//End Security for CSRF attacks global $Knews_plugin, $wpdb; if ($Knews_plugin) { if (!$Knews_plugin->initialized) { $Knews_plugin->init(); } require_once KNEWS_DIR . '/includes/knews_util.php'; $id = $Knews_plugin->post_safe('idnews'); $title = $Knews_plugin->post_safe('title', '', 'unsafe'); $code = $Knews_plugin->post_safe('code', '', 'unsafe'); $newstype = $Knews_plugin->post_safe('newstype', 'unknown'); $date = $Knews_plugin->get_mysql_date(); $code = str_replace('#@!', '<', $code); //WYSIWYG editor issues $code = knews_rgb2hex($code); if (!knews_is_utf8($code)) { $codeModule = utf8_encode($code); } $code = $Knews_plugin->htmlentities_corrected($code); //$title=$Knews_plugin->htmlentities_corrected($title); // (opcio beta) if (!knews_is_utf8($title)) $title=utf8_encode($title); if (strlen($Knews_plugin->post_safe('testslash', '', 'unsafe')) == 5) { $title = esc_sql($title); $query = "UPDATE " . KNEWS_NEWSLETTERS . " SET html_mailing='" . esc_sql($code) . "', modified='" . $date . "', subject='" . $title . "', newstype='" . $newstype . "' WHERE id=" . $id; } else { $query = "UPDATE " . KNEWS_NEWSLETTERS . " SET html_mailing='" . $code . "', modified='" . $date . "', subject='" . $title . "', newstype='" . $newstype . "' WHERE id=" . $id; } if ($wpdb->query($query)) { $query = "SELECT id FROM " . KNEWS_NEWSLETTERS . " WHERE id_mobile=" . $id; $newsparent = $wpdb->get_results($query); if (count($newsparent) > 0) {
} $count_modules++; } } $containerModulesTemplate = knews_cut_code('<!--[open_insertion_container_start]-->', '<!--[close_insertion_container_start]-->', $bodyTemplate, true) . knews_cut_code('<!--[open_insertion_container_end]-->', '<!--[close_insertion_container_end]-->', $bodyTemplate, true); $bodyTemplate = knews_iterative_extract_code('<!--[open_ignore_code]-->', '<!--[close_ignore_code]-->', $bodyTemplate, true); $bodyTemplate = knews_iterative_extract_code('<!--[', ']-->', $bodyTemplate, true); $codeTemplate = str_replace(' ', ' ', $codeTemplate); $date = $Knews_plugin->get_mysql_date(); if (!knews_is_utf8($bodyTemplate)) { $bodyTemplate = utf8_encode($bodyTemplate); } if (!knews_is_utf8($headTemplate)) { $headTemplate = utf8_encode($headTemplate); } if (!knews_is_utf8($codeModule)) { $codeModule = utf8_encode($codeModule); } $bodyTemplate = esc_sql($Knews_plugin->htmlentities_corrected($bodyTemplate)); $headTemplate = esc_sql($Knews_plugin->htmlentities_corrected($headTemplate)); $codeModule = esc_sql($Knews_plugin->htmlentities_corrected($codeModule)); $sql = "INSERT INTO " . KNEWS_NEWSLETTERS . "(name, created, modified, template, html_mailing, html_head, html_modules, html_container, subject, lang, automated, mobile, id_mobile, newstype) VALUES ('" . $name . "', '" . $date . "', '" . $date . "','" . $template . "','" . $bodyTemplate . "','" . $headTemplate . "','" . $codeModule . "','" . $containerModulesTemplate . "','', '" . $Knews_plugin->post_safe('lang') . "', 0, " . ($mobile ? "1" : "0") . ", 0, '" . $newstype . "')"; if ($wpdb->query($sql)) { $id_edit = $Knews_plugin->real_insert_id(); //pro if ($mobile) { $sql = "UPDATE " . KNEWS_NEWSLETTERS . " SET id_mobile=" . $id_edit . ", modified='" . $date . "', newstype='" . $newstype . "' WHERE id=" . $Knews_plugin->post_safe('parent', 0, 'int'); if ($wpdb->query($sql)) { //$id_parent=$wpdb->insert_id; $id_parent=mysql_insert_id(); if ($id_parent==0) $id_parent=$id_parent; } }