Пример #1
0
Файл: edit.php Проект: rair/yacs
        // the action
        if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'set_as_icon') {
            $action = 'image:set_as_icon';
        } elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'set_as_avatar') {
            $action = 'image:set_as_avatar';
        } elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'set_as_thumbnail') {
            $action = 'image:set_as_thumbnail';
        } elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'set_as_both') {
            $action = 'image:set_as_both';
        } else {
            $action = 'image:update';
        }
        // touch the related anchor
        $anchor->touch($action, $_REQUEST['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y');
        // clear cache
        Images::clear($_REQUEST);
        // forward to the view page
        Safe::redirect($context['url_to_home'] . $context['url_to_root'] . Images::get_url($_REQUEST['id']));
    }
    // display the form on GET
} else {
    $with_form = TRUE;
}
// display the form
if ($with_form) {
    // the form to edit an image
    $context['text'] .= '<form method="post" action="' . $context['script_url'] . '" id="main_form" enctype="multipart/form-data"><div>';
    $fields = array();
    // the section
    if ($anchor) {
        $context['text'] .= '<input type="hidden" name="anchor" value="' . $anchor->get_reference() . '" />';
Пример #2
0
 /**
  * post a new image or an updated image
  *
  * Accept following situations:
  * - id+image: update an existing entry in the database
  * - id+no image: only update the database
  * - no id+image: create a new entry in the database
  * - no id+no image: create a new entry in the database
  *
  * This function populates the error context, where applicable.
  *
  * @param array an array of fields
  * @return the id of the image, or FALSE on error
  **/
 public static function post(&$fields)
 {
     global $context;
     // no anchor reference
     if (!isset($fields['anchor']) || !$fields['anchor']) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // get the anchor
     if (!($anchor = Anchors::get($fields['anchor']))) {
         Logger::error(i18n::s('No anchor has been found.'));
         return FALSE;
     }
     // set default values
     if (!isset($fields['use_thumbnail']) || !Surfer::get_id()) {
         $fields['use_thumbnail'] = 'Y';
     }
     // only authenticated users can select to not moderate image sizes
     // set default values for this editor
     Surfer::check_default_editor($fields);
     // update the existing record
     if (isset($fields['id'])) {
         // id cannot be empty
         if (!isset($fields['id']) || !is_numeric($fields['id'])) {
             Logger::error(i18n::s('No item has the provided id.'));
             return FALSE;
         }
         $query = "UPDATE " . SQL::table_name('images') . " SET ";
         if (isset($fields['image_name']) && $fields['image_name'] != 'none') {
             $query .= "image_name='" . SQL::escape($fields['image_name']) . "'," . "thumbnail_name='" . SQL::escape($fields['thumbnail_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "',";
         }
         $query .= "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'" . " WHERE id = " . SQL::escape($fields['id']);
         // actual update
         if (SQL::query($query) === FALSE) {
             return FALSE;
         }
         // insert a new record
     } elseif (isset($fields['image_name']) && $fields['image_name'] && isset($fields['image_size']) && $fields['image_size']) {
         $query = "INSERT INTO " . SQL::table_name('images') . " SET ";
         $query .= "anchor='" . SQL::escape($fields['anchor']) . "'," . "image_name='" . SQL::escape($fields['image_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "thumbnail_name='" . SQL::escape(isset($fields['thumbnail_name']) ? $fields['thumbnail_name'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
         // actual update
         if (SQL::query($query) === FALSE) {
             return FALSE;
         }
         // remember the id of the new item
         $fields['id'] = SQL::get_last_id($context['connection']);
         // nothing done
     } else {
         Logger::error(i18n::s('No image has been added.'));
         return FALSE;
     }
     // clear the cache
     Images::clear($fields);
     // end of job
     return $fields['id'];
 }
Пример #3
0
// not found
if (!isset($item['id'])) {
    include '../error.php';
    // permission denied
} elseif (!$permitted) {
    Safe::header('Status: 401 Unauthorized', TRUE, 401);
    Logger::error(i18n::s('You are not allowed to perform this operation.'));
    // deletion is confirmed
} elseif (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 'yes') {
    // touch the related anchor before actual deletion, since the image has to be accessible at that time
    if (is_object($anchor)) {
        $anchor->touch('image:delete', $item['id']);
    }
    // if no error, back to the anchor or to the index page
    if (Images::delete($item['id'])) {
        Images::clear($item);
        if (isset($_REQUEST['strait'])) {
            $output['success'] = true;
            // provide a new field if required
            if (isset($_REQUEST['newfield'])) {
                $indice = $_REQUEST['newfield'] ? $_REQUEST['newfield'] : '';
                $output['replace'] = Skin::build_input_file('upload' . $indice);
            }
        } elseif (isset($_REQUEST['follow_up'])) {
            Safe::redirect($_REQUEST['follow_up']);
        } elseif (is_object($anchor)) {
            Safe::redirect($anchor->get_url());
        } else {
            Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'images/');
        }
    }