function InitFromForm($draft, $auto, &$errors) { global $blog; // Store draft flags $this->Draft = $draft; // Handle uploaded files if (isset($blog['uploadfolder'])) { for ($i = 1; $i <= (isset($blog['maxuploadfiles']) ? $blog['maxuploadfiles'] : 4); $i++) { if (strlen($_FILES['file' . $i]['name']) == 0) { continue; } $target_path = jabPathAppend($blog['uploadfolder'], basename($_FILES['file' . $i]['name'])); if (is_file($target_path) && jabRequestParam('overwrite') == "") { $errors[] = "File " . $_FILES['file' . $i]['name'] . " would be overwriten"; } else { if (!move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path)) { $errors[] = "Failed to upload " . $_FILES['file' . $i]['name']; } else { if (jabRequestParam("addtoarticle") != "") { $file = $_FILES['file' . $i]['name']; $ext = strrpos($file, ".") === false ? null : substr($file, strrpos($file, ".") + 1); if (in_array($ext, explode(";", "png;jpg;jpeg;tif;tiff;gif"))) { $uploadAppend .= "\n\n<center>![{$file}]({$file})</center>\n\n"; } else { $uploadAppend .= "\n\n[{$file}]({$file})\n\n"; } } } } } } $this->Title = jabRequestParam("Title"); $this->TimeStamp = jabRequestParam("TimeStamp") == "" ? 0 : strtotime(jabRequestParam("TimeStamp")); $this->Content = jabRequestParam("Content") . $uploadAppend; // Use default time if ($this->TimeStamp == 0 && !$this->Draft) { $this->TimeStamp = time(); } if (strlen($this->Title) == 0) { $errors[] = "Please specify a title"; } if (!$draft && !$auto) { if (strlen($this->Content) == 0) { $errors[] = "No article content"; } if ($this->TimeStamp == null) { $errors[] = "Invalid date/time"; $this->TimeStamp = time(); } } return sizeof($errors) == 0; }
function editor_post() { if (!jabCanUser("edit")) { return; } global $editor; $model['editor'] = $editor; $model['referrer'] = jabRequestParam("referrer"); if (strlen($model['referrer']) == 0) { $model['referrer'] = "/"; } $model['file'] = str_replace("..", ".", jabRequestParam("file")); $model['content'] = jabRequestParam("content"); // Handle no file specified if (strlen($model['file']) == 0) { return; } // Handle attempt to escape the document root if (strstr($model['file'], "..")) { return; } // Cancel? if (jabRequestParam("cancel")) { return jabRedirect($model['referrer']); } $fullpath = jabPathAppend($_SERVER['DOCUMENT_ROOT'], $model['file']); // Handle file uploads for ($i = 1; $i <= (isset($editor['maxuploadfiles']) ? $editor['maxuploadfiles'] : 4); $i++) { if (strlen($_FILES['file' . $i]['name']) == 0) { continue; } $target_path = jabPathAppend(dirname($fullpath), basename($_FILES['file' . $i]['name'])); if (is_file($target_path) && jabRequestParam('overwrite') == "") { $errors[] = "File " . $_FILES['file' . $i]['name'] . " would be overwriten"; } else { if (!move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path)) { $errors[] = "Failed to upload " . $_FILES['file' . $i]['name']; } else { if (jabRequestParam("addtoarticle") != "") { $file = $_FILES['file' . $i]['name']; $ext = strrpos($file, ".") === false ? null : substr($file, strrpos($file, ".") + 1); if (in_array($ext, explode(";", "png;jpg;jpeg;tif;tiff;gif"))) { $model['content'] .= "\n\n<center>![{$file}]({$file})</center>\n\n"; } else { $model['content'] .= "\n\n[{$file}]({$file})\n\n"; } } } } } if (jabRequestParam("delete")) { if (jabRequestParam("deleteconfirmed") == "yes") { try { unlink($fullpath); return jabRedirect($model['referrer']); } catch (Exception $ex) { $model['errors'][] = "Failed to delete {$ex->getMessage()}."; } } else { $model['errors'][] = "Press Delete again to really delete this file"; $model['deleteconfirmed'] = "yes"; } return jabRenderView("editor_view.php", $model); } if (jabRequestParam("save")) { try { $fh = @fopen($fullpath, 'w'); fwrite($fh, $model['content']); fclose($fh); jabRedirect($model['referrer']); } catch (Exception $ex) { $model['errors'][] = "Failed to save file - {$ex->getMessage()}."; } } return jabRenderView("editor_view.php", $model); }
function jabDoRouteStaticContent($urlTail, $contentRoot) { global $jab; // Remove querystring $qpos = strchr($urlTail, "?"); if ($qpos !== false) { $urlTail = substr($urlTail, 0, $qpos); } // Find jab file $path = jabPathAppend($contentRoot, $urlTail); if (is_dir($path)) { // If folder path doesn't end in trailing slash, add one and redirect if (substr($path, -1) != "/") { $url = $_SERVER['REQUEST_URI']; $qpos = strchr($url, "?"); if ($qpos !== false) { $url = substr($url, 0, $qpos); } jabRedirect("http://" . $_SERVER['HTTP_HOST'] . $url . "/"); } $path = jabPathAppend($path, "index.jab"); } else { // .html at the end is optional if (strtolower(substr($path, -5)) == ".html") { $path = substr($path, 0, -5); } // Use jab file? if (is_file($path . ".jab")) { $path .= ".jab"; } } if (jabCanUser('cms.edit')) { $model['sourceFile'] = $path; if (!is_file($path)) { $jab['missingSourceFile'] = $model['sourceFile'] . ".jab"; } } // Exists? if (!is_file($path)) { return false; } // Render it if (substr($path, -4) == ".php" || substr($path, -4) == ".jab") { jabRenderView($path, $model); } else { jabEchoFile($path); } }