/**
* The second last process, should only be getting everything
* syntaxically correct, rather than doing any heavy processing
*
* @author Anthony Short
* @return $css string
*/
public static function post_process()
{
if ($found = CSS::find_properties_with_value('image-replace', 'url\\([\'\\"]?([^)]+)[\'\\"]?\\)')) {
foreach ($found[4] as $key => $value) {
$path = $url = str_replace("\\", "/", unquote($value));
# If they're getting an absolute file
if ($path[0] == "/") {
$path = DOCROOT . ltrim($path, "/");
}
# Check if it exists
if (!file_exists($path)) {
FB::log("ImageReplace - Image doesn't exist " . $path);
}
# Make sure it's an image
if (!is_image($path)) {
FB::log("ImageReplace - File is not an image: {$path}");
}
// Get the size of the image file
$size = GetImageSize($path);
$width = $size[0];
$height = $size[1];
// Make sure theres a value so it doesn't break the css
if (!$width && !$height) {
$width = $height = 0;
}
// Build the selector
$properties = "\n\t\t\t\t\tbackground:url({$url}) no-repeat 0 0;\n\t\t\t\t\theight:{$height}px;\n\t\t\t\t\twidth:{$width}px;\n\t\t\t\t\tdisplay:block;\n\t\t\t\t\ttext-indent:-9999px;\n\t\t\t\t\toverflow:hidden;\n\t\t\t\t";
CSS::replace($found[2][$key], $properties);
}
# Remove any left overs
CSS::replace($found[1], '');
}
}
/**
* unquoting data
*
* Function unquotes data
*
* @param array $arr array of data to unquote
*/
function unquote(&$arr)
{
foreach ($arr as $index => $value) {
if (is_array($arr[$index])) {
unquote($arr[$index]);
} else {
$arr[$index] = stripslashes($arr[$index]);
}
}
}
/**
* Imports css via @import statements
*
* @author Anthony Short
* @param $css
*/
public static function server_import($css, $previous = "")
{
# If they want to override the CSS syntax
if (CSScaffold::config('core.override_import') === true) {
$import = 'import';
} else {
$import = 'include';
}
if (preg_match_all('/\\@' . $import . '\\s+(?:\'|\\")([^\'\\"]+)(?:\'|\\")\\;/', $css, $matches)) {
$unique = array_unique($matches[1]);
$include = str_replace("\\", "/", unquote($unique[0]));
# If they're getting an absolute file
if ($include[0] == "/") {
$include = DOCROOT . ltrim($include, "/");
}
# Make sure recursion isn't happening
if ($include == $previous) {
throw new Scaffold_Exception("Recursion occurring with CSS @includes in {$include}");
}
# If they haven't supplied an extension, we'll assume its a css file
if (pathinfo($include, PATHINFO_EXTENSION) == "") {
$include .= '.css';
}
# Make sure it's a CSS file
if (!is_css($include)) {
throw new Scaffold_Exception("Included file isn't a CSS file ({$include})");
}
# If the url starts with ~, we'll assume it's from the root of the css directory
if ($include[0] == "~") {
$include = ltrim($include, '~/');
$include = CSScaffold::config('core.path.css') . $include;
}
if (file_exists($include)) {
# Make sure it hasn't already been included
if (!in_array($include, self::$loaded)) {
self::$loaded[] = $include;
$css = str_replace($matches[0][0], file_get_contents($include), $css);
} else {
$css = str_replace($matches[0][0], '', $css);
}
# Compress it which removes any commented out @imports
CSS::compress($css);
# Check the file again for more imports
$css = self::server_import($css, $include);
} else {
throw new Scaffold_Exception("Included CSS file doesn't exist ({$include})");
}
}
return $css;
}
/**
* @param string $value
* @return mixed
*/
function normalize($value)
{
switch (strtolower($value)) {
case "true":
return true;
case "false":
return false;
case "empty":
return "";
case "null":
return null;
}
return unquote($value);
}
function handleOptionSave($theme, $album)
{
$sorttype = strtolower(sanitize($_POST['sortby'], 3));
if ($sorttype == 'custom') {
$sorttype = unquote(strtolower(sanitize($_POST['customimagesort'], 3)));
}
setOption('favorites_image_sort_type', $sorttype);
if ($sorttype == 'manual' || $sorttype == 'random') {
setOption('favorites_image_sort_direction', 0);
} else {
if (empty($sorttype)) {
$direction = 0;
} else {
$direction = isset($_POST['image_sortdirection']);
}
setOption('favorites_image_sort_direction', $direction ? 'DESC' : '');
}
$sorttype = strtolower(sanitize($_POST['subalbumsortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST['customalbumsort'], 3));
}
setOption('favorites_album_sort_type', $sorttype);
if ($sorttype == 'manual' || $sorttype == 'random') {
$direction = 0;
} else {
$direction = isset($_POST['album_sortdirection']);
}
setOption('favorites_album_sort_direction', $direction ? 'DESC' : '');
return false;
}
/**
* Finds all url()'s that start with ~/ and replaces it
* with the CSS url.
*
* @return void
*/
public static function replace_css_urls()
{
if ($found = CSS::find_functions('url')) {
foreach ($found[1] as $url) {
$url = unquote($url);
if ($url[0] == "~") {
self::replace($url, str_replace('~/', CSScaffold::config('core.url.css'), $url));
}
}
}
}
/**
* Parses the parameters of the base
*
* @author Anthony Short
* @param $params
* @return array
*/
public static function parse_params($mixin_name, $params, $function_args = array())
{
$parsed = array();
# Make sure any commas inside ()'s, such as rgba(255,255,255,0.5) are encoded before exploding
# so that it doesn't break the rule.
if (preg_match_all('/\\([^)]*?,[^)]*?\\)/', $params, $matches)) {
foreach ($matches as $key => $value) {
$original = $value;
$new = str_replace(',', '#COMMA#', $value);
$params = str_replace($original, $new, $params);
}
}
$mixin_params = explode(',', $params);
# Loop through each function arg and create the parsed params array
foreach ($function_args as $key => $value) {
$v = explode('=', $value);
# If the user didn't include one of thesparams, we'll check to see if a default is available
if (empty($mixin_params[$key])) {
# If there is a default value for the param
if (strstr($value, '=')) {
$parsed[trim($v[0])] = unquote(trim($v[1]));
} else {
throw new Scaffold_Exception("Mixins.missing_param", $mixin_name);
}
} else {
$p = explode(",", $params);
$value = unquote(trim($p[$key]));
$parsed[trim($v[0])] = str_replace('#COMMA#', ',', $value);
}
}
return $parsed;
}
/**
* Get AUTH info from session data.
*/
protected function initInfo()
{
if (is_string($this->store)) {
$this->store = extract_dsn($this->store);
}
switch ($this->store['driver']) {
case 'none':
$this->info = null;
break;
case 'session':
session_start();
$this->info = isset($_SESSION['AUTH']) ? $_SESSION['AUTH'] : null;
break;
case 'cookie':
$this->info = array_chunk_assoc($_COOKIE, 'AUTH', '_');
break;
case 'request':
$this->info = isset($_REQUEST['AUTH']) ? $_REQUEST['AUTH'] : null;
break;
case 'env':
$this->info = split_set(';', unquote(getenv('AUTH')));
break;
case 'http':
$this->info = getenv('REMOTE_USER') ? array('username' => getenv('REMOTE_USER')) : null;
break;
case 'posix':
$this->info = array('uid' => posix_getuid());
break;
case 'posix_username':
$this->info = array('username' => posix_getlogin());
break;
default:
throw new Exception("Invalid option '{$this->store['driver']}' specified for retrieving info.");
}
}
/**
* Split a string on $seperator as key=value, grouping values between quotes and round brackets.
*
* @param string $seperator Character list; Split on any character in $seperator. With .. you can specify a range of characters.
* @param string $string
* @param string $unquote Character list; Trim these characters for each part. TRUE: remove ' and ";
* @return array
*/
function split_set($seperator, $string, $unquote = true)
{
if (!is_scalar($string) || empty($string)) {
return $string;
}
$matches = null;
$seperator = str_replace('\\.\\.', '-', preg_quote($seperator));
if ($unquote === true) {
$unquote = '\'"';
}
$str = "";
$values = array();
preg_match_all('/(?:([^' . $seperator . '=]+)\\s*\\=)?((?:(`[^`]*`)|("(?:\\\\"|[^"])*")|(\'(?:\\\\\'|[^\'])*\')|\\((?:(?R)|[' . $seperator . '])*\\)|([^`"\'()' . $seperator . ']+))+)/', $string, $matches, PREG_SET_ORDER);
foreach ($matches as $match) {
$value = trim($match[2]);
if ($value == 'false') {
$value = false;
} elseif ($value == 'true') {
$value = true;
}
if (empty($match[1])) {
$values[] = $unquote && is_string($value) ? unquote($value, $unquote) : $value;
} else {
parse_key(trim($match[1]), $unquote && is_string($value) ? unquote($value, $unquote) : $value, $values);
}
}
return $values;
}
/**
* Retrive Record from current query and numId
*
* @access public
* @param string $req current query
* @param integer $numId Number of record from current query
* @param boolean $error if true return POST value
*/
function recupElement($req, $numId, $error = false)
{
include_once INCLUDE_LIB . 'ParsingQuery.class.php';
$tabQueryElement = ParsingQuery::explodeSelect($req);
$tabQueryElement['SELECT'] = 'ROWID, ' . $tabQueryElement['SELECT'];
if (preg_match('#FROM#i', $req)) {
$tabFrom = explode(',', $tabQueryElement['FROM']);
foreach ($tabFrom as $key => $value) {
$tabFrom[$key] = brackets(unquote($value));
}
$tabQueryElement['FROM'] = implode(',', $tabFrom);
}
if (preg_match('#LIMIT#i', $req)) {
$tabLimit = explode(',', $tabQueryElement['LIMIT']);
$tabQueryElement['LIMIT'] = (int) $tabLimit[0] + $numId . ',1';
} else {
$tabQueryElement['LIMIT'] = $numId . ',1';
}
$querySearch = '';
foreach ($tabQueryElement as $clause => $contentClause) {
$querySearch .= $clause . ' ' . $contentClause . ' ';
}
$this->connId->connId->query($querySearch);
$tabData = $this->connId->connId->fetch_array(null, $this->connId->connId->getVersion() == 3 ? SQLITE_BOTH : SQLITE_ASSOC);
if ($this->connId->connId->getVersion() == 3) {
$tabData["ROWID"] = $tabData[0];
}
if ($error) {
foreach ($tabData as $fieldname => $fieldvalue) {
if (isset($_POST[$fieldname])) {
$tabData[$fieldname] = $_POST[$fieldname];
}
}
}
return $tabData;
}
/**
* Extract childqueries for tree data from sql query (only for SELECT queries) and replace them with NULL in the main query.
* Returns array(main query, array(subquery1, parent field, child field), [array(subquery2, parent field, child field), ...])
*
* @param string $sql
* @return array
*/
public static function extractTree($sql)
{
// There are certainly no childqueries
if (!preg_match('/^SELECT\\b/i', $sql) || !preg_match('/\\b(?:VALUES|ROWS)\\s*\\(\\s*SELECT\\b/i', $sql)) {
return array($sql);
}
if (!preg_match('/^(' . self::REGEX_VALUES . ')(?:\\b(?:VALUES|ROWS)\\s*(\\(\\s*SELECT\\b.*))$/si', $sql)) {
return array($sql);
}
// Extract any childqueries
$parts = self::splitSelectQuery($sql);
$columns = self::splitColumns($parts['columns']);
$tree = null;
$matches = null;
foreach ($columns as $i => $column) {
if (preg_match('/^(?:VALUES|(ROWS))\\s*+\\((SELECT\\b\\s*+' . self::REGEX_VALUES . ')(?:\\bCASCADE\\s++ON\\b\\s*+(' . self::REGEX_IDENTIFIER . ')\\s*+\\=\\s*+(' . self::REGEX_IDENTIFIER . '))?\\s*+\\)\\s*+(?:AS\\b\\s*+(' . self::REGEX_IDENTIFIER . '))?$/si', trim($column), $matches)) {
if (!isset($tree)) {
$tree = array(null);
}
if (!empty($matches[3]) && !empty($matches[4])) {
$alias = !empty($matches[5]) ? $matches[5] : `tree:col{$i}`;
$columns[$i] = $matches[4] . " AS {$alias}";
$child_parts = self::splitSelectQuery($matches[2]);
$child_parts['columns'] .= ", " . $matches[3] . " AS `tree:join`";
$child_parts['where'] = (!empty($child_parts['where']) ? '(' . $child_parts['where'] . ') AND ' : '') . $matches[3] . " IN (?)";
$child_parts['order by'] = $matches[3] . (!empty($child_parts['order by']) ? ", " . $child_parts['order by'] : '');
$tree[] = array(unquote($alias, '`'), self::join($child_parts), $matches[1] ? DB::FETCH_ORDERED : DB::FETCH_VALUE, true);
} else {
$columns[$i] = 'NULL' . (!empty($matches[5]) ? ' AS ' . $matches[5] : '');
trigger_error("Incorrect tree query statement: Child query should end with 'CASCADE ON `parent_field` = `child_field`'. " . $column, E_USER_WARNING);
}
}
}
if (!isset($tree)) {
return array($sql);
}
$parts['columns'] = join(', ', $columns);
$tree[0] = self::join($parts);
return $tree;
}
/**
* Parses the parameters of the base
*
* @author Anthony Short
* @param $params
* @return array
*/
public static function parse_params($mixin_name, $params, $function_args = array())
{
$parsed = array();
$mixin_params = explode(',', $params);
# Loop through each function arg and create the parsed params array
foreach ($function_args as $key => $value) {
$v = explode('=', $value);
# If the user didn't include one of thesparams, we'll check to see if a default is available
if (empty($mixin_params[$key])) {
# If there is a default value for the param
if (strstr($value, '=')) {
$parsed[trim($v[0])] = unquote(trim($v[1]));
} else {
throw new Scaffold_Exception("Mixins.missing_param", $mixin_name);
}
} else {
$p = explode(",", $params);
$parsed[trim($v[0])] = unquote(trim($p[$key]));
}
}
return $parsed;
}
/**
* processes the post from the above
* @param int $index the index of the entry in mass edit or 0 if single album
* @param object $album the album object
* @param string $redirectto used to redirect page refresh on move/copy/rename
*@return string error flag if passwords don't match
*@since 1.1.3
*/
function processAlbumEdit($index, $album, &$redirectto)
{
global $gallery;
$redirectto = NULL;
// no redirection required
if ($index == 0) {
$prefix = '';
} else {
$prefix = "{$index}-";
}
$tagsprefix = 'tags_' . $prefix;
$notify = '';
$album->setTitle(process_language_string_save($prefix . 'albumtitle', 2));
$album->setDesc(process_language_string_save($prefix . 'albumdesc', 0));
$tags = array();
$l = strlen($tagsprefix);
foreach ($_POST as $key => $value) {
$key = postIndexDecode($key);
if (substr($key, 0, $l) == $tagsprefix) {
if ($value) {
$tags[] = substr($key, $l);
}
}
}
$tags = array_unique($tags);
$album->setTags($tags);
$album->setDateTime(sanitize($_POST[$prefix . "albumdate"]));
$album->setLocation(process_language_string_save($prefix . 'albumlocation', 3));
if (isset($_POST[$prefix . 'thumb'])) {
$album->setAlbumThumb(sanitize($_POST[$prefix . 'thumb']));
}
$album->setShow(isset($_POST[$prefix . 'Published']));
$album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments']));
$sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3));
if ($sorttype == 'custom') {
$sorttype = unquote(strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3)));
}
$album->setSortType($sorttype);
if ($sorttype == 'manual' || $sorttype == 'random') {
$album->setSortDirection('image', 0);
} else {
if (empty($sorttype)) {
$direction = 0;
} else {
$direction = isset($_POST[$prefix . 'image_sortdirection']);
}
$album->setSortDirection('image', $direction);
}
$sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3));
}
$album->setSubalbumSortType($sorttype);
if ($sorttype == 'manual' || $sorttype == 'random') {
$album->setSortDirection('album', 0);
} else {
$album->setSortDirection('album', isset($_POST[$prefix . 'album_sortdirection']));
}
if (isset($_POST[$prefix . 'reset_hitcounter'])) {
$album->set('hitcounter', 0);
}
if (isset($_POST[$prefix . 'reset_rating'])) {
$album->set('total_value', 0);
$album->set('total_votes', 0);
$album->set('used_ips', 0);
}
$fail = '';
if (sanitize($_POST[$prefix . 'password_enabled'])) {
$olduser = $album->getUser();
$newuser = sanitize($_POST[$prefix . 'albumuser']);
$pwd = trim(sanitize($_POST[$prefix . 'albumpass']));
if ($olduser != $newuser) {
if (!empty($newuser) && empty($pwd) && empty($pwd2)) {
$fail = '&mismatch=user';
}
}
if (!$fail && $_POST[$prefix . 'albumpass'] == $_POST[$prefix . 'albumpass_2']) {
$album->setUser($newuser);
if (empty($pwd)) {
if (empty($_POST[$prefix . 'albumpass'])) {
$album->setPassword(NULL);
// clear the album password
}
} else {
$album->setPassword($pwd);
}
} else {
if (empty($fail)) {
$notify = '&mismatch=album';
} else {
$notify = $fail;
}
}
}
$oldtheme = $album->getAlbumTheme();
if (isset($_POST[$prefix . 'album_theme'])) {
$newtheme = sanitize($_POST[$prefix . 'album_theme']);
if ($oldtheme != $newtheme) {
$album->setAlbumTheme($newtheme);
}
}
$album->setPasswordHint(process_language_string_save($prefix . 'albumpass_hint', 3));
if (isset($_POST[$prefix . 'album_watermark'])) {
$album->setWatermark(sanitize($_POST[$prefix . 'album_watermark'], 3));
$album->setWatermarkThumb(sanitize($_POST[$prefix . 'album_watermark_thumb'], 3));
}
$codeblock1 = sanitize($_POST[$prefix . 'codeblock1'], 0);
$codeblock2 = sanitize($_POST[$prefix . 'codeblock2'], 0);
$codeblock3 = sanitize($_POST[$prefix . 'codeblock3'], 0);
$codeblock = serialize(array("1" => $codeblock1, "2" => $codeblock2, "3" => $codeblock3));
$album->setCodeblock($codeblock);
if (isset($_POST[$prefix . '-owner'])) {
$album->setOwner(sanitize($_POST[$prefix . '-owner']));
}
$custom = process_language_string_save($prefix . 'album_custom_data', 1);
$album->setCustomData(zp_apply_filter('save_album_custom_data', $custom, $prefix));
zp_apply_filter('save_album_utilities_data', $album, $prefix);
$album->save();
// Move/Copy/Rename the album after saving.
$movecopyrename_action = '';
if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) {
$movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3);
}
if ($movecopyrename_action == 'delete') {
$dest = dirname($album->name);
if ($album->remove()) {
if ($dest == '/' || $dest == '.') {
$dest = '';
}
$redirectto = $dest;
} else {
$notify = "&mcrerr=7";
}
}
if ($movecopyrename_action == 'move') {
$dest = trim(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3));
// Append the album name.
$dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name));
if ($dest && $dest != $album->name) {
if ($album->isDynamic()) {
// be sure there is a .alb suffix
if (substr($dest, -4) != '.alb') {
$dest .= '.alb';
}
}
if ($e = $album->moveAlbum($dest)) {
$notify = "&mcrerr=" . $e;
} else {
$redirectto = $dest;
}
} else {
// Cannot move album to same album.
$notify = "&mcrerr=3";
}
} else {
if ($movecopyrename_action == 'copy') {
$dest = trim(sanitize_path($_POST['a' . $prefix . '-albumselect']));
if ($dest && $dest != $album->name) {
if ($e = $album->copy($dest)) {
$notify = "&mcrerr=" . $e;
}
} else {
// Cannot copy album to existing album.
// Or, copy with rename?
$notify = '&mcrerr=3';
}
} else {
if ($movecopyrename_action == 'rename') {
$renameto = trim(sanitize_path($_POST['a' . $prefix . '-renameto'], 3));
$renameto = str_replace(array('/', '\\'), '', $renameto);
if (dirname($album->name) != '.') {
$renameto = dirname($album->name) . '/' . $renameto;
}
if ($renameto != $album->name) {
if ($album->isDynamic()) {
// be sure there is a .alb suffix
if (substr($renameto, -4) != '.alb') {
$renameto .= '.alb';
}
}
if ($e = $album->rename($renameto)) {
$notify = "&mcrerr=" . $e;
} else {
$redirectto = $renameto;
}
} else {
$notify = "&mcrerr=3";
}
}
}
}
return $notify;
}
function killHTML($CONTENT)
{
$CONTENT = htmlspecialchars(unquote($CONTENT), ENT_QUOTES);
return $CONTENT;
}
/**
* Split arguments and add them to the node.
*
* @param HTTPd_DOMElement $node
* @param string $arglist Unparsed arguments.
*/
protected function parseArguments(HTTPd_DOMElement $node, $arglist)
{
if (!preg_match_all('/\\[(?:[^"\'\\]]++|"(?:[^"\\\\]++|\\\\.)*+"|\'(?:[^\'\\\\]++|\\\\.)*+\')\\]|[^"\'\\s]++|"(?:[^"\\\\]++|\\\\.)*+"|\'(?:[^\'\\\\]++|\\\\.)*+\'/s', str_replace("\\\n", "\n", $arglist), $matches, PREG_PATTERN_ORDER)) {
return;
}
foreach ($matches[0] as $i => $value) {
$node->addArgument(unquote($value));
}
}
/**
* Replace constants
*
* @author Anthony Short
* @param $
* @return return type
*/
public static function replace()
{
if (!empty(self::$constants)) {
foreach (self::$constants as $key => $value) {
if ($value != "") {
if (CSScaffold::config('core.use_css_constants') === true) {
CSS::replace("const({$key})", unquote($value));
} else {
CSS::replace("!{$key}", unquote($value));
}
}
}
self::$constants = array();
} else {
if (preg_match_all('/![a-zA-Z0-9-_]+/', CSS::$css, $matches)) {
$missing = array_values(array_unique($matches[0]));
# Remove !important
unset($missing[array_search('!important', $missing)]);
if (!empty($missing)) {
$missing = "<ul><li>" . implode("</li><li>", $missing) . "</li></ul>";
throw new Scaffold_Exception('Constants.missing_constants', $missing);
}
}
}
}
/**
* processes the post from the above
* @param int $index the index of the entry in mass edit or 0 if single album
* @param object $album the album object
* @param string $redirectto used to redirect page refresh on move/copy/rename
* @return string error flag if passwords don't match
* @since 1.1.3
*/
function processAlbumEdit($index, &$album, &$redirectto)
{
$redirectto = NULL;
// no redirection required
if ($index == 0) {
$prefix = $suffix = '';
} else {
$prefix = "{$index}-";
$suffix = "_{$index}";
}
$notify = '';
$album->setTitle(process_language_string_save($prefix . 'albumtitle', 2));
$album->setDesc(process_language_string_save($prefix . 'albumdesc', EDITOR_SANITIZE_LEVEL));
if (isset($_POST['tag_list_tags_' . $prefix])) {
$tags = sanitize($_POST['tag_list_tags_' . $prefix]);
} else {
$tags = array();
}
$tags = array_unique($tags);
$album->setTags($tags);
if (isset($_POST[$prefix . 'thumb'])) {
$album->setThumb(sanitize($_POST[$prefix . 'thumb']));
}
$album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments']));
$sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3));
if ($sorttype == 'custom') {
$sorttype = unquote(strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3)));
}
$album->setSortType($sorttype);
if ($sorttype == 'manual' || $sorttype == 'random') {
$album->setSortDirection(false, 'image');
} else {
if (empty($sorttype)) {
$direction = false;
} else {
$direction = isset($_POST[$prefix . 'image_sortdirection']);
}
$album->setSortDirection($direction, 'image');
}
$sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3));
}
$album->setSortType($sorttype, 'album');
if ($sorttype == 'manual' || $sorttype == 'random') {
$album->setSortDirection(false, 'album');
} else {
$album->setSortDirection(isset($_POST[$prefix . 'album_sortdirection']), 'album');
}
if (isset($_POST['reset_hitcounter' . $prefix])) {
$album->set('hitcounter', 0);
}
if (isset($_POST[$prefix . 'reset_rating'])) {
$album->set('total_value', 0);
$album->set('total_votes', 0);
$album->set('used_ips', 0);
}
$pubdate = $album->setPublishDate(sanitize($_POST['publishdate-' . $prefix]));
$album->setExpireDate(sanitize($_POST['expirationdate-' . $prefix]));
$fail = '';
processCredentials($album, $suffix);
$oldtheme = $album->getAlbumTheme();
if (isset($_POST[$prefix . 'album_theme'])) {
$newtheme = sanitize($_POST[$prefix . 'album_theme']);
if ($oldtheme != $newtheme) {
$album->setAlbumTheme($newtheme);
}
}
if (isset($_POST[$prefix . 'album_watermark'])) {
$album->setWatermark(sanitize($_POST[$prefix . 'album_watermark'], 3));
$album->setWatermarkThumb(sanitize($_POST[$prefix . 'album_watermark_thumb'], 3));
}
$album->setShow(isset($_POST[$prefix . 'Published']));
zp_apply_filter('save_album_custom_data', NULL, $prefix, $album);
zp_apply_filter('save_album_utilities_data', $album, $prefix);
$album->save();
// Move/Copy/Rename the album after saving.
$movecopyrename_action = '';
if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) {
$movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3);
}
if ($movecopyrename_action == 'delete') {
$dest = dirname($album->name);
if ($album->remove()) {
if ($dest == '/' || $dest == '.') {
$dest = '';
}
$redirectto = $dest;
} else {
$notify = "&mcrerr=7";
}
}
if ($movecopyrename_action == 'move') {
$dest = sanitize_path($_POST['a' . $prefix . '-albumselect']);
// Append the album name.
$dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name));
if ($dest && $dest != $album->name) {
if ($suffix = $album->isDynamic()) {
// be sure there is a .alb suffix
if (substr($dest, -4) != '.' . $suffix) {
$dest .= '.' . suffix;
}
}
if ($e = $album->move($dest)) {
$notify = "&mcrerr=" . $e;
} else {
$redirectto = $dest;
}
} else {
// Cannot move album to same album.
$notify = "&mcrerr=3";
}
} else {
if ($movecopyrename_action == 'copy') {
$dest = sanitize_path($_POST['a' . $prefix . '-albumselect']);
if ($dest && $dest != $album->name) {
if ($e = $album->copy($dest)) {
$notify = "&mcrerr=" . $e;
}
} else {
// Cannot copy album to existing album.
// Or, copy with rename?
$notify = '&mcrerr=3';
}
} else {
if ($movecopyrename_action == 'rename') {
$renameto = sanitize_path($_POST['a' . $prefix . '-renameto']);
$renameto = str_replace(array('/', '\\'), '', $renameto);
if (dirname($album->name) != '.') {
$renameto = dirname($album->name) . '/' . $renameto;
}
if ($renameto != $album->name) {
if ($suffix = $album->isDynamic()) {
// be sure there is a .alb suffix
if (substr($renameto, -4) != '.' . $suffix) {
$renameto .= '.' . $suffix;
}
}
if ($e = $album->rename($renameto)) {
$notify = "&mcrerr=" . $e;
} else {
$redirectto = $renameto;
}
} else {
$notify = "&mcrerr=3";
}
}
}
}
return $notify;
}
/**
* Verify if the result can be modify or deleted
* if true, return the table name else return false
*
* @access public
* @param string $query
*/
function checkAccessResult($query)
{
if (preg_match('#EXPLAIN|JOIN|GROUP[[:space:]]#i', $query)) {
return false;
}
$match = 'WHERE|ORDER|LIMIT';
if (preg_match("#{$match}#i", $query)) {
preg_match('#FROM(.*)(' . $match . ')#i', $query, $result);
} else {
preg_match('#FROM(.*)#i', $query, $result);
}
if (isset($result[1])) {
$listTable = trim($result[1]);
$posEnd = strrpos($listTable, ';');
if ($posEnd) {
$listTable = substr($listTable, 0, $posEnd);
}
} else {
$listTable = '';
}
$GLOBALS['TableListImpact'] = $listTable;
if (strpos($listTable, ',')) {
return false;
}
$tableNAme = unquote(trim($listTable));
if ($res = $this->connId->getResId('SELECT type FROM sqlite_master WHERE name LIKE ' . quotes($tableNAme))) {
}
if (@$this->connId->connId->fetch_single() != 'table') {
return false;
} else {
return $tableNAme;
}
}
}
}
setOption('search_fields', implode(',', $searchfields));
setOption('search_cache_duration', sanitize_numeric($_POST['search_cache_duration']));
$notify = processCredentials('search');
setOption('exact_tag_match', sanitize($_POST['tag_match']));
setOption('exact_string_match', sanitize($_POST['string_match']));
setOption('search_space_is', sanitize($_POST['search_space_is']));
setOption('search_no_albums', (int) isset($_POST['search_no_albums']));
setOption('search_no_images', (int) isset($_POST['search_no_images']));
setOption('search_no_pages', (int) isset($_POST['search_no_pages']));
setOption('search_no_news', (int) isset($_POST['search_no_news']));
setOption('search_within', (int) ($_POST['search_within'] && true));
$sorttype = strtolower(sanitize($_POST['sortby'], 3));
if ($sorttype == 'custom') {
$sorttype = unquote(strtolower(sanitize($_POST['customimagesort'], 3)));
}
setOption('search_image_sort_type', $sorttype);
if ($sorttype == 'random') {
setOption('search_image_sort_direction', 0);
} else {
if (empty($sorttype)) {
$direction = 0;
} else {
$direction = isset($_POST['image_sortdirection']);
}
setOption('search_image_sort_direction', $direction);
}
$sorttype = strtolower(sanitize($_POST['subalbumsortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST['customalbumsort'], 3));
/**
* Extract the connection parameters from a DSN string.
* Returns array(driver, filters, props)
*
* @param string|array $dsn
* @return array
*/
public static function extractDSN($dsn)
{
$args = array();
$filters = array();
$props = array();
$matches = null;
// Extract DSN
if (!is_string($dsn)) {
$props = $dsn;
$driver = strtolower(array_shift($props));
} elseif (strpos($dsn, '+') !== false && preg_match_all('/((?:\\"(?:[^\\"\\\\]++|\\\\.)++\\")|(?:\'(?:[^\'\\\\]++|\\\\.)++\')|[^\\+\\"\']++)++/', $dsn, $matches) >= 2) {
$a = null;
$driver = 'container';
$props = $matches[0];
$filters = null;
foreach ($props as $i => $prop) {
if (preg_match('/^\\s*(filter\\s*(?:\\[("(?:\\\\"|[^"])*")|(\'(?:\\\\\'|[^\'])*\'|[^\\]]+)\\]\\s*)?)=(.*)$/', $prop, $filters)) {
parse_str($filters[1] . '=' . unquote(trim($filters[2])), $a);
$filters = array_replace_recursive($filters, $a);
unset($props[$i]);
}
}
} else {
$props = extract_dsn($dsn);
$driver = strtolower(array_shift($props));
}
// Get filters and properties from arguments
if (isset($args['filter'])) {
$filters = $args['filter'];
unset($args['filter']);
if (!is_array($filters)) {
$filters = split_set(',', $filters);
}
}
return array($driver, $filters, $props);
}