format = COM_applyFilter($_REQUEST['format']); } if (!in_array($format, array('threaded', 'nested', 'flat', 'nocomment'))) { if (COM_isAnonUser()) { $format = $_CONF['comment_mode']; } else { $format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}"); } } $order = ''; if (isset($_REQUEST['order'])) { $order = COM_applyFilter($_REQUEST['order']); } $cpage = 1; if (!empty($_REQUEST['cpage'])) { $cpage = COM_applyFilter($_REQUEST['cpage'], true); if (empty($cpage)) { $cpage = 1; } } $is_comment_page = CMT_isCommentPage(); $retval = ''; if ($_CONF['show_comments_at_replying'] && $is_comment_page && !empty($sid) && !empty($type) && in_array($commentmode, array('', $LANG03[28], $LANG03[34], $LANG03[14], 'edit'))) { if ($commentmode == 'edit') { $cid = 0; if (isset($_REQUEST[CMT_CID])) { $cid = COM_applyFilter($_REQUEST[CMT_CID], true); } if ($cid <= 0) { COM_errorLog("CMT_handleComment(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } $pid = $cid; } if ($pid > 0 && empty($title)) { $atype = DB_escapeString($type); $title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')"); } if (empty($title)) { $title = PLG_getItemInfo($type, $sid, 'title'); $title = str_replace('$', '$', $title); // CMT_userComments expects non-htmlspecial chars for title... $title = str_replace('&', '&', $title); $title = str_replace('"', '"', $title); $title = str_replace('<', '<', $title); $title = str_replace('>', '>', $title); } $retval .= CMT_userComments($sid, $title, $type, $order, $format, $pid, $cpage, $pid > 0, false, 0); } switch ($commentmode) { case $LANG03[28]: // Preview Changes (for edit) // Preview Changes (for edit) case $LANG03[34]: // Preview Submission changes (for edit) // Preview Submission changes (for edit) case $LANG03[14]: // Preview $retval .= CMT_commentForm($title, $_POST['comment'], $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage); if ($is_comment_page) { $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[14])); } break; case $LANG03[35]: // Submit Changes to Moderation table // Submit Changes to Moderation table case $LANG03[29]: // Submit Changes if (SEC_checkToken()) { $retval .= CMT_handleEditSubmit($commentmode); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } break; case $LANG03[11]: // Submit comment $retval .= CMT_handleSubmit($title, $sid, $pid, $type, $postmode, $uid); break; case $LANG_ADMIN['delete']: case 'delete': // Delete comment if (SEC_checkToken()) { $retval .= CMT_handleDelete($sid, $type, $formtype); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } break; case 'view': // View comment by $cid $retval .= CMT_handleView($format, $order, $cpage, true); break; case 'display': // View comment by $pid $retval .= CMT_handleView($format, $order, $cpage, false); break; case 'report': if ($is_comment_page) { $cid = 0; if (isset($_GET[CMT_CID])) { $cid = COM_applyFilter($_GET[CMT_CID], true); } $type = ''; if (isset($_GET[CMT_TYPE])) { $type = COM_applyFilter($_GET[CMT_TYPE]); } if ($cid <= 0 || empty($type)) { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } $retval .= CMT_reportAbusiveComment($cid, $type); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27])); } break; case 'sendreport': if (SEC_checkToken()) { $cid = 0; if (isset($_POST[CMT_CID])) { $cid = COM_applyFilter($_POST[CMT_CID], true); } $type = ''; if (isset($_POST[CMT_TYPE])) { $type = COM_applyFilter($_POST[CMT_TYPE]); } if ($cid <= 0 || empty($type)) { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } $retval .= CMT_sendReport($cid, $type); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } break; case 'editsubmission': if (!SEC_hasRights('comment.moderate')) { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } // deliberate fall-through // deliberate fall-through case 'edit': $retval .= CMT_handleEdit($commentmode, $postmode, $format, $order, $cpage); if ($is_comment_page) { $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1])); } break; case 'unsubscribe': $cid = 0; $key = COM_applyFilter($_GET['key']); if (!empty($key)) { $key = DB_escapeString($key); $cid = DB_getItem($_TABLES['commentnotifications'], 'cid', "deletehash = '{$key}'"); if (!empty($cid)) { $redirecturl = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . '&format=nested&msg=16'; DB_delete($_TABLES['commentnotifications'], 'deletehash', $key, $redirecturl); exit; } } echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; break; case $LANG_ADMIN['cancel']: if ($formtype == 'editsubmission') { echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); exit; } else { $retval .= CMT_handleCancel(); // moved to function for readibility } break; default: // New Comment or Reply Comment $abort = false; // Check to make sure comment type exists if ($type != 'article' && !in_array($type, $_PLUGINS)) { $abort = true; } // Check article permissions if (!$abort && $type == 'article' && !empty($sid)) { $dbTitle = DB_getItem($_TABLES['stories'], 'title', "(sid = '{$sid}') AND (draft_flag = 0) AND (date <= NOW()) AND (commentcode = 0)" . COM_getPermSQL('AND')); // if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid) < 2) { // Make sure have at least read access to topics to post comment if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid, $topic) < 2) { // Make sure have at least read access to current topic of article to post comment // no permissions, or no story of that title $abort = true; } } if (!$abort && !empty($sid) && !empty($type)) { if ($pid > 0 && empty($title)) { $atype = DB_escapeString($type); $title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')"); } if (empty($title)) { $title = PLG_getItemInfo($type, $sid, 'title'); // Check title, if for some reason blank assume no access allowed to plugin item (therefore cannot add comment) so return to homepage if (is_array($title) || empty($title) || $title == false) { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } $title = str_replace('$', '$', $title); // CMT_commentForm expects non-htmlspecial chars for title... $title = str_replace('&', '&', $title); $title = str_replace('"', '"', $title); $title = str_replace('<', '<', $title); $title = str_replace('>', '>', $title); } $retval .= CMT_commentForm($title, '', $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage); } else { if (COMMENT_ON_SAME_PAGE) { // Do nothing and do not show comment form (happens most likely when admin viewing draft article) } else { // For comments not displayed on same page (probably owner pushed the post comment button on a draft article) echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } } if ($is_comment_page) { $noindex = '<meta name="robots" content="noindex"' . XHTML . '>'; $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1], 'headercode' => $noindex)); } break; } return $retval; }
/** * Saves a story submission. * * @return integer result code explaining behaviour. */ public function saveSubmission() { global $_USER, $_CONF, $_TABLES; $this->_sid = COM_makeSid(); if (COM_isAnonUser()) { $this->_uid = 1; } else { $this->_uid = $_USER['uid']; } // Remove any autotags the user doesn't have permission to use $introText = PLG_replaceTags($this->_introtext, '', true); $bodyText = PLG_replaceTags($this->_bodytext, '', true); if (!TOPIC_hasMultiTopicAccess('topic')) { // user doesn't have access to one or more topics - bail return STORY_NO_ACCESS_TOPIC; } if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) { $sid = DB_escapeString($this->_sid); $title = DB_escapeString($this->_title); $introText = DB_escapeString($introText); $bodyText = DB_escapeString($bodyText); $postMode = DB_escapeString($this->_postmode); DB_save($_TABLES['storysubmission'], 'sid,uid,title,introtext,bodytext,date,postmode,text_version', "{$sid},{$this->_uid},'{$title}'," . "'{$introText}','{$bodyText}',NOW(),'{$postMode}','{$this->_text_version}'"); // Save Topics selected TOPIC_saveTopicSelectionControl('article', $sid); return STORY_SAVED_SUBMISSION; } else { // post this story directly. First establish the necessary missing data. $this->sanitizeData(); if (!isset($_CONF['show_topic_icon'])) { $_CONF['show_topic_icon'] = 1; } /* if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) { // A bug using undefined variable $tmptid $this->_frontpage = 0; } elseif (isset($_CONF['frontpage'])) { $this->_frontpage = $_CONF['frontpage']; } else { $this->_frontpage = 1; } $this->_oldsid = $this->_sid; // dead code */ $this->_date = mktime(); $this->_featured = 0; $this->_commentcode = $_CONF['comment_code']; $this->_trackbackcode = $_CONF['trackback_code']; $this->_statuscode = 0; $this->_show_topic_icon = $_CONF['show_topic_icon']; $this->_cache_time = $_CONF['default_cache_time_article']; if (COM_isAnonUser()) { $this->_owner_id = 1; } else { $this->_owner_id = $_USER['uid']; } /* $this->_group_id = $T['group_id']; $this->_perm_owner = $T['perm_owner']; $this->_perm_group = $T['perm_group']; $this->_perm_members = $T['perm_members']; $this->_perm_anon = $T['perm_anon']; */ // Save Topics selected TOPIC_saveTopicSelectionControl('article', $this->_sid); $sql = "SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag " . "FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta " . "WHERE ta.type = 'article' AND ta.id = '{$this->_sid}' " . "AND ta.tdefault = 1 AND ta.tid = t.tid"; $result = DB_query($sql); $A = DB_fetchArray($result); if ($A['archive_flag'] == 1) { $this->_frontpage = 0; } elseif (isset($_CONF['frontpage'])) { $this->_frontpage = $_CONF['frontpage']; } else { $this->_frontpage = 1; } $this->_group_id = $A['group_id']; $this->_perm_owner = $A['perm_owner']; $this->_perm_group = $A['perm_group']; $this->_perm_members = $A['perm_members']; $this->_perm_anon = $A['perm_anon']; $this->saveToDatabase(); PLG_itemSaved($this->_sid, 'article'); COM_rdfUpToDateCheck('article'); COM_rdfUpToDateCheck('comment'); STORY_updateLastArticlePublished(); return STORY_SAVED; } }