function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = getComment(); $evaluator =& get_comment_evaluator(); extract($in); if (!checkCommentsAllowed($parentid)) { txp_die(gTxt('comments_closed'), '403'); } $ip = serverset('REMOTE_ADDR'); if (!checkBan($ip)) { txp_die(gTxt('you_have_been_banned'), '403'); } $blacklisted = is_blacklisted($ip); if ($blacklisted) { txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403'); } $web = clean_url($web); $email = clean_url($email); if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) { setCookies($name, $email, $web); } else { destroyCookies(); } $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(strip_tags(deEntBrackets($web))); $email = doSlash(strip_tags(deEntBrackets($email))); $message = substr(trim($message), 0, 65535); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'"); if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) { $evaluator->add_estimate(RELOAD, 1); // The error-messages are added in the preview-code } if ($isdup) { $evaluator->add_estimate(RELOAD, 1); } // FIXME? Tell the user about dupe? if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) { callback_event('comment.save'); $visible = $evaluator->get_result(); if ($visible != RELOAD) { $parentid = assert_int($parentid); $rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'"); if ($prefs['comment_means_site_updated']) { update_lastmod(); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid, $rs); } $updated = update_comments_count($parentid); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage; if (defined('PARTLY_MESSY') and PARTLY_MESSY) { $backpage = permlinkurl_id($parentid); } $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0'); txp_status_header('302 Found'); if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } log_hit('302'); $evaluator->write_trace(); exit; } } } // Force another Preview $_POST['preview'] = RELOAD; //$evaluator->write_trace(); }
function file_download_send($event, $step) { // just a quick transplant from publish.php, this could stand some refactoring global $pretext, $prefs; extract($prefs); extract($pretext); // we are dealing with a download # if (@$s == 'file_download') { $file_error = 0; $file = safe_row('*', 'txp_file', "id='" . doSlash($pretext['tail'][1]) . "' and status >= 4"); if (!$file) { $file_error = 404; } if (!$file_error) { extract($file); $fullpath = build_file_path($file_base_path, $filename); if (is_file($fullpath)) { // discard any error php messages ob_clean(); $filesize = filesize($fullpath); $sent = 0; header('Content-Description: File Download'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($filename) . '"; size = "' . $filesize . '"'); // Fix for lame IE 6 pdf bug on servers configured to send cache headers header('Cache-Control: private'); @ini_set("zlib.output_compression", "Off"); @set_time_limit(0); @ignore_user_abort(true); if ($file = fopen($fullpath, 'rb')) { while (!feof($file) and connection_status() == 0) { echo fread($file, 1024 * 64); $sent += 1024 * 64; ob_flush(); flush(); } fclose($file); // record download if (connection_status() == 0 and !connection_aborted()) { safe_update("txp_file", "downloads=downloads+1", "id='" . intval($id) . "'"); } else { $pretext['request_uri'] .= "#aborted-at-" . floor($sent * 100 / $filesize) . "%"; logit(); } } } else { $file_error = 404; } # } // deal with error if ($file_error) { switch ($file_error) { case 403: txp_die(gTxt('403_forbidden'), '403'); break; case 404: txp_die(gTxt('404_not_found'), '404'); break; default: txp_die(gTxt('500_internal_server_error'), '500'); break; } } // download done exit(0); } }
function assert_system_requirements() { if (version_compare(REQUIRED_PHP_VERSION, PHP_VERSION) > 0) { txp_die('This server runs PHP version ' . PHP_VERSION . '. Textpattern needs PHP version ' . REQUIRED_PHP_VERSION . ' or better.'); } }
function textpattern() { global $pretext, $microstart, $prefs, $qcount, $qtime, $production_status, $txptrace, $siteurl, $has_article_tag; $has_article_tag = false; callback_event('textpattern'); if ($pretext['status'] == '404') { txp_die(gTxt('404_not_found'), '404'); } if ($pretext['status'] == '410') { txp_die(gTxt('410_gone'), '410'); } $html = safe_field('user_html', 'txp_page', "name='" . doSlash($pretext['page']) . "'"); if (!$html) { txp_die(gTxt('unknown_section'), '404'); } // useful for clean urls with error-handlers txp_status_header('200 OK'); trace_add('[' . gTxt('page') . ': ' . $pretext['page'] . ']'); set_error_handler("tagErrorHandler"); $pretext['secondpass'] = false; $html = parse($html); $pretext['secondpass'] = true; trace_add('[ ~~~ ' . gTxt('secondpass') . ' ~~~ ]'); $html = parse($html); // the function so nice, he ran it twice if ($prefs['allow_page_php_scripting']) { $html = evalString($html); } // make sure the page has an article tag if necessary if (!$has_article_tag and $production_status != 'live' and (!empty($pretext['id']) or !empty($pretext['c']) or !empty($pretext['q']) or !empty($pretext['pg']))) { trigger_error(gTxt('missing_article_tag', array('{page}' => $pretext['page']))); } restore_error_handler(); header("Content-type: text/html; charset=utf-8"); echo $html; if (in_array($production_status, array('debug', 'testing'))) { $microdiff = getmicrotime() - $microstart; echo n, comment('Runtime: ' . substr($microdiff, 0, 6)); echo n, comment('Query time: ' . sprintf('%02.6f', $qtime)); echo n, comment('Queries: ' . $qcount); echo maxMemUsage('end of textpattern()', 1); if (!empty($txptrace) and is_array($txptrace)) { echo n, comment('txp tag trace: ' . n . str_replace('--', '­­', join(n, $txptrace)) . n); } // '­­' is *no* tribute to Kajagoogoo, but an attempt to avoid prematurely terminating HTML comments } callback_event('textpattern_end'); }
function output_file_download($filename) { global $file_error, $file_base_path, $pretext; callback_event('file_download'); if (!isset($file_error)) { $filename = sanitizeForFile($filename); $fullpath = build_file_path($file_base_path, $filename); if (is_file($fullpath)) { // Discard any error PHP messages. ob_clean(); $filesize = filesize($fullpath); $sent = 0; header('Content-Description: File Download'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $filename . '"; size = "' . $filesize . '"'); // Fix for IE6 PDF bug on servers configured to send cache headers. header('Cache-Control: private'); @ini_set("zlib.output_compression", "Off"); @set_time_limit(0); @ignore_user_abort(true); if ($file = fopen($fullpath, 'rb')) { while (!feof($file) and connection_status() == 0) { echo fread($file, 1024 * 64); $sent += 1024 * 64; ob_flush(); flush(); } fclose($file); // Record download. if (connection_status() == 0 and !connection_aborted()) { safe_update('txp_file', "downloads = downloads + 1", "id = " . intval($pretext['id'])); } else { $pretext['request_uri'] .= $sent >= $filesize ? '#aborted' : "#aborted-at-" . floor($sent * 100 / $filesize) . "%"; } log_hit('200'); } } else { $file_error = 404; } } // Deal with error. if (isset($file_error)) { switch ($file_error) { case 403: txp_die(gTxt('403_forbidden'), '403'); break; case 404: txp_die(gTxt('404_not_found'), '404'); break; default: txp_die(gTxt('500_internal_server_error'), '500'); break; } } }
function atom() { global $thisarticle; set_error_handler('feedErrorHandler'); ob_clean(); extract($GLOBALS['prefs']); define("t_texthtml", ' type="text/html"'); define("t_text", ' type="text"'); define("t_html", ' type="html"'); define("t_xhtml", ' type="xhtml"'); define('t_appxhtml', ' type="xhtml"'); define("r_relalt", ' rel="alternate"'); define("r_relself", ' rel="self"'); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); extract(doSlash(gpsa(array('limit', 'area')))); // build filter criteria from a comma-separated list of sections and categories $feed_filter_limit = get_pref('feed_filter_limit', 10); $section = gps('section'); $section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array(); $category = gps('category'); $category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array(); $st = array(); foreach ($section as $s) { $st[] = fetch_section_title($s); } $ct = array(); foreach ($category as $c) { $ct[] = fetch_category_title($c); } $sitename .= $section ? ' - ' . join(' - ', $st) : ''; $sitename .= $category ? ' - ' . join(' - ', $ct) : ''; $pub = safe_row("RealName, email", "txp_users", "privs=1"); // feed header $out[] = tag(htmlspecialchars($sitename), 'title', t_text); $out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text); $out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />'; $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />'; //Atom feeds with mail or domain name $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . join(',', $section) : '') . ($category ? '/' . join(',', $category) : ''), 'id'); $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"'); $out[] = tag(safe_strftime("w3cdtf", $last), 'updated'); $auth[] = tag($pub['RealName'], 'name'); $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : ''; $auth[] = tag(hu, 'uri'); $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author'); $out[] = callback_event('atom_head'); // feed items $articles = array(); $section = doSlash($section); $category = doSlash($category); if (!$area or $area == 'article') { $sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : ''; $cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", "txp_section", "in_rss != '1'"); $query = array(); foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } $query[] = $sfilter; $query[] = $cfilter; $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') '; $rs = safe_rows_start("*,\n\t\t\t\tID as thisid,\n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(Expires) as uExpires,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() {$expired}" . join(' ', $query) . "order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event('atom_entry'); $e = array(); $a['posted'] = $uPosted; if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $thisauthor = get_author_name($AuthorID); $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author'); $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published'); $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated'); $escaped_title = htmlspecialchars($Title); $e['title'] = tag($escaped_title . $count, 'title', t_html); $permlink = permlinkurl($a); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />'; $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id'); $e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : ''; $e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : ''; $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if (trim($content)) { $e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html); } if (trim($summary)) { $e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html); } $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uLastMod; } } } elseif ($area == 'link') { $cfilter = $category ? "category='" . $category . "'" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc, id desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $e['title'] = tag(htmlspecialchars($linkname), 'title', t_html); $e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html); $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url); $url = preg_replace("/&((?U).*)=/", "&\\1=", $url); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />'; $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published'); $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated'); $e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id'); $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!$articles) { if ($section) { if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) { txp_die(gTxt('404_not_found'), '404'); } } elseif ($category) { switch ($area) { case 'link': if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; case 'article': default: if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; } } } else { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { // make sure notices/warnings/errors don't fudge up the feed // when compression is used $buf = ''; while ($b = @ob_get_clean()) { $buf .= $b; } @ob_start('ob_gzhandler'); echo $buf; } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id])) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { txp_status_header('304 Not Modified'); exit(0); } if ($etag) { header('ETag: "' . $etag . '"'); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } } $out = array_merge($out, $articles); header('Content-type: application/atom+xml; charset=utf-8'); return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>'; }
function password_protect($atts, $thing = null) { ob_start(); extract(lAtts(array('login' => null, 'pass' => null, 'privs' => null), $atts)); if ($pass === null) { $access = ($user = is_logged_in($login)) !== false && ($privs === null || in_list($user['privs'], $privs)); } else { $au = serverSet('PHP_AUTH_USER'); $ap = serverSet('PHP_AUTH_PW'); // For PHP as (f)cgi, two rules in htaccess often allow this workaround. $ru = serverSet('REDIRECT_REMOTE_USER'); if (!$au && !$ap && strpos($ru, 'Basic') === 0) { list($au, $ap) = explode(':', base64_decode(substr($ru, 6))); } $access = $au === $login && $ap === $pass; } if ($access === false && $pass !== null) { header('WWW-Authenticate: Basic realm="Private"'); } if ($thing === null) { if ($access === false) { txp_die(gTxt('auth_required'), '401'); } return ''; } return parse(EvalElse($thing, $access)); }
/** * Update preferences from submitted form */ private function update_prefs() { foreach (self::$preferences as $key => $pref) { $this->set_pref($key, gps($this->prefix($key))); } txp_die('', '302', '?event=plugin_prefs.' . self::$slug); }
function password_protect($atts) { ob_start(); extract(lAtts(array('login' => '', 'pass' => ''), $atts)); $au = serverSet('PHP_AUTH_USER'); $ap = serverSet('PHP_AUTH_PW'); //For php as (f)cgi, two rules in htaccess often allow this workaround $ru = serverSet('REDIRECT_REMOTE_USER'); if ($ru && !$au && !$ap && substr($ru, 0, 5) == 'Basic') { list($au, $ap) = explode(':', base64_decode(substr($ru, 6))); } if ($login && $pass) { if (!$au || !$ap || $au != $login || $ap != $pass) { header('WWW-Authenticate: Basic realm="Private"'); txp_die(gTxt('auth_required'), '401'); } } }
function _textpattern_end() { // Redirect to a 404 if the page number is greater than the max number of pages // Has to be after textpattern() as $thispage is set during <txp:article /> global $thispage, $pretext; if (@$pretext['pg'] && isset($thispage) && $thispage['numPages'] < $pretext['pg']) { ob_end_clean(); txp_die(gTxt('404_not_found'), '404'); } // Stop output buffering, this sends the buffer to _textpattern_end_callback() while (@ob_end_flush()) { } }
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = getComment(); $evaluator =& get_comment_evaluator(); extract($in); if (!checkCommentsAllowed($parentid)) { txp_die(gTxt('comments_closed'), '403'); } $ip = serverset('REMOTE_ADDR'); if (!checkBan($ip)) { txp_die(gTxt('you_have_been_banned'), '403'); } $blacklisted = is_blacklisted($ip); if ($blacklisted) { txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403'); } $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(clean_url(strip_tags(deEntBrackets($web)))); $email = doSlash(clean_url(strip_tags(deEntBrackets($email)))); $message = trim($message); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'"); if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) { $evaluator->add_estimate(RELOAD, 1); // The error-messages are added in the preview-code } if ($isdup) { $evaluator->add_estimate(RELOAD, 1); } // FIXME? Tell the user about dupe? if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) { callback_event('comment.save'); $visible = $evaluator->get_result(); if ($visible != RELOAD) { $rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'"); if ($prefs['comment_means_site_updated']) { safe_update("txp_prefs", "val=now()", "name='lastmod'"); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid, $rs); } $updated = update_comments_count($parentid); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0'); txp_status_header('302 Found'); if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } if ($prefs['logging'] == 'refer') { logit('refer'); } elseif ($prefs['logging'] == 'all') { logit(); } $evaluator->write_trace(); exit; } } } // Force another Preview $_POST['preview'] = RELOAD; //$evaluator->write_trace(); }
function password_protect($atts) { ob_start(); extract(lAtts(array('login' => '', 'pass' => ''), $atts)); $au = serverSet('PHP_AUTH_USER'); $ap = serverSet('PHP_AUTH_PW'); if ($login && $pass) { if (!$au || !$ap || $au != $login || $ap != $pass) { header('WWW-Authenticate: Basic realm="Private"'); txp_die(gTxt('auth_required'), '401'); } } }
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember')); extract($in); if (!checkCommentsAllowed($parentid)) { txp_die(gTxt('comments_closed'), '403'); } if ($prefs['comments_require_name']) { if (!trim($name)) { exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } } if ($prefs['comments_require_email']) { if (!trim($email)) { exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } } if (!trim($message)) { exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>')); } $ip = serverset('REMOTE_ADDR'); $message = trim($message); $blacklisted = is_blacklisted($ip); $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(clean_url(strip_tags(deEntBrackets($web)))); $email = doSlash(clean_url(strip_tags(deEntBrackets($email)))); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'"); if (checkBan($ip)) { if ($blacklisted == false) { if (!$isdup) { if (checkNonce($nonce)) { $visible = $comments_moderate ? 0 : 1; $rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'"); if ($prefs['comment_means_site_updated']) { safe_update("txp_prefs", "val=now()", "name='lastmod'"); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid); } $updated = update_comments_count($parentid); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1'; txp_status_header('302 Found'); if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } } } // end check nonce } // end check dup } else { txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403'); } // end check blacklist } else { txp_die(gTxt('you_have_been_banned'), '403'); } // end check site ban }
function render_feed($rs, $area, $type, $feedtitle, $atom_self_ref, $atom_id_ext) { global $prefs, $thisarticle; extract($prefs); set_error_handler('tagErrorHandler'); $atom = $type == 'atom'; if ($atom) { define("t_texthtml", ' type="text/html"'); define("t_text", ' type="text"'); define("t_html", ' type="html"'); define("t_xhtml", ' type="xhtml"'); define('t_appxhtml', ' type="xhtml"'); define("r_relalt", ' rel="alternate"'); define("r_relself", ' rel="self"'); } else { define("t_texthtml", ''); define("t_text", ''); define("t_html", ''); define("t_xhtml", ''); define('t_appxhtml', ''); define("r_relalt", ''); define("r_relself", ''); } $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); if ($atom) { $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"'); $out[] = tag(htmlspecialchars($feedtitle), 'title', t_text); $out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text); $out[] = tag(safe_strftime("w3cdtf", $last), 'updated'); $out[] = '<link' . r_relself . ' href="' . $atom_self_ref . '" />'; $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />'; //Atom feeds with mail or domain name $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . $atom_id_ext, 'id'); $pub = safe_row("RealName, email", "txp_users", "privs=1"); $auth[] = tag($pub['RealName'], 'name'); $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : ''; $auth[] = tag(hu, 'uri'); $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author'); } else { $out[] = tag('http://textpattern.com/?v=' . $version, 'generator'); $out[] = tag(doSpecial($feedtitle), 'title'); $out[] = tag(doSpecial($site_slogan), 'description'); $out[] = tag(safe_strftime('rfc822', $last), 'pubDate'); $out[] = tag(hu, 'link'); $out[] = '<atom:link href="' . $atom_self_ref . '" rel="self" type="application/rss+xml" />'; } $out[] = callback_event($atom ? 'atom_head' : 'rss_head'); $articles = array(); if (!$area or $area == 'article') { if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event($atom ? 'atom_entry' : 'rss_entry'); $e = array(); $thisauthor = doSpecial(get_author_name($AuthorID)); $thisauthor = tag($thisauthor, $atom ? 'name' : 'dc:creator'); if ($atom) { $thisauthor = tag(n . t . t . t . $thisauthor . n . t . t, 'author'); } $e['thisauthor'] = $thisauthor; if ($atom) { $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published'); } else { $e['issued'] = tag(safe_strftime('rfc822', $uPosted), 'pubDate'); } if ($atom) { $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated'); $e['category1'] = trim($Category1) ? '<category term="' . doSpecial($Category1) . '" />' : ''; $e['category2'] = trim($Category2) ? '<category term="' . doSpecial($Category2) . '" />' : ''; } $count = ''; if ($show_comment_count_in_feed && $comments_count > 0) { $count = ' [' . $comments_count . ']'; } $escaped_title = $atom ? htmlspecialchars($Title) : htmlspecialchars(strip_tags($Title)); $e['title'] = tag($escaped_title . $count, 'title', t_html); $a['posted'] = $uPosted; $permlink = permlinkurl($a); if ($atom) { $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />'; } else { $e['link'] = tag($permlink, 'link'); } $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, $atom ? 'id' : 'guid', $atom ? '' : ' isPermaLink="false"'); $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if (trim($summary)) { $e['summary'] = tag(n . escape_cdata($summary) . n, $atom ? 'summary' : 'description', t_html); } if (trim($content)) { $e['content'] = tag(n . escape_cdata($content) . n, $atom ? 'content' : 'content:encoded', t_html); } $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, $atom ? 'entry' : 'item'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $atom ? $uLastMod : $uPosted; } } } elseif ($area == 'link') { if ($rs) { while ($a = nextRow($rs)) { extract($a); $e['title'] = tag(doSpecial($linkname), 'title', t_html); if ($atom) { $e['content'] = tag(n . doSpecial($description) . n, 'content', t_html); $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url); $url = preg_replace("/&((?U).*)=/", "&\\1=", $url); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />'; $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published'); $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated'); $e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id'); } else { $e['content'] = tag(doSpecial($description), 'description'); $e['link'] = tag(doSpecial($url), 'link'); $e['issued'] = tag(safe_strftime('rfc822', $uDate), 'pubDate'); } $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, $atom ? 'entry' : 'item'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!$articles) { if ($section) { if (safe_field('name', 'txp_section', "name = '{$section}'") == false) { txp_die(gTxt('404_not_found'), '404'); } } elseif ($category) { switch ($area) { case 'link': if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; case 'article': default: if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'article'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; } } } else { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { // make sure notices/warnings/errors don't // fudge up the feed when compression is used $buf = ''; while ($b = @ob_get_clean()) { $buf .= $b; } @ob_start('ob_gzhandler'); echo $buf; } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id]) !== false) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { txp_status_header('304 Not Modified'); exit(0); } if ($etag) { header('ETag: "' . $etag . '"'); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } } $out = array_merge($out, $articles); header('Content-type: application/' . ($atom ? 'atom' : 'rss') . '+xml; charset=utf-8'); if ($atom) { return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . n . join(n, $out) . '</feed>'; } else { return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>'; } }
function rss() { global $prefs, $thisarticle; set_error_handler('feedErrorHandler'); ob_clean(); extract($prefs); extract(doSlash(gpsa(array('limit', 'area')))); // build filter criteria from a comma-separated list of sections and categories $feed_filter_limit = get_pref('feed_filter_limit', 10); $section = gps('section'); $category = gps('category'); if (!is_scalar($section) || !is_scalar($category)) { txp_die('Not Found', 404); } $section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array(); $category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array(); $st = array(); foreach ($section as $s) { $st[] = fetch_section_title($s); } $ct = array(); foreach ($category as $c) { $ct[] = fetch_category_title($c); } $sitename .= $section ? ' - ' . join(' - ', $st) : ''; $sitename .= $category ? ' - ' . join(' - ', $ct) : ''; $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; // feed header $out[] = tag('http://textpattern.com/?v=' . $version, 'generator'); $out[] = tag(doSpecial($sitename), 'title'); $out[] = tag(hu, 'link'); $out[] = '<atom:link href="' . pagelinkurl(array('rss' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" rel="self" type="application/rss+xml" />'; $out[] = tag(doSpecial($site_slogan), 'description'); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $out[] = tag(safe_strftime('rfc822', $last), 'pubDate'); $out[] = callback_event('rss_head'); // feed items $articles = array(); $section = doSlash($section); $category = doSlash($category); if (!$area or $area == 'article') { $sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : ''; $cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", "txp_section", "in_rss != '1'"); if ($frs) { foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } } $query[] = $sfilter; $query[] = $cfilter; $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') '; $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(LastMod) as uLastMod, unix_timestamp(Expires) as uExpires, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now()" . $expired . "order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event('rss_entry'); $a['posted'] = $uPosted; $permlink = permlinkurl($a); $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $Title = escape_title(strip_tags($Title)) . $count; $thisauthor = get_author_name($AuthorID); $item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb; $articles[$ID] = tag($item, 'item'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uPosted; } } } elseif ($area == 'link') { $cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate'); $articles[$id] = tag($item, 'item'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!$articles) { if ($section) { if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) { txp_die(gTxt('404_not_found'), '404'); } } elseif ($category) { switch ($area) { case 'link': if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; case 'article': default: if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; } } } else { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { // make sure notices/warnings/errors don't fudge up the feed // when compression is used $buf = ''; while ($b = @ob_get_clean()) { $buf .= $b; } @ob_start('ob_gzhandler'); echo $buf; } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id]) !== false) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { txp_status_header('304 Not Modified'); exit(0); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } } $out = array_merge($out, $articles); header("Content-Type: application/rss+xml; charset=utf-8"); if (isset($etag)) { header('ETag: "' . $etag . '"'); } return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>'; }
function textpattern() { global $pretext, $microstart, $prefs, $qcount, $production_status, $txptrace, $siteurl; callback_event('textpattern'); if ($pretext['status'] == '404') { txp_die(gTxt('404_not_found'), '404'); } $html = safe_field('user_html', 'txp_page', "name='" . doSlash($pretext['page']) . "'"); if (!$html) { txp_die(gTxt('unknown_section'), '404'); } set_error_handler("tagErrorHandler"); $GLOBALS['pretext']['secondpass'] = false; $html = parse($html); $GLOBALS['pretext']['secondpass'] = true; $GLOBALS['txptrace'][] = " secondpass \r\n"; $html = parse($html); // the function so nice, he ran it twice restore_error_handler(); $html = $prefs['allow_page_php_scripting'] ? evalString($html) : $html; header("Content-type: text/html; charset=utf-8"); echo $html; if (in_array($production_status, array('debug', 'testing'))) { $microdiff = getmicrotime() - $microstart; echo n, comment('Runtime: ' . substr($microdiff, 0, 6)); echo n, comment('Queries: ' . $qcount); echo maxMemUsage('end of textpattern()', 1); if (!empty($txptrace) and is_array($txptrace)) { echo n, comment('txp tag trace: ' . n . join(n, $txptrace) . n); } } }
function ign_filter_downloads() { global $id, $file_error, $ign_user, $pretext, $s; // test for file_error if (!$file_error) { // get file permission, if present $r = safe_field('permissions', 'txp_file', 'id'); if ($r) { // if permissions field exists, test against it, otherwise return if (!empty($ign_user) && ign_checkPrivs($r)) { //continue on to download return; } else { $s = ''; $pretext['s'] = ''; txp_die("Monkeys!", 403); } } else { return; // no file permissions, so just carry on. } } else { $s = ''; $pretext['s'] = ''; txp_die(gTxt('404_not_found'), 404); } }
function output_css($s = '', $n = '') { $order = ''; if ($n) { if (!is_scalar($n)) { txp_die('Not Found', 404); } $n = do_list($n); $cssname = join("','", doSlash($n)); if (count($n) > 1) { $order = " order by field(name,'{$cssname}')"; } } elseif ($s) { if (!is_scalar($s)) { txp_die('Not Found', 404); } $cssname = safe_field('css', 'txp_section', "name='" . doSlash($s) . "'"); } if (isset($cssname)) { $css = join(n, safe_column_num('css', 'txp_css', "name in ('{$cssname}')" . $order)); if (isset($css)) { echo $css; } } }
define('TXP_UPDATE', 1); include txpath . '/update/_update.php'; } load_elements($event); register_element_tabs(); if (!empty($admin_side_plugins) and gps('event') != 'plugin') { load_plugins(1); } include txpath . '/lib/txplib_head.php'; // ugly hack, for the people that don't update their admin_config.php // Get rid of this when we completely remove admin_config and move privs to db if ($event == 'list') { require_privs('article'); } else { require_privs($event); } callback_event($event, $step, 1); // let elements override older /include/txp_foo.php admin pages if (!controller_name($event)) { $inc = txpath . '/include/txp_' . $event . '.php'; if (is_readable($inc)) { include $inc; } } callback_event($event, $step, 0); $microdiff = getmicrotime() - $microstart; echo n . comment(gTxt('runtime') . ': ' . substr($microdiff, 0, 6)); end_page(); } else { txp_die('DB-Connect was succesful, but the textpattern-table was not found.', '503 Service Unavailable'); }
function textpattern() { global $pretext, $microstart, $prefs, $qcount, $production_status, $txptrace, $siteurl; $segment = gps('segment'); extract($pretext); callback_event('textpattern'); if ($pretext['status'] == '404') { txp_die(gTxt('404_not_found') . br . br . tag($siteurl, 'a', ' href="http://' . $siteurl . '"'), '404 Not Found'); } $html = safe_field('user_html', 'txp_page', "name='" . doSlash($page) . "'"); if (!$html) { txp_die(gTxt('unknown_section') . ' ' . $s . br . br . tag($siteurl, 'a', ' href="http://' . $siteurl . '"'), '404 Not Found'); } $html = parse($html); $html = parse($html); // the function so nice, he ran it twice $html = !$segment ? $html : segmentPage($html); $html = $prefs['allow_page_php_scripting'] ? evalString($html) : $html; header("Content-type: text/html; charset=utf-8"); echo $html; if (in_array($production_status, array('debug', 'testing'))) { $microdiff = getmicrotime() - $microstart; echo n, comment('Runtime: ' . substr($microdiff, 0, 6)); echo n, comment('Queries: ' . $qcount); echo maxMemUsage('end of textpattern()', 1); if (!empty($txptrace) and is_array($txptrace)) { echo n, comment('txp tag trace: ' . n . join(n, $txptrace) . n); } } }