Пример #1
0
/**
* This will save a submission
*
* @param    string  $type   Type of submission we are dealing with
* @param    array   $A      Data for that submission
*
*/
function savesubmission($type, $A)
{
    global $_CONF, $_TABLES, $LANG12;
    COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
    $last = COM_checkSpeedlimit('submit');
    if ($last > 0) {
        $retval = COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]);
        $retval = COM_createHTMLDocument($retval);
        return $retval;
    }
    if (!empty($type) && $type !== 'story') {
        // Update the submitspeedlimit for user - assuming Plugin approves
        // submission record
        COM_updateSpeedlimit('submit');
        // see if this is a submission that needs to be handled by a plugin
        // and should include its own redirect
        $retval = PLG_saveSubmission($type, $A);
        if ($retval === false) {
            COM_errorLog("Could not save your submission. Bad type: {$type}");
        } elseif (empty($retval)) {
            // plugin should include its own redirect - but in case handle
            // it here and redirect to the main page
            PLG_submissionSaved($type);
            COM_redirect($_CONF['site_url'] . '/index.php');
        } else {
            PLG_submissionSaved($type);
            return $retval;
        }
    }
    if (!empty($A['title']) && !empty($A['introtext']) && TOPIC_checkTopicSelectionControl()) {
        $retval = savestory($A);
        PLG_submissionSaved($type);
    } else {
        $retval = COM_showMessageText($LANG12[23], $LANG12[22]) . submissionform($type);
        $retval = COM_createHTMLDocument($retval);
    }
    return $retval;
}
Пример #2
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
        return PLG_RET_AUTH_FAILED;
    }
    require_once $_CONF['path_system'] . 'lib-comment.php';
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    // Store the first CATEGORY as the Topic ID
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    // - START: Set all the defaults -
    /*
        if (empty($args['tid'])) {
            // see if we have a default topic
            $topic = DB_getItem($_TABLES['topics'], 'tid',
                                'is_default = 1' . COM_getPermSQL('AND'));
            if (!empty($topic)) {
                $args['tid'] = $topic;
            } else {
                // otherwise, just use the first one
                $o = array();
                $s = array();
                if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                    $args['tid'] = $o[0];
                } else {
                    $svc_msg['error_desc'] = 'No topics available';
                    return PLG_RET_ERROR;
                }
            }
        } */
    /* This is a solution for above but the above has issues
        if (!TOPIC_checkTopicSelectionControl()) {
            $svc_msg['error_desc'] = 'No topics selected or available';
            return PLG_RET_ERROR;
        }
       */
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    // - END: Set all the defaults -
    // TEST CODE
    /* foreach ($args as $k => $v) {
           if (!is_array($v)) {
               echo "$k => $v\r\n";
           } else {
               echo "$k => $v\r\n";
               foreach ($v as $k1 => $v1) {
                   echo "        $k1 => $v1\r\n";
               }
           }
       }*/
    // exit ();
    // END TEST CODE
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
            } else {
                $args['sid'] = COM_makeSid();
            }
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original story to check if it has been modified
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    // This function is also doing the security checks
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    // Check if topics selected if not prompt required field
    if ($result == STORY_LOADED_OK) {
        if (!TOPIC_checkTopicSelectionControl()) {
            $result = STORY_EMPTY_REQUIRED_FIELDS;
        }
    }
    switch ($result) {
        case STORY_DUPLICATE_SID:
            $output .= COM_errorLog($LANG24[24], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
            return PLG_RET_ERROR;
            break;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_EMPTY_REQUIRED_FIELDS:
            $output .= COM_errorLog($LANG24[31], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output);
            return PLG_RET_ERROR;
            break;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new Upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            if (!empty($_CONF['image_lib'])) {
                if ($_CONF['image_lib'] == 'imagemagick') {
                    // Using imagemagick
                    $upload->setMogrifyPath($_CONF['path_to_mogrify']);
                } elseif ($_CONF['image_lib'] == 'netpbm') {
                    // using netPBM
                    $upload->setNetPBM($_CONF['path_to_netpbm']);
                } elseif ($_CONF['image_lib'] == 'gdlib') {
                    // using the GD library
                    $upload->setGDLib();
                }
                $upload->setAutomaticResize(true);
                if ($_CONF['keep_unscaled_image'] == 1) {
                    $upload->keepOriginalImage(true);
                } else {
                    $upload->keepOriginalImage(false);
                }
                if (isset($_CONF['jpeg_quality'])) {
                    $upload->setJpegQuality($_CONF['jpeg_quality']);
                }
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $end_index = $index_start + $upload->numFiles() - 1;
            for ($z = $index_start; $z <= $end_index; $z++) {
                $curfile = current($_FILES);
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $z . '.' . $fextension;
                }
                next($_FILES);
            }
            $upload->setFileNames($filenames);
            reset($_FILES);
            $upload->uploadFiles();
            if ($upload->areErrors()) {
                $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $retval;
                exit;
            }
            reset($filenames);
            for ($z = $index_start; $z <= $end_index; $z++) {
                DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
                next($filenames);
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkAttachedImages();
            if (count($errors) > 0) {
                $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
                $output .= $LANG24[55] . LB . '<ul>' . LB;
                foreach ($errors as $err) {
                    $output .= '<li>' . $err . '</li>' . LB;
                }
                $output .= '</ul>' . LB;
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                $output .= storyeditor($sid);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s)
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_rdfUpToDateCheck('comment');
        STORY_updateLastArticlePublished();
        CMT_updateCommentcodes();
        if ($story->type == 'submission') {
            $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}
Пример #3
0
/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int          Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']);
        $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied']));
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_format', 'postmode');
        $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
        $args['sp_where'] = 0;
    }
    if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
        $args['sp_php'] = 0;
    }
    if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
        $args['commentcode'] = $_CONF['comment_code'];
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_SP_CONF['default_permissions'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_SP_CONF['default_permissions'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['sp_onmenu'])) {
            $args['sp_onmenu'] = '';
        } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
            $svc_msg['error_desc'] = 'Menu label missing';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_content'])) {
            $svc_msg['error_desc'] = 'No content';
            return PLG_RET_ERROR;
        }
        if (!TOPIC_checkTopicSelectionControl()) {
            $svc_msg['error_desc'] = 'No topic selected.';
            return PLG_RET_ERROR;
        }
        if (!TOPIC_hasMultiTopicAccess('topic') < 3) {
            $svc_msg['error_desc'] = 'Do not have access to one or more of selected topics.';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
            $args['sp_inblock'] = 'on';
        }
        if (empty($args['sp_centerblock'])) {
            $args['sp_centerblock'] = '';
        }
        if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
            $args['draft_flag'] = 'on';
        }
        if (empty($args['cache_time'])) {
            $args['cache_time'] = $_SP_CONF['default_cache_time'];
        }
        if (empty($args['template_flag'])) {
            $args['template_flag'] = '';
        }
        if (empty($args['template_id'])) {
            $args['template_id'] = '';
        }
    }
    // END: Staticpages defaults
    $sp_id = $args['sp_id'];
    $sp_title = $args['sp_title'];
    $sp_page_title = $args['sp_page_title'];
    $sp_content = $args['sp_content'];
    $sp_hits = $args['sp_hits'];
    $sp_format = $args['sp_format'];
    $sp_onmenu = $args['sp_onmenu'];
    $sp_label = '';
    if (!empty($args['sp_label'])) {
        $sp_label = $args['sp_label'];
    } else {
        // If empty but menu on then use title as default
        if ($sp_onmenu == 'on') {
            $sp_label = $sp_title;
        }
    }
    $meta_description = $args['meta_description'];
    $meta_keywords = $args['meta_keywords'];
    $commentcode = $args['commentcode'];
    $owner_id = $args['owner_id'];
    $group_id = $args['group_id'];
    $perm_owner = $args['perm_owner'];
    $perm_group = $args['perm_group'];
    $perm_members = $args['perm_members'];
    $perm_anon = $args['perm_anon'];
    $sp_php = $args['sp_php'];
    $sp_nf = '';
    if (!empty($args['sp_nf'])) {
        $sp_nf = $args['sp_nf'];
    }
    $sp_old_id = $args['sp_old_id'];
    $sp_centerblock = $args['sp_centerblock'];
    $draft_flag = $args['draft_flag'];
    $cache_time = $args['cache_time'];
    $template_flag = $args['template_flag'];
    $template_id = $args['template_id'];
    $sp_help = '';
    if (!empty($args['sp_help'])) {
        $sp_help = $args['sp_help'];
    }
    $sp_where = $args['sp_where'];
    $sp_inblock = $args['sp_inblock'];
    $postmode = $args['postmode'];
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original staticpage to check if it has been modified
        $o = array();
        $s = array();
        $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
        if ($r == PLG_RET_OK) {
            if ($args['gl_etag'] != $o['updated']) {
                $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
            return PLG_RET_ERROR;
        }
    }
    // Check for unique page ID
    $duplicate_id = false;
    $delete_old_page = false;
    if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
        if ($sp_id != $sp_old_id) {
            $duplicate_id = true;
        }
    } elseif (!empty($sp_old_id)) {
        if ($sp_id != $sp_old_id) {
            $delete_old_page = true;
        }
    }
    if ($duplicate_id) {
        $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor']));
        $svc_msg['error_desc'] = 'Duplicate ID';
        return PLG_RET_ERROR;
    } elseif (!empty($sp_title) && !empty($sp_content) && TOPIC_checkTopicSelectionControl() && TOPIC_hasMultiTopicAccess('topic') == 3) {
        if (empty($sp_hits)) {
            $sp_hits = 0;
        }
        if ($sp_onmenu == 'on') {
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        if ($draft_flag == 'on') {
            $draft_flag = 1;
        } else {
            $draft_flag = 0;
        }
        if ($template_flag == 'on') {
            $template_flag = 1;
        } else {
            $template_flag = 0;
        }
        // Remove any autotags the user doesn't have permission to use
        $sp_content = PLG_replaceTags($sp_content, '', true);
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_title = strip_tags($sp_title);
        $sp_page_title = strip_tags($sp_page_title);
        $sp_label = strip_tags($sp_label);
        $meta_description = strip_tags($meta_description);
        $meta_keywords = strip_tags($meta_keywords);
        $sp_content = DB_escapeString($sp_content);
        $sp_title = DB_escapeString($sp_title);
        $sp_page_title = DB_escapeString($sp_page_title);
        $sp_label = DB_escapeString($sp_label);
        $meta_description = DB_escapeString($meta_description);
        $meta_keywords = DB_escapeString($meta_keywords);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // If PHP page then no cache
        if ($sp_php == 0) {
            if ($cache_time < -1) {
                $cache_time = $_SP_CONF['default_cache_time'];
            }
        } else {
            $cache_time = $_SP_CONF['default_cache_time'];
        }
        // If marked as a template then set id to nothing and other default settings
        if ($template_flag == 1) {
            $template_id = '';
            $sp_onmenu = 0;
            $sp_label = "";
            $sp_centerblock = 0;
            $sp_php = 0;
            $cache_time = 0;
            $sp_inblock = 0;
            $sp_nf = 0;
            $sp_hits = 0;
            $meta_description = "";
            $meta_keywords = "";
        } else {
            // See if it was a template before, if so and option changed, remove use from other pages
            if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            if ($template_id != '') {
                // If using a template, make sure php disabled
                $sp_php = 0;
                // Double check template id exists and is still a template
                $perms = SP_getPerms();
                if (!empty($perms)) {
                    $perms = ' AND ' . $perms;
                }
                if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
                    $template_id = '';
                }
            }
        }
        // make sure there's only one "entire page" static page per topic
        if ($sp_centerblock == 1 && $sp_where == 0) {
            // Retrieve Topic data
            TOPIC_getDataTopicSelectionControl($topic_option, $tids, $inherit_tids, $default_tid);
            $sql = "UPDATE {$_TABLES['staticpage']},{$_TABLES['topic_assignments']} ta SET sp_centerblock = 0\n                WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (draft_flag = 0)\n                 AND ta.type = 'staticpages' AND ta.id = sp_id ";
            if ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION) {
                $sql .= " AND (ta.tid = '{$topic_option}')";
            } else {
                $sql .= " AND (ta.tid IN ('" . implode("','", $tids) . "'))";
            }
            // if we're in a multi-language setup, we need to allow one "entire
            // page" centerblock for 'all' or 'none' per language
            if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION)) {
                $ids = explode('_', $sp_id);
                if (count($ids) > 1) {
                    $lang_id = array_pop($ids);
                    $sql .= " AND ta.tid LIKE '%\\_{$lang_id}'";
                }
            }
            DB_query($sql);
        }
        $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
        if (!in_array($sp_format, $formats)) {
            $sp_format = 'allblocks';
        }
        if (!$args['gl_svc']) {
            list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
        }
        // Retrieve created date
        $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
        if ($datecreated == '') {
            $datecreated = date('Y-m-d H:i:s');
        }
        DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,cache_time,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$cache_time},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
        TOPIC_saveTopicSelectionControl('staticpages', $sp_id);
        if ($delete_old_page && !empty($sp_old_id)) {
            // If a template and the id changed, update any staticpages that use it
            if ($template_flag == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            // Delete Topic Assignments for this old staticpage since we just created new ones
            TOPIC_deleteTopicAssignments('staticpages', $sp_old_id);
            DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
        }
        if (empty($sp_old_id) || $sp_id == $sp_old_id) {
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages');
                // Clear Cache
                $cacheInstance = 'staticpage__' . $sp_id . '__';
                CACHE_remove_instance($cacheInstance);
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                    // Clear Cache
                    $cacheInstance = 'staticpage__' . $A['sp_id'] . '__';
                    CACHE_remove_instance($cacheInstance);
                }
            }
        } else {
            DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
                // Clear Cache
                $cacheInstance = 'staticpage__' . $sp_old_id . '__';
                CACHE_remove_instance($cacheInstance);
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                    // Clear Cache
                    $cacheInstance = 'staticpage__' . $A['sp_id'] . '__';
                    CACHE_remove_instance($cacheInstance);
                }
            }
        }
        $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
        $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
        $svc_msg['id'] = $sp_id;
        return PLG_RET_OK;
    } else {
        $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor']));
        return PLG_RET_ERROR;
    }
}
Пример #4
0
/**
* Saves a block
*
* @param    string  $bid            Block ID
* @param    string  $title          Block title
* @param    string  $type           Type of block
* @param    int     $blockorder     Order block appears relative to the others
* @param    string  $content        Content of block
* @param    string  $tid            Ids of topics block is assigned to
* @param    string  $rdfurl         URL to headline feed for portal blocks
* @param    string  $rdfupdated     Date RSS/RDF feed was last updated
* @param    string  $rdflimit       max. number of entries to import from feed
* @param    string  $phpblockfn     Name of php function to call to get content
* @param    int     $onleft         Flag indicates if block shows up on left or right
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group block belongs to
* @param    array   $perm_owner     Permissions the owner has on the object
* @param    array   $perm_group     Permissions the group has on the object
* @param    array   $perm_members   Permissions the logged in members have
* @param    array   $perm_anon      Permissinos anonymous users have
* @param    int     $is_enabled     Flag, indicates if block is enabled or not
* @return   string                  HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time)
{
    global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER;
    $retval = '';
    $title = DB_escapeString(COM_stripslashes(strip_tags($title)));
    $phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn)));
    if (empty($title) || !TOPIC_checkTopicSelectionControl()) {
        $retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63]));
        return $retval;
    }
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $access = 0;
    if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) {
        $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
        return $retval;
    } elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) {
        if ($is_enabled == 'on') {
            $is_enabled = 1;
        } else {
            $is_enabled = 0;
        }
        if ($allow_autotags == 'on') {
            $allow_autotags = 1;
        } else {
            $allow_autotags = 0;
        }
        if ($cache_time < -1 or $cache_time == "") {
            $cache_time = $_CONF['default_cache_time_block'];
        }
        if ($type == 'portal') {
            $content = '';
            $rdfupdated = '';
            $phpblockfn = '';
            // get rid of possible extra prefixes (e.g. "feed://http://...")
            if (substr($rdfurl, 0, 4) == 'rss:') {
                $rdfurl = substr($rdfurl, 4);
            } elseif (substr($rdfurl, 0, 5) == 'feed:') {
                $rdfurl = substr($rdfurl, 5);
            }
            if (substr($rdfurl, 0, 2) == '//') {
                $rdfurl = substr($rdfurl, 2);
            }
            $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
        }
        if ($type == 'gldefault') {
            $content = '';
            $rdfurl = '';
            $rdfupdated = '';
            $rdflimit = 0;
            $phpblockfn = '';
        }
        if ($type == 'phpblock') {
            // NOTE: PHP Blocks must be within a function and the function
            // must start with phpblock_ as the prefix.  This will prevent
            // the arbitrary execution of code
            if (!stristr($phpblockfn, 'phpblock_')) {
                $retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid);
                $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37]));
                return $retval;
            }
            $content = '';
            $rdfurl = '';
            $rdfupdated = '';
            $rdflimit = 0;
        }
        if ($type == 'normal') {
            $rdfurl = '';
            $rdfupdated = '';
            $rdflimit = 0;
            $phpblockfn = '';
            if ($allow_autotags == 1) {
                // Remove any autotags the user doesn't have permission to use
                $content = PLG_replaceTags($content, '', true);
            }
            $content = DB_escapeString($content);
        }
        if ($rdflimit < 0) {
            $rdflimit = 0;
        }
        if (!empty($rdfurl)) {
            $rdfurl = DB_escapeString($rdfurl);
        }
        if (empty($rdfupdated)) {
            $rdfupdated = '0000-00-00 00:00:00';
        }
        if ($bid > 0) {
            DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL");
        } else {
            $sql = array();
            $sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
            $sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
            DB_query($sql);
            $bid = DB_insertId();
        }
        TOPIC_saveTopicSelectionControl('block', $bid);
        $cacheInstance = 'block__' . $bid . '__';
        // remove any of this blocks instances if exists
        CACHE_remove_instance($cacheInstance);
        return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11');
    } else {
        if (empty($name)) {
            // empty block name
            $msgtxt = $LANG21[50];
        } elseif ($type == 'portal') {
            // Portal block is missing fields
            $msgtxt = $LANG21[33];
        } elseif ($type == 'phpblock') {
            // PHP Block is missing field
            $msgtxt = $LANG21[34];
        } elseif ($type == 'normal') {
            // Normal block is missing field
            $msgtxt = $LANG21[35];
        } elseif ($type == 'gldefault') {
            // Default geeklog field missing
            $msgtxt = $LANG21[42];
        } else {
            // Layout block missing content
            $msgtxt = $LANG21[36];
        }
        $retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32]));
    }
    return $retval;
}
Пример #5
0
 /**
  * Loads a submitted story from post data
  *
  * @return int
  */
 public function loadSubmission()
 {
     global $_CONF;
     $array = $_POST;
     $this->_expire = time();
     $this->_date = time();
     if ($_CONF['article_comment_close_enabled']) {
         $this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
     } else {
         $this->_comment_expire = 0;
     }
     // Handle Magic GPC Garbage:
     while (list($key, $value) = each($array)) {
         $array[$key] = COM_stripslashes($value);
     }
     // initialize the GLText version to the latest version
     $this->_text_version = GLTEXT_LATEST_VERSION;
     $this->_postmode = COM_applyFilter($array['postmode']);
     $this->_sid = COM_applyFilter($array['sid']);
     $this->_uid = COM_applyFilter($array['uid'], true);
     if ($this->_uid < 1) {
         $this->_uid = 1;
     }
     $this->_unixdate = COM_applyFilter($array['date'], true);
     if (!isset($array['bodytext'])) {
         $array['bodytext'] = '';
     }
     if (!isset($array['page_title'])) {
         $array['page_title'] = '';
     }
     /* Load the title, page title */
     $this->_title = $this->_applyTitleFilter($array['title']);
     $this->_page_title = $this->_applyTitleFilter($array['page_title']);
     // fix for bug in advanced editor
     if (in_array($array['postmode'], array('html', 'adveditor'))) {
         if ($_CONF['advanced_editor'] && $array['bodytext'] == '<br' . XHTML . '>') {
             $array['bodytext'] = '';
         }
     }
     // Load the introtext, bodytext
     $this->_introtext = $this->_applyTextFilter($array['introtext'], $array['postmode']);
     $this->_bodytext = $this->_applyTextFilter($array['bodytext'], $array['postmode']);
     $this->_advanced_editor_mode = 0;
     if (in_array($array['postmode'], array('html', 'adveditor'))) {
         if ($this->_postmode === 'adveditor') {
             $this->_advanced_editor_mode = 1;
             $this->_postmode = 'html';
         }
     }
     if (!TOPIC_checkTopicSelectionControl()) {
         return STORY_EMPTY_REQUIRED_FIELDS;
     }
     if (empty($this->_title) || empty($this->_introtext)) {
         return STORY_EMPTY_REQUIRED_FIELDS;
     }
     return STORY_LOADED_OK;
 }