if (preg_match('/^log_size.*_(.*)$/', $key, $matches)) { setOption($matches[1] . '_log_size', $value); setOption($matches[1] . '_log_mail', (int) isset($_POST['log_mail_' . $matches[1]])); } } } /* * * Gallery options ** */ if (isset($_POST['savegalleryoptions'])) { $_zp_gallery->setAlbumPublish((int) isset($_POST['album_default'])); $_zp_gallery->setImagePublish((int) isset($_POST['image_default'])); setOption('AlbumThumbSelect', sanitize_numeric($_POST['thumbselector'])); $_zp_gallery->setThumbSelectImages((int) isset($_POST['thumb_select_images'])); $_zp_gallery->setSecondLevelThumbs((int) isset($_POST['multilevel_thumb_select_images'])); $_zp_gallery->setTitle(process_language_string_save('gallery_title', 2)); $_zp_gallery->setDesc(process_language_string_save('Gallery_description', EDITOR_SANITIZE_LEVEL)); $_zp_gallery->setWebsiteTitle(process_language_string_save('website_title', 2)); $web = sanitize($_POST['website_url'], 3); $_zp_gallery->setWebsiteURL($web); $_zp_gallery->setAlbumUseImagedate((int) isset($_POST['album_use_new_image_date'])); $st = strtolower(sanitize($_POST['gallery_sorttype'], 3)); if ($st == 'custom') { $st = strtolower(sanitize($_POST['customalbumsort'], 3)); } $_zp_gallery->setSortType($st); if ($st == 'manual' || $st == 'random') { $_zp_gallery->setSortDirection(false); } else { $_zp_gallery->setSortDirection(isset($_POST['gallery_sortdirection'])); } foreach ($_POST as $item => $value) { if (strpos($item, 'gallery-page_') === 0) {
/** * * handles save of user/password * @param object $object */ function processCredentials($object, $suffix = '') { $notify = ''; if (isset($_POST['password_enabled' . $suffix]) && $_POST['password_enabled' . $suffix]) { if (is_object($object)) { $olduser = $object->getUser(); } else { $olduser = getOption($object . '_user'); } $newuser = trim(sanitize($_POST['user' . $suffix], 3)); $pwd = trim(sanitize($_POST['pass' . $suffix])); if (isset($_POST['disclose_password' . $suffix])) { $pass2 = $pwd; } else { if (isset($_POST['pass_r' . $suffix])) { $pass2 = trim(sanitize($_POST['pass_r' . $suffix])); } else { $pass2 = ''; } } $fail = ''; if ($olduser != $newuser) { if (!empty($newuser) && strlen($_POST['pass' . $suffix]) == 0) { $fail = '?mismatch=user'; } } if (!$fail && $pwd == $pass2) { if (is_object($object)) { $object->setUser($newuser); } else { setOption($object . '_user', $newuser); } if (empty($pwd)) { if (strlen($_POST['pass' . $suffix]) == 0) { // clear the password if (is_object($object)) { $object->setPassword(NULL); } else { setOption($object . '_password', NULL); } } } else { if (is_object($object)) { $object->setPassword(Zenphoto_Authority::passwordHash($newuser, $pwd)); } else { setOption($object . '_password', Zenphoto_Authority::passwordHash($newuser, $pwd)); } } } else { if (empty($fail)) { $notify = '?mismatch'; } else { $notify = $fail; } } $hint = process_language_string_save('hint' . $suffix, 3); if (is_object($object)) { $object->setPasswordHint($hint); } else { setOption($object . '_hint', $hint); } } return $notify; }
static function extracontent($obj, $instance, $field, $type) { if ($type == 'save') { $extracontent = zpFunctions::updateImageProcessorLink(process_language_string_save("extracontent", EDITOR_SANITIZE_LEVEL)); $obj->setExtracontent($extracontent); $obj->save(); return NULL; } else { ob_start(); print_language_string_list($obj->getExtraContent('all'), 'extracontent', true, NULL, 'extracontent', '100%', 'zenpage_language_string_list', 13); $item = ob_get_contents(); ob_end_clean(); return $item; } }
/** * Updates a menu item (custom link, custom page only) set via POST * */ function updateMenuItem(&$reports) { $menuset = checkChosenMenuset(); $result = array(); $result['id'] = sanitize($_POST['id']); $result['show'] = getCheckboxState('show'); $result['type'] = sanitize($_POST['type']); $result['title'] = process_language_string_save("title", 2); $result['include_li'] = getCheckboxState('include_li'); if (getCheckboxState('span')) { $result['span_id'] = sanitize($_POST['span_id']); $result['span_class'] = sanitize($_POST['span_class']); } else { $result['span_id'] = ''; $result['span_class'] = ''; } switch ($result['type']) { case 'album': $result['title'] = $result['link'] = sanitize($_POST['albumselect']); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to select an album.") . " </p>"; return $result; } break; case 'galleryindex': $result['title'] = process_language_string_save("title", 2); $result['link'] = NULL; if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } break; case 'zenpagepage': $result['title'] = NULL; $result['link'] = sanitize($_POST['pageselect']); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . " </p>"; return $result; } break; case 'zenpagenewsindex': $result['title'] = process_language_string_save("title", 2); $result['link'] = NULL; if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } break; case 'zenpagecategory': $result['title'] = NULL; $result['link'] = sanitize($_POST['categoryselect']); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . " </p>"; return $result; } break; case 'custompage': $result['title'] = process_language_string_save("title", 2); $result['link'] = sanitize($_POST['custompageselect']); if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } break; case 'customlink': $result['title'] = process_language_string_save("title", 2); if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } $result['link'] = sanitize($_POST['link']); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to provide a <strong>function</strong>!") . " </p>"; return $result; } break; case 'menulabel': $result['title'] = process_language_string_save("title", 2); $result['link'] = NULL; if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } break; case 'menufunction': $result['title'] = process_language_string_save("title", 2); if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } $result['link'] = sanitize($_POST['link'], 4); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to provide a <strong>function</strong>!") . " </p>"; return $result; } break; case 'html': $result['title'] = process_language_string_save("title", 2); if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } $result['link'] = sanitize($_POST['link'], 4); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to provide a <strong>function</strong>!") . " </p>"; return $result; } break; default: $result['link'] = sanitize($_POST['link'], 4); break; } // update the category in the category table $sql = "UPDATE " . prefix('menu') . " SET title = " . db_quote($result['title']) . ", link = " . db_quote($result['link']) . ", type = " . db_quote($result['type']) . ", `show` = " . db_quote($result['show']) . ", menuset = " . db_quote($menuset) . ", include_li = " . $result['include_li'] . ", span_id = " . db_quote($result['span_id']) . ", span_class = " . db_quote($result['span_class']) . " WHERE `id` = " . $result['id']; if (query($sql)) { if (isset($_POST['title']) && empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; } else { if (isset($_POST['link']) && empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . " </p>"; } else { $reports[] = "<p class = 'messagebox fade-message'>" . gettext("Menu item updated!") . " </p>"; } } } return $result; }
/** * Updates a category * */ function updateCategory(&$reports) { $date = date('Y-m-d_H-i-s'); $id = sanitize_numeric($_POST['id']); $permalink = getcheckboxState('permalink'); $title = process_language_string_save("title", 2); $desc = process_language_string_save("desc", 0); $custom = process_language_string_save("custom_data", 1); $titlelink = $oldtitlelink = sanitize($_POST['titlelink-old'], 3); if (getcheckboxState('edittitlelink')) { $titlelink = sanitize($_POST['titlelink'], 3); if (empty($titlelink)) { $titlelink = seoFriendly(get_language_string($title)); if (empty($titlelink)) { $titlelink = seoFriendly($date); } } } else { if (!$permalink) { // allow the link to change $link = seoFriendly(get_language_string($title)); if (!empty($link)) { $titlelink = $link; } } } $titleok = true; if ($titlelink != $oldtitlelink) { // title link change must be reflected in DB before any other updates $titleok = query('UPDATE ' . prefix('news_categories') . ' SET `titlelink`=' . db_quote($titlelink) . ' WHERE `id`=' . $id, false); if (!$titleok) { $titlelink = $oldtitlelink; // force old link so data gets saved } } else { $titlelink = $oldtitlelink; } //update category $show = getcheckboxState('show'); $cat = new ZenpageCategory($titlelink); $notice = processPasswordSave($cat); $cat->setPermalink(getcheckboxState('permalink')); $cat->set('title', $title); $cat->setDesc($desc); $cat->setCustomData(zp_apply_filter('save_category_custom_data', $custom, $cat)); $cat->setShow($show); if (getcheckboxState('resethitcounter')) { $cat->set('hitcounter', 0); } $msg = zp_apply_filter('update_category', '', $cat, $oldtitlelink); $cat->save(); if ($titleok) { if (empty($titlelink) or empty($title)) { $reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your category a <strong>title or titlelink</strong>!") . "</p>"; } else { if ($notice == 'user') { $reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>'; } else { if ($notice == 'pass') { $reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>'; } else { $reports[] = "<p class='messagebox fade-message'>" . gettext("Category updated!") . "</p>"; } } } } else { $reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("A category with the title/titlelink <em>%s</em> already exists!"), html_encode($cat->getTitle())) . "</p>"; } if ($msg) { $reports[] = $msg; } return $cat; }
/** * Updates or adds a category * * @param array $reports the results display * @param bool $newcategory true if a new article * */ function updateCategory(&$reports, $newcategory = false) { $date = date('Y-m-d_H-i-s'); $id = sanitize_numeric($_POST['id']); $permalink = getcheckboxState('permalink'); $title = process_language_string_save("title", 2); $desc = process_language_string_save("desc", EDITOR_SANITIZE_LEVEL); $custom = process_language_string_save("custom_data", 1); if ($newcategory) { $titlelink = seoFriendly(get_language_string($title)); if (empty($titlelink)) { $titlelink = seoFriendly($date); } $sql = 'SELECT `id` FROM ' . prefix('news_categories') . ' WHERE `titlelink`=' . db_quote($titlelink); $rslt = query_single_row($sql, false); if ($rslt) { //already exists $time = explode(' ', microtime()); $titlelink = $titlelink . '_' . ($time[1] + $time[0]); $reports[] = "<p class='warningbox fade-message'>" . gettext('Duplicate category title') . '</p>'; } $oldtitlelink = $titlelink; } else { $titlelink = $oldtitlelink = sanitize($_POST['titlelink-old'], 3); if (getcheckboxState('edittitlelink')) { $titlelink = sanitize($_POST['titlelink'], 3); if (empty($titlelink)) { $titlelink = seoFriendly(get_language_string($title)); if (empty($titlelink)) { $titlelink = seoFriendly($date); } } } else { if (!$permalink) { // allow the link to change $link = seoFriendly(get_language_string($title)); if (!empty($link)) { $titlelink = $link; } } } } $titleok = true; if ($titlelink != $oldtitlelink) { // title link change must be reflected in DB before any other updates $titleok = query('UPDATE ' . prefix('news_categories') . ' SET `titlelink`=' . db_quote($titlelink) . ' WHERE `id`=' . $id, false); if (!$titleok) { $titlelink = $oldtitlelink; // force old link so data gets saved } else { SearchEngine::clearSearchCache(); } } //update category $show = getcheckboxState('show'); $cat = new ZenpageCategory($titlelink, true); $notice = processCredentials($cat); $cat->setPermalink(getcheckboxState('permalink')); $cat->set('title', $title); $cat->setDesc($desc); $cat->setCustomData(zp_apply_filter('save_category_custom_data', $custom, $cat)); $cat->setShow($show); if (getcheckboxState('resethitcounter')) { $cat->set('hitcounter', 0); } if (getcheckboxState('reset_rating')) { $cat->set('total_value', 0); $cat->set('total_votes', 0); $cat->set('used_ips', 0); } if ($newcategory) { $msg = zp_apply_filter('new_category', '', $cat); if (empty($title)) { $reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("Category <em>%s</em> added but you need to give it a <strong>title</strong> before publishing!"), $titlelink) . '</p>'; } else { if ($notice == '?mismatch=user') { $reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>'; } else { if ($notice) { $reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>'; } else { $reports[] = "<p class='messagebox fade-message'>" . sprintf(gettext("Category <em>%s</em> added"), $titlelink) . '</p>'; } } } } else { $msg = zp_apply_filter('update_category', '', $cat, $oldtitlelink); if ($titleok) { if (empty($titlelink) or empty($title)) { $reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your category a <strong>title or titlelink</strong>!") . "</p>"; } else { if ($notice == '?mismatch=user') { $reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>'; } else { if ($notice) { $reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>'; } else { $reports[] = "<p class='messagebox fade-message'>" . gettext("Category updated!") . "</p>"; } } } } else { $reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("A category with the title/titlelink <em>%s</em> already exists!"), html_encode($cat->getTitle())) . "</p>"; } } $cat->save(); if ($msg) { $reports[] = $msg; } return $cat; }
/** * Updates a menu item (custom link, custom page only) set via POST * */ function updateMenuItem(&$reports) { $menuset = checkChosenMenuset(); $result['id'] = sanitize($_POST['id']); $result['show'] = getCheckboxState('show'); $result['type'] = sanitize($_POST['type']); $result['title'] = process_language_string_save("title", 2); $result['include_li'] = getCheckboxState('include_li'); if (isset($_POST['link'])) { $result['link'] = sanitize($_POST['link'], 0); } else { $result['link'] = ''; } if (getCheckboxState('span')) { $result['span_id'] = sanitize($_POST['span_id']); $result['span_class'] = sanitize($_POST['span_class']); } else { $result['span_id'] = ''; $result['span_class'] = ''; } // update the category in the category table $sql = "UPDATE " . prefix('menu') . " SET title = " . db_quote($result['title']) . ",link=" . db_quote($result['link']) . ",type=" . db_quote($result['type']) . ", `show`=" . db_quote($result['show']) . ",menuset=" . db_quote($menuset) . ",include_li=" . $result['include_li'] . ",span_id=" . db_quote($result['span_id']) . ",span_class=" . db_quote($result['span_class']) . " WHERE `id`=" . $result['id']; if (query($sql)) { if (isset($_POST['title']) && empty($result['title'])) { $reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . "</p>"; } else { if (isset($_POST['link']) && empty($result['link'])) { $reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . "</p>"; } else { $reports[] = "<p class='messagebox fade-message'>" . gettext("Menu item updated!") . "</p>"; } } } return $result; }
$wmuse = $wmuse | WATERMARK_THUMB; } if (isset($_POST['wm_full-' . $i])) { $wmuse = $wmuse | WATERMARK_FULL; } $image->setWMUse($wmuse); $codeblock1 = sanitize($_POST['codeblock1-' . $i], 0); $codeblock2 = sanitize($_POST['codeblock2-' . $i], 0); $codeblock3 = sanitize($_POST['codeblock3-' . $i], 0); $codeblock = serialize(array("1" => $codeblock1, "2" => $codeblock2, "3" => $codeblock3)); $image->setCodeblock($codeblock); if (isset($_POST[$i . '-owner'])) { $image->setOwner(sanitize($_POST[$i . '-owner'])); } $image->set('filesize', filesize($image->localpath)); $custom = process_language_string_save("{$i}-custom_data", 1); $image->setCustomData(zp_apply_filter('save_image_custom_data', $custom, $i)); zp_apply_filter('save_image_utilities_data', $image, $i); $image->save(); // Process move/copy/rename if ($movecopyrename_action == 'move') { $dest = trim(sanitize_path($_POST[$i . '-albumselect'], 3)); if ($dest && $dest != $folder) { if ($e = $image->moveImage($dest)) { $notify = "&mcrerr=" . $e; } } else { // Cannot move image to same album. $notify = "&mcrerr=2"; } } else {
/*** Plugin Options ***/ if (isset($_POST['savepluginoptions'])) { // all plugin options are handled by the custom option code. $returntab = "&tab=plugin"; } /*** custom options ***/ if (!$themeswitch) { // was really a save. foreach ($_POST as $postkey => $value) { if (preg_match('/^' . CUSTOM_OPTION_PREFIX . '/', $postkey)) { // custom option! $key = substr($postkey, strpos($postkey, '-') + 1); $switch = substr($postkey, strlen(CUSTOM_OPTION_PREFIX), -strlen($key) - 1); switch ($switch) { case 'text': $value = process_language_string_save($key, 1); break; case 'chkbox': if (isset($_POST[$key])) { $value = 1; } else { $value = 0; } break; default: if (isset($_POST[$key])) { $value = sanitize($_POST[$key], 1); } else { $value = ''; } break;
$key = postIndexDecode($key); if (substr($key, 0, $l) == $tagsprefix) { if ($value) { $tags[] = substr($key, $l); } } } $tags = array_unique($tags); $image->setTags(sanitize($tags, 3)); $image->setDateTime(strip($_POST["{$i}-date"])); $image->setShow(isset($_POST["{$i}-Visible"])); $image->setCommentsAllowed(strip($_POST["{$i}-allowcomments"])); if (isset($_POST["{$i}-reset_hitcounter"])) { $image->set('hitcounter', 0); } $image->setCustomData(process_language_string_save("{$i}-custom_data", 1)); $image->save(); // Process move/copy/rename if ($movecopyrename_action == 'move') { $dest = sanitize_path($_POST[$i . '-albumselect'], 3); if ($dest && $dest != $folder) { if (!$image->moveImage($dest)) { $notify = "&mcrerr=1"; } } else { // Cannot move image to same album. } } else { if ($movecopyrename_action == 'copy') { $dest = sanitize_path($_POST[$i . '-albumselect'], 2); if ($dest && $dest != $folder) {
} else { $movecopyrename_action = ''; } if ($movecopyrename_action == 'delete') { unset($single); $image->remove(); } else { if (isset($_POST[$i . '-reset_rating'])) { $image->set('total_value', 0); $image->set('total_votes', 0); $image->set('used_ips', 0); } $pubdate = $image->setPublishDate(sanitize($_POST['publishdate-' . $i])); $image->setExpireDate(sanitize($_POST['expirationdate-' . $i])); $image->setTitle(process_language_string_save("{$i}-title", 2)); $image->setDesc(process_language_string_save("{$i}-desc", EDITOR_SANITIZE_LEVEL)); if (isset($_POST[$i . '-oldrotation']) && isset($_POST[$i . '-rotation'])) { $oldrotation = (int) $_POST[$i . '-oldrotation']; $rotation = (int) $_POST[$i . '-rotation']; if ($rotation != $oldrotation) { $image->set('rotation', $rotation); $image->updateDimensions(); $album = $image->getAlbum(); Gallery::clearCache($album->name); } } $image->setCommentsAllowed(isset($_POST["{$i}-allowcomments"])); if (isset($_POST["reset_hitcounter{$i}"])) { $image->set('hitcounter', 0); } $image->set('filesize', filesize($image->localpath));
/** * processes the post from the above * @param int $index the index of the entry in mass edit or 0 if single album * @param object $album the album object * @param string $redirectto used to redirect page refresh on move/copy/rename *@return string error flag if passwords don't match *@since 1.1.3 */ function processAlbumEdit($index, $album, &$redirectto) { global $gallery; $redirectto = NULL; // no redirection required if ($index == 0) { $prefix = ''; } else { $prefix = "{$index}-"; } $tagsprefix = 'tags_' . $prefix; $notify = ''; $album->setTitle(process_language_string_save($prefix . 'albumtitle', 2)); $album->setDesc(process_language_string_save($prefix . 'albumdesc', 0)); $tags = array(); $l = strlen($tagsprefix); foreach ($_POST as $key => $value) { $key = postIndexDecode($key); if (substr($key, 0, $l) == $tagsprefix) { if ($value) { $tags[] = substr($key, $l); } } } $tags = array_unique($tags); $album->setTags($tags); $album->setDateTime(sanitize($_POST[$prefix . "albumdate"])); $album->setLocation(process_language_string_save($prefix . 'albumlocation', 3)); if (isset($_POST[$prefix . 'thumb'])) { $album->setAlbumThumb(sanitize($_POST[$prefix . 'thumb'])); } $album->setShow(isset($_POST[$prefix . 'Published'])); $album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments'])); $sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3)); if ($sorttype == 'custom') { $sorttype = unquote(strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3))); } $album->setSortType($sorttype); if ($sorttype == 'manual' || $sorttype == 'random') { $album->setSortDirection('image', 0); } else { if (empty($sorttype)) { $direction = 0; } else { $direction = isset($_POST[$prefix . 'image_sortdirection']); } $album->setSortDirection('image', $direction); } $sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3)); if ($sorttype == 'custom') { $sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3)); } $album->setSubalbumSortType($sorttype); if ($sorttype == 'manual' || $sorttype == 'random') { $album->setSortDirection('album', 0); } else { $album->setSortDirection('album', isset($_POST[$prefix . 'album_sortdirection'])); } if (isset($_POST[$prefix . 'reset_hitcounter'])) { $album->set('hitcounter', 0); } if (isset($_POST[$prefix . 'reset_rating'])) { $album->set('total_value', 0); $album->set('total_votes', 0); $album->set('used_ips', 0); } $fail = ''; if (sanitize($_POST[$prefix . 'password_enabled'])) { $olduser = $album->getUser(); $newuser = sanitize($_POST[$prefix . 'albumuser']); $pwd = trim(sanitize($_POST[$prefix . 'albumpass'])); if ($olduser != $newuser) { if (!empty($newuser) && empty($pwd) && empty($pwd2)) { $fail = '&mismatch=user'; } } if (!$fail && $_POST[$prefix . 'albumpass'] == $_POST[$prefix . 'albumpass_2']) { $album->setUser($newuser); if (empty($pwd)) { if (empty($_POST[$prefix . 'albumpass'])) { $album->setPassword(NULL); // clear the album password } } else { $album->setPassword($pwd); } } else { if (empty($fail)) { $notify = '&mismatch=album'; } else { $notify = $fail; } } } $oldtheme = $album->getAlbumTheme(); if (isset($_POST[$prefix . 'album_theme'])) { $newtheme = sanitize($_POST[$prefix . 'album_theme']); if ($oldtheme != $newtheme) { $album->setAlbumTheme($newtheme); } } $album->setPasswordHint(process_language_string_save($prefix . 'albumpass_hint', 3)); if (isset($_POST[$prefix . 'album_watermark'])) { $album->setWatermark(sanitize($_POST[$prefix . 'album_watermark'], 3)); $album->setWatermarkThumb(sanitize($_POST[$prefix . 'album_watermark_thumb'], 3)); } $codeblock1 = sanitize($_POST[$prefix . 'codeblock1'], 0); $codeblock2 = sanitize($_POST[$prefix . 'codeblock2'], 0); $codeblock3 = sanitize($_POST[$prefix . 'codeblock3'], 0); $codeblock = serialize(array("1" => $codeblock1, "2" => $codeblock2, "3" => $codeblock3)); $album->setCodeblock($codeblock); if (isset($_POST[$prefix . '-owner'])) { $album->setOwner(sanitize($_POST[$prefix . '-owner'])); } $custom = process_language_string_save($prefix . 'album_custom_data', 1); $album->setCustomData(zp_apply_filter('save_album_custom_data', $custom, $prefix)); zp_apply_filter('save_album_utilities_data', $album, $prefix); $album->save(); // Move/Copy/Rename the album after saving. $movecopyrename_action = ''; if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) { $movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3); } if ($movecopyrename_action == 'delete') { $dest = dirname($album->name); if ($album->remove()) { if ($dest == '/' || $dest == '.') { $dest = ''; } $redirectto = $dest; } else { $notify = "&mcrerr=7"; } } if ($movecopyrename_action == 'move') { $dest = trim(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3)); // Append the album name. $dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name)); if ($dest && $dest != $album->name) { if ($album->isDynamic()) { // be sure there is a .alb suffix if (substr($dest, -4) != '.alb') { $dest .= '.alb'; } } if ($e = $album->moveAlbum($dest)) { $notify = "&mcrerr=" . $e; } else { $redirectto = $dest; } } else { // Cannot move album to same album. $notify = "&mcrerr=3"; } } else { if ($movecopyrename_action == 'copy') { $dest = trim(sanitize_path($_POST['a' . $prefix . '-albumselect'])); if ($dest && $dest != $album->name) { if ($e = $album->copy($dest)) { $notify = "&mcrerr=" . $e; } } else { // Cannot copy album to existing album. // Or, copy with rename? $notify = '&mcrerr=3'; } } else { if ($movecopyrename_action == 'rename') { $renameto = trim(sanitize_path($_POST['a' . $prefix . '-renameto'], 3)); $renameto = str_replace(array('/', '\\'), '', $renameto); if (dirname($album->name) != '.') { $renameto = dirname($album->name) . '/' . $renameto; } if ($renameto != $album->name) { if ($album->isDynamic()) { // be sure there is a .alb suffix if (substr($renameto, -4) != '.alb') { $renameto .= '.alb'; } } if ($e = $album->rename($renameto)) { $notify = "&mcrerr=" . $e; } else { $redirectto = $renameto; } } else { $notify = "&mcrerr=3"; } } } } return $notify; }
/** * processes the post from the above *@param int param1 the index of the entry in mass edit or 0 if single album *@param object param2 the album object *@return string error flag if passwords don't match *@since 1.1.3 */ function processAlbumEdit($index, $album) { if ($index == 0) { $prefix = ''; } else { $prefix = "{$index}-"; } $tagsprefix = 'tags_' . $prefix; $notify = ''; $album->setTitle(process_language_string_save($prefix . 'albumtitle', 2)); $album->setDesc(process_language_string_save($prefix . 'albumdesc', 1)); $tags = array(); for ($i = 0; $i < 4; $i++) { if (isset($_POST[$tagsprefix . 'new_tag_value_' . $i])) { $tag = trim(strip($_POST[$tagsprefix . 'new_tag_value_' . $i])); unset($_POST[$tagsprefix . 'new_tag_value_' . $i]); if (!empty($tag)) { $tags[] = $tag; } } } $l = strlen($tagsprefix); foreach ($_POST as $key => $value) { $key = postIndexDecode($key); if (substr($key, 0, $l) == $tagsprefix) { if ($value) { $tags[] = substr($key, $l); } } } $tags = array_unique($tags); $album->setTags($tags); $album->setDateTime(strip($_POST[$prefix . "albumdate"])); $album->setPlace(process_language_string_save($prefix . 'albumplace', 3)); if (isset($_POST[$prefix . 'thumb'])) { $album->setAlbumThumb(strip($_POST[$prefix . 'thumb'])); } $album->setShow(isset($_POST[$prefix . 'Published'])); $album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments'])); $sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3)); if ($sorttype == 'custom') { $sorttype = strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3)); } $album->setSortType($sorttype); if ($sorttype == 'manual') { $album->setSortDirection('image', 0); } else { if (empty($sorttype)) { $direction = 0; } else { $direction = isset($_POST[$prefix . 'image_sortdirection']); } $album->setSortDirection('image', $direction); } $sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3)); if ($sorttype == 'custom') { $sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3)); } $album->setSubalbumSortType($sorttype); if ($sorttype == 'manual') { $album->setSortDirection('album', 0); } else { $album->setSortDirection('album', isset($_POST[$prefix . 'album_sortdirection'])); } if (isset($_POST[$prefix . 'reset_hitcounter'])) { $album->set('hitcounter', 0); } if (isset($_POST[$prefix . 'reset_rating'])) { $album->set('total_value', 0); $album->set('total_votes', 0); $album->set('used_ips', 0); } $olduser = $album->getUser(); $newuser = $_POST[$prefix . 'albumuser']; $pwd = trim($_POST[$prefix . 'albumpass']); $fail = ''; if ($olduser != $newuser) { if ($pwd != $_POST[$prefix . 'albumpass_2']) { $pwd2 = trim($_POST[$prefix . 'albumpass_2']); $_POST[$prefix . 'albumpass'] = $pwd; // invalidate password, user changed without password beign set if (!empty($newuser) && empty($pwd) && empty($pwd2)) { $fail = '&mismatch=user'; } } } if ($_POST[$prefix . 'albumpass'] == $_POST[$prefix . 'albumpass_2']) { $album->setUser($newuser); if (empty($pwd)) { if (empty($_POST[$prefix . 'albumpass'])) { $album->setPassword(NULL); // clear the gallery password } } else { $album->setPassword($pwd); } } else { if (empty($fail)) { $notify = '&mismatch=album'; } else { $notify = $fail; } } $oldtheme = $album->getAlbumTheme(); if (isset($_POST[$prefix . 'album_theme'])) { $newtheme = strip($_POST[$prefix . 'album_theme']); if ($oldtheme != $newtheme) { $album->setAlbumTheme($newtheme); } } $album->setPasswordHint(process_language_string_save($prefix . 'albumpass_hint', 3)); $album->setCustomData(process_language_string_save($prefix . 'album_custom_data', 1)); $album->save(); // Move/Copy/Rename the album after saving. $movecopyrename_action = ''; if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) { $movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3); } if ($movecopyrename_action == 'move') { $dest = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3)); // Append the album name. $dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name)); if ($dest && $dest != $album->name) { if ($returnalbum = $album->moveAlbum($dest)) { // A slight hack to redirect to the new album after moving. $_GET['album'] = $returnalbum; } else { $notify .= "&mcrerr=1"; } } else { // Cannot move album to same album. } } else { if ($movecopyrename_action == 'copy') { $dest = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3)); // Append the album name. $dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name)); if ($dest && $dest != $album->name) { if (!$album->copyAlbum($dest)) { $notify .= "&mcrerr=1"; } } else { // Cannot copy album to existing album. // Or, copy with rename? } } else { if ($movecopyrename_action == 'rename') { $renameto = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-renameto'], 3)); $renameto = str_replace(array('/', '\\'), '', $renameto); if (dirname($album->name) != '.') { $renameto = dirname($album->name) . '/' . $renameto; } if ($renameto != $album->name) { if ($returnalbum = $album->renameAlbum($renameto)) { // A slight hack to redirect to the new album after moving. $_GET['album'] = $returnalbum; } else { $notify .= "&mcrerr=1"; } } } } } return $notify; }
static function custom_data($custom, $i, $obj = NULL) { if (is_object($i)) { $obj = $i; $i = NULL; } else { $i = $i . '-'; } $custom = process_language_string_save($i . "custom_data", 1); $obj->setCustomData($custom); return $custom; }
/** * The generic field element save handler * @param type $obj * @param type $instance * @param type $fields */ protected static function _saveHandler($obj, $instance, $field) { if (array_key_exists('edit', $field)) { $action = $field['edit']; if (is_null($action)) { return NULL; } } else { $action = 'default'; } switch ($action) { case 'multilingual': $newdata = process_language_string_save($instance . '-' . $field['name']); break; case 'function': $newdata = call_user_func($field['function'], $obj, $instance, $field, 'save'); break; default: if (!is_null($instance)) { $instance = '_' . $instance; } if (isset($_POST[$field['name'] . $instance])) { $newdata = sanitize($_POST[$field['name'] . $instance]); } else { $newdata = NULL; } } return $newdata; }
if (empty($pwd)) { if (empty($_POST['imagepass'])) { setOption('protected_image_password', NULL); // clear the protected image password } } else { setOption('protected_image_password', $_zp_authority->passwordHash($newuser, $pwd)); } } else { if (empty($notify)) { $notify = '?mismatch=image'; } else { $notify = $fail; } } setOption('protected_image_hint', process_language_string_save('protected_image_hint', 3)); } setOption('hotlink_protection', (int) isset($_POST['hotlink_protection'])); setOption('use_lock_image', (int) isset($_POST['use_lock_image'])); $st = sanitize($_POST['image_sorttype'], 3); if ($st == 'custom') { $st = unQuote(strtolower(sanitize($_POST['customimagesort'], 3))); } setOption('image_sorttype', $st); setOption('image_sortdirection', (int) isset($_POST['image_sortdirection'])); setOption('auto_rotate', (int) isset($_POST['auto_rotate'])); setOption('IPTC_encoding', sanitize($_POST['IPTC_encoding'])); foreach ($_zp_exifvars as $key => $item) { setOption($key, (int) array_key_exists($key, $_POST)); } $returntab = "&tab=image";