/** * Writes the group data into persistence (MySQL for now). * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { parent::writeToPersistence(); $sql_fields = "\n\t\t\tlabel_prg='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\tdescription_prg='" . SensitiveIO::sanitizeSQLString($this->_description) . "',\n\t\t\tprofile_prg='" . SensitiveIO::sanitizeSQLString(parent::getId()) . "'\n\t\t"; if ($this->_groupId) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tprofilesUsersGroups\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_prg='" . $this->_groupId . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tprofilesUsersGroups\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if ($q->hasError()) { return false; } elseif (!$this->_groupId) { $this->_groupId = $q->getLastInsertedID(); } /* Delete all records and re-insert the good ones */ $sql = "\n\t\t\tdelete from\n\t\t\t\tprofileUsersByGroup\n\t\t\twhere\n\t\t\t\tgroupId_gu='" . $this->_groupId . "'\n\t\t"; $q = new CMS_query($sql); if (is_array($this->_users) && $this->_users) { $sql = ''; foreach ($this->_users as $user) { $sql .= $sql ? ', ' : ''; $sql .= "('" . $this->_groupId . "' ,'" . $user . "') "; } $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tprofileUsersByGroup (groupId_gu, userId_gu)\n\t\t\t\tvalues \n\t\t\t\t\t" . $sql; $q = new CMS_query($sql); } //Clear polymod cache //CMS_cache::clearTypeCacheByMetas('polymod', array('resource' => 'users')); CMS_cache::clearTypeCache('polymod'); return true; }
/** * Writes the page into persistence (MySQL for now), along with base data. * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { parent::writeToPersistence(); $isNew = $this->_pageID === NULL; // Inform modules of the page creation $modules = CMS_modulesCatalog::getAll('id'); foreach ($modules as $codename => $module) { if (method_exists($module, 'pagePreSave')) { $module->pagePreSave($this, $isNew); } } //save page data $sql_fields = "\n\t\t\tresource_pag='" . parent::getID() . "',\n\t\t\tremindedEditorsStack_pag='" . SensitiveIO::sanitizeSQLString($this->_remindedEditors->getTextDefinition()) . "',\n\t\t\tlastReminder_pag='" . $this->_lastReminder->getDBValue() . "',\n\t\t\ttemplate_pag='" . $this->_templateID . "',\n\t\t\tlastFileCreation_pag='" . $this->_lastFileCreation->getDBValue() . "',\n\t\t\turl_pag='" . SensitiveIO::sanitizeSQLString($this->_pageURL) . "',\n\t\t\tprotected_pag='" . ($this->_protected ? 1 : 0) . "',\n\t\t\thttps_pag='" . ($this->_https ? 1 : 0) . "'\n\t\t"; if ($this->_pageID) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tpages\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_pag='" . $this->_pageID . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tpages\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if ($q->hasError()) { return false; } elseif (!$this->_pageID) { $this->_pageID = $q->getLastInsertedID(); } //save base data if modified if ($this->_editedBaseData) { $sql_fields = "\n\t\t\t\tpage_pbd='" . $this->_pageID . "',\n\t\t\t\ttitle_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["title"]) . "',\n\t\t\t\tlinkTitle_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["linkTitle"]) . "',\n\t\t\t\tkeywords_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["keywords"]) . "',\n\t\t\t\tdescription_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["description"]) . "',\n\t\t\t\treminderPeriodicity_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["reminderPeriodicity"]) . "',\n\t\t\t\treminderOn_pbd='" . $this->_editedBaseData["reminderOn"]->getDBValue() . "',\n\t\t\t\treminderOnMessage_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["reminderOnMessage"]) . "',\n\t\t\t\tcategory_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["category"]) . "',\n\t\t\t\tauthor_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["author"]) . "',\n\t\t\t\treplyto_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["replyto"]) . "',\n\t\t\t\tcopyright_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["copyright"]) . "',\n\t\t\t\tlanguage_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["language"]) . "',\n\t\t\t\trobots_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["robots"]) . "',\n\t\t\t\tpragma_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["pragma"]) . "',\n\t\t\t\trefresh_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["refresh"]) . "',\n\t\t\t\tredirect_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["redirect"]->getTextDefinition()) . "',\n\t\t\t\trefreshUrl_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["refreshUrl"]) . "',\n\t\t\t\tmetas_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["metas"]) . "',\n\t\t\t\tcodename_pbd='" . SensitiveIO::sanitizeSQLString($this->_editedBaseData["codename"]) . "'\n\t\t\t"; if ($this->_baseDataID) { $sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpagesBaseData_edited\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $sql_fields . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tid_pbd='" . $this->_baseDataID . "'\n\t\t\t\t"; } else { $sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\tpagesBaseData_edited\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if (!$q->hasError() && !$this->_baseDataID) { $this->_baseDataID = $q->getLastInsertedID(); } } // Inform modules of the page creation $modules = CMS_modulesCatalog::getAll('id'); foreach ($modules as $codename => $module) { if (method_exists($module, 'pagePostSave')) { $module->pagePostSave($this, $isNew); } } return true; }
/** * Writes the resource into persistence (MySQL for now). * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { $this->_status->writeToPersistence(); $sql_fields = "\n\t\t\tstatus_res='" . $this->_status->getID() . "',\n\t\t\teditorsStack_res='" . SensitiveIO::sanitizeSQLString($this->_editors->getTextDefinition()) . "'\n\t\t"; if ($this->_id) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tresources\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_res='" . $this->_id . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tresources\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if ($q->hasError()) { return false; } elseif (!$this->_id) { $this->_id = $q->getLastInsertedID(); } return true; }
/** * Get field order SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object (aka $this->_field->getID()) * @param mixed $direction : the direction to search (asc/desc) * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false) { $statusSuffix = $public ? "_public" : "_edited"; $supportedOperator = array(); if ($operator && !in_array($operator, $supportedOperator)) { $this->raiseError("Unknown search operator : " . $operator . ", use default search instead"); $operator = false; } $sql = ''; //only add tables used by subfields foreach ($this->_subfields as $subFieldID => $subFieldDefinition) { $types[$subFieldDefinition['type']] = true; } //choose table if (isset($types['integer']) && $types['integer'] == true) { $fromTable = 'mod_subobject_integer'; } elseif (isset($types['date']) && $types['date'] == true) { $fromTable = 'mod_subobject_date'; } elseif (isset($types['text']) && $types['text'] == true) { $fromTable = 'mod_subobject_text'; } elseif (isset($types['string']) && $types['string'] == true) { $fromTable = 'mod_subobject_string'; } if (!$fromTable) { $fromTable = 'mod_subobject_integer'; } // create sql $sql = "\n\t\tselect\n\t\t\tdistinct objectID\n\t\tfrom\n\t\t\t" . $fromTable . $statusSuffix . "\n\t\twhere\n\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t{$where}\n\t\torder by value " . $direction; return $sql; }
/** * Writes the news into persistence (MySQL for now), along with base data. * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { $sql_fields = "\n\t\t\tform_fld='" . SensitiveIO::sanitizeSQLString($this->_formID) . "',\n\t\t\tname_fld='" . SensitiveIO::sanitizeSQLString($this->_name) . "',\n\t\t\tlabel_fld='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\ttype_fld='" . SensitiveIO::sanitizeSQLString($this->_type) . "',\n\t\t\tdataValidation_fld='" . SensitiveIO::sanitizeSQLString($this->_dataValidation) . "',\n\t\t\tdefaultValue_fld='" . SensitiveIO::sanitizeSQLString($this->_value) . "',\n\t\t\trequired_fld='" . SensitiveIO::sanitizeSQLString($this->_required) . "',\n\t\t\tactive_fld='" . SensitiveIO::sanitizeSQLString($this->_active) . "',\n\t\t\torder_fld='" . SensitiveIO::sanitizeSQLString($this->_order) . "',\n\t\t\toptions_fld='" . SensitiveIO::sanitizeSQLString(serialize($this->_options)) . "',\n\t\t\tparams_fld='" . SensitiveIO::sanitizeSQLString(serialize($this->_params)) . "'\n\t\t\t"; if ($this->_fieldID) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmod_cms_forms_fields\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_fld='" . $this->_fieldID . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmod_cms_forms_fields\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if ($q->hasError()) { $this->raiseError("Failed to write"); return false; } elseif (!$this->_fieldID) { $this->_fieldID = $q->getLastInsertedID(); } //then write options in a second query, (cause in the first query it cause a strange error with PDO /*$sql_fields = " options_fld=:options "; $sqlParameters = array( 'options' => serialize($this->_options), ); $sql = " update mod_cms_forms_fields set ".$sql_fields." where id_fld='".$this->_fieldID."' "; $q = new CMS_query(); $q->executePreparedQuery($sql, $sqlParameters); if ($q->hasError()) { $this->raiseError("Failed to write"); return false; }*/ return true; }
/** * Writes the row into persistence (MySQL for now). * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { if (!$this->_uuid) { $this->_uuid = io::uuid(); } $sql_fields = "\n\t\t\tlabel_row='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\tdefinitionFile_row='" . SensitiveIO::sanitizeSQLString($this->_definitionFile) . "',\n\t\t\tmodulesStack_row='" . $this->_modules->getTextDefinition() . "',\n\t\t\tgroupsStack_row='" . SensitiveIO::sanitizeSQLString($this->_groups->getTextDefinition()) . "',\n\t\t\tuseable_row='" . SensitiveIO::sanitizeSQLString($this->_useable) . "',\n\t\t\tdescription_row='" . SensitiveIO::sanitizeSQLString($this->_description) . "',\n\t\t\ttplfilter_row='" . SensitiveIO::sanitizeSQLString(implode(';', $this->_tplfilter)) . "',\n\t\t\timage_row='" . SensitiveIO::sanitizeSQLString($this->_image) . "',\n\t\t\tuuid_row='" . SensitiveIO::sanitizeSQLString($this->_uuid) . "'\n\t\t"; if ($this->_id) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmod_standard_rows\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_row='" . $this->_id . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmod_standard_rows\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t"; } //pr($sql); $q = new CMS_query($sql); if ($q->hasError()) { return false; } elseif (!$this->_id) { $this->_id = $q->getLastInsertedID(); } return true; }
/** * Get field search SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object (aka $this->_field->getID()) * @param mixed $value : the value to search * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldSearchSQL($fieldID, $value, $operator, $where, $public = false) { $supportedOperator = array(); if ($operator && !in_array($operator, $supportedOperator)) { $this->raiseError("Unknown search operator : " . $operator . ", use default search instead"); $operator = false; } $statusSuffix = $public ? "_public" : "_edited"; $value = $value == '-' ? '0' : $value; $sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\tand value = '" . $value . "'\n\t\t\t\t{$where}"; return $sql; }
/** * Get the search. * * @param integer $searchType : the type of the search (see constants) * @return array of CMS_page the result pages * @access public */ function getSearch($keywords, $user, $public = false, $withPageContent = false) { if (is_a($user, 'CMS_profile_user')) { $cms_language = $user->getLanguage(); } else { $cms_language = new CMS_language('fr'); } $results = array(); $count = 0; /*$messages = array(); $message = '';*/ $where = $order = ''; $foundLinkToIDs = $foundLinkFromIDs = $foundPagesFromTemplate = $foundPagesFromRow = $matches = array(); // Clean keywords $keywords = SensitiveIO::sanitizeSQLString($keywords); $keywords = strtr($keywords, ",;", " "); $blocks = array(); $blocks = array_map("trim", array_unique(explode(" ", $keywords))); $cleanedBlocks = array(); foreach ($blocks as $block) { if ($block !== '' || sensitiveIO::isPositiveInteger($block)) { $block = str_replace(array('%', '_'), array('\\%', '\\_'), $block); $cleanedBlocks[] = $block; } } // Separate block codes if ($cleanedBlocks) { $allDatas = array(); $allCodes = CMS_search::getAllCodes(); foreach ($allCodes as $code) { $datas = array(); foreach (array_keys($cleanedBlocks) as $key) { if (strstr($cleanedBlocks[$key], $code . ':')) { $datas[] = $cleanedBlocks[$key]; unset($cleanedBlocks[$key]); } } if ($datas) { $allDatas[$code] = $datas; } } $allDatas[self::SEARCH_TYPE_DEFAULT] = $cleanedBlocks; // Get IDs from all specific codes $foundIDs = array(); $allLinksNumber = 0; foreach ($allCodes as $code) { switch ($code) { case self::SEARCH_TYPE_LINKTO: if (isset($allDatas[self::SEARCH_TYPE_LINKTO])) { $foundLinkToIDs = array(); $where = ''; $count = 0; foreach ($allDatas[self::SEARCH_TYPE_LINKTO] as $block) { $tabValues = explode(':', $block); if (SensitiveIO::isPositiveInteger($tabValues[1])) { $where .= $count ? ' or ' : ''; $count++; $where .= " start_lre = '" . $tabValues[1] . "' "; } } if ($where) { $select = ' stop_lre '; $from = 'linx_real_public'; $sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where; $q = new CMS_query($sql); $arr = array(); while ($arr = $q->getArray()) { $foundLinkToIDs[] = $arr["stop_lre"]; } // Count links number $allLinksNumber += count($foundLinkToIDs); $where = $select = ''; } } break; case self::SEARCH_TYPE_LINKFROM: if (isset($allDatas[self::SEARCH_TYPE_LINKFROM])) { $foundLinkFromIDs = array(); $where = ''; $count = 0; /*$messagesIDs = array();*/ foreach ($allDatas[self::SEARCH_TYPE_LINKFROM] as $block) { $tabValues = explode(':', $block); if (SensitiveIO::isPositiveInteger($tabValues[1])) { $where .= $count ? ' or ' : ''; $count++; $where .= " stop_lre = '" . $tabValues[1] . "' "; } } if ($where) { $select = ' start_lre '; $from = 'linx_real_public'; $sql = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t" . $where; $q = new CMS_query($sql); $arr = array(); while ($arr = $q->getArray()) { $foundLinkFromIDs[] = $arr["start_lre"]; } // Count links number $allLinksNumber += count($foundLinkFromIDs); $where = $select = ''; } } break; case self::SEARCH_TYPE_TEMPLATE: if (isset($allDatas[self::SEARCH_TYPE_TEMPLATE])) { $foundPagesFromTemplate = array(); foreach ($allDatas[self::SEARCH_TYPE_TEMPLATE] as $block) { $tabValues = explode(':', $block); if (SensitiveIO::isPositiveInteger($tabValues[1])) { $foundPagesFromTemplate = array_unique(array_merge(CMS_pageTemplatesCatalog::getPagesByTemplate($tabValues[1]), $foundPagesFromTemplate)); } } $allLinksNumber += count($foundPagesFromTemplate); } break; case self::SEARCH_TYPE_ROW: if (isset($allDatas[self::SEARCH_TYPE_ROW])) { $foundPagesFromRow = array(); foreach ($allDatas[self::SEARCH_TYPE_ROW] as $block) { $tabValues = explode(':', $block); if (SensitiveIO::isPositiveInteger($tabValues[1])) { $foundPagesFromRow = array_unique(array_merge(CMS_rowsCatalog::getPagesByRow($tabValues[1]), CMS_rowsCatalog::getPagesByRow($tabValues[1], false, true), $foundPagesFromRow)); } } $allLinksNumber += count($foundPagesFromRow); } break; } } $foundIDs = array_unique(array_merge($foundLinkToIDs, $foundLinkFromIDs, $foundPagesFromTemplate, $foundPagesFromRow)); // Main sql requests (for pageId, pages codenames and keywords) if ($allDatas[self::SEARCH_TYPE_DEFAULT]) { $count = 0; $where = ''; foreach ($allDatas[self::SEARCH_TYPE_DEFAULT] as $key => $block) { if (SensitiveIO::isPositiveInteger($block)) { $where .= $count ? ' or ' : ''; $count++; $where .= " (page_pbd like '%" . $block . "%')"; unset($allDatas[self::SEARCH_TYPE_DEFAULT][$key]); } } $order = ''; if ($allDatas[self::SEARCH_TYPE_DEFAULT]) { $suffix = $public ? '_public' : '_edited'; if (!$withPageContent) { //Search in page metadatas //$count = 0; foreach ($allDatas[self::SEARCH_TYPE_DEFAULT] as $block) { $where .= $count ? ' or ' : ''; $count++; $where .= " (\n\t\t\t\t\t\t\t\ttitle_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor linkTitle_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor keywords_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor description_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor category_pbd like '%" . $block . "%'\n\t\t\t\t\t\t\t\tor codename_pbd = '" . $block . "'\n\t\t\t\t\t\t\t)"; } if ($foundIDs) { $where .= " and page_pbd in (" . implode($foundIDs, ',') . ") "; } // Set SQL $sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tpage_pbd\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tpagesBaseData" . $suffix . "\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t"; $q = new CMS_query($sql); //pr($sql); $results = array(); $count = 0; $foundIDs = array(); while ($id = $q->getValue('page_pbd')) { $foundIDs[] = $id; } $order = "\n\t\t\t\t\t \t\torder by title_pbd asc\n\t\t\t\t\t\t"; } else { //Search in page content (fulltext search) $keywords = implode(' ', $allDatas[self::SEARCH_TYPE_DEFAULT]); $selects = array('pagesBaseData' . $suffix => array('page' => 'page_pbd', 'match' => 'title_pbd,linkTitle_pbd,keywords_pbd,description_pbd,codename_pbd'), 'blocksVarchars' . $suffix => array('page' => 'page', 'match' => 'value'), 'blocksTexts' . $suffix => array('page' => 'page', 'match' => 'value', 'entities' => true), 'blocksImages' . $suffix => array('page' => 'page', 'match' => 'label'), 'blocksFiles' . $suffix => array('page' => 'page', 'match' => 'label')); $matches = array(); foreach ($selects as $table => $select) { // Set SQL $sql = "\n\t\t\t\t\t\t\t\tselect \n\t\t\t\t\t\t\t\t\t" . $select['page'] . " as pageId, MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString($keywords) . "') as m1\n\t\t\t\t\t\t\t\t\t" . (isset($select['entities']) && $keywords != htmlentities($keywords) ? " , MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString(htmlentities($keywords)) . "') as m2 " : '') . "\n\t\t\t\t\t\t\t\tfrom \n\t\t\t\t\t\t\t\t\t" . $table . "\n\t\t\t\t\t\t\t\twhere \n\t\t\t\t\t\t\t\t\tMATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString($keywords) . "')\n\t\t\t\t\t\t\t\t\t" . (isset($select['entities']) && $keywords != htmlentities($keywords) ? " or MATCH (" . $select['match'] . ") AGAINST ('" . sensitiveIO::sanitizeSQLString(htmlentities($keywords)) . "') " : '') . "\n\t\t\t\t\t\t\t\t"; //pr($sql); $q = new CMS_query($sql); while ($r = $q->getArray()) { if (!isset($matches[$r['pageId']]) || isset($matches[$r['pageId']]) && $r['m1'] > $matches[$r['pageId']]) { $matches[$r['pageId']] = $r['m1']; } if (isset($r['m2']) && (!isset($matches[$r['pageId']]) || isset($matches[$r['pageId']]) && $r['m2'] > $matches[$r['pageId']])) { $matches[$r['pageId']] = $r['m2']; } } } //sort page Ids by relevance arsort($matches, SORT_NUMERIC); //$matches = array_keys($matches); $order = "\n\t\t\t\t\t \t\torder by field(page_pbd, " . implode(',', array_reverse(array_keys($matches))) . ") desc\n\t\t\t\t\t\t"; $foundIDs = $foundIDs ? array_intersect(array_keys($matches), $foundIDs) : array_keys($matches); } } else { $order = " order by page_pbd "; } } if ($foundIDs) { $select = ' page_pbd '; $from = $public ? 'pagesBaseData_public' : 'pagesBaseData_edited'; $where .= $where && $foundIDs ? " and " : ''; $where .= $foundIDs ? " page_pbd in (" . implode($foundIDs, ',') . ") " : ''; if ($where) { // Set SQL $sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t" . $select . "\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t" . $from . "\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t" . $order . "\n\t\t\t\t\t"; $q = new CMS_query($sql); //pr($sql); $results = array(); $count = 0; while ($arr = $q->getArray()) { $id = $arr["page_pbd"]; if ($user->hasPageClearance($id, CLEARANCE_PAGE_VIEW)) { $count++; $results[$id] = $id; } } } } } else { // No results $count = 0; } return array('nbresult' => $count, 'nblinksresult' => $allLinksNumber, 'results' => $results, 'score' => $matches); }
/** * Writes the cmsprofile into persistence (MySQL for now). * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { $sql_fields = "\n\t\t\tadministrationClearance_pr='" . SensitiveIO::sanitizeSQLString($this->_adminClearance) . "',\n\t\t\tpageClearancesStack_pr='" . SensitiveIO::sanitizeSQLString($this->_pageClearances->getTextDefinition()) . "',\n\t\t\tvalidationClearancesStack_pr='" . SensitiveIO::sanitizeSQLString($this->_validationClearances->getTextDefinition()) . "',\n\t\t\tmoduleClearancesStack_pr='" . SensitiveIO::sanitizeSQLString($this->_moduleClearances->getTextDefinition()) . "',\n\t\t\ttemplateGroupsDeniedStack_pr='" . SensitiveIO::sanitizeSQLString($this->_templateGroupsDenied->getTextDefinition()) . "',\n\t\t\trowGroupsDeniedStack_pr='" . SensitiveIO::sanitizeSQLString($this->_rowGroupsDenied->getTextDefinition()) . "'\n\t\t"; if ($this->_id) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tprofiles\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_pr='" . $this->_id . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tprofiles\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } //pr($sql); $q = new CMS_query($sql); if ($q->hasError()) { return false; } elseif (!$this->_id) { $this->_id = $q->getLastInsertedID(); } if (!sensitiveIO::isPositiveInteger($this->_moduleCategoriesClearances->getProfileID())) { $this->_moduleCategoriesClearances->setProfileID($this->_id); } // Write moduleCategories clearances to persistence also return $this->_moduleCategoriesClearances->writeToPersistence(); }
/** * Get field order SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object (aka $this->_field->getID()) * @param mixed $direction : the direction to search (asc/desc) * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false) { $statusSuffix = $public ? "_public" : "_edited"; //operators are not supported for now : TODO $supportedOperator = array(); if ($operator && !in_array($operator, $supportedOperator)) { $this->raiseError("Unkown search operator : " . $operator . ", use default search instead"); $operator = false; } $sql = ''; //only add tables used by subfields foreach ($this->_subfields as $subFieldID => $subFieldDefinition) { $types[$subFieldDefinition['type']] = true; } //choose table $fromTable = 'mod_subobject_string'; // create sql $sql = "\n select\n distinct objectID\n from\n " . $fromTable . $statusSuffix . "\n where\n objectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n and objectSubFieldID = '1'\n {$where}\n order by value " . $direction; return $sql; }
/** * Get field order SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object (aka $this->_field->getID()) * @param mixed $direction : the direction to search (asc/desc) * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false) { global $cms_language; $statusSuffix = $public ? "_public" : "_edited"; $supportedOperator = array('label', 'atmorder'); if ($operator && !in_array($operator, $supportedOperator)) { $this->_raiseError(get_class($this) . " : getFieldSearchSQL : unkown search operator : " . $operator . ", use default search instead"); $operator = false; } if ($operator == 'label' && !is_object($cms_language)) { $this->_raiseError(get_class($this) . " : getFieldSearchSQL : unkown cms_language to use for label search order, use default search instead"); $operator = false; } $sql = ''; $fromTable = 'mod_subobject_integer'; if (!$operator) { // create sql $sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\t" . $fromTable . $statusSuffix . "\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\t{$where}\n\t\t\torder by value " . $direction; } else { switch ($operator) { case 'label': $sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t" . $fromTable . $statusSuffix . ",\n\t\t\t\t\t\t\tmodulesCategories_i18nm\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\t\t\t\tand category_mcl = value\n\t\t\t\t\t\t\tand language_mcl = '" . $cms_language->getCode() . "'\n\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\torder by label_mcl " . $direction; break; case 'atmorder': $sqlTemp = "select distinct(modulesCategories.root_mca) as root from " . $fromTable . $statusSuffix . ", modulesCategories where id_mca = value\n\t\t\t\t\t\t\t{$where}"; $q = new CMS_query($sqlTemp); $roots = $q->getAll(); $catOrder = array(); foreach ($roots as $aRoot) { $sqlRoot = "select * from modulesCategories where root_mca = " . $aRoot['root'] . ' or id_mca = ' . $aRoot['root']; $qRoot = new CMS_query($sqlRoot); $allCats = $qRoot->getAll(); foreach ($allCats as $aCategory) { $catOrder[$aCategory['id_mca']] = $aCategory['order_mca']; } } $allCatsSql = "select modulesCategories.* from " . $fromTable . $statusSuffix . ", modulesCategories where id_mca = value\n\t\t\t\t\t\t\t{$where}"; // get all categories matching the objects $q = new CMS_query($allCatsSql); $cats = $q->getAll(); $rootCalculated = false; $allCatsWeights = array(); foreach ($cats as $aCat) { $lineage = $aCat['lineage_mca']; $lineage_parts = explode(";", $lineage); $catWeight = 0; $depth = 1; //CMS_grandFather::log($lineage); foreach ($lineage_parts as $value) { $catWeight += isset($catOrder[$value]) ? $catOrder[$value] * pow(0.001, $depth) : 0; $depth++; } $allCatsWeights[$aCat['id_mca']] = $catWeight; } $orderClauses = 'ORDER BY CASE '; foreach ($allCatsWeights as $cat => $weight) { $orderClauses .= "\n\t\t\t\t\t\t\tWHEN value = " . $cat . " THEN " . $weight; } $orderClauses .= ' END ' . $direction; $sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t" . $fromTable . $statusSuffix . ",\n\t\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\t\t\t\tand id_mca = value\n\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t" . $orderClauses; //CMS_grandFather::log($sql); break; } } return $sql; }
/** * Test user auto login to see if it is active * * @return boolean true if autologin is active, false otherwise * @access public * @static */ function autoLoginActive() { if (!isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) { return false; } $attrs = @explode("|", base64_decode($_COOKIE[CMS_session::getAutoLoginCookieName()])); $id_ses = (int) $attrs[0]; $session_id = $attrs[1]; if ($id_ses > 0 && $session_id) { $sql = "\n\t\t\t\tselect\n\t\t\t\t\t*\n\t\t\t\tfrom\n\t\t\t\t\tsessions\n\t\t\t\twhere\n\t\t\t\t\tid_ses = '" . SensitiveIO::sanitizeSQLString($id_ses) . "'\n\t\t\t\t\tand phpid_ses = '" . SensitiveIO::sanitizeSQLString($session_id) . "'\n\t\t\t\t\tand cookie_expire_ses != '0000-00-00 00:00:00'\n\t\t\t"; if (CHECK_REMOTE_IP_MASK && isset($_SERVER['REMOTE_ADDR'])) { //Check for a range in IPv4 or for the exact address in IPv6 if (filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { $a_ip_seq = explode(".", $_SERVER['REMOTE_ADDR']); $sql .= "and remote_addr_ses like '" . SensitiveIO::sanitizeSQLString($a_ip_seq[0] . "." . $a_ip_seq[1] . ".") . "%'\n\t\t\t\t\t"; } else { $sql .= "and remote_addr_ses = '" . SensitiveIO::sanitizeSQLString($_SERVER['REMOTE_ADDR']) . "'\n\t\t\t\t\t"; } } $q = new CMS_query($sql); if ($q->getNumRows() == 1) { return true; } } return false; }
/** * Return categories found in given module in current language * * @static * @access public * @param array $attrs, search criteria * Array ( * "module" => string * "language" => CMS_language * "level" => integer (Default -1) * "root" => integer (Default -1) * "cms_user" => CMS_profile * "clearanceLevel" => mixed (default : false) * - false : CLEARANCE_MODULE_VIEW * - true : CLEARANCE_MODULE_EDIT * - constant value : clearanceLevel value * "strict" => boolean (default : false) * ) * @return array(CMS_moduleCategory) */ function getAll($attrs) { $items = array(); if (!$attrs["module"]) { CMS_grandFather::raiseError("Not a valid module codename given"); return $items; } if (!isset($attrs["clearanceLevel"])) { $attrs["clearanceLevel"] = false; } if (!isset($attrs["strict"])) { $attrs["strict"] = false; } //for backward compatibility if (isset($attrs["editableOnly"]) && $attrs["editableOnly"]) { $attrs["clearanceLevel"] = true; } // Prepare SQL $s_where = $s_table = ''; // Limit to module if ($attrs["module"]) { $s_where .= "\n\t\t\t\tand module_mca='" . SensitiveIO::sanitizeSQLString($attrs["module"]) . "'"; } // Limit to user permissions on module categories if (isset($attrs["cms_user"]) && is_a($attrs["cms_user"], 'CMS_profile')) { $a_where = CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($attrs["cms_user"], $attrs["module"], true, $attrs["clearanceLevel"], $attrs['strict']); //pr(array_keys($a_where)); if (is_array($a_where) && $a_where) { $a_where = array_keys($a_where); $s_where .= ' and id_mca in (' . @implode(',', $a_where) . ')'; } else { //user as no permissions on categories so return nothing return array(); } } // Limit to parent and/or root categories given if (isset($attrs["level"]) && $attrs["level"] !== false && (int) $attrs["level"] > -1) { $s_where .= "\n\t\t\t\tand parent_mca='" . SensitiveIO::sanitizeSQLString($attrs["level"]) . "'"; } if (isset($attrs["root"]) && $attrs["root"] !== false && (int) $attrs["root"] > -1) { $s_where .= "\n\t\t\t\tand root_mca='" . SensitiveIO::sanitizeSQLString($attrs["root"]) . "'"; } if (isset($attrs["language"]) && is_a($attrs["language"], 'CMS_language')) { $s_table .= ',modulesCategories_i18nm '; $s_where .= "and id_mca=category_mcl and language_mcl='" . SensitiveIO::sanitizeSQLString($attrs["language"]->getCode()) . "'"; } $sql = "\n\t\t\tselect\n\t\t\t\tid_mca as id\n\t\t\tfrom\n\t\t\t\tmodulesCategories\n\t\t\t\t{$s_table}\n\t\t\twhere\n\t\t\t\t1 = 1\n\t\t\t\t{$s_where}\n\t\t\tgroup by\n\t\t\t\tid_mca\n\t\t\torder by\n\t\t\t\torder_mca asc\n\t\t"; //pr($sql); $q = new CMS_query($sql); while ($id = $q->getValue('id')) { $obj = CMS_moduleCategories_catalog::getByID($id, $attrs["language"]); if (!$obj->hasError()) { $items[] = $obj; } } return $items; }
/** * Return a list of all objects ids used by a field * * @param integer $fieldID : the field id * @param boolean $public are the needed datas public ? (default false) * @return array(integer objectID => integer objectID) * @access public */ static function getUsedObjectsID($fieldID, $public = false) { $return = array(); if (sensitiveIO::isPositiveInteger($fieldID)) { $statusSuffix = $public ? "_public" : "_edited"; $sql = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct value as id\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\t\tand value != 0"; $q = new CMS_query($sql); if ($q->getNumRows()) { while ($id = $q->getValue('id')) { $return[$id] = $id; } } } return $return; }
/** * Writes the module into persistence (MySQL for now). * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { $sql_fields = "\n\t\t\tlabel_mod='" . SensitiveIO::sanitizeSQLString($this->_labelMessageID) . "',\n\t\t\tcodename_mod='" . SensitiveIO::sanitizeSQLString($this->_codename) . "',\n\t\t\tadministrationFrontend_mod='" . SensitiveIO::sanitizeSQLString($this->_administrationFrontend) . "',\n\t\t\thasParameters_mod='" . SensitiveIO::sanitizeSQLString($this->_hasParameters) . "',\n\t\t\tisPolymod_mod='" . SensitiveIO::sanitizeSQLString($this->_isPolymod) . "'\n\t\t"; if ($this->_id) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmodules\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_mod='" . $this->_id . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmodules\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if ($q->hasError()) { return false; } elseif (!$this->_id) { $this->_id = $q->getLastInsertedID(); } //create module files for module $this->createModuleFiles(); return true; }
/** * Writes the contactData into persistence (MySQL for now). * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { $sql_fields = "\n\t\t\tservice_cd='" . SensitiveIO::sanitizeSQLString($this->_service) . "',\n\t\t\tjobTitle_cd='" . SensitiveIO::sanitizeSQLString($this->_jobTitle) . "',\n\t\t\taddressField1_cd='" . SensitiveIO::sanitizeSQLString($this->_addressField1) . "',\n\t\t\taddressField2_cd='" . SensitiveIO::sanitizeSQLString($this->_addressField2) . "',\n\t\t\taddressField3_cd='" . SensitiveIO::sanitizeSQLString($this->_addressField3) . "',\n\t\t\tzip_cd='" . SensitiveIO::sanitizeSQLString($this->_zip) . "',\n\t\t\tcity_cd='" . SensitiveIO::sanitizeSQLString($this->_city) . "',\n\t\t\tstate_cd='" . SensitiveIO::sanitizeSQLString($this->_state) . "',\n\t\t\tcountry_cd='" . SensitiveIO::sanitizeSQLString($this->_country) . "',\n\t\t\tphone_cd='" . SensitiveIO::sanitizeSQLString($this->_phone) . "',\n\t\t\tcellphone_cd='" . SensitiveIO::sanitizeSQLString($this->_cellphone) . "',\n\t\t\tfax_cd='" . SensitiveIO::sanitizeSQLString($this->_fax) . "',\n\t\t\temail_cd='" . SensitiveIO::sanitizeSQLString($this->_email) . "',\n\t\t\tcompany_cd='" . SensitiveIO::sanitizeSQLString($this->_company) . "',\n\t\t\tgender_cd='" . SensitiveIO::sanitizeSQLString($this->_gender) . "'\n\t\t"; if ($this->_id) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tcontactDatas\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_cd='" . $this->_id . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tcontactDatas\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if ($q->hasError()) { return false; } elseif (!$this->_id) { $this->_id = $q->getLastInsertedID(); } return true; }
/** * Get field search SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object * @param mixed $value : the value to search * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldSearchSQL($fieldID, $value, $operator, $where, $public = false) { $statusSuffix = $public ? "_public" : "_edited"; $sql = "\n\t\tselect\n\t\t\tdistinct objectID\n\t\tfrom\n\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\twhere\n\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\tand value " . (is_array($value) ? "in (" . SensitiveIO::sanitizeSQLString(implode(',', $value)) . ")" : "= '" . SensitiveIO::sanitizeSQLString($value) . "'") . "\n\t\t\t{$where}\n\t\t"; return $sql; }
/** * Get field search SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object (aka $this->_field->getID()) * @param mixed $value : the value to search * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldSearchSQL($fieldID, $value, $operator, $where, $public = false) { $supportedOperator = array('like', '!=', '=', 'any', 'all', 'phrase', 'beginswith'); $supportedOperatorForArray = array('in', 'not in', 'any', 'all'); // No operator : use default search if (!$operator) { return parent::getFieldSearchSQL($fieldID, $value, $operator, $where, $public); } // Check supported operators if ($operator && !in_array($operator, array_merge($supportedOperator, $supportedOperatorForArray))) { $this->raiseError("Unknown search operator : " . $operator . ", use default search instead"); $operator = false; } // Check operators for array value if (is_array($value) && $operator && !in_array($operator, $supportedOperatorForArray)) { $this->raiseError("Can't use this operator : " . $operator . " with an array value, return empty sql"); return ''; } $statusSuffix = $public ? "_public" : "_edited"; $cleanedWords = array(); if (is_array($value)) { if ($operator == 'any' || $operator == 'all') { // in this case, we do a specific cleanup foreach ($value as $i => $val) { $cleanedWords[] = str_replace(array('%', '_'), array('\\%', '\\_'), $val); } } else { foreach ($value as $i => $val) { $value[$i] = "'" . SensitiveIO::sanitizeSQLString($val) . "'"; } $value = '(' . implode(',', $value) . ')'; } } elseif (strtolower($value) == 'null') { $value = "''"; } else { if ($operator == 'any' || $operator == 'all') { $words = array(); $words = array_map("trim", array_unique(explode(" ", $value))); foreach ($words as $aWord) { if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) { $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord); $cleanedWords[] = $aWord; } } } elseif ($operator != 'phrase' && $operator != 'beginswith') { // we keep this for backward compatibility, where the user can specify his search with % at the beginning / end $value = "'" . SensitiveIO::sanitizeSQLString($value) . "'"; } } $whereClause = ''; switch ($operator) { case 'any': $whereClause .= '('; //then add keywords $count = '0'; foreach ($cleanedWords as $aWord) { $whereClause .= $count ? ' or ' : ''; $count++; $whereClause .= "value like '%" . $aWord . "%'"; if (htmlentities($aWord) != $aWord) { $whereClause .= " or value like '%" . htmlentities($aWord) . "%'"; } } $whereClause .= ')'; break; case 'all': $whereClause .= '('; //then add keywords $count = '0'; foreach ($cleanedWords as $aWord) { $whereClause .= $count ? ' and ' : ''; $count++; if (htmlentities($aWord) != $aWord) { $whereClause .= "(value like '%" . $aWord . "%' or value like '%" . htmlentities($aWord) . "%')"; } else { $whereClause .= "value like '%" . $aWord . "%'"; } } $whereClause .= ')'; break; case 'phrase': $value = str_replace(array('%', '_'), array('\\%', '\\_'), trim($value)); if (htmlentities($value) != $value) { $whereClause .= "(value like '%" . $value . "%' or value like '%" . htmlentities($value) . "%')"; } else { $whereClause .= "value like '%" . $value . "%'"; } break; case 'beginswith': $value = str_replace(array('%', '_'), array('\\%', '\\_'), trim($value)); if (htmlentities($value) != $value) { $whereClause .= "(value like '" . $value . "%' or value like '" . htmlentities($value) . "%')"; } else { $whereClause .= "value like '" . $value . "%'"; } break; default: $whereClause .= " value " . $operator . " " . $value; break; } $sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\tmod_subobject_text" . $statusSuffix . "\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\tand " . $whereClause . "\n\t\t\t\t{$where}"; return $sql; }
/** * Writes object into persistence (MySQL for now), along with base data. * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { //get Order if needed if (!$this->_objectFieldValues["order"] && sensitiveIO::isPositiveInteger($this->_objectFieldValues["objectID"])) { $this->_objectFieldValues["order"] = $this->getFieldsNextOrder(); } if (!$this->_objectFieldValues["uuid"]) { $this->_objectFieldValues["uuid"] = io::uuid(); } $sql_fields = "\n\t\t\tobject_id_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["objectID"]) . "',\n\t\t\tlabel_id_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["labelID"]) . "',\n\t\t\tdesc_id_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["descriptionID"]) . "',\n\t\t\ttype_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["type"]) . "',\n\t\t\torder_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["order"]) . "',\n\t\t\tsystem_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["system"]) . "',\n\t\t\trequired_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["required"]) . "',\n\t\t\tindexable_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["indexable"]) . "',\n\t\t\tsearchlist_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["searchlist"]) . "',\n\t\t\tsearchable_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["searchable"]) . "',\n\t\t\tparams_mof='" . SensitiveIO::sanitizeSQLString(serialize($this->_objectFieldValues["params"])) . "',\n\t\t\tuuid_mof='" . SensitiveIO::sanitizeSQLString($this->_objectFieldValues["uuid"]) . "'\n\t\t"; //save data if ($this->_fieldID) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmod_object_field\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_mof='" . $this->_fieldID . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmod_object_field\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if ($q->hasError()) { $this->raiseError("Can't save object"); return false; } elseif (!$this->_fieldID) { $this->_fieldID = $q->getLastInsertedID(); } //unset fields catalog in cache CMS_cache::clearTypeCache('atm-polymod-structure'); //Clear polymod cache //CMS_cache::clearTypeCacheByMetas('polymod', array('module' => CMS_poly_object_catalog::getModuleCodenameForField($this->_fieldID))); CMS_cache::clearTypeCache('polymod'); return true; }
/** * Cleans a value submited by user before givening it to SQL. * * @access private * @param string $s, the string to clean * @return string */ protected function _sanitizeSQLString($s) { $s = SensitiveIO::stripPHPTags(trim($s)); $s = str_replace("%", "", $s); return SensitiveIO::sanitizeSQLString($s); }
/** * Get field order SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object (aka $this->_field->getID()) * @param mixed $direction : the direction to search (asc/desc) * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false) { $statusSuffix = $public ? "_public" : "_edited"; //operators are not supported for now : TODO $supportedOperator = array(); if ($operator && !in_array($operator, $supportedOperator)) { $this->raiseError('Unkown search operator : ' . $operator . ', use default search instead'); $operator = false; } $sql = ''; //choose table $fromTable = 'mod_subobject_string'; // create sql $sql = "\n\t\tselect\n\t\t\tdistinct objectID\n\t\tfrom\n\t\t\t" . $fromTable . $statusSuffix . "\n\t\twhere\n\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\tand objectSubFieldID = '0'\n\t\t\t{$where}\n\t\torder by (value+0) " . $direction; return $sql; }
/** * Is user belongs to given group ? * * @return boolean * @access public * @static */ static function userBelongsToGroup($userID, $groupID) { if (!sensitiveIO::isPositiveInteger($userID) || !sensitiveIO::isPositiveInteger($groupID)) { CMS_grandFather::raiseError('User id and group id must be positive integers'); return false; } $sql = "\n\t\t\tselect\n\t\t\t\t1\n\t\t\tfrom\n\t\t\t\tprofileUsersByGroup\n\t\t\twhere\n\t\t\t\tuserId_gu = '" . SensitiveIO::sanitizeSQLString($userID) . "'\n\t\t\t\tand groupId_gu = '" . SensitiveIO::sanitizeSQLString($groupID) . "'\n\t\t"; $q = new CMS_query($sql); return $q->getNumRows() ? true : false; }
/** * Write to persistence * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { $sql_fields = "\n\t\t\t\tuser_log='" . SensitiveIO::sanitizeSQLString($this->_user->getUserId()) . "',\n\t\t\t\taction_log='" . SensitiveIO::sanitizeSQLString($this->_action) . "',\n\t\t\t\tdatetime_log='" . SensitiveIO::sanitizeSQLString($this->_datetime->getDBValue()) . "',\n\t\t\t\ttextData_log='" . SensitiveIO::sanitizeSQLString($this->_textData) . "',\n\t\t\t\tlabel_log='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\t\tmodule_log='" . SensitiveIO::sanitizeSQLString($this->_module) . "',\n\t\t\t\tresource_log='" . SensitiveIO::sanitizeSQLString($this->_resource) . "',\n\t\t\t\trsAfterLocation_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getLocation()) . "',\n\t\t\t\trsAfterProposedFor_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getProposedFor()) . "',\n\t\t\t\trsAfterEditions_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getEditions()) . "',\n\t\t\t\trsAfterValidationsRefused_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getValidationRefused()) . "',\n\t\t\t\trsAfterPublication_log='" . SensitiveIO::sanitizeSQLString($this->_resourceStatusAfter->getPublication()) . "'\t\n\t\t\t"; if ($this->_id) { $sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tlog\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $sql_fields . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tid_log='" . $this->_id . "'\n\t\t\t\t"; } else { $sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\tlog\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if ($q->hasError()) { return false; } else { $this->_id = $q->getLastInsertedID(); } return true; }
/** * Writes the clientSpace into persistence (MySQL for now). * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { if ($this->_templateID && $this->_tagID) { $table = "mod_standard_clientSpaces"; $table .= $this->_editionMode ? "_edition" : "_edited"; //delete from table $sql = "\n\t\t\t\tdelete from\n\t\t\t\t\t" . $table . "\n\t\t\t\twhere\n\t\t\t\t\ttemplate_cs='" . $this->_templateID . "'\n\t\t\t\t\tand tagID_cs='" . SensitiveIO::sanitizeSQLString($this->_tagID) . "'\n\t\t\t"; $q = new CMS_query($sql); //insert new rows datas if any if (is_array($this->_rows) && $this->_rows) { $sql = "insert into\n\t\t\t\t\t\t\t" . $table . "\n\t\t\t\t\t\t\t(`template_cs`, `tagID_cs`, `rowsDefinition_cs`, `type_cs`, `order_cs`) \n\t\t\t\t\t\tVALUES "; $count = 0; foreach ($this->_rows as $order => $row) { if (SensitiveIO::isPositiveInteger($row->getID())) { $sql .= $count ? ',' : ''; $sql .= "('" . $this->_templateID . "', '" . SensitiveIO::sanitizeSQLString($this->_tagID) . "', '" . SensitiveIO::sanitizeSQLString($row->getTagID()) . "', '" . $row->getID() . "', '" . $order . "')"; $count++; } } $q = new CMS_query($sql); if ($q->hasError()) { return false; } } return true; } return false; }
/** * Writes the news into persistence (MySQL for now), along with base data. * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { //save data $closed = $this->_public === true ? 0 : 1; $sql_fields = "\n\t\t\towner_frm='" . $this->_ownerID . "',\n\t\t\tlanguage_frm='" . SensitiveIO::sanitizeSQLString($this->_language->getCode()) . "',\n\t\t\tname_frm='" . SensitiveIO::sanitizeSQLString($this->_name) . "',\n\t\t\tsource_frm='" . SensitiveIO::sanitizeSQLString($this->_source) . "',\n\t\t\tresponses_frm='" . SensitiveIO::sanitizeSQLString($this->_responses) . "',\n\t\t\tclosed_frm='" . $closed . "'"; if ($this->_formID) { $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tmod_cms_forms_formulars\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_frm='" . $this->_formID . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tmod_cms_forms_formulars\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); if ($q->hasError()) { $this->raiseError("Failed to write"); return false; } elseif (!$this->_formID) { $this->_formID = $q->getLastInsertedID(); } //then create the 4 defaut actions for this form if hasn't any if (!$this->hasActions()) { //Form answer excedeed $alreadyFoldAction = new CMS_forms_action(); $alreadyFoldAction->setInteger("form", $this->_formID); $alreadyFoldAction->setInteger("type", CMS_forms_action::ACTION_ALREADY_FOLD); $alreadyFoldAction->setString("value", 'text'); $alreadyFoldAction->writeToPersistence(); //Save form results in DB $dbAction = new CMS_forms_action(); $dbAction->setInteger("form", $this->_formID); $dbAction->setInteger("type", CMS_forms_action::ACTION_DB); $dbAction->writeToPersistence(); //form OK $okAction = new CMS_forms_action(); $okAction->setInteger("form", $this->_formID); $okAction->setInteger("type", CMS_forms_action::ACTION_FORMOK); $okAction->setString("value", 'text'); $okAction->writeToPersistence(); //form NOK $nokAction = new CMS_forms_action(); $nokAction->setInteger("form", $this->_formID); $nokAction->setInteger("type", CMS_forms_action::ACTION_FORMNOK); $nokAction->setString("value", 'text'); $nokAction->writeToPersistence(); } return true; }
/** * Get field order SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object (aka $this->_field->getID()) * @param mixed $direction : the direction to search (asc/desc) * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldOrderSQL($fieldID, $direction, $operator, $where, $public = false) { $statusSuffix = $public ? "_public" : "_edited"; //operators are not supported for now : TODO $supportedOperator = array(); if ($operator && !in_array($operator, $supportedOperator)) { $this->_raiseError(get_class($this) . " : getFieldSearchSQL : unkown search operator : " . $operator . ", use default search instead"); $operator = false; } $sql = ''; //choose table $fromTable = 'mod_subobject_integer'; $params = $this->getParamsValues(); if ($params['isGroup']) { // create sql $sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\t" . $fromTable . $statusSuffix . ",\n\t\t\t\tprofilesUsersGroups\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\tand objectSubFieldID = '0'\n\t\t\t\tand value = id_prg\n\t\t\t\t{$where}\n\t\t\torder by label_prg " . $direction; } else { // create sql $sql = "\n\t\t\tselect\n\t\t\t\tdistinct objectID\n\t\t\tfrom\n\t\t\t\t" . $fromTable . $statusSuffix . ",\n\t\t\t\tprofilesUsers\n\t\t\twhere\n\t\t\t\tobjectFieldID = '" . SensitiveIO::sanitizeSQLString($fieldID) . "'\n\t\t\t\tand objectSubFieldID = '0'\n\t\t\t\tand value = id_pru\n\t\t\t\t{$where}\n\t\t\torder by lastName_pru " . $direction . ", firstName_pru " . $direction; } return $sql; }
/** * Writes the template into persistence (MySQL for now). * * @return boolean true on success, false on failure * @access public */ function writeToPersistence() { $sql_fields = "\n\t\t\tlabel_pt='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\timage_pt='" . SensitiveIO::sanitizeSQLString($this->_image) . "',\n\t\t\tdefinitionFile_pt='" . SensitiveIO::sanitizeSQLString($this->_definitionFile) . "',\n\t\t\tgroupsStack_pt='" . SensitiveIO::sanitizeSQLString($this->_groups->getTextDefinition()) . "',\n\t\t\tmodulesStack_pt='" . SensitiveIO::sanitizeSQLString($this->_modules->getTextDefinition()) . "',\n\t\t\tinUse_pt='" . $this->_useable . "',\n\t\t\tdescription_pt='" . SensitiveIO::sanitizeSQLString($this->_description) . "',\n\t\t\twebsitesdenied_pt='" . SensitiveIO::sanitizeSQLString($this->_websitesdenied->getTextDefinition()) . "',\n\t\t\tprivate_pt='" . $this->_private . "',\n\t\t\tprintingCSOrder_pt='" . SensitiveIO::sanitizeSQLString(implode(";", $this->_printingClientSpaces)) . "'\n\t\t"; if ($this->_id) { // Some changes must be applied // to all private templates similar to this one using same xml file if ($this->_definitionFile) { $sql = "\n\t\t\t\t\tupdate\n\t\t\t\t\t\tpageTemplates\n\t\t\t\t\tset\n\t\t\t\t\t\tlabel_pt='" . SensitiveIO::sanitizeSQLString($this->_label) . "',\n\t\t\t\t\t\timage_pt='" . SensitiveIO::sanitizeSQLString($this->_image) . "',\n\t\t\t\t\t\tgroupsStack_pt='" . SensitiveIO::sanitizeSQLString($this->_groups->getTextDefinition()) . "',\n\t\t\t\t\t\tmodulesStack_pt='" . SensitiveIO::sanitizeSQLString($this->_modules->getTextDefinition()) . "',\n\t\t\t\t\t\tprintingCSOrder_pt='" . SensitiveIO::sanitizeSQLString(implode(";", $this->_printingClientSpaces)) . "'\n\t\t\t\t\twhere\n\t\t\t\t\t\tdefinitionFile_pt like '" . SensitiveIO::sanitizeSQLString($this->_definitionFile) . "'\n\t\t\t\t"; $q = new CMS_query($sql); } $sql = "\n\t\t\t\tupdate\n\t\t\t\t\tpageTemplates\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields . "\n\t\t\t\twhere\n\t\t\t\t\tid_pt='" . $this->_id . "'\n\t\t\t"; } else { $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\tpageTemplates\n\t\t\t\tset\n\t\t\t\t\t" . $sql_fields; } $q = new CMS_query($sql); //pr($sql); if ($q->hasError()) { return false; } elseif (!$this->_id) { $this->_id = $q->getLastInsertedID(); } return true; }
/** * Duplicate this block * Used to duplicate a CMS_page. * * @param CMS_page $destinationPage, the page receiving a copy of this block * @param boolean $public The precision needed for USERSPACE location * @return CMS_block object */ function duplicate(&$destinationPage, $public = false) { if (SensitiveIO::isPositiveInteger($this->_dbID)) { $table = $this->_getDataTableName(RESOURCE_LOCATION_USERSPACE, $public); $str_set = "\n\t\t\t\t\tpage='" . $destinationPage->getID() . "',\n\t\t\t\t\tclientSpaceID='" . $this->_clientSpaceID . "',\n\t\t\t\t\trowID='" . $this->_rowID . "',\n\t\t\t\t\tblockID='" . $this->_tagID . "',\n\t\t\t\t\ttype='CMS_block_cms_forms',\n\t\t\t\t\tvalue='" . SensitiveIO::sanitizeSQLString(serialize($this->_value)) . "'\n\t\t\t"; $sql = "\n\t\t\t\tinsert into\n\t\t\t\t\t" . $table . "\n\t\t\t\tset\n\t\t\t\t\t" . $str_set . "\n\t\t\t"; $q = new CMS_query($sql); if (!$q->hasError()) { //Table Edition $sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\t" . $this->_getDataTableName(RESOURCE_LOCATION_EDITION, false) . "\n\t\t\t\t\tset\n\t\t\t\t\t\tid='" . $id . "',\n\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t"; $q = new CMS_query($sql); return !$q->hasError(); } else { $this->raiseError("Duplicate, insertion failed: " . $sql); } } else { $this->raiseError("Duplicate, object does not have a DB ID, not initialized"); } return false; }
/** * Duplicate this block * Used to duplicate a CMS_page. * * @param CMS_page $destinationPage, the page receiving a copy of this block * @param boolean $public The precision needed for USERSPACE location * @return CMS_block object */ function duplicate(&$destinationPage, $public = false) { if (SensitiveIO::isPositiveInteger($this->_dbID) && $this->_file) { $table = $this->_getDataTableName(RESOURCE_LOCATION_USERSPACE, $public); //Copy linked file //In new file name, delete reference to old page and add refernce to new one $_newFilename = "p" . $destinationPage->getID() . io::substr($this->_file, io::strpos($this->_file, "_"), io::strlen($this->_file)); if (@is_file(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_file) && @copy(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_file, PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newFilename) && @chmod(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newFilename, octdec(FILES_CHMOD))) { //Public if ($public) { if (!@copy(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $this->_file, PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename) || !@chmod(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename, octdec(FILES_CHMOD))) { $this->raiseError("Duplicate, copy of new file failed : " . PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename); } } $_newEnlargedFilename = ''; //With enlarged file if ($this->_enlargedFile != '') { $_newEnlargedFilename = "p" . $destinationPage->getID() . io::substr($this->_enlargedFile, io::strpos($this->_enlargedFile, "_"), io::strlen($this->_enlargedFile)); //Edited if (!@copy(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_enlargedFile, PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newEnlargedFilename) || !@chmod(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newEnlargedFilename, octdec(FILES_CHMOD))) { $this->raiseError("Duplicate, copy of new enlarged file failed : " . PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newEnlargedFilename); } //Public if ($public) { if (!@copy(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $this->_enlargedFile, PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newEnlargedFilename) || !@chmod(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newEnlargedFilename, octdec(FILES_CHMOD))) { $this->raiseError("Duplicate, copy of new enlarged file failed : " . PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newEnlargedFilename); } } } //Save new datas $str_set = "\n\t\t\t\t\t\tpage='" . $destinationPage->getID() . "',\n\t\t\t\t\t\tclientSpaceID='" . $this->_clientSpaceID . "',\n\t\t\t\t\t\trowID='" . $this->_rowID . "',\n\t\t\t\t\t\tblockID='" . $this->_tagID . "',\n\t\t\t\t\t\tlabel='" . SensitiveIO::sanitizeSQLString(SensitiveIO::stripPHPTags($this->_label)) . "',\n\t\t\t\t\t\tfile='" . SensitiveIO::sanitizeSQLString(SensitiveIO::stripPHPTags($_newFilename)) . "',\n\t\t\t\t\t\texternalLink='" . SensitiveIO::sanitizeSQLString(SensitiveIO::stripPHPTags($this->_externalLink)) . "',\n\t\t\t\t\t\tenlargedFile='" . SensitiveIO::sanitizeSQLString(SensitiveIO::stripPHPTags($_newEnlargedFilename)) . "'\n\t\t\t\t"; $sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\t" . $table . "\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t"; $q = new CMS_query($sql); if (!$q->hasError()) { //Table Edition $sql = "\n\t\t\t\t\t\tinsert into\n\t\t\t\t\t\t\t" . $this->_getDataTableName(RESOURCE_LOCATION_EDITION, false) . "\n\t\t\t\t\t\tset\n\t\t\t\t\t\t\tid='" . $q->getLastInsertedID() . "',\n\t\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t\t"; $q = new CMS_query($sql); return !$q->hasError(); } else { $this->raiseError("Duplicate, SQL insertion of new filename failed : " . $sql); } } else { $this->raiseError("Duplicate, copy of file failed :" . PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_file); } } return false; }
/** * Duplicate this block * Used to duplicate a CMS_page. * * @param CMS_page $destinationPage, the page receiving a copy of this block * @param boolean $public The precision needed for USERSPACE location * @return CMS_block object */ function duplicate(&$destinationPage, $public = false) { if (SensitiveIO::isPositiveInteger($this->_dbID)) { $link = $this->_link; if ($link->hasValidHREF()) { if ($link->getLinkType() == RESOURCE_LINK_TYPE_FILE) { //get file path $file = $link->getFileLink(false, MOD_STANDARD_CODENAME, RESOURCE_DATA_LOCATION_EDITED, PATH_RELATIVETO_FILESYSTEM, true); $path = $link->getFileLink(true, MOD_STANDARD_CODENAME, RESOURCE_DATA_LOCATION_EDITED, PATH_RELATIVETO_FILESYSTEM, false); if ($file && file_exists($path . '/' . $file)) { //Copy linked file //In new file name, delete reference to old page and add refernce to new one $_newFilename = "p" . $destinationPage->getID() . io::substr($file, io::strpos($file, "_"), io::strlen($file)); if (@is_file(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $file) && CMS_file::copyTo(PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $file, PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newFilename) && CMS_file::chmodFile(FILES_CHMOD, PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $_newFilename)) { //Public if ($public) { if (!is_file(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $file) || !CMS_file::copyTo(PATH_MODULES_FILES_STANDARD_FS . "/public/" . $file, PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename) || !CMS_file::chmodFile(FILES_CHMOD, PATH_MODULES_FILES_STANDARD_FS . "/public/" . $_newFilename)) { $this->raiseError("Duplicate, file copy failed : " . PATH_MODULES_FILES_STANDARD_FS . "/public/" . $file); } } $link->setFileLink($_newFilename); } } } $table = $this->_getDataTableName(RESOURCE_LOCATION_USERSPACE, $public); //Save new datas $str_set = "\n\t\t\t\t\t\tpage='" . $destinationPage->getID() . "',\n\t\t\t\t\t\tclientSpaceID='" . $this->_clientSpaceID . "',\n\t\t\t\t\t\trowID='" . $this->_rowID . "',\n\t\t\t\t\t\tblockID='" . $this->_tagID . "',\n\t\t\t\t\t\ttype='CMS_block_link',\n\t\t\t\t\t\tvalue='" . SensitiveIO::sanitizeSQLString($link->getTextDefinition()) . "'\n\t\t\t\t"; $sql = "\n\t\t\t\t\tinsert into\n\t\t\t\t\t\t" . $table . "\n\t\t\t\t\tset\n\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t"; $q = new CMS_query($sql); if (!$q->hasError()) { //Table Edition $sql = "\n\t\t\t\t\t\tinsert into\n\t\t\t\t\t\t\t" . $this->_getDataTableName(RESOURCE_LOCATION_EDITION, false) . "\n\t\t\t\t\t\tset\n\t\t\t\t\t\t\tid='" . $q->getLastInsertedID() . "',\n\t\t\t\t\t\t\t" . $str_set . "\n\t\t\t\t\t"; $q = new CMS_query($sql); return !$q->hasError(); } else { $this->raiseError("Duplicate, SQL insertion of new filename failed: " . $sql); } } else { $this->raiseError("Duplicate, copy of file failed :" . PATH_MODULES_FILES_STANDARD_FS . "/edited/" . $this->_file); } } return false; }