function nm_show_post($slug, $showexcerpt = false, $filter = true, $single = false)
{
global $nmoption, $nmdata;
$file = NMPOSTPATH . $slug . '.xml';
if (dirname(realpath($file)) == realpath(NMPOSTPATH)) {
// no path traversal
$post = @getXML($file);
}
if (!empty($post) && ($post->private != 'Y' || $single && function_exists('is_logged_in') && is_logged_in())) {
$url = nm_get_url('post') . $slug;
$title = stripslashes($post->title);
$date = nm_get_date(i18n_r('news_manager/DATE_FORMAT'), strtotime($post->date));
$content = strip_decode($post->content);
$image = stripslashes($post->image);
$tags = !empty($post->tags) ? explode(',', nm_lowercase_tags(strip_decode($post->tags))) : array();
# save post data?
$nmdata = $single ? compact('slug', 'url', 'title', 'content', 'image', 'tags') : array();
if ($filter) {
ob_start();
}
echo ' <', $nmoption['markuppost'], ' class="', $nmoption['classpost'], '">', PHP_EOL;
foreach ($nmoption['fields'] as $field) {
switch ($field) {
case 'title':
echo ' <', $nmoption['markupposttitle'], ' class="', $nmoption['classposttitle'], '">';
if ($nmoption['titlelink']) {
$class = $nmoption['classposttitlelink'] ? ' class="' . $nmoption['classposttitlelink'] . '"' : '';
echo '<a', $class, ' href="', $url, '">', $title, '</a>';
} else {
echo $title;
}
echo '</', $nmoption['markupposttitle'], '>', PHP_EOL;
break;
case 'date':
echo ' <', $nmoption['markuppostdate'], ' class="', $nmoption['classpostdate'], '">', i18n_r('news_manager/PUBLISHED'), ' ', $date, '</', $nmoption['markuppostdate'], '>', PHP_EOL;
break;
case 'content':
echo ' <', $nmoption['markuppostcontent'], ' class="', $nmoption['classpostcontent'], '">';
if ($single) {
echo $content;
} else {
$slice = '';
$class = '';
$readmore = $nmoption['readmore'];
if ($readmore) {
$class = $nmoption['classreadmorelink'] ? ' class="' . $nmoption['classreadmorelink'] . '"' : '';
}
if ($nmoption['more']) {
$morepos = strpos($content, '<hr');
if ($morepos !== false) {
$slice = substr($content, 0, $morepos);
if ($readmore) {
$slice .= ' <p class="' . $nmoption['classreadmore'] . '"><a' . $class . ' href="' . $url . '">' . i18n_r('news_manager/READ_MORE') . '</a></p>' . PHP_EOL;
}
}
}
if ($slice) {
echo $slice;
} else {
if ($showexcerpt) {
if (!$readmore) {
echo nm_create_excerpt($content);
} elseif ($readmore === 'a') {
echo nm_create_excerpt($content, $url, true);
} else {
echo nm_create_excerpt($content, $url);
}
} else {
echo $content;
if ($readmore === 'a') {
echo ' <p class="', $nmoption['classreadmore'], '"><a', $class, ' href="', $url, '">', i18n_r('news_manager/READ_MORE'), '</a></p>', PHP_EOL;
}
}
}
}
echo ' </', $nmoption['markuppostcontent'], '>', PHP_EOL;
break;
case 'tags':
if ($tags) {
echo ' <', $nmoption['markupposttags'], ' class="', $nmoption['classposttags'], '"><b>', i18n_r('news_manager/TAGS'), ':</b> ';
$sep = '';
foreach ($tags as $tag) {
if (substr($tag, 0, 1) != '_') {
echo $sep, '<a href="', nm_get_url('tag') . rawurlencode($tag), '">', htmlspecialchars($tag), '</a>';
if ($sep == '') {
$sep = $nmoption['tagseparator'];
}
}
}
echo '</', $nmoption['markupposttags'], '>', PHP_EOL;
}
break;
case 'image':
$imageurl = $nmoption['showimages'] ? nm_get_image_url($image) : false;
if ($imageurl) {
$str = '';
if (isset($nmoption['imageclass'])) {
$str .= ' class="' . $nmoption['imageclass'] . '"';
}
if ($nmoption['imagesizeattr'] && $nmoption['imagewidth'] && $nmoption['imageheight']) {
$str .= ' width="' . $nmoption['imagewidth'] . '" height="' . $nmoption['imageheight'] . '"';
}
$str .= $nmoption['imagealt'] ? ' alt="' . htmlspecialchars($title, ENT_COMPAT) . '"' : ' alt=""';
$str .= $nmoption['imagetitle'] ? ' title="' . htmlspecialchars($title, ENT_COMPAT) . '"' : '';
$str = '<img src="' . htmlspecialchars($imageurl) . '"' . $str . ' />';
if ($nmoption['imagelink']) {
$str = '<a href="' . $url . '">' . $str . '</a>';
}
echo ' <', $nmoption['markuppostimage'], ' class="', $nmoption['classpostimage'], '">', $str, '</', $nmoption['markuppostimage'], '>', PHP_EOL;
}
break;
case 'author':
if ($nmoption['showauthor']) {
$author = nm_get_author_name_html(stripslashes($post->author));
if (empty($author) && $nmoption['defaultauthor']) {
$author = $nmoption['defaultauthor'];
}
if (!empty($author)) {
echo ' <', $nmoption['markuppostauthor'], ' class="', $nmoption['classpostauthor'], '">', i18n_r('news_manager/AUTHOR'), ' <', $nmoption['markuppostauthorname'], '>', $author, '</', $nmoption['markuppostauthorname'], '></', $nmoption['markuppostauthor'], '>', PHP_EOL;
}
}
break;
}
}
if (isset($nmoption['componentbottompost'])) {
get_component($nmoption['componentbottompost']);
echo PHP_EOL;
}
if ($single) {
# show "go back" link?
if ($nmoption['gobacklink']) {
$goback = $nmoption['gobacklink'] === 'main' ? nm_get_url() : 'javascript:history.back()';
$class = $nmoption['classgobacklink'] ? ' class="' . $nmoption['classgobacklink'] . '"' : '';
echo ' <', $nmoption['markupgoback'], ' class="' . $nmoption['classgoback'] . '"><a', $class, ' href="' . $goback . '">';
i18n('news_manager/GO_BACK');
echo '</a></', $nmoption['markupgoback'], '>', PHP_EOL;
}
}
echo ' </', $nmoption['markuppost'], '>', PHP_EOL;
if (isset($nmoption['componentafterpost'])) {
get_component($nmoption['componentafterpost']);
echo PHP_EOL;
}
if ($filter) {
echo nm_ob_get_content(true);
}
return true;
} else {
echo '<p>' . i18n_r('news_manager/NOT_EXIST') . '</p>', PHP_EOL;
return false;
}
}
function nm_save_post()
{
# create a backup if necessary
if (isset($_POST['current-slug'])) {
$file = $_POST['current-slug'] . '.xml';
if (dirname(realpath(NMPOSTPATH . $file)) != realpath(NMPOSTPATH)) {
die('');
}
// path traversal
@nm_rename_file(NMPOSTPATH . $file, NMBACKUPPATH . $file);
}
# empty titles are not allowed
if (empty($_POST['post-title']) || trim($_POST['post-title']) == '') {
$_POST['post-title'] = '[No Title]';
}
# set initial slug and filename
if (!empty($_POST['post-slug'])) {
$slug = nm_create_slug($_POST['post-slug']);
} else {
$slug = nm_create_slug($_POST['post-title']);
if ($slug == '') {
$slug = 'post';
}
}
$file = NMPOSTPATH . $slug . '.xml';
# do not overwrite other posts
if (file_exists($file)) {
$count = 1;
$file = NMPOSTPATH . $slug . '-' . $count . '.xml';
while (file_exists($file)) {
$file = NMPOSTPATH . $slug . '-' . ++$count . '.xml';
}
$slug = basename($file, '.xml');
}
# create undo target if there's a backup available
if (isset($_POST['current-slug'])) {
$backup = $slug . ':' . $_POST['current-slug'];
}
# collect $_POST data
$title = safe_slash_html($_POST['post-title']);
$timestamp = strtotime($_POST['post-date'] . ' ' . $_POST['post-time']);
$date = $timestamp ? date('r', $timestamp) : date('r');
$tags = nm_lowercase_tags(trim(preg_replace(array('/\\s+/', '/\\s*,\\s*/', '/,+/'), array(' ', ',', ','), safe_slash_html(trim($_POST['post-tags']))), ','));
$private = isset($_POST['post-private']) ? 'Y' : '';
$image = safe_slash_html($_POST['post-image']);
$content = safe_slash_html($_POST['post-content']);
if (defined('NMSAVEAUTHOR') && NMSAVEAUTHOR) {
if (isset($_POST['author'])) {
$author = safe_slash_html($_POST['author']);
} else {
global $USR;
$author = $USR ? $USR : '';
}
}
# create xml object
$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');
$obj = $xml->addChild('title');
$obj->addCData($title);
$obj = $xml->addChild('date');
$obj->addCData($date);
$obj = $xml->addChild('tags');
$obj->addCData($tags);
$obj = $xml->addChild('private');
$obj->addCData($private);
$obj = $xml->addChild('image');
$obj->addCData($image);
$obj = $xml->addChild('content');
$obj->addCData($content);
if (isset($author)) {
$obj = $xml->addChild('author');
$obj->addCData($author);
}
# write data to file
if (@XMLsave($xml, $file) && nm_update_cache()) {
nm_generate_sitemap();
nm_display_message(i18n_r('news_manager/SUCCESS_SAVE'), false, @$backup);
} else {
nm_display_message(i18n_r('news_manager/ERROR_SAVE'), true);
}
}
function nm_update_sitemap_xml($xml)
{
if (!defined('NMNOSITEMAP') || !NMNOSITEMAP) {
$posts = nm_get_posts();
$tags = array();
$excludetags = defined('NMSITEMAPEXCLUDETAGS') && (NMSITEMAPEXCLUDETAGS === true || NMSITEMAPEXCLUDETAGS === 1);
foreach ($posts as $post) {
$url = nm_get_url('post') . $post->slug;
$file = NMPOSTPATH . $post->slug . '.xml';
$date = makeIso8601TimeStamp(date('Y-m-d H:i:s', strtotime($post->date)));
$item = $xml->addChild('url');
$item->addChild('loc', $url);
$item->addChild('lastmod', $date);
$item->addChild('changefreq', 'monthly');
$item->addChild('priority', '0.5');
if (!$excludetags && !empty($post->tags)) {
foreach (explode(',', nm_lowercase_tags(strip_decode($post->tags))) as $tag) {
if (substr($tag, 0, 1) != '_') {
if (!in_array($tag, $tags)) {
$url = nm_get_url('tag') . rawurlencode($tag);
$item = $xml->addChild('url');
$item->addChild('loc', $url);
$item->addChild('lastmod', $date);
$item->addChild('changefreq', 'monthly');
$item->addChild('priority', '0.5');
$tags[] = $tag;
}
}
}
}
}
}
return $xml;
}
