function set_value(&$all_values, $sanitize = true) { if ($sanitize) { $this->value = remove_banned_words(sanitize_and_format_gpc($all_values, $this->config['dbfield'], TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD], $this->empty_value['edit'])); } elseif (isset($all_values[$this->config['dbfield']])) { $this->value = $all_values[$this->config['dbfield']]; } return true; }
function gen_blogposts_cache() { global $dbtable_prefix; $dirname = dirname(__FILE__); $temp = array(); if ($dirname[0] == '/') { // unixes here $temp = explode('/', $dirname); } else { // windows here $temp = explode('\\', $dirname); } $interval = (int) $temp[count($temp) - 1]; // that's how often we're executed ;) $short_blog_chars = 400; $config = get_site_option(array('bbcode_blogs', 'use_smilies'), 'core_blog'); require_once _BASEPATH_ . '/includes/classes/fileop.class.php'; $fileop = new fileop(); $post_ids = array(); $query = "SELECT a.`post_id`,UNIX_TIMESTAMP(a.`date_posted`) as `date_posted`,a.`fk_user_id`,a.`_user` as `user`,a.`fk_blog_id`,a.`title`,a.`post_content`,b.`_photo` as `photo`,c.`blog_name` FROM `{$dbtable_prefix}blog_posts` a,`{$dbtable_prefix}user_profiles` b,`{$dbtable_prefix}user_blogs` c WHERE a.`fk_user_id`=b.`fk_user_id` AND a.`fk_blog_id`=c.`blog_id` AND a.`status`=" . STAT_APPROVED . " AND a.`last_changed`>=DATE_SUB('" . gmdate('YmdHis') . "',INTERVAL " . ($interval + 2) . " MINUTE)"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } while ($blog = mysql_fetch_assoc($res)) { $post_ids[] = $blog['post_id']; $blog['title'] = remove_banned_words(sanitize_and_format($blog['title'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2EDIT])); $blog['post_content'] = remove_banned_words($blog['post_content']); $post_content_short = substr($blog['post_content'], 0, strrpos(substr($blog['post_content'], 0, $short_blog_chars), ' ')); $post_content_short = sanitize_and_format($post_content_short, TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]); $blog['post_content'] = sanitize_and_format($blog['post_content'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]); if (!empty($config['bbcode_blogs'])) { $blog['post_content'] = bbcode2html($blog['post_content']); $post_content_short = bbcode2html($post_content_short); } if (!empty($config['use_smilies'])) { $blog['post_content'] = text2smilies($blog['post_content']); $post_content_short = text2smilies($post_content_short); } if (empty($blog['photo']) || !is_file(_PHOTOPATH_ . '/t1/' . $blog['photo'])) { $blog['photo'] = 'no_photo.gif'; } else { $blog['has_photo'] = true; } if (empty($blog['fk_user_id'])) { unset($blog['fk_user_id']); } $towrite = '<?php $post=' . var_export($blog, true) . ';'; $fileop->file_put_contents(_CACHEPATH_ . '/blogs/posts/' . $blog['post_id'][0] . '/' . $blog['post_id'] . '.inc.php', $towrite); $blog['post_content'] = $post_content_short; $towrite = '<?php $post=' . var_export($blog, true) . ';'; $fileop->file_put_contents(_CACHEPATH_ . '/blogs/posts/' . $blog['post_id'][0] . '/' . $blog['post_id'] . '_short.inc.php', $towrite); } return true; }
$input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], array()); } if (empty($input['is_main'])) { $input['is_main'] = 0; } if (!empty($_POST['return'])) { $input['return'] = sanitize_and_format_gpc($_POST, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, ''); $nextpage = $input['return']; } if (isset($_on_after_post)) { for ($i = 0; isset($_on_after_post[$i]); ++$i) { call_user_func($_on_after_post[$i]); } } if (!$error) { $input['caption'] = remove_banned_words($input['caption']); $query = "SELECT `photo_id`,`caption`,`is_main`,`photo`,`status` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id` IN ('" . join("','", array_keys($input['caption'])) . "') AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $old_captions = array(); $old_main = 0; $photos = array(); $statuses = array(); while ($rsrow = mysql_fetch_assoc($res)) { $old_captions[$rsrow['photo_id']] = sanitize_and_format($rsrow['caption'], TYPE_STRING, $__field2format[TEXT_DB2DB]); $photos[$rsrow['photo_id']] = $rsrow['photo']; if (!empty($rsrow['is_main'])) { $old_main = $rsrow['photo_id']; } $statuses[$rsrow['photo_id']] = $rsrow['status'];
} unset($input['fk_user_id']); if (!empty($_POST['return'])) { $input['return'] = sanitize_and_format($_POST['return'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE); $nextpage = $input['return']; } // check for input errors if (empty($input['comment'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'Please enter the comment'; $input['error_comment'] = 'red_border'; } if (!$error) { $now = gmdate('YmdHis'); $input['comment'] = remove_banned_words($input['comment']); if (!empty($input['comment_id'])) { $query = "UPDATE {$table} SET `last_changed`='{$now}'"; foreach ($default['defaults'] as $k => $v) { if (isset($input[$k])) { $query .= ",`{$k}`='" . $input[$k] . "'"; } } $query .= " WHERE `comment_id`=" . $input['comment_id']; if (isset($_on_before_update)) { for ($i = 0; isset($_on_before_update[$i]); ++$i) { call_user_func($_on_before_update[$i]); } } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR);
$nextpage = $input['return']; } // check for input errors if (empty($input['title'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][17]; } if (empty($input['post_content'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][18]; } if (!$error) { $input['title'] = remove_banned_words($input['title']); $input['post_content'] = remove_banned_words($input['post_content']); $config = get_site_option(array('manual_blog_approval'), 'core_blog'); $towrite = array(); // what to write in the cache file if (!empty($input['post_id'])) { $query = "UPDATE `{$dbtable_prefix}blog_posts` SET `last_changed`='" . gmdate('YmdHis') . "'"; if ($config['manual_blog_approval']) { // set to pending only if the title or content was changed. $query2 = "SELECT `title`,`post_content` FROM `{$dbtable_prefix}blog_posts` WHERE `post_id`=" . $input['post_id']; if (!($res = @mysql_query($query2))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $rsrow = sanitize_and_format(mysql_fetch_assoc($res), TYPE_STRING, $__field2format[TEXT_DB2DB]); if (strcmp($rsrow['title'], $input['title']) != 0 || strcmp($rsrow['post_content'], $input['post_content']) != 0) { $query .= ",`status`=" . STAT_PENDING;
$input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], $user_blogs_default['defaults'][$k]); } $input['fk_user_id'] = $_SESSION[_LICENSE_KEY_]['user']['user_id']; if (!empty($_POST['return'])) { $input['return'] = sanitize_and_format_gpc($_POST, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, ''); $nextpage = $input['return']; } // check for input errors if (empty($input['blog_name'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][13]; } if (!$error) { $input['blog_name'] = remove_banned_words($input['blog_name']); $input['blog_diz'] = remove_banned_words($input['blog_diz']); require _BASEPATH_ . '/includes/classes/fileop.class.php'; $fileop = new fileop(); $towrite = array(); // what to write in the cache file if (!empty($input['blog_id'])) { foreach ($input as $k => $v) { $towrite[$k] = sanitize_and_format_gpc($_POST, $k, TYPE_STRING, $__field2format[TEXT_GPC2DISPLAY], ''); } $query = "UPDATE IGNORE `{$dbtable_prefix}user_blogs` SET "; foreach ($user_blogs_default['defaults'] as $k => $v) { if (isset($input[$k])) { $query .= "`{$k}`='" . $input[$k] . "',"; } } $query = substr($query, 0, -1);
$topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][196]; } if (empty($input['message_body'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][197]; } if (!$error) { // if the receiver didn't block me... if (!is_network_member($input['fk_user_id'], $_SESSION[_LICENSE_KEY_]['user']['user_id'], NET_BLOCK)) { // sender of the message: me $input['fk_user_id_other'] = $_SESSION[_LICENSE_KEY_]['user']['user_id']; $input['_user_other'] = $_SESSION[_LICENSE_KEY_]['user']['user']; $input['subject'] = remove_banned_words($input['subject']); $input['message_body'] = remove_banned_words($input['message_body']); if (isset($_on_before_insert)) { for ($i = 0; isset($_on_before_insert[$i]); ++$i) { call_user_func($_on_before_insert[$i]); } } queue_or_send_message($input, true); // save the message in my outbox $input['fk_user_id_other'] = $input['fk_user_id']; $input['fk_user_id'] = $_SESSION[_LICENSE_KEY_]['user']['user_id']; $input['_user_other'] = get_user_by_userid($input['fk_user_id_other']); $query = "INSERT INTO `{$dbtable_prefix}user_outbox` SET `date_sent`='" . gmdate('YmdHis') . "'"; foreach ($user_outbox_default['defaults'] as $k => $v) { if (isset($input[$k])) { $query .= ",`{$k}`='" . $input[$k] . "'"; }