public function render($matches)
{
$text = '';
$mode = $matches[0];
if ($mode == 'menu') {
$variant = 'menu_1';
} elseif ($mode = 'submenu') {
$variant = 'menu_2';
} else {
$variant = $mode;
}
$url = isset($matches[2]) ? encode_link($matches[2]) : encode_link($matches[1]);
$label = isset($matches[2]) ? Codes::fix_tags($matches[1]) : $matches[1];
$text = Skin::build_link($url, $label, $variant);
return $text;
}
include_once 'notifications.php';
// ensure browser always look for fresh data
http::expire(0);
// surfer has to be logged --provide a short response
if (!Surfer::get_id()) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
die(i18n::s('You are not allowed to perform this operation.'));
// a new notification has been submitted
} elseif (isset($_REQUEST['recipient']) && isset($_REQUEST['type'])) {
// record the notification
$fields = array();
$fields['nick_name'] = Surfer::get_name();
$fields['recipient'] = $_REQUEST['recipient'];
$fields['type'] = $_REQUEST['type'];
if (isset($_REQUEST['address'])) {
$fields['address'] = encode_link($_REQUEST['address']);
}
if (isset($_REQUEST['message'])) {
$fields['message'] = strip_tags($_REQUEST['message']);
}
// vaidate notification attributes
switch ($fields['type']) {
case 'browse':
if (!isset($_REQUEST['address'])) {
Safe::header('Status: 400 Bad Request', TRUE, 400);
die(i18n::s('Request is invalid.'));
}
break;
case 'hello':
if (!isset($_REQUEST['message'])) {
Safe::header('Status: 400 Bad Request', TRUE, 400);
// stop crawlers
if (Surfer::is_crawler()) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// an anchor is mandatory
} elseif (!is_object($anchor)) {
Safe::header('Status: 404 Not Found', TRUE, 404);
Logger::error(i18n::s('No anchor has been found.'));
// post a new query
} elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
// protect from hackers
if (isset($_REQUEST['edit_name'])) {
$_REQUEST['edit_name'] = preg_replace(FORBIDDEN_IN_NAMES, '_', $_REQUEST['edit_name']);
}
if (isset($_REQUEST['edit_address'])) {
$_REQUEST['edit_address'] = encode_link($_REQUEST['edit_address']);
}
// track anonymous surfers
Surfer::track($_REQUEST);
// this is the exact copy of what end users has typed
$item = $_REQUEST;
// from form fields to record columns
if (!isset($_REQUEST['edit_id'])) {
$_REQUEST['edit_id'] = Surfer::get_id();
}
$_REQUEST['create_address'] = $_REQUEST['edit_address'];
$_REQUEST['create_name'] = $_REQUEST['edit_name'];
if (!$_REQUEST['create_name']) {
$_REQUEST['create_name'] = $_REQUEST['create_address'];
}
if (!$_REQUEST['create_name']) {
/**
* generates encoded link with html <a> tag
*
* @param string $text link text
* @param string $url
* @param array $params
* @param string $options
* @return string
*/
function html_encode_link($text, $url, $params, $options = "")
{
$url = encode_link($url, $params);
return sprintf('<a href="%s" title="%s">%s</a>', $url, $url, $text);
}
</div>
</div>
<div class="container">
<?php
if ($errorMessage != '') {
echo "<p>{$errorMessage}";
}
# Not sure if id < 1 is an accurate error flag — the create function
# doesn't say what happens if the write fails.
if ($newIssueId < 1) {
print "\nSomething went wrong -- your request could not be submitted.";
} else {
# Create a hashed link ID from the new issue number and the requestor's
# email address (this can be de-hashed to retrieve the original values)
$hashids = new Hashids\Hashids($cul_ini_array['hashid_salt']);
$hash_array = encode_link($newIssueId, $_POST['submitter_email']);
$link_id = $hashids->encode($hash_array);
echo "<p>You have created request #{$newIssueId}: {$issueTitle}</p>";
?>
<br><br><p>Thank you for submitting your request using the online Library Space Request Form.</p>
<p>It is your responsibility to check the status of your event by going to the following address and checking the list of approvers, their approval, and their comments about your event. If the approver requires more information about your event, please contact him/her immediately.</p>
<p>Use the following link to access your request:
<?php
echo '<strong><a href="' . url_for_client($link_id) . '">' . url_for_client($link_id) . '</a></strong>';
echo '<p>A confirmation email with this information will be sent to you shortly.</p>';
echo '</div>';
send_email($issueTitle, $_POST['submitter_email'], $newIssueId, $link_id);
}
function title($label)
{
public function render($matches)
{
$text = '';
$mode = $matches[0];
// detect horiz ruler
if (preg_match('/(---|___)/', $mode)) {
$mode = 'hrule';
}
switch ($mode) {
case 'image':
case 'img':
if (count($matches) === 3) {
$alt = $matches[1];
$src = $matches[2];
} else {
$alt = 'image';
$src = $matches[1];
}
$text = '<div class="external_image"><img src="' . encode_link($src) . '" alt="' . encode_link($alt) . '" /></div>' . "\n";
break;
case 'decorated':
$text = Skin::build_block(Codes::fix_tags($matches[1]), 'decorated');
break;
case 'style':
$text = Skin::build_block(Codes::fix_tags($matches[2]), $matches[1]);
break;
case 'abbr':
$text = '<abbr title="' . $matches[1] . '">' . $matches[2] . '</abbr>';
break;
case 'color':
$text = '<span style="color:' . $matches[1] . '">' . $matches[2] . '</span>';
break;
case 'tiny':
case 'small':
case 'big':
case 'huge':
$text = Skin::build_block(Codes::fix_tags($matches[1]), $mode);
break;
case 'sub':
case 'sup':
case 'ins':
case 'del':
case 'li':
$text = '<' . $mode . '>' . $matches[1] . '</' . $mode . '>';
break;
case 'hrule':
$text = HORIZONTAL_RULER;
break;
case '--':
$text = '<del>' . $matches[1] . '</del>';
break;
case '++':
$text = '<ins>' . $matches[1] . '</ins>';
break;
case '**':
case 'b':
$text = '<strong>' . $matches[1] . '</strong>';
break;
case '//':
case 'i':
$text = '<em>' . $matches[1] . '</em>';
break;
case '__':
case 'u':
$text = '<span style="text-decoration:underline;">' . $matches[1] . '</span>';
break;
case 'list':
if (count($matches) === 3) {
$variant = $matches[1];
$content = $matches[2];
} else {
$variant = '';
$content = $matches[1];
}
$text = self::render_list(Codes::fix_tags($content), $variant);
break;
case '*':
$text = BR . BULLET_IMG . ' ';
break;
default:
break;
}
return $text;
}
/**
* post a new server or an updated server
*
* @see servers/edit.php
* @see servers/populate.php
*
* @param array an array of fields
* @return string either a null string, or some text describing an error to be inserted into the html response
**/
public static function post(&$fields)
{
global $context;
// no title
if (!$fields['title']) {
return i18n::s('No title has been provided.');
}
// clear the cache for servers
Cache::clear('servers');
if (isset($fields['id'])) {
Cache::clear('server:' . $fields['id']);
}
// protect from hackers
if (isset($fields['main_url'])) {
$fields['main_url'] = encode_link($fields['main_url']);
}
if (isset($fields['feed_url'])) {
$fields['feed_url'] = encode_link($fields['feed_url']);
}
if (isset($fields['ping_url'])) {
$fields['ping_url'] = encode_link($fields['ping_url']);
}
if (isset($fields['search_url'])) {
$fields['search_url'] = encode_link($fields['search_url']);
}
if (isset($fields['monitor_url'])) {
$fields['monitor_url'] = encode_link($fields['monitor_url']);
}
// make a host name
if (!isset($fields['host_name'])) {
$fields['host_name'] = '';
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['main_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['feed_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['ping_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['monitor_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['search_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
// set default values
if (!isset($fields['active']) || !$fields['active']) {
$fields['active'] = 'Y';
}
if (!isset($fields['process_ping']) || $fields['process_ping'] != 'Y') {
$fields['process_ping'] = 'N';
}
if (!isset($fields['process_monitor']) || $fields['process_monitor'] != 'Y') {
$fields['process_monitor'] = 'N';
}
if (!isset($fields['process_search']) || $fields['process_search'] != 'Y') {
$fields['process_search'] = 'N';
}
// set default values for this editor
Surfer::check_default_editor($fields);
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
return i18n::s('No item has the provided id.');
}
// update the existing record
$query = "UPDATE " . SQL::table_name('servers') . " SET " . "title='" . SQL::escape($fields['title']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "main_url='" . SQL::escape($fields['main_url']) . "', " . "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : '') . "', " . "submit_feed='" . SQL::escape($fields['submit_feed'] == 'Y' ? 'Y' : 'N') . "', " . "feed_url='" . SQL::escape($fields['feed_url']) . "', " . "submit_ping='" . SQL::escape($fields['submit_ping'] == 'Y' ? 'Y' : 'N') . "', " . "ping_url='" . SQL::escape($fields['ping_url']) . "', " . "process_ping='" . SQL::escape($fields['process_ping'] == 'Y' ? 'Y' : 'N') . "', " . "submit_monitor='" . SQL::escape($fields['submit_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "monitor_url='" . SQL::escape($fields['monitor_url']) . "', " . "process_monitor='" . SQL::escape($fields['process_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "submit_search='" . SQL::escape($fields['submit_search'] == 'Y' ? 'Y' : 'N') . "', " . "search_url='" . SQL::escape($fields['search_url']) . "', " . "process_search='" . SQL::escape($fields['process_search'] == 'Y' ? 'Y' : 'N') . "'," . "host_name='" . SQL::escape($fields['host_name']) . "'," . "active='" . SQL::escape($fields['active']) . "'";
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
if (SQL::query($query) === FALSE) {
return $query . BR . SQL::error();
}
// insert a new record
} else {
// always remember the date
$query = "INSERT INTO " . SQL::table_name('servers') . " SET ";
if (isset($fields['id']) && $fields['id']) {
$query .= "id='" . SQL::escape($fields['id']) . "',";
}
$query .= "title='" . SQL::escape($fields['title']) . "', " . "host_name='" . SQL::escape($fields['host_name']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "main_url='" . SQL::escape($fields['main_url']) . "', " . "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : 'category:1') . "', " . "submit_feed='" . SQL::escape($fields['submit_feed'] == 'Y' ? 'Y' : 'N') . "', " . "feed_url='" . SQL::escape($fields['feed_url']) . "', " . "submit_ping='" . SQL::escape($fields['submit_ping'] == 'Y' ? 'Y' : 'N') . "', " . "ping_url='" . SQL::escape($fields['ping_url']) . "', " . "process_ping='" . SQL::escape($fields['process_ping'] == 'Y' ? 'Y' : 'N') . "', " . "submit_monitor='" . SQL::escape($fields['submit_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "monitor_url='" . SQL::escape($fields['monitor_url']) . "', " . "process_monitor='" . SQL::escape($fields['process_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "submit_search='" . SQL::escape($fields['submit_search'] == 'Y' ? 'Y' : 'N') . "', " . "search_url='" . SQL::escape($fields['search_url']) . "', " . "process_search='" . SQL::escape($fields['process_search'] == 'Y' ? 'Y' : 'N') . "', " . "active='" . SQL::escape($fields['active']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
if (SQL::query($query) === FALSE) {
return $query . BR . SQL::error();
}
}
// end of job
return NULL;
}
/**
* change only some (minor) attributes
*/
public static function put_attributes(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// following fields are forbidden with this function
if (isset($fields['password']) || isset($fields['nickname']) || isset($field['editor'])) {
Logger::error(i18n::s('This action is forbidden with users::put_attributes function.'));
return FALSE;
}
// remember who is changing this record
Surfer::check_default_editor($fields);
// query components
$query = array();
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// protect from hackers
if (isset($fields['avatar_url'])) {
$fields['avatar_url'] = encode_link($fields['avatar_url']);
}
// build SET part of the query
foreach ($fields as $key => $field) {
if ($key == 'id') {
continue;
}
$query[] = $key . "='" . SQL::escape($field) . "'";
}
// nothing to update
if (!count($query)) {
return TRUE;
}
// actual update query
$query = "UPDATE " . SQL::table_name('users') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
if (!SQL::query($query)) {
return FALSE;
}
// list the user in categories
if (isset($fields['tags']) && $fields['tags']) {
Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']);
}
// clear the cache
Articles::clear($fields);
// end of job
return TRUE;
}
// the front page
$text .= ' <url>' . "\n" . ' <loc>' . $context['url_to_home'] . $context['url_to_root'] . '</loc>' . "\n" . ' <changefreq>weekly</changefreq>' . "\n" . ' <priority>1.0</priority>' . "\n" . ' </url>' . "\n\n";
// the site map
$text .= ' <url>' . "\n" . ' <loc>' . $context['url_to_home'] . $context['url_to_root'] . 'sections/</loc>' . "\n" . ' <changefreq>weekly</changefreq>' . "\n" . ' <priority>1.0</priority>' . "\n" . ' </url>' . "\n\n";
// main sections
if ($items = Sections::list_by_title_for_anchor(NULL, 0, 25, 'raw')) {
foreach ($items as $id => $item) {
$text .= ' <url>' . "\n" . ' <loc>' . encode_link(Sections::get_permalink($item)) . '</loc>' . "\n" . ' <changefreq>weekly</changefreq>' . "\n" . ' </url>' . "\n\n";
}
}
// the categories tree
$text .= ' <url>' . "\n" . ' <loc>' . $context['url_to_home'] . $context['url_to_root'] . 'categories/</loc>' . "\n" . ' <changefreq>weekly</changefreq>' . "\n" . ' <priority>0.7</priority>' . "\n" . ' </url>' . "\n\n";
// main categories
if ($items = Categories::list_by_date(0, 25, 'raw')) {
foreach ($items as $id => $item) {
$text .= ' <url>' . "\n" . ' <loc>' . encode_link(Categories::get_permalink($item)) . '</loc>' . "\n" . ' <changefreq>weekly</changefreq>' . "\n" . ' </url>' . "\n\n";
}
}
// members
$text .= ' <url>' . "\n" . ' <loc>' . $context['url_to_home'] . $context['url_to_root'] . 'users/</loc>' . "\n" . ' <changefreq>weekly</changefreq>' . "\n" . ' <priority>0.7</priority>' . "\n" . ' </url>' . "\n\n";
// the OPML feed
$text .= ' <url>' . "\n" . ' <loc>' . $context['url_to_home'] . $context['url_to_root'] . 'feeds/describe.php</loc>' . "\n" . ' <changefreq>weekly</changefreq>' . "\n" . ' </url>' . "\n\n";
// the postamble
$text .= '</urlset>' . "\n";
// put in cache
Safe::file_put_contents($cache_id, $text);
}
//
// transfer to the user agent
//
// handle the output correctly
/**
* post a new article
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new article, or FALSE on error
*
* @see articles/edit.php
**/
public static function post(&$fields)
{
global $context;
// title cannot be empty
if (!isset($fields['title']) || !$fields['title']) {
Logger::error(i18n::s('No title has been provided.'));
return FALSE;
}
// sanity filter
$fields['title'] = strip_tags($fields['title'], '<br>');
// anchor cannot be empty
if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
if (!isset($fields['publish_date']) || $fields['publish_date'] <= NULL_DATE) {
$fields['publish_date'] = NULL_DATE;
}
// set conservative default values
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
if (isset($fields['edit_action']) && $fields['edit_action']) {
$fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
}
if (!isset($fields['rank'])) {
$fields['rank'] = 10000;
}
if (!isset($fields['nick_name'])) {
$fields['nick_name'] = '';
}
// set canvas default value
if (!isset($fields['canvas']) || !$fields['canvas']) {
$fields['canvas'] = 'standard';
}
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// cascade anchor access rights
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
// fields to update
$query = array();
// on import
if (isset($fields['id'])) {
$query[] = "id=" . SQL::escape($fields['id']);
}
// fields that are visible only to associates -- see articles/edit.php
if (Surfer::is_associate()) {
$query[] = "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'";
$query[] = "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'";
$query[] = "canvas='" . SQL::escape(isset($fields['canvas']) ? $fields['canvas'] : '') . "'";
}
$query[] = "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'";
$query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
$query[] = "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'";
$query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
$query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
$query[] = "rank='" . SQL::escape($fields['rank']) . "'";
$query[] = "meta='" . SQL::escape(isset($fields['meta']) ? $fields['meta'] : '') . "'";
$query[] = "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'";
$query[] = "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'";
// controlled fields
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
// fields visible to authorized member
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
$query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)";
$query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
$query[] = "title='" . SQL::escape($fields['title']) . "'";
$query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
$query[] = "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'";
$query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
$query[] = "file_overlay='" . SQL::escape(isset($fields['file_overlay']) ? $fields['file_overlay'] : '') . "'";
$query[] = "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : '') . "'";
$query[] = "locked='" . SQL::escape(isset($fields['locked']) ? $fields['locked'] : 'N') . "'";
$query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
$query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
$query[] = "owner_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']);
$query[] = "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'";
$query[] = "hits=0";
$query[] = "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'";
$query[] = "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : (isset($fields['edit_id']) ? $fields['edit_id'] : '0'));
$query[] = "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'";
$query[] = "create_date='" . SQL::escape($fields['create_date']) . "'";
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape(isset($fields['edit_id']) ? $fields['edit_id'] : '0');
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'article:submit') . "'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
// reset user assignment, if any
$query[] = "assign_name=''";
$query[] = "assign_id=0";
$query[] = "assign_address=''";
$query[] = "assign_date='" . SQL::escape(NULL_DATE) . "'";
// set or change the publication date
if (isset($fields['publish_date']) && $fields['publish_date'] > NULL_DATE) {
$query[] = "publish_name='" . SQL::escape(isset($fields['publish_name']) ? $fields['publish_name'] : $fields['edit_name']) . "'";
if (isset($fields['publish_id']) || isset($fields['edit_id'])) {
$query[] = "publish_id=" . SQL::escape(isset($fields['publish_id']) ? $fields['publish_id'] : $fields['edit_id']);
}
$query[] = "publish_address='" . SQL::escape(isset($fields['publish_address']) ? $fields['publish_address'] : $fields['edit_address']) . "'";
$query[] = "publish_date='" . SQL::escape($fields['publish_date']) . "'";
}
// always create a random handle for this article
if (!isset($fields['handle']) || strlen($fields['handle']) < 32) {
$fields['handle'] = md5(mt_rand());
}
$query[] = "handle='" . SQL::escape($fields['handle']) . "'";
$query[] = "rating_count='" . SQL::escape(isset($fields['rating_count']) ? $fields['rating_count'] : '0') . "'";
// allow anonymous surfer to access this page during his session
if (!Surfer::get_id()) {
Surfer::add_handle($fields['handle']);
}
// insert a new record
$query = "INSERT INTO " . SQL::table_name('articles') . " SET " . implode(', ', $query);
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// assign the page to related categories
Categories::remember('article:' . $fields['id'], isset($fields['publish_date']) ? $fields['publish_date'] : NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
// turn author to page editor and update author's watch list
if (isset($fields['edit_id']) && $fields['edit_id']) {
Members::assign('user:'******'edit_id'], 'article:' . $fields['id']);
Members::assign('article:' . $fields['id'], 'user:'******'edit_id']);
}
// clear the cache
Articles::clear($fields);
// return the id of the new item
return $fields['id'];
}
/**
* post a new file or an updated file
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @param string to support editors -- see files/edit.php
* @return the id of the new file, or FALSE on error
*
* @see agents/messages.php
* @see files/author.php
* @see files/edit.php
**/
public static function post(&$fields)
{
global $context;
// no anchor reference
if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// protect access from anonymous users
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
// cascade anchor access rights
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
// make the file name searchable on initial post
if (!isset($fields['id']) && !isset($fields['keywords']) && isset($fields['file_name']) && $fields['file_name'] != 'none') {
$fields['keywords'] = ' ' . str_replace(array('%20', '_', '.', '-'), ' ', $fields['file_name']);
}
// columns updated
$query = array();
// update an existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// an actual upload has taken place --change modification date and reset detach data
if (isset($fields['file_name']) && $fields['file_name'] != 'none') {
$query[] = "assign_address=''";
$query[] = "assign_date=''";
$query[] = "assign_id=''";
$query[] = "assign_name=''";
$query[] = "create_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "create_date='" . SQL::escape($fields['edit_date']) . "'";
$query[] = "create_id=" . SQL::escape($fields['edit_id']);
$query[] = "create_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='file:update'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "file_name='" . SQL::escape($fields['file_name']) . "'";
$query[] = "file_size='" . SQL::escape($fields['file_size']) . "'";
}
// fields that are visible only to people allowed to update a file
if (Surfer::is_member()) {
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
$query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
$query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
}
// regular fields
$query[] = "alternate_href='" . SQL::escape(isset($fields['alternate_href']) ? $fields['alternate_href'] : '') . "'";
$query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
if (isset($fields['description'])) {
$query[] = "description='" . SQL::escape($fields['description']) . "'";
}
$query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
$query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
$query[] = "file_href='" . SQL::escape(isset($fields['file_href']) ? $fields['file_href'] : '') . "'";
$query[] = "keywords='" . SQL::escape(isset($fields['keywords']) ? $fields['keywords'] : '') . "'";
$query[] = "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : '10000') . "'";
$query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
$query[] = "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'";
// build the full query
$query = "UPDATE " . SQL::table_name('files') . " SET " . join(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// insert a new record
} elseif (isset($fields['file_name']) && $fields['file_name'] && isset($fields['file_size']) && $fields['file_size']) {
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
$query[] = "alternate_href='" . SQL::escape(isset($fields['alternate_href']) ? $fields['alternate_href'] : '') . "'";
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
$query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
$query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)";
$query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
$query[] = "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'";
$query[] = "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']);
$query[] = "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'";
$query[] = "create_date='" . SQL::escape($fields['create_date']) . "'";
$query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='file:create'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
$query[] = "file_name='" . SQL::escape($fields['file_name']) . "'";
$query[] = "file_href='" . SQL::escape(isset($fields['file_href']) ? $fields['file_href'] : '') . "'";
$query[] = "file_size='" . SQL::escape($fields['file_size']) . "'";
$query[] = "hits=0";
$query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
$query[] = "keywords='" . SQL::escape(isset($fields['keywords']) ? $fields['keywords'] : '') . "'";
$query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
$query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
$query[] = "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : '10000') . "'";
$query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
$query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
$query[] = "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'";
// build the full query
$query = "INSERT INTO " . SQL::table_name('files') . " SET " . join(', ', $query);
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// nothing done
} else {
Logger::error(i18n::s('Nothing has been received. Ensure you are below size limits set for this server.'));
return FALSE;
}
// clear the cache for files
Files::clear($fields);
// end of job
return $fields['id'];
}
* To suppress the password of last resort you can simply use this
* configuration panel, which will rewrite the configuration file.
*
*
* @author Bernard Paques
* @author GnapZ
* @tester Jan Boen
* @tester Kedare
* @tester Timster
* @reference
* @license http://www.gnu.org/copyleft/lesser.txt GNU Lesser General Public License
*/
include_once '../shared/global.php';
// if we have changed the url to root, consider it right now
if (isset($_REQUEST['url_to_root'])) {
$context['url_to_root'] = encode_link($_REQUEST['url_to_root']);
}
// stop hackers
if (isset($_REQUEST['value'])) {
$_REQUEST['value'] = preg_replace(FORBIDDEN_IN_PATHS, '_', strip_tags($_REQUEST['value']));
}
// if we are changing the skin
if (isset($_REQUEST['parameter']) && $_REQUEST['parameter'] == 'skin' && isset($_REQUEST['value']) && Surfer::is_associate()) {
$context['skin'] = 'skins/' . basename($_REQUEST['value']);
}
// load localized strings
i18n::bind('control');
// load the skin
load_skin('control');
// if no skin has been defined yet, we are in HTML
if (!defined('BR')) {
/**
* put an updated category in the database
*
* @param array an array of fields
* @return string either a null string, or some text describing an error to be inserted into the html response
**/
public static function put(&$fields)
{
global $context;
// id cannot be empty
if (!$fields['id'] || !is_numeric($fields['id'])) {
return i18n::s('No item has the provided id.');
}
// title cannot be empty
if (!$fields['title']) {
return i18n::s('No title has been provided.');
}
// sanity filter
$fields['title'] = strip_tags($fields['title'], '<br>');
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['expiry_date']) || $fields['expiry_date'] <= NULL_DATE) {
$fields['expiry_date'] = NULL_DATE;
}
// set layout for categories
if (!isset($fields['categories_layout']) || !$fields['categories_layout']) {
$fields['categories_layout'] = 'decorated';
} elseif ($fields['categories_layout'] == 'custom') {
if (isset($fields['categories_custom_layout']) && $fields['categories_custom_layout']) {
$fields['categories_layout'] = $fields['categories_custom_layout'];
} else {
$fields['categories_layout'] = 'decorated';
}
}
// set layout for sections
if (!isset($fields['sections_layout']) || !$fields['sections_layout']) {
$fields['sections_layout'] = 'decorated';
} elseif ($fields['sections_layout'] == 'custom') {
if (isset($fields['sections_custom_layout']) && $fields['sections_custom_layout']) {
$fields['sections_layout'] = $fields['sections_custom_layout'];
} else {
$fields['sections_layout'] = 'decorated';
}
}
// set layout for articles
if (!isset($fields['articles_layout']) || !$fields['articles_layout']) {
$fields['articles_layout'] = 'decorated';
} elseif ($fields['articles_layout'] == 'custom') {
if (isset($fields['articles_custom_layout']) && $fields['articles_custom_layout']) {
$fields['articles_layout'] = $fields['articles_custom_layout'];
} else {
$fields['articles_layout'] = 'decorated';
}
}
// set layout for users
if (!isset($fields['users_layout']) || !$fields['users_layout']) {
$fields['users_layout'] = 'decorated';
} elseif ($fields['users_layout'] == 'custom') {
if (isset($fields['users_custom_layout']) && $fields['users_custom_layout']) {
$fields['users_layout'] = $fields['users_custom_layout'];
} else {
$fields['users_layout'] = 'decorated';
}
}
// set default values
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
// cascade anchor access rights
if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) {
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
} else {
$fields['active'] = $fields['active_set'];
}
// build path information
$path = '';
if (isset($fields['anchor']) && $fields['anchor']) {
$path .= Categories::build_path($fields['anchor']) . '|';
}
$path .= $fields['title'];
// update an existing record
$query = "UPDATE " . SQL::table_name('categories') . " SET ";
if ($fields['nick_name']) {
$query .= "nick_name='" . SQL::escape($fields['nick_name']) . "',";
}
$query .= "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : '') . "'," . "active='" . SQL::escape($fields['active']) . "'," . "active_set='" . SQL::escape($fields['active_set']) . "'," . "articles_layout='" . SQL::escape($fields['articles_layout']) . "'," . "background_color='" . SQL::escape(isset($fields['background_color']) ? $fields['background_color'] : '') . "'," . "categories_count='" . SQL::escape($fields['categories_count']) . "' ," . "categories_layout='" . SQL::escape($fields['categories_layout']) . "'," . "categories_overlay='" . SQL::escape(isset($fields['categories_overlay']) ? $fields['categories_overlay'] : '') . "'," . "description='" . SQL::escape($fields['description']) . "'," . "display='" . SQL::escape(isset($fields['display']) ? $fields['display'] : '') . "'," . "expiry_date='" . SQL::escape($fields['expiry_date']) . "'," . "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'," . "icon_url='" . SQL::escape($fields['icon_url']) . "'," . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'," . "keywords='" . SQL::escape($fields['keywords']) . "'," . "options='" . SQL::escape($fields['options']) . "'," . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "path='" . SQL::escape($path) . "'," . "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'," . "rank='" . SQL::escape($fields['rank']) . "'," . "sections_layout='" . SQL::escape($fields['sections_layout']) . "'," . "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'," . "thumbnail_url='" . SQL::escape($fields['thumbnail_url']) . "'," . "title='" . SQL::escape($fields['title']) . "'," . "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'," . "users_layout='" . SQL::escape($fields['users_layout']) . "'";
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ",\n" . "edit_name='" . SQL::escape($fields['edit_name']) . "',\n" . "edit_id=" . SQL::escape($fields['edit_id']) . ",\n" . "edit_address='" . SQL::escape($fields['edit_address']) . "',\n" . "edit_action='category:update',\n" . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
$query .= " WHERE id = " . SQL::escape($fields['id']);
SQL::query($query);
// clear the cache for categories
Categories::clear($fields);
// end of job
return NULL;
}
/**
* render links formatting codes
* [link]...[link]
* [link=label]...
* [label|url]
* and standalone url
*
* standalone links detection won't provide label+url so
* their url is received in $label parameter
*
* @param string $type detected of the link
* @param string $label for the link
* @param string $url for the link
* @return string the formatted link
*/
public static function render_link($type, $label, $url = '')
{
$url = $url ? encode_link($url) : encode_link($label);
$label = Codes::fix_tags($label);
$whitespace = '';
if (preg_match('/^\\s$/', $type)) {
$whitespace = $type;
$type = 'standalone';
}
switch ($type) {
case 'link':
case '[':
case 'standalone':
return $whitespace . Skin::build_link($url, $label);
break;
default:
return $whitespace . Skin::build_link($url, $label, $type);
}
}
/**
* list articles
*
* @param resource the SQL result
* @return array
*
* @see layouts/layout.php
**/
function layout($result)
{
global $context;
// we return an array of ($url => $attributes)
$items = array();
// empty list
if (!SQL::count($result)) {
return $items;
}
// process all items in the list
include_once $context['path_to_root'] . 'articles/article.php';
include_once $context['path_to_root'] . 'comments/comments.php';
include_once $context['path_to_root'] . 'locations/locations.php';
while ($item = SQL::fetch($result)) {
// get the related overlay, if any
$overlay = Overlay::load($item, 'article:' . $item['id']);
// get the anchor
$anchor = Anchors::get($item['anchor']);
// provide an absolute link
$url = Articles::get_permalink($item);
// build a title
if (is_object($overlay)) {
$title = Codes::beautify_title($overlay->get_text('title', $item));
} else {
$title = Codes::beautify_title($item['title']);
}
// time of last update
$time = SQL::strtotime($item['edit_date']);
// the section
$section = '';
if ($item['anchor'] && ($anchor = Anchors::get($item['anchor']))) {
$section = ucfirst(trim(strip_tags(Codes::beautify_title($anchor->get_title()))));
}
// the icon to use
$icon = '';
if ($item['thumbnail_url']) {
$icon = $item['thumbnail_url'];
} elseif ($item['anchor'] && ($anchor = Anchors::get($item['anchor'])) && is_callable($anchor, 'get_bullet_url')) {
$icon = $anchor->get_bullet_url();
}
if ($icon) {
$icon = $context['url_to_home'] . $context['url_to_root'] . $icon;
}
// the author(s) is an e-mail address, according to rss 2.0 spec
$author = '';
if (isset($item['create_address'])) {
$author .= $item['create_address'];
}
if (isset($item['create_name']) && trim($item['create_name'])) {
$author .= ' (' . $item['create_name'] . ')';
}
if (isset($item['edit_address']) && trim($item['edit_address']) && $item['create_address'] != $item['edit_address']) {
if ($author) {
$author .= ', ';
}
$author .= $item['edit_address'];
if (isset($item['edit_name']) && trim($item['edit_name'])) {
$author .= ' (' . $item['edit_name'] . ')';
}
}
// some introductory text for this article
$article = new Article();
$article->load_by_content($item);
$introduction = $article->get_teaser('teaser');
// warns on restricted access
if (isset($item['active']) && $item['active'] != 'Y') {
$introduction = '[' . i18n::c('Restricted to members') . '] ' . $introduction;
}
// fix references
$introduction = preg_replace('/"\\//', '"' . $context['url_to_home'] . '/', $introduction);
// the article content
$description = '';
// other rss fields
$extensions = array();
// the geolocation for this page, if any
if ($location = Locations::locate_anchor('article:' . $item['id'])) {
$extensions[] = '<georss:point>' . str_replace(',', ' ', $location) . '</georss:point>';
}
// url for comments
if (is_object($anchor)) {
$extensions[] = '<comments>' . encode_link($context['url_to_home'] . $context['url_to_root'] . $anchor->get_url('comments')) . '</comments>';
}
// count comments
$comment_count = Comments::count_for_anchor('article:' . $item['id']);
$extensions[] = '<slash:comments>' . $comment_count . "</slash:comments>";
// the comment post url
$extensions[] = '<wfw:comment>' . encode_link($context['url_to_home'] . $context['url_to_root'] . Comments::get_url('article:' . $item['id'], 'service.comment')) . "</wfw:comment>";
// the comment Rss url
$extensions[] = '<wfw:commentRss>' . encode_link($context['url_to_home'] . $context['url_to_root'] . Comments::get_url('article:' . $item['id'], 'feed')) . "</wfw:commentRss>";
// the trackback url
$extensions[] = '<trackback:ping>' . encode_link($context['url_to_home'] . $context['url_to_root'] . 'links/trackback.php?anchor=' . urlencode('article:' . $item['id'])) . "</trackback:ping>";
// no trackback:about;
// list all components for this item
$items[$url] = array($time, $title, $author, $section, $icon, $introduction, $description, $extensions);
}
// end of processing
SQL::free($result);
return $items;
}
/**
* put an updated section in the database
*
* @param array an array of fields
* @return TRUE on success, or FALSE on error
*
* @see sections/edit.php
**/
public static function put(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// title cannot be empty
if (!isset($fields['title']) || !trim($fields['title'])) {
Logger::error(i18n::s('No title has been provided.'));
return FALSE;
}
// sanity filter
$fields['title'] = strip_tags($fields['title'], '<br>');
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['activation_date']) || $fields['activation_date'] <= NULL_DATE) {
$fields['activation_date'] = NULL_DATE;
}
if (!isset($fields['expiry_date']) || $fields['expiry_date'] <= NULL_DATE) {
$fields['expiry_date'] = NULL_DATE;
}
if (!isset($fields['publish_date']) || $fields['publish_date'] <= NULL_DATE) {
$fields['publish_date'] = NULL_DATE;
}
// set conservative default values
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
if (isset($fields['edit_action'])) {
$fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
}
if (!isset($fields['home_panel']) || !$fields['home_panel']) {
$fields['home_panel'] = 'main';
}
if (!isset($fields['index_map']) || !$fields['index_map']) {
$fields['index_map'] = 'Y';
}
if (!isset($fields['index_news']) || !$fields['index_news']) {
$fields['index_news'] = 'static';
}
if (!isset($fields['rank']) || !$fields['rank']) {
$fields['rank'] = 10000;
}
// set layout for sections
if (!isset($fields['sections_layout']) || !$fields['sections_layout'] || !preg_match('/^(accordion|carrousel|compact|custom|decorated|directory|folded|inline|jive|map|slashdot|tabs|titles|yabb|none)$/', $fields['sections_layout'])) {
$fields['sections_layout'] = 'map';
} elseif ($fields['sections_layout'] == 'custom') {
if (isset($fields['sections_custom_layout']) && $fields['sections_custom_layout']) {
$fields['sections_layout'] = $fields['sections_custom_layout'];
} else {
$fields['sections_layout'] = 'map';
}
}
// set layout for articles
if (!isset($fields['articles_layout']) || !$fields['articles_layout'] || !preg_match('/^(accordion|alistapart|carrousel|compact|custom|daily|decorated|digg|directory|hardboiled|jive|map|newspaper|none|simile|slashdot|table|tabs|tagged|threads|titles|yabb)$/', $fields['articles_layout'])) {
$fields['articles_layout'] = 'decorated';
} elseif ($fields['articles_layout'] == 'custom') {
if (isset($fields['articles_custom_layout']) && $fields['articles_custom_layout']) {
$fields['articles_layout'] = $fields['articles_custom_layout'];
} else {
$fields['articles_layout'] = 'decorated';
}
}
// set canvas for articles
if (!isset($fields['articles_canvas']) || !$fields['articles_canvas']) {
$fields['articles_canvas'] = 'standard';
}
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// cascade anchor access rights
if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) {
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
} else {
$fields['active'] = $fields['active_set'];
}
// fields to update
$query = array();
// regular fields
if (isset($fields['anchor'])) {
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
}
$query[] = "title='" . SQL::escape($fields['title']) . "'";
$query[] = "activation_date='" . SQL::escape($fields['activation_date']) . "'";
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
$query[] = "articles_layout='" . SQL::escape(isset($fields['articles_layout']) ? $fields['articles_layout'] : 'decorated') . "'";
$query[] = "content_options='" . SQL::escape(isset($fields['content_options']) ? $fields['content_options'] : '') . "'";
$query[] = "expiry_date='" . SQL::escape($fields['expiry_date']) . "'";
$query[] = "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'";
$query[] = "family='" . SQL::escape(isset($fields['family']) ? $fields['family'] : '') . "'";
$query[] = "file_overlay='" . SQL::escape(isset($fields['file_overlay']) ? $fields['file_overlay'] : '') . "'";
$query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
$query[] = "index_map='" . SQL::escape(isset($fields['index_map']) ? $fields['index_map'] : 'Y') . "'";
$query[] = "index_news='" . SQL::escape(isset($fields['index_news']) ? $fields['index_news'] : 'static') . "'";
$query[] = "index_news_count=" . SQL::escape(isset($fields['index_news_count']) ? $fields['index_news_count'] : 5);
$query[] = "index_title='" . SQL::escape(isset($fields['index_title']) ? $fields['index_title'] : '') . "'";
$query[] = "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'";
$query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
$query[] = "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'";
$query[] = "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : '') . "'";
$query[] = "locked='" . SQL::escape(isset($fields['locked']) ? $fields['locked'] : 'N') . "'";
$query[] = "meta='" . SQL::escape(isset($fields['meta']) ? $fields['meta'] : '') . "'";
$query[] = "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'";
$query[] = "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'";
$query[] = "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : 10000) . "'";
$query[] = "section_overlay='" . SQL::escape(isset($fields['section_overlay']) ? $fields['section_overlay'] : '') . "'";
$query[] = "sections_layout='" . SQL::escape(isset($fields['sections_layout']) ? $fields['sections_layout'] : 'map') . "'";
$query[] = "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'";
$query[] = "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'";
$query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
$query[] = "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'";
// fields visible only to associates
if (Surfer::is_associate()) {
$query[] = "articles_canvas='" . SQL::escape(isset($fields['articles_canvas']) ? $fields['articles_canvas'] : '') . "'";
$query[] = "articles_templates='" . SQL::escape(isset($fields['articles_templates']) ? $fields['articles_templates'] : '') . "'";
$query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
$query[] = "content_overlay='" . SQL::escape(isset($fields['content_overlay']) ? $fields['content_overlay'] : '') . "'";
$query[] = "home_panel='" . SQL::escape(isset($fields['home_panel']) ? $fields['home_panel'] : 'main') . "'";
$query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
$query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
}
// don't stamp silent updates
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']) . "";
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='section:update'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// update an existing record
$query = "UPDATE " . SQL::table_name('sections') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
if (SQL::query($query) === FALSE) {
return FALSE;
}
// assign the page to related categories
Categories::remember('section:' . $fields['id'], NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
// clear the cache
Sections::clear($fields);
// end of job
return TRUE;
}
/**
* encode some PHP value into XML
*
* Accept following values:
* - $values['feed']['title'] is a string
* - $values['feed']['link'] is a string
* - $values['feed']['description'] is a string
* - $values['feed']['image'] is a string to a feed image, if any
* - $values['entries'] is an array of $url => array($time, $title, $author, $section, $image, $introduction, $description, $comments, $trackback, $comment_post, $comment_atom)
*
* @param mixed the parameter to encode
* @return some XML
*/
public static function encode(&$values)
{
global $context;
// ensure we have a feed title
if (isset($values['feed']['title']) && $values['feed']['title']) {
$feed_title = $values['feed']['title'];
} elseif (isset($context['server_title']) && $context['server_title']) {
$feed_title = $context['server_title'];
} else {
$feed_title = $context['host_name'];
}
// ensure we have a feed link
if (isset($values['feed']['link']) && $values['feed']['link']) {
$feed_link = $values['feed']['link'];
} else {
$feed_link = $context['url_to_home'] . $context['url_to_root'];
}
// allowed HTML in description
$allowed = '<a><b><blockquote><form><hr><input><li><ol><p><strong><u><ul>';
// the preamble
$text = '<?xml version="1.0" encoding="' . $context['charset'] . '"?>' . "\n" . '<feed xmlns="http://www.w3.org/2005/Atom" xmlns:openSearch="http://a9.com/-/spec/opensearch/1.1/" xmlns:gd="http://schemas.google.com/g/2005" ' . "\n" . ' xmlns:content="http://purl.org/atom/1.0/modules/content/" ' . "\n" . ' xmlns:dc="http://purl.org/dc/elements/1.1/" ' . "\n" . ' xmlns:icbm="http://postneo.com/icbm/" ' . "\n" . ' xmlns:slash="http://purl.org/atom/1.0/modules/slash/" ' . "\n" . ' xmlns:trackback="http://madskills.com/public/xml/atom/module/trackback/" ' . "\n" . ' xmlns:wfw="http://wellformedweb.org/CommentAPI/" >' . "\n" . "\n" . ' <title>' . atom_codec::clean($feed_title) . '</title>' . "\n" . ' <link>' . encode_link($feed_link) . '</link>' . "\n";
// encode icbm position
if (isset($context['site_position']) && $context['site_position']) {
list($latitude, $longitude) = preg_split('/[ ,\\t]+/', $context['site_position']);
$text .= ' <icbm:latitude>' . atom_codec::clean($latitude) . '</icbm:latitude>' . "\n";
$text .= ' <icbm:longitude>' . atom_codec::clean($longitude) . '</icbm:longitude>' . "\n";
}
$text .= ' <updated>' . gmdate('D, d M Y H:i:s') . ' GMT</updated>' . "\n" . ' <generator>yacs</generator>' . "\n";
// process rows, if any
if (isset($values['entries']) && is_array($values['entries'])) {
// for each entry
foreach ($values['entries'] as $url => $attributes) {
$time = $attributes[0];
$title = $attributes[1];
$author = $attributes[2];
$section = $attributes[3];
$image = $attributes[4];
$introduction = $attributes[5];
$description = $attributes[6];
$extensions = $attributes[7];
// output one story
$text .= "\n" . ' <entry>' . "\n";
if ($title) {
$text .= ' <title>' . atom_codec::clean($title) . "</title>\n";
}
if ($url) {
$text .= ' <link>' . encode_link($url) . "</link>\n";
}
if ($introduction) {
$text .= ' <content type="text">' . atom_codec::clean($introduction) . "</content>\n";
} elseif ($description) {
$text .= ' <content type="text">' . atom_codec::clean($description) . "</content>\n";
}
// use unicode entities, and escape & chars that are not part of an entity
// if($description)
// $text .= ' <body xmlns="http://www.w3.org/1999/xhtml">'.preg_replace('/&(?!(amp|#\d+);)/i', '&', utf8::transcode($description))."</body>\n";
// // $text .= ' <content:encoded><![CDATA[ '.$description." ]]></content:encoded>\n";
//
// do not express mail addresses, but only creator name, which is between ()
// if(preg_match('/\((.*?)\)/', $author, $matches)) {
// // $text .= ' <author>'.atom_codec::clean($author)."</author>\n";
// $text .= ' <dc:creator>'.atom_codec::clean($matches[1])."</dc:creator>\n";
// }
//
// do not put any attribute, it would kill FeedReader
// if($section)
// $text .= ' <category>'.encode_field(strip_tags($section))."</category>\n";
//
// if(intval($time))
// $text .= ' <pubDate>'.gmdate('D, d M Y H:i:s', intval($time))." GMT</pubDate>\n";
//
// add any extension (eg, slash:comments, wfw:commentatom, trackback:ping)
if (isset($extensions)) {
if (is_array($extensions)) {
foreach ($extensions as $extension) {
$text .= ' ' . $extension . "\n";
}
} else {
$text .= ' ' . $extensions . "\n";
}
}
$text .= "\t</entry>\n";
}
}
// the postamble
$text .= "\n</feed>";
return array(TRUE, $text);
}
/**
* encode PHP data into RSS
*
* Accept following values:
* - $values['channel']['title'] is a string
* - $values['channel']['link'] is a string
* - $values['channel']['description'] is a string
* - $values['channel']['image'] is a string to a channel image, if any
* - $values['items'] is an array of $url => array($time, $title, $author, $section, $image, $introduction, $description, $comments, $trackback, $comment_post, $comment_rss)
*
* @param mixed the parameter to encode
* @return some XML
*/
public static function encode(&$values)
{
global $context;
// ensure we have a channel title
if (isset($values['channel']['title']) && $values['channel']['title']) {
$channel_title = $values['channel']['title'];
} elseif (isset($context['server_title']) && $context['server_title']) {
$channel_title = $context['server_title'];
} else {
$channel_title = $context['host_name'];
}
// ensure we have a channel link
if (isset($values['channel']['link']) && $values['channel']['link']) {
$channel_link = $values['channel']['link'];
} else {
$channel_link = $context['url_to_home'] . $context['url_to_root'];
}
// allowed HTML in description
$allowed = '<a><b><blockquote><form><hr><input><li><ol><p><strong><u><ul>';
// the preamble
$text = '<?xml version="1.0" encoding="' . $context['charset'] . '"?>' . "\n" . '<rss version="2.0" ' . "\n" . ' xmlns:atom="http://www.w3.org/2005/Atom" ' . "\n" . ' xmlns:content="http://purl.org/rss/1.0/modules/content/" ' . "\n" . ' xmlns:dc="http://purl.org/dc/elements/1.1/" ' . "\n" . ' xmlns:georss="http://www.georss.org/georss" ' . "\n" . ' xmlns:icbm="http://postneo.com/icbm" ' . "\n" . ' xmlns:slash="http://purl.org/rss/1.0/modules/slash/" ' . "\n" . ' xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/" ' . "\n" . ' xmlns:wfw="http://wellformedweb.org/CommentAPI/" >' . "\n" . "\n" . '<channel>' . "\n" . ' <title>' . rss_codec::clean($channel_title) . '</title>' . "\n" . ' <link>' . encode_link($channel_link) . '</link>' . "\n" . ' <atom:link href="' . encode_link($context['self_url']) . '" rel="self" type="application/rss+xml" />' . "\n" . ' <description>' . rss_codec::clean($values['channel']['description'], $allowed) . '</description>' . "\n";
if (isset($values['channel']['image']) && $values['channel']['image'] && ($size = Safe::GetImageSize($values['channel']['image']))) {
$text .= ' <image>' . "\n" . ' <url>' . encode_link($context['url_to_home'] . $context['url_to_root'] . $values['channel']['image']) . '</url>' . "\n" . ' <width>' . $size[0] . '</width>' . "\n" . ' <height>' . $size[1] . '</height>' . "\n" . ' <title>' . rss_codec::clean($channel_title) . '</title>' . "\n" . ' <link>' . encode_link($channel_link) . '</link>' . "\n" . ' </image>' . "\n";
}
if (isset($context['preferred_language']) && $context['preferred_language']) {
$text .= ' <language>' . $context['preferred_language'] . '</language>' . "\n";
}
if (isset($context['site_copyright']) && $context['site_copyright']) {
$text .= ' <copyright>' . rss_codec::clean($context['site_copyright']) . '</copyright>' . "\n";
}
if (isset($context['site_email']) && $context['site_email']) {
$text .= ' <managingEditor>' . rss_codec::clean($context['site_email']) . '</managingEditor>' . "\n";
}
if (isset($context['webmaster_address']) && $context['webmaster_address']) {
$text .= ' <webMaster>' . rss_codec::clean($context['site_email']) . '</webMaster>' . "\n";
}
// encode icbm position
if (isset($context['site_position']) && $context['site_position']) {
list($latitude, $longitude) = preg_split('/[ ,\\t]+/', $context['site_position']);
$text .= ' <icbm:latitude>' . rss_codec::clean($latitude) . '</icbm:latitude>' . "\n";
$text .= ' <icbm:longitude>' . rss_codec::clean($longitude) . '</icbm:longitude>' . "\n";
$text .= ' <georss:point>' . str_replace(',', ' ', $context['site_position']) . '</georss:point>' . "\n";
}
$text .= ' <lastBuildDate>' . gmdate('D, d M Y H:i:s') . ' GMT</lastBuildDate>' . "\n" . ' <generator>yacs</generator>' . "\n" . ' <docs>http://blogs.law.harvard.edu/tech/rss</docs>' . "\n";
if (isset($context['time_to_live']) && $context['time_to_live'] > 0) {
$text .= ' <ttl>' . $context['time_to_live'] . '</ttl>' . "\n";
} else {
$text .= ' <ttl>70</ttl>' . "\n";
}
// process rows, if any
if (isset($values['items']) && is_array($values['items'])) {
// for each item
foreach ($values['items'] as $url => $attributes) {
$time = $attributes[0];
$title = $attributes[1];
$author = $attributes[2];
$section = $attributes[3];
$image = $attributes[4];
$introduction = $attributes[5];
$description = $attributes[6];
$extensions = $attributes[7];
// output one story
$text .= "\n" . ' <item>' . "\n";
if ($title) {
$text .= ' <title>' . rss_codec::clean($title) . "</title>\n";
}
if ($url) {
$text .= ' <link>' . encode_link($url) . "</link>\n" . ' <guid isPermaLink="true">' . encode_link($url) . "</guid>\n";
}
if ($introduction) {
$text .= ' <description>' . rss_codec::clean($introduction) . "</description>\n";
} elseif ($description) {
$text .= ' <description>' . rss_codec::clean($description) . "</description>\n";
}
// use unicode entities, and escape & chars that are not part of an entity
if ($description) {
$text .= ' <content:encoded><![CDATA[ ' . str_replace(']]>', ']]]]><![CDATA[>', $description) . " ]]></content:encoded>\n";
}
// do not express mail addresses, but only creator name, which is between ()
if (preg_match('/\\((.*?)\\)/', $author, $matches)) {
$text .= ' <dc:creator>' . rss_codec::clean($matches[1]) . "</dc:creator>\n";
}
// do not put any attribute, it would kill FeedReader
if ($section) {
$text .= ' <category>' . encode_field(strip_tags($section)) . "</category>\n";
}
if (intval($time)) {
$text .= ' <pubDate>' . gmdate('D, d M Y H:i:s', intval($time)) . " GMT</pubDate>\n";
}
// add any extension (eg, slash:comments, wfw:commentRss, trackback:ping)
if (isset($extensions)) {
if (is_array($extensions)) {
foreach ($extensions as $extension) {
$text .= ' ' . $extension . "\n";
}
} else {
$text .= ' ' . $extensions . "\n";
}
}
$text .= "\t</item>\n";
}
}
// the postamble
$text .= "\n</channel>\n" . '</rss>';
return array(TRUE, $text);
}
