/**
* post a new table or an updated table
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new table, or FALSE on error
*
* @see tables/edit.php
* @see tables/populate.php
**/
public static function post(&$fields)
{
global $context;
// no query
if (!isset($fields['query']) || !trim($fields['query'])) {
Logger::error(i18n::s('Please add some SQL query.'));
return FALSE;
}
// no anchor reference
if (!isset($fields['anchor']) || !trim($fields['anchor'])) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// get the anchor
if (!isset($fields['anchor']) || !($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values
if (!isset($fields['with_zoom'])) {
$fields['with_zoom'] = 'N';
}
// set default values for this editor
Surfer::check_default_editor($fields);
// maybe we have to modify an existing table
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('tables') . " SET " . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "query='" . SQL::escape($fields['query']) . "'," . "with_zoom='" . SQL::escape(isset($fields['with_zoom']) ? $fields['with_zoom'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'" . " WHERE id = " . SQL::escape($fields['id']);
// insert a new record
} else {
$query = "INSERT INTO " . SQL::table_name('tables') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "'," . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "query='" . SQL::escape(isset($fields['query']) ? $fields['query'] : '') . "'," . "with_zoom='" . SQL::escape(isset($fields['with_zoom']) ? $fields['with_zoom'] : '') . "'," . "edit_name='" . $fields['edit_name'] . "'," . "edit_id=" . $fields['edit_id'] . "," . "edit_address='" . $fields['edit_address'] . "'," . "edit_date='" . $fields['edit_date'] . "'";
}
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
if (!isset($fields['id'])) {
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for tables
if (isset($fields['id'])) {
$topics = array('tables', 'table:' . $fields['id']);
} else {
$topics = 'tables';
}
Cache::clear($topics);
// return the id of the new item
return $fields['id'];
}
/**
* update a link
*
* @param array an array of fields
* @return boolean TRUE on success, FALSE on error
**/
public static function put(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// no link
if (!$fields['link_url']) {
Logger::error(i18n::s('No link URL has been provided.'));
return FALSE;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// update the existing record
$query = "UPDATE " . SQL::table_name('links') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)," . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)," . "link_url='" . SQL::escape($fields['link_url']) . "', " . "link_target='" . SQL::escape(isset($fields['link_target']) ? $fields['link_target'] : '') . "', " . "link_title='" . SQL::escape(isset($fields['link_title']) ? $fields['link_title'] : '') . "', " . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='link:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// update only one record
$query .= " WHERE id = " . SQL::escape($fields['id']);
// do the job
if (!SQL::query($query)) {
return FALSE;
}
// clear the cache for links
Links::clear($fields);
// report on result
return TRUE;
}
/**
* change the template of a section
*
* This function saves the template as an attribute of the section.
*
* Also, it attempts to translate it as a valid YACS skin made
* of [code]template.php[/code] and [code]skin.php[/code].
* The theme name is [code]section_<id>[/code].
*
* Lastly, it updates the options field to actually use the template for pages of this section.
*
* @param int the id of the target section
* @param string the new or updated template
* @return string either a null string, or some text describing an error to be inserted into the html response
*
* @see services/blog.php
* @see skins/import.php
**/
public static function put_template($id, $template, $directory = NULL)
{
global $context;
// id cannot be empty
if (!$id || !is_numeric($id)) {
return i18n::s('No item has the provided id.');
}
// load section attributes
if (!($item = Sections::get($id))) {
return i18n::s('No item has the provided id.');
}
// locate the new skin
if (!$directory) {
$directory = 'section_' . $id;
}
// make a valid YACS skin
include_once $context['path_to_root'] . 'skins/import.php';
if ($error = Import::process($template, $directory)) {
return $error;
}
// change the skin for this section
$options = preg_replace('/\\bskin_.+\\b/i', '', $item['options']) . ' skin_' . $directory;
// set default values for this editor
Surfer::check_default_editor(array());
// update an existing record
$query = "UPDATE " . SQL::table_name('sections') . " SET " . "template='" . SQL::escape($template) . "',\n" . "options='" . SQL::escape($options) . "',\n" . "edit_name='" . SQL::escape($fields['edit_name']) . "',\n" . "edit_id=" . SQL::escape($fields['edit_id']) . ",\n" . "edit_address='" . SQL::escape($fields['edit_address']) . "',\n" . "edit_action='section:update',\n" . "edit_date='" . SQL::escape($fields['edit_date']) . "'\n" . "\tWHERE id = " . SQL::escape($id);
SQL::query($query);
// clear the cache because of the new rendering
Sections::clear(array('sections', 'section:' . $id, 'categories'));
}
/**
* post a new server or an updated server
*
* @see servers/edit.php
* @see servers/populate.php
*
* @param array an array of fields
* @return string either a null string, or some text describing an error to be inserted into the html response
**/
public static function post(&$fields)
{
global $context;
// no title
if (!$fields['title']) {
return i18n::s('No title has been provided.');
}
// clear the cache for servers
Cache::clear('servers');
if (isset($fields['id'])) {
Cache::clear('server:' . $fields['id']);
}
// protect from hackers
if (isset($fields['main_url'])) {
$fields['main_url'] = encode_link($fields['main_url']);
}
if (isset($fields['feed_url'])) {
$fields['feed_url'] = encode_link($fields['feed_url']);
}
if (isset($fields['ping_url'])) {
$fields['ping_url'] = encode_link($fields['ping_url']);
}
if (isset($fields['search_url'])) {
$fields['search_url'] = encode_link($fields['search_url']);
}
if (isset($fields['monitor_url'])) {
$fields['monitor_url'] = encode_link($fields['monitor_url']);
}
// make a host name
if (!isset($fields['host_name'])) {
$fields['host_name'] = '';
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['main_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['feed_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['ping_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['monitor_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
if (!$fields['host_name']) {
if (($parts = parse_url($fields['search_url'])) && isset($parts['host'])) {
$fields['host_name'] = $parts['host'];
}
}
// set default values
if (!isset($fields['active']) || !$fields['active']) {
$fields['active'] = 'Y';
}
if (!isset($fields['process_ping']) || $fields['process_ping'] != 'Y') {
$fields['process_ping'] = 'N';
}
if (!isset($fields['process_monitor']) || $fields['process_monitor'] != 'Y') {
$fields['process_monitor'] = 'N';
}
if (!isset($fields['process_search']) || $fields['process_search'] != 'Y') {
$fields['process_search'] = 'N';
}
// set default values for this editor
Surfer::check_default_editor($fields);
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
return i18n::s('No item has the provided id.');
}
// update the existing record
$query = "UPDATE " . SQL::table_name('servers') . " SET " . "title='" . SQL::escape($fields['title']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "main_url='" . SQL::escape($fields['main_url']) . "', " . "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : '') . "', " . "submit_feed='" . SQL::escape($fields['submit_feed'] == 'Y' ? 'Y' : 'N') . "', " . "feed_url='" . SQL::escape($fields['feed_url']) . "', " . "submit_ping='" . SQL::escape($fields['submit_ping'] == 'Y' ? 'Y' : 'N') . "', " . "ping_url='" . SQL::escape($fields['ping_url']) . "', " . "process_ping='" . SQL::escape($fields['process_ping'] == 'Y' ? 'Y' : 'N') . "', " . "submit_monitor='" . SQL::escape($fields['submit_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "monitor_url='" . SQL::escape($fields['monitor_url']) . "', " . "process_monitor='" . SQL::escape($fields['process_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "submit_search='" . SQL::escape($fields['submit_search'] == 'Y' ? 'Y' : 'N') . "', " . "search_url='" . SQL::escape($fields['search_url']) . "', " . "process_search='" . SQL::escape($fields['process_search'] == 'Y' ? 'Y' : 'N') . "'," . "host_name='" . SQL::escape($fields['host_name']) . "'," . "active='" . SQL::escape($fields['active']) . "'";
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
if (SQL::query($query) === FALSE) {
return $query . BR . SQL::error();
}
// insert a new record
} else {
// always remember the date
$query = "INSERT INTO " . SQL::table_name('servers') . " SET ";
if (isset($fields['id']) && $fields['id']) {
$query .= "id='" . SQL::escape($fields['id']) . "',";
}
$query .= "title='" . SQL::escape($fields['title']) . "', " . "host_name='" . SQL::escape($fields['host_name']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "main_url='" . SQL::escape($fields['main_url']) . "', " . "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : 'category:1') . "', " . "submit_feed='" . SQL::escape($fields['submit_feed'] == 'Y' ? 'Y' : 'N') . "', " . "feed_url='" . SQL::escape($fields['feed_url']) . "', " . "submit_ping='" . SQL::escape($fields['submit_ping'] == 'Y' ? 'Y' : 'N') . "', " . "ping_url='" . SQL::escape($fields['ping_url']) . "', " . "process_ping='" . SQL::escape($fields['process_ping'] == 'Y' ? 'Y' : 'N') . "', " . "submit_monitor='" . SQL::escape($fields['submit_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "monitor_url='" . SQL::escape($fields['monitor_url']) . "', " . "process_monitor='" . SQL::escape($fields['process_monitor'] == 'Y' ? 'Y' : 'N') . "', " . "submit_search='" . SQL::escape($fields['submit_search'] == 'Y' ? 'Y' : 'N') . "', " . "search_url='" . SQL::escape($fields['search_url']) . "', " . "process_search='" . SQL::escape($fields['process_search'] == 'Y' ? 'Y' : 'N') . "', " . "active='" . SQL::escape($fields['active']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
if (SQL::query($query) === FALSE) {
return $query . BR . SQL::error();
}
}
// end of job
return NULL;
}
/**
* post a new comment or an updated comment
*
* The surfer signature is also appended to the comment, if any.
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new comment, or FALSE on error
*
* @see agents/messages.php
* @see comments/edit.php
* @see comments/post.php
**/
public static function post(&$fields)
{
global $context;
// ensure this item has a type
if (!isset($fields['type'])) {
$fields['type'] = 'attention';
}
// comment is mandatory, except for approvals
if (!$fields['description'] && $fields['type'] != 'approval') {
Logger::error(i18n::s('No comment has been transmitted.'));
return FALSE;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// get the anchor
if (!($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
if (!isset($fields['edit_date']) || $fields['edit_date'] <= NULL_DATE) {
$fields['edit_date'] = gmstrftime('%Y-%m-%d %H:%M:%S');
}
// reinforce date formats
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('comments') . " SET " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "'";
// maybe another anchor
if ($fields['anchor']) {
$query .= ", anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
// insert a new record
} else {
$query = "INSERT INTO " . SQL::table_name('comments') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1), " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1), " . "previous_id='" . SQL::escape(isset($fields['previous_id']) ? $fields['previous_id'] : 0) . "', " . "type='" . SQL::escape($fields['type']) . "', " . "description='" . SQL::escape($fields['description']) . "', " . "create_name='" . SQL::escape($fields['edit_name']) . "', " . "create_id=" . SQL::escape($fields['edit_id']) . ", " . "create_address='" . SQL::escape($fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='comment:create', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
if (!isset($fields['id'])) {
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for comments
Comments::clear($fields);
// end of job
return $fields['id'];
}
/**
* post a new location or an updated location
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new location, or FALSE on error
*
* @see locations/edit.php
**/
public static function post(&$fields)
{
global $context;
// no geo_place_name
if (!$fields['geo_place_name']) {
Logger::error(i18n::s('Please add a geo_place_name for this location'));
return FALSE;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// extract latitude and longitude
if (isset($fields['geo_position']) && $fields['geo_position']) {
list($latitude, $longitude) = preg_split('/[\\s,;]+/', $fields['geo_position']);
}
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('locations') . " SET " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '0') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '0') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
// insert a new record
} else {
// always remember the date
$query = "INSERT INTO " . SQL::table_name('locations') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
if (!isset($fields['id'])) {
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for locations
Locations::clear($fields);
// end of job
return $fields['id'];
}
/**
* process uploaded file
*
* This function processes files from the temporary directory, and put them at their definitive
* place.
*
* It returns FALSE if there is a disk error, or if some virus has been detected, or if
* the operation fails for some other reason (e.g., file size).
*
* @param array usually, $_FILES['upload']
* @param string target location for the file
* @param mixed reference to the target anchor, of a function to parse every file individually
* @return mixed file name or array of file names or FALSE if an error has occured
*/
public static function upload($input, $file_path, $target = NULL, $overlay = NULL)
{
global $context, $_REQUEST;
// size exceeds php.ini settings -- UPLOAD_ERR_INI_SIZE
if (isset($input['error']) && $input['error'] == 1) {
Logger::error(i18n::s('The size of this file is over limit.'));
} elseif (isset($input['error']) && $input['error'] == 2) {
Logger::error(i18n::s('The size of this file is over limit.'));
} elseif (isset($input['error']) && $input['error'] == 3) {
Logger::error(i18n::s('No file has been transmitted.'));
} elseif (isset($input['error']) && $input['error'] == 4) {
Logger::error(i18n::s('No file has been transmitted.'));
} elseif (!$input['size']) {
Logger::error(i18n::s('No file has been transmitted.'));
}
// do we have a file?
if (!isset($input['name']) || !$input['name'] || $input['name'] == 'none') {
return FALSE;
}
// access the temporary uploaded file
$file_upload = $input['tmp_name'];
// $_FILES transcoding to utf8 is not automatic
$input['name'] = utf8::encode($input['name']);
// enhance file name
$file_name = $input['name'];
$file_extension = '';
$position = strrpos($input['name'], '.');
if ($position !== FALSE) {
$file_name = substr($input['name'], 0, $position);
$file_extension = strtolower(substr($input['name'], $position + 1));
}
$input['name'] = $file_name;
if ($file_extension) {
$input['name'] .= '.' . $file_extension;
}
// ensure we have a file name
$file_name = utf8::to_ascii($input['name']);
// uploads are not allowed
if (!Surfer::may_upload()) {
Logger::error(i18n::s('You are not allowed to perform this operation.'));
} elseif (!Files::is_authorized($input['name'])) {
Logger::error(i18n::s('This type of file is not allowed.'));
} elseif ($file_path && !Safe::is_uploaded_file($file_upload)) {
Logger::error(i18n::s('Possible file attack.'));
} else {
// create folders
if ($file_path) {
Safe::make_path($file_path);
}
// sanity check
if ($file_path && $file_path[strlen($file_path) - 1] != '/') {
$file_path .= '/';
}
// move the uploaded file
if ($file_path && !Safe::move_uploaded_file($file_upload, $context['path_to_root'] . $file_path . $file_name)) {
Logger::error(sprintf(i18n::s('Impossible to move the upload file to %s.'), $file_path . $file_name));
} else {
// process the file where it is
if (!$file_path) {
$file_path = str_replace($context['path_to_root'], '', dirname($file_upload));
$file_name = basename($file_upload);
}
// check against viruses
$result = Files::has_virus($context['path_to_root'] . $file_path . '/' . $file_name);
// no virus has been found in this file
if ($result == 'N') {
$context['text'] .= Skin::build_block(i18n::s('No virus has been found.'), 'note');
}
// this file has been infected!
if ($result == 'Y') {
// delete this file immediately
Safe::unlink($file_path . '/' . $file_name);
Logger::error(i18n::s('This file has been infected by a virus and has been rejected!'));
return FALSE;
}
// explode a .zip file
include_once $context['path_to_root'] . 'shared/zipfile.php';
if (preg_match('/\\.zip$/i', $file_name) && isset($_REQUEST['explode_files'])) {
$zipfile = new zipfile();
// check files extracted from the archive file
function explode_callback($name)
{
global $context;
// reject all files put in sub-folders
if (($path = substr($name, strlen($context['uploaded_path'] . '/'))) && strpos($path, '/') !== FALSE) {
Safe::unlink($name);
} elseif (!Files::is_authorized($name)) {
Safe::unlink($name);
} else {
// make it easy to download
$ascii = utf8::to_ascii(basename($name));
Safe::rename($name, $context['uploaded_path'] . '/' . $ascii);
// remember this name
$context['uploaded_files'][] = $ascii;
}
}
// extract archive components and save them in mentioned directory
$context['uploaded_files'] = array();
$context['uploaded_path'] = $file_path;
if (!($count = $zipfile->explode($context['path_to_root'] . $file_path . '/' . $file_name, $file_path, '', 'explode_callback'))) {
Logger::error(sprintf('Nothing has been extracted from %s.', $file_name));
return FALSE;
}
// one single file has been uploaded
} else {
$context['uploaded_files'] = array($file_name);
}
// ensure we know the surfer
Surfer::check_default_editor($_REQUEST);
// post-process all uploaded files
foreach ($context['uploaded_files'] as $file_name) {
// this will be filtered by umask anyway
Safe::chmod($context['path_to_root'] . $file_path . $file_name, $context['file_mask']);
// invoke post-processing function
if ($target && is_callable($target)) {
call_user_func($target, $file_name, $context['path_to_root'] . $file_path);
// we have to update an anchor page
} elseif ($target && is_string($target)) {
$fields = array();
// update a file with the same name for this anchor
if ($matching =& Files::get_by_anchor_and_name($target, $file_name)) {
$fields['id'] = $matching['id'];
} elseif (isset($input['id']) && ($matching = Files::get($input['id']))) {
$fields['id'] = $matching['id'];
// silently delete the previous version of the file
if (isset($matching['file_name'])) {
Safe::unlink($file_path . '/' . $matching['file_name']);
}
}
// prepare file record
$fields['file_name'] = $file_name;
$fields['file_size'] = filesize($context['path_to_root'] . $file_path . $file_name);
$fields['file_href'] = '';
$fields['anchor'] = $target;
// change title
if (isset($_REQUEST['title'])) {
$fields['title'] = $_REQUEST['title'];
}
// change has been documented
if (!isset($_REQUEST['version']) || !$_REQUEST['version']) {
$_REQUEST['version'] = '';
} else {
$_REQUEST['version'] = ' - ' . $_REQUEST['version'];
}
// always remember file uploads, for traceability
$_REQUEST['version'] = $fields['file_name'] . ' (' . Skin::build_number($fields['file_size'], i18n::s('bytes')) . ')' . $_REQUEST['version'];
// add to file history
$fields['description'] = Files::add_to_history($matching, $_REQUEST['version']);
// if this is an image, maybe we can derive a thumbnail for it?
if (Files::is_image($file_name)) {
include_once $context['path_to_root'] . 'images/image.php';
Image::shrink($context['path_to_root'] . $file_path . $file_name, $context['path_to_root'] . $file_path . 'thumbs/' . $file_name);
if (file_exists($context['path_to_root'] . $file_path . 'thumbs/' . $file_name)) {
$fields['thumbnail_url'] = $context['url_to_home'] . $context['url_to_root'] . $file_path . 'thumbs/' . rawurlencode($file_name);
}
}
// change active_set
if (isset($_REQUEST['active_set'])) {
$fields['active_set'] = $_REQUEST['active_set'];
}
// change source
if (isset($_REQUEST['source'])) {
$fields['source'] = $_REQUEST['source'];
}
// change keywords
if (isset($_REQUEST['keywords'])) {
$fields['keywords'] = $_REQUEST['keywords'];
}
// change alternate_href
if (isset($_REQUEST['alternate_href'])) {
$fields['alternate_href'] = $_REQUEST['alternate_href'];
}
// overlay, if any
if (is_object($overlay)) {
// allow for change detection
$overlay->snapshot();
// update the overlay from form content
$overlay->parse_fields($_REQUEST);
// save content of the overlay in this item
$fields['overlay'] = $overlay->save();
$fields['overlay_id'] = $overlay->get_id();
}
// create the record in the database
if (!($fields['id'] = Files::post($fields))) {
return FALSE;
}
// record surfer activity
Activities::post('file:' . $fields['id'], 'upload');
}
}
// so far so good
if (count($context['uploaded_files']) == 1) {
return $context['uploaded_files'][0];
} else {
return $context['uploaded_files'];
}
}
}
// some error has occured
return FALSE;
}
/**
* remember an action once it's done
*
* To be overloaded into derived class
*
* @param string the action 'insert', 'update' or 'delete'
* @param array the hosting record
* @param string reference of the hosting record (e.g., 'article:123')
* @return FALSE on error, TRUE otherwise
*/
function remember($action, $host, $reference)
{
global $context;
// remember the id of the master record
$id = $host['id'];
// set default values for this editor
Surfer::check_default_editor($this->attributes);
// we use the existing back-end for dates
include_once $context['path_to_root'] . 'dates/dates.php';
// build the update query
switch ($action) {
case 'delete':
// no need to notify participants after the date planned for the event, nor if the event has been initiated
if (isset($this->attributes['date_stamp']) && $this->attributes['date_stamp'] > gmstrftime('%Y-%m-%d %H:%M') && isset($this->attributes['status']) && $this->attributes['status'] != 'started' && $this->attributes['status'] != 'stopped') {
// send a cancellation message to participants
$query = "SELECT user_email FROM " . SQL::table_name('enrolments') . " WHERE (anchor LIKE '" . $reference . "') AND (approved LIKE 'Y')";
$result = SQL::query($query);
while ($item = SQL::fetch($result)) {
// sanity check
if (!preg_match(VALID_RECIPIENT, $item['user_email'])) {
continue;
}
// message title
$subject = sprintf('%s: %s', i18n::c('Cancellation'), strip_tags($this->anchor->get_title()));
// headline
$headline = sprintf(i18n::c('%s has cancelled %s'), Surfer::get_link(), $this->anchor->get_title());
// message to reader
$message = $this->get_invite_default_message('CANCEL');
// assemble main content of this message
$message = Skin::build_mail_content($headline, $message);
// threads messages
$headers = Mailer::set_thread($this->anchor->get_reference());
// get attachment from the overlay
$attachments = $this->get_invite_attachments('CANCEL');
// post it
Mailer::notify(Surfer::from(), $item['user_email'], $subject, $message, $headers, $attachments);
}
}
// delete dates for this anchor
Dates::delete_for_anchor($reference);
// also delete related enrolment records
$query = "DELETE FROM " . SQL::table_name('enrolments') . " WHERE anchor LIKE '" . $reference . "'";
SQL::query($query);
break;
case 'insert':
// bind one date to this record
if (isset($this->attributes['date_stamp']) && $this->attributes['date_stamp']) {
$fields = array();
$fields['anchor'] = $reference;
$fields['date_stamp'] = $this->attributes['date_stamp'];
// update the database
if (!($fields['id'] = Dates::post($fields))) {
Logger::error(i18n::s('Impossible to add an item.'));
return FALSE;
}
}
// enroll page creator
include_once $context['path_to_root'] . 'shared/enrolments.php';
enrolments::confirm($reference);
// reload the anchor through the cache to reflect the update
if ($reference) {
$this->anchor = Anchors::get($reference, TRUE);
}
// send a confirmation message to event creator
$query = "SELECT * FROM " . SQL::table_name('enrolments') . " WHERE (anchor LIKE '" . $reference . "')";
$result = SQL::query($query);
while ($item = SQL::fetch($result)) {
// a user registered on this server
if ($item['user_id'] && ($watcher = Users::get($item['user_id']))) {
// sanity check
if (!preg_match(VALID_RECIPIENT, $item['user_email'])) {
continue;
}
// use this email address
if ($watcher['full_name']) {
$recipient = Mailer::encode_recipient($watcher['email'], $watcher['full_name']);
} else {
$recipient = Mailer::encode_recipient($watcher['email'], $watcher['nick_name']);
}
// message title
$subject = sprintf(i18n::c('Meeting: %s'), strip_tags($this->anchor->get_title()));
// headline
$headline = sprintf(i18n::c('you have arranged %s'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . $this->anchor->get_url() . '">' . $this->anchor->get_title() . '</a>');
// message to reader
$message = $this->get_invite_default_message('PUBLISH');
// assemble main content of this message
$message = Skin::build_mail_content($headline, $message);
// a set of links
$menu = array();
// call for action
$link = $context['url_to_home'] . $context['url_to_root'] . $this->anchor->get_url();
$menu[] = Skin::build_mail_button($link, i18n::c('View event details'), TRUE);
// finalize links
$message .= Skin::build_mail_menu($menu);
// threads messages
$headers = Mailer::set_thread($this->anchor->get_reference());
// get attachment from the overlay
$attachments = $this->get_invite_attachments('PUBLISH');
// post it
Mailer::notify(Surfer::from(), $recipient, $subject, $message, $headers, $attachments);
}
}
break;
case 'update':
// reload the anchor through the cache to reflect the update
if ($reference) {
$this->anchor = Anchors::get($reference, TRUE);
}
// no need to notify watchers after the date planned for the event, nor if the event has been initiated
if (isset($this->attributes['date_stamp']) && $this->attributes['date_stamp'] > gmstrftime('%Y-%m-%d %H:%M') && isset($this->attributes['status']) && $this->attributes['status'] != 'started' && $this->attributes['status'] != 'stopped' && isset($_REQUEST['notify_watchers']) && $_REQUEST['notify_watchers'] == 'Y') {
// send a confirmation message to participants
$query = "SELECT * FROM " . SQL::table_name('enrolments') . " WHERE (anchor LIKE '" . $reference . "')";
$result = SQL::query($query);
while ($item = SQL::fetch($result)) {
// skip current surfer
if (Surfer::get_id() && Surfer::get_id() == $item['user_id']) {
continue;
}
// a user registered on this server
if ($item['user_id'] && ($watcher = Users::get($item['user_id']))) {
// skip banned users
if ($watcher['capability'] == '?') {
continue;
}
// ensure this surfer wants to be alerted
if ($watcher['without_alerts'] == 'Y') {
continue;
}
// sanity check
if (!preg_match(VALID_RECIPIENT, $item['user_email'])) {
continue;
}
// use this email address
if ($watcher['full_name']) {
$recipient = Mailer::encode_recipient($watcher['email'], $watcher['full_name']);
} else {
$recipient = Mailer::encode_recipient($watcher['email'], $watcher['nick_name']);
}
// message title
$subject = sprintf(i18n::c('Updated: %s'), strip_tags($this->anchor->get_title()));
// headline
$headline = sprintf(i18n::c('%s has updated %s'), Surfer::get_link(), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . $this->anchor->get_url() . '">' . $this->anchor->get_title() . '</a>');
// message to reader
$message = $this->get_invite_default_message('PUBLISH');
// assemble main content of this message
$message = Skin::build_mail_content($headline, $message);
// a set of links
$menu = array();
// call for action
$link = $context['url_to_home'] . $context['url_to_root'] . $this->anchor->get_url();
$menu[] = Skin::build_mail_button($link, i18n::c('View event details'), TRUE);
// finalize links
$message .= Skin::build_mail_menu($menu);
// threads messages
$headers = Mailer::set_thread($this->anchor->get_reference());
// get attachment from the overlay
$attachments = $this->get_invite_attachments('PUBLISH');
// post it
Mailer::notify(Surfer::from(), $recipient, $subject, $message, $headers, $attachments);
}
}
}
// bind one date to this record
if (isset($this->attributes['date_stamp']) && $this->attributes['date_stamp']) {
$fields = array();
$fields['anchor'] = $reference;
$fields['date_stamp'] = $this->attributes['date_stamp'];
// there is an existing record
if ($date =& Dates::get_for_anchor($reference)) {
// update the record
$fields['id'] = $date['id'];
if (!($id = Dates::post($fields))) {
Logger::error(sprintf(i18n::s('Impossible to update date %s'), $this->attributes['date_stamp']));
return FALSE;
}
// create a record instead of raising an error, we are smart y'a'know
} else {
if (!($fields['id'] = Dates::post($fields))) {
Logger::error(i18n::s('Impossible to add an item.'));
return FALSE;
}
}
}
break;
}
// job done
return TRUE;
}
/**
* remember an action once it's done
*
* This function saves data into the table [code]yacs_issues[/code].
*
* @see overlays/overlay.php
*
* @param string the action 'insert', 'update' or 'delete'
* @param array the hosting record
* @param string reference of the hosting record (e.g., 'article:123')
* @return FALSE on error, TRUE otherwise
*/
function remember($action, $host, $reference)
{
global $context;
// locate anchor on 'insert'
if ($reference) {
$this->anchor = Anchors::get($reference);
}
// remember data from the anchor
$this->attributes['anchor_reference'] = '';
$this->attributes['anchor_title'] = '';
$this->attributes['anchor_url'] = '';
if (is_callable(array($this->anchor, 'get_url'))) {
$this->attributes['anchor_reference'] = $this->anchor->get_reference();
$this->attributes['anchor_title'] = $this->anchor->get_title();
$this->attributes['anchor_url'] = $this->anchor->get_url();
}
// set default values for this editor
Surfer::check_default_editor($this->attributes);
// default date values
if (!isset($this->attributes['create_date']) || $this->attributes['create_date'] <= NULL_DATE) {
$this->attributes['create_date'] = $this->attributes['edit_date'];
}
if (!isset($this->attributes['qualification_date']) || $this->attributes['qualification_date'] <= NULL_DATE) {
$this->attributes['qualification_date'] = NULL_DATE;
}
if (!isset($this->attributes['analysis_date']) || $this->attributes['analysis_date'] <= NULL_DATE) {
$this->attributes['analysis_date'] = NULL_DATE;
}
if (!isset($this->attributes['resolution_date']) || $this->attributes['resolution_date'] <= NULL_DATE) {
$this->attributes['resolution_date'] = NULL_DATE;
}
if (!isset($this->attributes['close_date']) || $this->attributes['close_date'] <= NULL_DATE) {
$this->attributes['close_date'] = NULL_DATE;
}
// add a notification to the anchor page
$comments = array();
// build the update query
switch ($action) {
case 'delete':
$query = "DELETE FROM " . SQL::table_name('issues') . " WHERE anchor LIKE '" . $this->attributes['anchor_reference'] . "'";
break;
case 'insert':
$comments[] = i18n::s('Page has been created');
// set host owner, if any
if (isset($this->attributes['owner']) && ($user = Users::get($this->attributes['owner'])) && $user['id'] != Surfer::get_id()) {
$fields = array();
$fields['owner_id'] = $user['id'];
$this->anchor->set_values($fields);
Members::assign('user:'******'id'], $this->anchor->get_reference());
Members::assign($this->anchor->get_reference(), 'user:'******'id']);
$comments[] = sprintf(i18n::s('Owner has been changed to %s'), Skin::build_link(Users::get_permalink($user), $user['full_name']));
}
$query = "INSERT INTO " . SQL::table_name('issues') . " SET \n" . "anchor='" . SQL::escape($this->attributes['anchor_reference']) . "', \n" . "anchor_url='" . SQL::escape($this->attributes['anchor_url']) . "', \n" . "color='" . SQL::escape(isset($this->attributes['color']) ? $this->attributes['color'] : 'green') . "', \n" . "status='" . SQL::escape(isset($this->attributes['status']) ? $this->attributes['status'] : 'on-going:suspect') . "', \n" . "title='" . SQL::escape($this->attributes['anchor_title']) . "', \n" . "type='" . SQL::escape(isset($this->attributes['type']) ? $this->attributes['type'] : 'incident') . "', \n" . "create_name='" . SQL::escape(isset($this->attributes['create_name']) ? $this->attributes['create_name'] : $this->attributes['edit_name']) . "', \n" . "create_id=" . SQL::escape(isset($this->attributes['create_id']) ? $this->attributes['create_id'] : $this->attributes['edit_id']) . ", \n" . "create_address='" . SQL::escape(isset($this->attributes['create_address']) ? $this->attributes['create_address'] : $this->attributes['edit_address']) . "', \n" . "create_date='" . SQL::escape(isset($this->attributes['create_date']) ? $this->attributes['create_date'] : $this->attributes['edit_date']) . "', \n" . "edit_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "edit_id=" . SQL::escape($this->attributes['edit_id']) . ", \n" . "edit_address='" . SQL::escape($this->attributes['edit_address']) . "', \n" . "edit_action='create', \n" . "edit_date='" . SQL::escape($this->attributes['edit_date']) . "', \n" . "qualification_date='" . SQL::escape(isset($this->attributes['qualification_date']) ? $this->attributes['qualification_date'] : NULL_DATE) . "', \n" . "analysis_date='" . SQL::escape(isset($this->attributes['analysis_date']) ? $this->attributes['analysis_date'] : NULL_DATE) . "', \n" . "resolution_date='" . SQL::escape(isset($this->attributes['resolution_date']) ? $this->attributes['resolution_date'] : NULL_DATE) . "', \n" . "close_date='" . SQL::escape(isset($this->attributes['close_date']) ? $this->attributes['close_date'] : NULL_DATE) . "'";
break;
case 'update':
// only associates and page owners can update the record
if (is_callable(array($this->anchor, 'is_owned')) && $this->anchor->is_owned()) {
// detect type modification
if ($this->attributes['type'] != $this->snapshot['type']) {
$comments[] = sprintf(i18n::s('Workflow has been changed to "%s"'), $this->get_type_label($this->attributes['type']));
}
// detect color modification
if ($this->attributes['color'] != $this->snapshot['color']) {
$comments[] = $this->get_color_label($this->attributes['color']);
}
// change host owner, if any
if ($this->attributes['owner'] && ($user = Users::get($this->attributes['owner'])) && $user['id'] != $this->anchor->get_value('owner_id')) {
$fields = array();
$fields['owner_id'] = $user['id'];
$this->anchor->set_values($fields);
Members::assign('user:'******'id'], $this->anchor->get_reference());
Members::assign($this->anchor->get_reference(), 'user:'******'id']);
$comments[] = sprintf(i18n::s('Owner has been changed to %s'), Skin::build_link(Users::get_permalink($user), $user['full_name']));
}
// update the table of issues
$query = "UPDATE " . SQL::table_name('issues') . " SET \n" . "anchor='" . SQL::escape($this->attributes['anchor_reference']) . "', \n" . "anchor_url='" . SQL::escape($this->attributes['anchor_url']) . "', \n" . "color='" . SQL::escape($this->attributes['color']) . "', \n" . "status='" . SQL::escape($this->attributes['status']) . "', \n" . "title='" . SQL::escape($this->attributes['anchor_title']) . "', \n" . "type='" . SQL::escape($this->attributes['type']) . "', \n" . "create_date='" . SQL::escape(isset($this->attributes['create_date']) ? $this->attributes['create_date'] : $this->attributes['edit_date']) . "', \n" . "qualification_date='" . SQL::escape(isset($this->attributes['qualification_date']) ? $this->attributes['qualification_date'] : NULL_DATE) . "', \n" . "analysis_date='" . SQL::escape(isset($this->attributes['analysis_date']) ? $this->attributes['analysis_date'] : NULL_DATE) . "', \n" . "resolution_date='" . SQL::escape(isset($this->attributes['resolution_date']) ? $this->attributes['resolution_date'] : NULL_DATE) . "', \n" . "close_date='" . SQL::escape(isset($this->attributes['close_date']) ? $this->attributes['close_date'] : NULL_DATE) . "', \n";
// detect status modification
if ($this->attributes['status'] != $this->snapshot['status']) {
$comments[] = $this->get_status_label($this->attributes['status']);
// depending of new status
switch ($this->attributes['status']) {
// case has been recorded --should not happen
case 'on-going:suspect':
$query .= "create_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "create_id=" . SQL::escape($this->attributes['edit_id']) . ", \n" . "create_address='" . SQL::escape($this->attributes['edit_address']) . "', \n";
break;
// problem has been validated
// problem has been validated
case 'cancelled:suspect':
case 'on-going:problem':
$query .= "qualification_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "qualification_id='" . SQL::escape($this->attributes['edit_id']) . "', \n" . "qualification_address='" . SQL::escape($this->attributes['edit_address']) . "', \n";
break;
// cause has been identified
// cause has been identified
case 'cancelled:problem':
case 'on-going:issue':
$query .= "analysis_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "analysis_id='" . SQL::escape($this->attributes['edit_id']) . "', \n" . "analysis_address='" . SQL::escape($this->attributes['edit_address']) . "', \n";
break;
// solution has been achieved
// solution has been achieved
case 'cancelled:issue':
case 'on-going:solution':
$query .= "resolution_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "resolution_id='" . SQL::escape($this->attributes['edit_id']) . "', \n" . "resolution_address='" . SQL::escape($this->attributes['edit_address']) . "', \n";
break;
// ending the issue
// ending the issue
case 'cancelled:solution':
case 'completed:solution':
$query .= "close_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "close_id='" . SQL::escape($this->attributes['edit_id']) . "', \n" . "close_address='" . SQL::escape($this->attributes['edit_address']) . "', \n";
break;
}
}
// track the person who modifies the record
$query .= "edit_name='" . SQL::escape($this->attributes['edit_name']) . "', \n" . "edit_id=" . SQL::escape($this->attributes['edit_id']) . ", \n" . "edit_address='" . SQL::escape($this->attributes['edit_address']) . "', \n" . "edit_action='update', \n" . "edit_date='" . SQL::escape($this->attributes['edit_date'] ? $this->attributes['edit_date'] : $this->attributes['edit_date']) . "' \n" . " WHERE anchor LIKE '" . SQL::escape($this->attributes['anchor_reference']) . "'";
}
// ensure that this change has been recorded
if (!$comments) {
$comments[] = i18n::s('Page has been edited');
}
break;
}
// execute the query --don't stop on error
if (isset($query) && $query) {
SQL::query($query);
}
// add a comment
if ($comments && !$this->anchor->has_option('no_comments')) {
include_once $context['path_to_root'] . 'comments/comments.php';
$fields = array();
$fields['anchor'] = $this->attributes['anchor_reference'];
$fields['description'] = join(BR, $comments);
$fields['type'] = 'notification';
Comments::post($fields);
}
// job done
return TRUE;
}
/**
* unpublish an article
*
* Clear all publishing information
*
* @param int the id of the item to unpublish
* @return string either a null string, or some text describing an error to be inserted into the html response
* @see articles/unpublish.php
**/
public static function unpublish($id)
{
global $context;
// id cannot be empty
if (!$id || !is_numeric($id)) {
return i18n::s('No item has the provided id.');
}
// set default values
$fields = array();
Surfer::check_default_editor($fields);
// update an existing record, except the date
$query = "UPDATE " . SQL::table_name('articles') . " SET " . " publish_name=''," . " publish_id=0," . " publish_address=''," . " publish_date=''," . " edit_name='" . SQL::escape($fields['edit_name']) . "'," . " edit_id=" . SQL::escape($fields['edit_id']) . "," . " edit_address='" . SQL::escape($fields['edit_address']) . "'," . " edit_action='article:update'" . " WHERE id = " . SQL::escape($id);
SQL::query($query);
// end of job
return NULL;
}
/**
* post a new date or an updated date
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return integer the id of the new or updated record, else 0 on error
*
* @see dates/edit.php
**/
public static function post(&$fields)
{
global $context;
// no date
if (!$fields['date_stamp']) {
Logger::error(i18n::s('Please provide a date.'));
return 0;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return 0;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('dates') . " SET " . "date_stamp='" . SQL::escape($fields['date_stamp']) . "'";
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
if (SQL::query($query) === FALSE) {
return 0;
}
// insert a new record
} else {
// always remember the date
$query = "INSERT INTO " . SQL::table_name('dates') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)," . "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)," . "date_stamp='" . SQL::escape($fields['date_stamp']) . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
if (SQL::query($query) === FALSE) {
return 0;
}
// id of the new record
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for dates
Dates::clear($fields);
// end of job
return $fields['id'];
}
/**
* post a new image or an updated image
*
* Accept following situations:
* - id+image: update an existing entry in the database
* - id+no image: only update the database
* - no id+image: create a new entry in the database
* - no id+no image: create a new entry in the database
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the image, or FALSE on error
**/
public static function post(&$fields)
{
global $context;
// no anchor reference
if (!isset($fields['anchor']) || !$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// get the anchor
if (!($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values
if (!isset($fields['use_thumbnail']) || !Surfer::get_id()) {
$fields['use_thumbnail'] = 'Y';
}
// only authenticated users can select to not moderate image sizes
// set default values for this editor
Surfer::check_default_editor($fields);
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
$query = "UPDATE " . SQL::table_name('images') . " SET ";
if (isset($fields['image_name']) && $fields['image_name'] != 'none') {
$query .= "image_name='" . SQL::escape($fields['image_name']) . "'," . "thumbnail_name='" . SQL::escape($fields['thumbnail_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "',";
}
$query .= "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'" . " WHERE id = " . SQL::escape($fields['id']);
// actual update
if (SQL::query($query) === FALSE) {
return FALSE;
}
// insert a new record
} elseif (isset($fields['image_name']) && $fields['image_name'] && isset($fields['image_size']) && $fields['image_size']) {
$query = "INSERT INTO " . SQL::table_name('images') . " SET ";
$query .= "anchor='" . SQL::escape($fields['anchor']) . "'," . "image_name='" . SQL::escape($fields['image_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "thumbnail_name='" . SQL::escape(isset($fields['thumbnail_name']) ? $fields['thumbnail_name'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
// actual update
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// nothing done
} else {
Logger::error(i18n::s('No image has been added.'));
return FALSE;
}
// clear the cache
Images::clear($fields);
// end of job
return $fields['id'];
}
/**
* remember an action once it's done
*
* @see articles/delete.php
* @see articles/edit.php
*
* @param string the action 'insert', 'update' or 'delete'
* @param array the hosting record
* @param string reference of the hosting record (e.g., 'article:123')
* @return FALSE on error, TRUE otherwise
*/
function remember($action, $host, $reference)
{
global $context;
// set default values for this editor
Surfer::check_default_editor($this->attributes);
// add a notification to the anchor page
$comments = array();
// on page creation
if ($action == 'insert') {
// expose all of the anchor interface to the contained overlay
$this->anchor = Anchors::get($reference);
// embed an object referenced by address
if ($this->attributes['embed_type'] == 'href') {
// ask some oEmbed provider to tell us more about this
if ($this->attributes['embed_href'] && ($fields = $this->oembed($this->attributes['embed_href']))) {
// we do want a photo, right?
if (preg_match('/\\.(gif|jpg|jpeg|png)$/i', $this->attributes['embed_href'])) {
$fields['type'] = 'photo';
}
// because deviant-art returns non-standard type 'file' ???
if (isset($fields['url']) && preg_match('/\\.(gif|jpg|jpeg|png)$/i', $fields['url'])) {
$fields['type'] = 'photo';
}
// save meta data in the overlay itself
$fields['id'] = $host['id'];
$this->set_values($fields);
// notify this contribution
switch ($this->attributes['type']) {
case 'link':
$comments[] = sprintf(i18n::s('%s has shared a link'), Surfer::get_name());
break;
case 'photo':
$comments[] = sprintf(i18n::s('%s has shared a photo'), Surfer::get_name());
break;
case 'rich':
$comments[] = sprintf(i18n::s('%s has shared some information'), Surfer::get_name());
break;
case 'video':
$comments[] = sprintf(i18n::s('%s has shared a video'), Surfer::get_name());
break;
default:
// default label is the link itself
$label = $this->attributes['embed_href'];
// fetch page title if possible
if ($this->attributes['embed_href'] && ($content = http::proceed($this->attributes['embed_href']))) {
if (preg_match('/<title>(.*)<\\/title>/siU', $content, $matches)) {
$label = trim(strip_tags(preg_replace('/\\s+/', ' ', $matches[1])));
}
}
// update the record
$fields = array();
$fields['type'] = 'link';
$fields['label'] = $label;
$this->set_values($fields);
$comments[] = sprintf(i18n::s('%s has shared a link'), Surfer::get_name());
break;
}
}
// uploaded files are turned to comments automatically in articles/article.php
}
}
// add a comment if allowed
if ($comments && !$this->anchor->has_option('no_comments')) {
include_once $context['path_to_root'] . 'comments/comments.php';
$fields = array();
$fields['anchor'] = $reference;
$fields['description'] = join(BR, $comments);
$fields['type'] = 'notification';
Comments::post($fields);
}
// job done
return TRUE;
}
/**
* change only some attributes
*
* @param array an array of fields
* @return TRUE on success, or FALSE on error
**/
public static function put_attributes(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// quey components
$query = array();
// change access rights
if (isset($fields['active_set'])) {
// cascade anchor access rights
Anchors::cascade('category:' . $fields['id'], $fields['active']);
// remember these in this record
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
}
// other fields
if (isset($fields['anchor'])) {
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
}
if (isset($fields['articles_layout'])) {
$query[] = "articles_layout='" . SQL::escape($fields['articles_layout']) . "'";
}
if (isset($fields['description'])) {
$query[] = "description='" . SQL::escape($fields['description']) . "'";
}
if (isset($fields['extra'])) {
$query[] = "extra='" . SQL::escape($fields['extra']) . "'";
}
if (isset($fields['icon_url'])) {
$query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'";
}
if (isset($fields['introduction'])) {
$query[] = "introduction='" . SQL::escape($fields['introduction']) . "'";
}
if (isset($fields['options'])) {
$query[] = "options='" . SQL::escape($fields['options']) . "'";
}
if (isset($fields['overlay'])) {
$query[] = "overlay='" . SQL::escape($fields['overlay']) . "'";
}
if (isset($fields['overlay_id'])) {
$query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'";
}
if (isset($fields['prefix']) && Surfer::is_associate()) {
$query[] = "prefix='" . SQL::escape($fields['prefix']) . "'";
}
if (isset($fields['rank'])) {
$query[] = "rank='" . SQL::escape($fields['rank']) . "'";
}
if (isset($fields['sections_layout'])) {
$query[] = "sections_layout='" . SQL::escape($fields['sections_layout']) . "'";
}
if (isset($fields['suffix']) && Surfer::is_associate()) {
$query[] = "suffix='" . SQL::escape($fields['suffix']) . "'";
}
if (isset($fields['keywords'])) {
$query[] = "keywords='" . SQL::escape($fields['keywords']) . "'";
}
if (isset($fields['thumbnail_url'])) {
$query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'";
}
if (isset($fields['title'])) {
$fields['title'] = strip_tags($fields['title'], '<br>');
$query[] = "title='" . SQL::escape($fields['title']) . "'";
}
if (isset($fields['trailer'])) {
$query[] = "trailer='" . SQL::escape($fields['trailer']) . "'";
}
if (isset($fields['users_layout'])) {
$query[] = "users_layout='" . SQL::escape($fields['users_layout']) . "'";
}
if (isset($fields['categories_layout'])) {
$query[] = "categories_layout='" . SQL::escape($fields['categories_layout']) . "'";
}
if (isset($fields['display'])) {
$query[] = "display='" . SQL::escape($fields['display']) . "'";
}
if (isset($fields['background_color'])) {
$query[] = "background_color='" . SQL::escape($fields['background_color']) . "'";
}
if (isset($fields['categories_overlay'])) {
$query[] = "categories_overlay='" . SQL::escape($fields['categories_overlay']) . "'";
}
if (isset($fields['expiry_date'])) {
$query[] = "expiry_date='" . SQL::escape($fields['expiry_date']) . "'";
}
if (isset($fields['path'])) {
$query[] = "path='" . SQL::escape($fields['path']) . "'";
}
// nothing to update
if (!count($query)) {
return TRUE;
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='category:update'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
$query = "UPDATE " . SQL::table_name('categories') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
if (!SQL::query($query)) {
return FALSE;
}
// clear the cache
Categories::clear($fields);
// end of job
return TRUE;
}
/**
* change only some (minor) attributes
*/
public static function put_attributes(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// following fields are forbidden with this function
if (isset($fields['password']) || isset($fields['nickname']) || isset($field['editor'])) {
Logger::error(i18n::s('This action is forbidden with users::put_attributes function.'));
return FALSE;
}
// remember who is changing this record
Surfer::check_default_editor($fields);
// query components
$query = array();
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// protect from hackers
if (isset($fields['avatar_url'])) {
$fields['avatar_url'] = encode_link($fields['avatar_url']);
}
// build SET part of the query
foreach ($fields as $key => $field) {
if ($key == 'id') {
continue;
}
$query[] = $key . "='" . SQL::escape($field) . "'";
}
// nothing to update
if (!count($query)) {
return TRUE;
}
// actual update query
$query = "UPDATE " . SQL::table_name('users') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
if (!SQL::query($query)) {
return FALSE;
}
// list the user in categories
if (isset($fields['tags']) && $fields['tags']) {
Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']);
}
// clear the cache
Articles::clear($fields);
// end of job
return TRUE;
}
