/** * Load data from Request form fields. * * @param array groups of params to load * @return boolean true if loaded data seems valid. */ function load_from_Request($groups = array()) { global $Messages, $default_locale, $DB; /** * @var User */ global $current_User; if (param('blog_name', 'string', NULL) !== NULL) { // General params: $this->set_from_Request('name'); $this->set('shortname', param('blog_shortname', 'string', true)); $this->set('locale', param('blog_locale', 'string', $default_locale)); } if (param('archive_links', 'string', NULL) !== NULL) { // Archive link type: $this->set_setting('archive_links', get_param('archive_links')); $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true); } if (param('chapter_links', 'string', NULL) !== NULL) { // Chapter link type: $this->set_setting('chapter_links', get_param('chapter_links')); } if (param('category_prefix', 'string', NULL) !== NULL) { $category_prefix = get_param('category_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) { param_error('category_prefix', T_('Invalid category prefix.')); } $this->set_setting('category_prefix', $category_prefix); } if (param('tag_links', 'string', NULL) !== NULL) { // Tag page link type: $this->set_setting('tag_links', get_param('tag_links')); } if (param('tag_prefix', 'string', NULL) !== NULL) { $category_prefix = get_param('tag_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) { param_error('tag_prefix', T_('Invalid category prefix.')); } $this->set_setting('tag_prefix', $category_prefix); } if (param('chapter_posts_per_page', 'integer', NULL) !== NULL) { // Chapter link type: $this->set_setting('chapter_posts_per_page', get_param('chapter_posts_per_page'), true); $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true); } if (param('single_links', 'string', NULL) !== NULL) { // Single post link type: $this->set_setting('single_links', get_param('single_links')); } if (param('blog_skin_ID', 'integer', NULL) !== NULL) { // Default blog: $this->set_from_Request('skin_ID'); } if (param('what_to_show', 'string', NULL) !== NULL) { // Show x days or x posts?: $this->set_setting('what_to_show', get_param('what_to_show')); param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.')); $this->set_setting('posts_per_page', get_param('posts_per_page')); $this->set_setting('archive_mode', param('archive_mode', 'string', true)); $this->set_setting('orderby', param('orderby', 'string', true)); $this->set_setting('orderdir', param('orderdir', 'string', true)); } if (param('feed_content', 'string', NULL) !== NULL) { // How much content in feeds? $this->set_setting('feed_content', get_param('feed_content')); param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.')); $this->set_setting('posts_per_feed', get_param('posts_per_feed')); } if (param('blog_description', 'string', NULL) !== NULL) { // Description: $this->set_from_Request('shortdesc', 'blog_description'); } if (param('blog_keywords', 'string', NULL) !== NULL) { // Keywords: $this->set_from_Request('keywords'); } if (param('blog_tagline', 'html', NULL) !== NULL) { // HTML tagline: param_check_html('blog_tagline', T_('Invalid tagline')); $this->set('tagline', get_param('blog_tagline')); } if (param('blog_longdesc', 'html', NULL) !== NULL) { // HTML long description: param_check_html('blog_longdesc', T_('Invalid long description')); $this->set('longdesc', get_param('blog_longdesc')); } if (param('blog_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('blog_footer_text', T_('Invalid blog footer')); $this->set_setting('blog_footer_text', get_param('blog_footer_text')); } if (param('single_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('single_item_footer_text', T_('Invalid single post footer')); $this->set_setting('single_item_footer_text', get_param('single_item_footer_text')); } if (param('xml_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('xml_item_footer_text', T_('Invalid RSS footer')); $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text')); } if (param('blog_notes', 'html', NULL) !== NULL) { // HTML notes: param_check_html('blog_notes', T_('Invalid Blog Notes')); $this->set('notes', get_param('blog_notes')); } if (in_array('pings', $groups)) { // we want to load the ping checkboxes: $blog_ping_plugins = param('blog_ping_plugins', 'array', array()); $blog_ping_plugins = array_unique($blog_ping_plugins); $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins)); } if (in_array('features', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0)); $this->set('advanced_perms', param('advanced_perms', 'integer', 0)); $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0)); $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0)); $this->set('allowusercss', param('blog_allowusercss', 'integer', 0)); } if (param('blog_allowcomments', 'string', NULL) !== NULL) { // Feedback options: $this->set_from_Request('allowcomments'); $this->set_setting('new_feedback_status', param('new_feedback_status', 'string', 'draft')); $this->set_setting('allow_rating', param('allow_rating', 'string', 'never')); $this->set('allowtrackbacks', param('blog_allowtrackbacks', 'integer', 0)); // Public blog list $this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0)); } if (in_array('seo', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0)); $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0)); $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0)); $this->set_setting('default_noindex', param('default_noindex', 'integer', 0)); $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0)); $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0)); $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0)); $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0)); $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0)); $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0)); $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0)); $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0)); $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0)); $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0)); $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0)); $this->set_setting('special_noindex', param('special_noindex', 'integer', 0)); $this->set_setting('title_link_type', param('title_link_type', 'string', '')); $this->set_setting('permalinks', param('permalinks', 'string', '')); } /* * ADVANCED ADMIN SETTINGS */ if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) { // We have permission to edit advanced admin settings: if (param('owner_login', 'string', NULL) !== NULL) { // Permissions: $UserCache =& get_Cache('UserCache'); $owner_User =& $UserCache->get_by_login(get_param('owner_login'), false, false); if (empty($owner_User)) { param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login'))); } else { $this->set('owner_user_ID', $owner_User->ID); $this->owner_User =& $owner_User; } } if (param('blog_urlname', 'string', NULL) !== NULL) { // check urlname if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) { $this->set_from_Request('urlname'); if (!preg_match('|^[A-Za-z0-9\\-]+$|', $this->urlname)) { param_error('blog_urlname', T_('The url name is invalid.')); } if ($DB->get_var('SELECT COUNT(*) FROM T_blogs WHERE blog_urlname = ' . $DB->quote($this->get('urlname')) . ' AND blog_ID <> ' . $this->ID)) { // urlname is already in use param_error('blog_urlname', T_('This URL name is already in use by another blog. Please choose another name.')); } } } if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) { // Blog URL parameters: $this->set('access_type', $access_type); if ($access_type == 'absolute') { $blog_siteurl = param('blog_siteurl_absolute', 'string', true); if (!preg_match('#^https?://.+#', $blog_siteurl)) { $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'), 'error'); } $this->set('siteurl', $blog_siteurl); } elseif ($access_type == 'relative') { // relative siteurl $blog_siteurl = param('blog_siteurl_relative', 'string', true); if (preg_match('#^https?://#', $blog_siteurl)) { $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error'); } $this->set('siteurl', $blog_siteurl); } else { $this->set('siteurl', ''); } } if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) { // Aggregate list: // fp> TODO: check perms on each aggregated blog (if changed) // fp> TODO: better interface if (!preg_match('#^([0-9]+(,[0-9]+)*)?$#', get_param('aggregate_coll_IDs'))) { param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!')); } $this->set_setting('aggregate_coll_IDs', get_param('aggregate_coll_IDs')); } if (param('source_file', 'string', NULL) !== NULL) { // Static file: $this->set_setting('source_file', get_param('source_file')); $this->set_setting('static_file', param('static_file', 'string', '')); } if (param('blog_media_location', 'string', NULL) !== NULL) { // Media files location: $this->set_from_Request('media_location'); $this->set_media_subdir(param('blog_media_subdir', 'string', '')); $this->set_media_fullpath(param('blog_media_fullpath', 'string', '')); $this->set_media_url(param('blog_media_url', 'string', '')); // check params switch ($this->get('media_location')) { case 'custom': // custom path and URL global $demo_mode, $media_path; if ($this->get('media_fullpath') == '') { param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.')); } if (!preg_match('#^https?://#', $this->get('media_url'))) { param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!')); } if ($demo_mode) { $canonical_fullpath = get_canonical_path($this->get('media_fullpath')); if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) { param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.'); } } break; case 'subdir': global $media_path; if ($this->get('media_subdir') == '') { param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.')); } else { // Test if it's below $media_path (subdir!) $canonical_path = get_canonical_path($media_path . $this->get('media_subdir')); if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir')))); } else { // Validate if it's a valid directory name: $subdir = substr($canonical_path, strlen($media_path)); if ($error = validate_dirname($subdir)) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error); } } } break; } } } return !param_errors_detected(); }
/** * Load data from Request form fields. * * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set). * * @param boolean true if we are returning to edit mode (new, switchtab...) * @return boolean true if loaded data seems valid. */ function load_from_Request($editing = false, $creating = false) { global $default_locale, $current_User, $localtimenow; global $posttypes_reserved_IDs, $item_typ_ID; // LOCALE: if (param('post_locale', 'string', NULL) !== NULL) { $this->set_from_Request('locale'); } // POST TYPE: $item_typ_ID = get_param('item_typ_ID'); if (empty($item_typ_ID)) { // Try to get this from request if it has been not initialized by controller: $item_typ_ID = param('item_typ_ID', 'integer', NULL); } if (!empty($item_typ_ID)) { // Set new post type ID only if it is defined on request: $this->set('ityp_ID', $item_typ_ID); } // URL associated with Item: $post_url = param('post_url', 'string', NULL); if ($post_url !== NULL) { param_check_url('post_url', 'posting', ''); $this->set_from_Request('url'); } if (empty($post_url) && $this->get_type_setting('use_url') == 'required') { // URL must be entered param_check_not_empty('post_url', T_('Please provide a "Link To" URL.'), ''); } // Item parent ID: $post_parent_ID = param('post_parent_ID', 'integer', NULL); if ($post_parent_ID !== NULL) { // If item parent ID is entered: $ItemCache =& get_ItemCache(); if ($ItemCache->get_by_ID($post_parent_ID, false, false)) { // Save only ID of existing item: $this->set_from_Request('parent_ID'); } else { // Display an error of the entered item parent ID is incorrect: param_error('post_parent_ID', T_('The parent ID is not a correct Item ID.')); } } if (empty($post_parent_ID)) { // If empty parent ID is entered: if ($this->get_type_setting('use_parent') == 'required') { // Item parent ID must be entered: param_check_not_empty('post_parent_ID', T_('Please provide a parent ID.'), ''); } else { // Remove parent ID: $this->set_from_Request('parent_ID'); } } if ($this->status == 'redirected' && empty($this->url)) { // Note: post_url is not part of the simple form, so this message can be a little bit awkward there param_error('post_url', T_('If you want to redirect this post, you must specify an URL!') . ' (' . T_('Advanced properties panel') . ')', T_('If you want to redirect this post, you must specify an URL!')); } // ISSUE DATE / TIMESTAMP: $this->load_Blog(); if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) { // Allow to update timestamp fields only if user has a permission to edit such fields // and also if user has an access to back-office $item_dateset = param('item_dateset', 'integer', NULL); if ($item_dateset !== NULL) { $this->set('dateset', $item_dateset); if ($editing || $this->dateset == 1) { // We can use user date: if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) { // only set it, if a (valid) date and time was given: $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time'))); // TODO: cleanup... } } elseif ($this->dateset == 0) { // Set date to NOW: $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow)); } } } // DEADLINE: if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) { $this->set_from_Request('datedeadline', 'item_deadline', true); } // SLUG: if (param('post_urltitle', 'string', NULL) !== NULL) { $this->set_from_Request('urltitle'); } // <title> TAG: $titletag = param('titletag', 'string', NULL); if ($titletag !== NULL) { $this->set_from_Request('titletag', 'titletag'); } if (empty($titletag) && $this->get_type_setting('use_title_tag') == 'required') { // Title tag must be entered param_check_not_empty('titletag', T_('Please provide a title tag.'), ''); } // <meta> DESC: $metadesc = param('metadesc', 'string', NULL); if ($metadesc !== NULL) { $this->set_setting('metadesc', get_param('metadesc')); } if (empty($metadesc) && $this->get_type_setting('use_meta_desc') == 'required') { // Meta description must be entered param_check_not_empty('metadesc', T_('Please provide a meta description.'), ''); } // <meta> KEYWORDS: $metakeywords = param('metakeywords', 'string', NULL); if ($metakeywords !== NULL) { $this->set_setting('metakeywords', get_param('metakeywords')); } if (empty($metakeywords) && $this->get_type_setting('use_meta_keywds') == 'required') { // Meta keywords must be entered param_check_not_empty('metakeywords', T_('Please provide the meta keywords.'), ''); } // TAGS: if ($current_User->check_perm('admin', 'restricted')) { // User should has an access to back-office to edit tags $item_tags = param('item_tags', 'string', NULL); if ($item_tags !== NULL) { $this->set_tags_from_string(get_param('item_tags')); // Update setting 'suggest_item_tags' of the current User global $UserSettings; $UserSettings->set('suggest_item_tags', param('suggest_item_tags', 'integer', 0)); $UserSettings->dbupdate(); } if (empty($item_tags) && $this->get_type_setting('use_tags') == 'required') { // Tags must be entered param_check_not_empty('item_tags', T_('Please provide at least one tag.'), ''); } } // WORKFLOW stuff: param('item_st_ID', 'integer', NULL); $this->set_from_Request('pst_ID', 'item_st_ID', true); $item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL); $item_assigned_user_login = param('item_assigned_user_login', 'string', NULL); $this->assign_to($item_assigned_user_ID, $item_assigned_user_login); $item_priority = param('item_priority', 'integer', NULL); if ($item_priority !== NULL) { // Set task priority only if it is gone from form $this->set_from_Request('priority', 'item_priority', true); } // FEATURED checkbox: $this->set('featured', param('item_featured', 'integer', 0), false); // HIDE TEASER checkbox: $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0)); $goal_ID = param('goal_ID', 'integer', NULL); if ($goal_ID !== NULL) { // Goal ID $this->set_setting('goal_ID', $goal_ID, true); } // ORDER: param('item_order', 'double', NULL); $this->set_from_Request('order', 'item_order', true); // OWNER: $this->creator_user_login = param('item_owner_login', 'string', NULL); if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) { // only admins can change the owner.. if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) { $this->set_creator_by_login($this->creator_user_login); } } // LOCATION COORDINATES: if ($this->get_type_setting('use_coordinates') != 'never') { // location coordinates are enabled, save map settings param('item_latitude', 'double', NULL); // get par value $this->set_setting('latitude', get_param('item_latitude'), true); param('item_longitude', 'double', NULL); // get par value $this->set_setting('longitude', get_param('item_longitude'), true); param('google_map_zoom', 'integer', NULL); // get par value $this->set_setting('map_zoom', get_param('google_map_zoom'), true); param('google_map_type', 'string', NULL); // get par value $this->set_setting('map_type', get_param('google_map_type'), true); if ($this->get_type_setting('use_coordinates') == 'required') { // The location coordinates are required param_check_not_empty('item_latitude', T_('Please provide a latitude.'), ''); param_check_not_empty('item_longitude', T_('Please provide a longitude.'), ''); } } // CUSTOM FIELDS: $custom_fields = $this->get_type_custom_fields(); foreach ($custom_fields as $custom_field) { // update each custom field $param_name = 'item_' . $custom_field['type'] . '_' . $custom_field['ID']; if (isset_param($param_name)) { // param is set $param_type = $custom_field['type'] == 'varchar' ? 'string' : $custom_field['type']; param($param_name, $param_type, NULL); // get par value $custom_field_make_null = $custom_field['type'] != 'double'; // store '0' values in DB for numeric fields $this->set_setting('custom_' . $custom_field['type'] . '_' . $custom_field['ID'], get_param($param_name), $custom_field_make_null); } } // COMMENTS: if ($this->allow_comment_statuses()) { // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and by current post type $post_comment_status = param('post_comment_status', 'string', 'open'); if (!empty($post_comment_status)) { // 'open' or 'closed' or ... $this->set_from_Request('comment_status'); } } // EXPIRY DELAY: $expiry_delay = param_duration('expiry_delay'); if (empty($expiry_delay)) { // Check if we have 'expiry_delay' param set as string from simple or mass form $expiry_delay = param('expiry_delay', 'string', NULL); } if (empty($expiry_delay) && $this->get_type_setting('use_comment_expiration') == 'required') { // Comment expiration must be entered param_check_not_empty('expiry_delay', T_('Please provide a comment expiration delay.'), ''); } $this->set_setting('comment_expiry_delay', $expiry_delay, true); // EXTRA PARAMS FROM MODULES: modules_call_method('update_item_settings', array('edited_Item' => $this)); // RENDERERS: if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) global $Plugins; $renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Item' => &$this)); $this->set('renderers', $renderers); } else { $renderers = $this->get_renderers_validated(); } // CONTENT + TITLE: if ($this->get_type_setting('allow_html')) { // HTML is allowed for this post, we'll accept HTML tags: $text_format = 'html'; } else { // HTML is disallowed for this post, we'll encode all special chars: $text_format = 'htmlspecialchars'; } $editor_code = param('editor_code', 'string', NULL); if ($editor_code) { // Update item editor code if it was explicitly set $this->set_setting('editor_code', $editor_code); } $content = param('content', $text_format, NULL); if ($content !== NULL) { // Never allow html content on post titles: (fp> probably so as to not mess up backoffice and all sorts of tools) param('post_title', 'htmlspecialchars', NULL); // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Plugins_admin(); $params = array('object_type' => 'Item', 'object' => &$this, 'object_Blog' => &$this->Blog); $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params); // Title checking: $use_title = $this->get_type_setting('use_title'); if ((!$editing || $creating) && $use_title == 'required') { param_check_not_empty('post_title', T_('Please provide a title.'), ''); } // Format raw HTML input to cleaned up and validated HTML: param_check_html('content', T_('Invalid content.')); $content = prepare_item_content(get_param('content')); $this->set('content', $content); $this->set('title', get_param('post_title')); } if (empty($content) && $this->get_type_setting('use_text') == 'required') { // Content must be entered param_check_not_empty('content', T_('Please enter some text.'), ''); } // EXCERPT: (must come after content (to handle excerpt_autogenerated)) $post_excerpt = param('post_excerpt', 'text', NULL); if ($post_excerpt !== NULL && $post_excerpt != $this->excerpt) { $this->set('excerpt_autogenerated', 0); // Set this to the '0' for saving a field 'excerpt' from a request $this->set_from_Request('excerpt'); } if (empty($post_excerpt) && $this->get_type_setting('use_excerpt') == 'required') { // Content must be entered param_check_not_empty('post_excerpt', T_('Please provide an excerpt.'), ''); } // LOCATION (COUNTRY -> CITY): load_funcs('regional/model/_regional.funcs.php'); // Check if this item has a special post type. Location is not required for special posts. $not_special_post = !$this->is_special(); if ($this->country_visible()) { // Save country $country_ID = param('item_ctry_ID', 'integer', 0); $country_is_required = $this->get_type_setting('use_country') == 'required' && $not_special_post && countries_exist(); param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required); $this->set_from_Request('ctry_ID', 'item_ctry_ID', true); } if ($this->region_visible()) { // Save region $region_ID = param('item_rgn_ID', 'integer', 0); $region_is_required = $this->get_type_setting('use_region') == 'required' && $not_special_post && regions_exist($country_ID); param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required); $this->set_from_Request('rgn_ID', 'item_rgn_ID', true); } if ($this->subregion_visible()) { // Save subregion $subregion_ID = param('item_subrg_ID', 'integer', 0); $subregion_is_required = $this->get_type_setting('use_sub_region') == 'required' && $not_special_post && subregions_exist($region_ID); param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required); $this->set_from_Request('subrg_ID', 'item_subrg_ID', true); } if ($this->city_visible()) { // Save city param('item_city_ID', 'integer', 0); $city_is_required = $this->get_type_setting('use_city') == 'required' && $not_special_post && cities_exist($country_ID, $region_ID, $subregion_ID); param_check_number('item_city_ID', T_('Please select a city'), $city_is_required); $this->set_from_Request('city_ID', 'item_city_ID', true); } return !param_errors_detected(); }
/** * Load data from Request form fields. * * @param array groups of params to load * @return boolean true if loaded data seems valid. */ function load_from_Request($groups = array()) { global $Messages, $default_locale, $DB; /** * @var User */ global $current_User; // Load collection settings and clear update cascade array $this->load_CollectionSettings(); $this->CollectionSettings->clear_update_cascade(); if (param('blog_name', 'string', NULL) !== NULL) { // General params: $this->set_from_Request('name'); $this->set('shortname', param('blog_shortname', 'string', true)); $this->set('locale', param('blog_locale', 'string', $default_locale)); } if (param('archive_links', 'string', NULL) !== NULL) { // Archive link type: $this->set_setting('archive_links', get_param('archive_links')); $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true); } if (param('chapter_links', 'string', NULL) !== NULL) { // Chapter link type: $this->set_setting('chapter_links', get_param('chapter_links')); } if (param('category_prefix', 'string', NULL) !== NULL) { $category_prefix = get_param('category_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) { param_error('category_prefix', T_('Invalid category prefix.')); } $this->set_setting('category_prefix', $category_prefix); } if (param('atom_redirect', 'string', NULL) !== NULL) { param_check_url('atom_redirect', 'commenting'); $this->set_setting('atom_redirect', get_param('atom_redirect')); param('rss2_redirect', 'string', NULL); param_check_url('rss2_redirect', 'commenting'); $this->set_setting('rss2_redirect', get_param('rss2_redirect')); } if (param('image_size', 'string', NULL) !== NULL) { $this->set_setting('image_size', get_param('image_size')); } if (param('tag_links', 'string', NULL) !== NULL) { // Tag page link type: $this->set_setting('tag_links', get_param('tag_links')); } if (param('tag_prefix', 'string', NULL) !== NULL) { $tag_prefix = get_param('tag_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) { param_error('tag_prefix', T_('Invalid tag prefix.')); } $this->set_setting('tag_prefix', $tag_prefix); } // Default to "tag", if "prefix-only" is used, but no tag_prefix was provided. if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) { $this->set_setting('tag_prefix', 'tag'); } // Use rel="tag" attribute? (checkbox) $this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0)); if (param('chapter_content', 'string', NULL) !== NULL) { // What kind of content on chapter pages? $this->set_setting('chapter_content', get_param('chapter_content')); } if (param('tag_content', 'string', NULL) !== NULL) { // What kind of content on tags pages? $this->set_setting('tag_content', get_param('tag_content')); } if (param('archive_content', 'string', NULL) !== NULL) { // What kind of content on archive pages? $this->set_setting('archive_content', get_param('archive_content')); } if (param('filtered_content', 'string', NULL) !== NULL) { // What kind of content on filtered pages? $this->set_setting('filtered_content', get_param('filtered_content')); } if (param('main_content', 'string', NULL) !== NULL) { // What kind of content on main pages? $this->set_setting('main_content', get_param('main_content')); } // Chapter posts per page: $this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true); // Tag posts per page: $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true); if (param('single_links', 'string', NULL) !== NULL) { // Single post link type: $this->set_setting('single_links', get_param('single_links')); } if (param('slug_limit', 'integer', NULL) !== NULL) { // Limit slug length: $this->set_setting('slug_limit', get_param('slug_limit')); } if (param('normal_skin_ID', 'integer', NULL) !== NULL) { // Default blog: $this->set_setting('normal_skin_ID', get_param('normal_skin_ID')); } if (param('mobile_skin_ID', 'integer', NULL) !== NULL) { // Default blog: $this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID')); } if (param('tablet_skin_ID', 'integer', NULL) !== NULL) { // Default blog: $this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID')); } if (param('archives_sort_order', 'string', NULL) !== NULL) { $this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false)); } if (param('feed_content', 'string', NULL) !== NULL) { // How much content in feeds? $this->set_setting('feed_content', get_param('feed_content')); param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.')); $this->set_setting('posts_per_feed', get_param('posts_per_feed')); } if (param('comment_feed_content', 'string', NULL) !== NULL) { // How much content in comment feeds? $this->set_setting('comment_feed_content', get_param('comment_feed_content')); param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.')); $this->set_setting('comments_per_feed', get_param('comments_per_feed')); } if (param('require_title', 'string', NULL) !== NULL) { // Title for items required? $this->set_setting('require_title', get_param('require_title')); } if (param('blog_description', 'string', NULL) !== NULL) { // Description: $this->set_from_Request('shortdesc', 'blog_description'); } if (param('blog_keywords', 'string', NULL) !== NULL) { // Keywords: $this->set_from_Request('keywords'); } if (param('blog_tagline', 'html', NULL) !== NULL) { // HTML tagline: param_check_html('blog_tagline', T_('Invalid tagline')); $this->set('tagline', get_param('blog_tagline')); } if (param('blog_longdesc', 'html', NULL) !== NULL) { // HTML long description: param_check_html('blog_longdesc', T_('Invalid long description')); $this->set('longdesc', get_param('blog_longdesc')); } if (param('blog_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('blog_footer_text', T_('Invalid blog footer')); $this->set_setting('blog_footer_text', get_param('blog_footer_text')); } if (param('single_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('single_item_footer_text', T_('Invalid single post footer')); $this->set_setting('single_item_footer_text', get_param('single_item_footer_text')); } if (param('xml_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('xml_item_footer_text', T_('Invalid RSS footer')); $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text')); } if (param('blog_notes', 'html', NULL) !== NULL) { // HTML notes: param_check_html('blog_notes', T_('Invalid Blog Notes')); $this->set('notes', get_param('blog_notes')); param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.')); $this->set_setting('max_footer_credits', get_param('max_footer_credits')); } if (in_array('pings', $groups)) { // we want to load the ping checkboxes: $blog_ping_plugins = param('blog_ping_plugins', 'array/string', array()); $blog_ping_plugins = array_unique($blog_ping_plugins); $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins)); } if (in_array('authors', $groups)) { // we want to load the multiple authors params $this->set('advanced_perms', param('advanced_perms', 'integer', 0)); $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0)); } if (in_array('features', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('allow_html_post', param('allow_html_post', 'integer', 0)); $this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL)); $this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL)); $this->set_setting('default_post_status', param('default_post_status', 'string', NULL)); $this->set_setting('post_categories', param('post_categories', 'string', NULL)); $this->set_setting('post_navigation', param('post_navigation', 'string', NULL)); // Show x days or x posts?: $this->set_setting('what_to_show', param('what_to_show', 'string', '')); param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.')); $this->set_setting('posts_per_page', get_param('posts_per_page')); $this->set_setting('orderby', param('orderby', 'string', true)); $this->set_setting('orderdir', param('orderdir', 'string', true)); // Time frame $this->set_setting('timestamp_min', param('timestamp_min', 'string', '')); $this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration')); $this->set_setting('timestamp_max', param('timestamp_max', 'string', '')); $this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration')); // Location $location_country = param('location_country', 'string', 'hidden'); $location_region = param('location_region', 'string', 'hidden'); $location_subregion = param('location_subregion', 'string', 'hidden'); $location_city = param('location_city', 'string', 'hidden'); if ($location_city == 'required') { // If city is required - all location fields also are required $location_country = $location_region = $location_subregion = 'required'; } else { if ($location_subregion == 'required') { // If subregion is required - country & region fields also are required $location_country = $location_region = 'required'; } else { if ($location_region == 'required') { // If region is required - country field also is required $location_country = 'required'; } } } $this->set_setting('location_country', $location_country); $this->set_setting('location_region', $location_region); $this->set_setting('location_subregion', $location_subregion); $this->set_setting('location_city', $location_city); // Set to show Latitude & Longitude params for this blog items $this->set_setting('show_location_coordinates', param('show_location_coordinates', 'integer', 0)); // Load custom double & varchar fields $custom_field_names = array(); $this->load_custom_fields('double', $update_cascade_query, $custom_field_names); $this->load_custom_fields('varchar', $update_cascade_query, $custom_field_names); if (!empty($update_cascade_query)) { // Some custom fields were deleted and these fields must be deleted from the item settings table also. Add required query. $this->CollectionSettings->add_update_cascade($update_cascade_query); } // call modules update_collection_features on this blog modules_call_method('update_collection_features', array('edited_Blog' => &$this)); } if (in_array('comments', $groups)) { // we want to load the workflow checkboxes: // load moderation statuses $moderation_statuses = get_visibility_statuses('moderation'); $blog_moderation_statuses = array(); foreach ($moderation_statuses as $status) { if (param('notif_' . $status, 'integer', 0)) { $blog_moderation_statuses[] = $status; } } $this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses)); $this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire')); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); $this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0)); $this->set_setting('comments_register', param('comments_register', 'integer', 0)); } if (in_array('other', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0)); $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0)); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); // Public blog list $this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0)); $this->set_setting('image_size_user_list', param('image_size_user_list', 'string')); $this->set_setting('image_size_messaging', param('image_size_messaging', 'string')); $this->set_setting('archive_mode', param('archive_mode', 'string', true)); } if (param('allow_comments', 'string', NULL) !== NULL) { // Feedback options: $this->set_setting('allow_comments', param('allow_comments', 'string', 'any')); $this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any')); $new_feedback_status = param('new_feedback_status', 'string', 'draft'); if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can set this setting to 'Public' $this->set_setting('new_feedback_status', $new_feedback_status); } $this->set_setting('disable_comments_bypost', param('disable_comments_bypost', 'string', '0')); $this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0')); $this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0')); $this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered')); $this->set_setting('max_attachments', param('max_attachments', 'integer', '')); $this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never')); $this->set_setting('rating_question', param('rating_question', 'text')); $this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0')); $blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0); if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can turn ON this setting $this->set('allowtrackbacks', $blog_allowtrackbacks); } $this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC')); // call modules update_collection_comments on this blog modules_call_method('update_collection_comments', array('edited_Blog' => &$this)); $threaded_comments = param('threaded_comments', 'integer', 0); $this->set_setting('threaded_comments', $threaded_comments); $this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0)); param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.')); $this->set_setting('comments_per_page', get_param('comments_per_page')); $this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0)); $this->set_setting('comments_latest', param('comments_latest', 'integer', 0)); } if (in_array('seo', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0)); $this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0)); $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0)); $this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0)); $this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0)); $this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0)); $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0)); $this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0)); $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0)); $this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0)); $this->set_setting('default_noindex', param('default_noindex', 'integer', 0)); $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0)); $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0)); $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0)); $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0)); $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0)); $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0)); $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0)); $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0)); $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0)); $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0)); $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0)); $this->set_setting('special_noindex', param('special_noindex', 'integer', 0)); $this->set_setting('title_link_type', param('title_link_type', 'string', '')); $this->set_setting('permalinks', param('permalinks', 'string', '')); $this->set_setting('404_response', param('404_response', 'string', '')); $this->set_setting('help_link', param('help_link', 'string', '')); $this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0)); $this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0)); $this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0)); } /* * ADVANCED ADMIN SETTINGS */ if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) { // We have permission to edit advanced admin settings: if (in_array('cache', $groups)) { // we want to load the cache params: $this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0)); $this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0)); $this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0)); } if (in_array('styles', $groups)) { // we want to load the styles params: $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0)); $this->set('allowusercss', param('blog_allowusercss', 'integer', 0)); } if (in_array('login', $groups)) { // we want to load the login params: $this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0)); $this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0)); } if (param('blog_head_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_head_includes', T_('Invalid Custom meta section')); $this->set_setting('head_includes', get_param('blog_head_includes')); } if (param('blog_footer_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_footer_includes', T_('Invalid Custom javascript section')); $this->set_setting('footer_includes', get_param('blog_footer_includes')); } if (param('owner_login', 'string', NULL) !== NULL) { // Permissions: $UserCache =& get_UserCache(); $owner_User =& $UserCache->get_by_login(get_param('owner_login')); if (empty($owner_User)) { param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login'))); } else { $this->set('owner_user_ID', $owner_User->ID); $this->owner_User =& $owner_User; } } if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) { // check urlname if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) { if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) { param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*) FROM T_blogs WHERE blog_urlname = ' . $DB->quote($blog_urlname) . ' AND blog_ID <> ' . $this->ID)) { // urlname is already in use param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another blog. Please choose another name.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname)) { $this->set_from_Request('urlname'); } } } if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) { // Blog URL parameters: $this->set('access_type', $access_type); if ($access_type == 'absolute') { $blog_siteurl = param('blog_siteurl_absolute', 'string', true); if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) { // It looks like valid absolute URL, so we may update the blog siteurl $this->set('siteurl', $blog_siteurl); } else { // It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors $Messages->add(T_('Blog Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '«' . htmlspecialchars($blog_siteurl) . '»') . ' ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error'); } } elseif ($access_type == 'relative') { // relative siteurl $blog_siteurl = param('blog_siteurl_relative', 'string', true); if (preg_match('#^https?://#', $blog_siteurl)) { $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error'); } $this->set('siteurl', $blog_siteurl); } else { $this->set('siteurl', ''); } } if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) { // Aggregate list: (can be '*') $aggregate_coll_IDs = get_param('aggregate_coll_IDs'); if ($aggregate_coll_IDs != '*') { // Sanitize the string $aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs); } // fp> TODO: check perms on each aggregated blog (if changed) // fp> TODO: better interface if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) { param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!')); } $this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs); } if (param('blog_media_location', 'string', NULL) !== NULL) { // Media files location: $this->set_from_Request('media_location'); $this->set_media_subdir(param('blog_media_subdir', 'string', '')); $this->set_media_fullpath(param('blog_media_fullpath', 'string', '')); $this->set_media_url(param('blog_media_url', 'string', '')); // check params switch ($this->get('media_location')) { case 'custom': // custom path and URL global $demo_mode, $media_path; if ($this->get('media_fullpath') == '') { param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.')); } if (!preg_match('#^https?://#', $this->get('media_url'))) { param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!')); } if ($demo_mode) { $canonical_fullpath = get_canonical_path($this->get('media_fullpath')); if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) { param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.'); } } break; case 'subdir': global $media_path; if ($this->get('media_subdir') == '') { param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.')); } else { // Test if it's below $media_path (subdir!) $canonical_path = get_canonical_path($media_path . $this->get('media_subdir')); if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir')))); } else { // Validate if it's a valid directory name: $subdir = no_trailing_slash(substr($canonical_path, strlen($media_path))); if ($error = validate_dirname($subdir)) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error); } } } break; } } } return !param_errors_detected(); }
/** * Load data from Request form fields. * * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set). * * @param boolean true to force edit date (as long as perms permit) * @return boolean true if loaded data seems valid. */ function load_from_Request($force_edit_date = false) { global $default_locale, $current_User; if (param('post_locale', 'string', NULL) !== NULL) { $this->set_from_Request('locale'); } if (param('item_typ_ID', 'integer', NULL) !== NULL) { $this->set_from_Request('ptyp_ID', 'item_typ_ID'); } if (param('post_url', 'string', NULL) !== NULL) { param_check_url('post_url', 'posting', ''); $this->set_from_Request('url'); } // Note: post_url is not part of the simple form, so this message can be a little bit awkward there if ($this->status == 'redirected' && empty($this->url)) { param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)')); } if (($force_edit_date || param('edit_date', 'integer', 0)) && $current_User->check_perm('edit_timestamp')) { // We can use user date: param_date('item_issue_date', T_('Please enter a valid issue date.'), $force_edit_date); if (strlen(get_param('item_issue_date'))) { // only set it, if a date was given: param_time('item_issue_time'); $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time'))); // TODO: cleanup... } } if (param('post_excerpt', 'string', NULL) !== NULL) { $this->set_from_Request('excerpt'); } if (param('post_urltitle', 'string', NULL) !== NULL) { $this->set_from_Request('urltitle'); } if (param('item_tags', 'string', NULL) !== NULL) { $this->set_tags_from_string(get_param('item_tags')); // pre_dump( $this->tags ); } // Workflow stuff: if (param('item_st_ID', 'integer', NULL) !== NULL) { $this->set_from_Request('pst_ID', 'item_st_ID'); } if (param('item_assigned_user_ID', 'integer', NULL) !== NULL) { $this->assign_to(get_param('item_assigned_user_ID')); } if (param('item_priority', 'integer', NULL) !== NULL) { $this->set_from_Request('priority', 'item_priority', true); } if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) { $this->set_from_Request('datedeadline', 'item_deadline', true); } // Allow comments for this item (only if set to "post_by_post" for the Blog): $this->load_Blog(); if ($this->Blog->allowcomments == 'post_by_post') { if (param('post_comment_status', 'string', 'open') !== NULL) { // 'open' or 'closed' or ... $this->set_from_Request('comment_status'); } } if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) $Plugins_admin =& get_Cache('Plugins_admin'); $renderers = $Plugins_admin->validate_renderer_list(param('renderers', 'array', array())); $this->set('renderers', $renderers); } else { $renderers = $this->get_renderers_validated(); } if (param('content', 'html', NULL) !== NULL) { param('post_title', 'html', NULL); // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Cache('Plugins_admin'); $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers); // Format raw HTML input to cleaned up and validated HTML: param_check_html('post_title', T_('Invalid title.'), ''); $this->set('title', get_param('post_title')); param_check_html('content', T_('Invalid content.')); $this->set('content', get_param('content')); } return !param_errors_detected(); }
// If this is not a member comment param('newcomment_author', 'string', true); param('newcomment_author_email', 'string'); param('newcomment_author_url', 'string'); param_check_not_empty('newcomment_author', T_('Please enter and author name.'), ''); $edited_Comment->set('author', $newcomment_author); param_check_email('newcomment_author_email', false); $edited_Comment->set('author_email', $newcomment_author_email); param_check_url('newcomment_author_url', 'posting', ''); // Give posting permissions here $edited_Comment->set('author_url', $newcomment_author_url); } // Content: param('content', 'html'); param('post_autobr', 'integer', $comments_use_autobr == 'always' ? 1 : 0); param_check_html('content', T_('Invalid comment text.'), '#', $post_autobr); // Check this is backoffice content (NOT with comment rules) $edited_Comment->set('content', get_param('content')); if ($current_User->check_perm('edit_timestamp')) { // We use user date param_date('comment_issue_date', T_('Please enter a valid comment date.'), true); if (strlen(get_param('comment_issue_date'))) { // only set it, if a date was given: param_time('comment_issue_time'); $edited_Comment->set('date', form_date(get_param('comment_issue_date'), get_param('comment_issue_time'))); // TODO: cleanup... } } param('comment_rating', 'integer', NULL); $edited_Comment->set_from_Request('rating'); param('comment_status', 'string', 'published');
$Messages->add(T_('The ID of the parent comment you entered does not exist.'), 'error'); } elseif ($Comment->item_ID != $edited_Comment_Item->ID) { // Item of new reply comment is not same $Messages->add(T_('The ID of the parent comment must belong to the same post.'), 'error'); } } else { // Deny wrong comment ID $in_reply_to_cmt_ID = NULL; } $edited_Comment->set('in_reply_to_cmt_ID', $in_reply_to_cmt_ID, true); } // Trigger event: a Plugin could add a $category="error" message here.. // This must get triggered before any internal validation and must pass all relevant params. // The OpenID plugin will validate a given OpenID here (via redirect and coming back here). $Plugins->trigger_event('CommentFormSent', array('dont_remove_pre' => true, 'comment_item_ID' => $edited_Comment_Item->ID, 'comment' => &$content, 'renderers' => $edited_Comment->get_renderers())); param_check_html('content', T_('Invalid comment text.')); // Check this is backoffice content (NOT with comment rules) param_check_not_empty('content', T_('Empty comment content is not allowed.')); $edited_Comment->set('content', get_param('content')); if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $Blog->ID)) { // We use user date param_date('comment_issue_date', T_('Please enter a valid comment date.'), true); if (strlen(get_param('comment_issue_date'))) { // only set it, if a date was given: param_time('comment_issue_time'); $edited_Comment->set('date', form_date(get_param('comment_issue_date'), get_param('comment_issue_time'))); // TODO: cleanup... } } param('comment_rating', 'integer', NULL); $edited_Comment->set_from_Request('rating');
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { global $Plugins, $msg_text, $Settings; $new_thread = empty($this->thread_ID); // Renderers: if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) $renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Message' => &$this)); $this->set_renderers($renderers); } // Text if ($Settings->get('allow_html_message')) { // HTML is allowed for messages $text_format = 'html'; } else { // HTML is disallowed for messages $text_format = 'htmlspecialchars'; } $msg_text = param('msg_text', $text_format); $this->original_text = html_entity_decode($msg_text); // This must get triggered before any internal validation and must pass all relevant params. $Plugins->trigger_event('MessageThreadFormSent', array('content' => &$msg_text, 'dont_remove_pre' => true, 'renderers' => $this->get_renderers_validated())); if (!$new_thread) { param_check_not_empty('msg_text'); } if ($text_format == 'html') { // message text may contain html, check the html sanity param_check_html('msg_text', T_('Invalid message content.')); } $this->set('text', get_param('msg_text')); // Thread if ($new_thread) { $this->Thread->load_from_Request(); } else { // this is a reply to an existing conversation, check if current User is allowed to reply $this->get_Thread(); if ($this->Thread->check_allow_reply()) { // If reply is allowed we should check if this message is not a duplicate global $DB, $current_User; // Get last message of current user in this thread $SQL = new SQL(); $SQL->SELECT('msg_text'); $SQL->FROM('T_messaging__message'); $SQL->WHERE('msg_thread_ID = ' . $this->Thread->ID); $SQL->WHERE_and('msg_author_user_ID = ' . $current_User->ID); $SQL->ORDER_BY('msg_ID DESC'); $last_message = $DB->get_var($SQL->get()); if ($last_message == $msg_text) { param_error('msg_text', T_('It seems you tried to send the same message twice. We only kept one copy.')); } } } return !param_errors_detected(); }
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { if (param('ecmp_name', 'string', NULL) !== NULL) { // Name param_string_not_empty('ecmp_name', T_('Please enter a campaign name.')); $this->set_from_Request('name'); } if (param('ecmp_email_title', 'string', NULL) !== NULL) { // Email title param_string_not_empty('ecmp_email_title', T_('Please enter an email title.')); $this->set_from_Request('email_title'); } if (param('ecmp_email_html', 'html', NULL) !== NULL) { // Email HTML message param_check_html('ecmp_email_html', T_('Please enter an HTML message.')); $this->set_from_Request('email_html'); } if (param('ecmp_email_text', 'text', NULL) !== NULL) { // Email Plain- Text message $this->set_from_Request('email_text'); } return !param_errors_detected(); }
/** * Load data from Request form fields. * * @param array groups of params to load * @return boolean true if loaded data seems valid. */ function load_from_Request($groups = array()) { global $Messages, $default_locale, $DB; /** * @var User */ global $current_User; // Load collection settings and clear update cascade array $this->load_CollectionSettings(); if (param('blog_name', 'string', NULL) !== NULL) { // General params: $this->set_from_Request('name'); $this->set('shortname', param('blog_shortname', 'string', true)); // Language / locale: if (param('blog_locale', 'string', NULL) !== NULL) { // These settings can be hidden when only one locale is enaled in the system $this->set_from_Request('locale'); $this->set_setting('locale_source', param('blog_locale_source', 'string', 'blog')); $this->set_setting('post_locale_source', param('blog_post_locale_source', 'string', 'post')); } // Collection permissions: $this->set('advanced_perms', param('advanced_perms', 'integer', 0)); $this->set_setting('allow_access', param('blog_allow_access', 'string', '')); if ($this->get_setting('allow_access') == 'users' || $this->get_setting('allow_access') == 'members') { // Disable site maps, feeds and ping plugins when access is restricted on this blog $this->set_setting('enable_sitemaps', 0); $this->set_setting('feed_content', 'none'); $this->set_setting('ping_plugins', ''); } // Lists of collections: $this->set('order', param('blog_order', 'integer')); $this->set('in_bloglist', param('blog_in_bloglist', 'string', 'public')); $this->set('favorite', param('favorite', 'integer', 0)); } if (param('archive_links', 'string', NULL) !== NULL) { // Archive link type: $this->set_setting('archive_links', get_param('archive_links')); $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true); } if (param('chapter_links', 'string', NULL) !== NULL) { // Chapter link type: $this->set_setting('chapter_links', get_param('chapter_links')); } if (param('category_prefix', 'string', NULL) !== NULL) { $category_prefix = get_param('category_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) { param_error('category_prefix', T_('Invalid category prefix.')); } $this->set_setting('category_prefix', $category_prefix); } if (param('atom_redirect', 'string', NULL) !== NULL) { param_check_url('atom_redirect', 'commenting'); $this->set_setting('atom_redirect', get_param('atom_redirect')); param('rss2_redirect', 'string', NULL); param_check_url('rss2_redirect', 'commenting'); $this->set_setting('rss2_redirect', get_param('rss2_redirect')); } if (param('image_size', 'string', NULL) !== NULL) { $this->set_setting('image_size', get_param('image_size')); } if (param('tag_links', 'string', NULL) !== NULL) { // Tag page link type: $this->set_setting('tag_links', get_param('tag_links')); } if (param('tag_prefix', 'string', NULL) !== NULL) { $tag_prefix = get_param('tag_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) { param_error('tag_prefix', T_('Invalid tag prefix.')); } $this->set_setting('tag_prefix', $tag_prefix); } // Default to "tag", if "prefix-only" is used, but no tag_prefix was provided. if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) { $this->set_setting('tag_prefix', 'tag'); } // Use rel="tag" attribute? (checkbox) $this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0)); if (param('chapter_content', 'string', NULL) !== NULL) { // What kind of content on chapter pages? $this->set_setting('chapter_content', get_param('chapter_content')); } if (param('tag_content', 'string', NULL) !== NULL) { // What kind of content on tags pages? $this->set_setting('tag_content', get_param('tag_content')); } if (param('archive_content', 'string', NULL) !== NULL) { // What kind of content on archive pages? $this->set_setting('archive_content', get_param('archive_content')); } if (param('filtered_content', 'string', NULL) !== NULL) { // What kind of content on filtered pages? $this->set_setting('filtered_content', get_param('filtered_content')); } if (param('main_content', 'string', NULL) !== NULL) { // What kind of content on main pages? $this->set_setting('main_content', get_param('main_content')); } // Chapter posts per page: $this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true); // Tag posts per page: $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true); if (param('single_links', 'string', NULL) !== NULL) { // Single post link type: $this->set_setting('single_links', get_param('single_links')); } if (param('slug_limit', 'integer', NULL) !== NULL) { // Limit slug length: $this->set_setting('slug_limit', get_param('slug_limit')); } if (param('normal_skin_ID', 'integer', NULL) !== NULL) { // Normal skin ID: $this->set_setting('normal_skin_ID', get_param('normal_skin_ID')); } if (param('mobile_skin_ID', 'integer', NULL) !== NULL) { // Mobile skin ID: if (get_param('mobile_skin_ID') == 0) { // Don't store this empty setting in DB $this->delete_setting('mobile_skin_ID'); } else { // Set mobile skin $this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID')); } } if (param('tablet_skin_ID', 'integer', NULL) !== NULL) { // Tablet skin ID: if (get_param('tablet_skin_ID') == 0) { // Don't store this empty setting in DB $this->delete_setting('tablet_skin_ID'); } else { // Set tablet skin $this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID')); } } if (param('archives_sort_order', 'string', NULL) !== NULL) { // Archive sorting $this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false)); } if (param('download_delay', 'integer', NULL) !== NULL) { // Download delay param_check_range('download_delay', 0, 10, T_('Download delay must be numeric (0-10).')); $this->set_setting('download_delay', get_param('download_delay')); } if (param('feed_content', 'string', NULL) !== NULL) { // How much content in feeds? $this->set_setting('feed_content', get_param('feed_content')); param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.')); $this->set_setting('posts_per_feed', get_param('posts_per_feed')); } if (param('comment_feed_content', 'string', NULL) !== NULL) { // How much content in comment feeds? $this->set_setting('comment_feed_content', get_param('comment_feed_content')); param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.')); $this->set_setting('comments_per_feed', get_param('comments_per_feed')); } if (param('blog_shortdesc', 'string', NULL) !== NULL) { // Description: $this->set_from_Request('shortdesc'); } if (param('blog_keywords', 'string', NULL) !== NULL) { // Keywords: $this->set_from_Request('keywords'); } if (param('blog_tagline', 'html', NULL) !== NULL) { // HTML tagline: param_check_html('blog_tagline', T_('Invalid tagline')); $this->set('tagline', get_param('blog_tagline')); } if (param('blog_longdesc', 'html', NULL) !== NULL) { // HTML long description: param_check_html('blog_longdesc', T_('Invalid long description')); $this->set('longdesc', get_param('blog_longdesc')); } if (param('blog_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('blog_footer_text', T_('Invalid blog footer')); $this->set_setting('blog_footer_text', get_param('blog_footer_text')); } if (param('single_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('single_item_footer_text', T_('Invalid single post footer')); $this->set_setting('single_item_footer_text', get_param('single_item_footer_text')); } if (param('xml_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('xml_item_footer_text', T_('Invalid RSS footer')); $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text')); } if (param('blog_notes', 'html', NULL) !== NULL) { // HTML notes: param_check_html('blog_notes', T_('Invalid Blog Notes')); $this->set('notes', get_param('blog_notes')); param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.')); $this->set_setting('max_footer_credits', get_param('max_footer_credits')); } if (in_array('pings', $groups)) { // we want to load the ping checkboxes: $blog_ping_plugins = param('blog_ping_plugins', 'array:string', array()); $blog_ping_plugins = array_unique($blog_ping_plugins); $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins)); } if (in_array('authors', $groups)) { // we want to load the workflow & permissions params $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0)); } if (in_array('home', $groups)) { // we want to load the front page params: $front_disp = param('front_disp', 'string', ''); $this->set_setting('front_disp', $front_disp); $front_post_ID = param('front_post_ID', 'integer', 0); if ($front_disp == 'page') { // Post ID must be required param_check_not_empty('front_post_ID', T_('Please enter a specific post ID')); } $this->set_setting('front_post_ID', $front_post_ID); } if (in_array('features', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL)); $this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL)); $this->set_setting('default_post_status', param('default_post_status', 'string', NULL)); $this->set_setting('post_categories', param('post_categories', 'string', NULL)); $this->set_setting('post_navigation', param('post_navigation', 'string', NULL)); // Show x days or x posts?: $this->set_setting('what_to_show', param('what_to_show', 'string', '')); param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.')); $this->set_setting('posts_per_page', get_param('posts_per_page')); $this->set_setting('orderby', param('orderby', 'string', true)); $this->set_setting('orderdir', param('orderdir', 'string', true)); // Front office statuses $this->load_inskin_statuses('post'); // Time frame $this->set_setting('timestamp_min', param('timestamp_min', 'string', '')); $this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration')); $this->set_setting('timestamp_max', param('timestamp_max', 'string', '')); $this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration')); // call modules update_collection_features on this blog modules_call_method('update_collection_features', array('edited_Blog' => &$this)); // load post moderation statuses $moderation_statuses = get_visibility_statuses('moderation'); $post_moderation_statuses = array(); foreach ($moderation_statuses as $status) { if (param('post_notif_' . $status, 'integer', 0)) { $post_moderation_statuses[] = $status; } } $this->set_setting('post_moderation_statuses', implode(',', $post_moderation_statuses)); } if (in_array('comments', $groups)) { // we want to load the comments settings: // load moderation statuses $moderation_statuses = get_visibility_statuses('moderation'); $blog_moderation_statuses = array(); foreach ($moderation_statuses as $status) { if (param('notif_' . $status, 'integer', 0)) { $blog_moderation_statuses[] = $status; } } $this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses)); $this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire')); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); $this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0)); $this->set_setting('comments_register', param('comments_register', 'integer', 0)); } if (in_array('other', $groups)) { // we want to load the other settings: // Search results: param_integer_range('search_per_page', 1, 9999, T_('Number of search results per page must be between %d and %d.')); $this->set_setting('search_per_page', get_param('search_per_page')); // Latest comments : param_integer_range('latest_comments_num', 1, 9999, T_('Number of shown comments must be between %d and %d.')); $this->set_setting('latest_comments_num', get_param('latest_comments_num')); // User directory: $this->set_setting('image_size_user_list', param('image_size_user_list', 'string')); // Messaging pages: $this->set_setting('image_size_messaging', param('image_size_messaging', 'string')); // Archive pages: $this->set_setting('archive_mode', param('archive_mode', 'string', true)); } if (in_array('more', $groups)) { // we want to load more settings: // Tracking: $this->set_setting('track_unread_content', param('track_unread_content', 'integer', 0)); // Subscriptions: $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0)); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); // Sitemaps: $this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0)); } if (param('allow_comments', 'string', NULL) !== NULL) { // Feedback options: $this->set_setting('allow_comments', param('allow_comments', 'string', 'any')); $this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any')); $new_feedback_status = param('new_feedback_status', 'string', 'draft'); if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can set this setting to 'Public' $this->set_setting('new_feedback_status', $new_feedback_status); } $this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0')); $this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0')); $this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered')); $this->set_setting('max_attachments', param('max_attachments', 'integer', '')); $this->set_setting('autocomplete_usernames', param('autocomplete_usernames', 'integer', '')); $this->set_setting('display_rating_summary', param('display_rating_summary', 'string', '0')); $this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never')); $this->set_setting('rating_question', param('rating_question', 'text')); $this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0')); $blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0); if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can turn ON this setting $this->set('allowtrackbacks', $blog_allowtrackbacks); } $this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC')); // call modules update_collection_comments on this blog modules_call_method('update_collection_comments', array('edited_Blog' => &$this)); $threaded_comments = param('threaded_comments', 'integer', 0); $this->set_setting('threaded_comments', $threaded_comments); $this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0)); param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.')); $this->set_setting('comments_per_page', get_param('comments_per_page')); $this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0)); $this->set_setting('comments_latest', param('comments_latest', 'integer', 0)); // load blog front office comment statuses $this->load_inskin_statuses('comment'); } if (in_array('seo', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0)); $this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0)); $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0)); $this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0)); $this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0)); $this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0)); $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0)); $this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0)); $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0)); $this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0)); $this->set_setting('default_noindex', param('default_noindex', 'integer', 0)); $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0)); $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0)); $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0)); $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0)); $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0)); $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0)); $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0)); $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0)); $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0)); $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0)); $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0)); $this->set_setting('special_noindex', param('special_noindex', 'integer', 0)); $this->set_setting('title_link_type', param('title_link_type', 'string', '')); $this->set_setting('permalinks', param('permalinks', 'string', '')); $this->set_setting('404_response', param('404_response', 'string', '')); $this->set_setting('help_link', param('help_link', 'string', '')); $this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0)); $this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0)); $this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0)); $this->set_setting('tags_open_graph', param('tags_open_graph', 'integer', 0)); $this->set_setting('download_noindex', param('download_noindex', 'integer', 0)); $this->set_setting('download_nofollowto', param('download_nofollowto', 'integer', 0)); } /* * ADVANCED ADMIN SETTINGS */ if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) { // We have permission to edit advanced admin settings: if (in_array('cache', $groups)) { // we want to load the cache params: $this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0)); $this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0)); $this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0)); } if (in_array('styles', $groups)) { // we want to load the styles params: $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0)); $this->set('allowusercss', param('blog_allowusercss', 'integer', 0)); } if (in_array('login', $groups)) { // we want to load the login params: if (!get_setting_Blog('login_blog_ID')) { // Update this only when no blog is defined for login/registration $this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0)); } $this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0)); } if (param('blog_head_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_head_includes', T_('Invalid Custom meta tag/css section.'), '#', 'head_extension'); $this->set_setting('head_includes', get_param('blog_head_includes')); } if (param('blog_footer_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_footer_includes', T_('Invalid Custom javascript section')); $this->set_setting('footer_includes', get_param('blog_footer_includes')); } if (param('owner_login', 'string', NULL) !== NULL) { // Permissions: $UserCache =& get_UserCache(); $owner_User =& $UserCache->get_by_login(get_param('owner_login')); if (empty($owner_User)) { param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login'))); } else { $this->set('owner_user_ID', $owner_User->ID); $this->owner_User =& $owner_User; } } if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) { // check urlname if (param_check_not_empty('blog_urlname', T_('You must provide an URL collection name!'))) { if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) { param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*) FROM T_blogs WHERE blog_urlname = ' . $DB->quote($blog_urlname) . ' AND blog_ID <> ' . $this->ID)) { // urlname is already in use param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another collection. Please choose another name.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname)) { // Set new urlname and save old media dir in order to rename folder to new $old_media_dir = $this->get_media_dir(false); $this->set_from_Request('urlname'); } } } if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) { // Blog URL parameters: // Note: We must avoid to set an invalid url, because the new blog url will be displayed in the evobar even if it was not saved $allow_new_access_type = true; if ($access_type == 'absolute') { $blog_siteurl = param('blog_siteurl_absolute', 'string', true); if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) { // It looks like valid absolute URL, so we may update the blog siteurl $this->set('siteurl', $blog_siteurl); } else { // It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors $allow_new_access_type = false; // If site url is not updated do not allow access_type update either $Messages->add(T_('Collection Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '«' . htmlspecialchars($blog_siteurl) . '»') . '. ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error'); } } elseif ($access_type == 'relative') { // relative siteurl $blog_siteurl = param('blog_siteurl_relative', 'string', true); if (preg_match('#^https?://#', $blog_siteurl)) { $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error'); } $this->set('siteurl', $blog_siteurl); } else { $this->set('siteurl', ''); } if ($allow_new_access_type) { // The received siteurl value was correct, may update the access_type value $this->set('access_type', $access_type); } } if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) { // Aggregate list: (can be '*') $aggregate_coll_IDs = get_param('aggregate_coll_IDs'); if ($aggregate_coll_IDs != '*') { // Sanitize the string $aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs); } // fp> TODO: check perms on each aggregated blog (if changed) // fp> TODO: better interface if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) { param_error('aggregate_coll_IDs', T_('Invalid aggregate collection ID list!')); } $this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs); } $media_location = param('blog_media_location', 'string', NULL); if ($media_location !== NULL) { // Media files location: $old_media_dir = $this->get_media_dir(false); $old_media_location = $this->get('media_location'); $this->set_from_Request('media_location'); $this->set_media_subdir(param('blog_media_subdir', 'string', '')); $this->set_media_fullpath(param('blog_media_fullpath', 'string', '')); $this->set_media_url(param('blog_media_url', 'string', '')); // check params switch ($this->get('media_location')) { case 'custom': // custom path and URL global $demo_mode, $media_path; if ($this->get('media_fullpath') == '') { param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.')); } if (!preg_match('#^https?://#', $this->get('media_url'))) { param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!')); } if ($demo_mode) { $canonical_fullpath = get_canonical_path($this->get('media_fullpath')); if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) { param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.'); } } break; case 'subdir': global $media_path; if ($this->get('media_subdir') == '') { param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.')); } else { // Test if it's below $media_path (subdir!) $canonical_path = get_canonical_path($media_path . $this->get('media_subdir')); if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir')))); } else { // Validate if it's a valid directory name: $subdir = no_trailing_slash(substr($canonical_path, strlen($media_path))); if ($error = validate_dirname($subdir)) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error); syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $subdir . '</b>'), 'warning', 'file'); } } } break; } } if (!param_errors_detected() && !empty($old_media_dir)) { // No error were detected before and possibly the media directory path was updated, check if it can be managed $this->check_media_dir_change($old_media_dir, isset($old_media_location) ? $old_media_location : NULL); } } return !param_errors_detected(); }
/** * Load data from Request form fields. * * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set). * * @param boolean true if we are returning to edit mode (new, switchtab...) * @return boolean true if loaded data seems valid. */ function load_from_Request($editing = false, $creating = false) { global $default_locale, $current_User, $localtimenow; global $posttypes_reserved_IDs, $item_typ_ID; // LOCALE: if (param('post_locale', 'string', NULL) !== NULL) { $this->set_from_Request('locale'); } // TYPE: if (param('post_type', 'string', NULL) !== NULL) { // Set type ID from request type code, happens when e.g. we add an intro from manual skin by url: /blog6.php?disp=edit&cat=25&post_type=intro-cat $this->set('ptyp_ID', get_item_type_ID(get_param('post_type'))); } elseif (param('item_typ_ID', 'integer', NULL) !== NULL) { // fp> when does this happen? // yura>fp: this happens on submit expert form $this->set_from_Request('ptyp_ID', 'item_typ_ID'); if (in_array($item_typ_ID, $posttypes_reserved_IDs)) { param_error('item_typ_ID', T_('This post type is reserved and cannot be used. Please choose another one.'), ''); } } // URL associated with Item: if (param('post_url', 'string', NULL) !== NULL) { param_check_url('post_url', 'posting', ''); $this->set_from_Request('url'); } if ($this->status == 'redirected' && empty($this->url)) { // Note: post_url is not part of the simple form, so this message can be a little bit awkward there param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)')); } // ISSUE DATE / TIMESTAMP: $this->load_Blog(); if ($current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) { $this->set('dateset', param('item_dateset', 'integer', 0)); if ($editing || $this->dateset == 1) { // We can use user date: if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) { // only set it, if a (valid) date and time was given: $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time'))); // TODO: cleanup... } } elseif ($this->dateset == 0) { // Set date to NOW: $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow)); } } // DEADLINE: if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) { $this->set_from_Request('datedeadline', 'item_deadline', true); } // SLUG: if (param('post_urltitle', 'string', NULL) !== NULL) { $this->set_from_Request('urltitle'); } // <title> TAG: if (param('titletag', 'string', NULL) !== NULL) { $this->set_from_Request('titletag', 'titletag'); } // <meta> DESC: if (param('metadesc', 'string', NULL) !== NULL) { $this->set_setting('post_metadesc', get_param('metadesc')); } // <meta> KEYWORDS: if (param('custom_headers', 'string', NULL) !== NULL) { $this->set_setting('post_custom_headers', get_param('custom_headers')); } // TAGS: if (param('item_tags', 'string', NULL) !== NULL) { $this->set_tags_from_string(get_param('item_tags')); // pre_dump( $this->tags ); } // WORKFLOW stuff: param('item_st_ID', 'integer', NULL); $this->set_from_Request('pst_ID', 'item_st_ID', true); param('item_assigned_user_ID', 'integer', NULL); $this->assign_to(get_param('item_assigned_user_ID')); param('item_priority', 'integer', NULL); $this->set_from_Request('priority', 'item_priority', true); // FEATURED checkbox: $this->set('featured', param('item_featured', 'integer', 0), false); // HIDE TEASER checkbox: $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0)); // ORDER: param('item_order', 'double', NULL); $this->set_from_Request('order', 'item_order', true); // OWNER: $this->creator_user_login = param('item_owner_login', 'string', NULL); if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) { // only admins can change the owner.. if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) { $this->set_creator_by_login($this->creator_user_login); } } // LOCATION COORDINATES: if ($this->Blog->get_setting('show_location_coordinates')) { // location coordinates are enabled, save map settings param('item_latitude', 'double', NULL); // get par value $this->set_setting('latitude', get_param('item_latitude'), true); param('item_longitude', 'double', NULL); // get par value $this->set_setting('longitude', get_param('item_longitude'), true); param('google_map_zoom', 'integer', NULL); // get par value $this->set_setting('map_zoom', get_param('google_map_zoom'), true); param('google_map_type', 'string', NULL); // get par value $this->set_setting('map_type', get_param('google_map_type'), true); } // CUSTOM FIELDS: foreach (array('double', 'varchar') as $type) { $field_count = $this->Blog->get_setting('count_custom_' . $type); for ($i = 1; $i <= $field_count; $i++) { // update each custom field $field_guid = $this->Blog->get_setting('custom_' . $type . $i); $param_name = 'item_' . $type . '_' . $field_guid; if (isset_param($param_name)) { // param is set $param_type = $type == 'varchar' ? 'string' : $type; param($param_name, $param_type, NULL); // get par value $custom_field_make_null = $type != 'double'; // store '0' values in DB for numeric fields $this->set_setting('custom_' . $type . '_' . $field_guid, get_param($param_name), $custom_field_make_null); } } } // COMMENTS: if ($this->Blog->get_setting('allow_comments') != 'never' && $this->Blog->get_setting('disable_comments_bypost')) { // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and disable_comments_bypost is enabled): $post_comment_status = param('post_comment_status', 'string', 'open'); if (!empty($post_comment_status)) { // 'open' or 'closed' or ... $this->set_from_Request('comment_status'); } } // EXPIRY DELAY: $expiry_delay = param_duration('expiry_delay'); if (empty($expiry_delay)) { // Check if we have 'expiry_delay' param set as string from simple or mass form $expiry_delay = param('expiry_delay', 'string', NULL); } $this->set_setting('post_expiry_delay', $expiry_delay, true); // EXTRA PARAMS FROM MODULES: modules_call_method('update_item_settings', array('edited_Item' => $this)); // RENDERERS: if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) global $Plugins; $renderers = $Plugins->validate_renderer_list(param('renderers', 'array/string', array()), array('Item' => &$this)); $this->set('renderers', $renderers); } else { $renderers = $this->get_renderers_validated(); } // CONTENT + TITLE: if ($this->Blog->get_setting('allow_html_post')) { // HTML is allowed for this post, we'll accept HTML tags: $text_format = 'html'; } else { // HTML is disallowed for this post, we'll encode all special chars: $text_format = 'htmlspecialchars'; } if (param('content', $text_format, NULL) !== NULL) { // Never allow html content on post titles: (fp> probably so as to not mess up backoffice and all sorts of tools) param('post_title', 'htmlspecialchars', NULL); // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Plugins_admin(); $params = array('object_type' => 'Item', 'object_Blog' => &$this->Blog); $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params); // Title checking: $require_title = $this->Blog->get_setting('require_title'); if ((!$editing || $creating) && $require_title == 'required') { param_check_not_empty('post_title', T_('Please provide a title.'), ''); } // Format raw HTML input to cleaned up and validated HTML: param_check_html('content', T_('Invalid content.')); $this->set('content', get_param('content')); $this->set('title', get_param('post_title')); } // EXCERPT: (must come after content (to handle excerpt_autogenerated)) if (param('post_excerpt', 'text', NULL) !== NULL) { $this->set('excerpt_autogenerated', 0); // Set this to the '0' for saving a field 'excerpt' from a request $this->set_from_Request('excerpt'); } // LOCATION (COUNTRY -> CITY): load_funcs('regional/model/_regional.funcs.php'); if ($this->Blog->country_visible()) { // Save country $country_ID = param('item_ctry_ID', 'integer', 0); $country_is_required = $this->Blog->get_setting('location_country') == 'required' && countries_exist() && !$this->is_special(); param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required); $this->set_from_Request('ctry_ID', 'item_ctry_ID', true); } if ($this->Blog->region_visible()) { // Save region $region_ID = param('item_rgn_ID', 'integer', 0); $region_is_required = $this->Blog->get_setting('location_region') == 'required' && regions_exist($country_ID) && !$this->is_special(); param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required); $this->set_from_Request('rgn_ID', 'item_rgn_ID', true); } if ($this->Blog->subregion_visible()) { // Save subregion $subregion_ID = param('item_subrg_ID', 'integer', 0); $subregion_is_required = $this->Blog->get_setting('location_subregion') == 'required' && subregions_exist($region_ID) && !$this->is_special(); param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required); $this->set_from_Request('subrg_ID', 'item_subrg_ID', true); } if ($this->Blog->city_visible()) { // Save city param('item_city_ID', 'integer', 0); $city_is_required = $this->Blog->get_setting('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID) && !$this->is_special(); param_check_number('item_city_ID', T_('Please select a city'), $city_is_required); $this->set_from_Request('city_ID', 'item_city_ID', true); } return !param_errors_detected(); }