コード例 #1
0
ファイル: snips.php プロジェクト: kevinroberts/snippetz
 public function snip_edit()
 {
     $input = Input::instance();
     $post = $_POST;
     if (isset($post["user"]) and isset($post['snipID']) and isset($post['title']) and isset($post['lang']) and isset($post['private_check']) and isset($post['snippet'])) {
         $userID = $post["user"];
         $snipID = mysql_real_escape_string($post["snipID"]);
         $title = $post['title'];
         $snips_model = new Snip_Model();
         $language = $snips_model->brush_to_lang($post['lang']);
         $snippet = $post['snippet'];
         $private = mysql_real_escape_string($post['private_check']);
         //$description = $post['description'];
         $description = $input->post('description', NULL, TRUE);
         if (valid::standard_text($title) and valid::standard_text($userID) and strlen($private) == 1) {
             $preRestoreChars = array("~AMP~", "~EQUAL~");
             $restoreChars = array("&", "=");
             $snippet = str_replace($preRestoreChars, $restoreChars, $snippet);
             $title = str_replace($preRestoreChars, $restoreChars, $title);
             $description = str_replace($preRestoreChars, $restoreChars, $description);
             $snippet = htmlspecialchars($snippet);
             $title = mysql_real_escape_string($title);
             $snippet = mysql_real_escape_string($snippet);
             $parser_class = MARKDOWN_PARSER_CLASS;
             $parser = new $parser_class();
             $db = Database::instance();
             if ($description == 'null') {
                 $sql = "UPDATE `snippetz`.`snips` SET `language` = '" . $language . "' , `snippet` = '" . $snippet . "' , `title` = '" . $title . "' , `date_added` = CURRENT_TIMESTAMP , `private` = " . $private . " WHERE `snip_id` = " . $snipID . ";";
                 $result = $db->query($sql);
             } else {
                 $description = $parser->transform($description);
                 $description = str_replace("\n", "<br />", $description);
                 $sql = "UPDATE `snippetz`.`snips` SET `language` = '" . $language . "' , `snippet` = '" . $snippet . "' , `title` = '" . $title . "' , `date_added` = CURRENT_TIMESTAMP , `private` = " . $private . " , `description` = '" . mysql_real_escape_string($description) . "' WHERE `snip_id` = '" . $snipID . "';";
                 $result = $db->query($sql);
             }
             if ($result) {
                 echo "Success! Your snippet has been updated, view it now: <a href='/home/snip/" . $snipID . "'>here</a> .";
             } else {
                 echo "DB error";
             }
         } else {
             echo "Error: title field contains illegal characters";
             die;
         }
     } else {
         echo "Error: wrong params";
         die;
     }
 }