Exemplo n.º 1
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = getComment();
    $evaluator =& get_comment_evaluator();
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    $ip = serverset('REMOTE_ADDR');
    if (!checkBan($ip)) {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    $blacklisted = is_blacklisted($ip);
    if ($blacklisted) {
        txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
    }
    $web = clean_url($web);
    $email = clean_url($email);
    if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
        setCookies($name, $email, $web);
    } else {
        destroyCookies();
    }
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(strip_tags(deEntBrackets($web)));
    $email = doSlash(strip_tags(deEntBrackets($email)));
    $message = substr(trim($message), 0, 65535);
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
    if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
        $evaluator->add_estimate(RELOAD, 1);
        // The error-messages are added in the preview-code
    }
    if ($isdup) {
        $evaluator->add_estimate(RELOAD, 1);
    }
    // FIXME? Tell the user about dupe?
    if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
        callback_event('comment.save');
        $visible = $evaluator->get_result();
        if ($visible != RELOAD) {
            $parentid = assert_int($parentid);
            $rs = safe_insert("txp_discuss", "parentid  = {$parentid},\n\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t ip\t\t  = '" . doSlash($ip) . "',\n\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t visible   = " . intval($visible) . ",\n\t\t\t\t\t posted\t  = now()");
            if ($rs) {
                safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
                if ($prefs['comment_means_site_updated']) {
                    update_lastmod();
                }
                if ($comments_sendmail) {
                    mail_comment($message, $name, $email, $web, $parentid, $rs);
                }
                $updated = update_comments_count($parentid);
                $backpage = substr($backpage, 0, $prefs['max_url_len']);
                $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
                if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
                    $backpage = permlinkurl_id($parentid);
                }
                $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
                txp_status_header('302 Found');
                if ($comments_moderate) {
                    header('Location: ' . $backpage . '#txpCommentInputForm');
                } else {
                    header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                }
                log_hit('302');
                $evaluator->write_trace();
                exit;
            }
        }
    }
    // Force another Preview
    $_POST['preview'] = RELOAD;
    //$evaluator->write_trace();
}
Exemplo n.º 2
0
function file_download_send($event, $step)
{
    // just a quick transplant from publish.php, this could stand some refactoring
    global $pretext, $prefs;
    extract($prefs);
    extract($pretext);
    // we are dealing with a download
    #	if (@$s == 'file_download') {
    $file_error = 0;
    $file = safe_row('*', 'txp_file', "id='" . doSlash($pretext['tail'][1]) . "' and status >= 4");
    if (!$file) {
        $file_error = 404;
    }
    if (!$file_error) {
        extract($file);
        $fullpath = build_file_path($file_base_path, $filename);
        if (is_file($fullpath)) {
            // discard any error php messages
            ob_clean();
            $filesize = filesize($fullpath);
            $sent = 0;
            header('Content-Description: File Download');
            header('Content-Type: application/octet-stream');
            header('Content-Disposition: attachment; filename="' . basename($filename) . '"; size = "' . $filesize . '"');
            // Fix for lame IE 6 pdf bug on servers configured to send cache headers
            header('Cache-Control: private');
            @ini_set("zlib.output_compression", "Off");
            @set_time_limit(0);
            @ignore_user_abort(true);
            if ($file = fopen($fullpath, 'rb')) {
                while (!feof($file) and connection_status() == 0) {
                    echo fread($file, 1024 * 64);
                    $sent += 1024 * 64;
                    ob_flush();
                    flush();
                }
                fclose($file);
                // record download
                if (connection_status() == 0 and !connection_aborted()) {
                    safe_update("txp_file", "downloads=downloads+1", "id='" . intval($id) . "'");
                } else {
                    $pretext['request_uri'] .= "#aborted-at-" . floor($sent * 100 / $filesize) . "%";
                    logit();
                }
            }
        } else {
            $file_error = 404;
        }
        #		}
        // deal with error
        if ($file_error) {
            switch ($file_error) {
                case 403:
                    txp_die(gTxt('403_forbidden'), '403');
                    break;
                case 404:
                    txp_die(gTxt('404_not_found'), '404');
                    break;
                default:
                    txp_die(gTxt('500_internal_server_error'), '500');
                    break;
            }
        }
        // download done
        exit(0);
    }
}
Exemplo n.º 3
0
function assert_system_requirements()
{
    if (version_compare(REQUIRED_PHP_VERSION, PHP_VERSION) > 0) {
        txp_die('This server runs PHP version ' . PHP_VERSION . '. Textpattern needs PHP version ' . REQUIRED_PHP_VERSION . ' or better.');
    }
}
Exemplo n.º 4
0
function textpattern()
{
    global $pretext, $microstart, $prefs, $qcount, $qtime, $production_status, $txptrace, $siteurl, $has_article_tag;
    $has_article_tag = false;
    callback_event('textpattern');
    if ($pretext['status'] == '404') {
        txp_die(gTxt('404_not_found'), '404');
    }
    if ($pretext['status'] == '410') {
        txp_die(gTxt('410_gone'), '410');
    }
    $html = safe_field('user_html', 'txp_page', "name='" . doSlash($pretext['page']) . "'");
    if (!$html) {
        txp_die(gTxt('unknown_section'), '404');
    }
    // useful for clean urls with error-handlers
    txp_status_header('200 OK');
    trace_add('[' . gTxt('page') . ': ' . $pretext['page'] . ']');
    set_error_handler("tagErrorHandler");
    $pretext['secondpass'] = false;
    $html = parse($html);
    $pretext['secondpass'] = true;
    trace_add('[ ~~~ ' . gTxt('secondpass') . ' ~~~ ]');
    $html = parse($html);
    // the function so nice, he ran it twice
    if ($prefs['allow_page_php_scripting']) {
        $html = evalString($html);
    }
    // make sure the page has an article tag if necessary
    if (!$has_article_tag and $production_status != 'live' and (!empty($pretext['id']) or !empty($pretext['c']) or !empty($pretext['q']) or !empty($pretext['pg']))) {
        trigger_error(gTxt('missing_article_tag', array('{page}' => $pretext['page'])));
    }
    restore_error_handler();
    header("Content-type: text/html; charset=utf-8");
    echo $html;
    if (in_array($production_status, array('debug', 'testing'))) {
        $microdiff = getmicrotime() - $microstart;
        echo n, comment('Runtime:    ' . substr($microdiff, 0, 6));
        echo n, comment('Query time: ' . sprintf('%02.6f', $qtime));
        echo n, comment('Queries: ' . $qcount);
        echo maxMemUsage('end of textpattern()', 1);
        if (!empty($txptrace) and is_array($txptrace)) {
            echo n, comment('txp tag trace: ' . n . str_replace('--', '­­', join(n, $txptrace)) . n);
        }
        // '­­' is *no* tribute to Kajagoogoo, but an attempt to avoid prematurely terminating HTML comments
    }
    callback_event('textpattern_end');
}
Exemplo n.º 5
0
function output_file_download($filename)
{
    global $file_error, $file_base_path, $pretext;
    callback_event('file_download');
    if (!isset($file_error)) {
        $filename = sanitizeForFile($filename);
        $fullpath = build_file_path($file_base_path, $filename);
        if (is_file($fullpath)) {
            // Discard any error PHP messages.
            ob_clean();
            $filesize = filesize($fullpath);
            $sent = 0;
            header('Content-Description: File Download');
            header('Content-Type: application/octet-stream');
            header('Content-Disposition: attachment; filename="' . $filename . '"; size = "' . $filesize . '"');
            // Fix for IE6 PDF bug on servers configured to send cache headers.
            header('Cache-Control: private');
            @ini_set("zlib.output_compression", "Off");
            @set_time_limit(0);
            @ignore_user_abort(true);
            if ($file = fopen($fullpath, 'rb')) {
                while (!feof($file) and connection_status() == 0) {
                    echo fread($file, 1024 * 64);
                    $sent += 1024 * 64;
                    ob_flush();
                    flush();
                }
                fclose($file);
                // Record download.
                if (connection_status() == 0 and !connection_aborted()) {
                    safe_update('txp_file', "downloads = downloads + 1", "id = " . intval($pretext['id']));
                } else {
                    $pretext['request_uri'] .= $sent >= $filesize ? '#aborted' : "#aborted-at-" . floor($sent * 100 / $filesize) . "%";
                }
                log_hit('200');
            }
        } else {
            $file_error = 404;
        }
    }
    // Deal with error.
    if (isset($file_error)) {
        switch ($file_error) {
            case 403:
                txp_die(gTxt('403_forbidden'), '403');
                break;
            case 404:
                txp_die(gTxt('404_not_found'), '404');
                break;
            default:
                txp_die(gTxt('500_internal_server_error'), '500');
                break;
        }
    }
}
Exemplo n.º 6
0
function atom()
{
    global $thisarticle;
    set_error_handler('feedErrorHandler');
    ob_clean();
    extract($GLOBALS['prefs']);
    define("t_texthtml", ' type="text/html"');
    define("t_text", ' type="text"');
    define("t_html", ' type="html"');
    define("t_xhtml", ' type="xhtml"');
    define('t_appxhtml', ' type="xhtml"');
    define("r_relalt", ' rel="alternate"');
    define("r_relself", ' rel="self"');
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    extract(doSlash(gpsa(array('limit', 'area'))));
    // build filter criteria from a comma-separated list of sections and categories
    $feed_filter_limit = get_pref('feed_filter_limit', 10);
    $section = gps('section');
    $section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array();
    $category = gps('category');
    $category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array();
    $st = array();
    foreach ($section as $s) {
        $st[] = fetch_section_title($s);
    }
    $ct = array();
    foreach ($category as $c) {
        $ct[] = fetch_category_title($c);
    }
    $sitename .= $section ? ' - ' . join(' - ', $st) : '';
    $sitename .= $category ? ' - ' . join(' - ', $ct) : '';
    $pub = safe_row("RealName, email", "txp_users", "privs=1");
    // feed header
    $out[] = tag(htmlspecialchars($sitename), 'title', t_text);
    $out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text);
    $out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />';
    $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
    //Atom feeds with mail or domain name
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . join(',', $section) : '') . ($category ? '/' . join(',', $category) : ''), 'id');
    $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
    $out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
    $auth[] = tag($pub['RealName'], 'name');
    $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
    $auth[] = tag(hu, 'uri');
    $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
    $out[] = callback_event('atom_head');
    // feed items
    $articles = array();
    $section = doSlash($section);
    $category = doSlash($category);
    if (!$area or $area == 'article') {
        $sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : '';
        $cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : '';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        $query = array();
        foreach ($frs as $f) {
            $query[] = "and Section != '" . doSlash($f) . "'";
        }
        $query[] = $sfilter;
        $query[] = $cfilter;
        $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
        $rs = safe_rows_start("*,\n\t\t\t\tID as thisid,\n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(Expires) as uExpires,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() {$expired}" . join(' ', $query) . "order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                populateArticleData($a);
                $cb = callback_event('atom_entry');
                $e = array();
                $a['posted'] = $uPosted;
                if ($show_comment_count_in_feed) {
                    $count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
                } else {
                    $count = '';
                }
                $thisauthor = get_author_name($AuthorID);
                $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
                $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
                $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
                $escaped_title = htmlspecialchars($Title);
                $e['title'] = tag($escaped_title . $count, 'title', t_html);
                $permlink = permlinkurl($a);
                $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
                $e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : '';
                $e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : '';
                $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
                $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
                if ($syndicate_body_or_excerpt) {
                    # short feed: use body as summary if there's no excerpt
                    if (!trim($summary)) {
                        $summary = $content;
                    }
                    $content = '';
                }
                if (trim($content)) {
                    $e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html);
                }
                if (trim($summary)) {
                    $e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html);
                }
                $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uLastMod;
            }
        }
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='" . $category . "'" : '1';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc, id desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $e['title'] = tag(htmlspecialchars($linkname), 'title', t_html);
                $e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html);
                $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
                $url = preg_replace("/&((?U).*)=/", "&amp;\\1=", $url);
                $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
                $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
                $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id');
                $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
            }
        }
    }
    if (!$articles) {
        if ($section) {
            if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) {
                txp_die(gTxt('404_not_found'), '404');
            }
        } elseif ($category) {
            switch ($area) {
                case 'link':
                    if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
                case 'article':
                default:
                    if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
            }
        }
    } else {
        //turn on compression if we aren't using it already
        if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
            // make sure notices/warnings/errors don't fudge up the feed
            // when compression is used
            $buf = '';
            while ($b = @ob_get_clean()) {
                $buf .= $b;
            }
            @ob_start('ob_gzhandler');
            echo $buf;
        }
        handle_lastmod();
        $hims = serverset('HTTP_IF_MODIFIED_SINCE');
        $imsd = $hims ? strtotime($hims) : 0;
        if (is_callable('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers["A-IM"])) {
                $canaim = strpos($headers["A-IM"], "feed");
            } else {
                $canaim = false;
            }
        } else {
            $canaim = false;
        }
        $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
        $cutarticles = false;
        if ($canaim !== false) {
            foreach ($articles as $id => $thing) {
                if (strpos($hinm, $etags[$id])) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_etag = true;
                }
                if ($dates[$id] < $imsd) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_time = true;
                }
            }
        }
        if (isset($cut_etag) && isset($cut_time)) {
            header("Vary: If-None-Match, If-Modified-Since");
        } else {
            if (isset($cut_etag)) {
                header("Vary: If-None-Match");
            } else {
                if (isset($cut_time)) {
                    header("Vary: If-Modified-Since");
                }
            }
        }
        $etag = @join("-", $etags);
        if (strstr($hinm, $etag)) {
            txp_status_header('304 Not Modified');
            exit(0);
        }
        if ($etag) {
            header('ETag: "' . $etag . '"');
        }
        if ($cutarticles) {
            //header("HTTP/1.1 226 IM Used");
            //This should be used as opposed to 200, but Apache doesn't like it.
            //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
            header("Cache-Control: no-store, im");
            header("IM: feed");
        }
    }
    $out = array_merge($out, $articles);
    header('Content-type: application/atom+xml; charset=utf-8');
    return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>';
}
Exemplo n.º 7
0
function password_protect($atts, $thing = null)
{
    ob_start();
    extract(lAtts(array('login' => null, 'pass' => null, 'privs' => null), $atts));
    if ($pass === null) {
        $access = ($user = is_logged_in($login)) !== false && ($privs === null || in_list($user['privs'], $privs));
    } else {
        $au = serverSet('PHP_AUTH_USER');
        $ap = serverSet('PHP_AUTH_PW');
        // For PHP as (f)cgi, two rules in htaccess often allow this workaround.
        $ru = serverSet('REDIRECT_REMOTE_USER');
        if (!$au && !$ap && strpos($ru, 'Basic') === 0) {
            list($au, $ap) = explode(':', base64_decode(substr($ru, 6)));
        }
        $access = $au === $login && $ap === $pass;
    }
    if ($access === false && $pass !== null) {
        header('WWW-Authenticate: Basic realm="Private"');
    }
    if ($thing === null) {
        if ($access === false) {
            txp_die(gTxt('auth_required'), '401');
        }
        return '';
    }
    return parse(EvalElse($thing, $access));
}
 /**
  * Update preferences from submitted form
  */
 private function update_prefs()
 {
     foreach (self::$preferences as $key => $pref) {
         $this->set_pref($key, gps($this->prefix($key)));
     }
     txp_die('', '302', '?event=plugin_prefs.' . self::$slug);
 }
Exemplo n.º 9
0
function password_protect($atts)
{
    ob_start();
    extract(lAtts(array('login' => '', 'pass' => ''), $atts));
    $au = serverSet('PHP_AUTH_USER');
    $ap = serverSet('PHP_AUTH_PW');
    //For php as (f)cgi, two rules in htaccess often allow this workaround
    $ru = serverSet('REDIRECT_REMOTE_USER');
    if ($ru && !$au && !$ap && substr($ru, 0, 5) == 'Basic') {
        list($au, $ap) = explode(':', base64_decode(substr($ru, 6)));
    }
    if ($login && $pass) {
        if (!$au || !$ap || $au != $login || $ap != $pass) {
            header('WWW-Authenticate: Basic realm="Private"');
            txp_die(gTxt('auth_required'), '401');
        }
    }
}
Exemplo n.º 10
0
 function _textpattern_end()
 {
     // Redirect to a 404 if the page number is greater than the max number of pages
     // Has to be after textpattern() as $thispage is set during <txp:article />
     global $thispage, $pretext;
     if (@$pretext['pg'] && isset($thispage) && $thispage['numPages'] < $pretext['pg']) {
         ob_end_clean();
         txp_die(gTxt('404_not_found'), '404');
     }
     // Stop output buffering, this sends the buffer to _textpattern_end_callback()
     while (@ob_end_flush()) {
     }
 }
Exemplo n.º 11
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = getComment();
    $evaluator =& get_comment_evaluator();
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    $ip = serverset('REMOTE_ADDR');
    if (!checkBan($ip)) {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    $blacklisted = is_blacklisted($ip);
    if ($blacklisted) {
        txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
    }
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
    $email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
    $message = trim($message);
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
        $evaluator->add_estimate(RELOAD, 1);
        // The error-messages are added in the preview-code
    }
    if ($isdup) {
        $evaluator->add_estimate(RELOAD, 1);
    }
    // FIXME? Tell the user about dupe?
    if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
        callback_event('comment.save');
        $visible = $evaluator->get_result();
        if ($visible != RELOAD) {
            $rs = safe_insert("txp_discuss", "parentid  = '" . doSlash($parentid) . "',\n\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t ip\t\t  = '{$ip}',\n\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t posted\t  = now()");
            if ($rs) {
                safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
                if ($prefs['comment_means_site_updated']) {
                    safe_update("txp_prefs", "val=now()", "name='lastmod'");
                }
                if ($comments_sendmail) {
                    mail_comment($message, $name, $email, $web, $parentid, $rs);
                }
                $updated = update_comments_count($parentid);
                $backpage = substr($backpage, 0, $prefs['max_url_len']);
                $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
                txp_status_header('302 Found');
                if ($comments_moderate) {
                    header('Location: ' . $backpage . '#txpCommentInputForm');
                } else {
                    header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                }
                if ($prefs['logging'] == 'refer') {
                    logit('refer');
                } elseif ($prefs['logging'] == 'all') {
                    logit();
                }
                $evaluator->write_trace();
                exit;
            }
        }
    }
    // Force another Preview
    $_POST['preview'] = RELOAD;
    //$evaluator->write_trace();
}
Exemplo n.º 12
0
function password_protect($atts)
{
    ob_start();
    extract(lAtts(array('login' => '', 'pass' => ''), $atts));
    $au = serverSet('PHP_AUTH_USER');
    $ap = serverSet('PHP_AUTH_PW');
    if ($login && $pass) {
        if (!$au || !$ap || $au != $login || $ap != $pass) {
            header('WWW-Authenticate: Basic realm="Private"');
            txp_die(gTxt('auth_required'), '401');
        }
    }
}
Exemplo n.º 13
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    if ($prefs['comments_require_name']) {
        if (!trim($name)) {
            exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if ($prefs['comments_require_email']) {
        if (!trim($email)) {
            exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if (!trim($message)) {
        exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
    }
    $ip = serverset('REMOTE_ADDR');
    $message = trim($message);
    $blacklisted = is_blacklisted($ip);
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
    $email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if (checkBan($ip)) {
        if ($blacklisted == false) {
            if (!$isdup) {
                if (checkNonce($nonce)) {
                    $visible = $comments_moderate ? 0 : 1;
                    $rs = safe_insert("txp_discuss", "parentid  = '" . doSlash($parentid) . "',\n\t\t\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t\t\t ip\t\t  = '{$ip}',\n\t\t\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t\t\t posted\t  = now()");
                    if ($rs) {
                        safe_update("txp_discuss_nonce", "used='1'", "nonce='" . doslash($nonce) . "'");
                        if ($prefs['comment_means_site_updated']) {
                            safe_update("txp_prefs", "val=now()", "name='lastmod'");
                        }
                        if ($comments_sendmail) {
                            mail_comment($message, $name, $email, $web, $parentid);
                        }
                        $updated = update_comments_count($parentid);
                        $backpage = substr($backpage, 0, $prefs['max_url_len']);
                        $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                        $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
                        txp_status_header('302 Found');
                        if ($comments_moderate) {
                            header('Location: ' . $backpage . '#txpCommentInputForm');
                        } else {
                            header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                        }
                    }
                }
                // end check nonce
            }
            // end check dup
        } else {
            txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
        }
        // end check blacklist
    } else {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    // end check site ban
}
Exemplo n.º 14
0
function render_feed($rs, $area, $type, $feedtitle, $atom_self_ref, $atom_id_ext)
{
    global $prefs, $thisarticle;
    extract($prefs);
    set_error_handler('tagErrorHandler');
    $atom = $type == 'atom';
    if ($atom) {
        define("t_texthtml", ' type="text/html"');
        define("t_text", ' type="text"');
        define("t_html", ' type="html"');
        define("t_xhtml", ' type="xhtml"');
        define('t_appxhtml', ' type="xhtml"');
        define("r_relalt", ' rel="alternate"');
        define("r_relself", ' rel="self"');
    } else {
        define("t_texthtml", '');
        define("t_text", '');
        define("t_html", '');
        define("t_xhtml", '');
        define('t_appxhtml', '');
        define("r_relalt", '');
        define("r_relself", '');
    }
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    if ($atom) {
        $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
        $out[] = tag(htmlspecialchars($feedtitle), 'title', t_text);
        $out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text);
        $out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
        $out[] = '<link' . r_relself . ' href="' . $atom_self_ref . '" />';
        $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
        //Atom feeds with mail or domain name
        $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . $atom_id_ext, 'id');
        $pub = safe_row("RealName, email", "txp_users", "privs=1");
        $auth[] = tag($pub['RealName'], 'name');
        $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
        $auth[] = tag(hu, 'uri');
        $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
    } else {
        $out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
        $out[] = tag(doSpecial($feedtitle), 'title');
        $out[] = tag(doSpecial($site_slogan), 'description');
        $out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
        $out[] = tag(hu, 'link');
        $out[] = '<atom:link href="' . $atom_self_ref . '" rel="self" type="application/rss+xml" />';
    }
    $out[] = callback_event($atom ? 'atom_head' : 'rss_head');
    $articles = array();
    if (!$area or $area == 'article') {
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                populateArticleData($a);
                $cb = callback_event($atom ? 'atom_entry' : 'rss_entry');
                $e = array();
                $thisauthor = doSpecial(get_author_name($AuthorID));
                $thisauthor = tag($thisauthor, $atom ? 'name' : 'dc:creator');
                if ($atom) {
                    $thisauthor = tag(n . t . t . t . $thisauthor . n . t . t, 'author');
                }
                $e['thisauthor'] = $thisauthor;
                if ($atom) {
                    $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
                } else {
                    $e['issued'] = tag(safe_strftime('rfc822', $uPosted), 'pubDate');
                }
                if ($atom) {
                    $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
                    $e['category1'] = trim($Category1) ? '<category term="' . doSpecial($Category1) . '" />' : '';
                    $e['category2'] = trim($Category2) ? '<category term="' . doSpecial($Category2) . '" />' : '';
                }
                $count = '';
                if ($show_comment_count_in_feed && $comments_count > 0) {
                    $count = ' [' . $comments_count . ']';
                }
                $escaped_title = $atom ? htmlspecialchars($Title) : htmlspecialchars(strip_tags($Title));
                $e['title'] = tag($escaped_title . $count, 'title', t_html);
                $a['posted'] = $uPosted;
                $permlink = permlinkurl($a);
                if ($atom) {
                    $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
                } else {
                    $e['link'] = tag($permlink, 'link');
                }
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, $atom ? 'id' : 'guid', $atom ? '' : ' isPermaLink="false"');
                $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
                $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
                if ($syndicate_body_or_excerpt) {
                    # short feed: use body as summary if there's no excerpt
                    if (!trim($summary)) {
                        $summary = $content;
                    }
                    $content = '';
                }
                if (trim($summary)) {
                    $e['summary'] = tag(n . escape_cdata($summary) . n, $atom ? 'summary' : 'description', t_html);
                }
                if (trim($content)) {
                    $e['content'] = tag(n . escape_cdata($content) . n, $atom ? 'content' : 'content:encoded', t_html);
                }
                $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, $atom ? 'entry' : 'item');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $atom ? $uLastMod : $uPosted;
            }
        }
    } elseif ($area == 'link') {
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $e['title'] = tag(doSpecial($linkname), 'title', t_html);
                if ($atom) {
                    $e['content'] = tag(n . doSpecial($description) . n, 'content', t_html);
                    $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
                    $url = preg_replace("/&((?U).*)=/", "&amp;\\1=", $url);
                    $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
                    $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
                    $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
                    $e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id');
                } else {
                    $e['content'] = tag(doSpecial($description), 'description');
                    $e['link'] = tag(doSpecial($url), 'link');
                    $e['issued'] = tag(safe_strftime('rfc822', $uDate), 'pubDate');
                }
                $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, $atom ? 'entry' : 'item');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
            }
        }
    }
    if (!$articles) {
        if ($section) {
            if (safe_field('name', 'txp_section', "name = '{$section}'") == false) {
                txp_die(gTxt('404_not_found'), '404');
            }
        } elseif ($category) {
            switch ($area) {
                case 'link':
                    if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
                case 'article':
                default:
                    if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'article'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
            }
        }
    } else {
        //turn on compression if we aren't using it already
        if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
            // make sure notices/warnings/errors don't
            // fudge up the feed when compression is used
            $buf = '';
            while ($b = @ob_get_clean()) {
                $buf .= $b;
            }
            @ob_start('ob_gzhandler');
            echo $buf;
        }
        handle_lastmod();
        $hims = serverset('HTTP_IF_MODIFIED_SINCE');
        $imsd = $hims ? strtotime($hims) : 0;
        if (is_callable('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers["A-IM"])) {
                $canaim = strpos($headers["A-IM"], "feed");
            } else {
                $canaim = false;
            }
        } else {
            $canaim = false;
        }
        $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
        $cutarticles = false;
        if ($canaim !== false) {
            foreach ($articles as $id => $thing) {
                if (strpos($hinm, $etags[$id]) !== false) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_etag = true;
                }
                if ($dates[$id] < $imsd) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_time = true;
                }
            }
        }
        if (isset($cut_etag) && isset($cut_time)) {
            header("Vary: If-None-Match, If-Modified-Since");
        } else {
            if (isset($cut_etag)) {
                header("Vary: If-None-Match");
            } else {
                if (isset($cut_time)) {
                    header("Vary: If-Modified-Since");
                }
            }
        }
        $etag = @join("-", $etags);
        if (strstr($hinm, $etag)) {
            txp_status_header('304 Not Modified');
            exit(0);
        }
        if ($etag) {
            header('ETag: "' . $etag . '"');
        }
        if ($cutarticles) {
            //header("HTTP/1.1 226 IM Used");
            //This should be used as opposed to 200, but Apache doesn't like it.
            //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
            header("Cache-Control: no-store, im");
            header("IM: feed");
        }
    }
    $out = array_merge($out, $articles);
    header('Content-type: application/' . ($atom ? 'atom' : 'rss') . '+xml; charset=utf-8');
    if ($atom) {
        return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . n . join(n, $out) . '</feed>';
    } else {
        return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
    }
}
Exemplo n.º 15
0
function rss()
{
    global $prefs, $thisarticle;
    set_error_handler('feedErrorHandler');
    ob_clean();
    extract($prefs);
    extract(doSlash(gpsa(array('limit', 'area'))));
    // build filter criteria from a comma-separated list of sections and categories
    $feed_filter_limit = get_pref('feed_filter_limit', 10);
    $section = gps('section');
    $category = gps('category');
    if (!is_scalar($section) || !is_scalar($category)) {
        txp_die('Not Found', 404);
    }
    $section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array();
    $category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array();
    $st = array();
    foreach ($section as $s) {
        $st[] = fetch_section_title($s);
    }
    $ct = array();
    foreach ($category as $c) {
        $ct[] = fetch_category_title($c);
    }
    $sitename .= $section ? ' - ' . join(' - ', $st) : '';
    $sitename .= $category ? ' - ' . join(' - ', $ct) : '';
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    // feed header
    $out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
    $out[] = tag(doSpecial($sitename), 'title');
    $out[] = tag(hu, 'link');
    $out[] = '<atom:link href="' . pagelinkurl(array('rss' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" rel="self" type="application/rss+xml" />';
    $out[] = tag(doSpecial($site_slogan), 'description');
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
    $out[] = callback_event('rss_head');
    // feed items
    $articles = array();
    $section = doSlash($section);
    $category = doSlash($category);
    if (!$area or $area == 'article') {
        $sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : '';
        $cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : '';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        if ($frs) {
            foreach ($frs as $f) {
                $query[] = "and Section != '" . doSlash($f) . "'";
            }
        }
        $query[] = $sfilter;
        $query[] = $cfilter;
        $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
        $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(LastMod) as uLastMod, unix_timestamp(Expires) as uExpires, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now()" . $expired . "order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                populateArticleData($a);
                $cb = callback_event('rss_entry');
                $a['posted'] = $uPosted;
                $permlink = permlinkurl($a);
                $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
                $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
                if ($syndicate_body_or_excerpt) {
                    # short feed: use body as summary if there's no excerpt
                    if (!trim($summary)) {
                        $summary = $content;
                    }
                    $content = '';
                }
                if ($show_comment_count_in_feed) {
                    $count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
                } else {
                    $count = '';
                }
                $Title = escape_title(strip_tags($Title)) . $count;
                $thisauthor = get_author_name($AuthorID);
                $item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb;
                $articles[$ID] = tag($item, 'item');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uPosted;
            }
        }
    } elseif ($area == 'link') {
        $cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate');
                $articles[$id] = tag($item, 'item');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
            }
        }
    }
    if (!$articles) {
        if ($section) {
            if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) {
                txp_die(gTxt('404_not_found'), '404');
            }
        } elseif ($category) {
            switch ($area) {
                case 'link':
                    if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
                case 'article':
                default:
                    if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
            }
        }
    } else {
        //turn on compression if we aren't using it already
        if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
            // make sure notices/warnings/errors don't fudge up the feed
            // when compression is used
            $buf = '';
            while ($b = @ob_get_clean()) {
                $buf .= $b;
            }
            @ob_start('ob_gzhandler');
            echo $buf;
        }
        handle_lastmod();
        $hims = serverset('HTTP_IF_MODIFIED_SINCE');
        $imsd = $hims ? strtotime($hims) : 0;
        if (is_callable('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers["A-IM"])) {
                $canaim = strpos($headers["A-IM"], "feed");
            } else {
                $canaim = false;
            }
        } else {
            $canaim = false;
        }
        $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
        $cutarticles = false;
        if ($canaim !== false) {
            foreach ($articles as $id => $thing) {
                if (strpos($hinm, $etags[$id]) !== false) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_etag = true;
                }
                if ($dates[$id] < $imsd) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_time = true;
                }
            }
        }
        if (isset($cut_etag) && isset($cut_time)) {
            header("Vary: If-None-Match, If-Modified-Since");
        } else {
            if (isset($cut_etag)) {
                header("Vary: If-None-Match");
            } else {
                if (isset($cut_time)) {
                    header("Vary: If-Modified-Since");
                }
            }
        }
        $etag = @join("-", $etags);
        if (strstr($hinm, $etag)) {
            txp_status_header('304 Not Modified');
            exit(0);
        }
        if ($cutarticles) {
            //header("HTTP/1.1 226 IM Used");
            //This should be used as opposed to 200, but Apache doesn't like it.
            //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
            header("Cache-Control: no-store, im");
            header("IM: feed");
        }
    }
    $out = array_merge($out, $articles);
    header("Content-Type: application/rss+xml; charset=utf-8");
    if (isset($etag)) {
        header('ETag: "' . $etag . '"');
    }
    return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
}
Exemplo n.º 16
0
function textpattern()
{
    global $pretext, $microstart, $prefs, $qcount, $production_status, $txptrace, $siteurl;
    callback_event('textpattern');
    if ($pretext['status'] == '404') {
        txp_die(gTxt('404_not_found'), '404');
    }
    $html = safe_field('user_html', 'txp_page', "name='" . doSlash($pretext['page']) . "'");
    if (!$html) {
        txp_die(gTxt('unknown_section'), '404');
    }
    set_error_handler("tagErrorHandler");
    $GLOBALS['pretext']['secondpass'] = false;
    $html = parse($html);
    $GLOBALS['pretext']['secondpass'] = true;
    $GLOBALS['txptrace'][] = " secondpass \r\n";
    $html = parse($html);
    // the function so nice, he ran it twice
    restore_error_handler();
    $html = $prefs['allow_page_php_scripting'] ? evalString($html) : $html;
    header("Content-type: text/html; charset=utf-8");
    echo $html;
    if (in_array($production_status, array('debug', 'testing'))) {
        $microdiff = getmicrotime() - $microstart;
        echo n, comment('Runtime: ' . substr($microdiff, 0, 6));
        echo n, comment('Queries: ' . $qcount);
        echo maxMemUsage('end of textpattern()', 1);
        if (!empty($txptrace) and is_array($txptrace)) {
            echo n, comment('txp tag trace: ' . n . join(n, $txptrace) . n);
        }
    }
}
function ign_filter_downloads()
{
    global $id, $file_error, $ign_user, $pretext, $s;
    // test for file_error
    if (!$file_error) {
        // get file permission, if present
        $r = safe_field('permissions', 'txp_file', 'id');
        if ($r) {
            // if permissions field exists, test against it, otherwise return
            if (!empty($ign_user) && ign_checkPrivs($r)) {
                //continue on to download
                return;
            } else {
                $s = '';
                $pretext['s'] = '';
                txp_die("Monkeys!", 403);
            }
        } else {
            return;
            // no file permissions, so just carry on.
        }
    } else {
        $s = '';
        $pretext['s'] = '';
        txp_die(gTxt('404_not_found'), 404);
    }
}
Exemplo n.º 18
0
function output_css($s = '', $n = '')
{
    $order = '';
    if ($n) {
        if (!is_scalar($n)) {
            txp_die('Not Found', 404);
        }
        $n = do_list($n);
        $cssname = join("','", doSlash($n));
        if (count($n) > 1) {
            $order = " order by field(name,'{$cssname}')";
        }
    } elseif ($s) {
        if (!is_scalar($s)) {
            txp_die('Not Found', 404);
        }
        $cssname = safe_field('css', 'txp_section', "name='" . doSlash($s) . "'");
    }
    if (isset($cssname)) {
        $css = join(n, safe_column_num('css', 'txp_css', "name in ('{$cssname}')" . $order));
        if (isset($css)) {
            echo $css;
        }
    }
}
Exemplo n.º 19
0
        define('TXP_UPDATE', 1);
        include txpath . '/update/_update.php';
    }
    load_elements($event);
    register_element_tabs();
    if (!empty($admin_side_plugins) and gps('event') != 'plugin') {
        load_plugins(1);
    }
    include txpath . '/lib/txplib_head.php';
    // ugly hack, for the people that don't update their admin_config.php
    // Get rid of this when we completely remove admin_config and move privs to db
    if ($event == 'list') {
        require_privs('article');
    } else {
        require_privs($event);
    }
    callback_event($event, $step, 1);
    // let elements override older /include/txp_foo.php admin pages
    if (!controller_name($event)) {
        $inc = txpath . '/include/txp_' . $event . '.php';
        if (is_readable($inc)) {
            include $inc;
        }
    }
    callback_event($event, $step, 0);
    $microdiff = getmicrotime() - $microstart;
    echo n . comment(gTxt('runtime') . ': ' . substr($microdiff, 0, 6));
    end_page();
} else {
    txp_die('DB-Connect was succesful, but the textpattern-table was not found.', '503 Service Unavailable');
}
Exemplo n.º 20
0
function textpattern()
{
    global $pretext, $microstart, $prefs, $qcount, $production_status, $txptrace, $siteurl;
    $segment = gps('segment');
    extract($pretext);
    callback_event('textpattern');
    if ($pretext['status'] == '404') {
        txp_die(gTxt('404_not_found') . br . br . tag($siteurl, 'a', ' href="http://' . $siteurl . '"'), '404 Not Found');
    }
    $html = safe_field('user_html', 'txp_page', "name='" . doSlash($page) . "'");
    if (!$html) {
        txp_die(gTxt('unknown_section') . ' ' . $s . br . br . tag($siteurl, 'a', ' href="http://' . $siteurl . '"'), '404 Not Found');
    }
    $html = parse($html);
    $html = parse($html);
    // the function so nice, he ran it twice
    $html = !$segment ? $html : segmentPage($html);
    $html = $prefs['allow_page_php_scripting'] ? evalString($html) : $html;
    header("Content-type: text/html; charset=utf-8");
    echo $html;
    if (in_array($production_status, array('debug', 'testing'))) {
        $microdiff = getmicrotime() - $microstart;
        echo n, comment('Runtime: ' . substr($microdiff, 0, 6));
        echo n, comment('Queries: ' . $qcount);
        echo maxMemUsage('end of textpattern()', 1);
        if (!empty($txptrace) and is_array($txptrace)) {
            echo n, comment('txp tag trace: ' . n . join(n, $txptrace) . n);
        }
    }
}