static function display_recent_comments($num = 4, $page = 'blog') { // Load comments and titles for the entries $sql = "SELECT\n `name`,\n `comment`,\n `" . DB_PREFIX . "comments`.`created`,\n `title`,\n `slug`\n\t\t\t\tFROM `" . DB_PREFIX . "comments`\n\t\t\t\tLEFT JOIN `" . DB_PREFIX . "entries`\n\t\t\t\t\tUSING( `entry_id` )\n\t\t\t\tORDER BY `" . DB_PREFIX . "comments`.`created` DESC\n\t\t\t\tLIMIT {$num}"; try { $stmt = DB_Connect::create()->db->query($sql); FB::log($sql); $list = NULL; foreach ($stmt->fetchAll(PDO::FETCH_OBJ) as $entry) { $text = Utilities::text_preview(stripslashes($entry->title), 5, FALSE); $url = $entry->slug; $comment = Utilities::text_preview($entry->comment, 10, FALSE); $link = "/{$page}/{$entry->slug}"; $list .= "\n <li>{$entry->name} posted on <a href=\"{$link}\">{$text}</a>: {$comment}</li>"; } $stmt->closeCursor(); return "\n <ul id=\"recent-comments\">{$list}\n </ul>"; } catch (Exception $e) { FB::log($e); throw new Exception("Couldn't load popular entries."); } }
/** * Writes data to the database; either updates or creates an entry * * @return bool Returns true on success or false on error */ public function save_entry() { // Initialize all variables to prevent any notices $entry_id = ''; $page_id = ''; $title = NULL; $entry = NULL; $excerpt = NULL; $slug = ""; $tags = NULL; $extra = array(); $var_names = array('entry_id', 'page_id', 'title', 'entry', 'excerpt', 'slug', 'tags', 'author', 'created'); // Loop through the POST array and define all variables foreach ($_POST as $key => $val) { if (!in_array($key, array('page', 'action', 'token', 'form-submit')) && !in_array($key, $var_names)) { $extra[$key] = $val; } else { if ($key === "entry" || $key === "excerpt") { ${$key} = $val; } else { // If it's not the body of the entry, escape all entities ${$key} = htmlentities($val, ENT_QUOTES, 'UTF-8', FALSE); } } } foreach ($_FILES as $key => $val) { // If a file was uploaded, handle it here if (is_array($_FILES[$key]) && $_FILES[$key]['error'] === 0) { // First, see if the file is an image ${$key} = ImageControl::check_image($_FILES[$key]); // If not, just save the file if (!${$key}) { ${$key} = Utilities::store_uploaded_file($_FILES[$key]); } $extra[$key] = ${$key}; } else { if (!empty($_POST[$key . '-value'])) { $extra[$key] = SIV::clean_output($_POST[$key . '-value'], FALSE, FALSE); } } } // If a slug wasn't set, save a URL version of the title $slug = empty($slug) ? Utilities::make_url($title) : $slug; // Make sure an order value exists $order = !empty($order) ? $order : 0; // If an excerpt wasn't set, create a text preview $excerpt = empty($excerpt) ? strip_tags(Utilities::text_preview($entry)) : $excerpt; // Store the author's name and a timestamp $author = $_SESSION['user']['name']; $created = time(); // Set up the query to insert or update the entry $sql = "INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "entries`\n (" . self::ENTRY_FIELDS . "\n )\n VALUES\n (\n :entry_id,\n (\n SELECT `page_id`\n FROM `" . DB_NAME . "`.`" . DB_PREFIX . "pages`\n WHERE `page_slug`=:page_slug\n LIMIT 1\n ), :title, :entry, :excerpt, :slug, :tags,\n :order, :extra, :author, :created\n )\n ON DUPLICATE KEY UPDATE\n `title`=:title,\n `entry`=:entry,\n `excerpt`=:excerpt,\n `slug`=:slug,\n `tags`=:tags,\n `order`=:order,\n `extra`=:extra;"; try { $stmt = $this->db->prepare($sql); $stmt->bindParam(":entry_id", $entry_id, PDO::PARAM_INT); $stmt->bindParam(":page_slug", $page, PDO::PARAM_INT); $stmt->bindParam(":title", $title, PDO::PARAM_STR); $stmt->bindParam(":entry", $entry, PDO::PARAM_STR); $stmt->bindParam(":excerpt", $excerpt, PDO::PARAM_STR); $stmt->bindParam(":slug", $slug, PDO::PARAM_STR); $stmt->bindParam(":order", $order, PDO::PARAM_INT); $stmt->bindParam(":tags", $tags, PDO::PARAM_STR); $stmt->bindParam(":extra", serialize($extra), PDO::PARAM_STR); $stmt->bindParam(":author", $author, PDO::PARAM_STR); $stmt->bindParam(":created", $created, PDO::PARAM_STR); $stmt->execute(); if ($stmt->errorCode() !== '00000') { $err = $stmt->errorInfo(); ECMS_Error::log_exception(new Exception($err[2])); } $stmt->closeCursor(); return TRUE; } catch (Exception $e) { $this->_log_exception($e); } }
/** * Replaces template tags with entry data * * @param object $entry The entry object * @param array $params Parameters for replacement * @param array $matches The matches from preg_replace_callback() * @return string The replaced template value */ public static function replace_tags($entry, $params, $matches) { // Unserialize the object $entry = unserialize($entry); // Make sure the template tag has a matching array element if (property_exists($entry, $matches[1]) || property_exists($entry, 'extra_props') && array_key_exists($matches[1], $entry->extra_props)) { // Grab the value from the Entry object $val = $entry->{$matches[1]}; // Run htmlentities() is the parameter is set to TRUE if ($params['htmlentities'] === TRUE) { $val = htmlentities($val, ENT_QUOTES); } // Run strip_tags() if the parameter is set to TRUE if ($params['strip_tags'] === TRUE) { $whitelist = STRIP_TAGS_WHITELIST; if (isset($params['strip_tags_whitelist'])) { $whitelist = $params['strip_tags_whitelist']; } $val = Utilities::strip_tags_attr($val, $whitelist); } // Create a text preview if one the parameter is set to TRUE if ($params['text_preview'] === TRUE && $matches[1] == 'entry') { $val = Utilities::text_preview($val, $params['text_preview_length']); } return $val; } else { return '{' . $matches[1] . '}'; } }