Exemplo n.º 1
0
 public function testUndoSpecialChars()
 {
     // Line 3048
     $encoded = '$a{b}c>d<e"f g&h';
     $decoded = '$a{b}c>d<e"f g&h';
     $this->assertEquals($decoded, COM_undoSpecialChars($encoded));
 }
Exemplo n.º 2
0
 /**
  *  Creates the edit form
  *  @param integer $id Optional ID, current record used if zero
  *  @return string HTML for edit form
  */
 public function Edit($eid = '', $rp_id = 0, $saveaction = '')
 {
     global $_CONF, $_EV_CONF, $_TABLES, $_USER, $LANG_EVLIST, $LANG_ADMIN, $_GROUPS, $LANG_ACCESS, $_SYSTEM;
     // If an eid is specified and this is an object, then read the
     // event data- UNLESS a repeat ID is given in which case we're
     // editing a repeat and already have the info we need.
     // This probably needs to change, since we should always read event
     // data during construction.
     if (!$this->isSubmitter) {
         // At least submit privilege required
         COM_404();
     } elseif ($eid != '' && $rp_id == 0 && is_object($this)) {
         // If an id is passed in, then read that record
         if (!$this->Read($eid)) {
             return 'Invalid object ID';
         }
     } elseif (isset($_POST['eid']) && !empty($_POST['eid'])) {
         // Returning to an existing form, probably due to errors
         $this->SetVars($_POST);
         // Make sure the current user has access to this event.
         if (!$this->hasAccess(3)) {
             COM_404();
         }
     }
     $T = new Template($_CONF['path'] . 'plugins/evlist/templates/');
     if ($_SYSTEM['disable_jquery_slimbox']) {
         $T->set_file('editor', 'editor.uikit.thtml');
     } else {
         $T->set_file('editor', 'editor.thtml');
     }
     // Basic tabs for editing both events and instances, show up on
     // all edit forms
     //$tabs = array('ev_info', 'ev_schedule', 'ev_location', 'ev_contact',);
     $tabs = array('ev_info', 'ev_location', 'ev_contact');
     $rp_id = (int) $rp_id;
     if ($rp_id > 0) {
         // Make sure the current user has access to this event.
         if (!$this->hasAccess(3)) {
             COM_404();
         }
         if ($saveaction == 'savefuturerepeat') {
             $alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_future'], 'warning');
         } else {
             $alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_instance'], 'info');
         }
         //$T->clear_var('contact_section');
         $T->clear_var('category_section');
         $T->clear_var('permissions_editor');
         // Set the static calendar name for the edit form.  Can't
         // change it for a single instance.
         $cal_name = DB_getItem($_TABLES['evlist_calendars'], 'cal_name', "cal_id='" . (int) $this->cal_id . "'");
         $T->set_var(array('contact_section' => 'true', 'is_repeat' => 'true', 'cal_name' => $cal_name));
         // Override our dates & times with those from the repeat.
         // $rp_id is passed when this is called from class evRepeat.
         // Maybe that should pass in the repeat's data instead to avoid
         // another DB lookup.  An array of values could be used.
         $Rep = DB_fetchArray(DB_query("SELECT * \n                    FROM {$_TABLES['evlist_repeat']}\n                    WHERE rp_id='{$rp_id}'"), false);
         if ($Rep) {
             $this->date_start1 = $Rep['rp_date_start'];
             $this->date_end1 = $Rep['rp_date_end'];
             $this->time_start1 = $Rep['rp_time_start1'];
             $this->time_end1 = $Rep['rp_time_end1'];
             $this->time_start2 = $Rep['rp_time_start2'];
             $this->time_end2 = $Rep['rp_time_end2'];
         }
     } else {
         // Editing the main event record
         if ($this->id != '' && $this->recurring == 1) {
             $alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_series'], 'error');
         }
         if ($this->isAdmin) {
             $tabs[] = 'ev_perms';
             // Add permissions tab, event edit only
             $T->set_var('permissions_editor', 'true');
         }
         $T->set_var(array('contact_section' => 'true', 'category_section' => 'true', 'upcoming_chk' => $this->show_upcoming ? EVCHECKED : ''));
     }
     $action_url = EVLIST_URL . '/event.php';
     $delaction = 'delevent';
     if (isset($_GET['from']) && $_GET['from'] == 'admin') {
         $cancel_url = EVLIST_ADMIN_URL . '/index.php';
     } else {
         $cancel_url = EVLIST_URL . '/index.php';
     }
     switch ($saveaction) {
         case 'saverepeat':
         case 'savefuturerepeat':
         case 'saveevent':
             break;
         case 'moderate':
             // Approving a submission
             $saveaction = 'approve';
             $delaction = 'disapprove';
             $action_url = EVLIST_ADMIN_URL . '/index.php';
             $cancel_url = $_CONF['site_admin_url'] . '/moderation.php';
             break;
         default:
             $saveaction = 'saveevent';
             break;
     }
     $retval = '';
     //$recinterval = '';
     $recweekday = '';
     $ownerusername = DB_getItem($_TABLES['users'], 'username', "uid='{$this->owner_id}'");
     $retval .= COM_startBlock($LANG_EVLIST['event_editor']);
     $summary = $this->Detail->summary;
     $full_description = $this->Detail->full_description;
     $location = $this->Detail->location;
     if (($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) && $A['postmode'] == 'html') {
         $postmode = '2';
         //html
     } else {
         $postmode = '1';
         //plaintext
         $summary = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->summary)));
         $full_description = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->full_description)));
         $location = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->location)));
     }
     $starthour2 = '';
     $startminute2 = '';
     $endhour2 = '';
     $endminute2 = '';
     if ($this->date_end1 == '' || $this->date_end1 == '0000-00-00') {
         $this->date_end1 = $this->date_start1;
     }
     if ($this->date_start1 != '' && $this->date_start1 != '0000-00-00') {
         list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts($this->date_start1, $this->time_start1);
     } else {
         list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts(date('Y-m-d', time()), date('H:i:s', time()));
     }
     // The end date can't be before the start date
     if ($this->date_end1 >= $this->date_start1) {
         list($endmonth1, $endday1, $endyear1, $endhour1, $endminute1) = $this->DateParts($this->date_end1, $this->time_end1);
         $days_interval = Date_Calc::dateDiff($endday1, $endmonth1, $endyear1, $startday1, $startmonth1, $startyear1);
     } else {
         $days_interval = 0;
         $endmonth1 = $startmonth1;
         $endday1 = $startday1;
         $endyear1 = $startyear1;
         $endhour1 = $starthour1;
         $endminute1 = $startminute1;
     }
     if ($this->recurring != '1') {
         $T->set_var(array('recurring_show' => ' style="display:none;"', 'format_opt' => '0'));
         //for ($i = 1; $i <= 6; $i++) {
         //    $T->set_var('format' . $i . 'show', ' style="display:none;"');
         //}
     } else {
         $option = empty($this->rec_data['type']) ? '0' : (int) $this->rec_data['type'];
         $T->set_var(array('recurring_show' => '', 'recurring_checked' => EVCHECKED, 'format_opt' => $option));
     }
     if (isset($this->rec_data['stop']) && !empty($this->rec_data['stop'])) {
         $T->set_var(array('stopdate' => $this->rec_data['stop'], 'd_stopdate' => EVLIST_formattedDate($this->rec_data['stop'])));
     }
     if (!empty($this->rec_data['skip'])) {
         $T->set_var("skipnext{$this->rec_data['skip']}_checked", EVCHECKED);
     }
     if (!empty($this->rec_data['freq'])) {
         $freq = (int) $this->rec_data['freq'];
         if ($freq < 1) {
             $freq = 1;
         }
     } else {
         $freq = 1;
     }
     $T->set_var(array('freq_text' => $LANG_EVLIST['rec_periods'][$this->rec_data['type']] . '(s)', 'rec_freq' => $freq));
     foreach ($LANG_EVLIST['rec_intervals'] as $key => $str) {
         $T->set_var('dom_int_txt_' . $key, $str);
         if (is_array($this->rec_data['interval'])) {
             if (in_array($key, $this->rec_data['interval'])) {
                 $T->set_var('dom_int_chk_' . $key, EVCHECKED);
             }
         }
     }
     // Set up the recurring options needed for the current event
     switch ($option) {
         case 0:
             break;
         case EV_RECUR_MONTHLY:
             if (is_array($this->rec_data['listdays'])) {
                 foreach ($this->rec_data['listdays'] as $mday) {
                     $T->set_var('mdchk' . $mday, EVCHECKED);
                 }
             }
             break;
         case EV_RECUR_WEEKLY:
             $T->set_var('listdays_val', COM_stripslashes($rec_data[0]));
             if (is_array($this->rec_data['listdays']) && !empty($this->rec_data['listdays'])) {
                 foreach ($this->rec_data['listdays'] as $day) {
                     $day = (int) $day;
                     if ($day > 0 && $day < 8) {
                         $T->set_var('daychk' . $day, EVCHECKED);
                     }
                 }
             }
             break;
         case EV_RECUR_DOM:
             $recweekday = $this->rec_data['weekday'];
             break;
         case EV_RECUR_DATES:
             $T->set_var(array('stopshow' => 'style="display:none;"', 'custom_val' => implode(',', $this->rec_data['custom'])));
             break;
     }
     $start1 = EVLIST_TimeSelect('start1', $this->time_start1);
     $start2 = EVLIST_TimeSelect('start2', $this->time_start2);
     $end1 = EVLIST_TimeSelect('end1', $this->time_end1);
     $end2 = EVLIST_TimeSelect('end2', $this->time_end2);
     $cal_select = COM_optionList($_TABLES['evlist_calendars'], 'cal_id,cal_name', $this->cal_id, 1, 'cal_status = 1 ' . COM_getPermSQL('AND', 0, 2));
     USES_class_navbar();
     $navbar = new navbar();
     $cnt = 0;
     foreach ($tabs as $id) {
         $navbar->add_menuitem($LANG_EVLIST[$id], 'showhideEventDiv("' . $id . '",' . $cnt . ');return false;', true);
         $cnt++;
     }
     $navbar->set_selected($LANG_EVLIST['ev_info']);
     if ($this->AdminMode) {
         $action_url .= '?admin=true';
     }
     $T->set_var(array('action_url' => $action_url, 'navbar' => $navbar->generate(), 'alert_msg' => $alert_msg, 'cancel_url' => $cancel_url, 'eid' => $this->id, 'rp_id' => $rp_id, 'title' => $this->Detail->title, 'summary' => $summary, 'description' => $full_description, 'location' => $location, 'status_checked' => $this->status == 1 ? EVCHECKED : '', 'url' => $this->Detail->url, 'street' => $this->Detail->street, 'city' => $this->Detail->city, 'province' => $this->Detail->province, 'country' => $this->Detail->country, 'postal' => $this->Detail->postal, 'contact' => $this->Detail->contact, 'email' => $this->Detail->email, 'phone' => $this->Detail->phone, 'startdate1' => $this->date_start1, 'enddate1' => $this->date_end1, 'd_startdate1' => EVLIST_formattedDate($this->date_start1), 'd_enddate1' => EVLIST_formattedDate($this->date_end1), 'start_hour_options1' => $start1['hour'], 'start_minute_options1' => $start1['minute'], 'startdate1_ampm' => $start1['ampm'], 'end_hour_options1' => $end1['hour'], 'end_minute_options1' => $end1['minute'], 'enddate1_ampm' => $end1['ampm'], 'start_hour_options2' => $start2['hour'], 'start_minute_options2' => $start2['minute'], 'startdate2_ampm' => $start2['ampm'], 'end_hour_options2' => $end2['hour'], 'end_minute_options2' => $end2['minute'], 'enddate2_ampm' => $end2['ampm'], 'recurring_format_options' => EVLIST_GetOptions($LANG_EVLIST['rec_formats'], $option), 'recurring_weekday_options' => EVLIST_GetOptions(Date_Calc::getWeekDays(), $recweekday, 1), 'dailystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['day_by_date'], ''), 'monthlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'yearlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year'], $LANG_EVLIST['if_any']), 'listdays_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['days_of_week'], ''), 'listdaystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['date_l'], $LANG_EVLIST['if_any']), 'intervalstop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'custom_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['dates'], ''), 'datestart_note' => $LANG_EVLIST['datestart_note'], 'src' => isset($_GET['src']) && $_GET['src'] == 'a' ? '1' : '0', 'rem_status_checked' => $this->enable_reminders == 1 ? EVCHECKED : '', 'del_button' => $this->id == '' ? '' : 'true', 'saveaction' => $saveaction, 'delaction' => $delaction, 'owner_id' => $this->owner_id, 'enable_reminders' => $_EV_CONF['enable_reminders'], 'iso_lang' => EVLIST_getIsoLang(), 'hour_mode' => $_CONF['hour_mode'], 'days_interval' => $days_interval, 'display_format' => $_CONF['shortdate'], 'ts_start' => strtotime($this->date_start1), 'ts_end' => strtotime($this->date_end1), 'cal_select' => $cal_select, 'contactlink_chk' => $this->options['contactlink'] == 1 ? EVCHECKED : '', 'lat' => $this->Detail->lat, 'lng' => $this->Detail->lng, 'perm_msg' => $LANG_ACCESS['permmsg'], 'last' => $LANG_EVLIST['rec_intervals'][5], 'doc_url' => EVLIST_getDocURL('event.html'), 'mootools' => $_SYSTEM['disable_mootools'] ? '' : 'true'));
     if ($_EV_CONF['enable_rsvp']) {
         USES_evlist_class_tickettype();
         $TickTypes = evTicketType::GetTicketTypes();
         //$T->set_block('editor', 'Tickets', 'tTypes');
         $tick_opts = '';
         foreach ($TickTypes as $tick_id => $tick_obj) {
             // Check enabled tickets. Ticket type 1 enabled by default
             if (isset($this->options['tickets'][$tick_id]) || $tick_id == 1) {
                 $checked = 'checked="checked"';
                 $fee = (double) $this->options['tickets'][$tick_id]['fee'];
             } else {
                 $checked = '';
                 $fee = 0;
             }
             $tick_opts .= '<tr><td><input name="tickets[' . $tick_id . ']" type="checkbox" ' . $checked . ' value="' . $tick_id . '" /></td>' . '<td>' . $tick_obj->description . '</td>' . '<td><input type="text" name="tick_fees[' . $tick_id . ']" value="' . $fee . '" size="8" /></td></tr>' . LB;
             /*$T->set_var(array(
                   'tick_id' => $tic['id'],
                   'tick_desc' => $tic['description'],
                   'tick_fee' => $fee,
                   'tick_enabled' => $enabled ? 'checked="checked"' : '',
               ) ) ;
               //$T->parse('tTypes', 'Tickets', true);*/
         }
         if ($_EV_CONF['rsvp_print'] > 0) {
             $rsvp_print_chk = 'rsvp_print_chk' . $this->options['rsvp_print'];
             $rsvp_print = 'true';
         } else {
             $rsvp_print = '';
             $rsvp_print_chk = 'no_rsvp_print';
         }
         $T->set_var(array('enable_rsvp' => 'true', 'reg_chk' . $this->options['use_rsvp'] => EVCHECKED, 'rsvp_wait_chk' => $this->options['rsvp_waitlist'] == 1 ? EVCHECKED : '', 'max_rsvp' => $this->options['max_rsvp'], 'max_user_rsvp' => $this->options['max_user_rsvp'], 'rsvp_cutoff' => $this->options['rsvp_cutoff'], 'use_rsvp' => $this->options['use_rsvp'], 'rsvp_waitlist' => $this->options['rsvp_waitlist'], 'tick_opts' => $tick_opts, 'rsvp_print' => $rsvp_print, $rsvp_print_chk => 'checked="checked"'));
     }
     // if rsvp_enabled
     // Split & All-Day settings
     if ($this->allday == 1) {
         // allday, can't be split, no times
         $T->set_var(array('starttime1_show' => 'style="display:none;"', 'endtime1_show' => 'style="display:none;"', 'datetime2_show' => 'style="display:none;"', 'allday_checked' => EVCHECKED, 'split_checked' => '', 'split_show' => 'style="display:none;"'));
     } elseif ($this->split == '1') {
         $T->set_var(array('split_checked' => EVCHECKED, 'allday_checked' => '', 'allday_show' => 'style="display:none"'));
     } else {
         $T->set_var(array('datetime2_show' => 'style="display:none;"'));
     }
     // Category fields. If $_POST['categories'] is set, then this is a
     // form re-entry due to an error saving. Populate checkboxes from the
     // submitted form. Include the user-added category, if any.
     // If not from a form re-entry, get the checked categories from the
     // evlist_lookup table.
     if ($_EV_CONF['enable_categories'] == '1') {
         $cresult = DB_query("SELECT tc.id, tc.name\n                FROM {$_TABLES['evlist_categories']} tc \n                WHERE tc.status='1' ORDER BY tc.name");
         while ($A = DB_fetchArray($cresult, false)) {
             if (isset($_POST['categories']) && is_array($_POST['categories'])) {
                 // Coming from a form re-entry
                 $chk = in_array($A['id'], $_POST['categories']) ? EVCHECKED : '';
             } else {
                 $chk = in_array($A['id'], $this->categories) ? EVCHECKED : '';
             }
             $catlist .= '<input type="checkbox" name="categories[]" ' . 'value="' . $A['id'] . '" ' . $chk . ' />' . '&nbsp;' . $A['name'] . '&nbsp;&nbsp;';
         }
         $T->set_var('catlist', $catlist);
         if (isset($_POST['newcat'])) {
             $T->set_var('newcat', $_POST['newcat']);
         }
         if ($_USER['uid'] > 1 && $rp_id == 0) {
             $T->set_var('category_section', 'true');
             $T->set_var('add_cat_input', 'true');
         }
     }
     // Enable the post mode selector if we allow HTML and the user is
     // logged in, or if this user is an authorized editor
     if ($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) {
         $T->set_var(array('postmode_options' => EVLIST_GetOptions($LANG_EVLIST['postmodes'], $postmode), 'allowed_html' => COM_allowedHTML('evlist.submit')));
         if ($postmode == 'plaintext') {
             // plaintext, hide postmode selector
             $T->set_var('postmode_show', ' style="display:none"');
         }
         $T->parse('event_postmode', 'edit_postmode');
     }
     if ($this->isAdmin) {
         $T->set_var(array('owner_username' => COM_stripslashes($ownerusername), 'owner_dropdown' => COM_optionList($_TABLES['users'], 'uid,username', $this->owner_id, 1, "uid <> 1"), 'group_dropdown' => SEC_getGroupDropdown($this->group_id, 3)));
         if ($rp_id == 0) {
             // can only change permissions on main event
             $T->set_var('permissions_editor', SEC_getPermissionsHTML($this->perm_owner, $this->perm_group, $this->perm_members, $this->perm_anon));
         }
     } else {
         $T->set_var('group_id', $this->group_id);
     }
     // Latitude & Longitude part of location, if Location plugin is used
     if ($_EV_CONF['use_locator']) {
         $T->set_var(array('use_locator' => 'true', 'loc_selection' => GEO_optionList()));
     }
     $T->parse('output', 'editor');
     $retval .= $T->finish($T->get_var('output'));
     $retval .= COM_endBlock();
     return $retval;
 }
Exemplo n.º 3
0
/**
 * Handles a comment edit submission
 *
 * @copyright Jared Wenerd 2008
 * @author Jared Wenerd, wenerd87 AT gmail DOT com
 * @param  string $mode 'edit' or 'editsubmission'
 * @return string HTML (possibly a refresh)
 */
function handleEdit($mode)
{
    global $_TABLES, $LANG03;
    //get needed data
    $cid = COM_applyFilter($_REQUEST['cid']);
    if ($mode == 'editsubmission') {
        $table = $_TABLES['commentsubmissions'];
        $result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = {$cid}");
        list($type, $sid) = DB_fetchArray($result);
    } else {
        $sid = COM_applyFilter($_REQUEST['sid']);
        $type = COM_applyFilter($_REQUEST['type']);
        $table = $_TABLES['comments'];
    }
    //check for bad data
    if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) {
        COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $result = DB_query("SELECT title,comment FROM {$table} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'");
    if (DB_numRows($result) == 1) {
        $A = DB_fetchArray($result);
        $title = COM_stripslashes($A['title']);
        $commenttext = COM_stripslashes(COM_undoSpecialChars($A['comment']));
        //remove signature
        $pos = strpos($commenttext, '<!-- COMMENTSIG --><span class="comment-sig">');
        if ($pos > 0) {
            $commenttext = substr($commenttext, 0, $pos);
        }
        //get format mode
        if (preg_match('/<.*>/', $commenttext) != 0) {
            $postmode = 'html';
        } else {
            $postmode = 'plaintext';
        }
    } else {
        COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    return COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode) . COM_siteFooter();
}
Exemplo n.º 4
0
 public function parse($p1, $p2 = '', $fulltag)
 {
     global $_CONF, $_TABLES, $_USER, $LANG01;
     USES_lib_comments();
     $retval = '';
     $skip = 0;
     $dt = new Date('now', $_USER['tzid']);
     // topic = specific topic or 'all'
     // display = how many stories to display, if 0, then all
     // meta = show meta data (i.e.; who when etc)
     // titleLink - make title a hot link
     // featured - 0 = show all, 1 = only featured, 2 = all except featured
     // frontpage - 1 = show only items marked for frontpage - 0 = show all
     // cols - number of columns to show
     // template - the template name
     $topic = $p1;
     if ($topic == 'all') {
         $topic = '';
     }
     $uniqueID = md5($p1 . $p2);
     $display = 10;
     // display 10 articles
     $meta = 0;
     // do not display meta data
     $titleLink = 0;
     // do not use links in title
     $featured = 0;
     // 0 = show all, 1 = only featured, 2 = all except featured
     $frontpage = 0;
     // only show items marked for frontpage
     $cols = 3;
     // number of columns
     $truncate = 0;
     // maximum number of characters to include in story text
     $template = 'headlines.thtml';
     $px = explode(' ', trim($p2));
     if (is_array($px)) {
         foreach ($px as $part) {
             if (substr($part, 0, 8) == 'display:') {
                 $a = explode(':', $part);
                 $display = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 5) == 'meta:') {
                 $a = explode(':', $part);
                 $meta = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 10) == 'titlelink:') {
                 $a = explode(':', $part);
                 $titleLink = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 9) == 'featured:') {
                 $a = explode(':', $part);
                 $featured = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 10) == 'frontpage:') {
                 $a = explode(':', $part);
                 $frontpage = (int) $a[1];
                 $skip++;
             } elseif (substr($part, 0, 5) == 'cols:') {
                 $a = explode(':', $part);
                 $cols = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 9) == 'template:') {
                 $a = explode(':', $part);
                 $template = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 9) == 'truncate:') {
                 $a = explode(':', $part);
                 $truncate = (int) $a[1];
                 $skip++;
             } else {
                 break;
             }
         }
         if ($skip != 0) {
             if (count($px) > $skip) {
                 for ($i = 0; $i < $skip; $i++) {
                     array_shift($px);
                 }
                 $caption = trim(implode(' ', $px));
             } else {
                 $caption = '';
             }
         }
     } else {
         $caption = trim($p2);
     }
     if ($display < 0) {
         $display = 3;
     }
     $hash = CACHE_security_hash();
     $instance_id = 'whatsnew_headlines_' . $uniqueID . '_' . $hash . '_' . $_USER['theme'];
     if (($cache = CACHE_check_instance($instance_id, 0)) !== FALSE) {
         return $cache;
     }
     $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
     $sql = " (date <= NOW()) AND (draft_flag = 0)";
     if (empty($topic)) {
         $sql .= COM_getLangSQL('tid', 'AND', 's');
     }
     // if a topic was provided only select those stories.
     if (!empty($topic)) {
         $sql .= " AND s.tid = '" . DB_escapeString($topic) . "' ";
     }
     if ($featured == 1) {
         $sql .= " AND s.featured = 1 ";
     } else {
         if ($featured == 2) {
             $sql .= " AND s.featured = 0 ";
         }
     }
     if ($frontpage == 1) {
         $sql .= " AND frontpage = 1 ";
     }
     if ($topic != $archivetid) {
         $sql .= " AND s.tid != '{$archivetid}' ";
     }
     $sql .= COM_getPermSQL('AND', 0, 2, 's');
     $sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
     $userfields = 'u.uid, u.username, u.fullname';
     if ($_CONF['allow_user_photo'] == 1) {
         $userfields .= ', u.photo';
         if ($_CONF['use_gravatar']) {
             $userfields .= ', u.email';
         }
     }
     $orderBy = ' date DESC ';
     $headlinesSQL = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC," . $orderBy;
     if ($display > 0) {
         $headlinesSQL .= " LIMIT " . $display;
     }
     $result = DB_query($headlinesSQL);
     $numRows = DB_numRows($result);
     if ($numRows < $cols) {
         $cols = $numRows;
     }
     if ($cols > 6) {
         $cols = 6;
     }
     if ($numRows > 0) {
         $T = new Template($_CONF['path'] . 'system/autotags/');
         $T->set_file('page', $template);
         $T->set_var('columns', $cols);
         $T->set_block('page', 'headlines', 'hl');
         $newstories = array();
         while ($A = DB_fetchArray($result)) {
             $T->unset_var('readmore_url');
             $T->unset_var('lang_readmore');
             if ($A['attribution_author'] != '') {
                 $author = $A['attribution_author'];
             } else {
                 $author = $A['username'];
             }
             $title = COM_undoSpecialChars($A['title']);
             $title = str_replace('&nbsp;', ' ', $title);
             $subtitle = COM_undoSpecialChars($A['subtitle']);
             if ($A['story_image'] != '') {
                 $story_image = $_CONF['site_url'] . $A['story_image'];
             } else {
                 $story_image = '';
             }
             $A['introtext'] = STORY_renderImages($A['sid'], $A['introtext']);
             if (!empty($A['bodytext'])) {
                 $closingP = strrpos($A['introtext'], "</p>");
                 if ($closingP !== FALSE) {
                     $text = substr($A['introtext'], 0, $closingP);
                     $A['introtext'] = $text;
                 }
                 // adds the read more link
                 $T->set_var('readmore_url', COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']));
                 $T->set_var('lang_readmore', $LANG01['continue_reading']);
             }
             if ($truncate > 0) {
                 $A['introtext'] = $this->truncateHTML($A['introtext'], $truncate, '...');
             }
             $topicurl = $_CONF['site_url'] . '/index.php?topic=' . $A['tid'];
             $dt->setTimestamp($A['unixdate']);
             if ($A['commentcode'] >= 0) {
                 $cmtLinkArray = CMT_getCommentLinkWithCount('article', $A['sid'], $_CONF['site_url'] . '/article.php?story=' . $A['sid'], $A['comments'], 1);
                 $T->set_var(array('lang_comments' => '', 'comments_count' => $cmtLinkArray['comment_count'], 'comments_url' => $cmtLinkArray['url'], 'comments_url_extra' => $cmtLinkArray['url_extra']));
             } else {
                 $T->unset_var('lang_comments');
                 $T->unset_var('comments_count');
                 $T->unset_var('comments_url');
                 $T->unset_var('comments_url_extra');
             }
             $T->set_var(array('titlelink' => $titleLink ? TRUE : '', 'meta' => $meta ? TRUE : '', 'lang_by' => $LANG01[95], 'lang_posted_in' => $LANG01['posted_in'], 'story_topic_url' => $topicurl, 'title' => $title, 'subtitle' => $subtitle, 'story_image' => $story_image, 'text' => PLG_replaceTags($A['introtext']), 'date' => $A['date'], 'time' => $dt->format('Y-m-d', true) . 'T' . $dt->format('H:i:s', true), 'topic' => $A['topic'], 'tid' => $A['tid'], 'author' => $author, 'author_id' => $A['uid'], 'sid' => $A['sid'], 'short_date' => $dt->format($_CONF['shortdate'], true), 'date_only' => $dt->format($_CONF['dateonly'], true), 'date' => $dt->format($dt->getUserFormat(), true), 'url' => COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']), 'attribution_url' => $A['attribution_url'], 'attribution_name' => $A['attribution_name']));
             $T->parse('hl', 'headlines', true);
         }
         $retval = $T->finish($T->parse('output', 'page'));
         CACHE_create_instance($instance_id, $retval, 0);
     }
     return $retval;
 }
Exemplo n.º 5
0
/**
 * Handle a pingback for an entry.
 * Also takes care of the speedlimit and spam. Assumes that the caller of this
 * function has already checked permissions!
 *
 * @param    string $id     ID of entry that got pinged
 * @param    string $type   type of that entry ('article' for stories, etc.)
 * @param    string $url    URL of the page that pinged us
 * @param    string $oururl URL that got pinged on our site
 * @return   object          XML-RPC response
 */
function PNB_handlePingback($id, $type, $url, $oururl)
{
    global $_CONF, $_TABLES, $PNB_ERROR;
    require_once 'HTTP/Request.php';
    if (!isset($_CONF['check_trackback_link'])) {
        $_CONF['check_trackback_link'] = 2;
    }
    // handle pingbacks to articles on our own site
    $skip_speedlimit = false;
    if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
        if (!isset($_CONF['pingback_self'])) {
            $_CONF['pingback_self'] = 0;
            // default: skip self-pingbacks
        }
        if ($_CONF['pingback_self'] == 0) {
            return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
        } elseif ($_CONF['pingback_self'] == 2) {
            $skip_speedlimit = true;
        }
    }
    COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
    if (!$skip_speedlimit) {
        $last = COM_checkSpeedlimit('pingback');
        if ($last > 0) {
            return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
        }
    }
    // update speed limit in any case
    COM_updateSpeedlimit('pingback');
    if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
        if ($_CONF['check_trackback_link'] & 4) {
            $parts = parse_url($url);
            if (empty($parts['host'])) {
                TRB_logRejected('Pingback: No valid URL', $url);
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            } else {
                $ip = gethostbyname($parts['host']);
                if ($ip != $_SERVER['REMOTE_ADDR']) {
                    TRB_logRejected('Pingback: IP address mismatch', $url);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
        }
    }
    // See if we can read the page linking to us and extract at least
    // the page's title out of it ...
    $title = '';
    $excerpt = '';
    $req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET);
    $req->setHeader('User-Agent', 'Geeklog/' . VERSION);
    try {
        $response = $req->send();
        $status = $response->getStatus();
        if ($status == 200) {
            $body = $response->getBody();
            if ($_CONF['check_trackback_link'] & 3) {
                if (!TRB_containsBacklink($body, $oururl)) {
                    TRB_logRejected('Pingback: No link to us', $url);
                    $comment = TRB_formatComment($url);
                    PLG_spamAction($comment, $_CONF['spamx']);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
            preg_match(':<title>(.*)</title>:i', $body, $content);
            if (empty($content[1])) {
                $title = '';
                // no title found
            } else {
                $title = trim(COM_undoSpecialChars($content[1]));
            }
            if ($_CONF['pingback_excerpt']) {
                // Check which character set the site that sent the Pingback
                // is using
                $charset = 'ISO-8859-1';
                // default, see RFC 2616, 3.7.1
                $ctype = $response->getHeader('content-type');
                $c = explode(';', $ctype);
                foreach ($c as $ct) {
                    $ch = explode('=', trim($ct));
                    if (count($ch) === 2) {
                        if (trim($ch[0]) === 'charset') {
                            $charset = trim($ch[1]);
                            break;
                        }
                    }
                }
                if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) {
                    if (function_exists('mb_convert_encoding')) {
                        $body = @mb_convert_encoding($body, COM_getCharset(), $charset);
                    } elseif (function_exists('iconv')) {
                        $body = @iconv($charset, COM_getCharset(), $body);
                    }
                    // else: tough luck ...
                }
                $excerpt = PNB_makeExcerpt($body, $oururl);
            }
            // we could also run the rest of the other site's page
            // through the spam filter here ...
        } elseif ($_CONF['check_trackback_link'] & 3) {
            COM_errorLog("Pingback verification: Got HTTP response code " . $response->getStatus() . " when requesting {$url}");
            return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
        }
    } catch (HTTP_Request2_Exception $e) {
        if ($_CONF['check_trackback_link'] & 3) {
            // we were supposed to check for backlinks but didn't get the page
            COM_errorLog("Pingback verification: " . $e->getMessage() . " when requesting {$url}");
            return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
        }
    }
    // check for spam first
    $saved = TRB_checkForSpam($url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_SPAM) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
    }
    // save as a trackback comment
    $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_REJECT) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
    }
    if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
        TRB_sendNotificationEmail($saved, 'pingback');
    }
    return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
Exemplo n.º 6
0
/**
* Handle a pingback for an entry.
*
* Also takes care of the speedlimit and spam. Assumes that the caller of this
* function has already checked permissions!
*
* @param    string  $id     ID of entry that got pinged
* @param    string  $type   type of that entry ('article' for stories, etc.)
* @param    string  $url    URL of the page that pinged us
* @param    string  $oururl URL that got pinged on our site
* @return   object          XML-RPC response
*
*/
function PNB_handlePingback($id, $type, $url, $oururl)
{
    global $_CONF, $_TABLES, $PNB_ERROR;
    require_once 'HTTP/Request.php';
    if (!isset($_CONF['check_trackback_link'])) {
        $_CONF['check_trackback_link'] = 2;
    }
    // handle pingbacks to articles on our own site
    $skip_speedlimit = false;
    if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
        if (!isset($_CONF['pingback_self'])) {
            $_CONF['pingback_self'] = 0;
            // default: skip self-pingbacks
        }
        if ($_CONF['pingback_self'] == 0) {
            return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
        } else {
            if ($_CONF['pingback_self'] == 2) {
                $skip_speedlimit = true;
            }
        }
    }
    COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
    if (!$skip_speedlimit) {
        $last = COM_checkSpeedlimit('pingback');
        if ($last > 0) {
            return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
        }
    }
    // update speed limit in any case
    COM_updateSpeedlimit('pingback');
    if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
        if ($_CONF['check_trackback_link'] & 4) {
            $parts = parse_url($url);
            if (empty($parts['host'])) {
                TRB_logRejected('Pingback: No valid URL', $url);
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            } else {
                $ip = gethostbyname($parts['host']);
                if ($ip != $_SERVER['REMOTE_ADDR']) {
                    TRB_logRejected('Pingback: IP address mismatch', $url);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
        }
    }
    // See if we can read the page linking to us and extract at least
    // the page's title out of it ...
    $title = '';
    $excerpt = '';
    $req = new HTTP_Request($url);
    $req->addHeader('User-Agent', 'glFusion/' . GVERSION);
    $response = $req->sendRequest();
    if (PEAR::isError($response)) {
        if ($_CONF['check_trackback_link'] & 3) {
            // we were supposed to check for backlinks but didn't get the page
            COM_errorLog("Pingback verification: " . $response->getMessage() . " when requesting {$url}");
            return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
        }
        // else: silently ignore errors - we'll simply do without the title
    } else {
        if ($req->getResponseCode() == 200) {
            $body = $req->getResponseBody();
            if ($_CONF['check_trackback_link'] & 3) {
                if (!TRB_containsBacklink($body, $oururl)) {
                    TRB_logRejected('Pingback: No link to us', $url);
                    $comment = TRB_formatComment($url);
                    PLG_spamAction($comment, $_CONF['spamx']);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
            preg_match(':<title>(.*)</title>:i', $body, $content);
            if (empty($content[1])) {
                $title = '';
                // no title found
            } else {
                $title = trim(COM_undoSpecialChars($content[1]));
            }
            if (isset($_CONF['pingback_excerpt']) && $_CONF['pingback_excerpt']) {
                $excerpt = PNB_makeExcerpt($body, $oururl);
            }
            // we could also run the rest of the other site's page
            // through the spam filter here ...
        } else {
            if ($_CONF['check_trackback_link'] & 3) {
                COM_errorLog("Pingback verification: Got HTTP response code " . $req->getResponseCode() . " when requesting {$url}");
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            }
        }
        // else: silently ignore errors - we'll simply do without the title
    }
    // check for spam first
    $saved = TRB_checkForSpam($url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_SPAM) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
    }
    // save as a trackback comment
    $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_REJECT) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
    }
    if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
        TRB_sendNotificationEmail($saved, 'pingback');
    }
    return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
Exemplo n.º 7
0
/**
 * Handles a comment edit submission
 *
 * @copyright Jared Wenerd 2008
 * @author Jared Wenerd, wenerd87 AT gmail DOT com
 * @param  string  $mode   'edit' or 'editsubmission'
 * @param  string  $format 'threaded', 'nested', or 'flat'
 * @param  string  $order  'ASC' or 'DESC' or blank
 * @param  int     $page   Page number of comments to display
 * @return string HTML (possibly a refresh)
 */
function CMT_handleEdit($mode = '', $postmode = '', $format, $order, $page)
{
    global $_TABLES, $LANG03, $_CONF;
    //get needed data
    $cid = 0;
    if (isset($_REQUEST[CMT_CID])) {
        $cid = COM_applyFilter($_REQUEST[CMT_CID], true);
    }
    if ($cid <= 0) {
        COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $type = '';
    $sid = '';
    if ($mode == 'editsubmission') {
        $table = $_TABLES['commentsubmissions'];
        $result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = {$cid}");
        list($type, $sid) = DB_fetchArray($result);
    } else {
        $table = $_TABLES['comments'];
        if (isset($_REQUEST[CMT_TYPE])) {
            $type = COM_applyFilter($_REQUEST[CMT_TYPE]);
        }
        if (COMMENT_ON_SAME_PAGE) {
            list($plgurl, $plgid) = CMT_getCommentUrlId($type);
            if (isset($_REQUEST[$plgid])) {
                $sid = COM_applyFilter($_REQUEST[$plgid]);
            }
        } else {
            if (isset($_REQUEST['sid'])) {
                $sid = COM_applyFilter($_REQUEST['sid']);
            }
        }
    }
    //check for bad data
    if (empty($sid) || empty($type)) {
        COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    // Filemgmt plugin is doing special processing.
    // Therefore, I support specially, against my better judgment.
    // May should delete this code part.
    if ($type == 'filemgmt' and $mode != 'editsubmission') {
        $sid = 'fileid_' . $sid;
    }
    $result = DB_query("SELECT title,comment FROM {$table} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'");
    if (DB_numRows($result) == 1) {
        $A = DB_fetchArray($result);
        $title = COM_stripslashes($A['title']);
        $commenttext = COM_stripslashes(COM_undoSpecialChars($A['comment']));
        //remove signature
        $pos = strpos($commenttext, '<!-- COMMENTSIG --><span class="comment-sig">');
        if ($pos > 0) {
            $commenttext = substr($commenttext, 0, $pos);
        }
        //get format mode
        if (preg_match('/<.*>/', $commenttext) != 0) {
            $postmode = 'html';
        } else {
            $postmode = 'plaintext';
        }
    } else {
        COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    return CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode, $format, $order, $page);
}
Exemplo n.º 8
0
/**
* Send an email notification for a new submission.
*
* @param    string  $table  Table where the new submission can be found
* @param    string  $story  Story object that was submitted.
*
*/
function sendNotification($table, $story)
{
    global $_CONF, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN;
    $title = COM_undoSpecialChars($story->displayElements('title'));
    if ($A['postmode'] == 'html') {
        $A['introtext'] = strip_tags($A['introtext']);
    }
    $introtext = COM_undoSpecialChars($story->displayElements('introtext') . "\n" . $story->displayElements('bodytext'));
    $storyauthor = COM_getDisplayName($story->displayelements('uid'));
    $topic = stripslashes(DB_getItem($_TABLES['topics'], 'topic', 'tid = \'' . $story->displayElements('tid') . '\''));
    $mailbody = "{$LANG08['31']}: {$title}\n" . "{$LANG24['7']}: {$storyauthor}\n" . "{$LANG08['32']}: " . strftime($_CONF['date']) . "\n" . "{$LANG_ADMIN['topic']}: {$topic}\n\n";
    if ($_CONF['emailstorieslength'] > 0) {
        if ($_CONF['emailstorieslength'] > 1) {
            $introtext = MBYTE_substr($introtext, 0, $_CONF['emailstorieslength']) . '...';
        }
        $mailbody .= $introtext . "\n\n";
    }
    if ($table == $_TABLES['storysubmission']) {
        $mailbody .= "{$LANG01['10']} <{$_CONF['site_admin_url']}/moderation.php>\n\n";
    } else {
        $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid());
        $mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n";
    }
    $mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35];
    $mailbody .= "\n------------------------------\n";
    $mailbody .= "\n{$LANG08['34']}\n";
    $mailbody .= "\n------------------------------\n";
    COM_mail($_CONF['site_mail'], $mailsubject, $mailbody);
}
Exemplo n.º 9
0
/**
 * Handles a comment edit submission
 *
 * @copyright Jared Wenerd 2008
 * @author Jared Wenerd <wenerd87 AT gmail DOT com>
 * @return string HTML (possibly a refresh)
 */
function handleEdit()
{
    global $_TABLES, $LANG03, $_USER, $_CONF, $_PLUGINS;
    if (isset($_POST['cid'])) {
        $cid = COM_applyFilter($_POST['cid'], true);
    } else {
        if (isset($_GET['cid'])) {
            $cid = COM_applyFilter($_GET['cid'], true);
        } else {
            $cid = -1;
        }
    }
    if (isset($_POST['sid'])) {
        $sid = COM_sanitizeID(COM_applyFilter($_POST['sid']));
    } else {
        if (isset($_GET['sid'])) {
            $sid = COM_sanitizeID(COM_applyFilter($_GET['sid']));
        } else {
            $sid = '';
        }
    }
    if (isset($_POST['type'])) {
        $type = COM_applyFilter($_POST['type']);
    } else {
        if (isset($_GET['type'])) {
            $type = COM_applyFilter($_GET['type']);
        } else {
            $type = '';
        }
    }
    if ($type != 'article') {
        if (!in_array($type, $_PLUGINS)) {
            $type = '';
        }
    }
    if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) {
        COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
        echo COM_refresh($_CONF['site_url'] . '/index.php');
        exit;
    }
    $result = DB_query("SELECT title,comment FROM {$_TABLES['comments']} " . "WHERE cid = " . (int) $cid . " AND sid = '" . DB_escapeString($sid) . "' AND type = '" . DB_escapeString($type) . "'");
    if (DB_numRows($result) == 1) {
        $A = DB_fetchArray($result);
        $title = $A['title'];
        $commenttext = COM_undoSpecialChars($A['comment']);
        //remove signature
        $pos = strpos($commenttext, '<!-- COMMENTSIG --><div class="comment-sig">');
        if ($pos > 0) {
            $commenttext = substr($commenttext, 0, $pos);
        }
        //get format mode
        if (preg_match('/<.*>/', $commenttext) != 0) {
            $postmode = 'html';
        } else {
            $postmode = 'plaintext';
        }
    } else {
        COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $pid = isset($_REQUEST['pid']) ? COM_applyFilter($_REQUEST['pid'], true) : 0;
    return PLG_displayComment($type, $sid, 0, $title, '', 'nobar', 0, 0) . CMT_commentForm($title, $commenttext, $sid, $pid, $type, 'edit', $postmode);
}
Exemplo n.º 10
0
/**
* Send an email notification for a new submission.
*
* @param    string  $table  Table where the new submission can be found
* @param    string  $story  Story object that was submitted.
*
*/
function sendNotification($table, $story)
{
    global $_CONF, $_USER, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN;
    $dt = new Date('now', $_USER['tzid']);
    $title = COM_undoSpecialChars($story->displayElements('title'));
    $postmode = $story->displayElements('postmode');
    $introtext = COM_undoSpecialChars($story->displayElements('introtext') . "\n" . $story->displayElements('bodytext'));
    if ($postmode == 'html') {
        USES_lib_html2text();
        $introtext = str_replace("\\r", "", $introtext);
        $introtext = $introtext;
        $html2txt = new html2text($introtext, false);
        $introtext = trim($html2txt->get_text());
    }
    $storyauthor = COM_getDisplayName($story->displayelements('uid'));
    $topic = DB_getItem($_TABLES['topics'], 'topic', 'tid = \'' . DB_escapeString($story->displayElements('tid')) . '\'');
    $mailbody = "{$LANG08['31']}: {$title}\n" . "{$LANG24['7']}: {$storyauthor}\n" . "{$LANG08['32']}: " . $dt->format($_CONF['date'], true) . "\n" . "{$LANG_ADMIN['topic']}: {$topic}\n\n";
    if ($_CONF['emailstorieslength'] > 0) {
        if ($_CONF['emailstorieslength'] > 1) {
            $introtext = MBYTE_substr($introtext, 0, $_CONF['emailstorieslength']) . '...';
        }
        $mailbody .= $introtext . "\n\n";
    }
    if ($table == $_TABLES['storysubmission']) {
        $mailbody .= "{$LANG01['10']} <{$_CONF['site_admin_url']}/moderation.php>\n\n";
    } else {
        $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid());
        $mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n";
    }
    $mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35];
    $mailbody .= "\n------------------------------\n";
    $mailbody .= "\n{$LANG08['34']}\n";
    $mailbody .= "\n------------------------------\n";
    $to = array();
    $to = COM_formatEmailAddress('', $_CONF['site_mail']);
    COM_mail($to, $mailsubject, $mailbody);
}
Exemplo n.º 11
0
/**
* Shows any new information in a block
*
* Return the HTML that shows any new stories, comments, etc
*
* @param    string  $help     Help file for block
* @param    string  $title    Title used in block header
* @param    string  $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return   string  Return the HTML that shows any new stories, comments, etc
*
*/
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
    global $_CONF, $_TABLES, $_USER, $_PLUGINS, $LANG01, $LANG_WHATSNEW, $page, $newstories;
    if (!isset($_CONF['whatsnew_cache_time'])) {
        $_CONF['whatsnew_cache_time'] = 3600;
    }
    $cacheInstance = 'whatsnew__' . CACHE_security_hash() . '__' . $_USER['theme'];
    $retval = CACHE_check_instance($cacheInstance, 0);
    if ($retval) {
        $lu = CACHE_get_instance_update($cacheInstance, 0);
        $now = time();
        if ($now - $lu < $_CONF['whatsnew_cache_time']) {
            return $retval;
        }
    }
    $T = new Template($_CONF['path_layout'] . 'blocks');
    $T->set_file('block', 'whatsnew.thtml');
    $items_found = 0;
    $header = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position), 'whats_new_block');
    $T->set_var('block_start', $header);
    $topicsql = '';
    if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $topicsql = COM_getTopicSql('AND', 0, $_TABLES['stories']);
    }
    if ($_CONF['hidenewstories'] == 0) {
        $archsql = '';
        $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
        if (!empty($archivetid)) {
            $archsql = " AND (tid <> '" . DB_escapeString($archivetid) . "')";
        }
        // Find the newest stories
        $sql = "SELECT * FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND') . ' ORDER BY date DESC';
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if (empty($title)) {
            $title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
        }
        $T->set_block('block', 'section', 'sectionblock');
        if ($nrows > 0) {
            // Any late breaking news stories?
            $T->set_var('section_title', $LANG01[99]);
            $T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']));
            $newstory = array();
            $T->set_block('block', 'datarow', 'datablock');
            while ($A = DB_fetchArray($result)) {
                $title = COM_undoSpecialChars($A['title']);
                $title = str_replace('&nbsp;', ' ', $title);
                $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                $attr = array('title' => htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt()));
                $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
                $storyitem = COM_createLink($titletouse, $url, $attr);
                $newstory[] = $storyitem;
                $T->set_var('data_item', $storyitem);
                $T->parse('datablock', 'datarow', true);
                $items_found++;
            }
            $T->parse('sectionblock', 'section', true);
        }
    }
    $T->unset_var('datablock');
    if ($_CONF['hidenewcomments'] == 0) {
        // Go get the newest comments
        $commentHeader = 0;
        $newcomments = array();
        $commentrow = array();
        // get story whats new
        $stwhere = '';
        if (!COM_isAnonUser()) {
            $stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR ";
            $stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR ";
            $stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL)";
        } else {
            $stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)";
        }
        $sql = "SELECT DISTINCT COUNT(*) AS dups, type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid, UNIX_TIMESTAMP(max({$_TABLES['comments']}.date)) AS lastdate FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid)" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.commentcode >= 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . ") WHERE ({$_TABLES['comments']}.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newcommentsinterval']} SECOND))) AND ((({$stwhere}))) GROUP BY {$_TABLES['comments']}.sid,type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid ORDER BY 5 DESC LIMIT 15";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            $T->set_var('section_title', $LANG01[83]);
            $T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']));
            $commentHeader = 1;
            for ($x = 0; $x < $nrows; $x++) {
                $A = DB_fetchArray($result);
                $A['url'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#comments';
                $commentrow[] = $A;
            }
        }
        $pluginComments = PLG_getWhatsNewComment();
        $commentrow = array_merge($pluginComments, $commentrow);
        usort($commentrow, '_commentsort');
        $nrows = count($commentrow);
        if ($nrows > 0) {
            if ($commentHeader == 0) {
                $commentHeader = 1;
                $T->set_var('section_title', $LANG01[83]);
                $T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']));
            }
            $newcomments = array();
            for ($x = 0; $x < $nrows; $x++) {
                $titletouse = '';
                $url = $commentrow[$x]['url'];
                $title = COM_undoSpecialChars($commentrow[$x]['title']);
                $title = str_replace('&nbsp;', ' ', $title);
                $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                $attr = array('title' => htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt()));
                if ($commentrow[$x]['dups'] > 1) {
                    $titletouse .= ' [+' . $commentrow[$x]['dups'] . ']';
                }
                $newcomments[] = COM_createLink($titletouse, $url, $attr);
            }
            $T->set_block('block', 'datarow', 'datablock');
            foreach ($newcomments as $comment) {
                $T->set_var('data_item', $comment);
                $T->parse('datablock', 'datarow', true);
                $items_found++;
            }
            $T->parse('sectionblock', 'section', true);
        }
    }
    $T->unset_var('datablock');
    if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $sql = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            $T->set_var('section_title', $LANG01[114]);
            $T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']));
            $newcomments = array();
            $T->set_block('block', 'datarow', 'datablock');
            for ($i = 0; $i < $nrows; $i++) {
                $titletouse = '';
                $A = DB_fetchArray($result);
                $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
                $title = COM_undoSpecialChars($A['title']);
                $title = str_replace('&nbsp;', ' ', $title);
                $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                $attr = array('title' => htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt()));
                if ($A['count'] > 1) {
                    $titletouse .= ' [+' . $A['count'] . ']';
                }
                $trackback = COM_createLink($titletouse, $url, $attr);
                $newcomments[] = $trackback;
                $T->set_var('data_item', $trackback);
                $T->parse('datablock', 'datarow', true);
                $items_found++;
            }
            $T->parse('sectionblock', 'section', true);
        }
    }
    $T->unset_var('datablock');
    if ($_CONF['hidenewplugins'] == 0) {
        list($headlines, $smallheadlines, $content) = PLG_getWhatsNew();
        $plugins = count($headlines);
        if ($plugins > 0) {
            for ($i = 0; $i < $plugins; $i++) {
                $T->set_var('section_title', $headlines[$i]);
                $T->set_var('interval', $smallheadlines[$i]);
                $T->set_block('block', 'datarow', 'datablock');
                if (is_array($content[$i])) {
                    foreach ($content[$i] as $item) {
                        $T->set_var('data_item', $item);
                        $T->parse('datablock', 'datarow', true);
                        $items_found++;
                    }
                } else {
                    $T->set_var('data_item', $content[$i]);
                    $T->parse('datablock', 'datarow', true);
                    $items_found++;
                }
                $T->parse('sectionblock', 'section', true);
                $T->unset_var('datablock');
                $T->unset_var('interval');
                $T->unset_var('section_title');
            }
        }
    }
    if ($items_found == 0) {
        $T->set_var('no_items_found', $LANG01['no_new_items']);
    } else {
        $T->set_var('no_items_found', '');
    }
    $T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position)));
    $T->parse('output', 'block');
    $final = $T->finish($T->get_var('output'));
    CACHE_create_instance($cacheInstance, $final, 0);
    return $final;
}
Exemplo n.º 12
0
/**
* Create a new password and send it to the user
*
* @param    string  $username   user's login name
* @param    string  $useremail  user's email address
* @param    int     $uid        user id of user
* @param    string  $passwd     user's password (optional)
* @return   bool                true = success, false = an error occured
*
*/
function USER_createAndSendPassword($username, $useremail, $uid, $passwd = '')
{
    global $_CONF, $_SYSTEM, $_TABLES, $LANG04;
    if (!isset($_SYSTEM['verification_token_ttl'])) {
        $_SYSTEM['verification_token_ttl'] = 86400;
    }
    $activation_link = '';
    $uid = (int) $uid;
    $storedPassword = DB_getItem($_TABLES['users'], 'passwd', 'uid=' . $uid);
    $userStatus = DB_getItem($_TABLES['users'], 'status', 'uid=' . $uid);
    if ($passwd == '' && substr($storedPassword, 0, 4) == '$H$9') {
        // no need to update password
    } else {
        if ($passwd == '') {
            $passwd = USER_createPassword(8);
        }
        $passwd2 = SEC_encryptPassword($passwd);
        DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid);
    }
    if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) {
        $template = new Template($_CONF['path_data']);
        $template->set_file(array('mail' => 'welcome_email.txt'));
        $template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}");
        $template->set_var('site_url', $_CONF['site_url']);
        $template->set_var('site_name', $_CONF['site_name']);
        $template->set_var('site_slogan', $_CONF['site_slogan']);
        $template->set_var('lang_text1', $LANG04[15]);
        $template->set_var('lang_text2', $LANG04[14]);
        $template->set_var('lang_username', $LANG04[2]);
        $template->set_var('lang_password', $LANG04[4]);
        $template->set_var('username', $username);
        $template->set_var('password', $passwd);
        $template->set_var('name', COM_getDisplayName($uid));
        $template->parse('output', 'mail');
        $mailtext = $template->get_var('output');
    } else {
        if ($userStatus == USER_ACCOUNT_AWAITING_VERIFICATION) {
            $verification_id = USER_createActivationToken($uid, $username);
            $activation_link = $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid;
            $mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n";
            $mailtext .= $LANG04[170] . "\n\n";
            $mailtext .= "----------------------------\n";
            $mailtext .= $LANG04[2] . ': ' . $username . "\n";
            $mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n";
            $mailtext .= "----------------------------\n\n";
            $mailtext .= sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600) . "\n\n";
            $mailtext .= $activation_link . "\n\n";
            $mailtext .= $LANG04[173] . "\n\n";
            $mailtext .= $LANG04[174] . "\n\n";
            $mailtext .= "--\n";
            $mailtext .= $_CONF['site_name'] . "\n";
            $mailtext .= $_CONF['site_url'] . "\n";
        } else {
            $mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n";
            $mailtext .= $LANG04[170] . "\n\n";
            $mailtext .= "----------------------------\n";
            $mailtext .= $LANG04[2] . ': ' . $username . "\n";
            if ($passwd != '') {
                $mailtext .= $LANG04[4] . ": {$passwd}\n";
            }
            $mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n";
            $mailtext .= "----------------------------\n\n";
            $mailtext .= $LANG04[14] . "\n\n";
            $mailtext .= "--\n";
            $mailtext .= $_CONF['site_name'] . "\n";
            $mailtext .= $_CONF['site_url'] . "\n";
        }
    }
    $subject = $_CONF['site_name'] . ': ' . $LANG04[16];
    if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) {
        $mailfrom = $_CONF['noreply_mail'];
        global $LANG_LOGIN;
        $mailtext .= LB . LB . $LANG04[159];
    } else {
        $mailfrom = $_CONF['site_mail'];
    }
    $to = array();
    $from = array();
    $from = COM_formatEmailAddress($_CONF['site_name'], $mailfrom);
    $to = COM_formatEmailAddress($username, $useremail);
    $subject = COM_undoSpecialChars(strip_tags($subject));
    return COM_mail($to, $subject, $mailtext, $from, false);
}
Exemplo n.º 13
0
/**
* Email ad to a friend
*
* @param    string  $ad        id of ad to email
* @param    string  $to         name of person / friend to email
* @param    string  $toemail    friend's email address
* @param    string  $from       name of person sending the email
* @param    string  $fromemail  sender's email address
* @param    string  $shortmsg   short intro text to send with the ad
* @return   string              Meta refresh
*
* Modification History
*
* Date        Author        Description
* ----        ------        -----------
* 4/17/01    Tony Bibbs    Code now allows anonymous users to send email
*                and it allows user to input a message as well
*                Thanks to Yngve Wassvik Bergheim for some of
*                this code
*
*/
function CLASSIFIEDS_mailAd($ad, $to, $toemail, $from, $fromemail, $shortmsg)
{
    global $_CONF, $_TABLES, $LANG01, $LANG08;
    // check for correct $_CONF permission
    if (COM_isAnonUser() && $_CONF['loginrequired'] == 1) {
        return $retval;
    }
    // check mail speedlimit
    COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
    if (COM_checkSpeedlimit('mail') > 0) {
        return $retval;
    }
    //Query ad
    $shortmsg = COM_stripslashes($shortmsg);
    $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
    if (strlen($shortmsg) > 0) {
        $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
    }
    // just to make sure this isn't an attempt at spamming users ...
    $result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
    if ($result > 0) {
        COM_updateSpeedlimit('mail');
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
    }
    $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB;
    if ($_CONF['contributedbyline'] == 1) {
        $author = COM_getDisplayName($story->displayElements('uid'));
        $mailtext .= $LANG01[1] . ' ' . $author . LB;
    }
    $introtext = $story->DisplayElements('introtext');
    $bodytext = $story->DisplayElements('bodytext');
    $introtext = COM_undoSpecialChars(strip_tags($introtext));
    $bodytext = COM_undoSpecialChars(strip_tags($bodytext));
    $introtext = str_replace(array("\n\r", "\r"), LB, $introtext);
    $bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext);
    $mailtext .= LB . $introtext;
    if (!empty($bodytext)) {
        $mailtext .= LB . LB . $bodytext;
    }
    $mailtext .= LB . LB . '------------------------------------------------------------' . LB;
    if ($story->DisplayElements('commentcode') == 0) {
        // comments allowed
        $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
    } else {
        // comments not allowed - just add the story's URL
        $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
    }
    $mailto = COM_formatEmailAddress($to, $toemail);
    $mailfrom = COM_formatEmailAddress($from, $fromemail);
    $subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title')));
    $sent = COM_mail($mailto, $subject, $mailtext, $mailfrom);
    if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
        $ccmessage = sprintf($LANG08[38], $to);
        $ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext;
        $sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom);
    }
    COM_updateSpeedlimit('mail');
    return $retval;
}
Exemplo n.º 14
0
/**
* Shows any new information in a block
*
* Return the HTML that shows any new stories, comments, etc
*
* @param    string  $help     Help file for block
* @param    string  $title    Title used in block header
* @param    string  $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return   string  Return the HTML that shows any new stories, comments, etc
*
*/
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
    global $_CONF, $_TABLES, $LANG01, $LANG_WHATSNEW, $page, $newstories;
    $retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position));
    $topicsql = '';
    if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $topicsql = COM_getTopicSql('AND', 0, $_TABLES['stories']);
    }
    if ($_CONF['hidenewstories'] == 0) {
        $archsql = '';
        $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
        if (!empty($archivetid)) {
            $archsql = " AND (tid <> '" . addslashes($archivetid) . "')";
        }
        // Find the newest stories
        $sql['mssql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND');
        $sql['mysql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND');
        $sql['pgsql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (NOW() - INTERVAL '{$_CONF['newstoriesinterval']} SECOND')) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND');
        $result = DB_query($sql);
        $A = DB_fetchArray($result);
        $nrows = $A['count'];
        if (empty($title)) {
            $title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
        }
        // Any late breaking news stories?
        $retval .= '<h3>' . $LANG01[99] . '</h3>';
        if ($nrows > 0) {
            $newmsg = COM_formatTimeString($LANG_WHATSNEW['new_string'], $_CONF['newstoriesinterval'], $LANG01[11], $nrows);
            if ($newstories && $page < 2) {
                $retval .= $newmsg . '<br' . XHTML . '>';
            } else {
                $retval .= COM_createLink($newmsg, $_CONF['site_url'] . '/index.php?display=new') . '<br' . XHTML . '>';
            }
        } else {
            $retval .= $LANG01[100] . '<br' . XHTML . '>';
        }
        if ($_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0 || $_CONF['hidenewplugins'] == 0) {
            $retval .= '<br' . XHTML . '>';
        }
    }
    if ($_CONF['hidenewcomments'] == 0) {
        // Go get the newest comments
        $retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>';
        $new_plugin_comments = array();
        $new_plugin_comments = PLG_getWhatsNewComment();
        if (!empty($new_plugin_comments)) {
            // Sort array by element lastdate newest to oldest
            foreach ($new_plugin_comments as $k => $v) {
                $b[$k] = strtolower($v['lastdate']);
            }
            arsort($b);
            foreach ($b as $key => $val) {
                $temp[] = $new_plugin_comments[$key];
            }
            $new_plugin_comments = $temp;
            $newcomments = array();
            $count = 0;
            foreach ($new_plugin_comments as $A) {
                $count .= +1;
                $url = '';
                $info = PLG_getItemInfo($A['type'], $A['sid'], 'url');
                if (!empty($info)) {
                    $url = $info . '#comments';
                }
                // Check to see if url (plugin may not support PLG_getItemInfo
                if (!empty($url)) {
                    $title = COM_undoSpecialChars(stripslashes($A['title']));
                    $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                    if ($title != $titletouse) {
                        $attr = array('title' => htmlspecialchars($title));
                    } else {
                        $attr = array();
                    }
                    $acomment = str_replace('$', '&#36;', $titletouse);
                    $acomment = str_replace(' ', '&nbsp;', $acomment);
                    if ($A['dups'] > 1) {
                        $acomment .= ' [+' . $A['dups'] . ']';
                    }
                    $newcomments[] = COM_createLink($acomment, $url, $attr);
                    if ($count == 15) {
                        break;
                    }
                }
            }
            $retval .= COM_makeList($newcomments, 'list-new-comments');
        } else {
            $retval .= $LANG01[86] . '<br' . XHTML . '>' . LB;
        }
        if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
            $retval .= '<br' . XHTML . '>';
        }
    }
    if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>';
        $sql['mssql'] = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
        $sql['mysql'] = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
        $sql['pgsql'] = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (NOW()+ INTERVAL '{$_CONF['newtrackbackinterval']} SECOND'))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            $newcomments = array();
            for ($i = 0; $i < $nrows; $i++) {
                $A = DB_fetchArray($result);
                $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
                $title = COM_undoSpecialChars(stripslashes($A['title']));
                $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                if ($title != $titletouse) {
                    $attr = array('title' => htmlspecialchars($title));
                } else {
                    $attr = array();
                }
                $acomment = str_replace('$', '&#36;', $titletouse);
                $acomment = str_replace(' ', '&nbsp;', $acomment);
                if ($A['count'] > 1) {
                    $acomment .= ' [+' . $A['count'] . ']';
                }
                $newcomments[] = COM_createLink($acomment, $url, $attr);
            }
            $retval .= COM_makeList($newcomments, 'list-new-trackbacks');
        } else {
            $retval .= $LANG01[115] . '<br' . XHTML . '>' . LB;
        }
        if ($_CONF['hidenewplugins'] == 0) {
            $retval .= '<br' . XHTML . '>';
        }
    }
    if ($_CONF['hidenewplugins'] == 0) {
        list($headlines, $smallheadlines, $content) = PLG_getWhatsNew();
        $plugins = count($headlines);
        if ($plugins > 0) {
            for ($i = 0; $i < $plugins; $i++) {
                $retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallheadlines[$i] . '</small></h3>';
                if (is_array($content[$i])) {
                    $retval .= COM_makeList($content[$i], 'list-new-plugins');
                } else {
                    $retval .= $content[$i];
                }
                if ($i + 1 < $plugins) {
                    $retval .= '<br' . XHTML . '>';
                }
            }
        }
    }
    $retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position));
    return $retval;
}
Exemplo n.º 15
0
/**
* Email story to a friend
*
* @param    string  $sid        id of story to email
* @param    string  $to         name of person / friend to email
* @param    string  $toemail    friend's email address
* @param    string  $from       name of person sending the email
* @param    string  $fromemail  sender's email address
* @param    string  $shortmsg   short intro text to send with the story
* @return   string              Meta refresh
*
* Modification History
*
* Date        Author        Description
* ----        ------        -----------
* 4/17/01    Tony Bibbs    Code now allows anonymous users to send email
*                and it allows user to input a message as well
*                Thanks to Yngve Wassvik Bergheim for some of
*                this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0)
{
    global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08;
    $dt = new Date('now', $_USER['tzid']);
    $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
    if ($_CONF['url_rewrite']) {
        $retURL = $storyurl . '?msg=85';
    } else {
        $retURL = $storyurl . '&amp;msg=85';
    }
    // check for correct $_CONF permission
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
        echo COM_refresh($retURL);
        exit;
    }
    // check if emailing of stories is disabled
    if ($_CONF['hideemailicon'] == 1) {
        echo COM_refresh($retURL);
        exit;
    }
    // check mail speedlimit
    COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
    if (COM_checkSpeedlimit('mail') > 0) {
        echo COM_refresh($retURL);
        exit;
    }
    $filter = sanitizer::getInstance();
    if ($html) {
        $filter->setPostmode('html');
    } else {
        $filter->setPostmode('text');
    }
    $allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']);
    $filter->setAllowedElements($allowedElements);
    $filter->setCensorData(true);
    $filter->setReplaceTags(true);
    $filter->setNamespace('glfusion', 'mail_story');
    $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND');
    $result = DB_query($sql);
    if (DB_numRows($result) == 0) {
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $A = DB_fetchArray($result);
    $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
    if (strlen($shortmsg) > 0) {
        if ($html) {
            $shortmsg = $filter->filterHTML($shortmsg);
        }
        $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
    }
    // just to make sure this isn't an attempt at spamming users ...
    $result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
    if ($result > 0) {
        COM_updateSpeedlimit('mail');
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
    }
    $dt->setTimestamp($A['day']);
    if ($html) {
        $mailtext .= '<p>------------------------------------------------------------</p>' . '<p>' . COM_undoSpecialChars($A['title']) . '</p>' . '<p>' . $dt->format($_CONF['date'], true) . '</p>';
    } else {
        $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($A['title']) . LB . $dt->format($_CONF['date'], true) . LB;
    }
    if ($_CONF['contributedbyline'] == 1) {
        $author = COM_getDisplayName($A['uid']);
        $mailtext .= $LANG01[1] . ' ' . $author . LB;
    }
    if ($html) {
        $mailtext .= '<p>' . $filter->displayText($A['introtext']) . '<br />' . $filter->displayText($A['bodytext']) . '</p>' . '<p>------------------------------------------------------------</p>';
    } else {
        $mailtext .= $filter->displayText($A['introtext']) . LB . $filter->displayText($A['bodytext']) . LB . LB . '------------------------------------------------------------' . LB;
    }
    if ($A['commentcode'] == 0) {
        // comments allowed
        $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
    } else {
        // comments not allowed - just add the story's URL
        $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
    }
    $mailto = array();
    $mailfrom = array();
    $mailto = COM_formatEmailAddress($to, $toemail);
    $mailfrom = COM_formatEmailAddress($from, $fromemail);
    $subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title']));
    $rc = COM_mail($mailto, $subject, $mailtext, $mailfrom, $html);
    COM_updateSpeedlimit('mail');
    if ($rc) {
        if ($_CONF['url_rewrite']) {
            $retval = COM_refresh($storyurl . '?msg=27');
        } else {
            $retval = COM_refresh($storyurl . '&amp;msg=27');
        }
    } else {
        // Increment numemails counter for story
        DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'");
        if ($_CONF['url_rewrite']) {
            $retval = COM_refresh($storyurl . '?msg=26');
        } else {
            $retval = COM_refresh($storyurl . '&amp;msg=26');
        }
    }
    echo COM_refresh($retval);
    exit;
}
Exemplo n.º 16
0
/**
 * Return list of articles for the Related Items block
 *
 * @param    array $tids list of topic ids
 * @param    int   $max  maximum number of items to return
 * @param    int   $trim max length of text
 * @return   array   array of links to related articles with unix timestamp as key
 */
function plugin_getrelateditems_story($tids, $max, $trim)
{
    global $_CONF, $_TABLES;
    $where_sql = '';
    $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
    if (!empty($archivetid)) {
        $where_sql = " AND (ta.tid <> '{$archivetid}')";
    }
    // Find the newest stories the user has access too
    $sql = "SELECT sid, title, UNIX_TIMESTAMP(date) s_date\n        FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n        WHERE ta.type = 'article' AND ta.id = sid AND (ta.tid IN ('" . implode("','", $tids) . "'))\n        AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . COM_getLangSQL('sid', 'AND') . "\n        GROUP BY sid ORDER BY s_date DESC LIMIT {$max}";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    $newstories = array();
    if ($nrows > 0) {
        for ($x = 0; $x < $nrows; $x++) {
            $A = DB_fetchArray($result);
            $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
            $title = COM_undoSpecialChars(stripslashes($A['title']));
            if ($trim > 0) {
                $titletouse = COM_truncate($title, $trim, '...');
            } else {
                $titletouse = $title;
            }
            if ($title != $titletouse) {
                $attr = array('title' => htmlspecialchars($title));
            } else {
                $attr = array();
            }
            $astory = str_replace('$', '&#36;', $titletouse);
            $astory = str_replace(' ', '&nbsp;', $astory);
            $newstories[$A['s_date']] = COM_createLink($astory, $url, $attr);
        }
    }
    return $newstories;
}
Exemplo n.º 17
0
/**
* Email story to a friend
*
* @param    string  $sid        id of story to email
* @param    string  $to         name of person / friend to email
* @param    string  $toemail    friend's email address
* @param    string  $from       name of person sending the email
* @param    string  $fromemail  sender's email address
* @param    string  $shortmsg   short intro text to send with the story
* @return   string              Meta refresh
*
* Modification History
*
* Date        Author        Description
* ----        ------        -----------
* 4/17/01    Tony Bibbs    Code now allows anonymous users to send email
*                and it allows user to input a message as well
*                Thanks to Yngve Wassvik Bergheim for some of
*                this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0)
{
    global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08;
    $dt = new Date('now', $_USER['tzid']);
    $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
    if ($_CONF['url_rewrite']) {
        $retURL = $storyurl . '?msg=85';
    } else {
        $retURL = $storyurl . '&amp;msg=85';
    }
    // check for correct $_CONF permission
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
        echo COM_refresh($retURL);
        exit;
    }
    // check if emailing of stories is disabled
    if ($_CONF['hideemailicon'] == 1) {
        echo COM_refresh($retURL);
        exit;
    }
    // check mail speedlimit
    COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
    if (COM_checkSpeedlimit('mail') > 0) {
        echo COM_refresh($retURL);
        exit;
    }
    $filter = sanitizer::getInstance();
    if ($html) {
        $filter->setPostmode('html');
    } else {
        $filter->setPostmode('text');
    }
    $allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']);
    $filter->setAllowedElements($allowedElements);
    $filter->setCensorData(true);
    $filter->setReplaceTags(true);
    $filter->setNamespace('glfusion', 'mail_story');
    $sql = "SELECT uid,title,introtext,bodytext,story_image,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND');
    $result = DB_query($sql);
    if (DB_numRows($result) == 0) {
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $A = DB_fetchArray($result);
    $result = PLG_checkforSpam($shortmsg, $_CONF['spamx']);
    if ($result > 0) {
        COM_updateSpeedlimit('mail');
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
    }
    USES_lib_html2text();
    $T = new Template($_CONF['path_layout'] . 'email/');
    $T->set_file(array('html_msg' => 'mailstory_html.thtml', 'text_msg' => 'mailstory_text.thtml'));
    // filter any HTML from the short message
    $shortmsg = $filter->filterHTML($shortmsg);
    $html2txt = new html2text($shortmsg, false);
    $shortmsg_text = $html2txt->get_text();
    $story_body = COM_truncateHTML($A['introtext'], 512);
    $html2txt = new html2text($story_body, false);
    $story_body_text = $html2txt->get_text();
    $dt->setTimestamp($A['day']);
    $story_date = $dt->format($_CONF['date'], true);
    $story_title = COM_undoSpecialChars($A['title']);
    $story_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
    if ($_CONF['contributedbyline'] == 1) {
        $author = COM_getDisplayName($A['uid']);
    } else {
        $author = '';
    }
    if ($A['story_image'] != '') {
        $story_image = $_CONF['site_url'] . $A['story_image'];
    } else {
        $story_image = '';
    }
    $T->set_var(array('shortmsg_html' => $shortmsg, 'shortmsg_text' => $shortmsg_text, 'story_title' => $story_title, 'story_date' => $story_date, 'story_url' => $story_url, 'author' => $author, 'story_image' => $story_image, 'story_body_html' => $story_body, 'story_body_text' => $story_body_text, 'lang_by' => $LANG01[1], 'site_name' => $_CONF['site_name'], 'from_name' => $from, 'disclaimer' => sprintf($LANG08[23], $from, $fromemail)));
    $T->parse('message_body_html', 'html_msg');
    $message_body_html = $T->finish($T->get_var('message_body_html'));
    $T->parse('message_body_text', 'text_msg');
    $message_body_text = $T->finish($T->get_var('message_body_text'));
    $msgData = array('htmlmessage' => $message_body_html, 'textmessage' => $message_body_text, 'subject' => $story_title, 'from' => array('email' => $_CONF['site_mail'], 'name' => $from), 'to' => array('email' => $toemail, 'name' => $to));
    $mailto = array();
    $mailfrom = array();
    $mailto = COM_formatEmailAddress($to, $toemail);
    $mailfrom = COM_formatEmailAddress($from, $fromemail);
    $subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title']));
    $rc = COM_mail($mailto, $msgData['subject'], $msgData['htmlmessage'], $mailfrom, true, 0, '', $msgData['textmessage']);
    COM_updateSpeedlimit('mail');
    if ($rc) {
        if ($_CONF['url_rewrite']) {
            $retval = COM_refresh($storyurl . '?msg=27');
        } else {
            $retval = COM_refresh($storyurl . '&amp;msg=27');
        }
    } else {
        // Increment numemails counter for story
        DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'");
        if ($_CONF['url_rewrite']) {
            $retval = COM_refresh($storyurl . '?msg=26');
        } else {
            $retval = COM_refresh($storyurl . '&amp;msg=26');
        }
    }
    echo COM_refresh($retval);
    exit;
}
Exemplo n.º 18
0
/**
 * Handle a pingback for an entry.
 * Also takes care of the speedlimit and spam. Assumes that the caller of this
 * function has already checked permissions!
 *
 * @param    string $id     ID of entry that got pinged
 * @param    string $type   type of that entry ('article' for stories, etc.)
 * @param    string $url    URL of the page that pinged us
 * @param    string $oururl URL that got pinged on our site
 * @return   object          XML-RPC response
 */
function PNB_handlePingback($id, $type, $url, $oururl)
{
    global $_CONF, $_TABLES, $PNB_ERROR;
    require_once 'HTTP/Request.php';
    if (!isset($_CONF['check_trackback_link'])) {
        $_CONF['check_trackback_link'] = 2;
    }
    // handle pingbacks to articles on our own site
    $skip_speedlimit = false;
    if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
        if (!isset($_CONF['pingback_self'])) {
            $_CONF['pingback_self'] = 0;
            // default: skip self-pingbacks
        }
        if ($_CONF['pingback_self'] == 0) {
            return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
        } elseif ($_CONF['pingback_self'] == 2) {
            $skip_speedlimit = true;
        }
    }
    COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
    if (!$skip_speedlimit) {
        $last = COM_checkSpeedlimit('pingback');
        if ($last > 0) {
            return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
        }
    }
    // update speed limit in any case
    COM_updateSpeedlimit('pingback');
    if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
        if ($_CONF['check_trackback_link'] & 4) {
            $parts = parse_url($url);
            if (empty($parts['host'])) {
                TRB_logRejected('Pingback: No valid URL', $url);
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            } else {
                $ip = gethostbyname($parts['host']);
                if ($ip != $_SERVER['REMOTE_ADDR']) {
                    TRB_logRejected('Pingback: IP address mismatch', $url);
                    return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                }
            }
        }
    }
    // See if we can read the page linking to us and extract at least
    // the page's title out of it ...
    $title = '';
    $excerpt = '';
    $http = new http_class();
    $http->timeout = 0;
    $http->data_timeout = 0;
    $http->debug = 0;
    $http->html_debug = 0;
    $http->user_agent = 'glFusion/' . GVERSION;
    $error = $http->GetRequestArguments($url, $arguments);
    $error = $http->Open($arguments);
    $error = $http->SendRequest($arguments);
    if ($error == "") {
        $http->ReadReplyHeaders($headers);
        if ($http->response_status == 200) {
            $error = $http->ReadWholeReplyBody($body);
            if ($error == "" || strlen($body) > 0) {
                if ($_CONF['check_trackback_link'] & 3) {
                    if (!TRB_containsBacklink($body, $oururl)) {
                        TRB_logRejected('Pingback: No link to us', $url);
                        $comment = TRB_formatComment($url);
                        PLG_spamAction($comment, $_CONF['spamx']);
                        return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
                    }
                }
                preg_match(':<title>(.*)</title>:i', $body, $content);
                if (empty($content[1])) {
                    $title = '';
                    // no title found
                } else {
                    $title = trim(COM_undoSpecialChars($content[1]));
                }
                if ($_CONF['pingback_excerpt']) {
                    // Check which character set the site that sent the Pingback
                    // is using
                    $charset = 'ISO-8859-1';
                    // default, see RFC 2616, 3.7.1
                    $ctype = $headers['content-type'];
                    $c = explode(';', $ctype);
                    foreach ($c as $ct) {
                        $ch = explode('=', trim($ct));
                        if (count($ch) === 2) {
                            if (trim($ch[0]) === 'charset') {
                                $charset = trim($ch[1]);
                                break;
                            }
                        }
                    }
                    if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) {
                        if (function_exists('mb_convert_encoding')) {
                            $body = @mb_convert_encoding($body, COM_getCharset(), $charset);
                        } elseif (function_exists('iconv')) {
                            $body = @iconv($charset, COM_getCharset(), $body);
                        }
                    }
                    $excerpt = PNB_makeExcerpt($body, $oururl);
                }
                // we could also run the rest of the other site's page
                // through the spam filter here ...
            } else {
                COM_errorLog("Pingback verification: unable to retrieve response body");
                return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
            }
        } else {
            COM_errorLog("Pingback verification: Got HTTP response code " . $http->response_status . " when requesting {$url}");
            return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
        }
    } else {
        COM_errorLog("Pingback verification: " . $error . " when requesting " . $url);
        return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
    }
    // check for spam first
    $saved = TRB_checkForSpam($url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_SPAM) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
    }
    // save as a trackback comment
    $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
    if ($saved == TRB_SAVE_REJECT) {
        return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
    }
    if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
        TRB_sendNotificationEmail($saved, 'pingback');
    }
    return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
Exemplo n.º 19
0
/**
* Shows any new information in a block
*
* Return the HTML that shows any new stories, comments, etc
*
* @param    string  $help     Help file for block
* @param    string  $title    Title used in block header
* @param    string  $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return   string  Return the HTML that shows any new stories, comments, etc
*
*/
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
    global $_CONF, $_TABLES, $_USER, $LANG01, $LANG_WHATSNEW, $page, $newstories;
    $retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position));
    $topicsql = '';
    if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $topicsql = COM_getTopicSql('AND', 0, $_TABLES['stories']);
    }
    if ($_CONF['hidenewstories'] == 0) {
        $archsql = '';
        $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
        if (!empty($archivetid)) {
            $archsql = " AND (tid <> '" . addslashes($archivetid) . "')";
        }
        // Find the newest stories
        $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND');
        $result = DB_query($sql);
        $A = DB_fetchArray($result);
        $nrows = $A['count'];
        if (empty($title)) {
            $title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
        }
        // Any late breaking news stories?
        $retval .= '<h3>' . $LANG01[99] . '</h3>';
        if ($nrows > 0) {
            $newmsg = COM_formatTimeString($LANG_WHATSNEW['new_string'], $_CONF['newstoriesinterval'], $LANG01[11], $nrows);
            if ($newstories && $page < 2) {
                $retval .= $newmsg . '<br' . XHTML . '>';
            } else {
                $retval .= COM_createLink($newmsg, $_CONF['site_url'] . '/index.php?display=new') . '<br' . XHTML . '>';
            }
        } else {
            $retval .= $LANG01[100] . '<br' . XHTML . '>';
        }
        if ($_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0 || $_CONF['hidenewplugins'] == 0) {
            $retval .= '<br' . XHTML . '>';
        }
    }
    if ($_CONF['hidenewcomments'] == 0) {
        // Go get the newest comments
        $retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>';
        $stwhere = '';
        if (!COM_isAnonUser()) {
            $stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR ";
            $stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR ";
            $stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL)";
        } else {
            $stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)";
        }
        $sql = "SELECT DISTINCT COUNT(*) AS dups, type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid, max({$_TABLES['comments']}.date) AS lastdate FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid)" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.commentcode >= 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . ") WHERE ({$_TABLES['comments']}.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newcommentsinterval']} SECOND))) AND ((({$stwhere}))) GROUP BY {$_TABLES['comments']}.sid,type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid ORDER BY 5 DESC LIMIT 15";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            $newcomments = array();
            for ($x = 0; $x < $nrows; $x++) {
                $A = DB_fetchArray($result);
                if ($A['type'] == 'article' || empty($A['type'])) {
                    $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#comments';
                }
                $title = COM_undoSpecialChars(stripslashes($A['title']));
                $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                if ($title != $titletouse) {
                    $attr = array('title' => htmlspecialchars($title));
                } else {
                    $attr = array();
                }
                $acomment = str_replace('$', '&#36;', $titletouse);
                $acomment = str_replace(' ', '&nbsp;', $acomment);
                if ($A['dups'] > 1) {
                    $acomment .= ' [+' . $A['dups'] . ']';
                }
                $newcomments[] = COM_createLink($acomment, $url, $attr);
            }
            $retval .= COM_makeList($newcomments, 'list-new-comments');
        } else {
            $retval .= $LANG01[86] . '<br' . XHTML . '>' . LB;
        }
        if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
            $retval .= '<br' . XHTML . '>';
        }
    }
    if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>';
        $sql = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            $newcomments = array();
            for ($i = 0; $i < $nrows; $i++) {
                $A = DB_fetchArray($result);
                $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
                $title = COM_undoSpecialChars(stripslashes($A['title']));
                $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                if ($title != $titletouse) {
                    $attr = array('title' => htmlspecialchars($title));
                } else {
                    $attr = array();
                }
                $acomment = str_replace('$', '&#36;', $titletouse);
                $acomment = str_replace(' ', '&nbsp;', $acomment);
                if ($A['count'] > 1) {
                    $acomment .= ' [+' . $A['count'] . ']';
                }
                $newcomments[] = COM_createLink($acomment, $url, $attr);
            }
            $retval .= COM_makeList($newcomments, 'list-new-trackbacks');
        } else {
            $retval .= $LANG01[115] . '<br' . XHTML . '>' . LB;
        }
        if ($_CONF['hidenewplugins'] == 0) {
            $retval .= '<br' . XHTML . '>';
        }
    }
    if ($_CONF['hidenewplugins'] == 0) {
        list($headlines, $smallheadlines, $content) = PLG_getWhatsNew();
        $plugins = count($headlines);
        if ($plugins > 0) {
            for ($i = 0; $i < $plugins; $i++) {
                $retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallheadlines[$i] . '</small></h3>';
                if (is_array($content[$i])) {
                    $retval .= COM_makeList($content[$i], 'list-new-plugins');
                } else {
                    $retval .= $content[$i];
                }
                if ($i + 1 < $plugins) {
                    $retval .= '<br' . XHTML . '>';
                }
            }
        }
    }
    $retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position));
    return $retval;
}
Exemplo n.º 20
0
/**
* Email story to a friend
*
* @param    string  $sid        id of story to email
* @param    string  $to         name of person / friend to email
* @param    string  $toemail    friend's email address
* @param    string  $from       name of person sending the email
* @param    string  $fromemail  sender's email address
* @param    string  $shortmsg   short intro text to send with the story
* @return   string              Meta refresh
*
* Modification History
*
* Date        Author        Description
* ----        ------        -----------
* 4/17/01    Tony Bibbs    Code now allows anonymous users to send email
*                and it allows user to input a message as well
*                Thanks to Yngve Wassvik Bergheim for some of
*                this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg)
{
    global $_CONF, $_TABLES, $LANG01, $LANG08;
    require_once $_CONF['path_system'] . 'lib-story.php';
    $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
    if ($_CONF['url_rewrite']) {
        $retval = COM_refresh($storyurl . '?msg=85');
    } else {
        $retval = COM_refresh($storyurl . '&amp;msg=85');
    }
    // check for correct $_CONF permission
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
        return $retval;
    }
    // check if emailing of stories is disabled
    if ($_CONF['hideemailicon'] == 1) {
        return $retval;
    }
    // check mail speedlimit
    COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
    if (COM_checkSpeedlimit('mail') > 0) {
        return $retval;
    }
    $story = new Story();
    $result = $story->loadFromDatabase($sid, 'view');
    if ($result != STORY_LOADED_OK) {
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $shortmsg = COM_stripslashes($shortmsg);
    $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
    if (strlen($shortmsg) > 0) {
        $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
    }
    // just to make sure this isn't an attempt at spamming users ...
    $result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
    if ($result > 0) {
        COM_updateSpeedlimit('mail');
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
    }
    $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB;
    if ($_CONF['contributedbyline'] == 1) {
        $author = COM_getDisplayName($story->displayElements('uid'));
        $mailtext .= $LANG01[1] . ' ' . $author . LB;
    }
    $introtext = $story->DisplayElements('introtext');
    $bodytext = $story->DisplayElements('bodytext');
    $introtext = COM_undoSpecialChars(strip_tags($introtext));
    $bodytext = COM_undoSpecialChars(strip_tags($bodytext));
    $introtext = str_replace(array("\n\r", "\r"), LB, $introtext);
    $bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext);
    $mailtext .= LB . $introtext;
    if (!empty($bodytext)) {
        $mailtext .= LB . LB . $bodytext;
    }
    $mailtext .= LB . LB . '------------------------------------------------------------' . LB;
    if ($story->DisplayElements('commentcode') == 0) {
        // comments allowed
        $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
    } else {
        // comments not allowed - just add the story's URL
        $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
    }
    $mailto = COM_formatEmailAddress($to, $toemail);
    $mailfrom = COM_formatEmailAddress($from, $fromemail);
    $subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title')));
    $sent = COM_mail($mailto, $subject, $mailtext, $mailfrom);
    if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
        $ccmessage = sprintf($LANG08[38], $to);
        $ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext;
        $sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom);
    }
    COM_updateSpeedlimit('mail');
    // Increment numemails counter for story
    DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '{$sid}'");
    if ($_CONF['url_rewrite']) {
        $retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85'));
    } else {
        $retval = COM_refresh($storyurl . '&amp;msg=' . ($sent ? '27' : '85'));
    }
    return $retval;
}
Exemplo n.º 21
0
/**
 * Shows any new information in a block
 * Return the HTML that shows any new stories, comments, etc
 *
 * @param    string $help     Help file for block
 * @param    string $title    Title used in block header
 * @param    string $position Position in which block is being rendered 'left', 'right' or blank (for centre)
 * @return   string           Return the HTML that shows any new stories, comments, etc
 */
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
    global $_CONF, $_TABLES, $LANG01, $LANG_WHATSNEW;
    if ($_CONF['whatsnew_cache_time'] > 0) {
        $cacheInstance = 'whatsnew__' . CACHE_security_hash() . '__' . $_CONF['theme'];
        $retval = CACHE_check_instance($cacheInstance);
        if ($retval) {
            $lu = CACHE_get_instance_update($cacheInstance);
            $now = time();
            if ($now - $lu < $_CONF['whatsnew_cache_time']) {
                return $retval;
            }
        }
    }
    $retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position));
    $topicSql = '';
    if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $topicSql = COM_getTopicSQL('AND', 0, 'ta');
    }
    if ($_CONF['hidenewstories'] == 0) {
        $where_sql = " AND ta.type = 'article' AND ta.id = sid";
        $archiveTid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
        if (!empty($archiveTid)) {
            $where_sql .= " AND (ta.tid <> '{$archiveTid}')";
        }
        // Find the newest stories
        $sql['mysql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n            WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n            GROUP BY sid, title, date ORDER BY date DESC";
        $sql['pgsql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n            WHERE (date >= (NOW() - INTERVAL '{$_CONF['newstoriesinterval']} SECOND')) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n            GROUP BY sid, title, date ORDER BY date DESC";
        $result = DB_query($sql);
        $numRows = DB_numRows($result);
        if (empty($title)) {
            $title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
        }
        // Any late breaking news stories?
        $retval .= '<h3>' . $LANG01[99] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newstoriesinterval']) . '</small></h3>';
        if ($numRows > 0) {
            $newArticles = array();
            for ($x = 0; $x < $numRows; $x++) {
                $A = DB_fetchArray($result);
                $url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
                $title = COM_undoSpecialChars(stripslashes($A['title']));
                $titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                if ($title != $titleToUse) {
                    $attr = array('title' => htmlspecialchars($title));
                } else {
                    $attr = array();
                }
                $anchorText = str_replace('$', '&#36;', $titleToUse);
                $anchorText = str_replace(' ', '&nbsp;', $anchorText);
                $newArticles[] = COM_createLink($anchorText, $url, $attr);
            }
            $retval .= COM_makeList($newArticles, 'list-new-plugins');
        } else {
            $retval .= $LANG01[100] . '<br' . XHTML . '>' . LB;
            // No new stories
        }
        if ($_CONF['hidenewcomments'] == 0 || $_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
            $retval .= '<div class="divider-whats-new"></div>';
        }
    }
    if ($_CONF['hidenewcomments'] == 0) {
        // Go get the newest comments
        $retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>';
        $new_plugin_comments = PLG_getWhatsNewComment();
        if (!empty($new_plugin_comments)) {
            // Sort array by element lastdate newest to oldest
            foreach ($new_plugin_comments as $k => $v) {
                $b[$k] = strtolower($v['lastdate']);
            }
            arsort($b);
            $temp = array();
            foreach ($b as $key => $val) {
                $temp[] = $new_plugin_comments[$key];
            }
            $new_plugin_comments = $temp;
            $newComments = array();
            $count = 0;
            foreach ($new_plugin_comments as $A) {
                $count .= +1;
                $url = '';
                $info = PLG_getItemInfo($A['type'], $A['sid'], 'url');
                if (!empty($info)) {
                    $url = $info . '#comments';
                }
                // Check to see if url (plugin may not support PLG_getItemInfo
                if (!empty($url)) {
                    $title = COM_undoSpecialChars(stripslashes($A['title']));
                    $titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                    if ($title != $titleToUse) {
                        $attr = array('title' => htmlspecialchars($title));
                    } else {
                        $attr = array();
                    }
                    $anchorComment = str_replace('$', '&#36;', $titleToUse);
                    $anchorComment = str_replace(' ', '&nbsp;', $anchorComment);
                    if ($A['dups'] > 1) {
                        $anchorComment .= ' [+' . $A['dups'] . ']';
                    }
                    $newComments[] = COM_createLink($anchorComment, $url, $attr);
                    if ($count == 15) {
                        break;
                    }
                }
            }
            $retval .= COM_makeList($newComments, 'list-new-comments');
        } else {
            $retval .= $LANG01[86] . '<br' . XHTML . '>' . LB;
        }
        if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
            $retval .= '<div class="divider-whats-new"></div>';
        }
    }
    if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>';
        $sql['mysql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n            FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n            WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n            GROUP BY t.sid, s.title\n            ORDER BY lastdate DESC LIMIT 15";
        $sql['pgsql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n            FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n            WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (NOW()+ INTERVAL '{$_CONF['newtrackbackinterval']} SECOND'))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n            GROUP BY t.sid, s.title\n            ORDER BY lastdate DESC LIMIT 15";
        $result = DB_query($sql);
        $numRows = DB_numRows($result);
        if ($numRows > 0) {
            $newComments = array();
            for ($i = 0; $i < $numRows; $i++) {
                $A = DB_fetchArray($result);
                $url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
                $title = COM_undoSpecialChars(stripslashes($A['title']));
                $titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                if ($title != $titleToUse) {
                    $attr = array('title' => htmlspecialchars($title));
                } else {
                    $attr = array();
                }
                $anchorComment = str_replace('$', '&#36;', $titleToUse);
                $anchorComment = str_replace(' ', '&nbsp;', $anchorComment);
                if ($A['count'] > 1) {
                    $anchorComment .= ' [+' . $A['count'] . ']';
                }
                $newComments[] = COM_createLink($anchorComment, $url, $attr);
            }
            $retval .= COM_makeList($newComments, 'list-new-trackbacks');
        } else {
            $retval .= $LANG01[115] . '<br' . XHTML . '>' . LB;
        }
        if ($_CONF['hidenewplugins'] == 0) {
            $retval .= '<div class="divider-whats-new"></div>';
        }
    }
    if ($_CONF['hidenewplugins'] == 0) {
        list($headlines, $smallHeadlines, $content) = PLG_getWhatsNew();
        $plugins = count($headlines);
        if ($plugins > 0) {
            for ($i = 0; $i < $plugins; $i++) {
                $retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallHeadlines[$i] . '</small></h3>';
                if (is_array($content[$i])) {
                    $retval .= COM_makeList($content[$i], 'list-new-plugins');
                } else {
                    $retval .= $content[$i];
                }
                if ($i + 1 < $plugins) {
                    $retval .= '<div class="divider-whats-new"></div>';
                }
            }
        }
    }
    $retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position));
    if ($_CONF['whatsnew_cache_time'] > 0) {
        CACHE_create_instance($cacheInstance, $retval);
    }
    return $retval;
}