/** * Runs checks and stores a page. * * @param string $action What kind of action this is: add or edit. * @param mixed $id Page to edit if any. */ private function _store($action, $id = false) { // Sanity checks if ($action == 'edit' && !$id) { throw new Exception('Trying to edit page when $id is false.'); } use_helper('Validate'); $data = $_POST['page']; $data['is_protected'] = !empty($data['is_protected']) ? 1 : 0; Flash::set('post_data', (object) $data); $pagesetting = array(); //For homepage info & about page info okstmtcc if ($id == 1 || $id == 4) { $upload = $_POST['upload']; $pagesetting = $_POST['pagesetting']; //Flash::set('post_settingdata', (object) $pagesetting); } // Add pre-save checks here $errors = false; $error_fields = false; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; $csrf_id = ''; if ($action === 'edit') { $csrf_id = '/' . $id; } if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action . $csrf_id)) { $errors[] = __('Invalid CSRF token found!'); } } else { $errors[] = __('No CSRF token found!'); } $data['title'] = trim($data['title']); if (empty($data['title'])) { $error_fields[] = __('Page Title'); } /** homepage setting check okstmtcc **/ if ($id == 1) { /** homepage page title **/ if (empty($pagesetting['homepage_discover_title'])) { $error_fields[] = __('Homepage Title'); } if (empty($pagesetting['homepage_discover_teaser'])) { $error_fields[] = __('Homepage Teaser'); } /** highlight 1 **/ // if (empty($pagesetting['highlight_title'])){ // $error_fields[] = __('Highlight 1´s Title'); // } // if (empty($pagesetting['highlight_text1'])){ // $error_fields[] = __('Highlight 1´s Text 1'); // } // if (empty($pagesetting['highlight_url'])){ // $error_fields[] = __('Highlight 1´s Read More URL'); // } // $pagesetting_ori = PageSetting::init(); // if (isset($_FILES)) { // if(empty($_FILES['upload_highlight_image']['name'])){ // $pagesetting['highlight_image'] = $pagesetting_ori->highlight_image; // } else { // $pagesetting['highlight_image'] = $_FILES['upload_highlight_image']['name']; // } // } else { // $pagesetting['highlight_image'] = $pagesetting_ori->highlight_image; // } // if (empty($pagesetting['highlight_image'])){ // $error_fields[] = __('Highlight 1´s Image'); // } // /** highlight 2 **/ // if (empty($pagesetting['highlight2_title'])){ // $error_fields[] = __('Highlight 2´s Title'); // } // if (empty($pagesetting['highlight2_text1'])){ // $error_fields[] = __('Highlight 2´s Text 1'); // } // if (empty($pagesetting['highlight2_url'])){ // $error_fields[] = __('Highlight 2´s Read More URL'); // } // if (isset($_FILES)) { // if(empty($_FILES['upload_highlight2_image']['name'])){ // $pagesetting['highlight2_image'] = $pagesetting_ori->highlight2_image; // } else { // $pagesetting['highlight2_image'] = $_FILES['upload_highlight2_image']['name']; // } // } else { // $pagesetting['highlight2_image'] = $pagesetting_ori->highlight2_image; // } // if (empty($pagesetting['highlight2_image'])){ // $error_fields[] = __('Highlight 2´s Image'); // } // if (isset($_FILES)) { // if(empty($_FILES['upload_newdev_image']['name'])){ // $pagesetting['newdev_image'] = $pagesetting_ori->newdev_image; // } else { // $pagesetting['newdev_image'] = $_FILES['upload_newdev_image']['name']; // } // } else { // $pagesetting['newdev_image'] = $pagesetting_ori->newdev_image; // } // if (empty($pagesetting['newdev_image'])){ // $error_fields[] = __('New Development Image'); // } } /** homepage setting check okstmtcc **/ $data['slug'] = !empty($data['slug']) ? trim($data['slug']) : ''; if (empty($data['slug']) && $id != '1') { $error_fields[] = __('Slug'); } else { if ($data['slug'] == ADMIN_DIR) { $errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR)); } if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug')); } } // Check all numerical fields for a page $fields = array('parent_id', 'layout_id', 'needs_login'); foreach ($fields as $field) { if (!Validate::digit($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } // Check all date fields for a page $fields = array('created_on', 'published_on', 'valid_until'); foreach ($fields as $field) { if (isset($data[$field])) { $data[$field] = trim($data[$field]); if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } } // Check all time fields for a page $fields = array('created_on_time', 'published_on_time', 'valid_until_time'); foreach ($fields as $field) { if (isset($data[$field])) { $data[$field] = trim($data[$field]); if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } } // Check alphanumerical fields $fields = array('keywords', 'description'); foreach ($fields as $field) { use_helper('Kses'); $data[$field] = kses(trim($data[$field]), array()); /* if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } * */ } // Check behaviour_id field if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id')); } // Make sure the title doesn't contain HTML if (Setting::get('allow_html_title') == 'off') { use_helper('Kses'); $data['title'] = kses(trim($data['title']), array()); } // Create the page object to be manipulated and populate data if ($action == 'add') { $page = new Page($data); } else { $page = Record::findByIdFrom('Page', $id); $page->setFromData($data); } // Upon errors, rebuild original page and return to screen with errors if (false !== $errors || $error_fields !== false) { $tags = $_POST['page_tag']; // Rebuild time fields if (isset($page->created_on) && isset($page->created_on_time)) { $page->created_on = $page->created_on . ' ' . $page->created_on_time; } if (isset($page->published_on) && isset($page->published_on_time)) { $page->published_on = $page->published_on . ' ' . $page->published_on_time; } if (isset($page->valid_until)) { $page->valid_until = $page->valid_until . ' ' . $page->valid_until_time; } // Rebuild parts $part = ''; if (!empty($_POST['part'])) { $part = $_POST['part']; $tmp = false; foreach ($part as $key => $val) { $tmp[$key] = (object) $val; } $part = $tmp; } // Set the errors to be displayed. $err_msg = $errors != false ? implode('<br/>', $errors) : ''; $err_msg .= $error_fields != false ? '<br />Please specify these fields: ' . implode(', ', $error_fields) : ''; Flash::setNow('error', $err_msg); //$settingdata = 'aaa'; // display things ... $this->setLayout('backend'); $pagesettingobj = new stdClass(); foreach ($pagesetting as $name => $value) { $pagesettingobj->{$name} = $value; } $this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'pagesetting' => $pagesettingobj, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => $part, 'layouts' => Record::findAllFrom('Layout'))); } // Notify if ($action == 'add') { Observer::notify('page_add_before_save', $page); } else { Observer::notify('page_edit_before_save', $page); } // Time to actually save the page // @todo rebuild this so parts are already set before save? // @todo determine lazy init impact $page->newwindow = !empty($data['newwindow']) ? '1' : '0'; if ($page->save()) { // Get data for parts of this page $data_parts = $_POST['part']; Flash::set('post_parts_data', (object) $data_parts); if ($action == 'edit') { $old_parts = PagePart::findByPageId($id); // check if all old page part are passed in POST // if not ... we need to delete it! foreach ($old_parts as $old_part) { $not_in = true; foreach ($data_parts as $part_id => $data) { $data['name'] = trim($data['name']); if ($old_part->name == $data['name']) { $not_in = false; // this will not really create a new page part because // the id of the part is passed in $data $part = new PagePart($data); $part->page_id = $id; Observer::notify('part_edit_before_save', $part); $part->save(); Observer::notify('part_edit_after_save', $part); unset($data_parts[$part_id]); break; } } if ($not_in) { $old_part->delete(); } } } // add the new parts foreach ($data_parts as $data) { $data['name'] = trim($data['name']); $part = new PagePart($data); $part->page_id = $page->id; Observer::notify('part_add_before_save', $part); $part->save(); Observer::notify('part_add_after_save', $part); } // save tags $page->saveTags($_POST['page_tag']['tags']); // save homepage banner info okstmtcc if ($id == 1) { // upload home banner image 1, 2 if (isset($_FILES) && !empty($_FILES['upload_banner_image1']['name'])) { //okstmtcc 20150827 Replace image filename spaces $_FILES['upload_banner_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image1']['name']); $file = $this->upload_file($_FILES['upload_banner_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image1']['tmp_name'], $overwrite); if ($file === false) { Flash::set('error', __('Home banner could not be uploaded!')); redirect(get_url('page/edit/1')); } else { $pagesetting['banner_image1'] = $file; } } if (isset($_FILES) && !empty($_FILES['upload_banner_image2']['name'])) { //okstmtcc 20150827 Replace image filename spaces $_FILES['upload_banner_image2']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image2']['name']); $file = $this->upload_file($_FILES['upload_banner_image2']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image2']['tmp_name'], $overwrite); if ($file === false) { Flash::set('error', __('Home banner could not be uploaded!')); redirect(get_url('page/edit/1')); } else { $pagesetting['banner_image2'] = $file; } } PageSetting::saveFromData($pagesetting); } // save homepage banner info okstmtcc // save about banner info okstmtcc if ($id == 4) { // upload about page image 1 if (isset($_FILES) && !empty($_FILES['upload_about_image1']['name'])) { //okstmtcc 20150827 Replace image filename spaces $_FILES['upload_about_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_about_image1']['name']); $file = $this->upload_file($_FILES['upload_about_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_about_image1']['tmp_name'], $overwrite); if ($file === false) { Flash::set('error', __('Home banner could not be uploaded!')); redirect(get_url('page/edit/1')); } else { $pagesetting['about_image1'] = $file; } } PageSetting::saveFromData($pagesetting); } // save about banner info okstmtcc Flash::set('success', __('Page has been saved.')); } else { Flash::set('error', __('Page has not been saved!')); $url = 'page/'; $url .= $action == 'edit' ? 'edit/' . $id : 'add/'; redirect(get_url($url)); } if ($action == 'add') { Observer::notify('page_add_after_save', $page); } else { Observer::notify('page_edit_after_save', $page); } // save and quit or save and continue editing ? if (isset($_POST['commit'])) { redirect(get_url('page')); } else { redirect(get_url('page/edit/' . $page->id)); } }
/** * Runs checks and stores a page. * * @param string $action What kind of action this is: add or edit. * @param mixed $id Page to edit if any. */ private function _store($action, $id = false) { // Sanity checks if ($action == 'edit' && !$id) { throw new Exception('Trying to edit page when $id is false.'); } use_helper('Validate'); $data = $_POST['page']; $data['is_protected'] = !empty($data['is_protected']) ? 1 : 0; Flash::set('post_data', (object) $data); // Add pre-save checks here $errors = false; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action)) { $errors[] = __('Invalid CSRF token found!'); } } else { $errors[] = __('No CSRF token found!'); } $data['title'] = trim($data['title']); if (empty($data['title'])) { $errors[] = __('You have to specify a title!'); } $data['slug'] = trim($data['slug']); if (empty($data['slug']) && $id != '1') { $errors[] = __('You have to specify a slug!'); } else { if ($data['slug'] == ADMIN_DIR) { $errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR)); } if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug')); } } // Check all numerical fields for a page $fields = array('parent_id', 'layout_id', 'needs_login'); foreach ($fields as $field) { if (!Validate::digit($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } // Check all date fields for a page $fields = array('created_on', 'published_on', 'valid_until'); foreach ($fields as $field) { if (isset($data[$field])) { $data[$field] = trim($data[$field]); if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } } // Check all time fields for a page $fields = array('created_on_time', 'published_on_time', 'valid_until_time'); foreach ($fields as $field) { if (isset($data[$field])) { $data[$field] = trim($data[$field]); if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } } } // Check alphanumerical fields $fields = array('keywords', 'description'); foreach ($fields as $field) { use_helper('Kses'); $data[$field] = kses(trim($data[$field]), array()); /* if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field)); } * */ } // Check behaviour_id field if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) { $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id')); } // Make sure the title doesn't contain HTML if (Setting::get('allow_html_title') == 'off') { use_helper('Kses'); $data['title'] = kses(trim($data['title']), array()); } // Create the page object to be manipulated and populate data if ($action == 'add') { $page = new Page($data); } else { $page = Record::findByIdFrom('Page', $id); $page->setFromData($data); } // Upon errors, rebuild original page and return to screen with errors if (false !== $errors) { $tags = $_POST['page_tag']; // Rebuild time fields if (isset($page->created_on)) { $page->created_on = $page->created_on . ' ' . $page->created_on_time; } if (isset($page->published_on)) { $page->published_on = $page->published_on . ' ' . $page->published_on_time; } if (isset($page->valid_until)) { $page->valid_until = $page->valid_until . ' ' . $page->valid_until_time; } // Rebuild parts $part = $_POST['part']; if (!empty($part)) { $tmp = false; foreach ($part as $key => $val) { $tmp[$key] = (object) $val; } $part = $tmp; } // Set the errors to be displayed. Flash::setNow('error', implode('<br/>', $errors)); // display things ... $this->setLayout('backend'); $this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => (object) $part, 'layouts' => Record::findAllFrom('Layout'))); } // Notify if ($action == 'add') { Observer::notify('page_add_before_save', $page); } else { Observer::notify('page_edit_before_save', $page); } // Time to actually save the page // @todo rebuild this so parts are already set before save? // @todo determine lazy init impact if ($page->save()) { // Get data for parts of this page $data_parts = $_POST['part']; Flash::set('post_parts_data', (object) $data_parts); if ($action == 'edit') { $old_parts = PagePart::findByPageId($id); // check if all old page part are passed in POST // if not ... we need to delete it! foreach ($old_parts as $old_part) { $not_in = true; foreach ($data_parts as $part_id => $data) { $data['name'] = trim($data['name']); if ($old_part->name == $data['name']) { $not_in = false; // this will not really create a new page part because // the id of the part is passed in $data $part = new PagePart($data); $part->page_id = $id; Observer::notify('part_edit_before_save', $part); $part->save(); Observer::notify('part_edit_after_save', $part); unset($data_parts[$part_id]); break; } } if ($not_in) { $old_part->delete(); } } } // add the new parts foreach ($data_parts as $data) { $data['name'] = trim($data['name']); $part = new PagePart($data); $part->page_id = $page->id; Observer::notify('part_add_before_save', $part); $part->save(); Observer::notify('part_add_after_save', $part); } // save tags $page->saveTags($_POST['page_tag']['tags']); Flash::set('success', __('Page has been saved!')); } else { Flash::set('error', __('Page has not been saved!')); $url = 'page/'; $url .= $action == 'edit' ? 'edit/' . $id : 'add/'; redirect(get_url($url)); } if ($action == 'add') { Observer::notify('page_add_after_save', $page); } else { Observer::notify('page_edit_after_save', $page); } // save and quit or save and continue editing ? if (isset($_POST['commit'])) { redirect(get_url('page')); } else { redirect(get_url('page/edit/' . $page->id)); } }
public function edit($id = null) { if (is_null($id)) { redirect(get_url('page')); } $page = Page::findById($id); if (!$page) { Flash::set('error', __('Page not found!')); redirect(get_url('page')); } // check for protected page and editor user if (!AuthUser::hasPermission('administrator') && !AuthUser::hasPermission('developer') && $page->is_protected) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url('page')); } // check if trying to save if (get_request_method() == 'POST') { return $this->_edit($id); } // find all page_part of this pages $page_parts = PagePart::findByPageId($id); if (empty($page_parts)) { $page_parts = array(new PagePart()); } $tag_array = array(); foreach ($page->tags() as $tag) { $tag_array[] = $tag->name(); } // display things ... $this->setLayout('backend'); $this->display('page/edit', array('action' => 'edit', 'page' => $page, 'tags' => $tag_array, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => $page_parts, 'layouts' => Layout::find(array('order' => 'position')))); }