function nm_show_post($slug, $showexcerpt = false, $filter = true, $single = false) { global $nmoption, $nmdata; $file = NMPOSTPATH . $slug . '.xml'; if (dirname(realpath($file)) == realpath(NMPOSTPATH)) { // no path traversal $post = @getXML($file); } if (!empty($post) && ($post->private != 'Y' || $single && function_exists('is_logged_in') && is_logged_in())) { $url = nm_get_url('post') . $slug; $title = stripslashes($post->title); $date = nm_get_date(i18n_r('news_manager/DATE_FORMAT'), strtotime($post->date)); $content = strip_decode($post->content); $image = stripslashes($post->image); $tags = !empty($post->tags) ? explode(',', nm_lowercase_tags(strip_decode($post->tags))) : array(); # save post data? $nmdata = $single ? compact('slug', 'url', 'title', 'content', 'image', 'tags') : array(); if ($filter) { ob_start(); } echo ' <', $nmoption['markuppost'], ' class="', $nmoption['classpost'], '">', PHP_EOL; foreach ($nmoption['fields'] as $field) { switch ($field) { case 'title': echo ' <', $nmoption['markupposttitle'], ' class="', $nmoption['classposttitle'], '">'; if ($nmoption['titlelink']) { $class = $nmoption['classposttitlelink'] ? ' class="' . $nmoption['classposttitlelink'] . '"' : ''; echo '<a', $class, ' href="', $url, '">', $title, '</a>'; } else { echo $title; } echo '</', $nmoption['markupposttitle'], '>', PHP_EOL; break; case 'date': echo ' <', $nmoption['markuppostdate'], ' class="', $nmoption['classpostdate'], '">', i18n_r('news_manager/PUBLISHED'), ' ', $date, '</', $nmoption['markuppostdate'], '>', PHP_EOL; break; case 'content': echo ' <', $nmoption['markuppostcontent'], ' class="', $nmoption['classpostcontent'], '">'; if ($single) { echo $content; } else { $slice = ''; $class = ''; $readmore = $nmoption['readmore']; if ($readmore) { $class = $nmoption['classreadmorelink'] ? ' class="' . $nmoption['classreadmorelink'] . '"' : ''; } if ($nmoption['more']) { $morepos = strpos($content, '<hr'); if ($morepos !== false) { $slice = substr($content, 0, $morepos); if ($readmore) { $slice .= ' <p class="' . $nmoption['classreadmore'] . '"><a' . $class . ' href="' . $url . '">' . i18n_r('news_manager/READ_MORE') . '</a></p>' . PHP_EOL; } } } if ($slice) { echo $slice; } else { if ($showexcerpt) { if (!$readmore) { echo nm_create_excerpt($content); } elseif ($readmore === 'a') { echo nm_create_excerpt($content, $url, true); } else { echo nm_create_excerpt($content, $url); } } else { echo $content; if ($readmore === 'a') { echo ' <p class="', $nmoption['classreadmore'], '"><a', $class, ' href="', $url, '">', i18n_r('news_manager/READ_MORE'), '</a></p>', PHP_EOL; } } } } echo ' </', $nmoption['markuppostcontent'], '>', PHP_EOL; break; case 'tags': if ($tags) { echo ' <', $nmoption['markupposttags'], ' class="', $nmoption['classposttags'], '"><b>', i18n_r('news_manager/TAGS'), ':</b> '; $sep = ''; foreach ($tags as $tag) { if (substr($tag, 0, 1) != '_') { echo $sep, '<a href="', nm_get_url('tag') . rawurlencode($tag), '">', htmlspecialchars($tag), '</a>'; if ($sep == '') { $sep = $nmoption['tagseparator']; } } } echo '</', $nmoption['markupposttags'], '>', PHP_EOL; } break; case 'image': $imageurl = $nmoption['showimages'] ? nm_get_image_url($image) : false; if ($imageurl) { $str = ''; if (isset($nmoption['imageclass'])) { $str .= ' class="' . $nmoption['imageclass'] . '"'; } if ($nmoption['imagesizeattr'] && $nmoption['imagewidth'] && $nmoption['imageheight']) { $str .= ' width="' . $nmoption['imagewidth'] . '" height="' . $nmoption['imageheight'] . '"'; } $str .= $nmoption['imagealt'] ? ' alt="' . htmlspecialchars($title, ENT_COMPAT) . '"' : ' alt=""'; $str .= $nmoption['imagetitle'] ? ' title="' . htmlspecialchars($title, ENT_COMPAT) . '"' : ''; $str = '<img src="' . htmlspecialchars($imageurl) . '"' . $str . ' />'; if ($nmoption['imagelink']) { $str = '<a href="' . $url . '">' . $str . '</a>'; } echo ' <', $nmoption['markuppostimage'], ' class="', $nmoption['classpostimage'], '">', $str, '</', $nmoption['markuppostimage'], '>', PHP_EOL; } break; case 'author': if ($nmoption['showauthor']) { $author = nm_get_author_name_html(stripslashes($post->author)); if (empty($author) && $nmoption['defaultauthor']) { $author = $nmoption['defaultauthor']; } if (!empty($author)) { echo ' <', $nmoption['markuppostauthor'], ' class="', $nmoption['classpostauthor'], '">', i18n_r('news_manager/AUTHOR'), ' <', $nmoption['markuppostauthorname'], '>', $author, '</', $nmoption['markuppostauthorname'], '></', $nmoption['markuppostauthor'], '>', PHP_EOL; } } break; } } if (isset($nmoption['componentbottompost'])) { get_component($nmoption['componentbottompost']); echo PHP_EOL; } if ($single) { # show "go back" link? if ($nmoption['gobacklink']) { $goback = $nmoption['gobacklink'] === 'main' ? nm_get_url() : 'javascript:history.back()'; $class = $nmoption['classgobacklink'] ? ' class="' . $nmoption['classgobacklink'] . '"' : ''; echo ' <', $nmoption['markupgoback'], ' class="' . $nmoption['classgoback'] . '"><a', $class, ' href="' . $goback . '">'; i18n('news_manager/GO_BACK'); echo '</a></', $nmoption['markupgoback'], '>', PHP_EOL; } } echo ' </', $nmoption['markuppost'], '>', PHP_EOL; if (isset($nmoption['componentafterpost'])) { get_component($nmoption['componentafterpost']); echo PHP_EOL; } if ($filter) { echo nm_ob_get_content(true); } return true; } else { echo '<p>' . i18n_r('news_manager/NOT_EXIST') . '</p>', PHP_EOL; return false; } }
function nm_save_post() { # create a backup if necessary if (isset($_POST['current-slug'])) { $file = $_POST['current-slug'] . '.xml'; if (dirname(realpath(NMPOSTPATH . $file)) != realpath(NMPOSTPATH)) { die(''); } // path traversal @nm_rename_file(NMPOSTPATH . $file, NMBACKUPPATH . $file); } # empty titles are not allowed if (empty($_POST['post-title']) || trim($_POST['post-title']) == '') { $_POST['post-title'] = '[No Title]'; } # set initial slug and filename if (!empty($_POST['post-slug'])) { $slug = nm_create_slug($_POST['post-slug']); } else { $slug = nm_create_slug($_POST['post-title']); if ($slug == '') { $slug = 'post'; } } $file = NMPOSTPATH . $slug . '.xml'; # do not overwrite other posts if (file_exists($file)) { $count = 1; $file = NMPOSTPATH . $slug . '-' . $count . '.xml'; while (file_exists($file)) { $file = NMPOSTPATH . $slug . '-' . ++$count . '.xml'; } $slug = basename($file, '.xml'); } # create undo target if there's a backup available if (isset($_POST['current-slug'])) { $backup = $slug . ':' . $_POST['current-slug']; } # collect $_POST data $title = safe_slash_html($_POST['post-title']); $timestamp = strtotime($_POST['post-date'] . ' ' . $_POST['post-time']); $date = $timestamp ? date('r', $timestamp) : date('r'); $tags = nm_lowercase_tags(trim(preg_replace(array('/\\s+/', '/\\s*,\\s*/', '/,+/'), array(' ', ',', ','), safe_slash_html(trim($_POST['post-tags']))), ',')); $private = isset($_POST['post-private']) ? 'Y' : ''; $image = safe_slash_html($_POST['post-image']); $content = safe_slash_html($_POST['post-content']); if (defined('NMSAVEAUTHOR') && NMSAVEAUTHOR) { if (isset($_POST['author'])) { $author = safe_slash_html($_POST['author']); } else { global $USR; $author = $USR ? $USR : ''; } } # create xml object $xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>'); $obj = $xml->addChild('title'); $obj->addCData($title); $obj = $xml->addChild('date'); $obj->addCData($date); $obj = $xml->addChild('tags'); $obj->addCData($tags); $obj = $xml->addChild('private'); $obj->addCData($private); $obj = $xml->addChild('image'); $obj->addCData($image); $obj = $xml->addChild('content'); $obj->addCData($content); if (isset($author)) { $obj = $xml->addChild('author'); $obj->addCData($author); } # write data to file if (@XMLsave($xml, $file) && nm_update_cache()) { nm_generate_sitemap(); nm_display_message(i18n_r('news_manager/SUCCESS_SAVE'), false, @$backup); } else { nm_display_message(i18n_r('news_manager/ERROR_SAVE'), true); } }
function nm_update_sitemap_xml($xml) { if (!defined('NMNOSITEMAP') || !NMNOSITEMAP) { $posts = nm_get_posts(); $tags = array(); $excludetags = defined('NMSITEMAPEXCLUDETAGS') && (NMSITEMAPEXCLUDETAGS === true || NMSITEMAPEXCLUDETAGS === 1); foreach ($posts as $post) { $url = nm_get_url('post') . $post->slug; $file = NMPOSTPATH . $post->slug . '.xml'; $date = makeIso8601TimeStamp(date('Y-m-d H:i:s', strtotime($post->date))); $item = $xml->addChild('url'); $item->addChild('loc', $url); $item->addChild('lastmod', $date); $item->addChild('changefreq', 'monthly'); $item->addChild('priority', '0.5'); if (!$excludetags && !empty($post->tags)) { foreach (explode(',', nm_lowercase_tags(strip_decode($post->tags))) as $tag) { if (substr($tag, 0, 1) != '_') { if (!in_array($tag, $tags)) { $url = nm_get_url('tag') . rawurlencode($tag); $item = $xml->addChild('url'); $item->addChild('loc', $url); $item->addChild('lastmod', $date); $item->addChild('changefreq', 'monthly'); $item->addChild('priority', '0.5'); $tags[] = $tag; } } } } } } return $xml; }