function discuss_save() { $varray = array_map('assert_string', gpsa(array('email', 'name', 'web', 'message', 'ip'))); $varray = $varray + array_map('assert_int', gpsa(array('discussid', 'visible', 'parentid'))); extract(doSlash($varray)); $message = $varray['message'] = preg_replace('#<(/?txp:.+?)>#', '<$1>', $message); $constraints = array('status' => new ChoiceConstraint($visible, array('choices' => array(SPAM, MODERATE, VISIBLE), 'message' => 'invalid_status'))); callback_event_ref('discuss_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); if ($validator->validate() && safe_update('txp_discuss', "email = '{$email}',\n name = '{$name}',\n web = '{$web}',\n message = '{$message}',\n visible = {$visible}", "discussid = {$discussid}")) { update_comments_count($parentid); update_lastmod('discuss_saved', compact('discussid', 'email', 'name', 'web', 'message', 'ip', 'visible', 'parentid')); $message = gTxt('comment_updated', array('{id}' => $discussid)); } else { $message = array(gTxt('comment_save_failed'), E_ERROR); } discuss_list($message); }
/** * The main panel listing all articles. * * @param string|array $message The activity message * @param string $post Not used */ function list_list($message = '', $post = '') { global $statuses, $use_comments, $comments_disabled_after, $step, $txp_user, $article_list_pageby, $event; pagetop(gTxt('tab_list'), $message); extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); if ($sort === '') { $sort = get_pref('article_sort_column', 'posted'); } else { if (!in_array($sort, array('id', 'title', 'expires', 'section', 'category1', 'category2', 'status', 'author', 'comments', 'lastmod'))) { $sort = 'posted'; } set_pref('article_sort_column', $sort, 'list', 2, '', 0, PREF_PRIVATE); } if ($dir === '') { $dir = get_pref('article_sort_dir', 'desc'); } else { $dir = $dir == 'asc' ? "asc" : "desc"; set_pref('article_sort_dir', $dir, 'list', 2, '', 0, PREF_PRIVATE); } $sesutats = array_flip($statuses); switch ($sort) { case 'id': $sort_sql = "textpattern.ID {$dir}"; break; case 'title': $sort_sql = "textpattern.Title {$dir}, textpattern.Posted DESC"; break; case 'expires': $sort_sql = "textpattern.Expires {$dir}"; break; case 'section': $sort_sql = "section.title {$dir}, textpattern.Posted DESC"; break; case 'category1': $sort_sql = "category1.title {$dir}, textpattern.Posted DESC"; break; case 'category2': $sort_sql = "category2.title {$dir}, textpattern.Posted DESC"; break; case 'status': $sort_sql = "textpattern.Status {$dir}, textpattern.Posted DESC"; break; case 'author': $sort_sql = "user.RealName {$dir}, textpattern.Posted DESC"; break; case 'comments': $sort_sql = "textpattern.comments_count {$dir}, textpattern.Posted DESC"; break; case 'lastmod': $sort_sql = "textpattern.LastMod {$dir}, textpattern.Posted DESC"; break; default: $sort = 'posted'; $sort_sql = "textpattern.Posted {$dir}"; break; } $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $search = new Filter($event, array('id' => array('column' => 'textpattern.ID', 'label' => gTxt('ID'), 'type' => 'integer'), 'title_body_excerpt' => array('column' => array('textpattern.Title', 'textpattern.Body', 'textpattern.Excerpt'), 'label' => gTxt('title_body_excerpt')), 'section' => array('column' => array('textpattern.Section', 'section.title'), 'label' => gTxt('section')), 'keywords' => array('column' => 'textpattern.Keywords', 'label' => gTxt('keywords'), 'type' => 'find_in_set'), 'categories' => array('column' => array('textpattern.Category1', 'textpattern.Category2', 'category1.title', 'category2.title'), 'label' => gTxt('categories')), 'status' => array('column' => array('textpattern.Status'), 'label' => gTxt('status'), 'type' => 'boolean'), 'author' => array('column' => array('textpattern.AuthorID', 'user.RealName'), 'label' => gTxt('author')), 'article_image' => array('column' => array('textpattern.Image'), 'label' => gTxt('article_image'), 'type' => 'integer'), 'posted' => array('column' => array('textpattern.Posted'), 'label' => gTxt('posted')), 'lastmod' => array('column' => array('textpattern.LastMod'), 'label' => gTxt('article_modified')))); $search->setAliases('status', $statuses); list($criteria, $crit, $search_method) = $search->getFilter(array('id' => array('can_list' => true), 'article_image' => array('can_list' => true), 'title_body_excerpt' => array('always_like' => true))); $search_render_options = array('placeholder' => 'search_articles'); $sql_from = safe_pfx('textpattern') . " textpattern\n LEFT JOIN " . safe_pfx('txp_category') . " category1 ON category1.name = textpattern.Category1 AND category1.type = 'article'\n LEFT JOIN " . safe_pfx('txp_category') . " category2 ON category2.name = textpattern.Category2 AND category2.type = 'article'\n LEFT JOIN " . safe_pfx('txp_section') . " section ON section.name = textpattern.Section\n LEFT JOIN " . safe_pfx('txp_users') . " user ON user.name = textpattern.AuthorID"; if ($criteria === 1) { $total = safe_count('textpattern', $criteria); } else { $total = getThing("SELECT COUNT(*) FROM {$sql_from} WHERE {$criteria}"); } echo n . tag(hed(gTxt('tab_list'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1')); $searchBlock = n . tag($search->renderForm('list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => $event . '_control')); $createBlock = array(); if (has_privs('article.edit')) { $createBlock[] = n . tag(sLink('article', '', gTxt('add_new_article'), 'txp-button'), 'div', array('class' => 'txp-control-panel')); } $contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => $event . '_container')); $createBlock = implode(n, $createBlock); if ($total < 1) { if ($criteria != 1) { echo $searchBlock . $contentBlockStart . $createBlock . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information')); } else { echo $contentBlockStart . $createBlock . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_articles_recorded'), array('class' => 'alert-block information')); } echo n . tag_end('div'); return; } $limit = max($article_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); echo $searchBlock . $contentBlockStart . $createBlock; $rs = safe_query("SELECT\n textpattern.ID, textpattern.Title, textpattern.url_title, textpattern.Section,\n textpattern.Category1, textpattern.Category2,\n textpattern.Status, textpattern.Annotate, textpattern.AuthorID,\n UNIX_TIMESTAMP(textpattern.Posted) AS posted,\n UNIX_TIMESTAMP(textpattern.LastMod) AS lastmod,\n UNIX_TIMESTAMP(textpattern.Expires) AS expires,\n category1.title AS category1_title,\n category2.title AS category2_title,\n section.title AS section_title,\n user.RealName AS RealName,\n (SELECT COUNT(*) FROM " . safe_pfx('txp_discuss') . " WHERE parentid = textpattern.ID) AS total_comments\n FROM {$sql_from} WHERE {$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}"); if ($rs) { $show_authors = !has_single_author('textpattern', 'AuthorID'); echo n . tag(toggle_box('articles_detail'), 'div', array('class' => 'txp-list-options')) . n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'articles_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') . column_head('ID', 'id', 'list', true, $switch_dir, $crit, $search_method, ('id' == $sort ? "{$dir} " : '') . 'txp-list-col-id') . column_head('title', 'title', 'list', true, $switch_dir, $crit, $search_method, ('title' == $sort ? "{$dir} " : '') . 'txp-list-col-title') . column_head('posted', 'posted', 'list', true, $switch_dir, $crit, $search_method, ('posted' == $sort ? "{$dir} " : '') . 'txp-list-col-created date') . column_head('article_modified', 'lastmod', 'list', true, $switch_dir, $crit, $search_method, ('lastmod' == $sort ? "{$dir} " : '') . 'txp-list-col-lastmod date articles_detail') . column_head('expires', 'expires', 'list', true, $switch_dir, $crit, $search_method, ('expires' == $sort ? "{$dir} " : '') . 'txp-list-col-expires date articles_detail') . column_head('section', 'section', 'list', true, $switch_dir, $crit, $search_method, ('section' == $sort ? "{$dir} " : '') . 'txp-list-col-section') . column_head('category1', 'category1', 'list', true, $switch_dir, $crit, $search_method, ('category1' == $sort ? "{$dir} " : '') . 'txp-list-col-category1 category articles_detail') . column_head('category2', 'category2', 'list', true, $switch_dir, $crit, $search_method, ('category2' == $sort ? "{$dir} " : '') . 'txp-list-col-category2 category articles_detail') . column_head('status', 'status', 'list', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'txp-list-col-status') . ($show_authors ? column_head('author', 'author', 'list', true, $switch_dir, $crit, $search_method, ('author' == $sort ? "{$dir} " : '') . 'txp-list-col-author name') : '') . ($use_comments == 1 ? column_head('comments', 'comments', 'list', true, $switch_dir, $crit, $search_method, ('comments' == $sort ? "{$dir} " : '') . 'txp-list-col-comments articles_detail') : '')) . n . tag_end('thead'); include_once txpath . '/publish/taghandlers.php'; echo n . tag_start('tbody'); $validator = new Validator(); while ($a = nextRow($rs)) { extract($a); if ($Title === '') { $Title = '<em>' . eLink('article', 'edit', 'ID', $ID, gTxt('untitled')) . '</em>'; } else { $Title = eLink('article', 'edit', 'ID', $ID, $Title); } // Valid section and categories? $validator->setConstraints(array(new SectionConstraint($Section))); $vs = $validator->validate() ? '' : ' error'; $validator->setConstraints(array(new CategoryConstraint($Category1, array('type' => 'article')))); $vc[1] = $validator->validate() ? '' : ' error'; $validator->setConstraints(array(new CategoryConstraint($Category2, array('type' => 'article')))); $vc[2] = $validator->validate() ? '' : ' error'; $Category1 = $Category1 ? span(txpspecialchars($category1_title), array('title' => $Category1)) : ''; $Category2 = $Category2 ? span(txpspecialchars($category2_title), array('title' => $Category2)) : ''; if ($Status != STATUS_LIVE and $Status != STATUS_STICKY) { $view_url = '?txpreview=' . intval($ID) . '.' . time(); } else { $view_url = permlinkurl($a); } if (isset($statuses[$Status])) { $Status = $statuses[$Status]; } $comments = '(' . $total_comments . ')'; if ($total_comments) { $comments = href($comments, array('event' => 'discuss', 'step' => 'list', 'search_method' => 'parent', 'crit' => $ID), array('title' => gTxt('manage'))); } $comment_status = $Annotate ? gTxt('on') : gTxt('off'); if ($comments_disabled_after) { $lifespan = $comments_disabled_after * 86400; $time_since = time() - $posted; if ($time_since > $lifespan) { $comment_status = gTxt('expired'); } } $comments = tag($comment_status, 'span', array('class' => 'comments-status')) . ' ' . tag($comments, 'span', array('class' => 'comments-manage')); echo tr(td(($a['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $a['Status'] >= STATUS_LIVE and $AuthorID === $txp_user and has_privs('article.edit.own.published') or $a['Status'] < STATUS_LIVE and has_privs('article.edit') or $a['Status'] < STATUS_LIVE and $AuthorID === $txp_user and has_privs('article.edit.own')) ? fInput('checkbox', 'selected[]', $ID, 'checkbox') : '', '', 'txp-list-col-multi-edit') . hCell(eLink('article', 'edit', 'ID', $ID, $ID) . sp . span(span('[', array('aria-hidden' => 'true')) . href(gTxt('view'), $view_url) . span(']', array('aria-hidden' => 'true')), array('class' => 'txp-option-link articles_detail')), '', ' class="txp-list-col-id" scope="row"') . td($Title, '', 'txp-list-col-title') . td(gTime($posted), '', 'txp-list-col-created date' . ($posted < time() ? '' : ' unpublished')) . td(gTime($lastmod), '', 'txp-list-col-lastmod date articles_detail' . ($posted === $lastmod ? ' not-modified' : '')) . td($expires ? gTime($expires) : '', '', 'txp-list-col-expires date articles_detail') . td(span(txpspecialchars($section_title), array('title' => $Section)), '', 'txp-list-col-section' . $vs) . td($Category1, '', 'txp-list-col-category1 category articles_detail' . $vc[1]) . td($Category2, '', 'txp-list-col-category2 category articles_detail' . $vc[2]) . td(href($Status, $view_url, join_atts(array('title' => gTxt('view')))), '', 'txp-list-col-status') . ($show_authors ? td(span(txpspecialchars($RealName), array('title' => $AuthorID)), '', 'txp-list-col-author name') : '') . ($use_comments ? td($comments, '', 'txp-list-col-comments articles_detail') : '')); } echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . list_multiedit_form($page, $sort, $dir, $crit, $search_method) . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => $event . '_navigation')) . pageby_form('list', $article_list_pageby) . nav_form('list', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . tag_end('div'); } echo n . tag_end('div'); }
/** * Validates article data. * * @param array $rs Article data * @param string|array $msg Initial message * @return string HTML */ function article_validate($rs, &$msg) { global $prefs, $step, $statuses; if (!empty($msg)) { return false; } $constraints = array('Status' => new ChoiceConstraint($rs['Status'], array('choices' => array_keys($statuses), 'message' => 'invalid_status')), 'Section' => new SectionConstraint($rs['Section']), 'Category1' => new CategoryConstraint($rs['Category1'], array('type' => 'article')), 'Category2' => new CategoryConstraint($rs['Category2'], array('type' => 'article')), 'textile_body' => new \Textpattern\Textfilter\Constraint($rs['textile_body'], array('message' => 'invalid_textfilter_body')), 'textile_excerpt' => new \Textpattern\Textfilter\Constraint($rs['textile_excerpt'], array('message' => 'invalid_textfilter_excerpt'))); if (!$prefs['articles_use_excerpts']) { $constraints['excerpt_blank'] = new BlankConstraint($rs['Excerpt'], array('message' => 'excerpt_not_blank')); } if (!$prefs['use_comments']) { $constraints['annotate_invite_blank'] = new BlankConstraint($rs['AnnotateInvite'], array('message' => 'invite_not_blank')); $constraints['annotate_false'] = new FalseConstraint($rs['Annotate'], array('message' => 'comments_are_on')); } if ($prefs['allow_form_override']) { $constraints['override_form'] = new FormConstraint($rs['override_form'], array('type' => 'article')); } else { $constraints['override_form'] = new BlankConstraint($rs['override_form'], array('message' => 'override_form_not_blank')); } callback_event_ref('article_ui', "validate_{$step}", 0, $rs, $constraints); $validator = new Validator($constraints); if ($validator->validate()) { $msg = ''; return true; } else { $msg = doArray($validator->getMessages(), 'gTxt'); $msg = array(join(', ', $msg), E_ERROR); return false; } }
function file_save() { global $file_base_path, $file_statuses, $txp_user; $varray = array_map('assert_string', gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second'))); extract(doSlash($varray)); $filename = $varray['filename'] = sanitizeForFile(gps('filename')); if ($filename == '') { file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR)); return; } $id = $varray['id'] = assert_int($id); $permissions = gps('perms'); if (is_array($permissions)) { asort($permissions); $permissions = implode(",", $permissions); } $varray['permissions'] = $permissions; $perms = doSlash($permissions); $rs = safe_row("filename, author", 'txp_file', "id = {$id}"); if (!has_privs('file.edit') && !($rs['author'] === $txp_user && has_privs('file.edit.own'))) { require_privs(); } $old_filename = $varray['old_filename'] = sanitizeForFile($rs['filename']); if ($old_filename != false && strcmp($old_filename, $filename) != 0) { $old_path = build_file_path($file_base_path, $old_filename); $new_path = build_file_path($file_base_path, $filename); if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) { file_list(array(gTxt('file_cannot_rename', array('{name}' => $filename)), E_ERROR)); return; } else { file_set_perm($new_path); } } $created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); if ($publish_now) { $created = "NOW()"; } elseif ($created_ts > 0) { $created = "FROM_UNIXTIME('" . $created_ts . "')"; } else { $created = ''; } $size = filesize(build_file_path($file_base_path, $filename)); $constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'file')), 'status' => new ChoiceConstraint(gps('status'), array('choices' => array_keys($file_statuses), 'message' => 'invalid_status'))); callback_event_ref('file_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); $rs = $validator->validate() && safe_update('txp_file', "\n filename = '" . doSlash($filename) . "',\n title = '{$title}',\n category = '{$category}',\n permissions = '{$perms}',\n description = '{$description}',\n status = '{$status}',\n size = '{$size}',\n modified = NOW()" . ($created ? ", created = {$created}" : ''), "id = {$id}"); if (!$rs) { // Update failed, rollback name. if (isset($old_path) && shift_uploaded_file($new_path, $old_path) === false) { file_list(array(gTxt('file_unsynchronized', array('{name}' => $filename)), E_ERROR)); return; } else { file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR)); return; } } update_lastmod('file_saved', compact('id', 'filename', 'title', 'category', 'description', 'status', 'size')); now('created', true); file_list(gTxt('file_updated', array('{name}' => $filename))); }
function image_save() { global $txp_user; $varray = array_map('assert_string', gpsa(array('id', 'name', 'category', 'caption', 'alt'))); extract(doSlash($varray)); $id = $varray['id'] = assert_int($id); $author = fetch('author', 'txp_image', 'id', $id); if (!has_privs('image.edit') && !($author === $txp_user && has_privs('image.edit.own'))) { image_list(gTxt('restricted_area')); return; } $constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'image'))); callback_event_ref('image_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); if ($validator->validate() && safe_update('txp_image', "name = '{$name}',\n category = '{$category}',\n alt = '{$alt}',\n caption = '{$caption}'", "id = {$id}")) { $message = gTxt('image_updated', array('{name}' => doStrip($name))); update_lastmod('image_saved', compact('id', 'name', 'category', 'alt', 'caption')); } else { $message = array(gTxt('image_save_failed'), E_ERROR); } image_list($message); }
function link_save() { global $vars, $txp_user; $varray = array_map('assert_string', gpsa($vars)); extract(doSlash($varray)); if ($id) { $id = $varray['id'] = assert_int($id); } if ($linkname === '' && $url === '' && $description === '') { link_list(array(gTxt('link_empty'), E_ERROR)); return; } $author = fetch('author', 'txp_link', 'id', $id); if (!has_privs('link.edit') && !($author === $txp_user && has_privs('link.edit.own'))) { link_list(gTxt('restricted_area')); return; } if (!$linksort) { $linksort = $linkname; } $constraints = array('category' => new CategoryConstraint($varray['category'], array('type' => 'link'))); callback_event_ref('link_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); if ($validator->validate()) { if ($id) { $ok = safe_update('txp_link', "category = '{$category}',\n url = '" . trim($url) . "',\n linkname = '{$linkname}',\n linksort = '{$linksort}',\n description = '{$description}',\n author = '" . doSlash($txp_user) . "'", "id = {$id}"); } else { $ok = safe_insert('txp_link', "category = '{$category}',\n date = NOW(),\n url = '" . trim($url) . "',\n linkname = '{$linkname}',\n linksort = '{$linksort}',\n description = '{$description}',\n author = '" . doSlash($txp_user) . "'"); if ($ok) { $GLOBALS['ID'] = $_POST['id'] = $ok; } } if ($ok) { // update lastmod due to link feeds update_lastmod('link_saved', compact('id', 'linkname', 'linksort', 'url', 'category', 'description')); $message = gTxt($id ? 'link_updated' : 'link_created', array('{name}' => doStrip($linkname))); } else { $message = array(gTxt('link_save_failed'), E_ERROR); } } else { $message = array(gTxt('link_save_failed'), E_ERROR); } link_list($message); }