/** * Return HTMLPurifier instance * * @return HTMLPurifier Returns instance */ public static function getPurifier() { if (!BaseModel::$html_purifier) { BaseModel::$html_purifier = new HTMLPurifier(); } return BaseModel::$html_purifier; }
/** * Sets value of user preference. Returns false if preference or value is invalid. * * @access public * @param string $ps_pref Name of user preference * @param mixed $ps_val Value of preference * @return bool True if preference was set; false if it could not be set. */ public function setPreference($ps_pref, $ps_val) { if ($this->isValidPreference($ps_pref)) { if ($this->purify()) { if (!BaseModel::$html_purifier) { BaseModel::$html_purifier = new HTMLPurifier(); } $ps_val = BaseModel::$html_purifier->purify($ps_val); } if ($this->isValidPreferenceValue($ps_pref, $ps_val, 1)) { $va_prefs = $this->getVar("_user_preferences"); $va_prefs[$ps_pref] = $ps_val; $this->setVar("_user_preferences", $va_prefs); return true; } else { return false; } } else { $this->postError(920, _t("%1 is not a valid user preference", $ps_pref), "User->getPreference()"); return false; } }
/** * Edits an existing comment as specified by $pn_comment_id. Will only edit comments that are attached to the * currently loaded row. If called with no row loaded editComment() will return null. If you attempt to modify * a comment not associated with the currently loaded row editComment() will return false and post an error. * Note that all parameters are mandatory in the sense that the value passed (or the default value if not passed) * will be written into the comment. For example, if you don't bother passing $ps_name then it will be set to null, even * if there's an existing name value in the field. The only exception is $pn_locale_id; if set to null or omitted then * editComment() will attempt to use the locale value in the global $g_ui_locale_id variable. If this is not set then * an error will be posted and editComment() will return false. * * @param $pn_comment_id [integer] a valid comment_id to be edited; must be related to the currently loaded row (mandatory) * @param $ps_comment [string] the text of the comment (mandatory) * @param $pn_rating [integer] a number between 1 and 5 indicating the user's rating of the row; higher is better (optional - default is null) * @param $pn_user_id [integer] A valid ca_users.user_id indicating the user who posted the comment; is null for comments from non-logged-in users (optional - default is null) * @param $pn_locale_id [integer] A valid ca_locales.locale_id indicating the language of the comment. If omitted or left null then the value in the global $g_ui_locale_id variable is used. If $g_ui_locale_id is not set and $pn_locale_id is not set then an error will occur (optional - default is to use $g_ui_locale_id) * @param $ps_name [string] Name of user posting comment. Only needs to be set if $pn_user_id is *not* set; used to identify comments posted by non-logged-in users (optional - default is null) * @param $ps_email [string] E-mail address of user posting comment. Only needs to be set if $pn_user_id is *not* set; used to identify comments posted by non-logged-in users (optional - default is null) * @param $pn_access [integer] Determines public visibility of comments; if set to 0 then comment is not visible to public; if set to 1 comment is visible (optional - default is 0) * @param $pn_moderator [integer] A valid ca_users.user_id value indicating who moderated the comment; if omitted or set to null then moderation status will not be set (optional - default is null) * @param array $pa_options Array of options. Supported options are: * purify = if true, comment, name and email are run through HTMLPurifier before being stored in the database. Default is true. * media1_original_filename = original file name to set for comment "media1" * media2_original_filename = original file name to set for comment "media2" * media3_original_filename = original file name to set for comment "media3" * media4_original_filename = original file name to set for comment "media4" */ public function editComment($pn_comment_id, $ps_comment, $pn_rating = null, $pn_user_id = null, $pn_locale_id = null, $ps_name = null, $ps_email = null, $pn_access = null, $pn_moderator = null, $pa_options = null, $ps_media1 = null, $ps_media2 = null, $ps_media3 = null, $ps_media4 = null) { global $g_ui_locale_id; if (!($vn_row_id = $this->getPrimaryKey())) { return null; } if (!$pn_locale_id) { $pn_locale_id = $g_ui_locale_id; } $t_comment = new ca_item_comments($pn_comment_id); if (!$t_comment->getPrimaryKey()) { $this->postError(2800, _t('Comment id is invalid'), 'BaseModel->editComment()', 'ca_item_comments'); return false; } if ($t_comment->get('table_num') != $this->tableNum() || $t_comment->get('row_id') != $vn_row_id) { $this->postError(2810, _t('Comment is not part of the current row'), 'BaseModel->editComment()', 'ca_item_comments'); return false; } if (!isset($pa_options['purify'])) { $pa_options['purify'] = true; } $t_comment->purify($this->purify() || $pa_options['purify']); if ((bool) $pa_options['purify']) { if (!BaseModel::$html_purifier) { BaseModel::$html_purifier = new HTMLPurifier(); } $ps_comment = BaseModel::$html_purifier->purify($ps_comment); $ps_name = BaseModel::$html_purifier->purify($ps_name); $ps_email = BaseModel::$html_purifier->purify($ps_email); } $t_comment->setMode(ACCESS_WRITE); $t_comment->set('comment', $ps_comment); $t_comment->set('rating', $pn_rating); $t_comment->set('user_id', $pn_user_id); $t_comment->set('name', $ps_name); $t_comment->set('email', $ps_email); $t_comment->set('media1', $ps_media1, array('original_filename' => $pa_options['media1_original_filename'])); $t_comment->set('media2', $ps_media2, array('original_filename' => $pa_options['media2_original_filename'])); $t_comment->set('media3', $ps_media3, array('original_filename' => $pa_options['media3_original_filename'])); $t_comment->set('media4', $ps_media4, array('original_filename' => $pa_options['media4_original_filename'])); if (!is_null($pn_moderator)) { $t_comment->set('moderated_by_user_id', $pn_moderator); $t_comment->set('moderated_on', 'now'); } if (!is_null($pn_locale_id)) { $t_comment->set('locale_id', $pn_locale_id); } $t_comment->update(); if ($t_comment->numErrors()) { $this->errors = $t_comment->errors; return false; } return true; }
/** * Set field value(s) for the table row represented by this object * * @param string|array string $pa_fields representation of a field name * or array of string representations of field names * @param mixed $pm_value value to set the given field(s) to * @param array $pa_options associative array of options * possible options (keys): * when dealing with date/time fields: * - SET_DIRECT_DATE * - SET_DIRECT_TIME * - SET_DIRECT_TIMES * * for media/files fields: * - original_filename : (note that it is lower case) optional parameter which enables you to pass the original filename of a file, in addition to the representation in the temporary, global _FILES array; * * for text fields: * - purify : if set then text input is run through HTML Purifier before being set */ public function set($pa_fields, $pm_value = "", $pa_options = null) { $this->errors = array(); if (!is_array($pa_fields)) { $pa_fields = array($pa_fields => $pm_value); } foreach ($pa_fields as $vs_field => $vm_value) { if (array_key_exists($vs_field, $this->FIELDS)) { $pa_fields_type = $this->getFieldInfo($vs_field, "FIELD_TYPE"); $pb_need_reload = false; if (!$this->verifyFieldValue($vs_field, $vm_value, $pb_need_reload)) { return false; } if ($pb_need_reload) { return true; } // was set to default if ($vs_field == $this->primaryKey()) { $vm_value = preg_replace("/[\"']/", "", $vm_value); } // what markup is supported for text fields? $vs_markup_type = $this->getFieldInfo($vs_field, "MARKUP_TYPE"); // if markup is non-HTML then strip out HTML special chars for safety if (!($vs_markup_type == __CA_MT_HTML__)) { $vm_value = htmlspecialchars($vm_value, ENT_QUOTES, 'UTF-8'); } $vs_cur_value = isset($this->_FIELD_VALUES[$vs_field]) ? $this->_FIELD_VALUES[$vs_field] : null; switch ($pa_fields_type) { case FT_NUMBER: if ($vs_cur_value != $vm_value) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } if ($vm_value !== "" || $this->getFieldInfo($vs_field, "IS_NULL") && $vm_value == "") { if ($vm_value) { if (($vs_list_code = $this->getFieldInfo($vs_field, "LIST_CODE")) && !is_numeric($vm_value)) { // translate ca_list_item idno's into item_ids if necessary if ($vn_id = ca_lists::getItemID($vs_list_code, $vm_value)) { $vm_value = $vn_id; } } else { $vm_orig_value = $vm_value; $vm_value = preg_replace("/[^\\d-.]+/", "", $vm_value); # strip non-numeric characters if (!preg_match("/^[\\-]{0,1}[\\d.]+\$/", $vm_value)) { $this->postError(1100, _t("'%1' for %2 is not numeric", $vm_orig_value, $vs_field), "BaseModel->set()"); return ""; } } } $this->_FIELD_VALUES[$vs_field] = $vm_value; } break; case FT_BIT: if ($vs_cur_value != $vm_value) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_field] = $vm_value ? 1 : 0; break; case FT_DATETIME: case FT_HISTORIC_DATETIME: case FT_DATE: case FT_HISTORIC_DATE: if ($this->DIRECT_DATETIMES || $pa_options["SET_DIRECT_DATE"]) { $this->_FIELD_VALUES[$vs_field] = $vm_value; $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } else { if (!$vm_value && $this->FIELDS[$vs_field]["IS_NULL"]) { if ($vs_cur_value) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_field] = null; } else { $o_tep = new TimeExpressionParser(); if ($pa_fields_type == FT_DATE || $pa_fields_type == FT_HISTORIC_DATE) { $va_timestamps = $o_tep->parseDate($vm_value); } else { $va_timestamps = $o_tep->parseDatetime($vm_value); } if (!$va_timestamps) { $this->postError(1805, $o_tep->getParseErrorMessage(), 'BaseModel->set()'); return false; } if ($pa_fields_type == FT_HISTORIC_DATETIME || $pa_fields_type == FT_HISTORIC_DATE) { if ($vs_cur_value != $va_timestamps["start"]) { $this->_FIELD_VALUES[$vs_field] = $va_timestamps["start"]; $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } } else { $va_timestamps = $o_tep->getUnixTimestamps(); if ($va_timestamps[0] == -1) { $this->postError(1830, $o_tep->getParseErrorMessage(), 'BaseModel->set()'); return false; } if ($vs_cur_value != $va_timestamps["start"]) { $this->_FIELD_VALUES[$vs_field] = $va_timestamps["start"]; $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } } } } break; case FT_TIME: if ($this->DIRECT_TIMES || $pa_options["SET_DIRECT_TIME"]) { $this->_FIELD_VALUES[$vs_field] = $vm_value; } else { if (!$vm_value && $this->FIELDS[$vs_field]["IS_NULL"]) { if ($vs_cur_value) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_field] = null; } else { $o_tep = new TimeExpressionParser(); if (!$o_tep->parseTime($vm_value)) { $this->postError(1805, $o_tep->getParseErrorMessage(), 'BaseModel->set()'); return false; } $va_times = $o_tep->getTimes(); if ($vs_cur_value != $va_times['start']) { $this->_FIELD_VALUES[$vs_field] = $va_times['start']; $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } } } break; case FT_TIMESTAMP: # can't set timestamp break; case FT_DATERANGE: case FT_HISTORIC_DATERANGE: $vs_start_field_name = $this->getFieldInfo($vs_field, "START"); $vs_end_field_name = $this->getFieldInfo($vs_field, "END"); $vn_start_date = isset($this->_FIELD_VALUES[$vs_start_field_name]) ? $this->_FIELD_VALUES[$vs_start_field_name] : null; $vn_end_date = isset($this->_FIELD_VALUES[$vs_end_field_name]) ? $this->_FIELD_VALUES[$vs_end_field_name] : null; if ($this->DIRECT_DATETIMES || $pa_options["SET_DIRECT_DATE"]) { if (is_array($vm_value) && sizeof($vm_value) == 2 && $vm_value[0] <= $vm_value[1]) { if ($vn_start_date != $vm_value[0]) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; $this->_FIELD_VALUES[$vs_start_field_name] = $vm_value[0]; } if ($vn_end_date != $vm_value[1]) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; $this->_FIELD_VALUES[$vs_end_field_name] = $vm_value[1]; } } else { $this->postError(1100, _t("Invalid direct date values"), "BaseModel->set()"); } } else { if (!$vm_value && $this->FIELDS[$vs_field]["IS_NULL"]) { if ($vn_start_date || $vn_end_date) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_start_field_name] = null; $this->_FIELD_VALUES[$vs_end_field_name] = null; } else { $o_tep = new TimeExpressionParser(); if (!$o_tep->parseDatetime($vm_value)) { $this->postError(1805, $o_tep->getParseErrorMessage(), 'BaseModel->set()'); return false; } if ($pa_fields_type == FT_HISTORIC_DATERANGE) { $va_timestamps = $o_tep->getHistoricTimestamps(); } else { $va_timestamps = $o_tep->getUnixTimestamps(); if ($va_timestamps[0] == -1) { $this->postError(1830, $o_tep->getParseErrorMessage(), 'BaseModel->set()'); return false; } } if ($vn_start_date != $va_timestamps["start"]) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; $this->_FIELD_VALUES[$vs_start_field_name] = $va_timestamps["start"]; } if ($vn_end_date != $va_timestamps["end"]) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; $this->_FIELD_VALUES[$vs_end_field_name] = $va_timestamps["end"]; } } } break; case FT_TIMERANGE: $vs_start_field_name = $this->getFieldInfo($vs_field, "START"); $vs_end_field_name = $this->getFieldInfo($vs_field, "END"); if ($this->DIRECT_TIMES || $pa_options["SET_DIRECT_TIMES"]) { if (is_array($vm_value) && sizeof($vm_value) == 2 && $vm_value[0] <= $vm_value[1]) { if ($this->_FIELD_VALUES[$vs_start_field_name] != $vm_value[0]) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; $this->_FIELD_VALUES[$vs_start_field_name] = $vm_value[0]; } if ($this->_FIELD_VALUES[$vs_end_field_name] != $vm_value[1]) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; $this->_FIELD_VALUES[$vs_end_field_name] = $vm_value[1]; } } else { $this->postError(1100, _t("Invalid direct time values"), "BaseModel->set()"); } } else { if (!$vm_value && $this->FIELDS[$vs_field]["IS_NULL"]) { if ($this->_FIELD_VALUES[$vs_start_field_name] || $this->_FIELD_VALUES[$vs_end_field_name]) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_start_field_name] = null; $this->_FIELD_VALUES[$vs_end_field_name] = null; } else { $o_tep = new TimeExpressionParser(); if (!$o_tep->parseTime($vm_value)) { $this->postError(1805, $o_tep->getParseErrorMessage(), 'BaseModel->set()'); return false; } $va_timestamps = $o_tep->getTimes(); if ($this->_FIELD_VALUES[$vs_start_field_name] != $va_timestamps["start"]) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; $this->_FIELD_VALUES[$vs_start_field_name] = $va_timestamps["start"]; } if ($this->_FIELD_VALUES[$vs_end_field_name] != $va_timestamps["end"]) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; $this->_FIELD_VALUES[$vs_end_field_name] = $va_timestamps["end"]; } } } break; case FT_TIMECODE: $o_tp = new TimecodeParser(); if ($o_tp->parse($vm_value)) { if ($o_tp->getParsedValueInSeconds() != $vs_cur_value) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; $this->_FIELD_VALUES[$vs_field] = $o_tp->getParsedValueInSeconds(); } } break; case FT_TEXT: $vm_value = (string) $vm_value; if (is_string($vm_value)) { $vm_value = stripSlashes($vm_value); } if (isset($pa_options['purify']) && $pa_options['purify'] || (bool) $this->opb_purify_input || $this->getFieldInfo($vs_field, "PURIFY") || (bool) $this->getAppConfig()->get('useHTMLPurifier')) { if (!BaseModel::$html_purifier) { BaseModel::$html_purifier = new HTMLPurifier(); } $vm_value = BaseModel::$html_purifier->purify((string) $vm_value); } if ($this->getFieldInfo($vs_field, "DISPLAY_TYPE") == DT_LIST_MULTIPLE) { if (is_array($vm_value)) { if (!($vs_list_multiple_delimiter = $this->getFieldInfo($vs_field, 'LIST_MULTIPLE_DELIMITER'))) { $vs_list_multiple_delimiter = ';'; } $vs_string_value = join($vs_list_multiple_delimiter, $vm_value); $vs_string_value = str_replace("", '', $vs_string_value); if ($vs_cur_value !== $vs_string_value) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_field] = $vs_string_value; } } else { $vm_value = str_replace("", '', $vm_value); if ($this->getFieldInfo($vs_field, "ENTITY_ENCODE_INPUT")) { $vs_value_entity_encoded = htmlentities(html_entity_decode($vm_value)); if ($vs_cur_value !== $vs_value_entity_encoded) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_field] = $vs_value_entity_encoded; } else { if ($this->getFieldInfo($vs_field, "URL_ENCODE_INPUT")) { $vs_value_url_encoded = urlencode($vm_value); if ($vs_cur_value !== $vs_value_url_encoded) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_field] = $vs_value_url_encoded; } else { if ($vs_cur_value !== $vm_value) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_field] = $vm_value; } } } break; case FT_PASSWORD: if (!$vm_value) { // store blank passwords as blank, not MD5 of blank $this->_FIELD_VALUES[$vs_field] = $vs_crypt_pw = ""; } else { if ($this->_CONFIG->get("use_old_style_passwords")) { $vs_crypt_pw = crypt($vm_value, substr($vm_value, 0, 2)); } else { $vs_crypt_pw = md5($vm_value); } if ($vs_cur_value != $vm_value && $vs_cur_value != $vs_crypt_pw) { $this->_FIELD_VALUES[$vs_field] = $vs_crypt_pw; } if ($vs_cur_value != $vs_crypt_pw) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } } break; case FT_VARS: if (md5(print_r($vs_cur_value, true)) != md5(print_r($vm_value, true))) { $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } $this->_FIELD_VALUES[$vs_field] = $vm_value; break; case FT_MEDIA: case FT_FILE: $vb_allow_fetching_of_urls = (bool) $this->_CONFIG->get('allow_fetching_of_media_from_remote_urls'); # if there's a tmp_name is the global _FILES array # then we'll process it in insert()/update()... $this->_SET_FILES[$vs_field]['options'] = $pa_options; if (caGetOSFamily() == OS_WIN32) { // fix for paths using backslashes on Windows failing in processing $vm_value = str_replace('\\', '/', $vm_value); } $va_matches = null; if (is_string($vm_value) && (file_exists($vm_value) || $vb_allow_fetching_of_urls && isURL($vm_value))) { $this->_SET_FILES[$vs_field]['original_filename'] = $pa_options["original_filename"]; $this->_SET_FILES[$vs_field]['tmp_name'] = $vm_value; $this->_FIELD_VALUE_CHANGED[$vs_field] = true; } else { # only return error when file name is not 'none' # 'none' is PHP's stupid way of telling you there # isn't a file... if ($vm_value != "none" && $vm_value) { //$this->postError(1500,_t("%1 does not exist", $vm_value),"BaseModel->set()"); } return false; } break; default: die("Invalid field type in BaseModel->set()"); break; } } else { $this->postError(710, _t("'%1' does not exist in this object", $vs_field), "BaseModel->set()"); return false; } } return true; }