/** * post a new table or an updated table * * This function populates the error context, where applicable. * * @param array an array of fields * @return the id of the new table, or FALSE on error * * @see tables/edit.php * @see tables/populate.php **/ public static function post(&$fields) { global $context; // no query if (!isset($fields['query']) || !trim($fields['query'])) { Logger::error(i18n::s('Please add some SQL query.')); return FALSE; } // no anchor reference if (!isset($fields['anchor']) || !trim($fields['anchor'])) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // get the anchor if (!isset($fields['anchor']) || !($anchor = Anchors::get($fields['anchor']))) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // set default values if (!isset($fields['with_zoom'])) { $fields['with_zoom'] = 'N'; } // set default values for this editor Surfer::check_default_editor($fields); // maybe we have to modify an existing table if (isset($fields['id'])) { // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // update the existing record $query = "UPDATE " . SQL::table_name('tables') . " SET " . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "query='" . SQL::escape($fields['query']) . "'," . "with_zoom='" . SQL::escape(isset($fields['with_zoom']) ? $fields['with_zoom'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'" . " WHERE id = " . SQL::escape($fields['id']); // insert a new record } else { $query = "INSERT INTO " . SQL::table_name('tables') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "'," . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "query='" . SQL::escape(isset($fields['query']) ? $fields['query'] : '') . "'," . "with_zoom='" . SQL::escape(isset($fields['with_zoom']) ? $fields['with_zoom'] : '') . "'," . "edit_name='" . $fields['edit_name'] . "'," . "edit_id=" . $fields['edit_id'] . "," . "edit_address='" . $fields['edit_address'] . "'," . "edit_date='" . $fields['edit_date'] . "'"; } // actual insert if (SQL::query($query) === FALSE) { return FALSE; } // remember the id of the new item if (!isset($fields['id'])) { $fields['id'] = SQL::get_last_id($context['connection']); } // clear the cache for tables if (isset($fields['id'])) { $topics = array('tables', 'table:' . $fields['id']); } else { $topics = 'tables'; } Cache::clear($topics); // return the id of the new item return $fields['id']; }
/** * update a link * * @param array an array of fields * @return boolean TRUE on success, FALSE on error **/ public static function put(&$fields) { global $context; // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // no link if (!$fields['link_url']) { Logger::error(i18n::s('No link URL has been provided.')); return FALSE; } // no anchor reference if (!$fields['anchor']) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); // update the existing record $query = "UPDATE " . SQL::table_name('links') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)," . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)," . "link_url='" . SQL::escape($fields['link_url']) . "', " . "link_target='" . SQL::escape(isset($fields['link_target']) ? $fields['link_target'] : '') . "', " . "link_title='" . SQL::escape(isset($fields['link_title']) ? $fields['link_title'] : '') . "', " . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'"; // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='link:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // update only one record $query .= " WHERE id = " . SQL::escape($fields['id']); // do the job if (!SQL::query($query)) { return FALSE; } // clear the cache for links Links::clear($fields); // report on result return TRUE; }
/** * change the template of a section * * This function saves the template as an attribute of the section. * * Also, it attempts to translate it as a valid YACS skin made * of [code]template.php[/code] and [code]skin.php[/code]. * The theme name is [code]section_<id>[/code]. * * Lastly, it updates the options field to actually use the template for pages of this section. * * @param int the id of the target section * @param string the new or updated template * @return string either a null string, or some text describing an error to be inserted into the html response * * @see services/blog.php * @see skins/import.php **/ public static function put_template($id, $template, $directory = NULL) { global $context; // id cannot be empty if (!$id || !is_numeric($id)) { return i18n::s('No item has the provided id.'); } // load section attributes if (!($item = Sections::get($id))) { return i18n::s('No item has the provided id.'); } // locate the new skin if (!$directory) { $directory = 'section_' . $id; } // make a valid YACS skin include_once $context['path_to_root'] . 'skins/import.php'; if ($error = Import::process($template, $directory)) { return $error; } // change the skin for this section $options = preg_replace('/\\bskin_.+\\b/i', '', $item['options']) . ' skin_' . $directory; // set default values for this editor Surfer::check_default_editor(array()); // update an existing record $query = "UPDATE " . SQL::table_name('sections') . " SET " . "template='" . SQL::escape($template) . "',\n" . "options='" . SQL::escape($options) . "',\n" . "edit_name='" . SQL::escape($fields['edit_name']) . "',\n" . "edit_id=" . SQL::escape($fields['edit_id']) . ",\n" . "edit_address='" . SQL::escape($fields['edit_address']) . "',\n" . "edit_action='section:update',\n" . "edit_date='" . SQL::escape($fields['edit_date']) . "'\n" . "\tWHERE id = " . SQL::escape($id); SQL::query($query); // clear the cache because of the new rendering Sections::clear(array('sections', 'section:' . $id, 'categories')); }
/** * post a new server or an updated server * * @see servers/edit.php * @see servers/populate.php * * @param array an array of fields * @return string either a null string, or some text describing an error to be inserted into the html response **/ public static function post(&$fields) { global $context; // no title if (!$fields['title']) { return i18n::s('No title has been provided.'); } // clear the cache for servers Cache::clear('servers'); if (isset($fields['id'])) { Cache::clear('server:' . $fields['id']); } // protect from hackers if (isset($fields['main_url'])) { $fields['main_url'] = encode_link($fields['main_url']); } if (isset($fields['feed_url'])) { $fields['feed_url'] = encode_link($fields['feed_url']); } if (isset($fields['ping_url'])) { $fields['ping_url'] = encode_link($fields['ping_url']); } if (isset($fields['search_url'])) { $fields['search_url'] = encode_link($fields['search_url']); } if (isset($fields['monitor_url'])) { $fields['monitor_url'] = encode_link($fields['monitor_url']); } // make a host name if (!isset($fields['host_name'])) { $fields['host_name'] = ''; } if (!$fields['host_name']) { if (($parts = parse_url($fields['main_url'])) && isset($parts['host'])) { $fields['host_name'] = $parts['host']; } } if (!$fields['host_name']) { if (($parts = parse_url($fields['feed_url'])) && isset($parts['host'])) { $fields['host_name'] = $parts['host']; } } if (!$fields['host_name']) { if (($parts = parse_url($fields['ping_url'])) && isset($parts['host'])) { $fields['host_name'] = $parts['host']; } } if (!$fields['host_name']) { if (($parts = parse_url($fields['monitor_url'])) && isset($parts['host'])) { $fields['host_name'] = $parts['host']; } } if (!$fields['host_name']) { if (($parts = parse_url($fields['search_url'])) && isset($parts['host'])) { $fields['host_name'] = $parts['host']; } } // set default values if (!isset($fields['active']) || !$fields['active']) { $fields['active'] = 'Y'; } if (!isset($fields['process_ping']) || $fields['process_ping'] != 'Y') { $fields['process_ping'] = 'N'; } if (!isset($fields['process_monitor']) || $fields['process_monitor'] != 'Y') { $fields['process_monitor'] = 'N'; } if (!isset($fields['process_search']) || $fields['process_search'] != 'Y') { $fields['process_search'] = 'N'; } // set default values for this editor Surfer::check_default_editor($fields); // update the existing record if (isset($fields['id'])) { // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { return i18n::s('No item has the provided id.'); } // update the existing record $query = "UPDATE " . SQL::table_name('servers') . " SET " . "title='" . SQL::escape($fields['title']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "main_url='" . SQL::escape($fields['main_url']) . "', " . "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : '') . "', " . "submit_feed='" . SQL::escape($fields['submit_feed'] == 'Y' ? 'Y' : 'N') . "', " . "feed_url='" . SQL::escape($fields['feed_url']) . "', " . "submit_ping='" . SQL::escape($fields['submit_ping'] == 'Y' ? 'Y' : 'N') . "', " . "ping_url='" . SQL::escape($fields['ping_url']) . "', " . "process_ping='" . SQL::escape($fields['process_ping'] == 'Y' ? 'Y' : 'N') . "', " . "submit_monitor='" . SQL::escape($fields['submit_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "monitor_url='" . SQL::escape($fields['monitor_url']) . "', " . "process_monitor='" . SQL::escape($fields['process_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "submit_search='" . SQL::escape($fields['submit_search'] == 'Y' ? 'Y' : 'N') . "', " . "search_url='" . SQL::escape($fields['search_url']) . "', " . "process_search='" . SQL::escape($fields['process_search'] == 'Y' ? 'Y' : 'N') . "'," . "host_name='" . SQL::escape($fields['host_name']) . "'," . "active='" . SQL::escape($fields['active']) . "'"; // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } $query .= " WHERE id = " . SQL::escape($fields['id']); if (SQL::query($query) === FALSE) { return $query . BR . SQL::error(); } // insert a new record } else { // always remember the date $query = "INSERT INTO " . SQL::table_name('servers') . " SET "; if (isset($fields['id']) && $fields['id']) { $query .= "id='" . SQL::escape($fields['id']) . "',"; } $query .= "title='" . SQL::escape($fields['title']) . "', " . "host_name='" . SQL::escape($fields['host_name']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "main_url='" . SQL::escape($fields['main_url']) . "', " . "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : 'category:1') . "', " . "submit_feed='" . SQL::escape($fields['submit_feed'] == 'Y' ? 'Y' : 'N') . "', " . "feed_url='" . SQL::escape($fields['feed_url']) . "', " . "submit_ping='" . SQL::escape($fields['submit_ping'] == 'Y' ? 'Y' : 'N') . "', " . "ping_url='" . SQL::escape($fields['ping_url']) . "', " . "process_ping='" . SQL::escape($fields['process_ping'] == 'Y' ? 'Y' : 'N') . "', " . "submit_monitor='" . SQL::escape($fields['submit_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "monitor_url='" . SQL::escape($fields['monitor_url']) . "', " . "process_monitor='" . SQL::escape($fields['process_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "submit_search='" . SQL::escape($fields['submit_search'] == 'Y' ? 'Y' : 'N') . "', " . "search_url='" . SQL::escape($fields['search_url']) . "', " . "process_search='" . SQL::escape($fields['process_search'] == 'Y' ? 'Y' : 'N') . "', " . "active='" . SQL::escape($fields['active']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; if (SQL::query($query) === FALSE) { return $query . BR . SQL::error(); } } // end of job return NULL; }
/** * post a new comment or an updated comment * * The surfer signature is also appended to the comment, if any. * * This function populates the error context, where applicable. * * @param array an array of fields * @return the id of the new comment, or FALSE on error * * @see agents/messages.php * @see comments/edit.php * @see comments/post.php **/ public static function post(&$fields) { global $context; // ensure this item has a type if (!isset($fields['type'])) { $fields['type'] = 'attention'; } // comment is mandatory, except for approvals if (!$fields['description'] && $fields['type'] != 'approval') { Logger::error(i18n::s('No comment has been transmitted.')); return FALSE; } // no anchor reference if (!$fields['anchor']) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // get the anchor if (!($anchor = Anchors::get($fields['anchor']))) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); if (!isset($fields['edit_date']) || $fields['edit_date'] <= NULL_DATE) { $fields['edit_date'] = gmstrftime('%Y-%m-%d %H:%M:%S'); } // reinforce date formats if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) { $fields['create_date'] = $fields['edit_date']; } // update the existing record if (isset($fields['id'])) { // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // update the existing record $query = "UPDATE " . SQL::table_name('comments') . " SET " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "'"; // maybe another anchor if ($fields['anchor']) { $query .= ", anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)"; } // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } $query .= " WHERE id = " . SQL::escape($fields['id']); // insert a new record } else { $query = "INSERT INTO " . SQL::table_name('comments') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1), " . "previous_id='" . SQL::escape(isset($fields['previous_id']) ? $fields['previous_id'] : 0) . "', " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "create_name='" . SQL::escape($fields['edit_name']) . "', " . "create_id=" . SQL::escape($fields['edit_id']) . ", " . "create_address='" . SQL::escape($fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:create', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query if (SQL::query($query) === FALSE) { return FALSE; } // remember the id of the new item if (!isset($fields['id'])) { $fields['id'] = SQL::get_last_id($context['connection']); } // clear the cache for comments Comments::clear($fields); // end of job return $fields['id']; }
/** * post a new location or an updated location * * This function populates the error context, where applicable. * * @param array an array of fields * @return the id of the new location, or FALSE on error * * @see locations/edit.php **/ public static function post(&$fields) { global $context; // no geo_place_name if (!$fields['geo_place_name']) { Logger::error(i18n::s('Please add a geo_place_name for this location')); return FALSE; } // no anchor reference if (!$fields['anchor']) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); // extract latitude and longitude if (isset($fields['geo_position']) && $fields['geo_position']) { list($latitude, $longitude) = preg_split('/[\\s,;]+/', $fields['geo_position']); } // update the existing record if (isset($fields['id'])) { // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // update the existing record $query = "UPDATE " . SQL::table_name('locations') . " SET " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '0') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '0') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'"; // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } $query .= " WHERE id = " . SQL::escape($fields['id']); // insert a new record } else { // always remember the date $query = "INSERT INTO " . SQL::table_name('locations') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query if (SQL::query($query) === FALSE) { return FALSE; } // remember the id of the new item if (!isset($fields['id'])) { $fields['id'] = SQL::get_last_id($context['connection']); } // clear the cache for locations Locations::clear($fields); // end of job return $fields['id']; }
/** * process uploaded file * * This function processes files from the temporary directory, and put them at their definitive * place. * * It returns FALSE if there is a disk error, or if some virus has been detected, or if * the operation fails for some other reason (e.g., file size). * * @param array usually, $_FILES['upload'] * @param string target location for the file * @param mixed reference to the target anchor, of a function to parse every file individually * @return mixed file name or array of file names or FALSE if an error has occured */ public static function upload($input, $file_path, $target = NULL, $overlay = NULL) { global $context, $_REQUEST; // size exceeds php.ini settings -- UPLOAD_ERR_INI_SIZE if (isset($input['error']) && $input['error'] == 1) { Logger::error(i18n::s('The size of this file is over limit.')); } elseif (isset($input['error']) && $input['error'] == 2) { Logger::error(i18n::s('The size of this file is over limit.')); } elseif (isset($input['error']) && $input['error'] == 3) { Logger::error(i18n::s('No file has been transmitted.')); } elseif (isset($input['error']) && $input['error'] == 4) { Logger::error(i18n::s('No file has been transmitted.')); } elseif (!$input['size']) { Logger::error(i18n::s('No file has been transmitted.')); } // do we have a file? if (!isset($input['name']) || !$input['name'] || $input['name'] == 'none') { return FALSE; } // access the temporary uploaded file $file_upload = $input['tmp_name']; // $_FILES transcoding to utf8 is not automatic $input['name'] = utf8::encode($input['name']); // enhance file name $file_name = $input['name']; $file_extension = ''; $position = strrpos($input['name'], '.'); if ($position !== FALSE) { $file_name = substr($input['name'], 0, $position); $file_extension = strtolower(substr($input['name'], $position + 1)); } $input['name'] = $file_name; if ($file_extension) { $input['name'] .= '.' . $file_extension; } // ensure we have a file name $file_name = utf8::to_ascii($input['name']); // uploads are not allowed if (!Surfer::may_upload()) { Logger::error(i18n::s('You are not allowed to perform this operation.')); } elseif (!Files::is_authorized($input['name'])) { Logger::error(i18n::s('This type of file is not allowed.')); } elseif ($file_path && !Safe::is_uploaded_file($file_upload)) { Logger::error(i18n::s('Possible file attack.')); } else { // create folders if ($file_path) { Safe::make_path($file_path); } // sanity check if ($file_path && $file_path[strlen($file_path) - 1] != '/') { $file_path .= '/'; } // move the uploaded file if ($file_path && !Safe::move_uploaded_file($file_upload, $context['path_to_root'] . $file_path . $file_name)) { Logger::error(sprintf(i18n::s('Impossible to move the upload file to %s.'), $file_path . $file_name)); } else { // process the file where it is if (!$file_path) { $file_path = str_replace($context['path_to_root'], '', dirname($file_upload)); $file_name = basename($file_upload); } // check against viruses $result = Files::has_virus($context['path_to_root'] . $file_path . '/' . $file_name); // no virus has been found in this file if ($result == 'N') { $context['text'] .= Skin::build_block(i18n::s('No virus has been found.'), 'note'); } // this file has been infected! if ($result == 'Y') { // delete this file immediately Safe::unlink($file_path . '/' . $file_name); Logger::error(i18n::s('This file has been infected by a virus and has been rejected!')); return FALSE; } // explode a .zip file include_once $context['path_to_root'] . 'shared/zipfile.php'; if (preg_match('/\\.zip$/i', $file_name) && isset($_REQUEST['explode_files'])) { $zipfile = new zipfile(); // check files extracted from the archive file function explode_callback($name) { global $context; // reject all files put in sub-folders if (($path = substr($name, strlen($context['uploaded_path'] . '/'))) && strpos($path, '/') !== FALSE) { Safe::unlink($name); } elseif (!Files::is_authorized($name)) { Safe::unlink($name); } else { // make it easy to download $ascii = utf8::to_ascii(basename($name)); Safe::rename($name, $context['uploaded_path'] . '/' . $ascii); // remember this name $context['uploaded_files'][] = $ascii; } } // extract archive components and save them in mentioned directory $context['uploaded_files'] = array(); $context['uploaded_path'] = $file_path; if (!($count = $zipfile->explode($context['path_to_root'] . $file_path . '/' . $file_name, $file_path, '', 'explode_callback'))) { Logger::error(sprintf('Nothing has been extracted from %s.', $file_name)); return FALSE; } // one single file has been uploaded } else { $context['uploaded_files'] = array($file_name); } // ensure we know the surfer Surfer::check_default_editor($_REQUEST); // post-process all uploaded files foreach ($context['uploaded_files'] as $file_name) { // this will be filtered by umask anyway Safe::chmod($context['path_to_root'] . $file_path . $file_name, $context['file_mask']); // invoke post-processing function if ($target && is_callable($target)) { call_user_func($target, $file_name, $context['path_to_root'] . $file_path); // we have to update an anchor page } elseif ($target && is_string($target)) { $fields = array(); // update a file with the same name for this anchor if ($matching =& Files::get_by_anchor_and_name($target, $file_name)) { $fields['id'] = $matching['id']; } elseif (isset($input['id']) && ($matching = Files::get($input['id']))) { $fields['id'] = $matching['id']; // silently delete the previous version of the file if (isset($matching['file_name'])) { Safe::unlink($file_path . '/' . $matching['file_name']); } } // prepare file record $fields['file_name'] = $file_name; $fields['file_size'] = filesize($context['path_to_root'] . $file_path . $file_name); $fields['file_href'] = ''; $fields['anchor'] = $target; // change title if (isset($_REQUEST['title'])) { $fields['title'] = $_REQUEST['title']; } // change has been documented if (!isset($_REQUEST['version']) || !$_REQUEST['version']) { $_REQUEST['version'] = ''; } else { $_REQUEST['version'] = ' - ' . $_REQUEST['version']; } // always remember file uploads, for traceability $_REQUEST['version'] = $fields['file_name'] . ' (' . Skin::build_number($fields['file_size'], i18n::s('bytes')) . ')' . $_REQUEST['version']; // add to file history $fields['description'] = Files::add_to_history($matching, $_REQUEST['version']); // if this is an image, maybe we can derive a thumbnail for it? if (Files::is_image($file_name)) { include_once $context['path_to_root'] . 'images/image.php'; Image::shrink($context['path_to_root'] . $file_path . $file_name, $context['path_to_root'] . $file_path . 'thumbs/' . $file_name); if (file_exists($context['path_to_root'] . $file_path . 'thumbs/' . $file_name)) { $fields['thumbnail_url'] = $context['url_to_home'] . $context['url_to_root'] . $file_path . 'thumbs/' . rawurlencode($file_name); } } // change active_set if (isset($_REQUEST['active_set'])) { $fields['active_set'] = $_REQUEST['active_set']; } // change source if (isset($_REQUEST['source'])) { $fields['source'] = $_REQUEST['source']; } // change keywords if (isset($_REQUEST['keywords'])) { $fields['keywords'] = $_REQUEST['keywords']; } // change alternate_href if (isset($_REQUEST['alternate_href'])) { $fields['alternate_href'] = $_REQUEST['alternate_href']; } // overlay, if any if (is_object($overlay)) { // allow for change detection $overlay->snapshot(); // update the overlay from form content $overlay->parse_fields($_REQUEST); // save content of the overlay in this item $fields['overlay'] = $overlay->save(); $fields['overlay_id'] = $overlay->get_id(); } // create the record in the database if (!($fields['id'] = Files::post($fields))) { return FALSE; } // record surfer activity Activities::post('file:' . $fields['id'], 'upload'); } } // so far so good if (count($context['uploaded_files']) == 1) { return $context['uploaded_files'][0]; } else { return $context['uploaded_files']; } } } // some error has occured return FALSE; }
/** * remember an action once it's done * * To be overloaded into derived class * * @param string the action 'insert', 'update' or 'delete' * @param array the hosting record * @param string reference of the hosting record (e.g., 'article:123') * @return FALSE on error, TRUE otherwise */ function remember($action, $host, $reference) { global $context; // remember the id of the master record $id = $host['id']; // set default values for this editor Surfer::check_default_editor($this->attributes); // we use the existing back-end for dates include_once $context['path_to_root'] . 'dates/dates.php'; // build the update query switch ($action) { case 'delete': // no need to notify participants after the date planned for the event, nor if the event has been initiated if (isset($this->attributes['date_stamp']) && $this->attributes['date_stamp'] > gmstrftime('%Y-%m-%d %H:%M') && isset($this->attributes['status']) && $this->attributes['status'] != 'started' && $this->attributes['status'] != 'stopped') { // send a cancellation message to participants $query = "SELECT user_email FROM " . SQL::table_name('enrolments') . " WHERE (anchor LIKE '" . $reference . "') AND (approved LIKE 'Y')"; $result = SQL::query($query); while ($item = SQL::fetch($result)) { // sanity check if (!preg_match(VALID_RECIPIENT, $item['user_email'])) { continue; } // message title $subject = sprintf('%s: %s', i18n::c('Cancellation'), strip_tags($this->anchor->get_title())); // headline $headline = sprintf(i18n::c('%s has cancelled %s'), Surfer::get_link(), $this->anchor->get_title()); // message to reader $message = $this->get_invite_default_message('CANCEL'); // assemble main content of this message $message = Skin::build_mail_content($headline, $message); // threads messages $headers = Mailer::set_thread($this->anchor->get_reference()); // get attachment from the overlay $attachments = $this->get_invite_attachments('CANCEL'); // post it Mailer::notify(Surfer::from(), $item['user_email'], $subject, $message, $headers, $attachments); } } // delete dates for this anchor Dates::delete_for_anchor($reference); // also delete related enrolment records $query = "DELETE FROM " . SQL::table_name('enrolments') . " WHERE anchor LIKE '" . $reference . "'"; SQL::query($query); break; case 'insert': // bind one date to this record if (isset($this->attributes['date_stamp']) && $this->attributes['date_stamp']) { $fields = array(); $fields['anchor'] = $reference; $fields['date_stamp'] = $this->attributes['date_stamp']; // update the database if (!($fields['id'] = Dates::post($fields))) { Logger::error(i18n::s('Impossible to add an item.')); return FALSE; } } // enroll page creator include_once $context['path_to_root'] . 'shared/enrolments.php'; enrolments::confirm($reference); // reload the anchor through the cache to reflect the update if ($reference) { $this->anchor = Anchors::get($reference, TRUE); } // send a confirmation message to event creator $query = "SELECT * FROM " . SQL::table_name('enrolments') . " WHERE (anchor LIKE '" . $reference . "')"; $result = SQL::query($query); while ($item = SQL::fetch($result)) { // a user registered on this server if ($item['user_id'] && ($watcher = Users::get($item['user_id']))) { // sanity check if (!preg_match(VALID_RECIPIENT, $item['user_email'])) { continue; } // use this email address if ($watcher['full_name']) { $recipient = Mailer::encode_recipient($watcher['email'], $watcher['full_name']); } else { $recipient = Mailer::encode_recipient($watcher['email'], $watcher['nick_name']); } // message title $subject = sprintf(i18n::c('Meeting: %s'), strip_tags($this->anchor->get_title())); // headline $headline = sprintf(i18n::c('you have arranged %s'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . $this->anchor->get_url() . '">' . $this->anchor->get_title() . '</a>'); // message to reader $message = $this->get_invite_default_message('PUBLISH'); // assemble main content of this message $message = Skin::build_mail_content($headline, $message); // a set of links $menu = array(); // call for action $link = $context['url_to_home'] . $context['url_to_root'] . $this->anchor->get_url(); $menu[] = Skin::build_mail_button($link, i18n::c('View event details'), TRUE); // finalize links $message .= Skin::build_mail_menu($menu); // threads messages $headers = Mailer::set_thread($this->anchor->get_reference()); // get attachment from the overlay $attachments = $this->get_invite_attachments('PUBLISH'); // post it Mailer::notify(Surfer::from(), $recipient, $subject, $message, $headers, $attachments); } } break; case 'update': // reload the anchor through the cache to reflect the update if ($reference) { $this->anchor = Anchors::get($reference, TRUE); } // no need to notify watchers after the date planned for the event, nor if the event has been initiated if (isset($this->attributes['date_stamp']) && $this->attributes['date_stamp'] > gmstrftime('%Y-%m-%d %H:%M') && isset($this->attributes['status']) && $this->attributes['status'] != 'started' && $this->attributes['status'] != 'stopped' && isset($_REQUEST['notify_watchers']) && $_REQUEST['notify_watchers'] == 'Y') { // send a confirmation message to participants $query = "SELECT * FROM " . SQL::table_name('enrolments') . " WHERE (anchor LIKE '" . $reference . "')"; $result = SQL::query($query); while ($item = SQL::fetch($result)) { // skip current surfer if (Surfer::get_id() && Surfer::get_id() == $item['user_id']) { continue; } // a user registered on this server if ($item['user_id'] && ($watcher = Users::get($item['user_id']))) { // skip banned users if ($watcher['capability'] == '?') { continue; } // ensure this surfer wants to be alerted if ($watcher['without_alerts'] == 'Y') { continue; } // sanity check if (!preg_match(VALID_RECIPIENT, $item['user_email'])) { continue; } // use this email address if ($watcher['full_name']) { $recipient = Mailer::encode_recipient($watcher['email'], $watcher['full_name']); } else { $recipient = Mailer::encode_recipient($watcher['email'], $watcher['nick_name']); } // message title $subject = sprintf(i18n::c('Updated: %s'), strip_tags($this->anchor->get_title())); // headline $headline = sprintf(i18n::c('%s has updated %s'), Surfer::get_link(), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . $this->anchor->get_url() . '">' . $this->anchor->get_title() . '</a>'); // message to reader $message = $this->get_invite_default_message('PUBLISH'); // assemble main content of this message $message = Skin::build_mail_content($headline, $message); // a set of links $menu = array(); // call for action $link = $context['url_to_home'] . $context['url_to_root'] . $this->anchor->get_url(); $menu[] = Skin::build_mail_button($link, i18n::c('View event details'), TRUE); // finalize links $message .= Skin::build_mail_menu($menu); // threads messages $headers = Mailer::set_thread($this->anchor->get_reference()); // get attachment from the overlay $attachments = $this->get_invite_attachments('PUBLISH'); // post it Mailer::notify(Surfer::from(), $recipient, $subject, $message, $headers, $attachments); } } } // bind one date to this record if (isset($this->attributes['date_stamp']) && $this->attributes['date_stamp']) { $fields = array(); $fields['anchor'] = $reference; $fields['date_stamp'] = $this->attributes['date_stamp']; // there is an existing record if ($date =& Dates::get_for_anchor($reference)) { // update the record $fields['id'] = $date['id']; if (!($id = Dates::post($fields))) { Logger::error(sprintf(i18n::s('Impossible to update date %s'), $this->attributes['date_stamp'])); return FALSE; } // create a record instead of raising an error, we are smart y'a'know } else { if (!($fields['id'] = Dates::post($fields))) { Logger::error(i18n::s('Impossible to add an item.')); return FALSE; } } } break; } // job done return TRUE; }
/** * remember an action once it's done * * This function saves data into the table [code]yacs_issues[/code]. * * @see overlays/overlay.php * * @param string the action 'insert', 'update' or 'delete' * @param array the hosting record * @param string reference of the hosting record (e.g., 'article:123') * @return FALSE on error, TRUE otherwise */ function remember($action, $host, $reference) { global $context; // locate anchor on 'insert' if ($reference) { $this->anchor = Anchors::get($reference); } // remember data from the anchor $this->attributes['anchor_reference'] = ''; $this->attributes['anchor_title'] = ''; $this->attributes['anchor_url'] = ''; if (is_callable(array($this->anchor, 'get_url'))) { $this->attributes['anchor_reference'] = $this->anchor->get_reference(); $this->attributes['anchor_title'] = $this->anchor->get_title(); $this->attributes['anchor_url'] = $this->anchor->get_url(); } // set default values for this editor Surfer::check_default_editor($this->attributes); // default date values if (!isset($this->attributes['create_date']) || $this->attributes['create_date'] <= NULL_DATE) { $this->attributes['create_date'] = $this->attributes['edit_date']; } if (!isset($this->attributes['qualification_date']) || $this->attributes['qualification_date'] <= NULL_DATE) { $this->attributes['qualification_date'] = NULL_DATE; } if (!isset($this->attributes['analysis_date']) || $this->attributes['analysis_date'] <= NULL_DATE) { $this->attributes['analysis_date'] = NULL_DATE; } if (!isset($this->attributes['resolution_date']) || $this->attributes['resolution_date'] <= NULL_DATE) { $this->attributes['resolution_date'] = NULL_DATE; } if (!isset($this->attributes['close_date']) || $this->attributes['close_date'] <= NULL_DATE) { $this->attributes['close_date'] = NULL_DATE; } // add a notification to the anchor page $comments = array(); // build the update query switch ($action) { case 'delete': $query = "DELETE FROM " . SQL::table_name('issues') . " WHERE anchor LIKE '" . $this->attributes['anchor_reference'] . "'"; break; case 'insert': $comments[] = i18n::s('Page has been created'); // set host owner, if any if (isset($this->attributes['owner']) && ($user = Users::get($this->attributes['owner'])) && $user['id'] != Surfer::get_id()) { $fields = array(); $fields['owner_id'] = $user['id']; $this->anchor->set_values($fields); Members::assign('user:'******'id'], $this->anchor->get_reference()); Members::assign($this->anchor->get_reference(), 'user:'******'id']); $comments[] = sprintf(i18n::s('Owner has been changed to %s'), Skin::build_link(Users::get_permalink($user), $user['full_name'])); } $query = "INSERT INTO " . SQL::table_name('issues') . " SET \n" . "anchor='" . SQL::escape($this->attributes['anchor_reference']) . "', \n" . "anchor_url='" . SQL::escape($this->attributes['anchor_url']) . "', \n" . "color='" . SQL::escape(isset($this->attributes['color']) ? $this->attributes['color'] : 'green') . "', \n" . "status='" . SQL::escape(isset($this->attributes['status']) ? $this->attributes['status'] : 'on-going:suspect') . "', \n" . "title='" . SQL::escape($this->attributes['anchor_title']) . "', \n" . "type='" . SQL::escape(isset($this->attributes['type']) ? $this->attributes['type'] : 'incident') . "', \n" . "create_name='" . SQL::escape(isset($this->attributes['create_name']) ? $this->attributes['create_name'] : $this->attributes['edit_name']) . "', \n" . "create_id=" . SQL::escape(isset($this->attributes['create_id']) ? $this->attributes['create_id'] : $this->attributes['edit_id']) . ", \n" . "create_address='" . SQL::escape(isset($this->attributes['create_address']) ? $this->attributes['create_address'] : $this->attributes['edit_address']) . "', \n" . "create_date='" . SQL::escape(isset($this->attributes['create_date']) ? $this->attributes['create_date'] : $this->attributes['edit_date']) . "', \n" . "edit_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "edit_id=" . SQL::escape($this->attributes['edit_id']) . ", \n" . "edit_address='" . SQL::escape($this->attributes['edit_address']) . "', \n" . "edit_action='create', \n" . "edit_date='" . SQL::escape($this->attributes['edit_date']) . "', \n" . "qualification_date='" . SQL::escape(isset($this->attributes['qualification_date']) ? $this->attributes['qualification_date'] : NULL_DATE) . "', \n" . "analysis_date='" . SQL::escape(isset($this->attributes['analysis_date']) ? $this->attributes['analysis_date'] : NULL_DATE) . "', \n" . "resolution_date='" . SQL::escape(isset($this->attributes['resolution_date']) ? $this->attributes['resolution_date'] : NULL_DATE) . "', \n" . "close_date='" . SQL::escape(isset($this->attributes['close_date']) ? $this->attributes['close_date'] : NULL_DATE) . "'"; break; case 'update': // only associates and page owners can update the record if (is_callable(array($this->anchor, 'is_owned')) && $this->anchor->is_owned()) { // detect type modification if ($this->attributes['type'] != $this->snapshot['type']) { $comments[] = sprintf(i18n::s('Workflow has been changed to "%s"'), $this->get_type_label($this->attributes['type'])); } // detect color modification if ($this->attributes['color'] != $this->snapshot['color']) { $comments[] = $this->get_color_label($this->attributes['color']); } // change host owner, if any if ($this->attributes['owner'] && ($user = Users::get($this->attributes['owner'])) && $user['id'] != $this->anchor->get_value('owner_id')) { $fields = array(); $fields['owner_id'] = $user['id']; $this->anchor->set_values($fields); Members::assign('user:'******'id'], $this->anchor->get_reference()); Members::assign($this->anchor->get_reference(), 'user:'******'id']); $comments[] = sprintf(i18n::s('Owner has been changed to %s'), Skin::build_link(Users::get_permalink($user), $user['full_name'])); } // update the table of issues $query = "UPDATE " . SQL::table_name('issues') . " SET \n" . "anchor='" . SQL::escape($this->attributes['anchor_reference']) . "', \n" . "anchor_url='" . SQL::escape($this->attributes['anchor_url']) . "', \n" . "color='" . SQL::escape($this->attributes['color']) . "', \n" . "status='" . SQL::escape($this->attributes['status']) . "', \n" . "title='" . SQL::escape($this->attributes['anchor_title']) . "', \n" . "type='" . SQL::escape($this->attributes['type']) . "', \n" . "create_date='" . SQL::escape(isset($this->attributes['create_date']) ? $this->attributes['create_date'] : $this->attributes['edit_date']) . "', \n" . "qualification_date='" . SQL::escape(isset($this->attributes['qualification_date']) ? $this->attributes['qualification_date'] : NULL_DATE) . "', \n" . "analysis_date='" . SQL::escape(isset($this->attributes['analysis_date']) ? $this->attributes['analysis_date'] : NULL_DATE) . "', \n" . "resolution_date='" . SQL::escape(isset($this->attributes['resolution_date']) ? $this->attributes['resolution_date'] : NULL_DATE) . "', \n" . "close_date='" . SQL::escape(isset($this->attributes['close_date']) ? $this->attributes['close_date'] : NULL_DATE) . "', \n"; // detect status modification if ($this->attributes['status'] != $this->snapshot['status']) { $comments[] = $this->get_status_label($this->attributes['status']); // depending of new status switch ($this->attributes['status']) { // case has been recorded --should not happen case 'on-going:suspect': $query .= "create_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "create_id=" . SQL::escape($this->attributes['edit_id']) . ", \n" . "create_address='" . SQL::escape($this->attributes['edit_address']) . "', \n"; break; // problem has been validated // problem has been validated case 'cancelled:suspect': case 'on-going:problem': $query .= "qualification_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "qualification_id='" . SQL::escape($this->attributes['edit_id']) . "', \n" . "qualification_address='" . SQL::escape($this->attributes['edit_address']) . "', \n"; break; // cause has been identified // cause has been identified case 'cancelled:problem': case 'on-going:issue': $query .= "analysis_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "analysis_id='" . SQL::escape($this->attributes['edit_id']) . "', \n" . "analysis_address='" . SQL::escape($this->attributes['edit_address']) . "', \n"; break; // solution has been achieved // solution has been achieved case 'cancelled:issue': case 'on-going:solution': $query .= "resolution_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "resolution_id='" . SQL::escape($this->attributes['edit_id']) . "', \n" . "resolution_address='" . SQL::escape($this->attributes['edit_address']) . "', \n"; break; // ending the issue // ending the issue case 'cancelled:solution': case 'completed:solution': $query .= "close_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "close_id='" . SQL::escape($this->attributes['edit_id']) . "', \n" . "close_address='" . SQL::escape($this->attributes['edit_address']) . "', \n"; break; } } // track the person who modifies the record $query .= "edit_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "edit_id=" . SQL::escape($this->attributes['edit_id']) . ", \n" . "edit_address='" . SQL::escape($this->attributes['edit_address']) . "', \n" . "edit_action='update', \n" . "edit_date='" . SQL::escape($this->attributes['edit_date'] ? $this->attributes['edit_date'] : $this->attributes['edit_date']) . "' \n" . " WHERE anchor LIKE '" . SQL::escape($this->attributes['anchor_reference']) . "'"; } // ensure that this change has been recorded if (!$comments) { $comments[] = i18n::s('Page has been edited'); } break; } // execute the query --don't stop on error if (isset($query) && $query) { SQL::query($query); } // add a comment if ($comments && !$this->anchor->has_option('no_comments')) { include_once $context['path_to_root'] . 'comments/comments.php'; $fields = array(); $fields['anchor'] = $this->attributes['anchor_reference']; $fields['description'] = join(BR, $comments); $fields['type'] = 'notification'; Comments::post($fields); } // job done return TRUE; }
/** * unpublish an article * * Clear all publishing information * * @param int the id of the item to unpublish * @return string either a null string, or some text describing an error to be inserted into the html response * @see articles/unpublish.php **/ public static function unpublish($id) { global $context; // id cannot be empty if (!$id || !is_numeric($id)) { return i18n::s('No item has the provided id.'); } // set default values $fields = array(); Surfer::check_default_editor($fields); // update an existing record, except the date $query = "UPDATE " . SQL::table_name('articles') . " SET " . " publish_name=''," . " publish_id=0," . " publish_address=''," . " publish_date=''," . " edit_name='" . SQL::escape($fields['edit_name']) . "'," . " edit_id=" . SQL::escape($fields['edit_id']) . "," . " edit_address='" . SQL::escape($fields['edit_address']) . "'," . " edit_action='article:update'" . " WHERE id = " . SQL::escape($id); SQL::query($query); // end of job return NULL; }
/** * post a new date or an updated date * * This function populates the error context, where applicable. * * @param array an array of fields * @return integer the id of the new or updated record, else 0 on error * * @see dates/edit.php **/ public static function post(&$fields) { global $context; // no date if (!$fields['date_stamp']) { Logger::error(i18n::s('Please provide a date.')); return 0; } // no anchor reference if (!$fields['anchor']) { Logger::error(i18n::s('No anchor has been found.')); return 0; } // set default values for this editor Surfer::check_default_editor($fields); // update the existing record if (isset($fields['id'])) { // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // update the existing record $query = "UPDATE " . SQL::table_name('dates') . " SET " . "date_stamp='" . SQL::escape($fields['date_stamp']) . "'"; // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } $query .= " WHERE id = " . SQL::escape($fields['id']); if (SQL::query($query) === FALSE) { return 0; } // insert a new record } else { // always remember the date $query = "INSERT INTO " . SQL::table_name('dates') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)," . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)," . "date_stamp='" . SQL::escape($fields['date_stamp']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; if (SQL::query($query) === FALSE) { return 0; } // id of the new record $fields['id'] = SQL::get_last_id($context['connection']); } // clear the cache for dates Dates::clear($fields); // end of job return $fields['id']; }
/** * post a new image or an updated image * * Accept following situations: * - id+image: update an existing entry in the database * - id+no image: only update the database * - no id+image: create a new entry in the database * - no id+no image: create a new entry in the database * * This function populates the error context, where applicable. * * @param array an array of fields * @return the id of the image, or FALSE on error **/ public static function post(&$fields) { global $context; // no anchor reference if (!isset($fields['anchor']) || !$fields['anchor']) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // get the anchor if (!($anchor = Anchors::get($fields['anchor']))) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // set default values if (!isset($fields['use_thumbnail']) || !Surfer::get_id()) { $fields['use_thumbnail'] = 'Y'; } // only authenticated users can select to not moderate image sizes // set default values for this editor Surfer::check_default_editor($fields); // update the existing record if (isset($fields['id'])) { // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } $query = "UPDATE " . SQL::table_name('images') . " SET "; if (isset($fields['image_name']) && $fields['image_name'] != 'none') { $query .= "image_name='" . SQL::escape($fields['image_name']) . "'," . "thumbnail_name='" . SQL::escape($fields['thumbnail_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "',"; } $query .= "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'" . " WHERE id = " . SQL::escape($fields['id']); // actual update if (SQL::query($query) === FALSE) { return FALSE; } // insert a new record } elseif (isset($fields['image_name']) && $fields['image_name'] && isset($fields['image_size']) && $fields['image_size']) { $query = "INSERT INTO " . SQL::table_name('images') . " SET "; $query .= "anchor='" . SQL::escape($fields['anchor']) . "'," . "image_name='" . SQL::escape($fields['image_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "thumbnail_name='" . SQL::escape(isset($fields['thumbnail_name']) ? $fields['thumbnail_name'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'"; // actual update if (SQL::query($query) === FALSE) { return FALSE; } // remember the id of the new item $fields['id'] = SQL::get_last_id($context['connection']); // nothing done } else { Logger::error(i18n::s('No image has been added.')); return FALSE; } // clear the cache Images::clear($fields); // end of job return $fields['id']; }
/** * remember an action once it's done * * @see articles/delete.php * @see articles/edit.php * * @param string the action 'insert', 'update' or 'delete' * @param array the hosting record * @param string reference of the hosting record (e.g., 'article:123') * @return FALSE on error, TRUE otherwise */ function remember($action, $host, $reference) { global $context; // set default values for this editor Surfer::check_default_editor($this->attributes); // add a notification to the anchor page $comments = array(); // on page creation if ($action == 'insert') { // expose all of the anchor interface to the contained overlay $this->anchor = Anchors::get($reference); // embed an object referenced by address if ($this->attributes['embed_type'] == 'href') { // ask some oEmbed provider to tell us more about this if ($this->attributes['embed_href'] && ($fields = $this->oembed($this->attributes['embed_href']))) { // we do want a photo, right? if (preg_match('/\\.(gif|jpg|jpeg|png)$/i', $this->attributes['embed_href'])) { $fields['type'] = 'photo'; } // because deviant-art returns non-standard type 'file' ??? if (isset($fields['url']) && preg_match('/\\.(gif|jpg|jpeg|png)$/i', $fields['url'])) { $fields['type'] = 'photo'; } // save meta data in the overlay itself $fields['id'] = $host['id']; $this->set_values($fields); // notify this contribution switch ($this->attributes['type']) { case 'link': $comments[] = sprintf(i18n::s('%s has shared a link'), Surfer::get_name()); break; case 'photo': $comments[] = sprintf(i18n::s('%s has shared a photo'), Surfer::get_name()); break; case 'rich': $comments[] = sprintf(i18n::s('%s has shared some information'), Surfer::get_name()); break; case 'video': $comments[] = sprintf(i18n::s('%s has shared a video'), Surfer::get_name()); break; default: // default label is the link itself $label = $this->attributes['embed_href']; // fetch page title if possible if ($this->attributes['embed_href'] && ($content = http::proceed($this->attributes['embed_href']))) { if (preg_match('/<title>(.*)<\\/title>/siU', $content, $matches)) { $label = trim(strip_tags(preg_replace('/\\s+/', ' ', $matches[1]))); } } // update the record $fields = array(); $fields['type'] = 'link'; $fields['label'] = $label; $this->set_values($fields); $comments[] = sprintf(i18n::s('%s has shared a link'), Surfer::get_name()); break; } } // uploaded files are turned to comments automatically in articles/article.php } } // add a comment if allowed if ($comments && !$this->anchor->has_option('no_comments')) { include_once $context['path_to_root'] . 'comments/comments.php'; $fields = array(); $fields['anchor'] = $reference; $fields['description'] = join(BR, $comments); $fields['type'] = 'notification'; Comments::post($fields); } // job done return TRUE; }
/** * change only some attributes * * @param array an array of fields * @return TRUE on success, or FALSE on error **/ public static function put_attributes(&$fields) { global $context; // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); // quey components $query = array(); // change access rights if (isset($fields['active_set'])) { // cascade anchor access rights Anchors::cascade('category:' . $fields['id'], $fields['active']); // remember these in this record $query[] = "active='" . SQL::escape($fields['active']) . "'"; $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'"; } // other fields if (isset($fields['anchor'])) { $query[] = "anchor='" . SQL::escape($fields['anchor']) . "'"; } if (isset($fields['articles_layout'])) { $query[] = "articles_layout='" . SQL::escape($fields['articles_layout']) . "'"; } if (isset($fields['description'])) { $query[] = "description='" . SQL::escape($fields['description']) . "'"; } if (isset($fields['extra'])) { $query[] = "extra='" . SQL::escape($fields['extra']) . "'"; } if (isset($fields['icon_url'])) { $query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'"; } if (isset($fields['introduction'])) { $query[] = "introduction='" . SQL::escape($fields['introduction']) . "'"; } if (isset($fields['options'])) { $query[] = "options='" . SQL::escape($fields['options']) . "'"; } if (isset($fields['overlay'])) { $query[] = "overlay='" . SQL::escape($fields['overlay']) . "'"; } if (isset($fields['overlay_id'])) { $query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'"; } if (isset($fields['prefix']) && Surfer::is_associate()) { $query[] = "prefix='" . SQL::escape($fields['prefix']) . "'"; } if (isset($fields['rank'])) { $query[] = "rank='" . SQL::escape($fields['rank']) . "'"; } if (isset($fields['sections_layout'])) { $query[] = "sections_layout='" . SQL::escape($fields['sections_layout']) . "'"; } if (isset($fields['suffix']) && Surfer::is_associate()) { $query[] = "suffix='" . SQL::escape($fields['suffix']) . "'"; } if (isset($fields['keywords'])) { $query[] = "keywords='" . SQL::escape($fields['keywords']) . "'"; } if (isset($fields['thumbnail_url'])) { $query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'"; } if (isset($fields['title'])) { $fields['title'] = strip_tags($fields['title'], '<br>'); $query[] = "title='" . SQL::escape($fields['title']) . "'"; } if (isset($fields['trailer'])) { $query[] = "trailer='" . SQL::escape($fields['trailer']) . "'"; } if (isset($fields['users_layout'])) { $query[] = "users_layout='" . SQL::escape($fields['users_layout']) . "'"; } if (isset($fields['categories_layout'])) { $query[] = "categories_layout='" . SQL::escape($fields['categories_layout']) . "'"; } if (isset($fields['display'])) { $query[] = "display='" . SQL::escape($fields['display']) . "'"; } if (isset($fields['background_color'])) { $query[] = "background_color='" . SQL::escape($fields['background_color']) . "'"; } if (isset($fields['categories_overlay'])) { $query[] = "categories_overlay='" . SQL::escape($fields['categories_overlay']) . "'"; } if (isset($fields['expiry_date'])) { $query[] = "expiry_date='" . SQL::escape($fields['expiry_date']) . "'"; } if (isset($fields['path'])) { $query[] = "path='" . SQL::escape($fields['path']) . "'"; } // nothing to update if (!count($query)) { return TRUE; } // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'"; $query[] = "edit_id=" . SQL::escape($fields['edit_id']); $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'"; $query[] = "edit_action='category:update'"; $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query $query = "UPDATE " . SQL::table_name('categories') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']); if (!SQL::query($query)) { return FALSE; } // clear the cache Categories::clear($fields); // end of job return TRUE; }
/** * change only some (minor) attributes */ public static function put_attributes(&$fields) { global $context; // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // following fields are forbidden with this function if (isset($fields['password']) || isset($fields['nickname']) || isset($field['editor'])) { Logger::error(i18n::s('This action is forbidden with users::put_attributes function.')); return FALSE; } // remember who is changing this record Surfer::check_default_editor($fields); // query components $query = array(); // clean provided tags if (isset($fields['tags'])) { $fields['tags'] = trim($fields['tags'], " \t.:,!?"); } // protect from hackers if (isset($fields['avatar_url'])) { $fields['avatar_url'] = encode_link($fields['avatar_url']); } // build SET part of the query foreach ($fields as $key => $field) { if ($key == 'id') { continue; } $query[] = $key . "='" . SQL::escape($field) . "'"; } // nothing to update if (!count($query)) { return TRUE; } // actual update query $query = "UPDATE " . SQL::table_name('users') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']); if (!SQL::query($query)) { return FALSE; } // list the user in categories if (isset($fields['tags']) && $fields['tags']) { Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']); } // clear the cache Articles::clear($fields); // end of job return TRUE; }