function page_delete() { if (ps('name') == 'default') { return page_edit(); } $name = doSlash(ps('name')); safe_delete("txp_page", "name='{$name}'"); page_edit(messenger('page', $name, 'deleted')); }
function page_delete() { $name = doSlash(ps('name')); if ($name == 'default') { return page_edit(); } safe_delete('txp_page', "name = '{$name}'"); $message = gTxt('page_deleted', array('{name}' => $name)); page_edit($message); }
function section_prune($id) { $s = safe_row('*', 'txp_section', "id='" . doSlash($id) . "'"); // can't delete the default section if (!$s or empty($s['parent'])) { return false; } # FIXME: move articles to the parent section first? # what if the parent is 'default'? return safe_delete('txp_section', "lft between '" . $s['lft'] . "' and '" . $s['rgt'] . "'"); }
/** * Delete the article given the id * @param mixed(string|integer) $article_id the ID of the article to delete * @return boolean true on success deletion */ function deleteArticleID($article_id) { $article_id = assert_int($article_id); if ($this->loggedin && has_privs('article.delete', $this->txp_user)) { return safe_delete('textpattern', "ID = {$article_id}"); } elseif ($this->loggedin && has_privs('article.delete.own', $this->txp_user)) { $r = safe_field('ID', 'textpattern', "ID = {$article_id} AND AuthorID='" . doSlash($this->txp_user) . "'"); if ($r || has_privs('article.delete', $this->txp_user)) { return safe_delete('textpattern', "ID = {$article_id}"); } } return false; }
function page_delete() { $name = ps('name'); $count = safe_count('txp_section', "page = '" . doSlash($name) . "'"); if ($name == 'error_default') { return page_edit(); } if ($count) { $message = gTxt('page_used_by_section', array('{name}' => $name, '{count}' => $count)); } else { safe_delete('txp_page', "name = '" . doSlash($name) . "'"); $message = gTxt('page_deleted', array('{name}' => $name)); } page_edit($message); }
function log_list() { pagetop(gTxt('visitor_logs')); extract(get_prefs()); safe_delete("txp_log", "`time` < date_sub(now(),interval " . $expire_logs_after . " day)"); safe_optimize("txp_log"); safe_repair("txp_log"); $page = gps('page'); $total = getCount('txp_log', "1"); $limit = 50; $numPages = ceil($total / $limit); $page = !$page ? 1 : $page; $offset = ($page - 1) * $limit; $nav[] = $page > 1 ? PrevNextLink("log", $page - 1, gTxt('prev'), 'prev') : ''; $nav[] = sp . small($page . '/' . $numPages) . sp; $nav[] = $page != $numPages ? PrevNextLink("log", $page + 1, gTxt('next'), 'next') : ''; $rs = safe_rows_start("*, unix_timestamp(time) as stamp", "txp_log", "1 order by time desc limit {$offset},{$limit}"); if ($rs) { echo startTable('list'), assHead('time', 'host', 'page', 'referrer'); $stamp = ''; while ($a = nextRow($rs)) { extract($a); if ($refer) { $referprint = preg_replace("/^www\\./", "", chunk(htmlspecialchars($refer), 50)); $referprint = '<a href="http://' . htmlspecialchars($refer) . '">' . $referprint . '</a>'; } else { $referprint = ' '; } $pageprint = preg_replace('/\\/$/', '', htmlspecialchars(substr($page, 1))); $pageprint = $pageprint == '' ? '' : '<a href="' . htmlspecialchars($page) . '" target="_blank">' . chunk($pageprint, 50) . '</a>'; if ($method == 'POST') { $pageprint = '<b>' . $pageprint . '</b>'; } $fstamp = date("n/j g:i a", $stamp + tz_offset()); $hostprint = chunk($host, 40); echo tr(td($fstamp) . td($hostprint) . td($pageprint) . td($referprint)); unset($refer, $referprint, $page, $pageprint); } echo '<tr><td colspan="4" align="right" style="padding:10px">', join('', $nav), "</td></tr>", endTable(); } else { echo graf(gTxt('no_refers_recorded'), ' align="center"'); } }
function multiedit_post() { $type = ps('type'); $method = ps('method'); $things = ps('selected'); $root = tree_root_id('txp_category', "type='" . doSlash($type) . "'"); if ($things) { foreach ($things as $catid) { $catid = assert_int($catid); if ($method == 'delete') { if (safe_delete('txp_category', "id={$catid}")) { safe_update('txp_category', "parent=" . doSlash($root), "type='" . doSlash($type) . "' and parent='" . doSlash($catid) . "'"); $categories[] = $catid; } } } tree_rebuild_full('txp_category', "type='" . doSlash($type) . "'"); $this->_message(gTxt($type . '_categories_deleted', array('{list}' => join(', ', $categories)))); } $this->_set_view('list'); }
/** * Installer * @param string $event Admin-side event. * @param string $step Admin-side, plugin-lifecycle step. */ public static function install($event = '', $step = '') { global $prefs; if ($step == 'deleted') { safe_delete('txp_prefs', "name like 'rah\\_bitly\\_%'"); return; } if (isset($prefs['rah_bitly_version']) && $prefs['rah_bitly_version'] == self::$version) { return; } $position = 250; foreach (array('login', 'apikey', 'field') as $name) { if (!isset($prefs['rah_bitly_' . $name])) { $html = $name == 'field' ? 'rah_bitly_fields' : 'text_input'; safe_insert('txp_prefs', "prefs_id=1,\n\t\t\t\t\tname='rah_bitly_" . $name . "',\n\t\t\t\t\tval='',\n\t\t\t\t\ttype=1,\n\t\t\t\t\tevent='rah_bitly',\n\t\t\t\t\thtml='{$html}',\n\t\t\t\t\tposition=" . $position); $prefs['rah_bitly_' . $name] = ''; } $position++; } set_pref('rah_bitly_version', self::$version, 'rah_bitly', 2, '', 0); $prefs['rah_bitly_version'] = self::$version; }
safe_query("alter ignore table " . safe_pfx('txp_category') . " modify parent INT not null"); $types = safe_column('distinct type', 'txp_category', '1=1'); foreach ($types as $type) { $root = safe_field('id', 'txp_category', "type='" . doSlash($type) . "' and name='root' and parent=0"); if (!$root) { $root = safe_insert('txp_category', "name='root', type='" . doSlash($type) . "', parent=0"); } safe_update('txp_category', "parent='" . $root . "'", "type='" . doSlash($type) . "' and parent=0 and id != '" . $root . "'"); tree_rebuild_full('txp_category', "type='" . doSlash($type) . "'"); } // index on form type safe_upgrade_index('txp_form', 'type_idx', '', 'type'); // dropdown ui for certain prefs safe_upgrade_table('txp_prefs', array('choices' => 'varchar(64)')); safe_update('txp_prefs', "html='checkbox'", "html='yesnoradio'"); safe_update('txp_prefs', "html='text'", "html='text_input'"); safe_update('txp_prefs', "choices='commentmode', html='select'", "html='commentmode'"); safe_update('txp_prefs', "choices='logging', html='select'", "html='logging'"); safe_update('txp_prefs', "choices='production_stati', html='radio'", "html='prod_levels'"); safe_update('txp_prefs', "choices='gmtoffsets', html='select'", "html='gmtoffset_select'"); safe_update('txp_prefs', "choices='weeks', html='select'", "html='weeks'"); safe_update('txp_prefs', "choices='languages', html='select'", "html='languages'"); safe_update('txp_prefs', "choices='permlinkmodes', html='radio'", "html='permlinkmodes'"); safe_update('txp_prefs', "choices='dateformats', html='select'", "html='dateformats'"); // change previous Textile prefs into matching markup class names from classMarkup.php $use_textile = safe_field('val', 'txp_prefs', "name='use_textile'"); $markups = array('txprawxhtml', 'txptextile', 'txpnl2br'); if (!empty($markups[$use_textile])) { safe_insert('txp_prefs', "prefs_id = 1, event='publish', name = 'markup_default', val = '{$markups[$use_textile]}', type = '0', html='select', choices='markups'"); safe_delete('txp_prefs', "name='use_textile'"); }
function author_delete() { require_privs('admin.edit'); $user_id = assert_int(ps('user_id')); $name = fetch('Realname', 'txp_users', 'user_id', $user_id); if ($name) { $rs = safe_delete('txp_users', "user_id = {$user_id}"); if ($rs) { admin(gTxt('author_deleted', array('{name}' => $name))); } } }
} safe_update('textpattern', "Keywords=TRIM(BOTH ',' FROM REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(Keywords,'\n',','),'\r',','),'\t',','),' ',' '),' ',' '),' ',' '),' ,',','),', ',','),',,,,',','),',,',','),',,',','))", "Keywords != ''"); // shift preferences to more intuitive spots // give positions, leave enough room for later additions safe_update('txp_prefs', "position = 20", "name in(\n\t\t'sitename',\n\t\t'comments_on_default',\n\t\t'img_dir',\n\t\t'comments_require_name',\n\t\t'syndicate_body_or_excerpt',\n\t\t'title_no_widow'\n\t)"); safe_update('txp_prefs', "position = 40", "name in(\n\t\t'siteurl',\n\t\t'comments_default_invite',\n\t\t'file_base_path',\n\t\t'comments_require_email',\n\t\t'rss_how_many',\n\t\t'articles_use_excerpts'\n\t)"); safe_update('txp_prefs', "position = 60", "name in('\n\t\tsite_slogan',\n\t\t'comments_moderate',\n\t\t'never_display_email',\n\t\t'file_max_upload_size',\n\t\t'show_comment_count_in_feed',\n\t\t'allow_form_override'\n\t)"); safe_update('txp_prefs', "position = 80", "name in(\n\t\t'production_status',\n\t\t'comments_disabled_after',\n\t\t'tempdir',\n\t\t'comment_nofollow',\n\t\t'include_email_atom',\n\t\t'attach_titles_to_permalinks'\n\t)"); safe_update('txp_prefs', "position = 100", "name in(\n\t\t'gmtoffset',\n\t\t'comments_auto_append',\n\t\t'plugin_cache_dir',\n\t\t'permalink_title_format',\n\t\t'use_mail_on_feeds_id'\n\t)"); safe_update('txp_prefs', "position = 120", "name in(\n\t\t'is_dst',\n\t\t'comments_mode',\n\t\t'override_emailcharset'\n\t)"); safe_update('txp_prefs', "position = 120, event = 'publish'", "name = 'send_lastmod'"); safe_update('txp_prefs', "position = 140", "name in(\n\t\t'dateformat',\n\t\t'comments_dateformat',\n\t\t'spam_blacklists',\n\t\t'lastmod_keepalive'\n\t)"); safe_update('txp_prefs', "position = 160", "name in(\n\t\t'archive_dateformat',\n\t\t'comments_are_ol',\n\t\t'comment_means_site_updated',\n\t\t'ping_weblogsdotcom'\n\t)"); safe_update('txp_prefs', "position = 180", "name in('permlink_mode','comments_sendmail','ping_textpattern_com')"); safe_update('txp_prefs', "position = 200", "name in('use_textile','expire_logs_after')"); safe_update('txp_prefs', "position = 220", "name in('logging','use_dns')"); safe_update('txp_prefs', "position = 240", "name in('use_comments','max_url_len')"); safe_update('txp_prefs', "position = 260", "name = 'use_plugins'"); safe_update('txp_prefs', "position = 280", "name = 'admin_side_plugins'"); safe_update('txp_prefs', "position = 300", "name = 'allow_page_php_scripting'"); safe_update('txp_prefs', "position = 320", "name = 'allow_article_php_scripting'"); safe_update('txp_prefs', "position = 340", "name = 'allow_raw_php_scripting'"); safe_update('txp_prefs', "position = 120, type = 1", "name = 'comments_disallow_images'"); safe_update('txp_prefs', "event = 'comments'", "name in(\n\t\t'never_display_email',\n\t\t'comment_nofollow',\n\t\t'spam_blacklists',\n\t\t'comment_means_site_updated'\n\t)"); safe_update('txp_prefs', "event = 'feeds'", "name in(\n\t\t'syndicate_body_or_excerpt',\n\t\t'rss_how_many',\n\t\t'show_comment_count_in_feed',\n\t\t'include_email_atom',\n\t\t'use_mail_on_feeds_id'\n\t)"); # 'Textile links' feature removed due to unclear specs. safe_delete('txp_prefs', "event='link' and name='textile_links'"); # Use TextileRestricted lite/fat in comments? if (!safe_field('name', 'txp_prefs', "name = 'comments_use_fat_textile'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'comments_use_fat_textile', val = '0', type = '1', event='comments', html='yesnoradio', position='130'"); }
/** * The main panel listing all log hits. * * @param string|array $message The activity message */ function log_list($message = '') { global $event, $log_list_pageby, $expire_logs_after; pagetop(gTxt('tab_logs'), $message); extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); if ($sort === '') { $sort = get_pref('log_sort_column', 'time'); } else { if (!in_array($sort, array('ip', 'host', 'page', 'refer', 'method', 'status'))) { $sort = 'time'; } set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE); } if ($dir === '') { $dir = get_pref('log_sort_dir', 'desc'); } else { $dir = $dir == 'asc' ? "asc" : "desc"; set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE); } $expire_logs_after = assert_int($expire_logs_after); safe_delete('txp_log', "time < DATE_SUB(NOW(), INTERVAL {$expire_logs_after} DAY)"); switch ($sort) { case 'ip': $sort_sql = "ip {$dir}"; break; case 'host': $sort_sql = "host {$dir}"; break; case 'page': $sort_sql = "page {$dir}"; break; case 'refer': $sort_sql = "refer {$dir}"; break; case 'method': $sort_sql = "method {$dir}"; break; case 'status': $sort_sql = "status {$dir}"; break; default: $sort = 'time'; $sort_sql = "time {$dir}"; break; } $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $search = new Filter($event, array('ip' => array('column' => 'txp_log.ip', 'label' => gTxt('IP')), 'host' => array('column' => 'txp_log.host', 'label' => gTxt('host')), 'page' => array('column' => 'txp_log.page', 'label' => gTxt('page')), 'refer' => array('column' => 'txp_log.refer', 'label' => gTxt('referrer')), 'method' => array('column' => 'txp_log.method', 'label' => gTxt('method')), 'status' => array('column' => 'txp_log.status', 'label' => gTxt('status'), 'type' => 'integer'))); list($criteria, $crit, $search_method) = $search->getFilter(array('status' => array('can_list' => true))); $search_render_options = array('placeholder' => 'search_logs'); $total = safe_count('txp_log', "{$criteria}"); echo n . tag(hed(gTxt('tab_logs'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1')); $searchBlock = n . tag($search->renderForm('log_list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => $event . '_control')); $contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => $event . '_container')); if ($total < 1) { if ($criteria != 1) { echo $searchBlock . $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information')); } else { echo $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_refers_recorded'), array('class' => 'alert-block information')); } echo n . tag_end('div'); return; } $limit = max($log_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); echo $searchBlock . $contentBlockStart; $rs = safe_rows_start("*, UNIX_TIMESTAMP(time) AS uTime", 'txp_log', "{$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}"); if ($rs) { echo n . tag(toggle_box('log_detail'), 'div', array('class' => 'txp-list-options')) . n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'log_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'txp-list-col-time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'txp-list-col-ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'txp-list-col-host log_detail') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'txp-list-col-page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'txp-list-col-refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'txp-list-col-method log_detail') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'txp-list-col-status log_detail')) . n . tag_end('thead') . n . tag_start('tbody'); while ($a = nextRow($rs)) { extract($a, EXTR_PREFIX_ALL, 'log'); if ($log_refer) { $log_refer = href(txpspecialchars(soft_wrap(preg_replace('#^http://#', '', $log_refer), 30)), txpspecialchars($log_refer), ' target="_blank"'); } if ($log_page) { $log_anchor = preg_replace('/\\/$/', '', $log_page); $log_anchor = soft_wrap(substr($log_anchor, 1), 30); $log_page = href(txpspecialchars($log_anchor), txpspecialchars($log_page), ' target="_blank"'); if ($log_method == 'POST') { $log_page = strong($log_page); } } echo tr(td(fInput('checkbox', 'selected[]', $log_id), '', 'txp-list-col-multi-edit') . hCell(gTime($log_uTime), '', ' class="txp-list-col-time" scope="row"') . td(href(txpspecialchars($log_ip), 'https://whois.domaintools.com/' . rawurlencode($log_ip), array('rel' => 'external', 'target' => '_blank')), '', 'txp-list-col-ip') . td(txpspecialchars($log_host), '', 'txp-list-col-host log_detail') . td($log_page, '', 'txp-list-col-page') . td($log_refer, '', 'txp-list-col-refer') . td(txpspecialchars($log_method), '', 'txp-list-col-method log_detail') . td($log_status, '', 'txp-list-col-status log_detail')); } echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . log_multiedit_form($page, $sort, $dir, $crit, $search_method) . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => $event . '_navigation')) . pageby_form('log', $log_list_pageby) . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . tag_end('div'); } echo n . tag_end('div'); }
if ((include txpath . DS . 'update' . DS . '_to_4.3.0.php') !== false) { $dbversion = '4.3.0'; } } if (version_compare($dbversion, '4.4.0', '<')) { if ((include txpath . DS . 'update' . DS . '_to_4.4.0.php') !== false) { $dbversion = '4.4.0'; } } if (version_compare($dbversion, '4.4.1', '<')) { if ((include txpath . DS . 'update' . DS . '_to_4.4.1.php') !== false) { $dbversion = '4.4.1'; } } if (version_compare($dbversion, '4.4.2', '<')) { if ((include txpath . DS . 'update' . DS . '_to_4.4.2.php') !== false) { $dbversion = '4.4.2'; } } // keep track of updates for svn users safe_delete('txp_prefs', "name = 'dbupdatetime'"); safe_insert('txp_prefs', "prefs_id=1, name='dbupdatetime',val='" . max(newest_file(), time()) . "', type='2'"); // update version safe_delete('txp_prefs', "name = 'version'"); safe_insert('txp_prefs', "prefs_id=1, name='version',val='{$dbversion}', type='2'"); // updated, baby. So let's get the fresh prefs and send them to languages define('TXP_UPDATE_DONE', 1); $event = 'prefs'; $step = 'list_languages'; $prefs = get_prefs(); extract($prefs);
/** * Commits prefs to the database. */ function prefs_save() { global $prefs, $gmtoffset, $is_dst, $auto_dst, $timezone_key, $txp_user; // Update custom fields count from database schema and cache it as a hidden pref. // TODO: move this when custom fields are refactored. $max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings('describe ' . safe_pfx('textpattern')))); set_pref('max_custom_fields', $max_custom_fields, 'publish', 2); $sql = array(); $sql[] = 'prefs_id = 1 and event != "" and type in(' . PREF_CORE . ', ' . PREF_PLUGIN . ', ' . PREF_HIDDEN . ')'; $sql[] = "(user_name = '' or (user_name='" . doSlash($txp_user) . "' and name not in(\n select name from " . safe_pfx('txp_prefs') . " where user_name = ''\n )))"; if (!get_pref('use_comments', 1, 1)) { $sql[] = "event != 'comments'"; } $prefnames = safe_rows_start("name, event, user_name, val", 'txp_prefs', join(' and ', $sql)); $post = stripPost(); if (isset($post['tempdir']) && empty($post['tempdir'])) { $post['tempdir'] = find_temp_dir(); } if (!empty($post['file_max_upload_size'])) { $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']); } if (isset($post['auto_dst'])) { $prefs['auto_dst'] = $auto_dst = $post['auto_dst']; if (isset($post['is_dst']) && !$post['auto_dst']) { $is_dst = $post['is_dst']; } } // Forge $gmtoffset and $is_dst from $timezone_key if present. if (isset($post['timezone_key'])) { $key = $post['timezone_key']; $tzd = Txp::get('Textpattern_Date_Timezone')->getTimeZones(); if (isset($tzd[$key])) { $prefs['timezone_key'] = $timezone_key = $key; $post['gmtoffset'] = $prefs['gmtoffset'] = $gmtoffset = $tzd[$key]['offset']; $post['is_dst'] = $prefs['is_dst'] = $is_dst = Txp::get('Textpattern_Date_Timezone')->isDst(null, $key); } } if (isset($post['siteurl'])) { $post['siteurl'] = preg_replace('#^https?://#', '', rtrim($post['siteurl'], '/ ')); } while ($a = nextRow($prefnames)) { extract($a); if (!isset($post[$name]) || !has_privs('prefs.' . $event)) { continue; } if ($name === 'logging' && $post[$name] === 'none' && $post[$name] !== $val) { safe_truncate('txp_log'); } if ($name === 'expire_logs_after' && (int) $post[$name] !== (int) $val) { safe_delete('txp_log', 'time < date_sub(now(), interval ' . intval($post[$name]) . ' day)'); } update_pref($name, (string) $post[$name], null, null, null, null, (string) $user_name); } update_lastmod(); prefs_list(gTxt('preferences_saved')); }
/** * Remove all language strings for the given lang code. * * Removed language code is specified with 'lang_code' HTTP POST * parameter. */ function remove_language() { $lang_code = ps('lang_code'); $ret = safe_delete('txp_lang', "lang = '" . doSlash($lang_code) . "'"); if ($ret) { callback_event('lang_deleted', '', 0, $lang_code); $msg = gTxt($lang_code) . sp . gTxt('deleted'); } else { $msg = gTxt('cannot_delete', array('{thing}' => $lang_code)); } list_languages($msg); }
function plugin_multi_edit() { $selected = ps('selected'); $method = ps('edit_method'); if (!$selected or !is_array($selected)) { return plugin_list(); } $where = "name IN ('" . join("','", doSlash($selected)) . "')"; switch ($method) { case 'delete': foreach ($selected as $name) { if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) { load_plugin($name, true); callback_event("plugin_lifecycle.{$name}", 'disabled'); callback_event("plugin_lifecycle.{$name}", 'deleted'); } } safe_delete('txp_plugin', $where); break; case 'changestatus': foreach ($selected as $name) { if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) { $status = safe_field('status', 'txp_plugin', "name ='" . doSlash($name) . "'"); load_plugin($name, true); // NB: won't show returned messages anywhere due to potentially overwhelming verbiage. callback_event("plugin_lifecycle.{$name}", $status ? 'disabled' : 'enabled'); } } safe_update('txp_plugin', 'status = (1-status)', $where); break; case 'changeorder': $order = min(max(intval(ps('order')), 1), 9); safe_update('txp_plugin', 'load_order = ' . $order, $where); break; } $message = gTxt('plugin_' . ($method == 'delete' ? 'deleted' : 'updated'), array('{name}' => join(', ', $selected))); plugin_list($message); }
function checkNonce($nonce) { if (!$nonce && !preg_match('#^[a-zA-Z0-9]*$#', $nonce)) { return false; } // delete expired nonces safe_delete("txp_discuss_nonce", "issue_time < date_sub(now(),interval 10 minute)"); // check for nonce return safe_row("*", "txp_discuss_nonce", "nonce='" . doSlash($nonce) . "' and used = 0") ? true : false; }
/** * Deletes a page template. */ function page_delete() { $name = ps('name'); $count = safe_count('txp_section', "page = '" . doSlash($name) . "'"); $message = ''; if ($name == 'error_default') { return page_edit(); } if ($count) { $message = array(gTxt('page_used_by_section', array('{name}' => $name, '{count}' => $count)), E_WARNING); } else { if (safe_delete('txp_page', "name = '" . doSlash($name) . "'")) { callback_event('page_deleted', '', 0, $name); $message = gTxt('page_deleted', array('{name}' => $name)); } } page_edit($message); }
function link_multi_edit() { $selected = ps('selected'); if (!$selected or !is_array($selected)) { return link_edit(); } $selected = array_map('assert_int', $selected); $method = ps('edit_method'); $changed = array(); if ($method == 'delete') { foreach ($selected as $id) { if (safe_delete('txp_link', 'id = ' . $id)) { $changed[] = $id; } } } elseif ($method == 'changecategory') { foreach ($selected as $id) { if (safe_update('txp_link', "category = '" . doSlash(ps('category')) . "'", "id = {$id}")) { $changed[] = $id; } } } if ($changed) { return link_edit(gTxt($method == 'delete' ? 'links_deleted' : 'link_updated', array($method == 'delete' ? '{list}' : '{name}' => join(', ', $changed)))); } return link_edit(); }
function log_list($message = '') { global $event, $log_list_pageby, $expire_logs_after; pagetop(gTxt('visitor_logs'), $message); extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); if ($sort === '') { $sort = get_pref('log_sort_column', 'time'); } if ($dir === '') { $dir = get_pref('log_sort_dir', 'desc'); } $dir = $dir == 'asc' ? 'asc' : 'desc'; $expire_logs_after = assert_int($expire_logs_after); safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)"); switch ($sort) { case 'ip': $sort_sql = 'ip ' . $dir; break; case 'host': $sort_sql = 'host ' . $dir; break; case 'page': $sort_sql = 'page ' . $dir; break; case 'refer': $sort_sql = 'refer ' . $dir; break; case 'method': $sort_sql = 'method ' . $dir; break; case 'status': $sort_sql = 'status ' . $dir; break; default: $sort = 'time'; $sort_sql = 'time ' . $dir; break; } set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE); set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE); $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $criteria = 1; if ($search_method and $crit) { $crit_escaped = doSlash(str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit)); $critsql = array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'"); if (array_key_exists($search_method, $critsql)) { $criteria = $critsql[$search_method]; $limit = 500; } else { $search_method = ''; $crit = ''; } } else { $search_method = ''; $crit = ''; } $total = safe_count('txp_log', "{$criteria}"); echo '<div id="' . $event . '_control" class="txp-control-panel">'; if ($total < 1) { if ($criteria != 1) { echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>'; } else { echo graf(gTxt('no_refers_recorded'), ' class="indicator"') . '</div>'; } return; } $limit = max($log_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); echo n . log_search_form($crit, $search_method) . '</div>'; $rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}"); if ($rs) { echo n . '<div id="' . $event . '_container" class="txp-container txp-list">'; echo n . n . '<form action="index.php" id="log_form" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', 'list', '', '90%') . n . '<thead>' . n . tr(n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'date time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'host') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail method') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail status') . hCell('', '', ' class="multi-edit"')) . n . '</thead>'; $tfoot = n . '<tfoot>' . tr(tda(toggle_box('log_detail'), ' class="detail-toggle" colspan="2" style="text-align: left; border: none;"') . tda(select_buttons() . log_multiedit_form($page, $sort, $dir, $crit, $search_method), ' class="multi-edit" colspan="6" style="text-align: right; border: none;"')) . n . '</tfoot>'; echo $tfoot; echo '<tbody>'; $ctr = 1; while ($a = nextRow($rs)) { extract($a, EXTR_PREFIX_ALL, 'log'); if ($log_refer) { $log_refer = 'http://' . $log_refer; $log_refer = '<a href="' . htmlspecialchars($log_refer) . '" target="_blank">' . htmlspecialchars(soft_wrap($log_refer, 30)) . '</a>'; } if ($log_page) { $log_anchor = preg_replace('/\\/$/', '', $log_page); $log_anchor = soft_wrap(substr($log_anchor, 1), 30); $log_page = '<a href="' . htmlspecialchars($log_page) . '" target="_blank">' . htmlspecialchars($log_anchor) . '</a>'; if ($log_method == 'POST') { $log_page = '<strong>' . $log_page . '</strong>'; } } echo tr(n . td(gTime($log_uTime), 85, 'date time') . td($log_ip, 20, 'log_detail ip') . td(soft_wrap($log_host, 30), '', 'host') . td($log_page, '', 'page') . td($log_refer, '', 'refer') . td(htmlspecialchars($log_method), 60, 'log_detail method') . td($log_status, 60, 'log_detail status') . td(fInput('checkbox', 'selected[]', $log_id), '', 'multi-edit'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"'); $ctr++; } echo '</tbody>' . n . endTable() . n . '</form>' . n . '<div id="' . $event . '_navigation" class="txp-navigation">' . n . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . pageby_form('log', $log_list_pageby) . n . '</div>' . n . '</div>'; } }
<?php if (!defined('TXP_UPDATE')) { exit("Nothing here. You can't access this file directly."); } // Support for per-user private prefs. $cols = getThings('describe `' . PFX . 'txp_prefs`'); if (!in_array('user_name', $cols)) { safe_alter('txp_prefs', "ADD `user_name` varchar(64) NOT NULL default '', DROP INDEX `prefs_idx`, ADD UNIQUE `prefs_idx` (`prefs_id`, `name`, `user_name`), ADD INDEX `user_name` (`user_name`)"); } // Remove a few global prefs in favour of future private ones. safe_delete('txp_prefs', "user_name = '' AND name in ('article_list_pageby', 'author_list_pageby', 'comment_list_pageby', 'file_list_pageby', 'image_list_pageby', 'link_list_pageby', 'log_list_pageby')"); // Use dedicated prefs function for setting custom fields. safe_update('txp_prefs', "html='custom_set'", "name IN ('custom_1_set', 'custom_2_set', 'custom_3_set', 'custom_4_set', 'custom_5_set', 'custom_6_set', 'custom_7_set', 'custom_8_set', 'custom_9_set', 'custom_10_set') AND html='text_input'"); // Send comments prefs. safe_update('txp_prefs', "html='commentsendmail'", "name='comments_sendmail' AND html='yesnoradio'"); // Timezone prefs. safe_update('txp_prefs', "html='is_dst'", "name='is_dst' AND html='yesnoradio'"); if (!safe_field('name', 'txp_prefs', "name = 'auto_dst'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'auto_dst', val = '0', type = '0', event = 'publish', html = 'yesnoradio', position = '115'"); } if (!safe_field('name', 'txp_prefs', "name = 'timezone_key'")) { $tz = new timezone(); $tz = $tz->key($gmtoffset); safe_insert('txp_prefs', "prefs_id = 1, name = 'timezone_key', val = '{$tz}', type = '2', event = 'publish', html = 'textinput', position = '0'"); } // Default event admin pref. if (!safe_field('name', 'txp_prefs', "name = 'default_event'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'default_event', val = 'article', type = '1', event = 'admin', html = 'default_event', position = '150'"); } // Add columns for thumbnail dimensions.
function css_delete() { $name = ps('name'); $count = safe_count('txp_section', "css = '" . doSlash($name) . "'"); if ($count) { $message = gTxt('css_used_by_section', array('{name}' => $name, '{count}' => $count)); } else { safe_delete('txp_css', "name = '" . doSlash($name) . "'"); $message = gTxt('css_deleted', array('{name}' => $name)); } css_edit($message); }
function form_delete($name) { global $essential_forms; if (in_array($name, $essential_forms)) { return false; } $name = doSlash($name); if (safe_delete("txp_form", "name='{$name}'")) { return true; } return false; }
function section_delete() { $selected = ps('selected'); $with_articles = safe_rows('Section, Count(*) AS count', 'textpattern', "Section in ('" . join("','", doSlash($selected)) . "') GROUP BY Section"); $protected[] = 'default'; $del['success'] = $del['error'] = array(); foreach ($with_articles as $row) { $protected[] = $row['Section']; } $protected = array_unique($protected); foreach ($selected as $item) { if (in_array($item, $protected)) { $del['error'][] = $item; } else { $ret = safe_delete('txp_section', "name = '" . doSlash($item) . "'"); if ($ret) { $del['success'][] = $item; } else { $del['error'][] = $item; } } } if ($del['success']) { callback_event('sections_deleted', '', 0, $del['success']); } $message = $del['success'] ? gTxt('section_deleted', array('{name}' => join(', ', $del['success']))) : ''; sec_section_list($message); }
} // doctype prefs if (!safe_field('name', 'txp_prefs', "name = 'doctype'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'doctype', val = 'xhtml', type = '0', event = 'publish', html = 'doctypes', position = '190'"); } // publisher's email address if (!safe_field('name', 'txp_prefs', "name = 'publisher_email'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'publisher_email', val = '', type = 1, event = 'admin', position = 115"); } // goodbye raw ?php support if (safe_field('name', 'txp_prefs', "name = 'allow_raw_php_scripting'")) { safe_delete('txp_prefs', "name = 'allow_raw_php_scripting'"); } safe_alter('txp_users', "MODIFY RealName VARCHAR(255) NOT NULL default '', MODIFY email VARCHAR(254) NOT NULL default ''"); // Remove any setup strings from lang table safe_delete('txp_lang', "event='setup'"); $has_idx = 0; $rs = getRows('show index from `' . PFX . 'textpattern`'); foreach ($rs as $row) { if ($row['Key_name'] == 'url_title_idx') { $has_idx = 1; } } if (!$has_idx) { safe_query('alter ignore table `' . PFX . 'textpattern` add index url_title_idx(`url_title`)'); } // Remove is_default from txp_section table and make it a preference if (!safe_field('name', 'txp_prefs', "name = 'default_section'")) { $current_default_section = safe_field('name', 'txp_section', 'is_default=1'); safe_insert('txp_prefs', "prefs_id = 1, name = 'default_section', val = '" . doSlash($current_default_section) . "', type = '2', event = 'section', html = 'text_input', position = '0'"); }
function article_delete() { $dID = ps('dID'); $rs = safe_delete("textpattern", "ID={$dID}"); if ($rs) { article_list(messenger('article', $dID, 'deleted'), 1); } }
function event_multi_edit($table, $id_key) { $method = ps('edit_method'); $selected = ps('selected'); if ($selected) { if ($method == 'delete') { foreach ($selected as $id) { $id = assert_int($id); if (safe_delete($table, "{$id_key} = {$id}")) { $ids[] = $id; } } return join(', ', $ids); } } return ''; }
function admin_multi_edit() { global $txp_user; require_privs('admin.edit'); $selected = ps('selected'); $method = ps('edit_method'); $changed = array(); if (!$selected or !is_array($selected)) { return admin(); } $names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'"); if (!$names) { return admin(); } switch ($method) { case 'delete': if (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) { $changed = $names; $msg = 'author_deleted'; } break; case 'changeprivilege': global $levels; $privilege = ps('privs'); if (!isset($levels[$privilege])) { return admin(); } if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) { $changed = $names; $msg = 'author_updated'; } break; case 'resetpassword': $failed = array(); foreach ($names as $name) { $passwd = generate_password(6); if (safe_update('txp_users', "pass = password(lower('" . doSlash($passwd) . "'))", "name = '" . doSlash($name) . "'")) { } $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); if (send_new_password($passwd, $email, $name)) { $changed[] = $name; $msg = 'author_updated'; } else { return admin(gTxt('could_not_mail') . ' ' . htmlspecialchars($name)); } } break; } if ($changed) { return admin(gTxt($msg, array('{name}' => htmlspecialchars(join(', ', $changed))))); } admin(); }
function customer_delete($event, $step) { global $txp_user, $vars, $txpcfg, $prefs; extract($prefs); extract(doSlash($_REQUEST)); $user_id = assert_int($user_id); safe_delete("txp_users", "user_id = {$user_id}"); customers_list('', '', "customer deleted"); }
function ign_user_delete() { global $ign_user_db; $user_id = ps('user_id'); $name = fetch('Realname', $ign_user_db, 'user_id', $user_id); if ($name) { $rs = safe_delete($ign_user_db, "user_id = '{$user_id}'"); if ($rs) { ign_admin(messenger('user', $name, 'deleted')); } } }