setOption('watermark_w_offset', sanitize($_POST['watermark_w_offset'], 3)); setOption('image_cache_suffix', sanitize($_POST['image_cache_suffix'])); $imageplugins = array_unique($_zp_extra_filetypes); $imageplugins[] = 'Image'; foreach ($imageplugins as $plugin) { $opt = $plugin . '_watermark'; if (isset($_POST[$opt])) { $new = sanitize($_POST[$opt], 3); setOption($opt, $new); } } setOption('full_image_quality', sanitize($_POST['full_image_quality'], 3)); setOption('cache_full_image', (int) isset($_POST['cache_full_image'])); setOption('protect_full_image', sanitize($_POST['protect_full_image'], 3)); setOption('imageProcessorConcurrency', $_POST['imageProcessorConcurrency']); $notify = processCredentials('protected_image'); setOption('secure_image_processor', (int) isset($_POST['secure_image_processor'])); if (isset($_POST['protected_image_cache'])) { setOption('protected_image_cache', 1); copy(SERVERPATH . '/' . ZENFOLDER . '/cacheprotect', SERVERPATH . '/' . CACHEFOLDER . '/.htaccess'); @chmod(SERVERPATH . '/' . CACHEFOLDER . '/.htaccess', 0444); } else { @chmod(SERVERPATH . '/' . CACHEFOLDER . '/.htaccess', 0777); @unlink(SERVERPATH . '/' . CACHEFOLDER . '/.htaccess'); setOption('protected_image_cache', 0); } setOption('hotlink_protection', (int) isset($_POST['hotlink_protection'])); setOption('use_lock_image', (int) isset($_POST['use_lock_image'])); $st = sanitize($_POST['image_sorttype'], 3); if ($st == 'custom') { $st = unQuote(strtolower(sanitize($_POST['customimagesort'], 3)));
static function handleOptionSave($themename, $themealbum) { $notify = processCredentials('downloadList', '_downloadList'); if ($notify == '?mismatch=user') { return '&custom=' . gettext('You must supply a password for the DownloadList user'); } else { if ($notify) { return '&custom=' . gettext('Your DownloadList passwords were empty or did not match'); } } return false; }
/** * processes the post from the above * @param int $index the index of the entry in mass edit or 0 if single album * @param object $album the album object * @param string $redirectto used to redirect page refresh on move/copy/rename * @return string error flag if passwords don't match * @since 1.1.3 */ function processAlbumEdit($index, &$album, &$redirectto) { $redirectto = NULL; // no redirection required if ($index == 0) { $prefix = $suffix = ''; } else { $prefix = "{$index}-"; $suffix = "_{$index}"; } $notify = ''; $album->setTitle(process_language_string_save($prefix . 'albumtitle', 2)); $album->setDesc(process_language_string_save($prefix . 'albumdesc', EDITOR_SANITIZE_LEVEL)); if (isset($_POST['tag_list_tags_' . $prefix])) { $tags = sanitize($_POST['tag_list_tags_' . $prefix]); } else { $tags = array(); } $tags = array_unique($tags); $album->setTags($tags); if (isset($_POST[$prefix . 'thumb'])) { $album->setThumb(sanitize($_POST[$prefix . 'thumb'])); } $album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments'])); $sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3)); if ($sorttype == 'custom') { $sorttype = unquote(strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3))); } $album->setSortType($sorttype); if ($sorttype == 'manual' || $sorttype == 'random') { $album->setSortDirection(false, 'image'); } else { if (empty($sorttype)) { $direction = false; } else { $direction = isset($_POST[$prefix . 'image_sortdirection']); } $album->setSortDirection($direction, 'image'); } $sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3)); if ($sorttype == 'custom') { $sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3)); } $album->setSortType($sorttype, 'album'); if ($sorttype == 'manual' || $sorttype == 'random') { $album->setSortDirection(false, 'album'); } else { $album->setSortDirection(isset($_POST[$prefix . 'album_sortdirection']), 'album'); } if (isset($_POST['reset_hitcounter' . $prefix])) { $album->set('hitcounter', 0); } if (isset($_POST[$prefix . 'reset_rating'])) { $album->set('total_value', 0); $album->set('total_votes', 0); $album->set('used_ips', 0); } $pubdate = $album->setPublishDate(sanitize($_POST['publishdate-' . $prefix])); $album->setExpireDate(sanitize($_POST['expirationdate-' . $prefix])); $fail = ''; processCredentials($album, $suffix); $oldtheme = $album->getAlbumTheme(); if (isset($_POST[$prefix . 'album_theme'])) { $newtheme = sanitize($_POST[$prefix . 'album_theme']); if ($oldtheme != $newtheme) { $album->setAlbumTheme($newtheme); } } if (isset($_POST[$prefix . 'album_watermark'])) { $album->setWatermark(sanitize($_POST[$prefix . 'album_watermark'], 3)); $album->setWatermarkThumb(sanitize($_POST[$prefix . 'album_watermark_thumb'], 3)); } $album->setShow(isset($_POST[$prefix . 'Published'])); zp_apply_filter('save_album_custom_data', NULL, $prefix, $album); zp_apply_filter('save_album_utilities_data', $album, $prefix); $album->save(); // Move/Copy/Rename the album after saving. $movecopyrename_action = ''; if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) { $movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3); } if ($movecopyrename_action == 'delete') { $dest = dirname($album->name); if ($album->remove()) { if ($dest == '/' || $dest == '.') { $dest = ''; } $redirectto = $dest; } else { $notify = "&mcrerr=7"; } } if ($movecopyrename_action == 'move') { $dest = sanitize_path($_POST['a' . $prefix . '-albumselect']); // Append the album name. $dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name)); if ($dest && $dest != $album->name) { if ($suffix = $album->isDynamic()) { // be sure there is a .alb suffix if (substr($dest, -4) != '.' . $suffix) { $dest .= '.' . suffix; } } if ($e = $album->move($dest)) { $notify = "&mcrerr=" . $e; } else { $redirectto = $dest; } } else { // Cannot move album to same album. $notify = "&mcrerr=3"; } } else { if ($movecopyrename_action == 'copy') { $dest = sanitize_path($_POST['a' . $prefix . '-albumselect']); if ($dest && $dest != $album->name) { if ($e = $album->copy($dest)) { $notify = "&mcrerr=" . $e; } } else { // Cannot copy album to existing album. // Or, copy with rename? $notify = '&mcrerr=3'; } } else { if ($movecopyrename_action == 'rename') { $renameto = sanitize_path($_POST['a' . $prefix . '-renameto']); $renameto = str_replace(array('/', '\\'), '', $renameto); if (dirname($album->name) != '.') { $renameto = dirname($album->name) . '/' . $renameto; } if ($renameto != $album->name) { if ($suffix = $album->isDynamic()) { // be sure there is a .alb suffix if (substr($renameto, -4) != '.' . $suffix) { $renameto .= '.' . $suffix; } } if ($e = $album->rename($renameto)) { $notify = "&mcrerr=" . $e; } else { $redirectto = $renameto; } } else { $notify = "&mcrerr=3"; } } } } return $notify; }
/** * Updates or adds a category * * @param array $reports the results display * @param bool $newcategory true if a new article * */ function updateCategory(&$reports, $newcategory = false) { $date = date('Y-m-d_H-i-s'); $id = sanitize_numeric($_POST['id']); $permalink = getcheckboxState('permalink'); $title = process_language_string_save("title", 2); $desc = process_language_string_save("desc", EDITOR_SANITIZE_LEVEL); $custom = process_language_string_save("custom_data", 1); if ($newcategory) { $titlelink = seoFriendly(get_language_string($title)); if (empty($titlelink)) { $titlelink = seoFriendly($date); } $sql = 'SELECT `id` FROM ' . prefix('news_categories') . ' WHERE `titlelink`=' . db_quote($titlelink); $rslt = query_single_row($sql, false); if ($rslt) { //already exists $time = explode(' ', microtime()); $titlelink = $titlelink . '_' . ($time[1] + $time[0]); $reports[] = "<p class='warningbox fade-message'>" . gettext('Duplicate category title') . '</p>'; } $oldtitlelink = $titlelink; } else { $titlelink = $oldtitlelink = sanitize($_POST['titlelink-old'], 3); if (getcheckboxState('edittitlelink')) { $titlelink = sanitize($_POST['titlelink'], 3); if (empty($titlelink)) { $titlelink = seoFriendly(get_language_string($title)); if (empty($titlelink)) { $titlelink = seoFriendly($date); } } } else { if (!$permalink) { // allow the link to change $link = seoFriendly(get_language_string($title)); if (!empty($link)) { $titlelink = $link; } } } } $titleok = true; if ($titlelink != $oldtitlelink) { // title link change must be reflected in DB before any other updates $titleok = query('UPDATE ' . prefix('news_categories') . ' SET `titlelink`=' . db_quote($titlelink) . ' WHERE `id`=' . $id, false); if (!$titleok) { $titlelink = $oldtitlelink; // force old link so data gets saved } else { SearchEngine::clearSearchCache(); } } //update category $show = getcheckboxState('show'); $cat = new ZenpageCategory($titlelink, true); $notice = processCredentials($cat); $cat->setPermalink(getcheckboxState('permalink')); $cat->set('title', $title); $cat->setDesc($desc); $cat->setCustomData(zp_apply_filter('save_category_custom_data', $custom, $cat)); $cat->setShow($show); if (getcheckboxState('resethitcounter')) { $cat->set('hitcounter', 0); } if (getcheckboxState('reset_rating')) { $cat->set('total_value', 0); $cat->set('total_votes', 0); $cat->set('used_ips', 0); } if ($newcategory) { $msg = zp_apply_filter('new_category', '', $cat); if (empty($title)) { $reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("Category <em>%s</em> added but you need to give it a <strong>title</strong> before publishing!"), $titlelink) . '</p>'; } else { if ($notice == '?mismatch=user') { $reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>'; } else { if ($notice) { $reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>'; } else { $reports[] = "<p class='messagebox fade-message'>" . sprintf(gettext("Category <em>%s</em> added"), $titlelink) . '</p>'; } } } } else { $msg = zp_apply_filter('update_category', '', $cat, $oldtitlelink); if ($titleok) { if (empty($titlelink) or empty($title)) { $reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your category a <strong>title or titlelink</strong>!") . "</p>"; } else { if ($notice == '?mismatch=user') { $reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>'; } else { if ($notice) { $reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>'; } else { $reports[] = "<p class='messagebox fade-message'>" . gettext("Category updated!") . "</p>"; } } } } else { $reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("A category with the title/titlelink <em>%s</em> already exists!"), html_encode($cat->getTitle())) . "</p>"; } } $cat->save(); if ($msg) { $reports[] = $msg; } return $cat; }