/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
global $Messages, $localtimenow;
// Group ID
param('ivc_grp_ID', 'integer');
param_check_not_empty('ivc_grp_ID', T_('Please select a group'));
$this->set_from_Request('grp_ID', 'ivc_grp_ID', true);
// Code
param('ivc_code', 'string');
param_check_not_empty('ivc_code', T_('You must provide an invitation code!'));
param_check_regexp('ivc_code', '#^[A-Za-z0-9\\-_]{3,32}$#', T_('Invitation code must be from 3 to 32 letters, digits or signs "-", "_".'));
$this->set_from_Request('code', 'ivc_code');
// Expire date
if (param_date('ivc_expire_date', T_('Please enter a valid date.'), true) && param_time('ivc_expire_time')) {
// If date and time were both correct we may set the 'expire_ts' value
$this->set('expire_ts', form_date(get_param('ivc_expire_date'), get_param('ivc_expire_time')));
}
// Source
param('ivc_source', 'string');
$this->set_from_Request('source', 'ivc_source', true);
if (mysql2timestamp($this->get('expire_ts')) < $localtimenow) {
// Display a warning if date is expired
$Messages->add($this->ID == 0 ? T_('Note: The newly created invitation code is already expired') : T_('Note: The updated invitation code is already expired'), 'warning');
}
return !param_errors_detected();
}
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request($cron_job_names = array(), $cron_job_params = array())
{
if ($this->ID > 0 || get_param('ctsk_ID') > 0) {
// Update or copy cron job
$cjob_name = param('cjob_name', 'string', true);
param_check_not_empty('cjob_name', T_('Please enter job name'));
} else {
// Create new cron job
$cjob_type = param('cjob_type', 'string', true);
if (!isset($cron_job_params[$cjob_type])) {
// This cron job type doesn't exist, so this is an invalid state
debug_die('Invalid job type received');
$cjob_name = '';
} else {
$cjob_name = $cron_job_names[$cjob_type];
}
}
// start datetime:
param_date('cjob_date', T_('Please enter a valid date.'), true);
param_time('cjob_time');
$this->set('start_datetime', form_date(get_param('cjob_date'), get_param('cjob_time')));
// repeat after:
$cjob_repeat_after = param_duration('cjob_repeat_after');
if ($cjob_repeat_after == 0) {
$cjob_repeat_after = NULL;
}
$this->set('repeat_after', $cjob_repeat_after);
// name:
if (!empty($cjob_name) && $cjob_name != $this->get('name')) {
$this->set('name', $cjob_name);
}
if ($this->ID == 0 && get_param('ctsk_ID') == 0) {
// Set these params only on creating and copying actions
// controller:
$this->set('controller', $cron_job_params[$cjob_type]['ctrl']);
// params:
$this->set('params', $cron_job_params[$cjob_type]['params']);
}
return !param_errors_detected();
}
* @package admin
*/
if (!defined('EVO_MAIN_INIT')) {
die('Please, do not access this page directly.');
}
global $blog, $admin_url, $UserSettings;
global $datestartinput, $datestart, $datestopinput, $datestop, $email;
if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput)));
memorize_param('datestartinput', 'string', NULL, empty($datestartinput) ? NULL : date(locale_datefmt(), strtotime($datestartinput)));
} else {
// We may have an automated param transmission date:
param('datestart', 'string', '', true);
}
if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput)));
memorize_param('datestopinput', 'string', NULL, empty($datestopinput) ? NULL : date(locale_datefmt(), strtotime($datestopinput)));
} else {
// We may have an automated param transmission date:
param('datestop', 'string', '', true);
}
param('email', 'string', '', true);
// Create result set:
$SQL = new SQL();
$SQL->SELECT('SQL_NO_CACHE emlog_ID, emlog_timestamp, emlog_user_ID, emlog_to, emlog_result, emlog_subject');
$SQL->FROM('T_email__log');
$count_SQL = new SQL();
$count_SQL->SELECT('SQL_NO_CACHE COUNT(emlog_ID)');
$count_SQL->FROM('T_email__log');
/**
* We want to preview a single post, we are going to fake a lot of things...
*/
function preview_from_request()
{
global $current_User;
if (empty($current_User)) {
// dh> only logged in user's can preview. Alternatively we need those checks where $current_User gets used below.
return;
}
global $DB, $localtimenow, $Messages, $BlogCache;
global $Plugins;
if ($this->Blog->get_setting('allow_html_post')) {
// HTML is allowed for this post
$text_format = 'html';
} else {
// HTML is disallowed for this post
$text_format = 'htmlspecialchars';
}
$preview_userid = param('preview_userid', 'integer', true);
$post_status = param('post_status', 'string', true);
$post_locale = param('post_locale', 'string', $current_User->locale);
$content = param('content', $text_format, true);
$post_title = param('post_title', $text_format, true);
$post_titletag = param('titletag', 'string', true);
$post_excerpt = param('post_excerpt', 'string', true);
$post_url = param('post_url', 'string', '');
check_categories_nosave($post_category, $post_extracats);
$post_views = param('post_views', 'integer', 0);
$renderers = param('renderers', 'array/string', array('default'));
if (!is_array($renderers)) {
// dh> workaround for param() bug. See rev 1.93 of /inc/_misc/_misc.funcs.php
$renderers = array('default');
}
if ($post_category == 0) {
$post_category = $this->Blog->get_default_cat_ID();
}
$comment_Blog =& $BlogCache->get_by_ID(get_catblog($post_category));
if ($comment_Blog->get_setting('allow_comments') != 'never' && $comment_Blog->get_setting('disable_comments_bypost')) {
// param is required
$post_comment_status = param('post_comment_status', 'string', true);
} else {
$post_comment_status = $comment_Blog->get_setting('allow_comments');
}
// Get issue date, using the user's locale (because it's entered like this in the form):
locale_temp_switch($current_User->locale);
param_date('item_issue_date', T_('Please enter a valid issue date.'), false);
// TODO: dh> get_param() is always true here, also on invalid dates:
if (strlen(get_param('item_issue_date'))) {
// only set it, if a date was given:
param_time('item_issue_time');
$item_issue_date = form_date(get_param('item_issue_date'), get_param('item_issue_time'));
// TODO: cleanup...
} else {
$item_issue_date = date('Y-m-d H:i:s', $localtimenow);
}
locale_restore_previous();
$item_typ_ID = param('item_typ_ID', 'integer', NULL);
$item_st_ID = param('item_st_ID', 'integer', NULL);
$item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL);
$item_deadline = param('item_deadline', 'string', NULL);
$item_priority = param('item_priority', 'integer', NULL);
// QUESTION: can this be also empty/NULL?
// Do some optional filtering on the content
// Typically stuff that will help the content to validate
// Useful for code display.
// Will probably be used for validation also.
$Plugins_admin =& get_Plugins_admin();
$params = array('object_type' => 'Item', 'object_Blog' => &$comment_Blog);
$Plugins_admin->filter_contents($post_title, $content, $renderers, $params);
$post_title = format_to_post($post_title);
$content = format_to_post($content);
$post_ID = param('post_ID', 'integer', 0);
$this->sql = "SELECT\n\t\t\t{$post_ID} AS post_ID,\n\t\t\t{$preview_userid} AS post_creator_user_ID,\n\t\t\t{$preview_userid} AS post_lastedit_user_ID,\n\t\t\t'{$item_issue_date}' AS post_datestart,\n\t\t\t'{$item_issue_date}' AS post_datecreated,\n\t\t\t'{$item_issue_date}' AS post_datemodified,\n\t\t\t'{$item_issue_date}' AS post_last_touched_ts,\n\t\t\t0 AS post_dateset,\n\t\t\t'" . $DB->escape($post_status) . "' AS post_status,\n\t\t\t'" . $DB->escape($post_locale) . "' AS post_locale,\n\t\t\t'" . $DB->escape($content) . "' AS post_content,\n\t\t\t'" . $DB->escape($post_title) . "' AS post_title,\n\t\t\t'" . $DB->escape($post_titletag) . "' AS post_titletag,\n\t\t\t'" . $DB->escape($post_excerpt) . "' AS post_excerpt,\n\t\t\tNULL AS post_excerpt_autogenerated,\n\t\t\tNULL AS post_urltitle,\n\t\t\tNULL AS post_canonical_slug_ID,\n\t\t\tNULL AS post_tiny_slug_ID,\n\t\t\t'" . $DB->escape($post_url) . "' AS post_url,\n\t\t\t{$post_category} AS post_main_cat_ID,\n\t\t\t{$post_views} AS post_views,\n\t\t\t'' AS post_flags,\n\t\t\t'noreq' AS post_notifications_status,\n\t\t\tNULL AS post_notifications_ctsk_ID,\n\t\t\t" . bpost_count_words($content) . " AS post_wordcount,\n\t\t\t" . $DB->quote($post_comment_status) . " AS post_comment_status,\n\t\t\t'" . $DB->escape(implode('.', $renderers)) . "' AS post_renderers,\n\t\t\t" . $DB->quote($item_assigned_user_ID) . " AS post_assigned_user_ID,\n\t\t\t" . $DB->quote($item_typ_ID) . " AS post_ptyp_ID,\n\t\t\t" . $DB->quote($item_st_ID) . " AS post_pst_ID,\n\t\t\t" . $DB->quote($item_deadline) . " AS post_datedeadline,\n\t\t\t" . $DB->quote($item_priority) . " AS post_priority,";
$this->sql .= $DB->quote(param('item_order', 'double', NULL)) . ' AS post_order' . ",\n" . $DB->quote(param('item_featured', 'integer', NULL)) . ' AS post_featured' . "\n";
$this->total_rows = 1;
$this->total_pages = 1;
$this->page = 1;
// ATTENTION: we skip the parent on purpose here!! fp> refactor
DataObjectList2::query(false, false, false, 'PREVIEW QUERY');
$Item =& $this->Cache->instantiate($this->rows[0]);
// set Item settings
$Item->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0));
$Item->set_setting('post_metadesc', param('metadesc', 'string', true));
$Item->set_setting('post_custom_headers', param('custom_headers', 'string', true));
// set custom Item settings
foreach (array('double', 'varchar') as $type) {
$count_custom_field = $comment_Blog->get_setting('count_custom_' . $type);
$param_type = $type == 'varchar' ? 'string' : $type;
for ($i = 1; $i <= $count_custom_field; $i++) {
// For each custom double field:
$field_guid = $comment_Blog->get_setting('custom_' . $type . $i);
$Item->set_setting('custom_' . $type . '_' . $field_guid, param('item_' . $type . '_' . $field_guid, $param_type, NULL));
}
}
// Trigger plugin event, allowing to manipulate or validate the item before it gets previewed
$Plugins->trigger_event('AppendItemPreviewTransact', array('Item' => &$Item));
if ($Messages->has_errors()) {
$errcontent = $Messages->display(T_('Invalid post, please correct these errors:'), '', false);
$Item->content = $errcontent . "\n<hr />\n" . $content;
}
// little funky fix for IEwin, rawk on that code
global $Hit;
if ($Hit->is_winIE() && !isset($IEWin_bookmarklet_fix)) {
// QUESTION: Is this still needed? What about $IEWin_bookmarklet_fix? (blueyed)
$Item->content = preg_replace('/\\%u([0-9A-F]{4,4})/e', "'&#'.base_convert('\\1',16,10). ';'", $Item->content);
}
}
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
global $Messages;
$aipr_status = param('aipr_status', 'string', true);
$this->set('status', $aipr_status, true);
$aipr_IPv4start = param('aipr_IPv4start', 'string', true);
param_check_regexp('aipr_IPv4start', '#^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$#i', T_('Please enter a correct IP range start'));
$aipr_IPv4start = ip2int($aipr_IPv4start);
$this->set('IPv4start', $aipr_IPv4start);
$aipr_IPv4end = param('aipr_IPv4end', 'string', true);
param_check_regexp('aipr_IPv4end', '#^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$#i', T_('Please enter a correct IP range end'));
$aipr_IPv4end = ip2int($aipr_IPv4end);
$this->set('IPv4end', $aipr_IPv4end);
// start timestamp:
param_date('aipr_IP_timestamp', T_('Please enter a valid Date.'), true);
$this->set('IP_datetime', form_date(get_param('aipr_IP_timestamp')));
if ($aipr_IPv4start > $aipr_IPv4end) {
$Messages->add(T_('IP range start must be less than IP range end'), 'error');
}
if (!param_errors_detected()) {
// Check IPs for inside in other ranges
if ($ip_range = get_ip_range($aipr_IPv4start, $aipr_IPv4end, $this->ID)) {
$admin_url;
$Messages->add(sprintf(T_('IP range already exists with params: %s - <a %s>Edit this range</a>'), int2ip($ip_range->aipr_IPv4start) . ' - ' . int2ip($ip_range->aipr_IPv4end), 'href="' . $admin_url . '?ctrl=antispam&tab3=ipranges&action=iprange_edit&iprange_ID=' . $ip_range->aipr_ID . '"'), 'error');
}
}
return !param_errors_detected();
}
case 'new':
// Check that we have permission to edit options:
$current_User->check_perm('options', 'edit', true, NULL);
break;
case 'create':
// Check that we have permission to edit options:
$current_User->check_perm('options', 'edit', true, NULL);
// CREATE OBJECT:
load_class('/cron/model/_cronjob.class.php');
$edited_Cronjob =& new Cronjob();
$cjob_type = param('cjob_type', 'string', true);
if (!isset($cron_job_params[$cjob_type])) {
param_error('cjob_type', T_('Invalid job type'));
}
// start datetime:
param_date('cjob_date', T_('Please enter a valid date.'), true);
param_time('cjob_time');
$edited_Cronjob->set('start_datetime', form_date(get_param('cjob_date'), get_param('cjob_time')));
// repeat after:
$cjob_repeat_after_days = param('cjob_repeat_after_days', 'integer', 0);
$cjob_repeat_after_hours = param('cjob_repeat_after_hours', 'integer', 0);
$cjob_repeat_after_minutes = param('cjob_repeat_after_minutes', 'integer', 0);
$cjob_repeat_after = (($cjob_repeat_after_days * 24 + $cjob_repeat_after_hours) * 60 + $cjob_repeat_after_minutes) * 60;
// seconds
if ($cjob_repeat_after == 0) {
$cjob_repeat_after = NULL;
}
$edited_Cronjob->set('repeat_after', $cjob_repeat_after);
// name:
$edited_Cronjob->set('name', $cron_job_names[$cjob_type]);
// controller:
/**
* Load data from Request form fields.
*
* This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set).
*
* @param boolean true if we are returning to edit mode (new, switchtab...)
* @return boolean true if loaded data seems valid.
*/
function load_from_Request($editing = false, $creating = false)
{
global $default_locale, $current_User, $localtimenow;
global $posttypes_reserved_IDs, $item_typ_ID;
// LOCALE:
if (param('post_locale', 'string', NULL) !== NULL) {
$this->set_from_Request('locale');
}
// POST TYPE:
$item_typ_ID = get_param('item_typ_ID');
if (empty($item_typ_ID)) {
// Try to get this from request if it has been not initialized by controller:
$item_typ_ID = param('item_typ_ID', 'integer', NULL);
}
if (!empty($item_typ_ID)) {
// Set new post type ID only if it is defined on request:
$this->set('ityp_ID', $item_typ_ID);
}
// URL associated with Item:
$post_url = param('post_url', 'string', NULL);
if ($post_url !== NULL) {
param_check_url('post_url', 'posting', '');
$this->set_from_Request('url');
}
if (empty($post_url) && $this->get_type_setting('use_url') == 'required') {
// URL must be entered
param_check_not_empty('post_url', T_('Please provide a "Link To" URL.'), '');
}
// Item parent ID:
$post_parent_ID = param('post_parent_ID', 'integer', NULL);
if ($post_parent_ID !== NULL) {
// If item parent ID is entered:
$ItemCache =& get_ItemCache();
if ($ItemCache->get_by_ID($post_parent_ID, false, false)) {
// Save only ID of existing item:
$this->set_from_Request('parent_ID');
} else {
// Display an error of the entered item parent ID is incorrect:
param_error('post_parent_ID', T_('The parent ID is not a correct Item ID.'));
}
}
if (empty($post_parent_ID)) {
// If empty parent ID is entered:
if ($this->get_type_setting('use_parent') == 'required') {
// Item parent ID must be entered:
param_check_not_empty('post_parent_ID', T_('Please provide a parent ID.'), '');
} else {
// Remove parent ID:
$this->set_from_Request('parent_ID');
}
}
if ($this->status == 'redirected' && empty($this->url)) {
// Note: post_url is not part of the simple form, so this message can be a little bit awkward there
param_error('post_url', T_('If you want to redirect this post, you must specify an URL!') . ' (' . T_('Advanced properties panel') . ')', T_('If you want to redirect this post, you must specify an URL!'));
}
// ISSUE DATE / TIMESTAMP:
$this->load_Blog();
if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) {
// Allow to update timestamp fields only if user has a permission to edit such fields
// and also if user has an access to back-office
$item_dateset = param('item_dateset', 'integer', NULL);
if ($item_dateset !== NULL) {
$this->set('dateset', $item_dateset);
if ($editing || $this->dateset == 1) {
// We can use user date:
if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) {
// only set it, if a (valid) date and time was given:
$this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time')));
// TODO: cleanup...
}
} elseif ($this->dateset == 0) {
// Set date to NOW:
$this->set('issue_date', date('Y-m-d H:i:s', $localtimenow));
}
}
}
// DEADLINE:
if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) {
$this->set_from_Request('datedeadline', 'item_deadline', true);
}
// SLUG:
if (param('post_urltitle', 'string', NULL) !== NULL) {
$this->set_from_Request('urltitle');
}
// <title> TAG:
$titletag = param('titletag', 'string', NULL);
if ($titletag !== NULL) {
$this->set_from_Request('titletag', 'titletag');
}
if (empty($titletag) && $this->get_type_setting('use_title_tag') == 'required') {
// Title tag must be entered
param_check_not_empty('titletag', T_('Please provide a title tag.'), '');
}
// <meta> DESC:
$metadesc = param('metadesc', 'string', NULL);
if ($metadesc !== NULL) {
$this->set_setting('metadesc', get_param('metadesc'));
}
if (empty($metadesc) && $this->get_type_setting('use_meta_desc') == 'required') {
// Meta description must be entered
param_check_not_empty('metadesc', T_('Please provide a meta description.'), '');
}
// <meta> KEYWORDS:
$metakeywords = param('metakeywords', 'string', NULL);
if ($metakeywords !== NULL) {
$this->set_setting('metakeywords', get_param('metakeywords'));
}
if (empty($metakeywords) && $this->get_type_setting('use_meta_keywds') == 'required') {
// Meta keywords must be entered
param_check_not_empty('metakeywords', T_('Please provide the meta keywords.'), '');
}
// TAGS:
if ($current_User->check_perm('admin', 'restricted')) {
// User should has an access to back-office to edit tags
$item_tags = param('item_tags', 'string', NULL);
if ($item_tags !== NULL) {
$this->set_tags_from_string(get_param('item_tags'));
// Update setting 'suggest_item_tags' of the current User
global $UserSettings;
$UserSettings->set('suggest_item_tags', param('suggest_item_tags', 'integer', 0));
$UserSettings->dbupdate();
}
if (empty($item_tags) && $this->get_type_setting('use_tags') == 'required') {
// Tags must be entered
param_check_not_empty('item_tags', T_('Please provide at least one tag.'), '');
}
}
// WORKFLOW stuff:
param('item_st_ID', 'integer', NULL);
$this->set_from_Request('pst_ID', 'item_st_ID', true);
$item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL);
$item_assigned_user_login = param('item_assigned_user_login', 'string', NULL);
$this->assign_to($item_assigned_user_ID, $item_assigned_user_login);
$item_priority = param('item_priority', 'integer', NULL);
if ($item_priority !== NULL) {
// Set task priority only if it is gone from form
$this->set_from_Request('priority', 'item_priority', true);
}
// FEATURED checkbox:
$this->set('featured', param('item_featured', 'integer', 0), false);
// HIDE TEASER checkbox:
$this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0));
$goal_ID = param('goal_ID', 'integer', NULL);
if ($goal_ID !== NULL) {
// Goal ID
$this->set_setting('goal_ID', $goal_ID, true);
}
// ORDER:
param('item_order', 'double', NULL);
$this->set_from_Request('order', 'item_order', true);
// OWNER:
$this->creator_user_login = param('item_owner_login', 'string', NULL);
if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) {
// only admins can change the owner..
if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) {
$this->set_creator_by_login($this->creator_user_login);
}
}
// LOCATION COORDINATES:
if ($this->get_type_setting('use_coordinates') != 'never') {
// location coordinates are enabled, save map settings
param('item_latitude', 'double', NULL);
// get par value
$this->set_setting('latitude', get_param('item_latitude'), true);
param('item_longitude', 'double', NULL);
// get par value
$this->set_setting('longitude', get_param('item_longitude'), true);
param('google_map_zoom', 'integer', NULL);
// get par value
$this->set_setting('map_zoom', get_param('google_map_zoom'), true);
param('google_map_type', 'string', NULL);
// get par value
$this->set_setting('map_type', get_param('google_map_type'), true);
if ($this->get_type_setting('use_coordinates') == 'required') {
// The location coordinates are required
param_check_not_empty('item_latitude', T_('Please provide a latitude.'), '');
param_check_not_empty('item_longitude', T_('Please provide a longitude.'), '');
}
}
// CUSTOM FIELDS:
$custom_fields = $this->get_type_custom_fields();
foreach ($custom_fields as $custom_field) {
// update each custom field
$param_name = 'item_' . $custom_field['type'] . '_' . $custom_field['ID'];
if (isset_param($param_name)) {
// param is set
$param_type = $custom_field['type'] == 'varchar' ? 'string' : $custom_field['type'];
param($param_name, $param_type, NULL);
// get par value
$custom_field_make_null = $custom_field['type'] != 'double';
// store '0' values in DB for numeric fields
$this->set_setting('custom_' . $custom_field['type'] . '_' . $custom_field['ID'], get_param($param_name), $custom_field_make_null);
}
}
// COMMENTS:
if ($this->allow_comment_statuses()) {
// Save status of "Allow comments for this item" (only if comments are allowed in this blog, and by current post type
$post_comment_status = param('post_comment_status', 'string', 'open');
if (!empty($post_comment_status)) {
// 'open' or 'closed' or ...
$this->set_from_Request('comment_status');
}
}
// EXPIRY DELAY:
$expiry_delay = param_duration('expiry_delay');
if (empty($expiry_delay)) {
// Check if we have 'expiry_delay' param set as string from simple or mass form
$expiry_delay = param('expiry_delay', 'string', NULL);
}
if (empty($expiry_delay) && $this->get_type_setting('use_comment_expiration') == 'required') {
// Comment expiration must be entered
param_check_not_empty('expiry_delay', T_('Please provide a comment expiration delay.'), '');
}
$this->set_setting('comment_expiry_delay', $expiry_delay, true);
// EXTRA PARAMS FROM MODULES:
modules_call_method('update_item_settings', array('edited_Item' => $this));
// RENDERERS:
if (param('renderers_displayed', 'integer', 0)) {
// use "renderers" value only if it has been displayed (may be empty)
global $Plugins;
$renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Item' => &$this));
$this->set('renderers', $renderers);
} else {
$renderers = $this->get_renderers_validated();
}
// CONTENT + TITLE:
if ($this->get_type_setting('allow_html')) {
// HTML is allowed for this post, we'll accept HTML tags:
$text_format = 'html';
} else {
// HTML is disallowed for this post, we'll encode all special chars:
$text_format = 'htmlspecialchars';
}
$editor_code = param('editor_code', 'string', NULL);
if ($editor_code) {
// Update item editor code if it was explicitly set
$this->set_setting('editor_code', $editor_code);
}
$content = param('content', $text_format, NULL);
if ($content !== NULL) {
// Never allow html content on post titles: (fp> probably so as to not mess up backoffice and all sorts of tools)
param('post_title', 'htmlspecialchars', NULL);
// Do some optional filtering on the content
// Typically stuff that will help the content to validate
// Useful for code display.
// Will probably be used for validation also.
$Plugins_admin =& get_Plugins_admin();
$params = array('object_type' => 'Item', 'object' => &$this, 'object_Blog' => &$this->Blog);
$Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params);
// Title checking:
$use_title = $this->get_type_setting('use_title');
if ((!$editing || $creating) && $use_title == 'required') {
param_check_not_empty('post_title', T_('Please provide a title.'), '');
}
// Format raw HTML input to cleaned up and validated HTML:
param_check_html('content', T_('Invalid content.'));
$content = prepare_item_content(get_param('content'));
$this->set('content', $content);
$this->set('title', get_param('post_title'));
}
if (empty($content) && $this->get_type_setting('use_text') == 'required') {
// Content must be entered
param_check_not_empty('content', T_('Please enter some text.'), '');
}
// EXCERPT: (must come after content (to handle excerpt_autogenerated))
$post_excerpt = param('post_excerpt', 'text', NULL);
if ($post_excerpt !== NULL && $post_excerpt != $this->excerpt) {
$this->set('excerpt_autogenerated', 0);
// Set this to the '0' for saving a field 'excerpt' from a request
$this->set_from_Request('excerpt');
}
if (empty($post_excerpt) && $this->get_type_setting('use_excerpt') == 'required') {
// Content must be entered
param_check_not_empty('post_excerpt', T_('Please provide an excerpt.'), '');
}
// LOCATION (COUNTRY -> CITY):
load_funcs('regional/model/_regional.funcs.php');
// Check if this item has a special post type. Location is not required for special posts.
$not_special_post = !$this->is_special();
if ($this->country_visible()) {
// Save country
$country_ID = param('item_ctry_ID', 'integer', 0);
$country_is_required = $this->get_type_setting('use_country') == 'required' && $not_special_post && countries_exist();
param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required);
$this->set_from_Request('ctry_ID', 'item_ctry_ID', true);
}
if ($this->region_visible()) {
// Save region
$region_ID = param('item_rgn_ID', 'integer', 0);
$region_is_required = $this->get_type_setting('use_region') == 'required' && $not_special_post && regions_exist($country_ID);
param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required);
$this->set_from_Request('rgn_ID', 'item_rgn_ID', true);
}
if ($this->subregion_visible()) {
// Save subregion
$subregion_ID = param('item_subrg_ID', 'integer', 0);
$subregion_is_required = $this->get_type_setting('use_sub_region') == 'required' && $not_special_post && subregions_exist($region_ID);
param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required);
$this->set_from_Request('subrg_ID', 'item_subrg_ID', true);
}
if ($this->city_visible()) {
// Save city
param('item_city_ID', 'integer', 0);
$city_is_required = $this->get_type_setting('use_city') == 'required' && $not_special_post && cities_exist($country_ID, $region_ID, $subregion_ID);
param_check_number('item_city_ID', T_('Please select a city'), $city_is_required);
$this->set_from_Request('city_ID', 'item_city_ID', true);
}
return !param_errors_detected();
}
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
// Category
param('goal_gcat_ID', 'integer', true);
param_check_not_empty('goal_gcat_ID', T_('Please select a category.'));
$this->set_from_Request('gcat_ID');
// Name
$this->set_string_from_param('name', true);
// Key
$this->set_string_from_param('key', true);
// Temporary Redirection URL:
$this->set_string_from_param('temp_redir_url');
// Normal Redirection URL:
param('goal_redir_url', 'string');
if ($this->get('temp_redir_url') != '') {
// Normal Redirection URL is required when Temporary Redirection URL is not empty
param_check_not_empty('goal_redir_url', T_('Please enter Normal Redirection URL.'));
}
$this->set_from_Request('redir_url');
if ($this->get('temp_redir_url') != '' && $this->get('temp_redir_url') == $this->get('redir_url')) {
// Compare normal and temp urls
param_error('goal_temp_redir_url', T_('Temporary Redirection URL should not be equal to Normal Redirection URL'));
param_error('goal_redir_url', NULL, '');
}
// Temporary Start
$temp_start_date = param_date('goal_temp_start_date', T_('Please enter a valid date.'), false);
if (!empty($temp_start_date)) {
$temp_start_time = param('goal_temp_start_time', 'string');
$temp_start_time = empty($temp_start_time) ? '00:00:00' : param_time('goal_temp_start_time');
$this->set('temp_start_ts', form_date($temp_start_date, $temp_start_time));
} else {
$this->set('temp_start_ts', NULL);
}
// Temporary End
$temp_end_date = param_date('goal_temp_end_date', T_('Please enter a valid date.'), false);
if (!empty($temp_end_date)) {
$temp_end_time = param('goal_temp_end_time', 'string');
$temp_end_time = empty($temp_end_time) ? '00:00:00' : param_time('goal_temp_end_time');
$this->set('temp_end_ts', form_date($temp_end_date, $temp_end_time));
} else {
$this->set('temp_end_ts', NULL);
}
if ($this->get('temp_start_ts') !== NULL && $this->get('temp_end_ts') !== NULL && strtotime($this->get('temp_start_ts')) >= strtotime($this->get('temp_end_ts'))) {
// Compare Start and End dates
param_error('goal_temp_start_date', NULL, '');
param_error('goal_temp_start_time', NULL, '');
param_error('goal_temp_end_date', NULL, '');
param_error('goal_temp_end_time', T_('Temporary Start Date/Time should not be greater than Temporary End Date/Time'));
}
// Default value:
param('goal_default_value', 'string');
param_check_decimal('goal_default_value', T_('Default value must be a number.'));
$this->set_from_Request('default_value', 'goal_default_value', true);
// Notes
param('goal_notes', 'text');
$this->set_from_Request('notes', 'goal_notes');
return !param_errors_detected();
}
$edited_Comment->set('author', $newcomment_author);
param_check_email('newcomment_author_email', false);
$edited_Comment->set('author_email', $newcomment_author_email);
param_check_url('newcomment_author_url', 'posting', '');
// Give posting permissions here
$edited_Comment->set('author_url', $newcomment_author_url);
}
// Content:
param('content', 'html');
param('post_autobr', 'integer', $comments_use_autobr == 'always' ? 1 : 0);
param_check_html('content', T_('Invalid comment text.'), '#', $post_autobr);
// Check this is backoffice content (NOT with comment rules)
$edited_Comment->set('content', get_param('content'));
if ($current_User->check_perm('edit_timestamp')) {
// We use user date
param_date('comment_issue_date', T_('Please enter a valid comment date.'), true);
if (strlen(get_param('comment_issue_date'))) {
// only set it, if a date was given:
param_time('comment_issue_time');
$edited_Comment->set('date', form_date(get_param('comment_issue_date'), get_param('comment_issue_time')));
// TODO: cleanup...
}
}
param('comment_rating', 'integer', NULL);
$edited_Comment->set_from_Request('rating');
param('comment_status', 'string', 'published');
$edited_Comment->set_from_Request('status');
param('comment_nofollow', 'integer', 0);
$edited_Comment->set_from_Request('nofollow');
if ($Messages->count('error')) {
// There have been some validation errors:
/**
* Load data from Request form fields.
*
* This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set).
*
* @param boolean true to force edit date (as long as perms permit)
* @return boolean true if loaded data seems valid.
*/
function load_from_Request($force_edit_date = false)
{
global $default_locale, $current_User;
if (param('post_locale', 'string', NULL) !== NULL) {
$this->set_from_Request('locale');
}
if (param('item_typ_ID', 'integer', NULL) !== NULL) {
$this->set_from_Request('ptyp_ID', 'item_typ_ID');
}
if (param('post_url', 'string', NULL) !== NULL) {
param_check_url('post_url', 'posting', '');
$this->set_from_Request('url');
}
// Note: post_url is not part of the simple form, so this message can be a little bit awkward there
if ($this->status == 'redirected' && empty($this->url)) {
param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)'));
}
if (($force_edit_date || param('edit_date', 'integer', 0)) && $current_User->check_perm('edit_timestamp')) {
// We can use user date:
param_date('item_issue_date', T_('Please enter a valid issue date.'), $force_edit_date);
if (strlen(get_param('item_issue_date'))) {
// only set it, if a date was given:
param_time('item_issue_time');
$this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time')));
// TODO: cleanup...
}
}
if (param('post_excerpt', 'string', NULL) !== NULL) {
$this->set_from_Request('excerpt');
}
if (param('post_urltitle', 'string', NULL) !== NULL) {
$this->set_from_Request('urltitle');
}
if (param('item_tags', 'string', NULL) !== NULL) {
$this->set_tags_from_string(get_param('item_tags'));
// pre_dump( $this->tags );
}
// Workflow stuff:
if (param('item_st_ID', 'integer', NULL) !== NULL) {
$this->set_from_Request('pst_ID', 'item_st_ID');
}
if (param('item_assigned_user_ID', 'integer', NULL) !== NULL) {
$this->assign_to(get_param('item_assigned_user_ID'));
}
if (param('item_priority', 'integer', NULL) !== NULL) {
$this->set_from_Request('priority', 'item_priority', true);
}
if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) {
$this->set_from_Request('datedeadline', 'item_deadline', true);
}
// Allow comments for this item (only if set to "post_by_post" for the Blog):
$this->load_Blog();
if ($this->Blog->allowcomments == 'post_by_post') {
if (param('post_comment_status', 'string', 'open') !== NULL) {
// 'open' or 'closed' or ...
$this->set_from_Request('comment_status');
}
}
if (param('renderers_displayed', 'integer', 0)) {
// use "renderers" value only if it has been displayed (may be empty)
$Plugins_admin =& get_Cache('Plugins_admin');
$renderers = $Plugins_admin->validate_renderer_list(param('renderers', 'array', array()));
$this->set('renderers', $renderers);
} else {
$renderers = $this->get_renderers_validated();
}
if (param('content', 'html', NULL) !== NULL) {
param('post_title', 'html', NULL);
// Do some optional filtering on the content
// Typically stuff that will help the content to validate
// Useful for code display.
// Will probably be used for validation also.
$Plugins_admin =& get_Cache('Plugins_admin');
$Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers);
// Format raw HTML input to cleaned up and validated HTML:
param_check_html('post_title', T_('Invalid title.'), '');
$this->set('title', get_param('post_title'));
param_check_html('content', T_('Invalid content.'));
$this->set('content', get_param('content'));
}
return !param_errors_detected();
}
/**
* Display hits results table
*/
function hits_results_block($params = array())
{
if (!is_logged_in()) {
// Only logged in users can access to this function
return;
}
global $current_User;
if (!$current_User->check_perm('stats', 'view')) {
// Current user has no permission to view all stats (aggregated stats)
return;
}
/**
* View funcs
*/
load_funcs('sessions/views/_stats_view.funcs.php');
global $blog, $admin_url, $rsc_url;
global $Session, $UserSettings, $DB;
global $datestartinput, $datestart, $datestopinput, $datestop;
global $preset_referer_type, $preset_agent_type;
$tab = param('tab', 'string', 'summary', true);
$tab3 = param('tab3', 'string', '', true);
switch ($tab) {
case 'other':
$preset_results_title = T_('Direct browser hits');
$preset_referer_type = 'direct';
$preset_agent_type = 'browser';
$preset_filter_all_url = '?ctrl=stats&tab=referers&blog=' . $blog;
$hide_columns = 'referer';
break;
case 'referers':
$preset_results_title = T_('Refered browser hits');
$preset_referer_type = 'referer';
$preset_agent_type = 'browser';
$preset_filter_all_url = '?ctrl=stats&tab=referers&blog=' . $blog;
break;
case 'refsearches':
if ($tab3 == 'hits') {
$preset_results_title = T_('Search hits');
$preset_referer_type = 'search';
$preset_agent_type = 'browser';
$preset_filter_all_url = '?ctrl=stats&tab=refsearches&tab3=hits&blog=' . $blog;
}
break;
}
if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput)));
} else {
// We may have an automated param transmission date:
param('datestart', 'string', '', true);
}
if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput)));
} else {
// We may have an automated param transmission date:
param('datestop', 'string', '', true);
}
$exclude = param('exclude', 'integer', 0, true);
$sess_ID = param('sess_ID', 'integer', NULL, true);
$remote_IP = param('remote_IP', 'string', NULL, true);
$referer_type = isset($preset_referer_type) ? $preset_referer_type : param('referer_type', 'string', NULL, true);
$agent_type = isset($preset_agent_type) ? $preset_agent_type : param('agent_type', 'string', NULL, true);
$device = param('device', 'string', NULL, true);
$hit_type = param('hit_type', 'string', NULL, true);
$reqURI = param('reqURI', 'string', NULL, true);
// Create result set:
$SQL = new SQL();
$SQL->SELECT('SQL_NO_CACHE hit_ID, sess_ID, sess_device, hit_datetime, hit_type, hit_referer_type, hit_uri, hit_disp, hit_ctrl, hit_action, hit_blog_ID, hit_referer, hit_remote_addr,' . 'user_login, hit_agent_type, blog_shortname, dom_name, goal_name, hit_keyphrase, hit_serprank, hit_response_code');
$SQL->FROM('T_hitlog LEFT JOIN T_basedomains ON dom_ID = hit_referer_dom_ID' . ' LEFT JOIN T_sessions ON hit_sess_ID = sess_ID' . ' LEFT JOIN T_blogs ON hit_blog_ID = blog_ID' . ' LEFT JOIN T_users ON sess_user_ID = user_ID' . ' LEFT JOIN T_track__goalhit ON hit_ID = ghit_hit_ID' . ' LEFT JOIN T_track__goal ON ghit_goal_ID = goal_ID');
$CountSQL = new SQL();
$CountSQL->SELECT('SQL_NO_CACHE COUNT(hit_ID)');
$CountSQL->FROM('T_hitlog');
$operator = $exclude ? ' <> ' : ' = ';
if (!empty($sess_ID)) {
// We want to filter on the session ID:
$filter = 'hit_sess_ID' . $operator . $sess_ID;
$SQL->WHERE($filter);
$CountSQL->WHERE($filter);
} elseif (!empty($remote_IP)) {
// We want to filter on the goal name:
$filter = 'hit_remote_addr' . $operator . $DB->quote($remote_IP);
$SQL->WHERE($filter);
$CountSQL->WHERE($filter);
}
if (!empty($referer_type)) {
$filter = 'hit_referer_type = ' . $DB->quote($referer_type);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
if (!empty($agent_type)) {
$filter = 'hit_agent_type = ' . $DB->quote($agent_type);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
if (!empty($device)) {
if ($device == 'other') {
// Unknown device
$device = '';
}
$filter = 'sess_device = ' . $DB->quote($device);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
$CountSQL->FROM_add('LEFT JOIN T_sessions ON hit_sess_ID = sess_ID');
}
if (!empty($hit_type)) {
$filter = 'hit_type = ' . $DB->quote($hit_type);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
if (!empty($reqURI)) {
$filter = 'hit_uri LIKE ' . $DB->quote($reqURI);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
if (!empty($datestart)) {
$SQL->WHERE_and('hit_datetime >= ' . $DB->quote($datestart . ' 00:00:00'));
$CountSQL->WHERE_and('hit_datetime >= ' . $DB->quote($datestart . ' 00:00:00'));
}
if (!empty($datestop)) {
$SQL->WHERE_and('hit_datetime <= ' . $DB->quote($datestop . ' 23:59:59'));
$CountSQL->WHERE_and('hit_datetime <= ' . $DB->quote($datestop . ' 23:59:59'));
}
if (!empty($blog)) {
$filter = 'hit_blog_ID = ' . $DB->escape($blog);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
$resuts_param_prefix = 'hits_';
if (!empty($preset_referer_type)) {
$resuts_param_prefix = substr($preset_referer_type, 0, 8) . '_' . $resuts_param_prefix;
}
$Results = new Results($SQL->get(), $resuts_param_prefix, '--D', $UserSettings->get('results_per_page'), $CountSQL->get());
// Initialize Results object
hits_results($Results);
if (is_ajax_content()) {
// init results param by template name
if (!isset($params['skin_type']) || !isset($params['skin_name'])) {
debug_die('Invalid ajax results request!');
}
$Results->init_params_by_skin($params['skin_type'], $params['skin_name']);
}
// Display results:
$Results->display();
if (!is_ajax_content()) {
// Create this hidden div to get a function name for AJAX request
echo '<div id="' . $resuts_param_prefix . 'ajax_callback" style="display:none">' . __FUNCTION__ . '</div>';
}
}
/**
* We want to preview a single post, we are going to fake a lot of things...
*/
function preview_from_request()
{
global $current_User;
if (empty($current_User)) {
// dh> only logged in user's can preview. Alternatively we need those checks where $current_User gets used below.
return;
}
global $DB, $localtimenow, $Messages, $BlogCache;
global $Plugins;
$preview_userid = param('preview_userid', 'integer', true);
$post_status = param('post_status', 'string', true);
$post_locale = param('post_locale', 'string', $current_User->locale);
$content = param('content', 'html', true);
$post_title = param('post_title', 'html', true);
$post_excerpt = param('post_excerpt', 'string', true);
$post_url = param('post_url', 'string', '');
$post_category = param('post_category', 'integer', true);
$post_views = param('post_views', 'integer', 0);
$renderers = param('renderers', 'array', array('default'));
if (!is_array($renderers)) {
// dh> workaround for param() bug. See rev 1.93 of /inc/_misc/_misc.funcs.php
$renderers = array('default');
}
$comment_Blog =& $BlogCache->get_by_ID(get_catblog($post_category));
if ($comment_Blog->allowcomments == 'post_by_post') {
// param is required
$post_comment_status = param('post_comment_status', 'string', true);
} else {
$post_comment_status = $comment_Blog->allowcomments;
}
// Get issue date, using the user's locale (because it's entered like this in the form):
locale_temp_switch($current_User->locale);
param_date('item_issue_date', T_('Please enter a valid issue date.'), false);
// TODO: dh> get_param() is always true here, also on invalid dates:
if (strlen(get_param('item_issue_date'))) {
// only set it, if a date was given:
param_time('item_issue_time');
$item_issue_date = form_date(get_param('item_issue_date'), get_param('item_issue_time'));
// TODO: cleanup...
} else {
$item_issue_date = date('Y-m-d H:i:s', $localtimenow);
}
locale_restore_previous();
if (!($item_typ_ID = param('item_typ_ID', 'integer', NULL))) {
$item_typ_ID = NULL;
}
if (!($item_st_ID = param('item_st_ID', 'integer', NULL))) {
$item_st_ID = NULL;
}
if (!($item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL))) {
$item_assigned_user_ID = NULL;
}
if (!($item_deadline = param('item_deadline', 'string', NULL))) {
$item_deadline = NULL;
}
$item_priority = param('item_priority', 'integer', NULL);
// QUESTION: can this be also empty/NULL?
// Do some optional filtering on the content
// Typically stuff that will help the content to validate
// Useful for code display.
// Will probably be used for validation also.
$Plugins_admin =& get_Cache('Plugins_admin');
$Plugins_admin->filter_contents($post_title, $content, $renderers);
$post_title = format_to_post($post_title);
$content = format_to_post($content);
$this->sql = "SELECT\r\n\t\t\t0 AS post_ID,\r\n\t\t\t{$preview_userid} AS post_creator_user_ID,\r\n\t\t\t{$preview_userid} AS post_lastedit_user_ID,\r\n\t\t\t'{$item_issue_date}' AS post_datestart,\r\n\t\t\t'{$item_issue_date}' AS post_datecreated,\r\n\t\t\t'{$item_issue_date}' AS post_datemodified,\r\n\t\t\t'" . $DB->escape($post_status) . "' AS post_status,\r\n\t\t\t'" . $DB->escape($post_locale) . "' AS post_locale,\r\n\t\t\t'" . $DB->escape($content) . "' AS post_content,\r\n\t\t\t'" . $DB->escape($post_title) . "' AS post_title,\r\n\t\t\t'" . $DB->escape($post_excerpt) . "' AS post_excerpt,\r\n\t\t\tNULL AS post_urltitle,\r\n\t\t\t'" . $DB->escape($post_url) . "' AS post_url,\r\n\t\t\t{$post_category} AS post_main_cat_ID,\r\n\t\t\t{$post_views} AS post_views,\r\n\t\t\t'' AS post_flags,\r\n\t\t\t'noreq' AS post_notifications_status,\r\n\t\t\tNULL AS post_notifications_ctsk_ID,\r\n\t\t\t" . bpost_count_words($content) . " AS post_wordcount,\r\n\t\t\t" . $DB->quote($post_comment_status) . " AS post_comment_status,\r\n\t\t\t'" . $DB->escape(implode('.', $renderers)) . "' AS post_renderers,\r\n\t\t\t" . $DB->quote($item_assigned_user_ID) . " AS post_assigned_user_ID,\r\n\t\t\t" . $DB->quote($item_typ_ID) . " AS post_ptyp_ID,\r\n\t\t\t" . $DB->quote($item_st_ID) . " AS post_pst_ID,\r\n\t\t\t" . $DB->quote($item_deadline) . " AS post_datedeadline,\r\n\t\t\t" . $DB->quote($item_priority) . " AS post_priority";
$this->total_rows = 1;
$this->total_pages = 1;
$this->page = 1;
// ATTENTION: we skip the parent on purpose here!! fp> refactor
DataObjectList2::query(false, false, false, 'PREVIEW QUERY');
$Item =& $this->Cache->instantiate($this->rows[0]);
// Trigger plugin event, allowing to manipulate or validate the item before it gets previewed
$Plugins->trigger_event('AppendItemPreviewTransact', array('Item' => &$Item));
if ($errcontent = $Messages->display(T_('Invalid post, please correct these errors:'), '', false, 'error')) {
$Item->content = $errcontent . "\n<hr />\n" . $content;
}
// little funky fix for IEwin, rawk on that code
global $Hit;
if ($Hit->is_winIE && !isset($IEWin_bookmarklet_fix)) {
// QUESTION: Is this still needed? What about $IEWin_bookmarklet_fix? (blueyed)
$Item->content = preg_replace('/\\%u([0-9A-F]{4,4})/e', "'&#'.base_convert('\\1',16,10). ';'", $Item->content);
}
}
/**
* Load data from Request form fields.
*
* This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set).
*
* @param boolean true if we are returning to edit mode (new, switchtab...)
* @return boolean true if loaded data seems valid.
*/
function load_from_Request($editing = false, $creating = false)
{
global $default_locale, $current_User, $localtimenow;
global $posttypes_reserved_IDs, $item_typ_ID;
// LOCALE:
if (param('post_locale', 'string', NULL) !== NULL) {
$this->set_from_Request('locale');
}
// TYPE:
if (param('post_type', 'string', NULL) !== NULL) {
// Set type ID from request type code, happens when e.g. we add an intro from manual skin by url: /blog6.php?disp=edit&cat=25&post_type=intro-cat
$this->set('ptyp_ID', get_item_type_ID(get_param('post_type')));
} elseif (param('item_typ_ID', 'integer', NULL) !== NULL) {
// fp> when does this happen?
// yura>fp: this happens on submit expert form
$this->set_from_Request('ptyp_ID', 'item_typ_ID');
if (in_array($item_typ_ID, $posttypes_reserved_IDs)) {
param_error('item_typ_ID', T_('This post type is reserved and cannot be used. Please choose another one.'), '');
}
}
// URL associated with Item:
if (param('post_url', 'string', NULL) !== NULL) {
param_check_url('post_url', 'posting', '');
$this->set_from_Request('url');
}
if ($this->status == 'redirected' && empty($this->url)) {
// Note: post_url is not part of the simple form, so this message can be a little bit awkward there
param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)'));
}
// ISSUE DATE / TIMESTAMP:
$this->load_Blog();
if ($current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) {
$this->set('dateset', param('item_dateset', 'integer', 0));
if ($editing || $this->dateset == 1) {
// We can use user date:
if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) {
// only set it, if a (valid) date and time was given:
$this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time')));
// TODO: cleanup...
}
} elseif ($this->dateset == 0) {
// Set date to NOW:
$this->set('issue_date', date('Y-m-d H:i:s', $localtimenow));
}
}
// DEADLINE:
if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) {
$this->set_from_Request('datedeadline', 'item_deadline', true);
}
// SLUG:
if (param('post_urltitle', 'string', NULL) !== NULL) {
$this->set_from_Request('urltitle');
}
// <title> TAG:
if (param('titletag', 'string', NULL) !== NULL) {
$this->set_from_Request('titletag', 'titletag');
}
// <meta> DESC:
if (param('metadesc', 'string', NULL) !== NULL) {
$this->set_setting('post_metadesc', get_param('metadesc'));
}
// <meta> KEYWORDS:
if (param('custom_headers', 'string', NULL) !== NULL) {
$this->set_setting('post_custom_headers', get_param('custom_headers'));
}
// TAGS:
if (param('item_tags', 'string', NULL) !== NULL) {
$this->set_tags_from_string(get_param('item_tags'));
// pre_dump( $this->tags );
}
// WORKFLOW stuff:
param('item_st_ID', 'integer', NULL);
$this->set_from_Request('pst_ID', 'item_st_ID', true);
param('item_assigned_user_ID', 'integer', NULL);
$this->assign_to(get_param('item_assigned_user_ID'));
param('item_priority', 'integer', NULL);
$this->set_from_Request('priority', 'item_priority', true);
// FEATURED checkbox:
$this->set('featured', param('item_featured', 'integer', 0), false);
// HIDE TEASER checkbox:
$this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0));
// ORDER:
param('item_order', 'double', NULL);
$this->set_from_Request('order', 'item_order', true);
// OWNER:
$this->creator_user_login = param('item_owner_login', 'string', NULL);
if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) {
// only admins can change the owner..
if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) {
$this->set_creator_by_login($this->creator_user_login);
}
}
// LOCATION COORDINATES:
if ($this->Blog->get_setting('show_location_coordinates')) {
// location coordinates are enabled, save map settings
param('item_latitude', 'double', NULL);
// get par value
$this->set_setting('latitude', get_param('item_latitude'), true);
param('item_longitude', 'double', NULL);
// get par value
$this->set_setting('longitude', get_param('item_longitude'), true);
param('google_map_zoom', 'integer', NULL);
// get par value
$this->set_setting('map_zoom', get_param('google_map_zoom'), true);
param('google_map_type', 'string', NULL);
// get par value
$this->set_setting('map_type', get_param('google_map_type'), true);
}
// CUSTOM FIELDS:
foreach (array('double', 'varchar') as $type) {
$field_count = $this->Blog->get_setting('count_custom_' . $type);
for ($i = 1; $i <= $field_count; $i++) {
// update each custom field
$field_guid = $this->Blog->get_setting('custom_' . $type . $i);
$param_name = 'item_' . $type . '_' . $field_guid;
if (isset_param($param_name)) {
// param is set
$param_type = $type == 'varchar' ? 'string' : $type;
param($param_name, $param_type, NULL);
// get par value
$custom_field_make_null = $type != 'double';
// store '0' values in DB for numeric fields
$this->set_setting('custom_' . $type . '_' . $field_guid, get_param($param_name), $custom_field_make_null);
}
}
}
// COMMENTS:
if ($this->Blog->get_setting('allow_comments') != 'never' && $this->Blog->get_setting('disable_comments_bypost')) {
// Save status of "Allow comments for this item" (only if comments are allowed in this blog, and disable_comments_bypost is enabled):
$post_comment_status = param('post_comment_status', 'string', 'open');
if (!empty($post_comment_status)) {
// 'open' or 'closed' or ...
$this->set_from_Request('comment_status');
}
}
// EXPIRY DELAY:
$expiry_delay = param_duration('expiry_delay');
if (empty($expiry_delay)) {
// Check if we have 'expiry_delay' param set as string from simple or mass form
$expiry_delay = param('expiry_delay', 'string', NULL);
}
$this->set_setting('post_expiry_delay', $expiry_delay, true);
// EXTRA PARAMS FROM MODULES:
modules_call_method('update_item_settings', array('edited_Item' => $this));
// RENDERERS:
if (param('renderers_displayed', 'integer', 0)) {
// use "renderers" value only if it has been displayed (may be empty)
global $Plugins;
$renderers = $Plugins->validate_renderer_list(param('renderers', 'array/string', array()), array('Item' => &$this));
$this->set('renderers', $renderers);
} else {
$renderers = $this->get_renderers_validated();
}
// CONTENT + TITLE:
if ($this->Blog->get_setting('allow_html_post')) {
// HTML is allowed for this post, we'll accept HTML tags:
$text_format = 'html';
} else {
// HTML is disallowed for this post, we'll encode all special chars:
$text_format = 'htmlspecialchars';
}
if (param('content', $text_format, NULL) !== NULL) {
// Never allow html content on post titles: (fp> probably so as to not mess up backoffice and all sorts of tools)
param('post_title', 'htmlspecialchars', NULL);
// Do some optional filtering on the content
// Typically stuff that will help the content to validate
// Useful for code display.
// Will probably be used for validation also.
$Plugins_admin =& get_Plugins_admin();
$params = array('object_type' => 'Item', 'object_Blog' => &$this->Blog);
$Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params);
// Title checking:
$require_title = $this->Blog->get_setting('require_title');
if ((!$editing || $creating) && $require_title == 'required') {
param_check_not_empty('post_title', T_('Please provide a title.'), '');
}
// Format raw HTML input to cleaned up and validated HTML:
param_check_html('content', T_('Invalid content.'));
$this->set('content', get_param('content'));
$this->set('title', get_param('post_title'));
}
// EXCERPT: (must come after content (to handle excerpt_autogenerated))
if (param('post_excerpt', 'text', NULL) !== NULL) {
$this->set('excerpt_autogenerated', 0);
// Set this to the '0' for saving a field 'excerpt' from a request
$this->set_from_Request('excerpt');
}
// LOCATION (COUNTRY -> CITY):
load_funcs('regional/model/_regional.funcs.php');
if ($this->Blog->country_visible()) {
// Save country
$country_ID = param('item_ctry_ID', 'integer', 0);
$country_is_required = $this->Blog->get_setting('location_country') == 'required' && countries_exist() && !$this->is_special();
param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required);
$this->set_from_Request('ctry_ID', 'item_ctry_ID', true);
}
if ($this->Blog->region_visible()) {
// Save region
$region_ID = param('item_rgn_ID', 'integer', 0);
$region_is_required = $this->Blog->get_setting('location_region') == 'required' && regions_exist($country_ID) && !$this->is_special();
param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required);
$this->set_from_Request('rgn_ID', 'item_rgn_ID', true);
}
if ($this->Blog->subregion_visible()) {
// Save subregion
$subregion_ID = param('item_subrg_ID', 'integer', 0);
$subregion_is_required = $this->Blog->get_setting('location_subregion') == 'required' && subregions_exist($region_ID) && !$this->is_special();
param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required);
$this->set_from_Request('subrg_ID', 'item_subrg_ID', true);
}
if ($this->Blog->city_visible()) {
// Save city
param('item_city_ID', 'integer', 0);
$city_is_required = $this->Blog->get_setting('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID) && !$this->is_special();
param_check_number('item_city_ID', T_('Please select a city'), $city_is_required);
$this->set_from_Request('city_ID', 'item_city_ID', true);
}
return !param_errors_detected();
}
