function cs($thing)
{
if (isset($_COOKIE[$thing])) {
if (get_magic_quotes_gpc()) {
return doStrip($_COOKIE[$thing]);
} else {
return $_COOKIE[$thing];
}
}
return '';
}
function stripPost()
{
if (isset($_POST)) {
if (get_magic_quotes_gpc() == 1) {
return doStrip($_POST);
} else {
return $_POST;
}
}
return '';
}
function link_save($vars)
{
global $txpcfg, $txpac;
$varray = gpsa($vars);
if ($txpac['textile_links']) {
include_once $txpcfg['txpath'] . '/lib/classTextile.php';
$textile = new Textile();
$varray['linkname'] = $textile->TextileThis($varray['linkname'], '', 1);
$varray['description'] = $textile->TextileThis($varray['description'], 1);
}
extract(doSlash($varray));
if (!$linksort) {
$linksort = $linkname;
}
$rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = '{$id}'");
if ($rs) {
link_edit(messenger('link', doStrip($linkname), 'saved'));
}
}
function gs($name, $default = '')
{
if (isset($_GET[$thing])) {
if (MAGIC_QUOTES_GPC) {
return doStrip($_GET[$thing]);
} else {
return $_GET[$thing];
}
}
return $default;
}
function parsePostedCSS()
{
$post = MAGIC_QUOTES_GPC ? doStrip($_POST) : $_POST;
foreach ($post as $a => $b) {
if (preg_match("/^\\d+\$/", $a)) {
$selector = $b;
}
if (preg_match("/^\\d+-\\d+(?:p|v)\$/", $a)) {
if (strstr($a, 'p')) {
$property = $b;
} else {
if (trim($property) && trim($selector)) {
$out[$selector][$property] = $b;
}
}
}
}
return isset($out) ? $out : array();
}
/*
This is Textpattern
Copyright 2004 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of the Textpattern license agreement
*/
//-------------------------------------------------------------
check_privs(1, 2);
$step = ps('step');
if ($step == 'save') {
$prefnames = safe_column("name", "txp_prefs", "prefs_id='1'");
$post = get_magic_quotes_gpc() ? doStrip($_POST) : $_POST;
$post = doSlash($post);
foreach ($prefnames as $prefname) {
if (isset($post[$prefname])) {
if ($prefname == 'lastmod') {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
} else {
if ($prefname == 'siteurl') {
$post[$prefname] = str_replace("http://", '', $post[$prefname]);
}
safe_update("txp_prefs", "val = '" . $post[$prefname] . "'", "name = '{$prefname}' and prefs_id ='1'");
}
}
}
$message = gTxt('preferences_saved');
}
function yab_shop_clean_input($input, $modus = 'output')
{
if (empty($input)) {
$cleaned = $input;
}
if (is_array($input)) {
foreach ($input as $key => $val) {
$cleaned[$key] = yab_shop_clean_input($val);
}
} else {
$cleaned = str_replace(array('=', '&', '"', '\'', '<', '>', ';', '\\'), '', $input);
if ($modus != 'output') {
$cleaned = doSlash($cleaned);
} else {
$cleaned = doStrip($cleaned);
}
}
return $cleaned;
}
function link_save()
{
global $txpcfg, $vars;
$varray = gpsa($vars);
extract(doSlash($varray));
if (!$linksort) {
$linksort = $linkname;
}
$id = assert_int($id);
$rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
if ($rs) {
update_lastmod();
$message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
link_edit($message);
}
}
function link_save()
{
global $txpcfg, $prefs, $vars;
$varray = gpsa($vars);
if ($prefs['textile_links']) {
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$varray['linkname'] = $textile->TextileThis($varray['linkname'], '', 1);
$varray['description'] = $textile->TextileThis($varray['description'], 1);
}
extract(doSlash($varray));
if (!$linksort) {
$linksort = $linkname;
}
$id = assert_int($id);
$rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
if ($rs) {
update_lastmod();
$message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
link_edit($message);
}
}
/**
* Saves a category from HTTP POST data.
*
* @param string $event Type of category
* @param string $table Affected database table
*/
function cat_event_category_save($event, $table_name)
{
extract(doSlash(array_map('assert_string', psa(array('id', 'name', 'description', 'old_name', 'parent', 'title')))));
$id = assert_int($id);
$rawname = $name;
$name = sanitizeForUrl($rawname);
// Make sure the name is valid.
if (!$name) {
$message = array(gTxt($event . '_category_invalid', array('{name}' => $rawname)), E_ERROR);
return cat_event_category_edit($event, $message);
}
// Don't allow rename to clobber an existing category.
$existing_id = safe_field("id", 'txp_category', "name = '{$name}' AND type = '{$event}'");
if ($existing_id and $existing_id != $id) {
$message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR);
return cat_event_category_edit($event, $message);
}
// TODO: validate parent?
$parent = $parent ? $parent : 'root';
$message = array(gTxt('category_save_failed'), E_ERROR);
if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}', description = '{$description}'", "id = {$id}") && safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}' AND type = '{$event}'")) {
rebuild_tree_full($event);
if ($event == 'article') {
if (safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'") && safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'")) {
$message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
}
} else {
if (safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'")) {
$message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
}
}
}
cat_category_list($message);
}
function cs($thing, $default = '')
{
if (isset($_COOKIE[$thing])) {
if (MAGIC_QUOTES_GPC) {
return doStrip($_COOKIE[$thing]);
} else {
return $_COOKIE[$thing];
}
}
return $default;
}
function _permlinkurl($article_array, $type = PERMLINKURL, $pl_index = NULL)
{
global $pretext, $prefs, $production_status;
if ($type == PAGELINKURL) {
return $this->toggle_custom_url_func('pagelinkurl', $article_array);
}
if (empty($article_array)) {
return;
}
if ($pl_index) {
$pl = $this->get_permlink($pl_index);
} else {
// Get the matched pretext replacement array.
$matched = count($this->matched_permlink) ? $this->matched_permlink : @array_shift(array_slice($this->partial_matches, -1));
if (!isset($pl) && $matched && array_key_exists('id', $matched)) {
// The permlink id is stored in the pretext replacement array, so we can find the permlink.
$pl = $this->get_permlink($matched['permlink_id']);
foreach ($pl['components'] as $pl_c) {
if (in_array($pl_c['type'], array('feed', 'page')) || !$this->check_permlink_conditions($pl, $article_array)) {
unset($pl);
break;
}
}
}
if (!isset($pl)) {
// We have no permlink id so grab the permlink with the highest precedence.
$permlinks = $this->get_all_permlinks(1, array('feed', 'page'));
foreach ($permlinks as $key => $pl) {
if (!$this->check_permlink_conditions($pl, $article_array)) {
unset($permlinks[$key]);
}
}
$pl = array_shift($permlinks);
}
}
$uri = '';
if (is_array($pl) && array_key_exists('components', $pl)) {
extract($article_array);
if (!isset($title)) {
$title = $Title;
}
if (empty($url_title)) {
$url_title = stripSpace($title);
}
if (empty($section)) {
$section = $Section;
}
if (empty($posted)) {
$posted = $Posted;
}
if (empty($authorid)) {
$authorid = @$AuthorID;
}
if (empty($category1)) {
$category1 = @$Category1;
}
if (empty($category2)) {
$category2 = @$Category2;
}
if (empty($thisid)) {
$thisid = $ID;
}
$pl_components = $pl['components'];
// Check to see if there is a title component.
$title = false;
foreach ($pl_components as $pl_c) {
if ($pl_c['type'] == 'title' || $pl_c['type'] == 'id') {
$title = true;
}
}
// If there isn't a title component then we need to append one to the end of the URI
if (!$title && $this->pref('automatically_append_title')) {
$pl_components[] = array('type' => 'title', 'prefix' => '', 'suffix' => '', 'regex' => '', 'text' => '');
}
$uri = rtrim(doStrip(@$pretext['subpath']), '/');
foreach ($pl_components as $pl_c) {
$uri .= '/';
$type = $pl_c['type'];
switch ($type) {
case 'category':
if (!@$pl_c['category']) {
$pl_c['category'] = 1;
}
$primary = 'category' . $pl_c['category'];
$secondary = 'category' . (3 - (int) $pl_c['category']);
$check_context = $this->pref('join_pretext_to_pagelinks') && $this->pref('check_pretext_category_context');
if (!$check_context || ${$primary} == $pretext['c']) {
$uri_c = ${$primary};
} else {
if (!$check_context || ${$secondary} == $pretext['c']) {
$uri_c = ${$secondary};
} else {
if ($this->pref('debug') && in_array($production_status, array('debug', 'testing'))) {
$uri_c = '--INVALID_CATEGORY--';
} else {
unset($uri);
break 2;
}
}
}
break;
case 'section':
$check_context = $this->pref('join_pretext_to_pagelinks') && $this->pref('check_pretext_section_context');
if (!$check_context || $section == $pretext['s']) {
$uri_c = $section;
} else {
unset($uri);
break 2;
}
break;
case 'title':
$uri_c = $url_title;
break;
case 'id':
$uri_c = $thisid;
break;
case 'author':
$uri_c = safe_field('RealName', 'txp_users', "name like '{$authorid}'");
break;
case 'login':
$uri_c = $authorid;
break;
case 'date':
$uri_c = explode('/', date('Y/m/d', $posted));
break;
case 'year':
$uri_c = date('Y', $posted);
break;
case 'month':
$uri_c = date('m', $posted);
break;
case 'day':
$uri_c = date('d', $posted);
break;
case 'custom':
if ($uri_c = @$article_array[$prefs["custom_{$pl_c['custom']}_set"]]) {
} else {
if ($uri_c = @$article_array["custom_{$pl_c['custom']}"]) {
} else {
if ($this->pref('debug') && in_array($production_status, array('debug', 'testing'))) {
$uri_c = '--UNSET_CUSTOM_FIELD--';
} else {
unset($uri);
break 2;
}
}
}
break;
case 'text':
$uri_c = $pl_c['text'];
break;
case 'regex':
// Check to see if regex is valid without outputting error messages.
ob_start();
preg_match($pl_c['regex'], $pl_c['regex'], $regex_matches);
$is_valid_regex = !ob_get_clean();
if ($is_valid_regex) {
$key = "permlink_regex_{$pl_c['name']}";
$uri_c = array_key_exists($key, $pretext) ? $pretext[$key] : $regex_matches[0];
} else {
if ($this->pref('debug')) {
$uri_c = '--INVALID_REGEX--';
}
}
break;
}
if (empty($uri_c)) {
if ($this->pref('debug') && in_array($production_status, array('debug', 'testing'))) {
$uri_c = '--PERMLINK_FORMAT_ERROR--';
} else {
unset($uri);
break;
}
}
if (@$pl_c['prefix']) {
$uri .= $this->encode_url($pl_c['prefix']);
}
if (is_array($uri_c)) {
foreach ($uri_c as $uri_c2) {
$uri .= $this->encode_url($uri_c2) . '/';
}
$uri = rtrim($uri, '/');
} else {
$uri .= $this->encode_url($uri_c);
}
if (@$pl_c['suffix']) {
$uri .= $this->encode_url($pl_c['suffix']);
}
unset($uri_c);
}
if (isset($uri)) {
$uri .= '/';
}
}
if ($uri_empty = empty($uri)) {
// It is possible the uri is still empty if there is no match or if we're using
// strict matching if so try the default permlink mode.
$uri = $this->toggle_permlink_mode('permlinkurl', $article_array);
}
if ($this->pref('omit_trailing_slash')) {
$uri = rtrim($uri, '/');
}
if (!$uri_empty && in_array(txpath . '/publish/rss.php', get_included_files()) || in_array(txpath . '/publish/atom.php', get_included_files()) || txpinterface == 'admin') {
$host = rtrim(str_replace(rtrim(doStrip(@$pretext['subpath']), '/'), '', hu), '/');
$uri = $host . $uri;
}
return $this->pref('force_lowercase_urls') ? strtolower($uri) : $uri;
}
function edit_post()
{
extract(doSlash(psa(array('name', 'old_name', 'title', 'type'))));
$id = $this->psi('id');
$parent = $this->ps('parent');
if (!$parent) {
$parent = tree_root_id('txp_category', "type='" . doSlash($type) . "'");
}
$name = sanitizeForUrl($name);
// make sure the name is valid
if (!$name) {
$this->_error(gTxt($type . '_category_invalid', array('{name}' => $name)));
return;
}
// don't allow rename to clobber an existing category
if (safe_field('id', 'txp_category', "name = '{$name}' and type = '{$type}' and id != {$id}")) {
$this->_error(gTxt($type . '_category_already_exists', array('{name}' => $name)));
return;
}
safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}'", "id = {$id}");
tree_rebuild_full('txp_category', "type='{$type}'");
if ($type == 'article') {
safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'");
safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'");
} elseif ($type == 'link') {
safe_update('txp_link', "category = '{$name}'", "category = '{$old_name}'");
} elseif ($type == 'image') {
safe_update('txp_image', "category = '{$name}'", "category = '{$old_name}'");
} elseif ($type == 'file') {
safe_update('txp_file', "category = '{$name}'", "category = '{$old_name}'");
}
// show a success message and switch back to the list view
$this->_message(gTxt($type . '_category_updated', array('{name}' => doStrip($name))));
$this->_set_view('list');
}
function link_save()
{
global $txpcfg, $vars;
$varray = gpsa($vars);
extract(doSlash($varray));
if (!$linksort) {
$linksort = $linkname;
}
$id = assert_int($id);
$rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
if ($rs) {
link_edit(messenger('link', doStrip($linkname), 'saved'));
}
}
function image_save()
{
global $txp_user;
$varray = array_map('assert_string', gpsa(array('id', 'name', 'category', 'caption', 'alt')));
extract(doSlash($varray));
$id = $varray['id'] = assert_int($id);
$author = fetch('author', 'txp_image', 'id', $id);
if (!has_privs('image.edit') && !($author === $txp_user && has_privs('image.edit.own'))) {
image_list(gTxt('restricted_area'));
return;
}
$constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'image')));
callback_event_ref('image_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
if ($validator->validate() && safe_update("txp_image", "name = '{$name}',\n category = '{$category}',\n alt = '{$alt}',\n caption = '{$caption}'", "id = {$id}")) {
$message = gTxt('image_updated', array('{name}' => doStrip($name)));
update_lastmod();
} else {
$message = array(gTxt('image_save_failed'), E_ERROR);
}
image_list($message);
}
function link_save()
{
global $vars, $txp_user;
$varray = array_map('assert_string', gpsa($vars));
extract(doSlash($varray));
if ($id) {
$id = $varray['id'] = assert_int($id);
}
if ($linkname === '' && $url === '' && $description === '') {
link_list(array(gTxt('link_empty'), E_ERROR));
return;
}
$author = fetch('author', 'txp_link', 'id', $id);
if (!has_privs('link.edit') && !($author == $txp_user && has_privs('link.edit.own'))) {
link_list(gTxt('restricted_area'));
return;
}
if (!$linksort) {
$linksort = $linkname;
}
$constraints = array('category' => new CategoryConstraint($varray['category'], array('type' => 'link')));
callback_event_ref('link_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
if ($validator->validate()) {
if ($id) {
$ok = safe_update('txp_link', "category = '{$category}',\n\t\t\t\t\turl = '" . trim($url) . "',\n\t\t\t\t\tlinkname = '{$linkname}',\n\t\t\t\t\tlinksort = '{$linksort}',\n\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\tauthor = '" . doSlash($txp_user) . "'", "id = {$id}");
} else {
$ok = safe_insert('txp_link', "category = '{$category}',\n\t\t\t\t\tdate = now(),\n\t\t\t\t\turl = '" . trim($url) . "',\n\t\t\t\t\tlinkname = '{$linkname}',\n\t\t\t\t\tlinksort = '{$linksort}',\n\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\tauthor = '" . doSlash($txp_user) . "'");
if ($ok) {
$GLOBALS['ID'] = $_POST['id'] = $ok;
}
}
if ($ok) {
// update lastmod due to link feeds
update_lastmod();
$message = gTxt($id ? 'link_updated' : 'link_created', array('{name}' => doStrip($linkname)));
} else {
$message = array(gTxt('link_save_failed'), E_ERROR);
}
} else {
$message = array(gTxt('link_save_failed'), E_ERROR);
}
link_list($message);
}
function cat_event_category_save($event, $table_name)
{
global $txpcfg;
extract(doSlash(psa(array('id', 'name', 'old_name', 'parent', 'title'))));
$id = assert_int($id);
$name = sanitizeForUrl($name);
// make sure the name is valid
if (!$name) {
$message = array(gTxt($event . '_category_invalid', array('{name}' => $name)), E_ERROR);
return cat_category_list($message);
}
// don't allow rename to clobber an existing category
$existing_id = safe_field('id', 'txp_category', "name = '{$name}' and type = '{$event}'");
if ($existing_id and $existing_id != $id) {
$message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR);
return cat_category_list($message);
}
$parent = $parent ? $parent : 'root';
if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}'", "id = {$id}")) {
safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}'");
}
rebuild_tree_full($event);
if ($event == 'article') {
safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'");
safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'");
} else {
safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'");
}
$message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
cat_category_list($message);
}
/**
* Gets a HTTP post parameter.
*
* @param string $name The parameter name
* @return mixed
*/
public function getPost($name)
{
$out = '';
if (isset($_POST[$name])) {
$out = $_POST[$name];
if ($this->magicQuotesGpc) {
$out = doStrip($out);
}
}
return doArray($out, 'deNull');
}
function link_save()
{
global $txpcfg, $vars, $txp_user;
$varray = gpsa($vars);
extract(doSlash($varray));
$id = assert_int($id);
if ($linkname === '' && $url === '' && $description === '') {
link_edit();
return;
}
$author = fetch('author', 'txp_link', 'id', $id);
if (!has_privs('link.edit') && !($author == $txp_user && has_privs('link.edit.own'))) {
link_edit(gTxt('restricted_area'));
return;
}
if (!$linksort) {
$linksort = $linkname;
}
$rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}',\n\t\t\tauthor \t\t= '" . doSlash($txp_user) . "'", "id = {$id}");
if ($rs) {
update_lastmod();
$message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
link_edit($message);
}
}
function cs($thing)
{
if (isset($_COOKIE[$thing])) {
if (MAGIC_QUOTES_GPC) {
return doStrip($_COOKIE[$thing]);
} else {
return $_COOKIE[$thing];
}
}
return '';
}
function zem_event_cat_tab_save()
{
global $txpcfg;
extract(doSlash(psa(array('id', 'name', 'old_name', 'parent', 'title'))));
$id = assert_int($id);
$name = sanitizeForUrl($name);
// make sure the name is valid
if (!$name) {
$message = zem_event_gTxt('category_invalid', array('{name}' => $name));
return zem_event_cat_tab_list($message);
}
// don't allow rename to clobber an existing category
$existing_id = safe_field('id', 'txp_category', "type = 'event' and name = '{$name}'");
if ($existing_id and $existing_id != $id) {
$message = zem_event_gTxt('category_already_exists', array('{name}' => $name));
return zem_event_cat_tab_list($message);
}
$parent = $parent ? $parent : 'root';
if (safe_update('txp_category', "parent = '{$parent}', name = '{$name}', title = '{$title}'", "id = {$id}")) {
safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}'");
}
if (function_exists('rebuild_tree_full')) {
rebuild_tree_full('event');
} else {
rebuild_tree('root', 1, 'event');
}
$message = zem_event_gTxt('category_updated', array('{name}' => doStrip($name)));
zem_event_cat_tab_list($message);
}
