function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$web = clean_url($web);
$email = clean_url($email);
if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
setCookies($name, $email, $web);
} else {
destroyCookies();
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(strip_tags(deEntBrackets($web)));
$email = doSlash(strip_tags(deEntBrackets($email)));
$message = substr(trim($message), 0, 65535);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$parentid = assert_int($parentid);
$rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
update_lastmod();
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$backpage = permlinkurl_id($parentid);
}
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
log_hit('302');
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
function file_download_send($event, $step)
{
// just a quick transplant from publish.php, this could stand some refactoring
global $pretext, $prefs;
extract($prefs);
extract($pretext);
// we are dealing with a download
# if (@$s == 'file_download') {
$file_error = 0;
$file = safe_row('*', 'txp_file', "id='" . doSlash($pretext['tail'][1]) . "' and status >= 4");
if (!$file) {
$file_error = 404;
}
if (!$file_error) {
extract($file);
$fullpath = build_file_path($file_base_path, $filename);
if (is_file($fullpath)) {
// discard any error php messages
ob_clean();
$filesize = filesize($fullpath);
$sent = 0;
header('Content-Description: File Download');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($filename) . '"; size = "' . $filesize . '"');
// Fix for lame IE 6 pdf bug on servers configured to send cache headers
header('Cache-Control: private');
@ini_set("zlib.output_compression", "Off");
@set_time_limit(0);
@ignore_user_abort(true);
if ($file = fopen($fullpath, 'rb')) {
while (!feof($file) and connection_status() == 0) {
echo fread($file, 1024 * 64);
$sent += 1024 * 64;
ob_flush();
flush();
}
fclose($file);
// record download
if (connection_status() == 0 and !connection_aborted()) {
safe_update("txp_file", "downloads=downloads+1", "id='" . intval($id) . "'");
} else {
$pretext['request_uri'] .= "#aborted-at-" . floor($sent * 100 / $filesize) . "%";
logit();
}
}
} else {
$file_error = 404;
}
# }
// deal with error
if ($file_error) {
switch ($file_error) {
case 403:
txp_die(gTxt('403_forbidden'), '403');
break;
case 404:
txp_die(gTxt('404_not_found'), '404');
break;
default:
txp_die(gTxt('500_internal_server_error'), '500');
break;
}
}
// download done
exit(0);
}
}
function assert_system_requirements()
{
if (version_compare(REQUIRED_PHP_VERSION, PHP_VERSION) > 0) {
txp_die('This server runs PHP version ' . PHP_VERSION . '. Textpattern needs PHP version ' . REQUIRED_PHP_VERSION . ' or better.');
}
}
function textpattern()
{
global $pretext, $microstart, $prefs, $qcount, $qtime, $production_status, $txptrace, $siteurl, $has_article_tag;
$has_article_tag = false;
callback_event('textpattern');
if ($pretext['status'] == '404') {
txp_die(gTxt('404_not_found'), '404');
}
if ($pretext['status'] == '410') {
txp_die(gTxt('410_gone'), '410');
}
$html = safe_field('user_html', 'txp_page', "name='" . doSlash($pretext['page']) . "'");
if (!$html) {
txp_die(gTxt('unknown_section'), '404');
}
// useful for clean urls with error-handlers
txp_status_header('200 OK');
trace_add('[' . gTxt('page') . ': ' . $pretext['page'] . ']');
set_error_handler("tagErrorHandler");
$pretext['secondpass'] = false;
$html = parse($html);
$pretext['secondpass'] = true;
trace_add('[ ~~~ ' . gTxt('secondpass') . ' ~~~ ]');
$html = parse($html);
// the function so nice, he ran it twice
if ($prefs['allow_page_php_scripting']) {
$html = evalString($html);
}
// make sure the page has an article tag if necessary
if (!$has_article_tag and $production_status != 'live' and (!empty($pretext['id']) or !empty($pretext['c']) or !empty($pretext['q']) or !empty($pretext['pg']))) {
trigger_error(gTxt('missing_article_tag', array('{page}' => $pretext['page'])));
}
restore_error_handler();
header("Content-type: text/html; charset=utf-8");
echo $html;
if (in_array($production_status, array('debug', 'testing'))) {
$microdiff = getmicrotime() - $microstart;
echo n, comment('Runtime: ' . substr($microdiff, 0, 6));
echo n, comment('Query time: ' . sprintf('%02.6f', $qtime));
echo n, comment('Queries: ' . $qcount);
echo maxMemUsage('end of textpattern()', 1);
if (!empty($txptrace) and is_array($txptrace)) {
echo n, comment('txp tag trace: ' . n . str_replace('--', '­­', join(n, $txptrace)) . n);
}
// '­­' is *no* tribute to Kajagoogoo, but an attempt to avoid prematurely terminating HTML comments
}
callback_event('textpattern_end');
}
function output_file_download($filename)
{
global $file_error, $file_base_path, $pretext;
callback_event('file_download');
if (!isset($file_error)) {
$filename = sanitizeForFile($filename);
$fullpath = build_file_path($file_base_path, $filename);
if (is_file($fullpath)) {
// Discard any error PHP messages.
ob_clean();
$filesize = filesize($fullpath);
$sent = 0;
header('Content-Description: File Download');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $filename . '"; size = "' . $filesize . '"');
// Fix for IE6 PDF bug on servers configured to send cache headers.
header('Cache-Control: private');
@ini_set("zlib.output_compression", "Off");
@set_time_limit(0);
@ignore_user_abort(true);
if ($file = fopen($fullpath, 'rb')) {
while (!feof($file) and connection_status() == 0) {
echo fread($file, 1024 * 64);
$sent += 1024 * 64;
ob_flush();
flush();
}
fclose($file);
// Record download.
if (connection_status() == 0 and !connection_aborted()) {
safe_update('txp_file', "downloads = downloads + 1", "id = " . intval($pretext['id']));
} else {
$pretext['request_uri'] .= $sent >= $filesize ? '#aborted' : "#aborted-at-" . floor($sent * 100 / $filesize) . "%";
}
log_hit('200');
}
} else {
$file_error = 404;
}
}
// Deal with error.
if (isset($file_error)) {
switch ($file_error) {
case 403:
txp_die(gTxt('403_forbidden'), '403');
break;
case 404:
txp_die(gTxt('404_not_found'), '404');
break;
default:
txp_die(gTxt('500_internal_server_error'), '500');
break;
}
}
}
function atom()
{
global $thisarticle;
set_error_handler('feedErrorHandler');
ob_clean();
extract($GLOBALS['prefs']);
define("t_texthtml", ' type="text/html"');
define("t_text", ' type="text"');
define("t_html", ' type="html"');
define("t_xhtml", ' type="xhtml"');
define('t_appxhtml', ' type="xhtml"');
define("r_relalt", ' rel="alternate"');
define("r_relself", ' rel="self"');
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
extract(doSlash(gpsa(array('limit', 'area'))));
// build filter criteria from a comma-separated list of sections and categories
$feed_filter_limit = get_pref('feed_filter_limit', 10);
$section = gps('section');
$section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array();
$category = gps('category');
$category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array();
$st = array();
foreach ($section as $s) {
$st[] = fetch_section_title($s);
}
$ct = array();
foreach ($category as $c) {
$ct[] = fetch_category_title($c);
}
$sitename .= $section ? ' - ' . join(' - ', $st) : '';
$sitename .= $category ? ' - ' . join(' - ', $ct) : '';
$pub = safe_row("RealName, email", "txp_users", "privs=1");
// feed header
$out[] = tag(htmlspecialchars($sitename), 'title', t_text);
$out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text);
$out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />';
$out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
//Atom feeds with mail or domain name
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
$out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . join(',', $section) : '') . ($category ? '/' . join(',', $category) : ''), 'id');
$out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
$out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
$auth[] = tag($pub['RealName'], 'name');
$auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
$auth[] = tag(hu, 'uri');
$out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
$out[] = callback_event('atom_head');
// feed items
$articles = array();
$section = doSlash($section);
$category = doSlash($category);
if (!$area or $area == 'article') {
$sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : '';
$cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$frs = safe_column("name", "txp_section", "in_rss != '1'");
$query = array();
foreach ($frs as $f) {
$query[] = "and Section != '" . doSlash($f) . "'";
}
$query[] = $sfilter;
$query[] = $cfilter;
$expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
$rs = safe_rows_start("*,\n\t\t\t\tID as thisid,\n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(Expires) as uExpires,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() {$expired}" . join(' ', $query) . "order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event('atom_entry');
$e = array();
$a['posted'] = $uPosted;
if ($show_comment_count_in_feed) {
$count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
} else {
$count = '';
}
$thisauthor = get_author_name($AuthorID);
$e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
$e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
$e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
$escaped_title = htmlspecialchars($Title);
$e['title'] = tag($escaped_title . $count, 'title', t_html);
$permlink = permlinkurl($a);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
$e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : '';
$e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : '';
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
# short feed: use body as summary if there's no excerpt
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if (trim($content)) {
$e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html);
}
if (trim($summary)) {
$e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html);
}
$articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uLastMod;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category='" . $category . "'" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc, id desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$e['title'] = tag(htmlspecialchars($linkname), 'title', t_html);
$e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html);
$url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
$url = preg_replace("/&((?U).*)=/", "&\\1=", $url);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
$e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
$e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
$e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id');
$articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!$articles) {
if ($section) {
if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) {
txp_die(gTxt('404_not_found'), '404');
}
} elseif ($category) {
switch ($area) {
case 'link':
if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
case 'article':
default:
if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
}
}
} else {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
// make sure notices/warnings/errors don't fudge up the feed
// when compression is used
$buf = '';
while ($b = @ob_get_clean()) {
$buf .= $b;
}
@ob_start('ob_gzhandler');
echo $buf;
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id])) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
txp_status_header('304 Not Modified');
exit(0);
}
if ($etag) {
header('ETag: "' . $etag . '"');
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
}
$out = array_merge($out, $articles);
header('Content-type: application/atom+xml; charset=utf-8');
return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>';
}
function password_protect($atts, $thing = null)
{
ob_start();
extract(lAtts(array('login' => null, 'pass' => null, 'privs' => null), $atts));
if ($pass === null) {
$access = ($user = is_logged_in($login)) !== false && ($privs === null || in_list($user['privs'], $privs));
} else {
$au = serverSet('PHP_AUTH_USER');
$ap = serverSet('PHP_AUTH_PW');
// For PHP as (f)cgi, two rules in htaccess often allow this workaround.
$ru = serverSet('REDIRECT_REMOTE_USER');
if (!$au && !$ap && strpos($ru, 'Basic') === 0) {
list($au, $ap) = explode(':', base64_decode(substr($ru, 6)));
}
$access = $au === $login && $ap === $pass;
}
if ($access === false && $pass !== null) {
header('WWW-Authenticate: Basic realm="Private"');
}
if ($thing === null) {
if ($access === false) {
txp_die(gTxt('auth_required'), '401');
}
return '';
}
return parse(EvalElse($thing, $access));
}
/**
* Update preferences from submitted form
*/
private function update_prefs()
{
foreach (self::$preferences as $key => $pref) {
$this->set_pref($key, gps($this->prefix($key)));
}
txp_die('', '302', '?event=plugin_prefs.' . self::$slug);
}
function password_protect($atts)
{
ob_start();
extract(lAtts(array('login' => '', 'pass' => ''), $atts));
$au = serverSet('PHP_AUTH_USER');
$ap = serverSet('PHP_AUTH_PW');
//For php as (f)cgi, two rules in htaccess often allow this workaround
$ru = serverSet('REDIRECT_REMOTE_USER');
if ($ru && !$au && !$ap && substr($ru, 0, 5) == 'Basic') {
list($au, $ap) = explode(':', base64_decode(substr($ru, 6)));
}
if ($login && $pass) {
if (!$au || !$ap || $au != $login || $ap != $pass) {
header('WWW-Authenticate: Basic realm="Private"');
txp_die(gTxt('auth_required'), '401');
}
}
}
function _textpattern_end()
{
// Redirect to a 404 if the page number is greater than the max number of pages
// Has to be after textpattern() as $thispage is set during <txp:article />
global $thispage, $pretext;
if (@$pretext['pg'] && isset($thispage) && $thispage['numPages'] < $pretext['pg']) {
ob_end_clean();
txp_die(gTxt('404_not_found'), '404');
}
// Stop output buffering, this sends the buffer to _textpattern_end_callback()
while (@ob_end_flush()) {
}
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message = trim($message);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
if ($prefs['logging'] == 'refer') {
logit('refer');
} elseif ($prefs['logging'] == 'all') {
logit();
}
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
function password_protect($atts)
{
ob_start();
extract(lAtts(array('login' => '', 'pass' => ''), $atts));
$au = serverSet('PHP_AUTH_USER');
$ap = serverSet('PHP_AUTH_PW');
if ($login && $pass) {
if (!$au || !$ap || $au != $login || $ap != $pass) {
header('WWW-Authenticate: Basic realm="Private"');
txp_die(gTxt('auth_required'), '401');
}
}
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
if ($prefs['comments_require_name']) {
if (!trim($name)) {
exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if ($prefs['comments_require_email']) {
if (!trim($email)) {
exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if (!trim($message)) {
exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
$ip = serverset('REMOTE_ADDR');
$message = trim($message);
$blacklisted = is_blacklisted($ip);
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if (checkBan($ip)) {
if ($blacklisted == false) {
if (!$isdup) {
if (checkNonce($nonce)) {
$visible = $comments_moderate ? 0 : 1;
$rs = safe_insert("txp_discuss", "parentid = '" . doSlash($parentid) . "',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
}
}
// end check nonce
}
// end check dup
} else {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
// end check blacklist
} else {
txp_die(gTxt('you_have_been_banned'), '403');
}
// end check site ban
}
function render_feed($rs, $area, $type, $feedtitle, $atom_self_ref, $atom_id_ext)
{
global $prefs, $thisarticle;
extract($prefs);
set_error_handler('tagErrorHandler');
$atom = $type == 'atom';
if ($atom) {
define("t_texthtml", ' type="text/html"');
define("t_text", ' type="text"');
define("t_html", ' type="html"');
define("t_xhtml", ' type="xhtml"');
define('t_appxhtml', ' type="xhtml"');
define("r_relalt", ' rel="alternate"');
define("r_relself", ' rel="self"');
} else {
define("t_texthtml", '');
define("t_text", '');
define("t_html", '');
define("t_xhtml", '');
define('t_appxhtml', '');
define("r_relalt", '');
define("r_relself", '');
}
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
if ($atom) {
$out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
$out[] = tag(htmlspecialchars($feedtitle), 'title', t_text);
$out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text);
$out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
$out[] = '<link' . r_relself . ' href="' . $atom_self_ref . '" />';
$out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
//Atom feeds with mail or domain name
$out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . $atom_id_ext, 'id');
$pub = safe_row("RealName, email", "txp_users", "privs=1");
$auth[] = tag($pub['RealName'], 'name');
$auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
$auth[] = tag(hu, 'uri');
$out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
} else {
$out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
$out[] = tag(doSpecial($feedtitle), 'title');
$out[] = tag(doSpecial($site_slogan), 'description');
$out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
$out[] = tag(hu, 'link');
$out[] = '<atom:link href="' . $atom_self_ref . '" rel="self" type="application/rss+xml" />';
}
$out[] = callback_event($atom ? 'atom_head' : 'rss_head');
$articles = array();
if (!$area or $area == 'article') {
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event($atom ? 'atom_entry' : 'rss_entry');
$e = array();
$thisauthor = doSpecial(get_author_name($AuthorID));
$thisauthor = tag($thisauthor, $atom ? 'name' : 'dc:creator');
if ($atom) {
$thisauthor = tag(n . t . t . t . $thisauthor . n . t . t, 'author');
}
$e['thisauthor'] = $thisauthor;
if ($atom) {
$e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
} else {
$e['issued'] = tag(safe_strftime('rfc822', $uPosted), 'pubDate');
}
if ($atom) {
$e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
$e['category1'] = trim($Category1) ? '<category term="' . doSpecial($Category1) . '" />' : '';
$e['category2'] = trim($Category2) ? '<category term="' . doSpecial($Category2) . '" />' : '';
}
$count = '';
if ($show_comment_count_in_feed && $comments_count > 0) {
$count = ' [' . $comments_count . ']';
}
$escaped_title = $atom ? htmlspecialchars($Title) : htmlspecialchars(strip_tags($Title));
$e['title'] = tag($escaped_title . $count, 'title', t_html);
$a['posted'] = $uPosted;
$permlink = permlinkurl($a);
if ($atom) {
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
} else {
$e['link'] = tag($permlink, 'link');
}
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, $atom ? 'id' : 'guid', $atom ? '' : ' isPermaLink="false"');
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
# short feed: use body as summary if there's no excerpt
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if (trim($summary)) {
$e['summary'] = tag(n . escape_cdata($summary) . n, $atom ? 'summary' : 'description', t_html);
}
if (trim($content)) {
$e['content'] = tag(n . escape_cdata($content) . n, $atom ? 'content' : 'content:encoded', t_html);
}
$articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, $atom ? 'entry' : 'item');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $atom ? $uLastMod : $uPosted;
}
}
} elseif ($area == 'link') {
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$e['title'] = tag(doSpecial($linkname), 'title', t_html);
if ($atom) {
$e['content'] = tag(n . doSpecial($description) . n, 'content', t_html);
$url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
$url = preg_replace("/&((?U).*)=/", "&\\1=", $url);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
$e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
$e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
$e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id');
} else {
$e['content'] = tag(doSpecial($description), 'description');
$e['link'] = tag(doSpecial($url), 'link');
$e['issued'] = tag(safe_strftime('rfc822', $uDate), 'pubDate');
}
$articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, $atom ? 'entry' : 'item');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!$articles) {
if ($section) {
if (safe_field('name', 'txp_section', "name = '{$section}'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
} elseif ($category) {
switch ($area) {
case 'link':
if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
case 'article':
default:
if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'article'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
}
}
} else {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
// make sure notices/warnings/errors don't
// fudge up the feed when compression is used
$buf = '';
while ($b = @ob_get_clean()) {
$buf .= $b;
}
@ob_start('ob_gzhandler');
echo $buf;
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id]) !== false) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
txp_status_header('304 Not Modified');
exit(0);
}
if ($etag) {
header('ETag: "' . $etag . '"');
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
}
$out = array_merge($out, $articles);
header('Content-type: application/' . ($atom ? 'atom' : 'rss') . '+xml; charset=utf-8');
if ($atom) {
return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . n . join(n, $out) . '</feed>';
} else {
return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
}
}
function rss()
{
global $prefs, $thisarticle;
set_error_handler('feedErrorHandler');
ob_clean();
extract($prefs);
extract(doSlash(gpsa(array('limit', 'area'))));
// build filter criteria from a comma-separated list of sections and categories
$feed_filter_limit = get_pref('feed_filter_limit', 10);
$section = gps('section');
$category = gps('category');
if (!is_scalar($section) || !is_scalar($category)) {
txp_die('Not Found', 404);
}
$section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array();
$category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array();
$st = array();
foreach ($section as $s) {
$st[] = fetch_section_title($s);
}
$ct = array();
foreach ($category as $c) {
$ct[] = fetch_category_title($c);
}
$sitename .= $section ? ' - ' . join(' - ', $st) : '';
$sitename .= $category ? ' - ' . join(' - ', $ct) : '';
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
// feed header
$out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
$out[] = tag(doSpecial($sitename), 'title');
$out[] = tag(hu, 'link');
$out[] = '<atom:link href="' . pagelinkurl(array('rss' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" rel="self" type="application/rss+xml" />';
$out[] = tag(doSpecial($site_slogan), 'description');
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
$out[] = callback_event('rss_head');
// feed items
$articles = array();
$section = doSlash($section);
$category = doSlash($category);
if (!$area or $area == 'article') {
$sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : '';
$cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$frs = safe_column("name", "txp_section", "in_rss != '1'");
if ($frs) {
foreach ($frs as $f) {
$query[] = "and Section != '" . doSlash($f) . "'";
}
}
$query[] = $sfilter;
$query[] = $cfilter;
$expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
$rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(LastMod) as uLastMod, unix_timestamp(Expires) as uExpires, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now()" . $expired . "order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event('rss_entry');
$a['posted'] = $uPosted;
$permlink = permlinkurl($a);
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
# short feed: use body as summary if there's no excerpt
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if ($show_comment_count_in_feed) {
$count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
} else {
$count = '';
}
$Title = escape_title(strip_tags($Title)) . $count;
$thisauthor = get_author_name($AuthorID);
$item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb;
$articles[$ID] = tag($item, 'item');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uPosted;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate');
$articles[$id] = tag($item, 'item');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!$articles) {
if ($section) {
if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) {
txp_die(gTxt('404_not_found'), '404');
}
} elseif ($category) {
switch ($area) {
case 'link':
if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
case 'article':
default:
if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
}
}
} else {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
// make sure notices/warnings/errors don't fudge up the feed
// when compression is used
$buf = '';
while ($b = @ob_get_clean()) {
$buf .= $b;
}
@ob_start('ob_gzhandler');
echo $buf;
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id]) !== false) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
txp_status_header('304 Not Modified');
exit(0);
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
}
$out = array_merge($out, $articles);
header("Content-Type: application/rss+xml; charset=utf-8");
if (isset($etag)) {
header('ETag: "' . $etag . '"');
}
return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
}
function textpattern()
{
global $pretext, $microstart, $prefs, $qcount, $production_status, $txptrace, $siteurl;
callback_event('textpattern');
if ($pretext['status'] == '404') {
txp_die(gTxt('404_not_found'), '404');
}
$html = safe_field('user_html', 'txp_page', "name='" . doSlash($pretext['page']) . "'");
if (!$html) {
txp_die(gTxt('unknown_section'), '404');
}
set_error_handler("tagErrorHandler");
$GLOBALS['pretext']['secondpass'] = false;
$html = parse($html);
$GLOBALS['pretext']['secondpass'] = true;
$GLOBALS['txptrace'][] = " secondpass \r\n";
$html = parse($html);
// the function so nice, he ran it twice
restore_error_handler();
$html = $prefs['allow_page_php_scripting'] ? evalString($html) : $html;
header("Content-type: text/html; charset=utf-8");
echo $html;
if (in_array($production_status, array('debug', 'testing'))) {
$microdiff = getmicrotime() - $microstart;
echo n, comment('Runtime: ' . substr($microdiff, 0, 6));
echo n, comment('Queries: ' . $qcount);
echo maxMemUsage('end of textpattern()', 1);
if (!empty($txptrace) and is_array($txptrace)) {
echo n, comment('txp tag trace: ' . n . join(n, $txptrace) . n);
}
}
}
function ign_filter_downloads()
{
global $id, $file_error, $ign_user, $pretext, $s;
// test for file_error
if (!$file_error) {
// get file permission, if present
$r = safe_field('permissions', 'txp_file', 'id');
if ($r) {
// if permissions field exists, test against it, otherwise return
if (!empty($ign_user) && ign_checkPrivs($r)) {
//continue on to download
return;
} else {
$s = '';
$pretext['s'] = '';
txp_die("Monkeys!", 403);
}
} else {
return;
// no file permissions, so just carry on.
}
} else {
$s = '';
$pretext['s'] = '';
txp_die(gTxt('404_not_found'), 404);
}
}
function output_css($s = '', $n = '')
{
$order = '';
if ($n) {
if (!is_scalar($n)) {
txp_die('Not Found', 404);
}
$n = do_list($n);
$cssname = join("','", doSlash($n));
if (count($n) > 1) {
$order = " order by field(name,'{$cssname}')";
}
} elseif ($s) {
if (!is_scalar($s)) {
txp_die('Not Found', 404);
}
$cssname = safe_field('css', 'txp_section', "name='" . doSlash($s) . "'");
}
if (isset($cssname)) {
$css = join(n, safe_column_num('css', 'txp_css', "name in ('{$cssname}')" . $order));
if (isset($css)) {
echo $css;
}
}
}
define('TXP_UPDATE', 1);
include txpath . '/update/_update.php';
}
load_elements($event);
register_element_tabs();
if (!empty($admin_side_plugins) and gps('event') != 'plugin') {
load_plugins(1);
}
include txpath . '/lib/txplib_head.php';
// ugly hack, for the people that don't update their admin_config.php
// Get rid of this when we completely remove admin_config and move privs to db
if ($event == 'list') {
require_privs('article');
} else {
require_privs($event);
}
callback_event($event, $step, 1);
// let elements override older /include/txp_foo.php admin pages
if (!controller_name($event)) {
$inc = txpath . '/include/txp_' . $event . '.php';
if (is_readable($inc)) {
include $inc;
}
}
callback_event($event, $step, 0);
$microdiff = getmicrotime() - $microstart;
echo n . comment(gTxt('runtime') . ': ' . substr($microdiff, 0, 6));
end_page();
} else {
txp_die('DB-Connect was succesful, but the textpattern-table was not found.', '503 Service Unavailable');
}
function textpattern()
{
global $pretext, $microstart, $prefs, $qcount, $production_status, $txptrace, $siteurl;
$segment = gps('segment');
extract($pretext);
callback_event('textpattern');
if ($pretext['status'] == '404') {
txp_die(gTxt('404_not_found') . br . br . tag($siteurl, 'a', ' href="http://' . $siteurl . '"'), '404 Not Found');
}
$html = safe_field('user_html', 'txp_page', "name='" . doSlash($page) . "'");
if (!$html) {
txp_die(gTxt('unknown_section') . ' ' . $s . br . br . tag($siteurl, 'a', ' href="http://' . $siteurl . '"'), '404 Not Found');
}
$html = parse($html);
$html = parse($html);
// the function so nice, he ran it twice
$html = !$segment ? $html : segmentPage($html);
$html = $prefs['allow_page_php_scripting'] ? evalString($html) : $html;
header("Content-type: text/html; charset=utf-8");
echo $html;
if (in_array($production_status, array('debug', 'testing'))) {
$microdiff = getmicrotime() - $microstart;
echo n, comment('Runtime: ' . substr($microdiff, 0, 6));
echo n, comment('Queries: ' . $qcount);
echo maxMemUsage('end of textpattern()', 1);
if (!empty($txptrace) and is_array($txptrace)) {
echo n, comment('txp tag trace: ' . n . join(n, $txptrace) . n);
}
}
}