} else { if (isset($_GET['media']) && ae_Validate::id($_GET['media'])) { $area = 'media'; $mainArea = 'media'; $model = new ae_MediaModel(); $model->setMediaPath('../../media/'); } else { if (isset($_GET['page']) && ae_Validate::id($_GET['page'])) { $area = 'page'; $model = new ae_PageModel(); } else { if (isset($_GET['post']) && ae_Validate::id($_GET['post'])) { $area = 'post'; $model = new ae_PostModel(); } else { if (isset($_GET['user']) && ae_Validate::id($_GET['user'])) { $area = 'user'; $model = new ae_UserModel(); } else { header('Location: ../admin.php?error=unknown_area_or_invalid_id'); exit; } } } } } } } $model->load($_GET[$area]); $prevStatus = $model->getStatus(); if ($_GET['status'] == 'delete') {
/** * Set the ID. * @param {int} $id New ID. * @throws {Exception} If $id is not valid. */ public function setId($id) { if (!ae_Validate::id($id)) { $msg = sprintf('[%s] Not a valid ID: %s', get_class(), htmlspecialchars($id)); throw new Exception($msg); } $this->id = (int) $id; }
exit; } } else { if ($status == 'delete' && $_POST['area'] == 'category') { $stmt1 = ' DELETE FROM `' . AE_TABLE_POSTS2CATEGORIES . '` WHERE '; $stmt2 = ' UPDATE `' . ae_CategoryModel::TABLE . '` SET ca_parent = 0 WHERE '; $params = array(); foreach ($_POST['entry'] as $id) { if (!ae_Validate::id($id)) { continue; } $stmt1 .= 'pc_category = :entry' . $id . ' OR '; $stmt2 .= 'ca_id = :entry' . $id . ' OR '; $params[':entry' . $id] = $id; } $stmt1 = mb_substr($stmt1, 0, -4); $stmt2 = mb_substr($stmt2, 0, -4); if (ae_Database::query($stmt1, $params) === FALSE || ae_Database::query($stmt2, $params) === FALSE) { header('Location: ../admin.php?area=' . $mainArea . '&' . $_POST['area'] . '&error=query_delete_category_relations_failed'); exit; } } } if (ae_Log::hasMessages()) {
/** * Set the page user ID. Validates if the user ID is a valid format, * but not if the user exists. * @param {int} $userId User ID. * @throws {Exception} If $userId is not a valid format. */ public function setUserId($userId) { if (!ae_Validate::id($userId)) { $msg = sprintf('[%s] Not a valid user ID: %s', get_class(), $userId); throw new Exception($msg); } $this->userId = (int) $userId; }
/** * Set post categories. Validates if category IDs are a valid format, * but not if the category with the ID exists. * @param {array} $categories Post categories. * @throws {Exception} If $categories is not an array or contains a non-valid ID. */ public function setCategoryIds($categories) { if (!is_array($categories)) { $msg = sprintf('[%s] Requires categories to be passed as array.', get_class()); throw new Exception($msg); } foreach ($categories as $caId) { if (!ae_Validate::id($caId)) { $msg = sprintf('[%s] Not a valid category ID: %d', get_class(), $caId); throw new Exception($msg); } } $this->categoryIds = $categories; }
/** * Set the category parent ID. * @param {int} $parent New category parent ID. * @throws {Exception} If $parent is not valid. */ public function setParent($parent) { if ($parent != 0 && !ae_Validate::id($parent)) { $msg = sprintf('[%s] Not a valid ID: %s', get_class(), htmlspecialchars($parent)); throw new Exception($msg); } $this->parent = $parent; }
/** * Check if current URL represents a post permalink. * @return {boolean} TRUE, if URL fits a post permalink, FALSE otherwise. */ public static function isPost() { $modRewrite = preg_match(self::$regex['post'], self::$url); $get = isset($_GET[PERMALINK_GET_POST]) && ae_Validate::id($_GET[PERMALINK_GET_POST]); return $modRewrite || $get; }
public function testValidateId() { $this->assertTrue(ae_Validate::id(4)); $this->assertFalse(ae_Validate::id(-90)); }
/** * Add the relations between the new post and its categories. * @param {int} $postId Post ID. * @return {boolean} TRUE, if successful added relations or no relations to add, FALSE otherwise. */ function createPost2CategoryRelations($postId) { if (!isset($_POST['post-categories']) || !is_array($_POST['post-categories']) || count($_POST['post-categories']) == 0) { return TRUE; } $stmt = ' INSERT INTO `' . AE_TABLE_POSTS2CATEGORIES . '` ( pc_post, pc_category ) VALUES '; $params = array(); foreach ($_POST['post-categories'] as $caId) { if (ae_Validate::id($caId)) { $stmt .= '( ?, ? ), '; $params[] = $postId; $params[] = $caId; } } $stmt = mb_substr($stmt, 0, -2); if (ae_Database::query($stmt, $params) === FALSE) { return FALSE; } }