function list_multi_edit() { global $txp_user; $selected = ps('selected'); if (!$selected or !is_array($selected)) { return list_list(); } $selected = array_map('assert_int', $selected); $method = ps('edit_method'); $changed = false; $ids = array(); if ($method == 'delete') { if (!has_privs('article.delete')) { $allowed = array(); if (has_privs('article.delete.own')) { foreach ($selected as $id) { $author = safe_field('AuthorID', 'textpattern', "ID = {$id}"); if ($author == $txp_user) { $allowed[] = $id; } } } $selected = $allowed; } foreach ($selected as $id) { if (safe_delete('textpattern', "ID = {$id}")) { $ids[] = $id; } } $changed = join(', ', $ids); if ($changed) { safe_update('txp_discuss', "visible = " . MODERATE, "parentid in({$changed})"); } } else { $selected = array_map('assert_int', $selected); $selected = safe_rows('ID, AuthorID, Status', 'textpattern', 'ID in (' . implode(',', $selected) . ')'); $allowed = array(); foreach ($selected as $item) { if ($item['Status'] >= 4 and has_privs('article.edit.published') or $item['Status'] >= 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $item['Status'] < 4 and has_privs('article.edit') or $item['Status'] < 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own')) { $allowed[] = $item['ID']; } } $selected = $allowed; unset($allowed); switch ($method) { // change author case 'changeauthor': $key = 'AuthorID'; $val = has_privs('article.edit') ? ps('AuthorID') : ''; // do not allow to be set to an empty value if (!$val) { $selected = array(); } break; // change category1 // change category1 case 'changecategory1': $key = 'Category1'; $val = ps('Category1'); break; // change category2 // change category2 case 'changecategory2': $key = 'Category2'; $val = ps('Category2'); break; // change comments // change comments case 'changecomments': $key = 'Annotate'; $val = (int) ps('Annotate'); break; // change section // change section case 'changesection': $key = 'Section'; $val = ps('Section'); // do not allow to be set to an empty value if (!$val) { $selected = array(); } break; // change status // change status case 'changestatus': $key = 'Status'; $val = ps('Status'); if (!has_privs('article.publish') && $val >= 4) { $val = 3; } // do not allow to be set to an empty value if (!$val) { $selected = array(); } break; default: $key = ''; $val = ''; break; } if ($selected and $key) { foreach ($selected as $id) { if (safe_update('textpattern', "{$key} = '" . doSlash($val) . "'", "ID = {$id}")) { $ids[] = $id; } } $changed = join(', ', $ids); } } if ($changed) { update_lastmod(); return list_list(messenger('article', $changed, $method == 'delete' ? 'deleted' : 'modified')); } return list_list(); }
/** * Processes multi-edit actions. */ function list_multi_edit() { global $txp_user, $statuses, $all_cats, $all_authors, $all_sections; extract(psa(array('selected', 'edit_method'))); if (!$selected || !is_array($selected)) { return list_list(); } $selected = array_map('assert_int', $selected); // Empty entry to permit clearing the categories. $categories = array(''); foreach ($all_cats as $row) { $categories[] = $row['name']; } $allowed = array(); $field = $value = ''; switch ($edit_method) { // Delete. case 'delete': if (!has_privs('article.delete')) { if (has_privs('article.delete.own')) { $allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'"); } $selected = $allowed; } if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) { safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")"); callback_event('articles_deleted', '', 0, $selected); callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value')); update_lastmod('articles_deleted', $selected); now('posted', true); now('expires', true); return list_list(messenger('article', join(', ', $selected), 'deleted')); } return list_list(); break; // Change author. // Change author. case 'changeauthor': $value = ps('AuthorID'); if (has_privs('article.edit') && in_array($value, $all_authors, true)) { $field = 'AuthorID'; } break; // Change category1. // Change category1. case 'changecategory1': $value = ps('Category1'); if (in_array($value, $categories, true)) { $field = 'Category1'; } break; // Change category2. // Change category2. case 'changecategory2': $value = ps('Category2'); if (in_array($value, $categories, true)) { $field = 'Category2'; } break; // Change comment status. // Change comment status. case 'changecomments': $field = 'Annotate'; $value = (int) ps('Annotate'); break; // Change section. // Change section. case 'changesection': $value = ps('Section'); if (in_array($value, $all_sections, true)) { $field = 'Section'; } break; // Change status. // Change status. case 'changestatus': $value = (int) ps('Status'); if (array_key_exists($value, $statuses)) { $field = 'Status'; } if (!has_privs('article.publish') && $value >= STATUS_LIVE) { $value = STATUS_PENDING; } break; } $selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")"); foreach ($selected as $item) { if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) { $allowed[] = $item['ID']; } } $selected = $allowed; if ($selected) { $message = messenger('article', join(', ', $selected), 'modified'); if ($edit_method === 'duplicate') { $rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")"); if ($rs) { while ($a = nextRow($rs)) { unset($a['ID'], $a['LastMod'], $a['LastModID'], $a['Expires']); $a['uid'] = md5(uniqid(rand(), true)); $a['AuthorID'] = $txp_user; foreach ($a as $name => &$value) { $value = "`{$name}` = '" . doSlash($value) . "'"; } if ($id = (int) safe_insert('textpattern', join(',', $a))) { safe_update('textpattern', "Title = CONCAT(Title, ' (', {$id}, ')'),\n url_title = CONCAT(url_title, '-', {$id}),\n Posted = NOW(),\n feed_time = NOW()", "ID = {$id}"); } } } $message = gTxt('duplicated_articles', array('{id}' => join(', ', $selected))); } elseif (!$field || safe_update('textpattern', "{$field} = '" . doSlash($value) . "'", "ID IN (" . join(',', $selected) . ")") === false) { return list_list(); } update_lastmod('articles_updated', compact('selected', 'field', 'value')); now('posted', true); now('expires', true); callback_event('multi_edited.articles', $edit_method, 0, compact('selected', 'field', 'value')); return list_list($message); } return list_list(); }
function list_multi_edit() { global $txp_user, $statuses, $all_cats, $all_authors, $all_sections; // Empty entry to permit clearing the categories $categories = array(''); foreach ($all_cats as $row) { $categories[] = $row['name']; } $selected = ps('selected'); if (!$selected or !is_array($selected)) { return list_list(); } $selected = array_map('assert_int', $selected); $method = ps('edit_method'); $changed = false; $ids = array(); $key = ''; if ($method == 'delete') { if (!has_privs('article.delete')) { $allowed = array(); if (has_privs('article.delete.own')) { $allowed = safe_column_num('ID', 'textpattern', 'ID in(' . join(',', $selected) . ') and AuthorID=\'' . doSlash($txp_user) . '\''); } $selected = $allowed; } foreach ($selected as $id) { if (safe_delete('textpattern', "ID = {$id}")) { $ids[] = $id; } } $changed = join(', ', $ids); if ($changed) { safe_update('txp_discuss', "visible = " . MODERATE, "parentid in({$changed})"); callback_event('articles_deleted', '', 0, $ids); } } else { $selected = safe_rows('ID, AuthorID, Status', 'textpattern', 'ID in (' . implode(',', $selected) . ')'); $allowed = array(); foreach ($selected as $item) { if ($item['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $item['Status'] >= STATUS_LIVE and $item['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $item['Status'] < STATUS_LIVE and has_privs('article.edit') or $item['Status'] < STATUS_LIVE and $item['AuthorID'] == $txp_user and has_privs('article.edit.own')) { $allowed[] = $item['ID']; } } $selected = $allowed; unset($allowed); switch ($method) { // change author case 'changeauthor': $val = has_privs('article.edit') ? ps('AuthorID') : ''; if (in_array($val, $all_authors)) { $key = 'AuthorID'; } break; // change category1 // change category1 case 'changecategory1': $val = ps('Category1'); if (in_array($val, $categories)) { $key = 'Category1'; } break; // change category2 // change category2 case 'changecategory2': $val = ps('Category2'); if (in_array($val, $categories)) { $key = 'Category2'; } break; // change comments // change comments case 'changecomments': $key = 'Annotate'; $val = (int) ps('Annotate'); break; // change section // change section case 'changesection': $val = ps('Section'); if (in_array($val, $all_sections)) { $key = 'Section'; } break; // change status // change status case 'changestatus': $val = (int) ps('Status'); if (array_key_exists($val, $statuses)) { $key = 'Status'; } if (!has_privs('article.publish') && $val >= STATUS_LIVE) { $val = STATUS_PENDING; } break; default: $key = ''; $val = ''; break; } if ($selected and $key) { foreach ($selected as $id) { if (safe_update('textpattern', "{$key} = '" . doSlash($val) . "'", "ID = {$id}")) { $ids[] = $id; } } $changed = join(', ', $ids); } } if ($changed) { update_lastmod(); return list_list(messenger('article', $changed, $method == 'delete' ? 'deleted' : 'modified')); } return list_list(); }
function list_multi_edit() { global $txp_user; if (ps('selected') and !has_privs('article.delete')) { $ids = array(); if (has_privs('article.delete.own')) { foreach (ps('selected') as $id) { $author = safe_field('AuthorID', 'textpattern', "ID='" . doSlash($id) . "'"); if ($author == $txp_user) { $ids[] = $id; } } } $_POST['selected'] = $ids; } $deleted = event_multi_edit('textpattern', 'ID'); if (!empty($deleted)) { $method = ps('method'); return list_list(messenger('article', $deleted, $method == 'delete' ? 'deleted' : 'modified')); } return list_list(); }
function list_multi_edit() { $method = ps('method'); $things = ps('selected'); if ($things) { foreach ($things as $ID) { if ($method == 'delete') { if (safe_delete('textpattern', "ID='{$ID}'")) { $ids[] = $ID; } } } list_list(messenger('article', join(', ', $ids), 'deleted')); } else { list_list(); } }