function loadTextFromArgs($arg, $postmode = '') { if (!empty($postmode)) { $this->setPostmode($postmode); } if ($this->_postmode == 'html' || $this->_postmode == 'wikitext') { $this->_text = COM_checkHTML(COM_checkWords($arg), 'story.edit'); } else { $this->_text = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($arg))); } return $this->_text; }
function phpblock_whos_new() { global $_CONF, $_TABLES, $_IMAGE_TYPE; // Set the number of new members to show $numToShow = 5; $result = DB_query("SELECT uid,username,photo FROM {$_TABLES['users']} WHERE status = " . USER_ACCOUNT_ACTIVE . " ORDER BY regdate DESC LIMIT {$numToShow}"); $nrows = DB_numRows($result); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $retval .= '<a href="' . $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['uid'] . '" rel="nofollow">' . COM_checkWords($A['username']) . '</a>'; if (!empty($A['photo']) and $_CONF['allow_user_photo'] == 1) { $retval .= ' <a href="' . $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['uid'] . '" rel="nofollow"><img src="' . $_CONF['layout_url'] . '/images/smallcamera.' . $_IMAGE_TYPE . '" border="0" alt=""></a>'; } $retval .= '<br>'; } return $retval; }
function _mg_user_create($uid, $force = 0) { global $_TABLES, $_MG_CONF, $LANG_MG01; $sql = "INSERT INTO {$_TABLES['mg_userprefs']} (uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) VALUES (" . (int) $uid . ",1,0,0,-1,-1,-1," . $_MG_CONF['member_quota'] . ",0)"; DB_query($sql, 1); $retval = -1; if ($force == 1 || $_MG_CONF['member_albums'] == 1 && $_MG_CONF['member_auto_create'] == 1) { $username = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $uid); $fullname = DB_getItem($_TABLES['users'], 'fullname', 'uid=' . (int) $uid); $grp_id = DB_getItem($_TABLES['groups'], 'grp_id', 'grp_name="mediagallery Admin"'); if ($grp_id == NULL || $grp_id == '' || $grp_id < 2) { $grp_id = 2; } $album = new mgAlbum(); //$_MG_CONF['member_use_fullname'] does not seem to be set.. $title = $username . $LANG_MG01['member_album_postfix']; if (!empty($fullname) && (isset($_MG_CONF['member_use_fullname']) && $_MG_CONF['member_use_fullname'] == 1)) { $title = $fullname . $LANG_MG01['member_album_postfix']; } $album->title = htmlspecialchars(strip_tags(COM_checkWords($title))); $album->parent = $_MG_CONF['member_album_root']; $album->group_id = $grp_id; $album->mod_group_id = $grp_id; $album->owner_id = $uid; $album->moderate = $_MG_CONF['member_moderate']; $album->email_mod = $_MG_CONF['member_email_mod']; $album->perm_owner = $_MG_CONF['member_perm_owner']; $album->perm_group = $_MG_CONF['member_perm_group']; $album->perm_members = $_MG_CONF['member_perm_members']; $album->perm_anon = $_MG_CONF['member_perm_anon']; $album->id = $album->createAlbumID(); $retval = $album->id; $album->saveAlbum(); $result = DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=1 WHERE uid=" . (int) $uid, 1); } return $retval; }
echo COM_siteHeader(); echo FF_alertMessage($LANG_GF02['msg02'], $LANG_GF02['msg171']); echo COM_siteFooter(); exit; } if (!_ff_canUserViewRating($forum)) { echo COM_siteHeader(); echo FF_alertMessage($LANG_GF02['msg02'], $LANG_GF02['msg171']); echo COM_siteFooter(); exit; } $result = DB_query("SELECT * FROM {$_TABLES['ff_topic']} WHERE (id=" . (int) $id . ")"); $A = DB_fetchArray($result); if ($_FF_CONF['allow_smilies']) { $search = array(":D", ":)", ":(", "8O", ":?", "B)", ":lol:", ":x", ":P", ":oops:", ":o", ":cry:", ":evil:", ":twisted:", ":roll:", ";)", ":!:", ":question:", ":idea:", ":arrow:", ":|", ":mrgreen:", ":mrt:", ":love:", ":cat:"); $replace = array("<img style=\"vertical-align:middle;\" src='images/smilies/biggrin.gif' alt='Big Grin'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/smile.gif' alt='Smile'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/frown.gif' alt='Frown'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/eek.gif' alt='Eek!'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/confused.gif' alt='Confused'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/cool.gif' alt='Cool'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/lol.gif' alt='Laughing Out Loud'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/mad.gif' alt='Angry'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/razz.gif' alt='Razz'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/redface.gif' alt='Oops!'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/surprised.gif' alt='Surprised!'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/cry.gif' alt='Cry'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/evil.gif' alt='Evil'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/twisted.gif' alt='Twisted Evil'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/rolleyes.gif' alt='Rolling Eyes'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/wink.gif' alt='Wink'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/exclaim.gif' alt='Exclaimation'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/question.gif' alt='Question'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/idea.gif' alt='Idea'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/arrow.gif' alt='Arrow'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/neutral.gif' alt='Neutral'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/mrgreen.gif' alt='Mr. Green'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/mrt.gif' alt='Mr. T'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/heart.gif' alt='Love'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/cat.gif' alt='Kitten'/>"); } $A["name"] = COM_checkWords($A["name"]); $A["name"] = @htmlspecialchars($A["name"], ENT_QUOTES, COM_getEncodingt()); $A["subject"] = COM_checkWords($A["subject"]); $A["subject"] = stripslashes(@htmlspecialchars($A["subject"], ENT_QUOTES, COM_getEncodingt())); $A['comment'] = ff_FormatForPrint($A['comment'], $A['postmode'], '', $A['status']); list($cacheFile, $style_cache_url) = COM_getStyleCacheLocation(); $date = strftime('%B %d %Y @ %I:%M %p', $A['date']); echo "\n <html>\n <head>\n <title>{$_CONF['site_name']} - " . $LANG_GF02['msg147'] . " {$A['id']}]</title>\n <link rel=\"stylesheet\" type=\"text/css\" href=\"{$style_cache_url}\">\n </head>\n <body onload=\"window.print();\">\n <div style=\"box-sizing: border-box;max-width:980px;padding:0px 25px;\">\n <font face=\"verdana\" size=\"2\">\n <h3>{$LANG_GF01['SUBJECT']}: {$A['subject']}</h3>\n <b>{$LANG_GF01['POSTEDON']}:</b> {$date}\n <br>\n <b>{$LANG_GF01['BY']}</b> {$A['name']}\n <br>\n <br>\n <b>{$LANG_GF01['CONTENT']}:</b>\n <p>{$A['comment']}</p>\n <hr width=\"25%\" align=\"left\">\n\n <br>\n <b>{$LANG_GF01['REPLIES']}:</b>\n <hr width=\"50%\" align=\"left\">\n <br>\n"; $result2 = DB_query("SELECT * FROM {$_TABLES['ff_topic']} WHERE (pid=" . (int) $id . ")"); while ($B = DB_fetchArray($result2)) { $date = strftime('%B %d %Y @ %I:%M %p', $B['date']); echo "\n\n <h4>{$B['subject']}</h4>\n <b>{$LANG_GF01['POSTEDON']}:</b> {$date}\n <br>\n <b>{$LANG_GF01['BY']}</b> {$B['name']}\n <br>\n <br>\n <b>{$LANG_GF01['CONTENT']}:</b>\n <p>" . ff_FormatForPrint($B['comment'], $B['postmode']) . "</p>\n <hr width=\"25%\" align=\"left\">\n\n"; } echo "\n\n <p>{$_CONF['site_name']} - {$LANG_GF01['FORUM']}<br/>\n <a href=\"{$_CONF['site_url']}/forum/viewtopic.php?showtopic={$A['id']}\">{$_CONF['site_url']}/forum/viewtopic.php?showtopic={$A['id']}</a>\n </p>\n\n </font>\n </div>\n </body>\n </html>\n";
/** * Create "What's Related" links for a story * Creates an HTML-formatted list of links to be used for the What's Related * block next to a story (in article view). * * @param string $related contents of gl_stories 'related' field * @param int $uid user id of the author * @param int $sid story id * @return string HTML-formatted list of links */ function STORY_whatsRelated($related, $uid, $sid) { global $_CONF, $_TABLES, $LANG24; // Is it enabled? // Disabled' => 0, 'Enabled' => 1, 'Enabled (No Links)' => 2, 'Enabled (No Outbound Links)' => 3 if ($_CONF['whats_related']) { // get the links from the story text if ($_CONF['whats_related'] != 2) { if (!empty($related)) { $rel = explode("\n", $related); } else { $rel = array(); } // Used to hunt out duplicates. Stores urls that have already passed filters $urls = array(); foreach ($rel as $key => &$value) { if (preg_match("/<a[^>]*href=[\"']([^\"']*)[\"'][^>]*>(.*?)<\\/a>/i", $value, $matches) === 1) { // Go through array and remove links with no link text except link. Since a max of only 23 characters of link text showen then compare only this if (substr($matches[1], 0, 23) != substr($matches[2], 0, 23)) { // Check if outbound links (if needed) $passd_check = false; if ($_CONF['whats_related'] == 3) { // no outbound links if ($_CONF['site_url'] == substr($matches[1], 0, strlen($_CONF['site_url']))) { $passd_check = true; } } else { $passd_check = true; } if ($passd_check) { // Go through array and remove any duplicates of this link if (in_array($matches[1], $urls)) { // remove it from the array unset($rel[$key]); } else { $urls[] = $matches[1]; // Now Check Words $value = '<a href="' . $matches[1] . '">' . COM_checkWords($matches[2], 'story') . '</a>'; } } else { // remove it from the array unset($rel[$key]); } } else { // remove it from the array unset($rel[$key]); } } else { $value = COM_checkWords($value, 'story'); } } } $topics = array(); if (!COM_isAnonUser() || $_CONF['loginrequired'] == 0 && $_CONF['searchloginrequired'] == 0) { // add a link to "search by author" if ($_CONF['contributedbyline'] == 1) { $author = $LANG24[37] . ' ' . COM_getDisplayName($uid); if ($_CONF['whats_related_trim'] > 0 && MBYTE_strlen($author) > $_CONF['whats_related_trim']) { $author = substr($author, 0, $_CONF['whats_related_trim'] - 3) . '...'; } $topics[] = "<a href=\"{$_CONF['site_url']}/search.php?mode=search&type=stories&author={$uid}\">{$author}</a>"; } // Retrieve topics $tids = TOPIC_getTopicIdsForObject('article', $sid, 0); foreach ($tids as $tid) { // add a link to "search by topic" $topic = $LANG24[38] . ' ' . stripslashes(DB_getItem($_TABLES['topics'], 'topic', "tid = '{$tid}'")); // trim topics if needed if ($_CONF['whats_related_trim'] > 0 && MBYTE_strlen($topic) > $_CONF['whats_related_trim']) { $topic = substr($topic, 0, $_CONF['whats_related_trim'] - 3) . '...'; } $topics[] = '<a href="' . $_CONF['site_url'] . '/search.php?mode=search&type=stories&topic=' . $tid . '">' . $topic . '</a>'; } } // If line limit then split between related links and topics if ($_CONF['whats_related_max'] > 0) { if ($_CONF['whats_related_max'] < 3) { $rel = array(); // Reset related links so at least user search and default topic search is displayed $topics = array_slice($topics, 0, 2); } else { $rel_max_num_items = intval($_CONF['whats_related_max'] / 2); $topic_max_num_items = $rel_max_num_items; if ($rel_max_num_items + $topic_max_num_items != $_CONF['whats_related_max']) { $topic_max_num_items = $topic_max_num_items + 1; } // Now check if we have enough topics to display else give it to links $topic_num_items = count($topics); $rel_num_items = count($rel); $added_flag = false; if ($topic_num_items < $topic_max_num_items) { $rel_max_num_items = $rel_max_num_items + ($topic_max_num_items - $topic_num_items); $added_flag = true; } if (!$added_flag && $rel_num_items < $rel_max_num_items) { $topic_max_num_items = $topic_max_num_items + ($rel_max_num_items - $rel_num_items); } $rel = array_slice($rel, 0, $rel_max_num_items); $topics = array_slice($topics, 0, $topic_max_num_items); } } $result = array_merge($rel, $topics); $related = ''; if (count($result) > 0) { $related = COM_makeList($result, 'list-whats-related'); } } else { $related = ''; } return $related; }
function FF_lastx() { global $_CONF, $_TABLES, $_USER, $_FF_CONF, $LANG_GF01, $LANG_GF02, $LANG_GF92; $retval = ''; $pageTitle = $LANG_GF01['LASTX']; USES_lib_admin(); USES_lib_html2text(); $T = new Template($_CONF['path'] . 'plugins/forum/templates/'); $T->set_file('list', 'lists.thtml'); $dt = new Date('now', $_USER['tzid']); $header_arr = array(array('text' => $LANG_GF01['FORUM'], 'field' => 'forum'), array('text' => $LANG_GF01['TOPIC'], 'field' => 'subject'), array('text' => $LANG_GF92['sb_latestposts'], 'field' => 'date', 'nowrap' => true)); $data_arr = array(); $text_arr = array(); if ($_FF_CONF['usermenu'] == 'navbar') { $T->set_var('navbar', FF_NavbarMenu($LANG_GF01['LASTX'])); } $T->set_var('block_start', COM_startBlock($LANG_GF01['LASTX'], '', COM_getBlockTemplate('_admin_block', 'header'))); $groups = array(); $usergroups = SEC_getUserGroups(); foreach ($usergroups as $group) { $groups[] = $group; } $grouplist = implode(',', $groups); if (!COM_isAnonUser() && $_FF_CONF['enable_user_rating_system']) { $grade = (int) _ff_getUserRating((int) $_USER['uid']); $ratingSQL = ' AND b.rating_view <= ' . $grade . ' '; } else { $ratingSQL = ''; } $sql = "SELECT * "; $sql .= "FROM {$_TABLES['ff_topic']} a "; $sql .= "LEFT JOIN {$_TABLES['ff_forums']} b ON a.forum=b.forum_id "; $sql .= "WHERE pid=0 AND b.grp_id IN ({$grouplist}) AND b.no_newposts = 0 " . $ratingSQL; $sql .= "ORDER BY lastupdated DESC LIMIT {$_FF_CONF['show_last_post_count']}"; $result = DB_query($sql); $nrows = DB_numRows($result); $displayrecs = 0; for ($i = 1; $i <= $nrows; $i++) { $P = DB_fetchArray($result); if ($_FF_CONF['use_censor']) { $P['subject'] = COM_checkWords($P['subject']); $P['comment'] = COM_checkWords($P['comment']); } $topic_id = $P['id']; $displayrecs++; $dt->setTimestamp($P['date']); $firstdate = $dt->format($_FF_CONF['default_Datetime_format'], true); $dt->setTimestamp($P['lastupdated']); $lastdate = $dt->format($_FF_CONF['default_Datetime_format'], true); if ($P['uid'] > 1) { $topicinfo = "{$LANG_GF01['STARTEDBY']} " . COM_getDisplayName($P['uid']) . ', '; } else { $topicinfo = "{$LANG_GF01['STARTEDBY']} {$P['name']},"; } $topicinfo .= "{$firstdate}<br/>{$LANG_GF01['VIEWS']}:{$P['views']}, {$LANG_GF01['REPLIES']}:{$P['replies']}<br/>"; if (empty($P['last_reply_rec']) || $P['last_reply_rec'] < 1) { $lastid = $P['id']; $testText = FF_formatTextBlock($P['comment'], 'text', 'text', $P['status']); $testText = strip_tags($testText); $html2txt = new html2text($testText, false); $testText = trim($html2txt->get_text()); $lastpostinfogll = @htmlspecialchars(preg_replace('#\\r?\\n#', '<br>', strip_tags(substr($testText, 0, $_FF_CONF['contentinfo_numchars']) . '...')), ENT_QUOTES, COM_getEncodingt()); } else { $qlreply = DB_query("SELECT id,uid,name,comment,date,status FROM {$_TABLES['ff_topic']} WHERE id={$P['last_reply_rec']}"); $B = DB_fetchArray($qlreply); $lastid = $B['id']; $lastcomment = $B['comment']; $P['date'] = $B['date']; if ($B['uid'] > 1) { $topicinfo .= sprintf($LANG_GF01['LASTREPLYBY'], COM_getDisplayName($B['uid'])); } else { $topicinfo .= sprintf($LANG_GF01['LASTREPLYBY'], $B['name']); } $testText = FF_formatTextBlock($B['comment'], 'text', 'text', $B['status']); $testText = strip_tags($testText); $html2txt = new html2text($testText, false); $testText = trim($html2txt->get_text()); $lastpostinfogll = @htmlspecialchars(preg_replace('#\\r?\\n#', '<br>', strip_tags(substr($testText, 0, $_FF_CONF['contentinfo_numchars']) . '...')), ENT_QUOTES, COM_getEncodingt()); } $link = '<a class="' . COM_getTooltipStyle() . '" style="text-decoration:none; white-space:nowrap;" href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topic_id . '&lastpost=true#' . $lastid . '" title="' . @htmlspecialchars($P['subject'], ENT_QUOTES, COM_getEncodingt()) . '::' . $lastpostinfogll . '" rel="nofollow">'; $topiclink = '<a class="' . COM_getTooltipStyle() . '" style="text-decoration:none;" href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topic_id . '" title="' . @htmlspecialchars($P['subject'], ENT_QUOTES, COM_getEncodingt()) . '::' . $topicinfo . '">' . $P['subject'] . '</a>'; $dt->setTimestamp($P['date']); $tdate = $dt->format($_FF_CONF['default_Datetime_format'], true); $data_arr[] = array('forum' => $P['forum_name'], 'subject' => $topiclink, 'date' => $link . $tdate . '</a>'); if ($displayrecs >= $_FF_CONF['show_last_post_count']) { break; } } $T->set_var('list_data', ADMIN_simpleList("", $header_arr, $text_arr, $data_arr)); $T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); $T->parse('output', 'list'); $retval = $T->finish($T->get_var('output')); return array($pageTitle, $retval); }
/** * Returns text ready for display. * * @param string $text Text to prepare for display * @param string $postmode Indicates if text is html, adveditor, wikitext or plaintext * @param int $version version of GLText engine * @return string Escaped String * @access public * */ public static function getDisplayText($text, $postmode, $version) { if ($version == GLTEXT_FIRST_VERSION) { // first version if ($postmode == 'plaintext') { $text = COM_nl2br($text); } if ($postmode == 'wikitext') { $text = self::_editUnescape($text, $postmode); $text = self::renderWikiText($text); } } else { // latest version if ($postmode == 'html' || $postmode == 'adveditor') { // Get rid of any newline characters $text = str_replace("\n", '', $text); $text = self::_handleSpecialTag_callback($text, array('[code]', '[/code]', '<pre><code>', '</code></pre>'), '_escapeSPChars'); $text = self::_handleSpecialTag_callback($text, array('[raw]', '[/raw]', '<!--raw--><span class="raw">', '</span><!--/raw-->'), '_escapeSPChars'); } if ($postmode == 'plaintext') { $text = htmlspecialchars($text, ENT_QUOTES, COM_getEncodingt()); $text = COM_makeClickableLinks($text); $text = COM_nl2br($text); } if ($postmode == 'wikitext') { $text = self::_editUnescape($text, $postmode); $text = self::renderWikiText($text); // $text = self::_htmLawed($text, 'story.edit'); } $text = COM_checkWords($text); } $text = PLG_replaceTags(self::_displayEscape($text)); return $text; }
function MG_sendPostCard() { global $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG02, $LANG_MG03, $LANG_ACCESS, $_POST; global $LANG_DIRECTION, $LANG_CHARSET; $mid = COM_sanitizeID(COM_applyFilter($_POST['mid'], true)); $toname = COM_applyFilter($_POST['toname']); $toemail = COM_applyFilter($_POST['toemail']); $fromname = COM_applyFilter($_POST['fromname']); $fromemail = COM_applyFilter($_POST['fromemail']); $subject = strip_tags(COM_checkWords($_POST['subject'])); $message = htmlspecialchars(strip_tags(COM_checkWords($_POST['message']))); $ccself = isset($_POST['ccself']) ? 1 : 0; $errCount = 0; $msg = ''; if (!COM_isEmail($toemail)) { $errCount++; } if (!COM_isEmail($fromemail)) { $errCount++; } if (empty($subject)) { $errCount++; } if (empty($message)) { $errCount++; } $captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : ''; $msg = PLG_itemPreSave('mediagallery', $captchaString); if ($msg != '') { $errCount++; } if ($errCount > 0) { return MG_editPostCard('edit', $mid, $msg); } $retval = ''; $aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"'); if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) { $retval = MG_siteHeader(); $retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true); $retval .= MG_siteFooter(); echo $retval; exit; } $sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'"; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows < 1) { $retval = MG_siteHeader(); $retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true); $retval .= MG_siteFooter(); echo $retval; exit; } $M = DB_fetchArray($result); // trim the database $purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400; DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate); // save this one in the database $newsubject = DB_escapeString($subject); $newmessage = DB_escapeString($message); $pcId = COM_makesid(); $pc_time = time(); if (COM_isAnonUser()) { $uid = 1; } else { $uid = (int) $_USER['uid']; } $sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})"; $result = DB_query($sql); if (DB_error()) { COM_errorLog("Media Gallery: Error saving postcard"); } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard'); $last = COM_checkSpeedlimit('mgpostcard'); if ($last > 0) { $msg = sprintf($LANG_MG02['postcard_speedlimit'], $last); return MG_errorHandler($msg); } $alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId; // build the template... $T = new Template(MG_getTemplatePath($aid)); $T->set_file('postcard', 'postcard.thtml'); $media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg'); if (empty($LANG_DIRECTION)) { // default to left-to-right $direction = 'ltr'; } else { $direction = $LANG_DIRECTION; } if (empty($LANG_CHARSET)) { $charset = $_CONF['default_charset']; if (empty($charset)) { $charset = 'iso-8859-1'; } } else { $charset = $LANG_CHARSET; } $T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit'])); $T->parse('output', 'postcard'); $retval .= $T->finish($T->get_var('output')); $msgData['subject'] = htmlspecialchars($subject); $msgData['htmlmessage'] = $retval; $msgData['textmessage'] = sprintf($LANG_MG03['text_body_email'], $fromname, $alternate_link); $msgData['from']['email'] = $fromemail; $msgData['from']['name'] = $fromname; $msgData['to'][] = array('email' => $toemail, 'name' => $toname); if ($ccself) { $msgData['to'][] = array('email' => $fromemail, 'name' => $fromname); } foreach ($_MG_CONF['validExtensions'] as $tnext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext)) { $msgData['embeddedImage'][] = array('file' => $_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext, 'name' => "pc-image", 'filename' => $M['media_original_filename'], 'encoding' => 'base64', 'mime' => $M['mime_type']); } } $msgData['embeddedImage'][] = array('file' => MG_getImageFilePath('stamp.gif'), 'name' => "stamp", 'filename' => 'stamp.gif', 'encoding' => 'base64', 'mime' => 'image/gif'); COM_emailNotification($msgData); $msgNo = 8; // update the sent post card database...Or maybe just log it in an error log? $logentry = $fromname . " sent a postcard to " . $toname . " (" . $toemail . ") using media id " . $mid; MG_postcardLog($logentry); COM_updateSpeedlimit('mgpostcard'); header("Location: " . $_MG_CONF['site_url'] . '/media.php?msg=' . $msgNo . '&s=' . $mid); exit; }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG_STATIC['access_denied_msg']; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 3) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') { $args['draft_flag'] = 'on'; } if (empty($args['template_flag'])) { $args['template_flag'] = ''; } if (empty($args['template_id'])) { $args['template_id'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_title = $args['sp_title']; $sp_page_title = $args['sp_page_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $meta_description = $args['meta_description']; $meta_keywords = $args['meta_keywords']; $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $draft_flag = $args['draft_flag']; $template_flag = $args['template_flag']; $template_id = $args['template_id']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } if ($draft_flag == 'on') { $draft_flag = 1; } else { $draft_flag = 0; } if ($template_flag == 'on') { $template_flag = 1; } else { $template_flag = 0; } // Remove any autotags the user doesn't have permission to use $sp_content = PLG_replaceTags($sp_content, '', true); // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_page_title = strip_tags($sp_page_title); $sp_label = strip_tags($sp_label); $meta_description = strip_tags($meta_description); $meta_keywords = strip_tags($meta_keywords); $sp_content = addslashes($sp_content); $sp_title = addslashes($sp_title); $sp_page_title = addslashes($sp_page_title); $sp_label = addslashes($sp_label); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // If marked as a template then set id to nothing and other default settings if ($template_flag == 1) { $template_id = ''; $sp_onmenu = 0; $sp_label = ""; $sp_centerblock = 0; $sp_php = 0; $sp_inblock = 0; $sp_nf = 0; $sp_hits = 0; $meta_description = ""; $meta_keywords = ""; } else { // See if it was a template before, if so and option changed, remove use from other pages if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } if ($template_id != '') { // If using a template, make sure php disabled $sp_php = 0; // Double check template id exists and is still a template $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) { $template_id = ''; } } } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)"; // if we're in a multi-language setup, we need to allow one "entire // page" centerblock for 'all' or 'none' per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_{$lang_id}'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Retrieve created date $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'"); if ($datecreated == '') { $datecreated = date('Y-m-d H:i:s'); } DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'"); if ($delete_old_page && !empty($sp_old_id)) { // If a template and the id changed, update any staticpages that use it if ($template_flag == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); } if (empty($sp_old_id) || $sp_id == $sp_old_id) { if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages'); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } else { DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages')); if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages', $sp_old_id); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
function MG_getFile($filename, $file, $album_id, $opt = array()) { global $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $_SPECIAL_IMAGES_MIMETYPE, $new_media_id; $caption = isset($opt['caption']) ? $opt['caption'] : ''; $description = isset($opt['description']) ? $opt['description'] : ''; $upload = isset($opt['upload']) ? $opt['upload'] : 1; $purgefiles = isset($opt['purgefiles']) ? $opt['purgefiles'] : 0; $filetype = isset($opt['filetype']) ? $opt['filetype'] : ''; $atttn = isset($opt['atttn']) ? $opt['atttn'] : 0; $thumbnail = isset($opt['thumbnail']) ? $opt['thumbnail'] : ''; $keywords = isset($opt['keywords']) ? $opt['keywords'] : ''; $category = isset($opt['category']) ? $opt['category'] : 0; $dnc = isset($opt['dnc']) ? $opt['dnc'] : 0; $replace = isset($opt['replace']) ? $opt['replace'] : 0; $artist = ''; $musicAlbum = ''; $genre = ''; $video_attached_thumbnail = 0; $successfulWatermark = 0; $dnc = 1; // What is this? $errors = 0; $errMsg = ''; require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php'; $album = new mgAlbum($album_id); $root_album = new mgAlbum(0); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: *********** Beginning media upload process..."); COM_errorLog("Filename to process: " . $filename); COM_errorLog("UID=" . $_USER['uid']); COM_errorLog("album access=" . $album->access); COM_errorLog("album owner_id=" . $album->owner_id); COM_errorLog("member_uploads=" . $album->member_uploads); } clearstatcache(); if (!file_exists($filename)) { $errMsg = $LANG_MG02['upload_not_found']; return array(false, $errMsg); } if (!is_readable($filename)) { $errMsg = $LANG_MG02['upload_not_readable']; return array(false, $errMsg); } // make sure we have the proper permissions to upload to this album.... if (!isset($album->id)) { $errMsg = $LANG_MG02['album_nonexist']; // "Album does not exist, unable to process uploads"; return array(false, $errMsg); } if ($album->access != 3 && !$root_album->owner_id && $album->member_uploads == 0) { COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1); return array(false, $LANG_MG00['access_denied_msg']); } sleep(0.1); // We do this to make sure we don't get dupe sid's /* * The following section of code will generate a unique name for a temporary * file and copy the uploaded file to the Media Gallery temp directory. * We do this to prevent any SAFE MODE issues when we later open the * file to determine the mime type. */ if (empty($_USER['username'])) { $_USER['username'] = '******'; } $tmpPath = $_MG_CONF['tmp_path'] . $_USER['username'] . COM_makesid() . '.tmp'; if ($upload) { $rc = @move_uploaded_file($filename, $tmpPath); } else { $rc = @copy($filename, $tmpPath); $importSource = $filename; } if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file in generic processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $tmpPath); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); @unlink($tmpPath); COM_errorLog("MG Upload: Problem uploading a media object"); return array(false, $errMsg); } $filename = $tmpPath; $new_media_id = $replace > 0 ? $replace : COM_makesid(); $media_time = time(); $media_upload_time = $media_time; if (!isset($_USER['uid']) || $_USER['uid'] < 1) { $media_user_id = 1; } else { $media_user_id = $_USER['uid']; } $mimeInfo = MG_getMediaMetaData($filename); $mimeExt = strtolower(substr(strrchr($file, '.'), 1)); $mimeInfo['type'] = $mimeExt; // override the determination for some filetypes $filetype = MG_getFileTypeFromExt($mimeExt, $filetype); if (empty($mimeInfo['mime_type'])) { COM_errorLog("MG Upload: getID3 was unable to detect mime type - using PHP detection"); $mimeInfo['mime_type'] = $filetype; } $gotTN = 0; if ($mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') { $mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data']; $gotTN = 1; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: found mime type of " . $mimeInfo['type']); } if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') { // assume format based on file upload info... switch ($filetype) { case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'image/tga': $mimeInfo['type'] = 'tga'; $mimeInfo['mime_type'] = 'image/tga'; $mimeExt = 'tga'; break; case 'image/psd': $mimeInfo['type'] = 'psd'; $mimeInfo['mime_type'] = 'image/psd'; $mimeExt = 'psd'; break; case 'image/gif': $mimeInfo['type'] = 'gif'; $mimeInfo['mime_type'] = 'image/gif'; $mimeExt = 'gif'; break; case 'image/jpeg': case 'image/jpg': $mimeInfo['type'] = 'jpg'; $mimeInfo['mime_type'] = 'image/jpeg'; $mimeExt = 'jpg'; break; case 'image/png': $mimeInfo['type'] = 'png'; $mimeInfo['mime_type'] = 'image/png'; $mimeExt = 'png'; break; case 'image/bmp': $mimeInfo['type'] = 'bmp'; $mimeInfo['mime_type'] = 'image/bmp'; $mimeExt = 'bmp'; break; case 'application/x-shockwave-flash': $mimeInfo['type'] = 'swf'; $mimeInfo['mime_type'] = 'application/x-shockwave-flash'; $mimeExt = 'swf'; break; case 'application/zip': $mimeInfo['type'] = 'zip'; $mimeInfo['mime_type'] = 'application/zip'; $mimeExt = 'zip'; break; case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'video/quicktime': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/quicktime'; $mimeExt = 'mov'; break; case 'video/x-m4v': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/x-m4v'; $mimeExt = 'mov'; break; case 'video/x-flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; $mimeExt = 'flv'; break; case 'audio/x-ms-wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; $mimeExt = 'wma'; break; default: switch ($mimeExt) { case 'flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; break; case 'wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; break; default: $mimeInfo['type'] = 'file'; $mimeInfo['mime_type'] = 'application/octet-stream'; if ($filetype != '') { $mimeInfo['mime_type'] = $filetype; } break; } break; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: override mime type to: " . $mimeInfo['type'] . ' based upon file extension of: ' . $filetype); } } switch ($mimeInfo['mime_type']) { case 'audio/mpeg': $format_type = MG_MP3; break; case 'image/gif': $format_type = MG_GIF; break; case 'image/jpeg': case 'image/jpg': $format_type = MG_JPG; break; case 'image/png': $format_type = MG_PNG; break; case 'image/bmp': $format_type = MG_BMP; break; case 'application/x-shockwave-flash': $format_type = MG_SWF; break; case 'application/zip': $format_type = MG_ZIP; break; case 'video/mpeg': case 'video/x-motion-jpeg': case 'video/quicktime': case 'video/mpeg': case 'video/x-mpeg': case 'video/x-mpeq2a': case 'video/x-qtc': case 'video/x-m4v': $format_type = MG_MOV; break; case 'video/x-flv': $format_type = MG_FLV; break; case 'image/tiff': $format_type = MG_TIF; break; case 'image/x-targa': case 'image/tga': $format_type = MG_TGA; break; case 'image/psd': $format_type = MG_PSD; break; case 'application/ogg': $format_type = MG_OGG; break; case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-ms-wmz': case 'application/x-ms-wmd': $format_type = MG_ASF; break; case 'application/pdf': $format_type = MG_OTHER; break; default: $format_type = MG_OTHER; break; } if (!($album->valid_formats & $format_type)) { return array(false, $LANG_MG02['format_not_allowed']); } $mimeType = $mimeInfo['mime_type']; if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: PHP detected mime type is : " . $filetype); } if ($filetype == 'video/x-m4v') { $mimeType = 'video/x-m4v'; $mimeInfo['mime_type'] = 'video/x-m4v'; } if ($replace > 0) { $sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($replace) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); $media_filename = $row['media_filename']; } else { if ($_MG_CONF['preserve_filename'] == 1) { $loopCounter = 0; $digitCounter = 1; $file_name = stripslashes($file); $file_name = MG_replace_accents($file_name); $file_name = preg_replace("#[ ]#", "_", $file_name); // change spaces to underscore $file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name); //only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore $file_name = preg_replace('#(_)+#', '_', $file_name); //eliminate duplicate underscore $pos = strrpos($file_name, '.'); if ($pos === false) { $basefilename = $file_name; } else { $basefilename = strtolower(substr($file_name, 0, $pos)); } do { clearstatcache(); $media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename; $loopCounter++; if ($loopCounter > 16) { $digitCounter++; $loopCounter = 0; } } while (MG_file_exists($media_filename)); } else { do { clearstatcache(); $media_filename = md5(uniqid(rand())); } while (MG_file_exists($media_filename)); } } // replace a few mime extentions here... // if ($mimeExt == 'php') { $mimeExt = 'phps'; } if (in_array($mimeExt, array('pl', 'cgi', 'py', 'sh', 'rb'))) { $mimeExt = 'txt'; } $disp_media_filename = $media_filename . '.' . $mimeExt; if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename); COM_errorLog("MG Upload: Mime Type: " . $mimeType); } switch ($mimeType) { case 'image/psd': case 'image/x-targa': case 'image/tga': case 'image/photoshop': case 'image/x-photoshop': case 'image/psd': case 'application/photoshop': case 'application/psd': case 'image/tiff': case 'image/gif': case 'image/jpeg': case 'image/jpg': case 'image/png': case 'image/bmp': $dispExt = $mimeExt; if (in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) { $dispExt = 'jpg'; } $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $media_disp = MG_getFilePath('disp', $media_filename, $dispExt); $media_tn = MG_getFilePath('tn', $media_filename, $dispExt); $mimeType = $mimeInfo['mime_type']; // process image file $media_time = getOriginationTimestamp($filename); if ($media_time == null || $media_time < 0) { $media_time = time(); } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: About to move/copy file"); } $rc = @copy($filename, $media_orig); if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $album_id, $media_filename, $dnc); if ($rc == false) { $errors++; $errMsg .= $msg; // sprintf($LANG_MG02['convert_error'],$filename); } else { $mediaType = 0; if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) { if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) { $rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp); } @unlink($media_orig); } if ($album->wm_auto) { if ($_MG_CONF['discard_original'] == 1) { $rc = MG_watermark($media_disp, $album_id, 1); if ($rc == true) { $successfulWatermark = 1; } } else { $rc1 = MG_watermark($media_orig, $album_id, 1); $rc2 = MG_watermark($media_disp, $album_id, 0); if ($rc1 == ture && $rc2 == true) { $successfulWatermark = 1; } } } if ($dnc != 1) { if (!in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) { $mimeExt = 'jpg'; $mimeType = 'image/jpeg'; } } } } break; case 'video/quicktime': case 'video/mpeg': case 'video/x-flv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-shockwave-flash': case 'video/mp4': case 'video/x-m4v': $mimeType = $mimeInfo['mime_type']; if ($filetype == 'video/mp4') { $mimeExt = 'mp4'; } // process video format $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $rc = @copy($filename, $media_orig); if ($rc != 1) { COM_errorLog("MG Upload: Error moving uploaded file in video processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); $mediaType = 1; } $video_attached_thumbnail = MG_videoThumbnail($album_id, $media_orig, $media_filename); break; case 'application/ogg': case 'audio/mpeg': case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': $mimeType = $mimeInfo['mime_type']; // process audio format $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $rc = @copy($filename, $media_orig); COM_errorLog("MG Upload: Extracting audio meta data"); if (isset($mimeInfo['tags']['id3v1']['title'][0])) { if ($caption == '') { $caption = $mimeInfo['tags']['id3v1']['title'][0]; } } if (isset($mimeInfo['tags']['id3v1']['artist'][0])) { $artist = addslashes($mimeInfo['tags']['id3v1']['artist'][0]); } if (isset($mimeInfo['tags']['id3v2']['genre'][0])) { $genre = addslashes($mimeInfo['tags']['id3v2']['genre'][0]); } if (isset($mimeInfo['tags']['id3v1']['album'][0])) { $musicAlbum = addslashes($mimeInfo['tags']['id3v1']['album'][0]); } if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file in audio processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 2; } break; case 'zip': case 'application/zip': if ($_MG_CONF['zip_enabled']) { $errMsg .= MG_processZip($filename, $album_id, $purgefiles, $media_filename); break; } // NO BREAK HERE, fall through if enable zip isn't allowed // NO BREAK HERE, fall through if enable zip isn't allowed default: $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $mimeType = $mimeInfo['mime_type']; $rc = @copy($filename, $media_orig); if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file in generic processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 4; } $mediaType = 4; break; } // update quota $quota = $album->album_disk_usage; $quota += @filesize(MG_getFilePath('orig', $media_filename, $mimeExt)); if ($_MG_CONF['discard_original'] == 1) { $quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg')); } DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id)); if ($errors) { @unlink($tmpPath); COM_errorLog("MG Upload: Problem uploading a media object"); return array(false, $errMsg); } if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) { // Now we need to process an uploaded thumbnail if ($gotTN == 1) { $mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg'; $fn = fopen($mp3TNFilename, "w"); fwrite($fn, $mp3AttachdedThumbnail); fclose($fn); $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName); @unlink($mp3TNFilename); $atttn = 1; } else { if ($atttn == 1) { $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName); } } if ($video_attached_thumbnail) { $atttn = 1; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Building SQL and preparing to enter database"); } if ($_MG_CONF['htmlallowed'] != 1) { $media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description))))); $media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption))))); $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords))))); } else { $media_desc = addslashes(COM_checkHTML(COM_killJS($description))); $media_caption = addslashes(COM_checkHTML(COM_killJS($caption))); $media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords))); } // Check and see if moderation is on. If yes, place in mediasubmission if ($album->moderate == 1 && !$root_album->owner_id) { $tableMedia = $_TABLES['mg_mediaqueue']; $tableMediaAlbum = $_TABLES['mg_media_album_queue']; $queue = 1; } else { $tableMedia = $_TABLES['mg_media']; $tableMediaAlbum = $_TABLES['mg_media_albums']; $queue = 0; } $original_filename = addslashes($file); if ($album->filename_title) { if ($media_caption == '') { $pos = strrpos($original_filename, '.'); if ($pos === false) { $media_caption = $original_filename; } else { $media_caption = substr($original_filename, 0, $pos); } } } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Inserting media record into mg_media"); } $resolution_x = 0; $resolution_y = 0; // try to find a resolution if video... if ($mediaType == 1) { switch ($mimeType) { case 'application/x-shockwave-flash': case 'video/quicktime': case 'video/mpeg': case 'video/x-m4v': $resolution_x = -1; $resolution_y = -1; if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } break; case 'video/x-flv': if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) { $resolution_x = -1; $resolution_y = -1; if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) { $resolution_x = $mimeInfo['meta']['onMetaData']['width']; $resolution_y = $mimeInfo['meta']['onMetaData']['height']; } } else { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } break; case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': $resolution_x = -1; $resolution_y = -1; if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) { $resolution_x = $mimeInfo['video']['streams']['2']['resolution_x']; $resolution_y = $mimeInfo['video']['streams']['2']['resolution_y']; } break; } } if ($replace > 0) { $sql = "UPDATE " . $tableMedia . " SET " . "media_filename='" . addslashes($media_filename) . "'," . "media_original_filename='" . $original_filename . "'," . "media_mime_ext='" . addslashes($mimeExt) . "'," . "mime_type='" . addslashes($mimeType) . "'," . "media_time='" . addslashes($media_time) . "'," . "media_user_id='" . addslashes($media_user_id) . "'," . "media_type='" . addslashes($mediaType) . "'," . "media_upload_time='" . addslashes($media_upload_time) . "'," . "media_watermarked='" . addslashes($successfulWatermark) . "'," . "media_resolution_x='" . intval($resolution_x) . "'," . "media_resolution_y='" . intval($resolution_y) . "' " . "WHERE media_id='" . addslashes($replace) . "'"; DB_query($sql); } else { $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext," . "media_exif,mime_type,media_title,media_desc,media_keywords,media_time," . "media_views,media_comments,media_votes,media_rating,media_tn_attached," . "media_tn_image,include_ss,media_user_id,media_user_ip,media_approval," . "media_type,media_upload_time,media_category,media_watermarked,v100," . "maint,media_resolution_x,media_resolution_y,remote_media,remote_url," . "artist,album,genre) " . "VALUES ('" . addslashes($new_media_id) . "','" . addslashes($media_filename) . "','" . $original_filename . "','" . addslashes($mimeExt) . "','1','" . addslashes($mimeType) . "','" . addslashes($media_caption) . "','" . addslashes($media_desc) . "','" . addslashes($media_keywords) . "','" . addslashes($media_time) . "','0','0','0','0.00','" . addslashes($atttn) . "','','1','" . addslashes($media_user_id) . "','','0','" . addslashes($mediaType) . "','" . addslashes($media_upload_time) . "','" . addslashes($category) . "','" . addslashes($successfulWatermark) . "','0','0'," . intval($resolution_x) . "," . intval($resolution_y) . ",0,'','" . addslashes($artist) . "','" . addslashes($musicAlbum) . "','" . addslashes($genre) . "');"; DB_query($sql); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Updating Album information"); } $x = 0; $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM {$_TABLES['mg_media_albums']} WHERE album_id = " . intval($album_id); $result = DB_query($sql); $row = DB_fetchArray($result); $media_seq = $row['media_seq']; if ($media_seq < 10) { $media_seq = 10; } $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) " . "VALUES ('" . addslashes($new_media_id) . "', " . intval($album_id) . ", " . intval($media_seq) . ")"; DB_query($sql); if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height','{$resolution_y}'"); } PLG_itemSaved($new_media_id, 'mediagallery'); // update the media count for the album, only if no moderation... if ($queue == 0) { $album->media_count++; DB_change($_TABLES['mg_albums'], 'media_count', $album->media_count, 'album_id', $album->id); MG_updateAlbumLastUpdate($album->id); if ($album->cover == -1 && ($mediaType == 0 || $atttn == 1)) { if ($atttn == 1) { $covername = 'tn_' . $media_filename; } else { $covername = $media_filename; } DB_change($_TABLES['mg_albums'], 'album_cover_filename', $covername, 'album_id', $album->id); } // MG_resetAlbumCover($album->id); } $x++; } } if ($queue) { $errMsg .= $LANG_MG01['successful_upload_queue']; // ' successfully placed in Moderation queue'; } else { $errMsg .= $LANG_MG01['successful_upload']; // ' successfully uploaded to album'; } if ($queue == 0) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_buildAlbumRSS($album_id); } COM_errorLog("MG Upload: Successfully uploaded a media object"); @unlink($tmpPath); return array(true, $errMsg); }
public function testCheckWordsWithReplaceWordFragment() { // Line 2823 $message = COM_checkWords('Peacocks'); $this->assertEquals('Pea*censored*s', $message); }
/** * Filters comment text and appends necessary tags (sig and/or edit) * * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $comment comment text * @param string $postmode ('html', 'plaintext', ...) * @param string $type Type of item (article, poll, etc.) * @param bool $edit if true append edit tag * @param int $cid commentid if editing comment (for proper sig) * @return string of comment text */ function CMT_prepareText($comment, $postmode, $type, $edit = false, $cid = null) { global $_USER, $_TABLES, $LANG03, $_CONF; if ($postmode == 'html') { $html_perm = $type == 'article' ? 'story.edit' : "{$type}.edit"; $comment = COM_checkWords(COM_checkHTML(COM_stripslashes($comment), $html_perm)); } else { // plaintext $comment = htmlspecialchars(COM_checkWords(COM_stripslashes($comment))); $newcomment = COM_makeClickableLinks($comment); if (strcmp($comment, $newcomment) != 0) { $comment = nl2br($newcomment); } } if ($edit) { $comment .= '<div class="comment-edit">' . $LANG03[30] . ' ' . strftime($_CONF['date'], time()) . ' ' . $LANG03[31] . ' ' . $_USER['username'] . '</div><!-- /COMMENTEDIT -->'; $text = $comment; } if (empty($_USER['uid'])) { $uid = 1; } elseif ($edit && is_numeric($cid)) { //if comment moderator $uid = DB_getItem($_TABLES['comments'], 'uid', "cid = '{$cid}'"); } else { $uid = $_USER['uid']; } $sig = ''; if ($uid > 1) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid = '{$uid}'"); if (!empty($sig)) { $comment .= '<!-- COMMENTSIG --><div class="comment-sig">'; if ($postmode == 'html') { $comment .= '---<br' . XHTML . '>' . nl2br($sig); } else { $comment .= '---' . LB . $sig; } $comment .= '</div><!-- /COMMENTSIG -->'; } } return $comment; }
/** * Create "What's Related" links for a story * * Creates an HTML-formatted list of links to be used for the What's Related * block next to a story (in article view). * * @param string $related contents of gl_stories 'related' field * @param int $uid user id of the author * @param int $tid topic id * @return string HTML-formatted list of links */ function STORY_whatsRelated($related, $uid, $tid) { global $_CONF, $_TABLES, $_USER, $LANG24; // get the links from the story text if (!empty($related)) { $rel = explode("\n", $related); } else { $rel = array(); } if (!empty($_USER['username']) || $_CONF['loginrequired'] == 0 && $_CONF['searchloginrequired'] == 0) { // add a link to "search by author" if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($uid); $rel[] = "<a href=\"{$_CONF['site_url']}/search.php?mode=search&type=stories&author={$uid}\">{$LANG24[37]} {$author}</a>"; } // add a link to "search by topic" $topic = DB_getItem($_TABLES['topics'], 'topic', "tid = '{$tid}'"); $rel[] = '<a href="' . $_CONF['site_url'] . '/search.php?mode=search&type=stories&topic=' . $tid . '">' . $LANG24[38] . ' ' . stripslashes($topic) . '</a>'; } $related = ''; if (count($rel) > 0) { $related = COM_checkWords(COM_makeList($rel, 'list-whats-related')); } return $related; }
/** * Saves link to the database * * @param string $lid ID for link * @param string $old_lid old ID for link * @param string $cid cid of category link belongs to * @param string $categorydd Category links belong to * @param string $url URL of link to save * @param string $description Description of link * @param string $title Title of link * @param int $hits Number of hits for link * @param int $owner_id ID of owner * @param int $group_id ID of group link belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array links plugin lang admin vars * */ function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit')); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $cid = DB_escapeString($cid); if (empty($owner_id)) { // this is new link from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } $lid = COM_sanitizeID($lid); $old_lid = COM_sanitizeID($old_lid); if (empty($lid)) { if (empty($old_lid)) { $lid = COM_makeSid(); } else { $lid = $old_lid; } } // check for link id change if (!empty($old_lid) && $lid != $old_lid) { // check if new lid is already in use if (DB_count($_TABLES['links'], 'lid', $lid) > 0) { // TBD: abort, display editor with all content intact again $lid = $old_lid; // for now ... } } $access = 0; $old_lid = DB_escapeString($old_lid); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { $cid = DB_escapeString($categorydd); } else { if ($categorydd != $LANG_LINKS_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } } DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); DB_delete($_TABLES['links'], 'lid', $old_lid); DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (empty($old_lid) || $old_lid == $lid) { PLG_itemSaved($lid, 'links'); } else { PLG_itemSaved($lid, 'links', $old_lid); } // Get category for rdf check $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('links', $category, $lid); return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2); } else { // missing fields $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $retval .= editlink('edit', $old_lid); } else { $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); return $retval; } }
function fncSave($edt_flg, $navbarMenu, $menuno) { $pi_name = "userbox"; global $_CONF; global $_TABLES; global $_USER; global $_USERBOX_CONF; global $LANG_USERBOX_ADMIN; global $_FILES; $addition_def = DATABOX_getadditiondef($pi_name); $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); $fieldset_id = COM_applyFilter($_POST['fieldset'], true); //@@@@@ username fullname $username = COM_applyFilter($_POST['username']); $username = addslashes(COM_checkHTML(COM_checkWords($username))); $fullname = COM_applyFilter($_POST['fullname']); $fullname = addslashes(COM_checkHTML(COM_checkWords($fullname))); $page_title = COM_applyFilter($_POST['page_title']); $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title))); $description = $_POST['description']; //COM_applyFilter($_POST['description']); $description = addslashes(COM_checkHTML(COM_checkWords($description))); $defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']); $defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory))); $draft_flag = COM_applyFilter($_POST['draft_flag'], true); // $hits =0; // $comments=0; $comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true); if ($comment_expire_flag) { $comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true); $comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true); $comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true); $comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true); $comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true); if ($comment_expire_ampm == 'pm') { if ($comment_expire_hour < 12) { $comment_expire_hour = $comment_expire_hour + 12; } } if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) { $comment_expire_hour = '00'; } } else { $comment_expire_month = 0; $comment_expire_day = 0; $comment_expire_year = 0; $comment_expire_hour = 0; $comment_expire_minute = 0; } $commentcode = COM_applyFilter($_POST['commentcode'], true); $trackbackcode = COM_applyFilter($_POST['trackbackcode'], true); $cache_time = COM_applyFilter($_POST['cache_time'], true); $meta_description = $_POST['meta_description']; $meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description))); $meta_keywords = $_POST['meta_keywords']; $meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords))); $language_id = COM_applyFilter($_POST['language_id']); $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id))); $category = $_POST['category']; //@@@@@ $additionfields = $_POST['afield']; $additionfields_old = $_POST['afield']; $additionfields_fnm = $_POST['afield_fnm']; $additionfields_del = $_POST['afield_del']; $additionfields_alt = $_POST['afield_alt']; $additionfields_date = array(); $dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt); // $owner_id = COM_applyFilter($_POST['owner_id'], true); $group_id = COM_applyFilter($_POST['group_id'], true); // $array['perm_owner'] = $_POST['perm_owner']; $array['perm_group'] = $_POST['perm_group']; $array['perm_members'] = $_POST['perm_members']; $array['perm_anon'] = $_POST['perm_anon']; if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']); } else { $perm_owner = COM_applyBasicFilter($array['perm_owner'], true); $perm_group = COM_applyBasicFilter($array['perm_group'], true); $perm_members = COM_applyBasicFilter($array['perm_members'], true); $perm_anon = COM_applyBasicFilter($array['perm_anon'], true); } //編集日付 $modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true); if ($modified_autoupdate == 1) { //$udate = date('Ymd'); $modified_month = date('m'); $modified_day = date('d'); $modified_year = date('Y'); $modified_hour = date('H'); $modified_minute = date('i'); } else { $modified_month = COM_applyFilter($_POST['modified_month'], true); $modified_day = COM_applyFilter($_POST['modified_day'], true); $modified_year = COM_applyFilter($_POST['modified_year'], true); $modified_hour = COM_applyFilter($_POST['modified_hour'], true); $modified_minute = COM_applyFilter($_POST['modified_minute'], true); $modified_ampm = COM_applyFilter($_POST['modified_ampm']); if ($modified_ampm == 'pm') { if ($modified_hour < 12) { $modified_hour = $modified_hour + 12; } } if ($modified_ampm == 'am' and $modified_hour == 12) { $modified_hour = '00'; } } //公開日 $released_month = COM_applyFilter($_POST['released_month'], true); $released_day = COM_applyFilter($_POST['released_day'], true); $released_year = COM_applyFilter($_POST['released_year'], true); $released_hour = COM_applyFilter($_POST['released_hour'], true); $released_minute = COM_applyFilter($_POST['released_minute'], true); if ($released_ampm == 'pm') { if ($released_hour < 12) { $released_hour = $released_hour + 12; } } if ($released_ampm == 'am' and $released_hour == 12) { $released_hour = '00'; } //公開終了日 $expired_flag = COM_applyFilter($_POST['expired_flag'], true); if ($expired_flag) { $expired_month = COM_applyFilter($_POST['expired_month'], true); $expired_day = COM_applyFilter($_POST['expired_day'], true); $expired_year = COM_applyFilter($_POST['expired_year'], true); $expired_hour = COM_applyFilter($_POST['expired_hour'], true); $expired_minute = COM_applyFilter($_POST['expired_minute'], true); if ($expired_ampm == 'pm') { if ($expired_hour < 12) { $expired_hour = $expired_hour + 12; } } if ($expired_ampm == 'am' and $expired_hour == 12) { $expired_hour = '00'; } } else { $expired_month = 0; $expired_day = 0; $expired_year = 0; $expired_hour = 0; $expired_minute = 0; } $created = COM_applyFilter($_POST['created_un']); $orderno = mb_convert_kana($_POST['orderno'], "a"); //全角英数字を半角英数字に変換する $orderno = COM_applyFilter($orderno, true); //$name = mb_convert_kana($name,"AKV"); //A:半角英数字を全角英数字に変換する //K:半角カタカナを全角カタカナに変換する //V:濁点つきの文字を1文字に変換する (K、H と共に利用する) //$name = str_replace ("'", "’",$name); //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する //----- $type = 1; $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //id if ($id == 0) { //$err.=$LANG_USERBOX_ADMIN['err_uid']."<br {XHTML}>".LB; } else { if (!is_numeric($id)) { $err .= $LANG_USERBOX_ADMIN['err_id'] . "<br {XHTML}>" . LB; } } //文字数制限チェック if (mb_strlen($description, 'UTF-8') > $_USERBOX_CONF['maxlength_description']) { $err .= $LANG_USERBOX_ADMIN['description'] . $_USERBOX_CONF['maxlength_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } if (mb_strlen($meta_description, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_description']) { $err .= $LANG_USERBOX_ADMIN['meta_description'] . $_USERBOX_CONF['maxlength_meta_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } if (mb_strlen($meta_keywords, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_keywords']) { $err .= $LANG_USERBOX_ADMIN['meta_keywords'] . $_USERBOX_CONF['maxlength_meta_keywords'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } //----追加項目チェック $err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt); //編集日付 $modified = $modified_year . "-" . $modified_month . "-" . $modified_day; if (checkdate($modified_month, $modified_day, $modified_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_modified'] . "<br {XHTML}>" . LB; } $modified = COM_convertDate2Timestamp($modified_year . "-" . $modified_month . "-" . $modified_day, $modified_hour . ":" . $modified_minute . "::00"); //公開日 $released = $released_year . "-" . $released_month . "-" . $released_day; if (checkdate($released_month, $released_day, $released_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_released'] . "<br {XHTML}>" . LB; } $released = COM_convertDate2Timestamp($released_year . "-" . $released_month . "-" . $released_day, $released_hour . ":" . $released_minute . "::00"); //コメント受付終了日時 if ($comment_expire_flag) { if (checkdate($comment_expire_month, $comment_expire_day, $comment_expire_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_comment_expire'] . "<br {XHTML}>" . LB; } $comment_expire = COM_convertDate2Timestamp($comment_expire_year . "-" . $comment_expire_month . "-" . $comment_expire_day, $comment_expire_hour . ":" . $comment_expire_minute . "::00"); } else { $comment_expire = '0000-00-00 00:00:00'; //$comment_expire=""; } //公開終了日 if ($expired_flag) { if (checkdate($expired_month, $expired_day, $expired_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB; } $expired = COM_convertDate2Timestamp($expired_year . "-" . $expired_month . "-" . $expired_day, $expired_hour . ":" . $expired_minute . "::00"); if ($expired < $released) { $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB; } } else { $expired = '0000-00-00 00:00:00'; //$expired=""; } //errorのあるとき if ($err != "") { $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit']; $retval['display'] = fncEdit($id, $edt_flg, 3, $err); return $retval; } // CHECK おわり if ($id == 0) { $w = DB_getItem($_TABLES['USERBOX_base'], "max(id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; $created_month = date('m'); $created_day = date('d'); $created_year = date('Y'); $created_hour = date('H'); $created_minute = date('i'); $created = COM_convertDate2Timestamp($created_year . "-" . $created_month . "-" . $created_day, $created_hour . ":" . $created_minute . "::00"); } $hits = 0; $comments = 0; $fields = "id"; $values = "{$id}"; $fields .= ",page_title"; // $values .= ",'{$page_title}'"; $fields .= ",description"; // $values .= ",'{$description}'"; $fields .= ",defaulttemplatesdirectory"; // $values .= ",'{$defaulttemplatesdirectory}'"; //$fields.=",hits";// //$values.=",$hits"; $fields .= ",comments"; // $values .= ",{$comments}"; $fields .= ",meta_description"; // $values .= ",'{$meta_description}'"; $fields .= ",meta_keywords"; // $values .= ",'{$meta_keywords}'"; $fields .= ",commentcode"; // $values .= ",{$commentcode}"; $fields .= ",trackbackcode"; // $values .= ",{$trackbackcode}"; $fields .= ",cache_time"; // $values .= ",{$cache_time}"; $fields .= ",comment_expire"; // if ($comment_expire == '0000-00-00 00:00:00') { $values .= ",'{$comment_expire}'"; } else { $values .= ",FROM_UNIXTIME('{$comment_expire}')"; } $fields .= ",language_id"; // $values .= ",'{$language_id}'"; $fields .= ",owner_id"; $values .= ",{$owner_id}"; $fields .= ",group_id"; $values .= ",{$group_id}"; $fields .= ",perm_owner"; $values .= ",{$perm_owner}"; $fields .= ",perm_group"; $values .= ",{$perm_group}"; $fields .= ",perm_members"; $values .= ",{$perm_members}"; $fields .= ",perm_anon"; $values .= ",{$perm_anon}"; $fields .= ",modified"; $values .= ",FROM_UNIXTIME('{$modified}')"; if ($created != "") { $fields .= ",created"; $values .= ",FROM_UNIXTIME('{$created}')"; } $fields .= ",expired"; if ($expired == '0000-00-00 00:00:00') { $values .= ",'{$expired}'"; } else { $values .= ",FROM_UNIXTIME('{$expired}')"; } $fields .= ",released"; $values .= ",FROM_UNIXTIME('{$released}')"; $fields .= ",orderno"; // $values .= ",{$orderno}"; $fields .= ",fieldset_id"; // $values .= ",{$fieldset_id}"; $fields .= ",uuid"; $values .= ",{$uuid}"; $fields .= ",draft_flag"; $values .= ",{$draft_flag}"; DB_save($_TABLES['USERBOX_base'], $fields, $values); //カテゴリ $rt = DATABOX_savecategorydatas($id, $category, $pi_name); //追加項目 DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt); $rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name); //user (コアのテーブル) //kokoka $sql = "UPDATE " . $_TABLES['users'] . " SET "; $sql .= " fullname ='" . $fullname . "'"; $sql .= " WHERE uid=" . $id; DB_query($sql); $rt = fncsendmail('data', $id); $cacheInstance = 'userbox__' . $id . '__'; CACHE_remove_instance($cacheInstance); //exit;// debug 用 // if ($edt_flg){ // $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT; // $return_page.="?id=".$id; // }else{ // $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1'; // } // return COM_refresh ($return_page); if ($_USERBOX_CONF['aftersave_admin'] === 'no') { $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit']; $retval['display'] .= fncEdit($id, $edt_flg, 1, ""); return $retval; } else { if ($_USERBOX_CONF['aftersave_admin'] === 'list') { $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/profile.php"; $item_url = COM_buildURL($url); $target = 'item'; } else { $url = $_CONF['site_url'] . "/userbox/profile.php"; $url .= "?"; //コード使用の時 if ($_USERBOX_CONF['datacode']) { $url .= "code=" . $username; $url .= "&m=code"; } else { $url .= "id=" . $id; $url .= "&m=id"; } $item_url = COM_buildUrl($url); $target = $_USERBOX_CONF['aftersave_admin']; } } $return_page = PLG_afterSaveSwitch($target, $item_url, 'userbox', 1); echo $return_page; exit; }
function prepareStringForDB($message, $postmode = "html", $censor = TRUE, $htmlfilter = TRUE) { global $CONF_FORUM; if ($censor) { $message = COM_checkWords($message); } if ($postmode == 'html') { if ($htmlfilter) { // Need to call addslahes again as COM_checkHTML stips it out $message = addslashes(COM_checkHTML($message)); } elseif (!get_magic_quotes_gpc()) { $message = addslashes($message); } } else { if (get_magic_quotes_gpc()) { $message = @htmlspecialchars($message, ENT_QUOTES, $CONF_FORUM['charset']); } else { $message = addslashes(@htmlspecialchars($message, ENT_QUOTES, $CONF_FORUM['charset'])); } } return $message; }
function MG_watermarkUploadSave() { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03; // ok, we just check the type, we will accept png,jpg for now... $retval = '<h2>' . $LANG_MG03['upload_results'] . '</h2>'; $T = COM_newTemplate(MG_getTemplatePath(0)); $T->set_file('mupload', 'useruploadstatus.thtml'); $statusMsg = ''; $errors = 0; $file = array(); $file = $_FILES['newmedia']; $public = isset($_POST['wm_public']) ? COM_applyFilter($_POST['wm_public'], true) : 0; foreach ($file['name'] as $key => $name) { $filename = $file['name'][$key]; $filetype = $file['type'][$key]; $filesize = $file['size'][$key]; $filetmp = $file['tmp_name'][$key]; $error = $file['error'][$key]; $description = $_POST['description'][$key]; if ($filesize > 65536) { // right now we hard coded 64kb COM_errorLog("MG Upload: File " . $filename . " exceeds maximum allowed filesize for this album"); $tmpmsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'], $filename); $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; continue; } if ($error != UPLOAD_ERR_OK) { switch ($error) { case 1: $tmpmsg = sprintf($LANG_MG02['upload_too_big'], $filename); $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; COM_errorLog('Media Gallery Error - ' . $tmpmsg); break; case 2: $tmpmsg = sprintf($LANG_MG02['upload_too_big_html'], $filename); $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; COM_errorLog('Media Gallery Error - ' . $tmpmsg); break; case 3: $tmpmsg = sprintf($LANG_MG02['partial_upload'], $filename); $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; COM_errorLog('Media Gallery Error - ' . $tmpmsg); break; case 4: $tmpmsg = $LANG_MG02['no_file_uploaded']; $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; COM_errorLog('Media Gallery Error - ' . $tmpmsg); break; case 6: $statusMsg .= $LANG_MG02['missing_tmp'] . '<br' . XHTML . '>'; break; case 7: $statusMsg .= $LANG_MG02['disk_fail'] . '<br' . XHTML . '>'; break; default: $statusMsg .= $LANG_MG02['unknown_err'] . '<br' . XHTML . '>'; break; } continue; } $uid = $_USER['uid']; if ($public == 1) { $uid = 0; } //This will set the Content-Type to the appropriate setting for the file $file_extension = strtolower(substr(strrchr($filename, "."), 1)); switch ($file_extension) { case "png": $filetype = "image/png"; break; case "jpg": $filetype = "image/jpeg"; break; case "gif": $filetype = "image/gif"; break; default: $statusMsg .= $filename . $LANG_MG02['unsupported_wm_type']; continue; break; } $sql = "SELECT MAX(wm_id) + 1 AS nextwm_id FROM " . $_TABLES['mg_watermarks']; $result = DB_query($sql); $row = DB_fetchArray($result); $wm_id = $row['nextwm_id']; if ($wm_id < 1) { $wm_id = 1; } if ($wm_id == 0) { COM_errorLog("Media Gallery Error - Returned 0 as wm_id"); $wm_id = 1; } $wm_filename = $_MG_CONF['path_html'] . 'watermarks/' . $uid . '_' . $filename; if (file_exists($wm_filename)) { $statusMsg .= sprintf($LANG_MG02['wm_already_exists'], $filename); } else { $rc = move_uploaded_file($filetmp, $wm_filename); if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file....rc = " . $rc); $statusMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { chmod($wm_filename, 0644); $media_title_safe = substr($description, 0, 254); if ($_MG_CONF['htmlallowed'] != 1) { $media_title = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($media_title_safe))))); } else { $media_title = addslashes(htmlspecialchars(COM_checkHTML(COM_checkWords(COM_killJS($media_title_safe))))); } $saveFileName = addslashes($uid . '_' . $filename); $sql = "INSERT INTO {$_TABLES['mg_watermarks']} (wm_id,owner_id,filename,description)\n VALUES ({$wm_id},'{$uid}','{$saveFileName}','{$media_title}')"; DB_query($sql); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Updating Album information"); } if (DB_error()) { COM_errorLog("MediaGallery: Error inserting watermark data into database"); @unlink($wm_filename); $statusMsg .= $filename . " - " . DB_error(); } else { $statusMsg .= $filename . $LANG_MG02['wm_success']; } } } } $T->set_var('status_message', $statusMsg); $tmp = $_MG_CONF['site_url'] . '/admin.php?album_id=0&mode=wmmanage'; $redirect = sprintf($LANG_MG01['watermark_redirect'], $tmp); $T->set_var('redirect', $redirect); $retval .= $T->finish($T->parse('output', 'mupload')); return $retval; }
/** * Displays the Static Page Editor * * @param string $sp_id ID of static page to edit * @param string $mode Mode * @param string $editor Editor mode? (unused?) * @return string HTML for static pages editor * */ function staticpageeditor($sp_id, $mode = '', $editor = '') { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG_STATIC, $_SP_CONF; $retval = ''; if (!empty($sp_id) && $mode == 'edit') { $result = DB_query("SELECT *,UNIX_TIMESTAMP(modified) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3)); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $A['sp_old_id'] = $A['sp_id']; } } elseif ($mode == 'edit') { // check if a new sp_id has been suggested $sp_new_id = ''; if (isset($_GET['sp_new_id'])) { $sp_new_id = COM_applyFilter($_GET['sp_new_id']); } if (empty($sp_new_id)) { $A['sp_id'] = COM_makesid(); } else { $A['sp_id'] = $sp_new_id; } $A['owner_id'] = $_USER['uid']; $A['unixdate'] = time(); $A['sp_help'] = ''; $A['sp_old_id'] = ''; $A['commentcode'] = $_SP_CONF['comment_code']; $A['sp_where'] = 1; // default new pages to "top of page" $A['draft_flag'] = $_SP_CONF['draft_flag']; $A['cache_time'] = $_SP_CONF['default_cache_time']; $A['template_flag'] = ''; // Defaults to not a template $A['template_id'] = ''; // Defaults to None if ($_USER['advanced_editor'] == 1) { $A['postmode'] = 'adveditor'; } } elseif (!empty($sp_id) && $mode == 'clone') { $result = DB_query("SELECT *,UNIX_TIMESTAMP(modified) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3)); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $A['sp_id'] = COM_makesid(); $A['clone_sp_id'] = $sp_id; // need this so we can load the correct topics $A['owner_id'] = $_USER['uid']; $A['unixdate'] = time(); $A['sp_hits'] = 0; $A['sp_old_id'] = ''; $A['commentcode'] = $_SP_CONF['comment_code']; } } else { $A = $_POST; if (empty($A['unixdate'])) { $A['unixdate'] = time(); } $A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']), 'staticpages.edit'); } if (isset($A)) { if (isset($A['sp_title'])) { $A['sp_title'] = strip_tags($A['sp_title']); } if (isset($A['sp_page_title'])) { $A['sp_page_title'] = strip_tags($A['sp_page_title']); } if (isset($A['meta_description'])) { $A['meta_description'] = strip_tags($A['meta_description']); } if (isset($A['meta_keywords'])) { $A['meta_keywords'] = strip_tags($A['meta_keywords']); } $A['editor'] = $editor; $retval = staticpageeditor_form($A); } else { $retval = COM_showMessageText($LANG_STATIC['deny_msg'], $LANG_ACCESS['accessdenied']); } return $retval; }
function _loadFromArgs(&$array) { $corder = trim($array['corder']); $this->_owner_id = COM_applyFilter($array['owner_id'], true); $this->_group_id = COM_applyFilter($array['group_id'], true); $this->_cid = COM_applyFilter(trim($array['cid'])); $this->_old_cid = COM_applyFilter(trim($array['old_cid'])); $this->_pid = COM_applyFilter(trim($array['pid'])); $this->_corder = empty($corder) ? 0 : COM_applyFilter($corder, true); $this->_imgurl = COM_applyFilter($array['imgurl']); $this->_imgurlold = COM_applyFilter($array['imgurlold']); $this->_title = COM_checkHTML(COM_checkWords(trim($array['title']))); $this->_is_enabled = $array['is_enabled'] == 'on' ? 1 : 0; $this->_deleteimg = $array['deleteimg'] == 'on' ? 1 : 0; // Convert array values to numeric permission values list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']); $this->_editor_mode = COM_applyFilter($array['editor_mode']); }
function MG_saveMediaEdit($album_id, $media_id, $actionURL) { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03; $back = COM_applyFilter($_POST['rpath']); if ($back != '') { $actionURL = $back; } $queue = COM_applyFilter($_POST['queue'], true); $replacefile = 0; if (isset($_POST['replacefile'])) { $replacefile = COM_applyFilter($_POST['replacefile']); } if ($replacefile == 1) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $repfilename = $_FILES['repfilename']; $filename = $repfilename['name']; $file = $repfilename['tmp_name']; $opt = array('replace' => $media_id); list($rc, $msg) = MG_getFile($file, $filename, $album_id, $opt); COM_errorLog($msg); } // see if we had an attached thumbnail before... $thumb = $_FILES['attthumb']; $thumbnail = $thumb['tmp_name']; $att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0; $attachtn = $att == 1 ? 1 : 0; $table = $queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']; $old_attached_tn = DB_getItem($table, 'media_tn_attached', 'media_id="' . addslashes($media_id) . '"'); if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') { $attachtn = 0; } $remove_old_tn = 0; if ($old_attached_tn == 1 && $attachtn == 0) { $remove_old_tn = 1; } $remote_media = DB_getItem($table, 'remote_media', 'media_id="' . addslashes($media_id) . '"'); $remote_url = addslashes(COM_stripslashes($_POST['remoteurl'])); if ($_MG_CONF['htmlallowed']) { $media_title = COM_checkWords(COM_stripslashes($_POST['media_title'])); $media_desc = COM_checkWords(COM_stripslashes($_POST['media_desc'])); } else { $media_title = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_title'])))); $media_desc = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_desc'])))); } $media_time_month = COM_applyFilter($_POST['media_month']); $media_time_day = COM_applyFilter($_POST['media_day']); $media_time_year = COM_applyFilter($_POST['media_year']); $media_time_hour = COM_applyFilter($_POST['media_hour']); $media_time_minute = COM_applyFilter($_POST['media_minute']); $original_filename = COM_applyFilter(COM_stripslashes($_POST['original_filename'])); if ($replacefile == 1) { $original_filename = $filename; } $cat_id = COM_applyFilter($_POST['cat_id'], true); $media_keywords = COM_stripslashes($_POST['media_keywords']); $media_keywords_safe = substr($media_keywords, 0, 254); $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe)))); $artist = addslashes(COM_applyFilter(COM_stripslashes($_POST['artist']))); $musicalbum = addslashes(COM_applyFilter(COM_stripslashes($_POST['musicalbum']))); $genre = addslashes(COM_applyFilter(COM_stripslashes($_POST['genre']))); $media_time = mktime($media_time_hour, $media_time_minute, 0, $media_time_month, $media_time_day, $media_time_year, 1); $owner_sql = ''; if (isset($_POST['owner_name'])) { $owner_id = COM_applyFilter($_POST['owner_name'], true); $owner_sql = ',media_user_id=' . $owner_id . ' '; } $sql = "UPDATE " . $table . "\n SET media_title='" . addslashes($media_title) . "',\n media_desc='" . addslashes($media_desc) . "',\n media_original_filename='" . addslashes($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . addslashes($media_id) . "'"; DB_query($sql); if (DB_error() != 0) { echo COM_errorLog("Media Gallery: ERROR Updating image in media database"); } PLG_itemSaved($media_id, 'mediagallery'); // process playback options if any... if (isset($_POST['autostart'])) { // asf $opt['autostart'] = COM_applyFilter($_POST['autostart'], true); $opt['enablecontextmenu'] = COM_applyFilter($_POST['enablecontextmenu'], true); $opt['stretchtofit'] = isset($_POST['stretchtofit']) ? COM_applyFilter($_POST['stretchtofit'], true) : 0; $opt['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true); $opt['uimode'] = COM_applyFilter($_POST['uimode']); $opt['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0; $opt['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0; $opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0; $opt['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0; $opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; if ($opt['playcount'] < 1) { $opt['playcount'] = 1; } MG_savePBOption($media_id, 'autostart', $opt['autostart'], true); MG_savePBOption($media_id, 'enablecontextmenu', $opt['enablecontextmenu'], true); if ($opt['stretchtofit'] != '') { MG_savePBOption($media_id, 'stretchtofit', $opt['stretchtofit'], true); } MG_savePBOption($media_id, 'showstatusbar', $opt['showstatusbar'], true); MG_savePBOption($media_id, 'uimode', $opt['uimode']); MG_savePBOption($media_id, 'height', $opt['height'], true); MG_savePBOption($media_id, 'width', $opt['width'], true); MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']); MG_savePBOption($media_id, 'playcount', $opt['playcount'], true); MG_savePBOption($media_id, 'loop', $opt['loop'], true); } if (isset($_POST['play'])) { // swf $opt['play'] = COM_applyFilter($_POST['play'], true); $opt['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : 0; $opt['quality'] = isset($_POST['quality']) ? COM_applyFilter($_POST['quality']) : ''; $opt['flashvars'] = isset($_POST['flashvars']) ? COM_applyFilter($_POST['flashvars']) : ''; $opt['height'] = COM_applyFilter($_POST['height'], true); $opt['width'] = COM_applyFilter($_POST['width'], true); $opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; $opt['scale'] = isset($_POST['scale']) ? COM_applyFilter($_POST['scale']) : ''; $opt['wmode'] = isset($_POST['wmode']) ? COM_applyFilter($_POST['wmode']) : ''; $opt['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? COM_applyFilter($_POST['allowscriptaccess']) : ''; $opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : ''; $opt['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9; MG_savePBOption($media_id, 'play', $opt['play'], true); if ($opt['menu'] != '') { MG_savePBOption($media_id, 'menu', $opt['menu'], true); } MG_savePBOption($media_id, 'quality', $opt['quality']); MG_savePBOption($media_id, 'flashvars', $opt['flashvars']); MG_savePBOption($media_id, 'height', $opt['height'], true); MG_savePBOption($media_id, 'width', $opt['width'], true); MG_savePBOption($media_id, 'loop', $opt['loop'], true); MG_savePBOption($media_id, 'scale', $opt['scale']); MG_savePBOption($media_id, 'wmode', $opt['wmode']); MG_savePBOption($media_id, 'allowscriptaccess', $opt['allowscriptaccess']); MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']); MG_savePBOption($media_id, 'swf_version', $opt['swf_version'], true); } if (isset($_POST['autoplay'])) { // quicktime $opt['autoplay'] = COM_applyFilter($_POST['autoplay'], true); $opt['autoref'] = COM_applyFilter($_POST['autoref'], true); $opt['controller'] = COM_applyFilter($_POST['controller'], true); $opt['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true); $opt['scale'] = COM_applyFilter($_POST['scale']); $opt['height'] = COM_applyFilter($_POST['height'], true); $opt['width'] = COM_applyFilter($_POST['width'], true); $opt['bgcolor'] = COM_applyFilter($_POST['bgcolor']); $opt['loop'] = COM_applyFilter($_POST['loop'], true); MG_savePBOption($media_id, 'autoref', $opt['autoref'], true); MG_savePBOption($media_id, 'autoplay', $opt['autoplay'], true); MG_savePBOption($media_id, 'controller', $opt['controller'], true); MG_savePBOption($media_id, 'kioskmode', $opt['kioskmode'], true); MG_savePBOption($media_id, 'scale', $opt['scale']); MG_savePBOption($media_id, 'height', $opt['height'], true); MG_savePBOption($media_id, 'width', $opt['width'], true); MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor'], true); MG_savePBOption($media_id, 'loop', $opt['loop'], true); } if ($attachtn == 1 && $thumbnail != '') { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"'); $thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $thumbnail, $thumbFilename); } if ($remove_old_tn == 1) { $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"'); $tmpstr = 'tn/' . $media_filename[0] . '/tn_' . $media_filename; $ext = Media::getMediaExt($_MG_CONF['path_mediaobjects'] . $tmpstr); if (!empty($ext)) { @unlink($_MG_CONF['path_mediaobjects'] . $tmpstr . $ext); } } if ($queue) { echo COM_refresh($actionURL); } else { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildAlbumRSS($album_id); echo COM_refresh($actionURL); } exit; }
function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // clean 'em up $description = addslashes(COM_checkHTML(COM_checkWords($description), 'links.edit')); $category = addslashes(COM_checkHTML(COM_checkWords($category), 'links.edit')); $pid = addslashes(strip_tags($pid)); $cid = addslashes(strip_tags($cid)); $old_cid = addslashes(strip_tags($old_cid)); if (empty($category) || empty($description)) { return 7; } // Check cid to make sure not illegal if ($cid == addslashes($_LI_CONF['root']) || $cid == 'user') { return 11; } if (!empty($cid) && $cid != $old_cid) { // this is either a new category or an attempt to change the cid // - check that cid doesn't exist yet $ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'"); if (!empty($ctrl)) { if (isset($PLG_links_MESSAGE17)) { return 17; } else { return 11; } } } // Check that they didn't delete the cid. If so, get the hidden one if (empty($cid) && !empty($old_cid)) { $cid = $old_cid; } // Make sure they aren't making a parent category child of one of it's own // children. This would create orphans if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) { return 12; } $access = 0; if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) { // update existing item, but new cid so get access from database with old cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); // set flag $update = "existing"; } else { if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // update existing item, same cid, so get access from database with existing cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); // set flag $update = "same"; } else { // new item, so use passed values $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); // set flag $update = 'new'; } } if ($access < 3) { // no access rights: user should not be here COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid)); return 6; } else { // save item if ($update == 'existing') { // update an existing item but new cid $sql = "UPDATE {$_TABLES['linkcategories']}\n SET cid='{$cid}',\n pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$old_cid}'"; $result = DB_query($sql); // Also need to update links for this category $sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'"; $result = DB_query($sql); } else { if ($update == 'same') { // update an existing item $sql = "UPDATE {$_TABLES['linkcategories']}\n SET pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$cid}'"; $result = DB_query($sql); } else { // insert a new item if (empty($cid)) { $cid = COM_makeSid(); } $sql = "INSERT INTO {$_TABLES['linkcategories']}\n (cid, pid, category, description, tid,\n created,modified,\n owner_id, group_id, perm_owner, perm_group,\n perm_members, perm_anon)\n VALUES\n ('{$cid}','{$pid}','{$category}',\n '{$description}','{$tid}',\n NOW(),NOW(),\n '{$owner_id}','{$group_id}','{$perm_owner}',\n '{$perm_group}','{$perm_members}','{$perm_anon}')"; $result = DB_query($sql); } } if ($update == 'existing' && $cid != $old_cid) { PLG_itemSaved($cid, 'links.category', $old_cid); } else { PLG_itemSaved($cid, 'links.category'); } } return 10; // success message }
$folder_icon = _ff_getImage('locked'); $folder_msg = $LANG_GF02['msg114']; } else { $folderimg = '<img src="' . _ff_getImage('noposts') . '" style="vertical-align:middle;" alt="' . $LANG_GF02['msg59'] . '" title="' . $LANG_GF02['msg59'] . '"/>'; $folder_icon = _ff_getImage('noposts'); $folder_msg = $LANG_GF02['msg59']; } $lastposter = $lastreply['name']; $moved = ''; if ($record['moved'] == 1) { $moved = "{$LANG_GF01['MOVED']}: "; } $subject = COM_truncate($record['subject'], $_FF_CONF['show_subject_length'], '...'); if ($_FF_CONF['use_censor']) { $subject = COM_checkWords($subject); $record['subject'] = COM_checkWords($record['subject']); } if ($record['attachments'] > 0) { $subject = $subject . ' <img src="' . $_CONF['site_url'] . '/forum/images/document_sm.gif" alt=""/>'; } $firstposterName = $record['name']; $topicinfo = htmlspecialchars($record['subject']) . '::' . htmlspecialchars(preg_replace('#\\r?\\n#', '<br/>', substr(strip_tags($record['comment']), 0, $_FF_CONF['contentinfo_numchars']) . '...')); $topiclisting->set_var(array('folderimg' => $folderimg, 'folder_icon' => $folder_icon, 'folder_msg' => $folder_msg, 'topicinfo' => $topicinfo, 'topic_id' => $record['id'], 'subject' => $subject, 'author' => $record['uid'] > 1 ? '<a href="' . $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $record['uid'] . '">' . $record['name'] . '</a>' : $record['name'], 'fullsubject' => $record['subject'], 'gotomsg' => $gotomsg, 'displaypageslink' => $displaypageslink, 'showuserlink' => $showuserlink, 'lastposter' => $lastposter, 'LANG_lastpost' => $LANG_GF02['msg188'], 'moved' => $moved, 'views' => $record['views'], 'replies' => $record['replies'], 'lastdate' => $lastdate, 'lastpostid' => $record['lpid'], 'LANG_BY' => $LANG_GF01['BY'], 'startdate' => $firstdate)); $topiclisting->parse('trow', 'topicrows', true); $displayCount++; } $topiclisting->set_var('pagenavigation', forum_pagination($base_url, $page, $numpages)); $topiclisting->set_var('page', $page); $topiclisting->set_var('num_pages', $numpages); if ($displayCount > 0) { $topiclisting->set_var('records_displayed', true);
function MG_saveMediaEdit($album_id, $media_id, $actionURL) { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $_POST, $_FILES; $back = COM_applyFilter($_POST['rpath']); if ($back != '') { $sLength = strlen($_CONF['site_url']); if (substr($back, 0, $sLength) != $_CONF['site_url']) { $back = $_CONF['site_url']; } $actionURL = $back; } $queue = COM_applyFilter($_POST['queue'], true); if (isset($_POST['replacefile'])) { $replacefile = COM_applyFilter($_POST['replacefile']); } else { $replacefile = 0; } if ($replacefile == 1) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $repfilename = $_FILES['repfilename']; $filename = $repfilename['name']; $file = $repfilename['tmp_name']; list($rc, $msg) = MG_getFile($file, $filename, $album_id, '', '', 1, 0, '', 0, '', '', 0, 0, $media_id); COM_errorLog($msg); } // see if we had an attached thumbnail before... $thumb = $_FILES['attthumb']; $thumbnail = $thumb['tmp_name']; $att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0; if ($att == 1) { $attachtn = 1; } else { $attachtn = 0; } if ($queue) { $old_attached_tn = DB_getItem($_TABLES['mg_mediaqueue'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"'); } else { $old_attached_tn = DB_getItem($_TABLES['mg_media'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"'); } if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') { $attachtn = 0; } if ($old_attached_tn == 1 && $attachtn == 0) { $remove_old_tn = 1; } else { $remove_old_tn = 0; } if ($queue) { $remote_media = DB_getItem($_TABLES['mg_mediaqueue'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"'); } else { $remote_media = DB_getItem($_TABLES['mg_media'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"'); } if ($remote_media) { $remote_url = isset($_POST['remoteurl']) ? DB_escapeString($_POST['remoteurl']) : ''; } else { $remote_url = ''; } if ($_MG_CONF['htmlallowed']) { $media_title = COM_checkWords($_POST['media_title']); $media_desc = COM_checkWords($_POST['media_desc']); } else { $media_title = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_title']))); $media_desc = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_desc']))); } $media_time_month = COM_applyFilter($_POST['media_month']); $media_time_day = COM_applyFilter($_POST['media_day']); $media_time_year = COM_applyFilter($_POST['media_year']); $media_time_hour = COM_applyFilter($_POST['media_hour']); $media_time_minute = COM_applyFilter($_POST['media_minute']); $original_filename = COM_applyFilter($_POST['original_filename']); if ($replacefile == 1) { $original_filename = $filename; } $cat_id = COM_applyFilter($_POST['cat_id'], true); $media_keywords = $_POST['media_keywords']; $media_keywords_safe = substr($media_keywords, 0, 254); $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe)))); $artist = isset($_POST['artist']) ? DB_escapeString(COM_applyFilter($_POST['artist'])) : ''; $musicalbum = isset($_POST['musicalbum']) ? DB_escapeString(COM_applyFilter($_POST['musicalbum'])) : ''; $genre = isset($_POST['genre']) ? DB_escapeString(COM_applyFilter($_POST['genre'])) : ''; $dtObject = new Date('now', $_USER['tzid']); $dtObject->setDateTimestamp($media_time_year, $media_time_month, $media_time_day, $media_time_hour, $media_time_minute, 0); $media_time = $dtObject->toUnix(); if (isset($_POST['owner_name'])) { $owner_id = COM_applyFilter($_POST['owner_name'], true); $owner_sql = ',media_user_id=' . $owner_id . ' '; } else { $owner_sql = ''; } $sql = "UPDATE " . ($queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . "\n SET media_title='" . DB_escapeString($media_title) . "',\n media_desc='" . DB_escapeString($media_desc) . "',\n media_original_filename='" . DB_escapeString($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . DB_escapeString($media_id) . "'"; DB_query($sql); if (DB_error() != 0) { echo COM_errorLog("Media Gallery: ERROR Updating image in media database"); } PLG_itemSaved($media_id, 'mediagallery'); $media_id_db = DB_escapeString($media_id); // process playback options if any... if (isset($_POST['autostart'])) { // asf $playback_option['autostart'] = intval(COM_applyFilter($_POST['autostart'], true)); $playback_option['enablecontextmenu'] = intval(COM_applyFilter($_POST['enablecontextmenu'], true)); $playback_option['stretchtofit'] = isset($_POST['stretchtofit']) ? intval(COM_applyFilter($_POST['stretchtofit'], true)) : 0; $playback_option['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true); $playback_option['uimode'] = COM_applyFilter($_POST['uimode']); $playback_option['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0; $playback_option['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0; $playback_option['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0; $playback_option['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0; $playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; if ($playback_option['playcount'] < 1) { $playback_option['playcount'] = 1; } DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autostart',{$playback_option['autostart']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','enablecontextmenu',{$playback_option['enablecontextmenu']}"); if ($playback_option['stretchtofit'] != '') { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','stretchtofit',{$playback_option['stretchtofit']}"); } DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','showstatusbar',{$playback_option['showstatusbar']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','uimode', '{$playback_option['uimode']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','playcount','{$playback_option['playcount']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'"); } if (isset($_POST['play'])) { //swf $playback_option['play'] = COM_applyFilter($_POST['play'], true); $playback_option['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : ''; $playback_option['quality'] = isset($_POST['quality']) ? DB_escapeString(COM_applyFilter($_POST['quality'])) : ''; $playback_option['flashvars'] = isset($_POST['flashvars']) ? DB_escapeString(COM_applyFilter($_POST['flashvars'])) : ''; $playback_option['height'] = COM_applyFilter($_POST['height'], true); $playback_option['width'] = COM_applyFilter($_POST['width'], true); $playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; $playback_option['scale'] = isset($_POST['scale']) ? DB_escapeString(COM_applyFilter($_POST['scale'])) : ''; $playback_option['wmode'] = isset($_POST['wmode']) ? DB_escapeString(COM_applyFilter($_POST['wmode'])) : ''; $playback_option['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? DB_escapeString(COM_applyFilter($_POST['allowscriptaccess'])) : ''; $playback_option['bgcolor'] = isset($_POST['bgcolor']) ? DB_escapeString(COM_applyFilter($_POST['bgcolor'])) : ''; $playback_option['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9; DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','play', {$playback_option['play']}"); if ($playback_option['menu'] != '') { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','menu', {$playback_option['menu']}"); } DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','quality', '{$playback_option['quality']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height', {$playback_option['height']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width', {$playback_option['width']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','flashvars', '{$playback_option['flashvars']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale', '{$playback_option['scale']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','wmode', '{$playback_option['wmode']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop', '{$playback_option['loop']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','allowscriptaccess','{$playback_option['allowscriptaccess']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor', '{$playback_option['bgcolor']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id}','swf_version', '{$playback_option['swf_version']}'"); } if (isset($_POST['autoplay'])) { //quicktime $playback_option['autoplay'] = COM_applyFilter($_POST['autoplay'], true); $playback_option['autoref'] = COM_applyFilter($_POST['autoref'], true); $playback_option['controller'] = COM_applyFilter($_POST['controller'], true); $playback_option['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true); $playback_option['scale'] = DB_escapeString(COM_applyFilter($_POST['scale'])); $playback_option['height'] = COM_applyFilter($_POST['height'], true); $playback_option['width'] = COM_applyFilter($_POST['width'], true); $playback_option['bgcolor'] = COM_applyFilter($_POST['bgcolor']); $playback_option['loop'] = COM_applyFilter($_POST['loop'], true); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoref',{$playback_option['autoref']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoplay',{$playback_option['autoplay']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','controller',{$playback_option['controller']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','kioskmode',{$playback_option['kioskmode']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale','{$playback_option['scale']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'"); } if ($attachtn == 1 && $thumbnail != '') { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"'); $thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $thumbnail, $thumbFilename); } if ($remove_old_tn == 1) { $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"'); foreach ($_MG_CONF['validExtensions'] as $ext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext)) { @unlink($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext); break; } } } if ($queue) { echo COM_refresh($_MG_CONF['site_url'] . '/admin.php?album_id=' . $album_id . '&mode=moderate'); } else { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildAlbumRSS($album_id); CACHE_remove_instance('whatsnew'); echo COM_refresh($actionURL); } exit; }
function MG_getRemote($URL, $mimeType, $albumId, $caption, $description, $keywords, $category, $attachedThumbnail, $thumbnail, $resolution_x, $resolution_y) { global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id; if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Entering MG_getRemote()"); COM_errorLog("MG Upload: URL to process: " . htmlentities($URL)); } $resolution_x = 0; $resolution_y = 0; $urlArray = array(); $urlArray = parse_url($URL); // make sure we have the proper permissions to upload to this album.... $sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($albumId); $aResult = DB_query($sql); $aRows = DB_numRows($aResult); if ($aRows != 1) { $errMsg = $LANG_MG02['album_nonexist']; // "Album does not exist, unable to process uploads"; return array(false, $errMsg); } $albumInfo = DB_fetchArray($aResult); $access = SEC_hasAccess($albumInfo['owner_id'], $albumInfo['group_id'], $albumInfo['perm_owner'], $albumInfo['perm_group'], $albumInfo['perm_members'], $albumInfo['perm_anon']); if ($access != 3 && !$MG_albums[0]->owner_id && $albumInfo['member_uploads'] == 0) { COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1); return array(false, $LANG_MG00['access_denied_msg']); } $errors = 0; $errMsg = ''; sleep(1); // We do this to make sure we don't get dupe sid's $new_media_id = COM_makesid(); $media_time = time(); $media_upload_time = time(); $media_user_id = $_USER['uid']; // we expect the mime type (player type) to be passed to this function // - Image // - Video - Windows Media // - Video - QuickTime // - Video - Flash Video // - Audio - Windows Media // - Audio - QuickTime // - Audio - MP3 // - Embed - YouTube/Google/etc... switch ($mimeType) { case 'embed': $format_type = MG_EMB; $mimeExt = 'flv'; $mediaType = 5; break; case 'image/gif': $format_type = MG_GIF; $mimeExt = 'gif'; $mediaType = 0; break; case 'image/jpg': $format_type = MG_JPG; $mimeExt = 'jpg'; $mediaType = 0; break; case 'image/png': $format_type = MG_PNG; $mimeExt = 'png'; $mediaType = 0; break; case 'image/bmp': $format_type = MG_BMP; $mimeExt = 'bmp'; $mediaType = 0; break; case 'application/x-shockwave-flash': $format_type = MG_SWF; $mimeExt = 'swf'; $mediaType = 1; break; case 'video/quicktime': $format_type = MG_MOV; $mimeExt = 'mov'; $mediaType = 1; break; case 'video/x-flv': $format_type = MG_RFLV; $mimeExt = 'flv'; $mediaType = 1; break; case 'video/x-ms-asf': $format_type = MG_ASF; $mimeExt = 'asf'; $mediaType = 1; break; case 'audio/mpeg': $format_type = MG_MP3; $mimeExt = 'mp3'; $mediaType = 2; break; case 'audio/x-ms-wma': $format_type = MG_ASF; $mimeExt = 'wma'; $mediaType = 2; break; } if (!($MG_albums[$albumId]->valid_formats & $format_type)) { return array(false, $LANG_MG02['format_not_allowed']); } // create the unique filename to store this under do { clearstatcache(); $media_filename = md5(uniqid(rand())); } while (MG_file_exists($media_filename)); $disp_media_filename = $media_filename . '.' . $mimeExt; // for remote files this will be a 0 byte file if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename); } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Mime Type: " . $mimeType); } // now we pretent to process the file $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $media_time = time(); // create a 0 byte file in the orig directory... touch($media_orig); if ($errors) { COM_errorLog("MG Upload: Problem uploading a media object"); return array(false, $errMsg); } // Now we need to process an uploaded thumbnail if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: attachedThumbnail: " . $attachedThumbnail); COM_errorLog("MG Upload: thumbnail: " . $thumbnail); } if ($attachedThumbnail == 1 && $thumbnail != '') { // see if it is remote, if yes go get it... if (preg_match("/http/i", $thumbnail)) { $tmp_thumbnail = $_MG_CONF['tmp_path'] . '/' . $media_filename . '.jpg'; $rc = MG_getRemoteThumbnail($thumbnail, $tmp_thumbnail); $tmp_image_size = @getimagesize($tmp_thumbnail); if ($tmp_image_size != false) { $resolution_x = $tmp_image_size[0]; $resolution_y = $tmp_image_size[1]; } $thumbnail = $tmp_thumbnail; } else { $rc = true; } if ($rc == true) { $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($albumId, $thumbnail, $saveThumbnailName); } } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Building SQL and preparing to enter database"); } if ($_MG_CONF['htmlallowed'] != 1) { $media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description))))); $media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption))))); $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords))))); } else { $media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description))); $media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption))); $media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords))); } // Check and see if moderation is on. If yes, place in mediasubmission if ($albumInfo['moderate'] == 1 && !$MG_albums[0]->owner_id) { // && !SEC_hasRights('mediagallery.create')) { $tableMedia = $_TABLES['mg_mediaqueue']; $tableMediaAlbum = $_TABLES['mg_media_album_queue']; $queue = 1; } else { $tableMedia = $_TABLES['mg_media']; $tableMediaAlbum = $_TABLES['mg_media_albums']; $queue = 0; } $pathParts = array(); $pathParts = explode('/', $urlArray['path']); $ppCount = count($pathParts); $pPath = ''; for ($i = 1; $i < $ppCount - 1; $i++) { $pPath .= '/' . $pathParts[$i]; } $videoFile = $pathParts[$ppCount - 1]; if ($mediaType != 5) { $original_filename = $videoFile; } else { $original_filename = ''; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Inserting media record into mg_media"); } if (($resolution_x == 0 || $resolution_y == 0) && $mediaType != 0) { $resolution_x = 320; $resolution_y = 240; } $remoteURL = DB_escapeString($URL); $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url)\n VALUES ('" . DB_escapeString($new_media_id) . "','" . DB_escapeString($media_filename) . "','" . DB_escapeString($original_filename) . "','" . DB_escapeString($mimeExt) . "','1','" . DB_escapeString($mimeType) . "','{$media_caption}','{$media_desc}','{$media_keywords}','" . DB_escapeString($media_time) . "','0','0','0','0.00','" . DB_escapeString($attachedThumbnail) . "','','1','" . intval($media_user_id) . "','','0','" . DB_escapeString($mediaType) . "','" . DB_escapeString($media_upload_time) . "','" . DB_escapeString($category) . "','0','0','0',{$resolution_x},{$resolution_y},1,'{$remoteURL}');"; DB_query($sql); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Updating Album information"); } $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . intval($albumId); $result = DB_query($sql); $row = DB_fetchArray($result); $media_seq = $row['media_seq']; if ($media_seq < 10) { $media_seq = 10; } $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('" . DB_escapeString($new_media_id) . "', " . intval($albumId) . ", {$media_seq} )"; DB_query($sql); if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0) { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'"); } // update the media count for the album, only if no moderation... if ($queue == 0) { $media_count = $albumInfo['media_count'] + 1; DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $albumInfo['album_id'] . "'"); if ($albumInfo['album_cover'] == -1 && ($mediaType == 0 || $attachedThumbnail == 1)) { if ($attachedThumbnail == 1) { $covername = 'tn_' . $media_filename; } else { $covername = $media_filename; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Setting album cover filename to " . $covername); } DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $albumInfo['album_id'] . "'"); } } if ($queue) { $errMsg .= $LANG_MG01['successful_upload_queue']; // ' successfully placed in Moderation queue'; } else { $errMsg .= $LANG_MG01['successful_upload']; // ' successfully uploaded to album'; } if ($queue == 0) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_buildAlbumRSS($albumId); } COM_errorLog("MG Upload: Successfully uploaded a media object"); return array(true, $errMsg); }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF; $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } if (defined('DEMO_MODE')) { $output = COM_siteHeader('menu'); $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true); $output .= COM_siteFooter(); return PLG_REG_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_uid'])) { $args['sp_uid'] = $_USER['uid']; } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if ($args['sp_status'] != 1) { $args['sp_status'] = 0; } if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 4) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['sp_search'] != 1) { $args['sp_search'] = 0; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } else { if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_status = $args['sp_status']; $sp_uid = $args['sp_uid']; $sp_title = $args['sp_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; $sp_search = $args['sp_search']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_label = strip_tags($sp_label); $sp_content = DB_escapeString($sp_content); $sp_title = DB_escapeString($sp_title); $sp_label = DB_escapeString($sp_label); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'"; // multi-language configuration - allow one entire page // centerblock for all or none per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}"); if ($delete_old_page && !empty($sp_old_id)) { DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages')); PLG_itemDeleted($sp_old_id, 'staticpages'); } PLG_itemSaved($sp_id, 'staticpages'); $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages'); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
function MB_saveEditMenuElement() { global $_TABLES; $id = COM_applyFilter($_POST['id'], true); $menu_id = COM_applyFilter($_POST['menu']); $pid = COM_applyFilter($_POST['pid'], true); $label = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($_POST['menulabel'])))); $type = COM_applyFilter($_POST['menutype'], true); $target = COM_applyFilter($_POST['urltarget']); $menu = menu::getInstance($menu_id); if ($type == 0) { $type = 1; } switch ($type) { case 2: $subtype = COM_applyFilter($_POST['glfunction']); break; case 3: $subtype = COM_applyFilter($_POST['gltype'], true); break; case 4: $subtype = COM_applyFilter($_POST['pluginname']); break; case 5: $subtype = COM_applyFilter($_POST['spname']); break; case 6: $subtype = COM_applyFilter($_POST['menuurl']); if (strpos($subtype, "http") !== 0 && strpos($subtype, "%site") === false && $subtype[0] != '#' && rtrim($subtype) != '') { $subtype = 'http://' . $subtype; } break; case 7: $subtype = COM_applyFilter($_POST['phpfunction']); break; case 9: $subtype = COM_applyFIlter($_POST['topicname']); break; default: $subtype = ''; break; } $active = COM_applyFilter($_POST['menuactive'], true); $url = ''; if (isset($_POST['menuurl']) && $_POST['menuurl'] != '') { $url = trim(DB_escapeString(COM_applyFilter($_POST['menuurl']))); if (strpos($url, "http") !== 0 && strpos($url, "%site") === false && $url[0] != '#' && rtrim($url) != '') { $url = 'http://' . $url; } } $group_id = COM_applyFilter($_POST['group'], true); $aid = COM_applyFilter($_POST['menuorder'], true); $aorder = DB_getItem($_TABLES['menu_elements'], 'element_order', 'id=' . $aid); $neworder = $aorder + 1; $sql = "UPDATE {$_TABLES['menu_elements']} SET pid=" . (int) $pid . ", element_order=" . (int) $neworder . ", element_label='{$label}', element_type='{$type}', element_subtype='{$subtype}', element_active={$active}, element_url='{$url}', element_target='" . DB_escapeString($target) . "', group_id=" . (int) $group_id . " WHERE id=" . (int) $id; DB_query($sql); $menu->reorderMenu($pid); }
function prepareStringForDB($message, $postmode = "html", $censor = TRUE, $htmlfilter = TRUE) { global $_FF_CONF; if ($censor) { $message = COM_checkWords($message); } if ($postmode == 'html') { if ($htmlfilter) { // Need to call addslahes again as COM_checkHTML stips it out $message = DB_escapeString(COM_checkHTML($message)); } else { $message = DB_escapeString($message); } } else { $message = DB_escapeString(@htmlspecialchars($message, ENT_QUOTES, COM_getEncodingt())); } return $message; }
/** * Displays the Static Page Editor * * @sp_id string ID of static page to edit * @action string action (edit, clone or null) * @editor string editor to use * */ function PAGE_edit($sp_id, $action = '', $editor = '') { global $_CONF, $_SP_CONF, $_TABLES, $_USER, $LANG_STATIC; if (!empty($sp_id) && $action == 'edit') { $result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3)); $A = DB_fetchArray($result); $A['sp_old_id'] = $A['sp_id']; // // sp_old_id is not null, this is an existing page } elseif ($action == 'edit') { // we're creating a new staticpage, set default values $A['sp_id'] = COM_makesid(); // make a default new/unique staticpage ID based upon the datetime $A['sp_status'] = $_SP_CONF['status_flag']; $A['sp_uid'] = $_USER['uid']; // created by current user $A['unixdate'] = time(); // date/time created $A['sp_help'] = ''; // no help URL $A['sp_old_id'] = ''; // sp_old_id is null, this is a new page $A['commentcode'] = $_SP_CONF['comment_code']; $A['sp_where'] = 1; // top of page $A['sp_search'] = $_SP_CONF['include_search']; } elseif (!empty($sp_id) && $action == 'clone') { // we're creating a new staticpage based upon an old one. get the page to be cloned $result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 2)); $A = DB_fetchArray($result); // override old page values with values unique to this page $A['sp_id'] = COM_makesid(); // make a default new/unique staticpage ID based upon the datetime $sp_id = $A['sp_id']; // to ensure value displayed in field reflects updated value $sp_title = $A['sp_title'] . ' (' . $LANG_STATIC['copy'] . ')'; $A['sp_title'] = $sp_title; // indicate in title that this is a cloned page $A['sp_uid'] = $_USER['uid']; // created by current user $A['unixdate'] = time(); // date/time created $A['sp_hits'] = 0; // reset page hits $A['sp_old_id'] = ''; // sp_old_id is null, this is a new page } else { $A = $_POST; if (empty($A['unixdate'])) { $A['unixdate'] = time(); // update date and time } $A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content'])); } if (isset($A['sp_title'])) { $A['sp_title'] = strip_tags($A['sp_title']); } $A['editor'] = $editor; return PAGE_form($A); }
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno) { global $_CONF; global $_TABLES; global $_USER; $box_conf = "_" . strtoupper($pi_name) . "_CONF"; global ${$box_conf}; $box_conf = ${$box_conf}; $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN"; global ${$lang_box_admin}; $lang_box_admin = ${$lang_box_admin}; $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu"; global ${$lang_box_admin_menu}; $lang_box_admin_menu = ${$lang_box_admin_menu}; $lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE"; global ${$lang_box_inputtype}; $lang_box_inputtype = ${$lang_box_inputtype}; $table = $_TABLES[strtoupper($pi_name) . '_def_group']; $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); $code = COM_applyFilter($_POST['code']); $code = addslashes(COM_checkHTML(COM_checkWords($code))); $name = COM_applyFilter($_POST['name']); $name = addslashes(COM_checkHTML(COM_checkWords($name))); $description = $_POST['description']; //COM_applyFilter($_POST['description']); $description = addslashes(COM_checkHTML(COM_checkWords($description))); $parent_flg = COM_applyFilter($_POST['parent_flg'], true); $input_type = COM_applyFilter($_POST['input_type'], true); $orderno = mb_convert_kana($_POST['orderno'], "a"); //全角英数字を半角英数字に変換する $orderno = COM_applyFilter($orderno, true); //$name = mb_convert_kana($name,"AKV"); //A:半角英数字を全角英数字に変換する //K:半角カタカナを全角カタカナに変換する //V:濁点つきの文字を1文字に変換する (K、H と共に利用する) //$name = str_replace ("'", "’",$name); //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する //----- $type = 1; $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //ID コード if ($id == 0) { //$err.=$lang_box_admin['err_uid']."<br/>".LB; } else { if (!is_numeric($id)) { $err .= $lang_box_admin['err_id'] . "<br/>" . LB; } } //コード if ($code != "") { $cntsql = "SELECT code FROM {$table} "; $cntsql .= " WHERE "; $cntsql .= " code='{$code}' "; $cntsql .= " AND group_id<>{$id}"; $result = DB_query($cntsql); $numrows = DB_numRows($result); if ($numrows != 0) { $err .= $lang_box_admin['err_code_w'] . "<br/>" . LB; } } //タイトル必須 if (empty($name)) { $err .= $lang_box_admin['err_name'] . "<br/>" . LB; } //errorのあるとき if ($err != "") { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err); return $retval; } // CHECK おわり if ($id == 0) { $w = DB_getItem($table, "max(group_id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; } $fields = "group_id"; $values = "{$id}"; $fields .= ",code"; $values .= ",'{$code}'"; $fields .= ",name"; $values .= ",'{$name}'"; $fields .= ",description"; $values .= ",'{$description}'"; $fields .= ",orderno"; // $values .= ",{$orderno}"; $fields .= ",parent_flg"; // $values .= ",{$parent_flg}"; $fields .= ",input_type"; // $values .= ",{$input_type}"; $fields .= ",uuid"; $values .= ",{$uuid}"; $fields .= ",udatetime"; $values .= ",NOW( )"; // // if ($edt_flg){ // $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT; // $return_page.="?id=".$id; // }else{ // $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1'; // } DB_save($table, $fields, $values, $return_page); // $rt=fncsendmail ($id); $message = ""; if ($box_conf['aftersave_admin'] === 'no') { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, ""); return $retval; } else { if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') { $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/group.php"; $item_url = COM_buildURL($url); $target = 'item'; $message = 1; } else { if ($box_conf['aftersave_admin'] === 'admin') { $target = $box_conf['aftersave_admin']; $message = 1; } else { $item_url = $_CONF['site_url'] . $box_conf['top']; $target = $box_conf['aftersave_admin']; } } } $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message); echo $return_page; exit; }
/** * Filter the excerpt of a trackback comment we've received * * Note: Does not truncate the excerpt. * * @param string $excerpt excerpt of the trackback comment * @return string filtered excerpt * */ function TRB_filterExcerpt($excerpt) { return COM_checkWords(strip_tags(COM_stripslashes($excerpt))); }