/**
* Function: submit
* Submits a post to the blog owner.
*/
public function route_submit()
{
if (!Visitor::current()->group->can("submit_article")) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to submit articles."));
}
if (!empty($_POST)) {
if (!isset($_POST['hash']) or $_POST['hash'] != Config::current()->secure_hashkey) {
show_403(__("Access Denied"), __("Invalid security key."));
}
if (empty($_POST['body'])) {
Flash::notice(__("Post body can't be empty!"), redirect("/"));
}
if (!isset($_POST['draft'])) {
$_POST['draft'] = "true";
}
$_POST['body'] = "{$_POST['body']}\n\n\n{$_POST['name']}\n{$_POST['email']}\n";
$post = Feathers::$instances[$_POST['feather']]->submit();
if (!in_array(false, $post)) {
Flash::notice(__("Thank you for your submission. ", "submission"), "/");
}
}
if (Theme::current()->file_exists("forms/post/submit")) {
MainController::current()->display("forms/post/submit", array("feather" => $feather), __("Submit a Text Post"));
} else {
require "pages/submit.php";
}
}
public function delete_link($text = null, $before = null, $after = null, $classes = "")
{
if (!$this->deletable()) {
return false;
}
fallback($text, __("Delete"));
$name = strtolower(get_class($this));
echo $before . '<a href="' . url("delete_attachment/" . $this->id, MainController::current()) . '" title="Delete" class="' . ($classes ? $classes . " " : '') . $name . '_delete_link delete_link" id="' . $name . '_delete_' . $this->id . '">' . $text . '</a>' . $after;
}
public function pingback_ping($args)
{
$config = Config::current();
$linked_from = str_replace('&', '&', $args[0]);
$linked_to = str_replace('&', '&', $args[1]);
$cleaned_url = str_replace(array("http://www.", "http://"), "", $config->url);
if ($linked_to == $linked_from) {
return new IXR_ERROR(0, __("The from and to URLs cannot be the same."));
}
if (!substr_count($linked_to, $cleaned_url)) {
return new IXR_Error(0, __("There doesn't seem to be a valid link in your request."));
}
if (preg_match("/url=([^&#]+)/", $linked_to, $url)) {
$post = new Post(array("url" => $url[1]));
} else {
$post = MainController::current()->post_from_url(null, str_replace(rtrim($config->url, "/"), "/", $linked_to), true);
}
if (!$post) {
return new IXR_Error(33, __("I can't find a post from that URL."));
}
# Wait for the "from" server to publish
sleep(1);
$from = parse_url($linked_from);
if (empty($from["host"])) {
return false;
}
if (empty($from["scheme"]) or $from["scheme"] != "http") {
$linked_from = "http://" . $linked_from;
}
# Grab the page that linked here.
$content = get_remote($linked_from);
# Get the title of the page.
preg_match("/<title>([^<]+)<\\/title>/i", $content, $title);
$title = $title[1];
if (empty($title)) {
return new IXR_Error(32, __("There isn't a title on that page."));
}
$content = strip_tags($content, "<a>");
$url = preg_quote($linked_to, "/");
if (!preg_match("/<a[^>]*{$url}[^>]*>([^>]*)<\\/a>/", $content, $context)) {
$url = str_replace("&", "&", preg_quote($linked_to, "/"));
if (!preg_match("/<a[^>]*{$url}[^>]*>([^>]*)<\\/a>/", $content, $context)) {
$url = str_replace("&", "&", preg_quote($linked_to, "/"));
if (!preg_match("/<a[^>]*{$url}[^>]*>([^>]*)<\\/a>/", $content, $context)) {
return false;
}
}
}
$context[1] = truncate($context[1], 100, "...", true);
$excerpt = strip_tags(str_replace($context[0], $context[1], $content));
$match = preg_quote($context[1], "/");
$excerpt = preg_replace("/.*?\\s(.{0,100}{$match}.{0,100})\\s.*/s", "\\1", $excerpt);
$excerpt = "[...] " . trim(normalize($excerpt)) . " [...]";
Trigger::current()->call("pingback", $post, $linked_to, $linked_from, $title, $excerpt);
return _f("Pingback from %s to %s registered!", array($linked_from, $linked_to));
}
<?php
if (defined('AJAX') and AJAX or isset($_POST['ajax'])) {
foreach ($backtrace as $trace) {
$body .= "\n" . _f("%s on line %d", array($trace["file"], fallback($trace["line"], 0)));
}
exit($body . "HEY_JAVASCRIPT_THIS_IS_AN_ERROR_JUST_SO_YOU_KNOW");
}
$jquery = is_callable(array("Config", "current")) ? Config::current()->url . "/includes/lib/gz.php?file=jquery.js" : "http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js";
Route::current(MainController::current());
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Chyrp: <?php
echo $title;
?>
</title>
<script src="<?php
echo $jquery;
?>
" type="text/javascript" charset="utf-8"></script>
<style type="text/css">
html, body, ul, ol, li,
h1, h2, h3, h4, h5, h6,
form, fieldset, a, p {
margin: 0;
padding: 0;
border: 0;
/**
* Function: show_404
* Shows a 404 error message and immediately exits.
*
* Parameters:
* $scope - An array of values to extract into the scope.
*/
function show_404()
{
header("HTTP/1.1 404 Not Found");
if (!defined('CHYRP_VERSION')) {
exit("404 Not Found");
}
$theme = Theme::current();
$main = MainController::current();
Trigger::current()->call("not_found");
if ($theme->file_exists("pages/404")) {
$main->display("pages/404", array(), "404");
} else {
error(__("404 Not Found"), __("The requested page could not be located."));
}
exit;
}
public function ajax_tag_post()
{
if (empty($_POST['name']) or empty($_POST['post'])) {
exit("{}");
}
$sql = SQL::current();
$post = new Post($_POST['post']);
$tag = $_POST['name'];
if (!$post->editable()) {
exit("{}");
}
$tags = $sql->select("post_attributes", "value", array("name" => "tags", "post_id" => $post->id));
if ($tags and $value = $tags->fetchColumn()) {
$tags = YAML::load($value);
} else {
$tags = array();
}
$tags[$tag] = sanitize($tag);
$sql->replace("post_attributes", array("post_id", "name"), array("name" => "tags", "value" => YAML::dump($tags), "post_id" => $post->id));
exit("{ url: \"" . url("tag/" . $tags[$tag], MainController::current()) . "\", tag: \"" . $_POST['name'] . "\" }");
}
<?php
define('AJAX', true);
require_once "common.php";
# Prepare the controller.
$main = MainController::current();
# Parse the route.
$route = Route::current($main);
if (!$visitor->group->can("view_site")) {
if ($trigger->exists("can_not_view_site")) {
$trigger->call("can_not_view_site");
} else {
show_403(__("Access Denied"), __("You are not allowed to view this site."));
}
}
switch ($_POST['action']) {
case "edit_post":
if (!isset($_POST['id'])) {
error(__("No ID Specified"), __("Please specify an ID of the post you would like to edit."));
}
$post = new Post($_POST['id'], array("filter" => false, "drafts" => true));
if ($post->no_results) {
header("HTTP/1.1 404 Not Found");
$trigger->call("not_found");
exit;
}
if (!$post->editable()) {
show_403(__("Access Denied"), __("You do not have sufficient privileges to edit posts."));
}
$title = $post->title();
$theme_file = THEME_DIR . "/forms/feathers/" . $post->feather . ".php";
echo _f("%s on line %d", array($trace["file"], fallback($trace["line"], 0)));
?>
</code></li>
<?php
}
?>
</ol>
<?php
}
?>
<div class="clear"></div>
<?php
if (class_exists("Route") and !logged_in() and $body != __("Route was initiated without a Controller.")) {
?>
<a href="<?php
echo url("login", MainController::current());
?>
" class="big login"><?php
echo __("Log In");
?>
→</a>
<?php
}
?>
<div class="clear last"></div>
</div>
</div>
<?php
if (defined("CHYRP_VERSION")) {
?>
<p class="footer">Chyrp <?php
static function ajax()
{
header("Content-Type: application/x-javascript", true);
$config = Config::current();
$sql = SQL::current();
$trigger = Trigger::current();
$visitor = Visitor::current();
$theme = Theme::current();
$main = MainController::current();
switch ($_POST['action']) {
case "reload_comments":
$post = new Post($_POST['post_id']);
if ($post->no_results) {
break;
}
if ($post->latest_comment > $_POST['last_comment']) {
$new_comments = $sql->select("comments", "id, created_at", array("post_id" => $_POST['post_id'], "created_at >" => $_POST['last_comment'], "status not" => "spam", "status != 'denied' OR (\n (\n user_id != 0 AND\n user_id = :visitor_id\n ) OR (\n id IN " . self::visitor_comments() . "\n )\n )"), "created_at ASC", array(":visitor_id" => $visitor->id));
$ids = array();
$last_comment = "";
while ($the_comment = $new_comments->fetchObject()) {
$ids[] = $the_comment->id;
if (strtotime($last_comment) < strtotime($the_comment->created_at)) {
$last_comment = $the_comment->created_at;
}
}
?>
{ comment_ids: [ <?php
echo implode(", ", $ids);
?>
], last_comment: "<?php
echo $last_comment;
?>
" }
<?php
}
break;
case "show_comment":
$comment = new Comment($_POST['comment_id']);
$trigger->call("show_comment", $comment);
$main->display("content/comment", array("comment" => $comment));
break;
case "delete_comment":
$comment = new Comment($_POST['id']);
if (!$comment->deletable()) {
break;
}
Comment::delete($_POST['id']);
break;
case "edit_comment":
$comment = new Comment($_POST['comment_id'], array("filter" => false));
if (!$comment->editable()) {
break;
}
if ($theme->file_exists("forms/comment/edit")) {
$main->display("forms/comment/edit", array("comment" => $comment));
} else {
require "edit_form.php";
}
break;
}
}
/**
* Function: url
* Returns a page's URL.
*/
public function url()
{
if ($this->no_results) {
return false;
}
$config = Config::current();
if (!$config->clean_urls) {
return $config->url . "/?action=page&url=" . urlencode($this->url);
}
$url = array("", urlencode($this->url));
$page = $this;
while (isset($page->parent_id) and $page->parent_id) {
$url[] = urlencode($page->parent->url);
$page = $page->parent;
}
return url("page/" . implode("/", array_reverse($url)), MainController::current());
}
