static function getForm($id) { $id = sqlescape($id); $form = sqlfetch(sqlquery("SELECT * FROM btx_form_builder_forms WHERE id = '{$id}'")); if (!$form) { return false; } $fields = array(); $object_count = 0; $field_query = sqlquery("SELECT * FROM btx_form_builder_fields WHERE form = '{$id}' AND `column` = '0' ORDER BY position DESC, id ASC"); while ($field = sqlfetch($field_query)) { $object_count++; if ($field["type"] == "column") { // Get left column $column_fields = array(); $column_query = sqlquery("SELECT * FROM btx_form_builder_fields WHERE `column` = '" . $field["id"] . "' AND `alignment` = 'left' ORDER BY position DESC, id ASC"); while ($sub_field = sqlfetch($column_query)) { $column_fields[] = $sub_field; $object_count++; } $field["fields"] = $column_fields; $fields[] = $field; // Get right column $column_fields = array(); $column_query = sqlquery("SELECT * FROM btx_form_builder_fields WHERE `column` = '" . $field["id"] . "' AND `alignment` = 'right' ORDER BY position DESC, id ASC"); while ($sub_field = sqlfetch($column_query)) { $column_fields[] = $sub_field; $object_count++; } $field["fields"] = $column_fields; $fields[] = $field; // Column start/end count as objects so we add 3 since there's two columns $object_count += 3; } else { $fields[] = $field; } } $form["fields"] = $fields; $form["object_count"] = $object_count - 1; // We start at 0 return $form; }
protected static function syncData($query, $service, $data) { if (is_array($data->Results)) { // If we have results, let's find out what categories they need to be tagged to. $categories = array(); $cq = sqlquery("SELECT * FROM btx_social_feed_query_categories WHERE `query` = '" . $query["id"] . "'"); while ($cf = sqlfetch($cq)) { $categories[] = $cf["category"]; } foreach ($data->Results as $r) { $id = sqlescape($r->ID); // Check for existing $existing = sqlfetch(sqlquery("SELECT id FROM btx_social_feed_stream WHERE service = '{$service}' AND service_id = '{$id}'")); if (!$existing) { $data = sqlescape(json_encode($r)); if ($r->Timestamp) { $date = sqlescape($r->Timestamp); } elseif ($r->CreatedAt) { $date = sqlescape($r->CreatedAt); } elseif ($r->Dates->Posted) { $date = sqlescape($r->Dates->Posted); } else { $date = date("Y-m-d H:i:s"); } sqlquery("INSERT INTO btx_social_feed_stream (`date`,`service`,`service_id`,`data`,`approved`) VALUES ('{$date}','{$service}','{$id}','{$data}','" . self::$DefaultApprovedState . "')"); $existing["id"] = sqlid(); self::$ItemsToCache[] = array("id" => sqlid(), "date" => $date, "service" => $service, "service_id" => $id, "data" => json_encode($r), "approved" => self::$DefaultApprovedState); } // Tag to categories foreach ($categories as $c) { sqlquery("DELETE FROM btx_social_feed_stream_categories WHERE item = '" . $existing["id"] . "' AND category = '{$c}'"); sqlquery("INSERT INTO btx_social_feed_stream_categories (`item`,`category`) VALUES ('" . $existing["id"] . "','{$c}')"); } // Tag to the query sqlquery("DELETE FROM btx_social_feed_stream_queries WHERE `item` = '" . $existing["id"] . "' AND `query` = '" . $query["id"] . "'"); sqlquery("INSERT INTO btx_social_feed_stream_queries (`item`,`query`) VALUES ('" . $existing["id"] . "','" . $query["id"] . "')"); } } }
function update($id, $fields, $values = false, $ignore_cache = false) { $id = sqlescape($id); // Turn a key => value array into pairs if ($values === false && is_array($fields)) { $values = $fields; $fields = array_keys($fields); } // Multiple columns to update if (is_array($fields)) { $query_parts = array(); foreach ($fields as $key) { $val = current($values); if (is_array($val)) { $val = BigTree::json(BigTree::translateArray($val)); } else { $val = BigTreeAdmin::autoIPL($val); } $query_parts[] = "`{$key}` = '" . sqlescape($val) . "'"; next($values); } sqlquery("UPDATE `" . $this->Table . "` SET " . implode(", ", $query_parts) . " WHERE id = '{$id}'"); // Single column to update } else { if (is_array($values)) { $val = json_encode(BigTree::translateArray($values)); } else { $val = BigTreeAdmin::autoIPL($values); } sqlquery("UPDATE `" . $this->Table . "` SET `{$fields}` = '" . sqlescape($val) . "' WHERE id = '{$id}'"); } if (!$ignore_cache) { BigTreeAutoModule::recacheItem($id, $this->Table); } }
$type["use_cases"] = array("templates" => $type["pages"], "modules" => $type["modules"], "callouts" => $type["callouts"], "settings" => $type["settings"]); } $use_cases = is_array($type["use_cases"]) ? sqlescape(json_encode($type["use_cases"])) : sqlescape($type["use_cases"]); $self_draw = $type["self_draw"] ? "'on'" : "NULL"; sqlquery("INSERT INTO bigtree_field_types (`id`,`name`,`use_cases`,`self_draw`) VALUES ('" . sqlescape($type["id"]) . "','" . sqlescape($type["name"]) . "','{$use_cases}',{$self_draw})"); } } // Import files foreach ($json["files"] as $file) { BigTree::copyFile(SERVER_ROOT . "cache/package/{$file}", SERVER_ROOT . $file); } // Run SQL foreach ($json["sql"] as $sql) { sqlquery($sql); } // Empty view cache sqlquery("DELETE FROM bigtree_module_view_cache"); // Remove the package directory, we do it backwards because the "deepest" files are last $contents = @array_reverse(BigTree::directoryContents(SERVER_ROOT . "cache/package/")); foreach ($contents as $file) { @unlink($file); @rmdir($file); } @rmdir(SERVER_ROOT . "cache/package/"); // Clear module class cache and field type cache. @unlink(SERVER_ROOT . "cache/bigtree-module-class-list.json"); @unlink(SERVER_ROOT . "cache/bigtree-form-field-types.json"); sqlquery("INSERT INTO bigtree_extensions (`id`,`type`,`name`,`version`,`last_updated`,`manifest`) VALUES ('" . sqlescape($json["id"]) . "','package','" . sqlescape($json["title"]) . "','" . sqlescape($json["version"]) . "',NOW(),'" . sqlescape(json_encode($json)) . "')"); sqlquery("SET foreign_key_checks = 1"); $admin->growl("Developer", "Installed Package"); BigTree::redirect(DEVELOPER_ROOT . "packages/install/complete/");
function handle404($url) { $url = sqlescape(htmlspecialchars(strip_tags(rtrim($url, "/")))); $f = sqlfetch(sqlquery("SELECT * FROM bigtree_404s WHERE broken_url = '{$url}'")); if (!$url) { return true; } if ($f["redirect_url"]) { if ($f["redirect_url"] == "/") { $f["redirect_url"] = ""; } if (substr($f["redirect_url"], 0, 7) == "http://" || substr($f["redirect_url"], 0, 8) == "https://") { $redirect = $f["redirect_url"]; } else { $redirect = WWW_ROOT . str_replace(WWW_ROOT, "", $f["redirect_url"]); } sqlquery("UPDATE bigtree_404s SET requests = (requests + 1) WHERE id = '" . $f["id"] . "'"); BigTree::redirect($redirect, "301"); return false; } else { header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found"); if ($f) { sqlquery("UPDATE bigtree_404s SET requests = (requests + 1) WHERE id = '" . $f["id"] . "'"); } else { sqlquery("INSERT INTO bigtree_404s (`broken_url`,`requests`) VALUES ('{$url}','1')"); } define("BIGTREE_DO_NOT_CACHE", true); return true; } }
static function updateUserPassword($id, $password) { global $bigtree; $id = sqlescape($id); $phpass = new PasswordHash($bigtree["config"]["password_depth"], TRUE); $password = sqlescape($phpass->HashPassword(trim($password))); sqlquery("UPDATE bigtree_users SET password = '******' WHERE id = '{$id}'"); }
} } // Sanitize the form data so it fits properly in the database (convert dates to MySQL-friendly format and such) $bigtree["entry"] = BigTreeAutoModule::sanitizeData($bigtree["form"]["table"], $bigtree["entry"]); // Make some easier to write out vars for below. $tags = $_POST["_tags"]; $edit_id = $_POST["id"] ? $_POST["id"] : false; $new_id = false; $table = $bigtree["form"]["table"]; $item = $bigtree["entry"]; $many_to_many = $bigtree["many-to-many"]; // Check to see if this is a positioned element // If it is and the form is setup to create new items at the top and this is a new record, update the position column. $table_description = BigTree::describeTable($table); if (isset($table_description["columns"]["position"]) && $bigtree["form"]["default_position"] == "Top" && !$_POST["id"]) { $max = sqlrows(sqlquery("SELECT id FROM `{$table}`")) + sqlrows(sqlquery("SELECT id FROM `bigtree_pending_changes` WHERE `table` = '" . sqlescape($table) . "'")); $item["position"] = $max; } // Let's stick it in the database or whatever! $data_action = $_POST["save_and_publish"] || $_POST["save_and_publish_x"] || $_POST["save_and_publish_y"] ? "publish" : "save"; $did_publish = false; // We're an editor or "Save" was chosen if ($bigtree["access_level"] == "e" || $data_action == "save") { // We have an existing module entry we're saving a change to. if ($edit_id) { BigTreeAutoModule::submitChange($bigtree["module"]["id"], $table, $edit_id, $item, $many_to_many, $tags); $admin->growl($bigtree["module"]["name"], "Saved " . $bigtree["form"]["title"] . " Draft"); // It's a new entry, so we create a pending item. } else { $edit_id = "p" . BigTreeAutoModule::createPendingItem($bigtree["module"]["id"], $table, $item, $many_to_many, $tags); $admin->growl($bigtree["module"]["name"], "Created " . $bigtree["form"]["title"] . " Draft");
<?php header("Content-type: text/javascript"); $id = sqlescape($_GET["id"]); // Grab View Data $view = BigTreeAutoModule::getView(sqlescape($_GET["view"])); $table = $view["table"]; // Get module $module = $admin->getModule(BigTreeAutoModule::getModuleForView($view["id"])); // Get the item $current_item = BigTreeAutoModule::getPendingItem($table, $id); $item = $current_item["item"]; // Check permission $access_level = $admin->getAccessLevel($module, $item, $table); if ($access_level != "n") { $original_item = BigTreeAutoModule::getItem($table, $id); $original_access_level = $admin->getAccessLevel($module, $original_item["item"], $table); if ($original_access_level != "p") { $access_level = $original_access_level; } }
<?php $total_results = 0; $results = array(); $search_term = $_GET["query"]; // If this is a link, see if it's internal. if (substr($search_term, 0, 7) == "http://" || substr($search_term, 0, 8) == "https://") { $search_term = $admin->makeIPL($search_term); } $w = "'%" . sqlescape($search_term) . "%'"; // Get the "Pages" results. $r = $admin->searchPages($search_term, array("title", "resources", "meta_keywords", "meta_description", "nav_title"), "50"); $pages = array(); foreach ($r as $f) { $access_level = $admin->getPageAccessLevel($f["id"]); if ($access_level) { $res = json_decode($f["resources"], true); $bc = $cms->getBreadcrumbByPage($f); $bc_parts = array(); foreach ($bc as $part) { $bc_parts[] = '<a href="' . ADMIN_ROOT . 'pages/view-tree/' . $part["id"] . '/">' . $part["title"] . '</a>'; } $result = array("id" => $f["id"], "title" => $f["nav_title"], "description" => BigTree::trimLength(strip_tags($res["page_content"]), 450), "link" => ADMIN_ROOT . "pages/edit/" . $f["id"] . "/", "breadcrumb" => implode(" › ", $bc_parts)); $pages[] = $result; $total_results++; } } if (count($pages)) { $results["Pages"] = $pages; } // Get every module's results based on auto module views.
} if (!$files) { BigTree::deleteDirectory($cache_root); $_SESSION["upload_error"] = "The zip file uploaded was corrupt."; BigTree::redirect(DEVELOPER_ROOT . "extensions/install/"); } // Read the manifest $json = json_decode(file_get_contents($cache_root . "manifest.json"), true); // Make sure it's legit -- we check the alphanumeric status of the ID because if it's invalid someone may be trying to put files in a bad directory if ($json["type"] != "extension" || !isset($json["id"]) || !isset($json["title"]) || !ctype_alnum(str_replace(array(".", "_", "-"), "", $json["id"]))) { BigTree::deleteDirectory($cache_root); $_SESSION["upload_error"] = "The zip file uploaded does not appear to be a BigTree extension."; BigTree::redirect(DEVELOPER_ROOT . "extensions/install/"); } // Check if it's already installed if (sqlrows(sqlquery("SELECT * FROM bigtree_extensions WHERE id = '" . sqlescape($json["id"]) . "'"))) { BigTree::deleteDirectory($cache_root); $_SESSION["upload_error"] = "An extension with the id of " . htmlspecialchars($json["id"]) . " is already installed."; BigTree::redirect(DEVELOPER_ROOT . "extensions/install/"); } // Check for table collisions foreach ((array) $json["components"]["tables"] as $table => $create_statement) { if (sqlrows(sqlquery("SHOW TABLES LIKE '{$table}'"))) { $warnings[] = "A table named “{$table}” already exists — the table will be overwritten."; } } // Check file permissions and collisions foreach ((array) $json["files"] as $file) { if (!BigTree::isDirectoryWritable(SERVER_ROOT . $file)) { $errors[] = "Cannot write to {$file} — please make the root directory or file writable."; } elseif (file_exists(SERVER_ROOT . $file)) {
function store($local_file, $file_name, $relative_path, $remove_original = true, $prefixes = array()) { // If the file name ends in a disabled extension, fail. if (preg_match($this->DisabledExtensionRegEx, $file_name)) { $this->DisabledFileError = true; return false; } // If we're auto converting images to JPG from PNG $file_name = $this->convertJPEG($local_file, $file_name); // Enforce trailing slashe on relative_path $relative_path = $relative_path ? rtrim($relative_path, "/") . "/" : "files/"; if ($this->Cloud) { // Clean up the file name global $cms; $parts = BigTree::pathInfo($file_name); $clean_name = $cms->urlify($parts["filename"]); if (strlen($clean_name) > 50) { $clean_name = substr($clean_name, 0, 50); } // Best case name $file_name = $clean_name . "." . strtolower($parts["extension"]); $x = 2; // Make sure we have a unique name while (!$file_name || sqlrows(sqlquery("SELECT `timestamp` FROM bigtree_caches WHERE `identifier` = 'org.bigtreecms.cloudfiles' AND `key` = '" . sqlescape($relative_path . $file_name) . "'"))) { $file_name = $clean_name . "-{$x}." . strtolower($parts["extension"]); $x++; // Check all the prefixes, make sure they don't exist either if (is_array($prefixes) && count($prefixes)) { $prefix_query = array(); foreach ($prefixes as $prefix) { $prefix_query[] = "`key` = '" . sqlescape($relative_path . $prefix . $file_name) . "'"; } if (sqlrows(sqlquery("SELECT `timestamp` FROM bigtree_caches WHERE identifier = 'org.bigtreecms.cloudfiles' AND (" . implode(" OR ", $prefix_query) . ")"))) { $file_name = false; } } } // Upload it $success = $this->Cloud->uploadFile($local_file, $this->Settings->Container, $relative_path . $file_name, true); if ($success) { sqlquery("INSERT INTO bigtree_caches (`identifier`,`key`,`value`) VALUES ('org.bigtreecms.cloudfiles','" . sqlescape($relative_path . $file_name) . "','" . sqlescape(json_encode(array("name" => $file_name, "path" => $relative_path . $file_name, "size" => filesize($local_file)))) . "')"); } if ($remove_original) { unlink($local_file); } return $success; } else { $safe_name = BigTree::getAvailableFileName(SITE_ROOT . $relative_path, $file_name, $prefixes); if ($remove_original) { $success = BigTree::moveFile($local_file, SITE_ROOT . $relative_path . $safe_name); } else { $success = BigTree::copyFile($local_file, SITE_ROOT . $relative_path . $safe_name); } if ($success) { return "{staticroot}" . $relative_path . $safe_name; } else { return false; } } }
private function geocodeYahoo($address) { $response = BigTree::cURL("http://query.yahooapis.com/v1/public/yql?format=json&q=" . urlencode('SELECT * FROM geo.placefinder WHERE text="' . sqlescape($address) . '"')); try { if (is_string($response)) { $response = json_decode($response, true); } $lat = $response["query"]["results"]["Result"]["latitude"]; $lon = $response["query"]["results"]["Result"]["longitude"]; if ($lat && $lon) { return array("latitude" => $lat, "longitude" => $lon); } else { return false; } } catch (Exception $e) { return false; } }
<?php // Grab View Data $view = BigTreeAutoModule::getView($_POST["view"]); $module = $admin->getModule(BigTreeAutoModule::getModuleForView($view)); $access_level = $admin->getAccessLevel($module); $table = $view["table"]; if ($access_level == "p") { parse_str($_POST["sort"]); foreach ($row as $position => $id) { if (is_numeric($id)) { sqlquery("UPDATE `{$table}` SET position = '" . (count($row) - $position) . "' WHERE id = '" . sqlescape($id) . "'"); BigTreeAutoModule::recacheItem($id, $table); } else { BigTreeAutoModule::updatePendingItemField(substr($id, 1), "position", count($row) - $position); BigTreeAutoModule::recacheItem(substr($id, 1), $table, true); } } } // Find any view that uses this table for grouping and wipe its view cache $dependant = BigTreeAutoModule::getDependantViews($table); foreach ($dependant as $v) { BigTreeAutoModule::clearCache($v["table"]); }
function cacheInformation() { $cache = array(); // First we're going to update the monthly view counts for all pages. $results = $this->getData($this->Settings["profile"], "1 month ago", "today", "pageviews", "pagePath"); $used_paths = array(); foreach ($results as $item) { $clean_path = sqlescape(trim($item->pagePath, "/")); $views = sqlescape($item->pageviews); // Sometimes Google has slightly different routes like "cheese" and "cheese/" so we need to add these page views together. if (in_array($clean_path, $used_paths)) { sqlquery("UPDATE bigtree_pages SET ga_page_views = (ga_page_views + {$views}) WHERE `path` = '{$clean_path}'"); } else { sqlquery("UPDATE bigtree_pages SET ga_page_views = {$views} WHERE `path` = '{$clean_path}'"); $used_paths[] = $clean_path; } } // Service Provider report $results = $this->getData($this->Settings["profile"], "1 month ago", "today", array("pageviews", "visits"), "networkLocation", "-ga:pageviews"); foreach ($results as $item) { $cache["service_providers"][] = array("name" => $item->networkLocation, "views" => $item->pageviews, "visits" => $item->visits); } // Referrer report $results = $this->getData($this->Settings["profile"], "1 month ago", "today", array("pageviews", "visits"), "source", "-ga:pageviews"); foreach ($results as $item) { $cache["referrers"][] = array("name" => $item->source, "views" => $item->pageviews, "visits" => $item->visits); } // Keyword report $results = $this->getData($this->Settings["profile"], "1 month ago", "today", array("pageviews", "visits"), "keyword", "-ga:pageviews"); foreach ($results as $item) { $cache["keywords"][] = array("name" => $item->keyword, "views" => $item->pageviews, "visits" => $item->visits); } // Yearly Report $this->getData($this->Settings["profile"], date("Y-01-01"), date("Y-m-d"), array("pageviews", "visits", "bounces", "timeOnSite"), "browser"); $cache["year"] = $this->cacheParseLastData(); $this->getData($this->Settings["profile"], date("Y-01-01", strtotime("-1 year")), date("Y-m-d", strtotime("-1 year")), array("pageviews", "visits", "bounces", "timeOnSite"), "browser"); $cache["year_ago_year"] = $this->cacheParseLastData(); // Quarterly Report $quarters = array(1, 3, 6, 9); $current_quarter_month = $quarters[floor((date("m") - 1) / 3)]; $this->getData($this->Settings["profile"], date("Y-" . str_pad($current_quarter_month, 2, "0", STR_PAD_LEFT) . "-01"), date("Y-m-d"), array("pageviews", "visits", "bounces", "timeOnSite"), "browser"); $cache["quarter"] = $this->cacheParseLastData(); $this->getData($this->Settings["profile"], date("Y-" . str_pad($current_quarter_month, 2, "0", STR_PAD_LEFT) . "-01", strtotime("-1 year")), date("Y-m-d", strtotime("-1 year")), array("pageviews", "visits", "bounces", "timeOnSite"), "browser"); $cache["year_ago_quarter"] = $this->cacheParseLastData(); // Monthly Report $this->getData($this->Settings["profile"], date("Y-m-01"), date("Y-m-d"), array("pageviews", "visits", "bounces", "timeOnSite"), "browser"); $cache["month"] = $this->cacheParseLastData(); $this->getData($this->Settings["profile"], date("Y-m-01", strtotime("-1 year")), date("Y-m-d", strtotime("-1 year")), array("pageviews", "visits", "bounces", "timeOnSite"), "browser"); $cache["year_ago_month"] = $this->cacheParseLastData(); // Two Week Heads Up $results = $this->getData($this->Settings["profile"], date("Y-m-d", strtotime("-2 weeks")), date("Y-m-d", strtotime("-1 day")), "visits", "date", "date"); foreach ($results as $item) { $cache["two_week"][$item->date] = $item->visits; } BigTree::putFile(SERVER_ROOT . "cache/analytics.json", BigTree::json($cache)); }
<?php // Update the count sqlquery("UPDATE btx_form_builder_forms SET entries = (entries - 1) WHERE id = '" . sqlescape($_POST["form"]) . "'"); BigTreeAutoModule::recacheItem($_POST["form"], "btx_form_builder_forms"); // Delete the entry BigTreeAutoModule::deleteItem("btx_form_builder_entries", $_POST["id"]); // Show the growl and update the table header("Content-type: text/javascript"); ?> BigTree.growl("Form Builder","Deleted Entry"); $("#row_<?php echo $_POST["id"]; ?> ").remove();
<?php $fieldMod = new BigTreeModule("btx_form_builder_fields"); BigTree::globalizePOSTVars("htmlspecialchars"); $form = sqlescape($bigtree["commands"][0]); // Get cleaned up prices, dates, and entries if ($early_bird) { $early_bird_date = "'" . date("Y-m-d H:i:s", strtotime(str_replace("@", "", $_POST["early_bird_date"]))) . "'"; $early_bird_base_price = floatval(str_replace(array('$', ',', ' '), '', $_POST["early_bird_base_price"])); } else { $early_bird_date = "NULL"; } $base_price = floatval(str_replace(array('$', ',', ' '), '', $_POST["base_price"])); $max_entries = intval($max_entries); BigTreeAutoModule::updateItem("btx_form_builder_forms", $form, array("title" => $title, "paid" => $paid, "base_price" => $base_price, "early_bird_base_price" => $early_bird_base_price, "early_bird_date" => $early_bird_date, "limit_entries" => $limit_entries, "max_entries" => $max_entries)); // Setup the default column, sort position, alignment inside columns. $position = count($_POST["type"]); $column = 0; $alignment = ""; // Get all the previous fields so we know which to delete. $fields_to_delete = array(); $existing_fields = $fieldMod->getMatching("form", $form); foreach ($existing_fields as $field) { $fields_to_delete[$field["id"]] = $field["id"]; } foreach ($_POST["type"] as $key => $type) { $id = $_POST["id"][$key]; // The field still exists, remove it from the list to delete if ($id) { unset($fields_to_delete[$id]); }
<?php if (!$field["value"]) { $field["value"] = array(); } elseif (!is_array($field["value"])) { $field["value"] = json_decode($field["value"], true); } // Throw an exception if they didn't setup the field type properly if (!$field["options"]["table"] || !$field["options"]["title_column"]) { throw Exception("One-to-Many field type requires a table and a title field to be setup to function."); } $entries = array(); $sort = $field["options"]["sort_by_column"] ? $field["options"]["sort_by_column"] : $field["options"]["title_column"] . " ASC"; // Get existing entries' titles foreach ($field["value"] as $entry) { $g = sqlfetch(sqlquery("SELECT `id`,`" . $field["options"]["title_column"] . "` FROM `" . $field["options"]["table"] . "` WHERE id = '" . sqlescape($entry) . "'")); if ($g) { $entries[$g["id"]] = $g[$field["options"]["title_column"]]; } } // Gather a list of the items that could possibly be used $list = array(); $q = sqlquery("SELECT `id`,`" . $field["options"]["title_column"] . "` FROM `" . $field["options"]["table"] . "` ORDER BY {$sort}"); while ($f = sqlfetch($q)) { $list[$f["id"]] = $f[$field["options"]["title_column"]]; } // If we have a parser, send a list of the entries and available items through it. if (!empty($field["options"]["parser"])) { $list = call_user_func($field["options"]["parser"], $list, true); $entries = call_user_func($field["options"]["parser"], $entries, false); }
function resetCache($data) { sqlquery("DELETE FROM bigtree_caches WHERE `identifier` = 'org.bigtreecms.cloudfiles'"); foreach ($data as $item) { sqlquery("INSERT INTO bigtree_caches (`identifier`,`key`,`value`) VALUES ('org.bigtreecms.cloudfiles','" . sqlescape($item["path"]) . "','" . sqlescape(json_encode(array("name" => $item["name"], "path" => $item["path"], "size" => $item["size"]))) . "')"); } }
file_put_contents(SERVER_ROOT . "cache/package/manifest.json", $json); // Create the zip @unlink(SERVER_ROOT . "cache/package.zip"); include BigTree::path("inc/lib/pclzip.php"); $zip = new PclZip(SERVER_ROOT . "cache/package.zip"); $zip->create(BigTree::directoryContents(SERVER_ROOT . "cache/package/"), PCLZIP_OPT_REMOVE_PATH, SERVER_ROOT . "cache/package/"); // Remove the package directory, we do it backwards because the "deepest" files are last $contents = array_reverse(BigTree::directoryContents(SERVER_ROOT . "cache/package/")); foreach ($contents as $file) { @unlink($file); @rmdir($file); } @rmdir(SERVER_ROOT . "cache/package/"); // Store it in the database for future updates if (sqlrows(sqlquery("SELECT * FROM bigtree_extensions WHERE id = '" . sqlescape($id) . "'"))) { sqlquery("UPDATE bigtree_extensions SET name = '" . sqlescape($title) . "', version = '" . sqlescape($version) . "', last_updated = NOW(), manifest = '" . sqlescape($json) . "' WHERE id = '" . sqlescape($id) . "'"); } else { sqlquery("INSERT INTO bigtree_extensions (`id`,`type`,`name`,`version`,`last_updated`,`manifest`) VALUES ('" . sqlescape($id) . "','package','" . sqlescape($title) . "','" . sqlescape($version) . "',NOW(),'" . sqlescape($json) . "')"); } ?> <div class="container"> <section> <p>Package created successfully.</p> </section> <footer> <a href="<?php echo DEVELOPER_ROOT; ?> packages/build/download/" class="button blue">Download</a> </footer> </div>
static function tableExists($table) { $r = sqlrows(sqlquery("SHOW TABLES LIKE '" . sqlescape($table) . "'")); if ($r) { return true; } return false; }
function getMatching($fields, $values, $order = "Id ASC", $limit = false, $full_response = false) { if (!is_array($fields)) { $where = "{$fields} = '" . sqlescape($values) . "'"; } else { $x = 0; $where = array(); while ($x < count($fields)) { $where[] = $fields[$x] . " = '" . sqlescape($values[$x]) . "'"; $x++; } $where = implode(" AND ", $where); } if ($where) { $query = "SELECT " . $this->QueryFieldNames . " FROM " . $this->Name . " WHERE {$where} ORDER BY {$order}"; } else { $query = "SELECT " . $this->QueryFieldNames . " FROM " . $this->Name . " ORDER BY {$order}"; } if ($limit) { $query .= " LIMIT {$limit}"; } return $this->query($query, $full_response); }
} // Check for settings collisions foreach ((array) $json["components"]["settings"] as $setting) { if (sqlrows(sqlquery("SELECT * FROM bigtree_settings WHERE id = '" . sqlescape($setting["id"]) . "'"))) { $warnings[] = "A setting already exists with the id “" . $setting["id"] . "” — the setting will be overwritten."; } } // Check for feed collisions foreach ((array) $json["components"]["feeds"] as $feed) { if (sqlrows(sqlquery("SELECT * FROM bigtree_feeds WHERE route = '" . sqlescape($feed["route"]) . "'"))) { $warnings[] = "A feed already exists with the route “" . $feed["route"] . "” — the feed will be overwritten."; } } // Check for field type collisions foreach ((array) $json["components"]["field_types"] as $type) { if (sqlrows(sqlquery("SELECT * FROM bigtree_field_types WHERE id = '" . sqlescape($type["id"]) . "'"))) { $warnings[] = "A field type already exists with the id “" . $type["id"] . "” — the field type will be overwritten."; } } // Check for table collisions foreach ((array) $json["sql"] as $command) { if (substr($command, 0, 14) == "CREATE TABLE `") { $table = substr($command, 14); $table = substr($table, 0, strpos($table, "`")); if (sqlrows(sqlquery("SHOW TABLES LIKE '{$table}'"))) { $warnings[] = "A table named “{$table}” already exists — the table will be overwritten."; } } } // Check file permissions and collisions foreach ((array) $json["files"] as $file) {
static function updatePendingItemField($id, $field, $value) { $id = sqlescape($id); $item = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE id = '{$id}'")); $changes = json_decode($item["changes"], true); if (is_array($value)) { $value = BigTree::translateArray($value); } $changes[$field] = $value; $changes = sqlescape(json_encode($changes)); sqlquery("UPDATE bigtree_pending_changes SET changes = '{$changes}' WHERE id = '{$id}'"); }
function disconnect() { sqlquery("DELETE FROM bigtree_caches WHERE identifier = '" . sqlescape($this->CacheIdentifier) . "'"); sqlquery("DELETE FROM bigtree_settings WHERE id = '" . $this->SettingID . "'"); }
function _local_bigtree_update_103() { global $cms; // Converting resource thumbnail sizes to a properly editable feature and naming it better. $current = $cms->getSetting("resource-thumbnail-sizes"); $thumbs = json_decode($current, true); $value = array(); foreach (array_filter((array) $thumbs) as $title => $info) { $value[] = array("title" => $title, "prefix" => $info["prefix"], "width" => $info["width"], "height" => $info["height"]); } sqlquery("INSERT INTO bigtree_settings (`id`,`value`,`type`,`options`,`name`,`locked`) VALUES ('bigtree-file-manager-thumbnail-sizes','" . sqlescape(json_encode($value)) . "','array','" . sqlescape('{"fields":[{"key":"title","title":"Title","type":"text"},{"key":"prefix","title":"File Prefix (i.e. thumb_)","type":"text"},{"key":"width","title":"Width","type":"text"},{"key":"height","title":"Height","type":"text"}]}') . "','File Manager Thumbnail Sizes','on')"); sqlquery("DELETE FROM bigtree_settings WHERE id = 'resource-thumbnail-sizes'"); }
" name="permissions[module][<?php echo $m["id"]; ?> ]" value="n" <?php if (!$permissions["module"][$m["id"]] || $permissions["module"][$m["id"]] == "n") { ?> checked="checked" <?php } ?> /></span> <?php if (isset($gbp["enabled"]) && $gbp["enabled"]) { if (BigTree::tableExists($gbp["other_table"])) { $categories = array(); $ot = sqlescape($gbp["other_table"]); $tf = sqlescape($gbp["title_field"]); if ($tf && $ot) { $q = sqlquery("SELECT id,`{$tf}` FROM `{$ot}` ORDER BY `{$tf}` ASC"); ?> <ul class="depth_2"<?php if ($closed) { ?> style="display: none;"<?php } ?> > <?php while ($c = sqlfetch($q)) { ?> <li> <span class="depth"></span>
<?php // If we're replacing an existing file, find out its name if (isset($_POST["replace"])) { $admin->requireLevel(1); $replacing = $admin->getResource($_POST["replace"]); $pinfo = BigTree::pathInfo($replacing["file"]); $replacing = $pinfo["basename"]; // Set a recently replaced cookie so we don't use cached images setcookie('bigtree_admin[recently_replaced_file]', true, time() + 300, str_replace(DOMAIN, "", WWW_ROOT)); } else { $replacing = false; } $folder = isset($_POST["folder"]) ? sqlescape($_POST["folder"]) : false; $f = $_FILES["file"]; $file_name = $replacing ? $replacing : $f["name"]; // If the user doesn't have permission to upload to this folder, throw an error. $perm = $admin->getResourceFolderPermission($folder); if ($perm != "p") { $f["error"] = 9; } $error = false; // Check for file upload errors (or the permission error we faked above) if ($f["error"]) { if ($f["error"] == 2 || $f["error"] == 1) { $error = "The uploaded file was too large. (" . BigTree::formatBytes(BigTree::uploadMaxFileSize()) . " max)"; } elseif ($f["error"] == 9) { $error = "You do not have permission to upload to this folder."; } else { $error = "The upload failed (unknown error)."; }
<?php // If we always genereate a new route, don't have a route, or we're updating a pending entry. if (!$field["options"]["keep_original"] || !$bigtree["existing_data"][$field["key"]] || isset($bigtree["edit_id"]) && !is_numeric($bigtree["edit_id"])) { if ($field["options"]["not_unique"]) { $field["output"] = $cms->urlify(strip_tags($bigtree["post_data"][$field["options"]["source"]])); } else { $oroute = $cms->urlify(strip_tags($bigtree["post_data"][$field["options"]["source"]])); $field["output"] = $oroute; $x = 2; // We're going to try 1000 times at most so we don't time out while ($x < 1000 && sqlrows(sqlquery("SELECT * FROM `" . $bigtree["form"]["table"] . "` WHERE `" . $field["key"] . "` = '" . sqlescape($field["output"]) . "' AND id != '" . sqlescape($bigtree["edit_id"]) . "'"))) { $field["output"] = $oroute . "-" . $x; $x++; } if ($x == 1000) { $field["output"] = ""; } } } else { $field["ignore"] = true; }
} } $find = array("[host]", "[db]", "[user]", "[password]", "[port]", "[socket]", "[write_host]", "[write_db]", "[write_user]", "[write_password]", "[write_port]", "[write_socket]", "[domain]", "[wwwroot]", "[staticroot]", "[email]", "[settings_key]", "[force_secure_login]", "[routing]"); $replace = array($host, $db, $user, $password, $port, $socket, isset($loadbalanced) ? $write_host : "", isset($loadbalanced) ? $write_db : "", isset($loadbalanced) ? $write_user : "", isset($loadbalanced) ? $write_password : "", isset($loadbalanced) ? $write_port : "", isset($loadbalanced) ? $write_socket : "", $domain, $www_root, $static_root, $cms_user, uniqid("", true), isset($force_secure_login) ? "true" : "false", $routing == "basic" ? "basic" : "htaccess"); // Make sure we're not running in a special mode that forces values for textareas that aren't allowing null. sqlquery("SET SESSION sql_mode = ''"); $sql_queries = explode("\n", file_get_contents("bigtree.sql")); foreach ($sql_queries as $query) { $query = trim($query); if ($query != "") { $q = sqlquery($query); } } include "core/inc/lib/PasswordHash.php"; $phpass = new PasswordHash(8, TRUE); $enc_pass = sqlescape($phpass->HashPassword($cms_pass)); sqlquery("INSERT INTO bigtree_users (`email`,`password`,`name`,`level`) VALUES ('{$cms_user}','{$enc_pass}','Developer','2')"); // Determine whether Apache is running as the owner of the BigTree files -- only works if we have posix_getuid // We do this to determine whether we need to make the files the script writes 777 if (function_exists("posix_getuid")) { if (posix_getuid() == getmyuid()) { define("BT_SU_EXEC", true); } else { define("BT_SU_EXEC", false); } } else { define("BT_SU_EXEC", false); } function bt_mkdir_writable($dir) { global $root;
<?php header("Content-type: text/javascript"); $id = sqlescape($_GET["id"]); // Grab View Data $view = BigTreeAutoModule::getView($_GET["view"]); $table = $view["table"]; // Get module $module = $admin->getModule(BigTreeAutoModule::getModuleForView($_GET["view"])); // Get the item $current_item = BigTreeAutoModule::getPendingItem($table, $id); $item = $current_item["item"]; // Check permission $access_level = $admin->getAccessLevel($module, $item, $table); if ($access_level != "n") { $original_item = BigTreeAutoModule::getItem($table, $id); $original_access_level = $admin->getAccessLevel($module, $original_item["item"], $table); if ($original_access_level != "p") { $access_level = $original_access_level; } }