function defensio_create_table() { global $database, $entry; $name = "defensio"; $plugin = "Defensio"; $version = "0.1 beta"; $table_name = $database['prefix'] . $name; $row = POD::queryRow("SHOW TABLES LIKE '{$table_name}'"); if (!$row) { $sql = "CREATE TABLE IF NOT EXISTS " . $table_name . " (\n\t\t\tblog_ID int(11) NOT NULL, \n\t\t\tcomment_ID int(11) NOT NULL, \n\t\t\tcomment_TYPE char(1) NOT NULL DEFAULT 'C', \n\t\t\tspaminess FLOAT NOT NULL, \n\t\t\tsignature VARCHAR(55) NOT NULL, \n\t\t\tPRIMARY KEY (blog_ID,comment_ID, comment_TYPE)\n\t\t);"; if (POD::execute($sql)) { $keyname = POD::escapeString(UTF8::lessenAsEncoding('Database_' . $name, 32)); $value = POD::escapeString(UTF8::lessenAsEncoding($plugin . '/' . $version, 255)); POD::execute("INSERT INTO {$database['prefix']}ServiceSettings SET name='{$keyname}', value ='{$value}'"); } } }
function sendTrackback($blogid, $entryId, $url) { global $defaultURL, $blog; requireModel('blog.entry'); requireModel('blog.keyword'); $entry = getEntry($blogid, $entryId); if (is_null($entry)) { return false; } $link = "{$defaultURL}/{$entryId}"; $title = htmlspecialchars($entry['title']); $entry['content'] = getEntryContentView($blogid, $entryId, $entry['content'], $entry['contentformatter'], getKeywordNames($blogid)); $excerpt = str_tag_on(UTF8::lessen(removeAllTags(stripHTML($entry['content'])), 255)); $blogTitle = $blog['title']; $isNeedConvert = strpos($url, '/rserver.php?') !== false || strpos($url, 'blog.naver.com/tb') !== false || strpos($url, 'news.naver.com/tb/') !== false || strpos($url, 'blog.empas.com') !== false || strpos($url, 'blog.yahoo.com') !== false || strpos($url, 'www.blogin.com/tb/') !== false || strpos($url, 'cytb.cyworld.nate.com') !== false || strpos($url, 'www.cine21.com/Movies/tb.php') !== false; if ($isNeedConvert) { $title = UTF8::convert($title, 'EUC-KR'); $excerpt = UTF8::convert($excerpt, 'EUC-KR'); $blogTitle = UTF8::convert($blogTitle, 'EUC-KR'); $content = "url=" . rawurlencode($link) . "&title=" . rawurlencode($title) . "&blog_name=" . rawurlencode($blogTitle) . "&excerpt=" . rawurlencode($excerpt); $request = new HTTPRequest('POST', $url); $request->contentType = 'application/x-www-form-urlencoded; charset=euc-kr'; $isSuccess = $request->send($content); } else { $content = "url=" . rawurlencode($link) . "&title=" . rawurlencode($title) . "&blog_name=" . rawurlencode($blogTitle) . "&excerpt=" . rawurlencode($excerpt); $request = new HTTPRequest('POST', $url); $request->contentType = 'application/x-www-form-urlencoded; charset=utf-8'; $isSuccess = $request->send($content); } if ($isSuccess && checkResponseXML($request->responseText) === 0) { // $url = POD::escapeString(UTF8::lessenAsEncoding($url, 255)); $trackbacklog = new TrackbackLog(); $trackbacklog->entry = $entryId; $trackbacklog->url = POD::escapeString(UTF8::lessenAsEncoding($url, 255)); $trackbacklog->add(); // POD::query("INSERT INTO {$database['prefix']}TrackbackLogs VALUES ($blogid, '', $entryId, '$url', UNIX_TIMESTAMP())"); return true; } return false; }
function getTagsWithEntryString($entryTag) { global $database; $tags = explode(',', $entryTag); $ret = array(); foreach ($tags as $tag) { $tag = UTF8::lessenAsEncoding($tag, 255, ''); $tag = str_replace('"', '"', $tag); $tag = str_replace(''', '\'', $tag); $tag = preg_replace('/ +/', ' ', $tag); $tag = preg_replace('/[\\x00-\\x1f]|[\\x7f]/', '', $tag); $tag = preg_replace('/^(-|\\s)+/', '', $tag); $tag = preg_replace('/(-|\\s)+$/', '', $tag); $tag = trim($tag); array_push($ret, $tag); } return $ret; }
function receiveNotifiedComment($post) { if (empty($post['mode']) || $post['mode'] != 'fb') { return 1; } global $database; CacheControl::flushCommentNotifyRSS(); $post = fireEvent('ReceiveNotifiedComment', $post); if ($post === false) { return 7; } $blogid = getBlogId(); $title = POD::escapeString(UTF8::lessenAsEncoding($post['s_home_title'], 255)); $name = POD::escapeString(UTF8::lessenAsEncoding($post['s_name'], 255)); $entryId = POD::escapeString($post['s_no']); $homepage = POD::escapeString(UTF8::lessenAsEncoding($post['url'], 255)); $entryurl = POD::escapeString($post['s_url']); $entrytitle = POD::escapeString($post['s_post_title']); $parent_id = $post['r1_no']; $parent_name = POD::escapeString(UTF8::lessenAsEncoding($post['r1_name'], 80)); $parent_parent = $post['r1_rno']; $parent_homepage = POD::escapeString(UTF8::lessenAsEncoding($post['r1_homepage'], 80)); $parent_written = $post['r1_regdate']; $parent_comment = POD::escapeString($post['r1_body']); $parent_url = POD::escapeString(UTF8::lessenAsEncoding($post['r1_url'], 255)); $child_id = $post['r2_no']; $child_name = POD::escapeString(UTF8::lessenAsEncoding($post['r2_name'], 80)); $child_parent = $post['r2_rno']; $child_homepage = POD::escapeString(UTF8::lessenAsEncoding($post['r2_homepage'], 80)); $child_written = $post['r2_regdate']; $child_comment = POD::escapeString($post['r2_body']); $child_url = POD::escapeString(UTF8::lessenAsEncoding($post['r2_url'], 255)); $siteid = POD::queryCell("SELECT id FROM {$database['prefix']}CommentsNotifiedSiteInfo WHERE url = '{$homepage}'"); if (empty($siteid)) { $insertId = getCommentsNotifiedSiteInfoMaxId() + 1; if (POD::execute("INSERT INTO {$database['prefix']}CommentsNotifiedSiteInfo\n\t\t\t( id, title, name, url, modified)\n\t\t\tVALUES ({$insertId}, '{$title}', '{$name}', '{$homepage}', UNIX_TIMESTAMP());")) { $siteid = $insertId; } else { return 2; } } $parentId = POD::queryCell("SELECT id\n\t\tFROM {$database['prefix']}CommentsNotified\n\t\tWHERE entry = {$entryId}\n\t\t\tAND siteid = {$siteid}\n\t\t\tAND blogid = {$blogid}\n\t\t\tAND remoteid = {$parent_id}"); if (empty($parentId)) { $insertId = getCommentsNotifiedMaxId() + 1; $sql = "INSERT INTO {$database['prefix']}CommentsNotified\n\t\t\t( blogid , replier , id , entry , parent , name , password , homepage , secret , comment , ip , written, modified , siteid , isnew , url , remoteid ,entrytitle , entryurl )\n\t\t\tVALUES (\n\t\t\t\t{$blogid}, NULL , {$insertId}, " . $entryId . ", " . (empty($parent_parent) ? 'null' : $parent_parent) . ", '" . $parent_name . "', '', '" . $parent_homepage . "', '', '" . $parent_comment . "', '', " . $parent_written . ",UNIX_TIMESTAMP(), " . $siteid . ", 1, '" . $parent_url . "'," . $parent_id . ", '" . $entrytitle . "', '" . $entryurl . "'\n)"; if (!POD::execute($sql)) { return 3; } $parentId = $insertId; } if (POD::queryCell("SELECT count(*) FROM {$database['prefix']}CommentsNotified WHERE siteid={$siteid} AND remoteid={$child_id}") > 0) { return 4; } $insertId = getCommentsNotifiedMaxId() + 1; $sql = "INSERT INTO {$database['prefix']}CommentsNotified\n\t\t( blogid , replier , id , entry , parent , name , password , homepage , secret , comment , ip , written, modified , siteid , isnew , url , remoteid ,entrytitle , entryurl )\n\t\tVALUES (\n\t\t\t{$blogid}, NULL , {$insertId}, " . $entryId . ", {$parentId}, '{$child_name}', '', '{$child_homepage}', '', '{$child_comment}', '', {$child_written}, UNIX_TIMESTAMP(), {$siteid}, 1, '{$child_url}', {$child_id}, '{$entrytitle}', '{$entryurl}')"; if (!POD::execute($sql)) { return 5; } $sql = "UPDATE {$database['prefix']}CommentsNotified SET modified = UNIX_TIMESTAMP() WHERE blogid = {$blogid} AND id = {$parentId}"; if (!POD::execute($sql)) { return 6; } return 0; }
function sendInvitationMail($blogid, $userid, $name, $comment, $senderName, $senderEmail) { global $database, $service, $hostURL, $serviceURL; if (empty($blogid)) { $blogid = POD::queryCell("SELECT max(blogid)\n\t\t\tFROM {$database['prefix']}BlogSettings"); // If no blogid, get the latest created blogid. } $email = getUserEmail($userid); $password = POD::queryCell("SELECT password\n\t\tFROM {$database['prefix']}Users\n\t\tWHERE userid = " . $userid); $authtoken = getAuthToken($userid); $blogName = getBlogName($blogid); if (empty($email)) { return 1; } if (!preg_match('/^[^@]+@([-a-zA-Z0-9]+\\.)+[-a-zA-Z0-9]+$/', $email)) { return 2; } if (empty($name)) { $name = User::getName($userid); } if (strcmp($email, UTF8::lessenAsEncoding($email, 64)) != 0) { return 11; } //$loginid = POD::escapeString(UTF8::lessenAsEncoding($email, 64)); $name = POD::escapeString(UTF8::lessenAsEncoding($name, 32)); //$headers = 'From: ' . encodeMail($senderName) . '<' . $senderEmail . ">\n" . 'X-Mailer: ' . TEXTCUBE_NAME . "\n" . "MIME-Version: 1.0\nContent-Type: text/html; charset=utf-8\n"; if (empty($name)) { $subject = _textf('귀하를 %1님이 초대합니다', $senderName); } else { $subject = _textf('%1님을 %2님이 초대합니다', $name, $senderName); } $message = file_get_contents(ROOT . "/resources/style/letter/letter.html"); $message = str_replace('[##_title_##]', _text('초대장'), $message); $message = str_replace('[##_content_##]', $comment, $message); $message = str_replace('[##_images_##]', $serviceURL . "/resources/style/letter", $message); $message = str_replace('[##_link_##]', getInvitationLink(getBlogURL($blogName), $email, $password, $authtoken), $message); $message = str_replace('[##_go_blog_##]', getBlogURL($blogName), $message); $message = str_replace('[##_link_title_##]', _text('블로그 바로가기'), $message); if (empty($name)) { $message = str_replace('[##_to_##]', '', $message); } else { $message = str_replace('[##_to_##]', _text('받는 사람') . ': ' . $name, $message); } $message = str_replace('[##_sender_##]', _text('보내는 사람') . ': ' . $senderName, $message); $ret = sendEmail($senderName, $senderEmail, $name, $email, $subject, $message); if ($ret !== true) { return array(14, $ret[1]); } return true; }
function updateEntriesOfCategory($blogid, $categoryId = -1) { global $database; if ($categoryId == -1) { $result = POD::queryAll("SELECT * FROM {$database['prefix']}Categories WHERE blogid = {$blogid} AND parent IS NULL"); } else { $parent = getParentCategoryId($blogid, $categoryId); if (empty($parent)) { // It is parent. $lookup = $categoryId; } else { $lookup = $parent; } $result = POD::queryAll("SELECT * FROM {$database['prefix']}Categories WHERE blogid = {$blogid} AND id = {$lookup}"); } foreach ($result as $row) { $parent = $row['id']; $parentName = UTF8::lessenAsEncoding($row['name'], 127); $row['name'] = POD::escapeString($parentName); $countParent = POD::queryCell("SELECT COUNT(id) FROM {$database['prefix']}Entries WHERE blogid = {$blogid} AND draft = 0 AND visibility > 0 AND category = {$parent}"); $countInLoginParent = POD::queryCell("SELECT COUNT(id) FROM {$database['prefix']}Entries WHERE blogid = {$blogid} AND draft = 0 AND category = {$parent}"); $result2 = POD::queryAll("SELECT * FROM {$database['prefix']}Categories WHERE blogid = {$blogid} AND parent = {$parent}"); foreach ($result2 as $rowChild) { $label = POD::escapeString(UTF8::lessenAsEncoding($parentName . '/' . $rowChild['name'], 255)); $rowChild['name'] = POD::escapeString(UTF8::lessenAsEncoding($rowChild['name'], 127)); $countChild = POD::queryCell("SELECT COUNT(id) FROM {$database['prefix']}Entries WHERE blogid = {$blogid} AND draft = 0 AND visibility > 0 AND category = {$rowChild['id']}"); $countInLogInChild = POD::queryCell("SELECT COUNT(id) FROM {$database['prefix']}Entries WHERE blogid = {$blogid} AND draft = 0 AND category = {$rowChild['id']}"); POD::query("UPDATE {$database['prefix']}Categories SET entries = {$countChild}, entriesinlogin = {$countInLogInChild}, label = '{$label}' WHERE blogid = {$blogid} AND id = {$rowChild['id']}"); $countParent += $countChild; $countInLoginParent += $countInLogInChild; } POD::query("UPDATE {$database['prefix']}Categories SET entries = {$countParent}, entriesinlogin = {$countInLoginParent}, label = '{$row['name']}' WHERE blogid = {$blogid} AND id = {$parent}"); } if ($categoryId >= 0) { CacheControl::flushCategory($categoryId); } clearCategoryCache(); return true; }
function updateLink($blogid, $link) { global $database; $id = $link['id']; $name = UTF8::lessenAsEncoding(trim($link['name']), 255); $url = UTF8::lessenAsEncoding(trim($link['url']), 255); if (empty($name) || empty($url)) { return false; } $category = isset($link['category']) ? $link['category'] : 0; $name = POD::escapeString($name); $url = POD::escapeString($url); if (isset($link['newCategory']) && !empty($link['newCategory'])) { // Add new category information $newCategoryTitle = UTF8::lessenAsEncoding(trim($link['newCategory']), 255); $newCategoryId = addLinkCategory($blogid, $newCategoryTitle); if (!empty($newCategoryId)) { $category = $newCategoryId; } } $rss = isset($link['rss']) ? POD::escapeString(UTF8::lessenAsEncoding(trim($link['rss']), 255)) : ''; $result = POD::execute("UPDATE {$database['prefix']}Links\n\t\t\t\tSET\n\t\t\t\t\tcategory = {$category},\n\t\t\t\t\tname = '{$name}',\n\t\t\t\t\turl = '{$url}',\n\t\t\t\t\trss = '{$rss}',\n\t\t\t\t\twritten = UNIX_TIMESTAMP()\n\t\t\t\tWHERE\n\t\t\t\t\tblogid = {$blogid} and id = {$link['id']}"); // Garbage correction $existCategories = POD::queryColumn("SELECT DISTINCT category FROM {$database['prefix']}Links\n\t\t\tWHERE blogid = {$blogid}"); @POD::execute("DELETE FROM {$database['prefix']}LinkCategories\n\t\t\tWHERE blogid = {$blogid} AND id NOT IN (" . implode(",", $existCategories) . ")"); return $result; }
function treatPluginTable($plugin, $name, $fields, $keys, $version) { global $database; if (doesExistTable($database['prefix'] . $name)) { $keyname = 'Database_' . $name; $value = $plugin; $result = getServiceSetting($keyname, null); if (is_null($result)) { $keyname = UTF8::lessenAsEncoding($keyname, 32); $value = UTF8::lessenAsEncoding($plugin . '/' . $version, 255); $query = DBModel::getInstance(); $query->reset('ServiceSettings'); $query->setAttribute('name', $keyname, true); $query->setAttribute('value', $value, true); $query->insert(); } else { $keyname = UTF8::lessenAsEncoding($keyname, 32); $value = UTF8::lessenAsEncoding($plugin . '/' . $version, 255); $values = explode('/', $result, 2); if (strcmp($plugin, $values[0]) != 0) { // diff plugin return false; // nothing can be done } else { if (strcmp($version, $values[1]) != 0) { $query = DBModel::getInstance(); $query->reset('ServiceSettings'); $query->setQualifier('name', 'equals', $keyname, true); $query->setAttribute('value', $value, true); $query->update(); $eventName = 'UpdateDB_' . $name; fireEvent($eventName, $values[1]); } } } return true; } else { $query = "CREATE TABLE {$database['prefix']}{$name} (blogid int(11) NOT NULL default 0,"; $isaiExists = false; $index = ''; foreach ($fields as $field) { $ai = ''; if (strtolower($field['attribute']) == 'int' || strtolower($field['attribute']) == 'mediumint') { if ($field['autoincrement'] == 1 && !$isaiExists) { $ai = ' AUTO_INCREMENT '; $isaiExists = true; if (!in_array($field['name'], $keys)) { $index = ", KEY({$field['name']})"; } } } $isNull = $field['isnull'] == 0 ? ' NOT NULL ' : ' NULL '; $defaultValue = is_null($field['default']) ? '' : " DEFAULT '" . POD::escapeString($field['default']) . "' "; $fieldLength = $field['length'] >= 0 ? "(" . $field['length'] . ")" : ''; $sentence = $field['name'] . " " . $field['attribute'] . $fieldLength . $isNull . $defaultValue . $ai . ","; $query .= $sentence; } array_unshift($keys, 'blogid'); $query .= " PRIMARY KEY (" . implode(',', $keys) . ")"; $query .= $index; $query .= ") TYPE=MyISAM "; $query .= POD::charset() == 'utf8' ? 'DEFAULT CHARSET=utf8' : ''; if (POD::execute($query)) { $keyname = POD::escapeString(UTF8::lessenAsEncoding('Database_' . $name, 32)); $value = POD::escapeString(UTF8::lessenAsEncoding($plugin . '/' . $version, 255)); POD::execute("INSERT INTO {$database['prefix']}ServiceSettings SET name='{$keyname}', value ='{$value}'"); return true; } else { return false; } } return true; }
function saveFeedItem($feedId, $item) { global $database; $item = fireEvent('SaveFeedItem', $item); $item['permalink'] = POD::escapeString(UTF8::lessenAsEncoding(UTF8::correct($item['permalink']))); $item['author'] = POD::escapeString(UTF8::lessenAsEncoding(UTF8::correct($item['author']))); $item['title'] = POD::escapeString(UTF8::lessenAsEncoding(UTF8::correct($item['title']))); $item['description'] = POD::escapeString(UTF8::lessenAsEncoding(UTF8::correct($item['description']), 65535)); $tagString = POD::escapeString(UTF8::lessenAsEncoding(UTF8::correct(implode(', ', $item['tags'])))); $enclosureString = POD::escapeString(UTF8::lessenAsEncoding(UTF8::correct(implode('|', $item['enclosures'])))); if ($item['written'] > gmmktime() + 86400) { return false; } $deadLine = 0; $feedlife = POD::queryCell("SELECT feedlife FROM {$database['prefix']}FeedSettings"); if ($feedlife > 0) { $deadLine = gmmktime() - $feedlife * 86400; } if ($id = POD::queryCell("SELECT id FROM {$database['prefix']}FeedItems WHERE permalink='{$item['permalink']}'") && $item['written'] != 0) { $result = POD::query("UPDATE {$database['prefix']}FeedItems SET author = '{$item['author']}', title = '{$item['title']}', description = '{$item['description']}', tags = '{$tagString}', enclosure = '{$enclosureString}', written = {$item['written']} WHERE id = {$id}"); /* TODO : 읽은글이 읽지않은 글로 표시되는 문제 원인이 찾아질때 까지 막아둠 if (POD::num_rows($result) > 0) POD::query("DELETE FROM {$database['prefix']}FeedReads WHERE item = $id"); */ } else { if ($id != null) { return false; } else { if ($item['written'] == 0) { $item['written'] = gmmktime(); } if ($item['written'] > $deadLine) { $id = POD::queryCell("SELECT max(id) FROM {$database['prefix']}FeedItems"); if (!$id) { $id = 0; } $id++; POD::query("INSERT INTO {$database['prefix']}FeedItems VALUES({$id}, {$feedId}, '{$item['author']}', '{$item['permalink']}', '{$item['title']}', '{$item['description']}', '{$tagString}', '{$enclosureString}', {$item['written']})"); } } } return true; }
function addAttachment($blogid, $parent, $file) { global $database; if (empty($file['name']) || $file['error'] != 0) { return false; } $filename = $file['name']; $pool = DBModel::getInstance(); $pool->reset('Attachments'); $pool->setQualifier('blogid', 'equals', $blogid); $pool->setQualifier('parent', 'equals', $parent); $pool->setQualifier('label', 'equals', $filename, true); if ($pool->getCell('count(*)') > 0) { return false; } $attachment = array(); $attachment['parent'] = $parent ? $parent : 0; $attachment['label'] = Path::getBaseName($file['name']); $attachment['size'] = $file['size']; $extension = Misc::getFileExtension($attachment['label']); switch (strtolower($extension)) { case 'exe': case 'php': case 'sh': case 'com': case 'bat': $extension = 'xxx'; break; } if (strlen($extension) > 6 || $extension == '') { $extension = 'xxx'; } $path = ROOT . "/attach/{$blogid}"; if (!is_dir($path)) { mkdir($path); if (!is_dir($path)) { return false; } @chmod($path, 0777); } do { $attachment['name'] = rand(1000000000, 9999999999) . ".{$extension}"; $attachment['path'] = "{$path}/{$attachment['name']}"; } while (file_exists($attachment['path'])); if ($imageAttributes = @getimagesize($file['tmp_name'])) { $attachment['mime'] = $imageAttributes['mime']; $attachment['width'] = $imageAttributes[0]; $attachment['height'] = $imageAttributes[1]; } else { $attachment['mime'] = Misc::getMIMEType($extension); $attachment['width'] = 0; $attachment['height'] = 0; } if (!move_uploaded_file($file['tmp_name'], $attachment['path'])) { return false; } @chmod($attachment['path'], 0666); $attachment['label'] = UTF8::lessenAsEncoding($attachment['label'], 64); $attachment['mime'] = UTF8::lessenAsEncoding($attachment['mime'], 32); $pool->reset('Attachments'); $pool->setAttribute('blogid', $blogid); $pool->setAttribute('parent', $attachment['parent']); $pool->setAttribute('name', $attachment['name'], true); $pool->setAttribute('label', $attachment['label'], true); $pool->setAttribute('mime', $attachment['mime'], true); $pool->setAttribute('size', $attachment['size'], true); $pool->setAttribute('width', $attachment['width']); $pool->setAttribute('height', $attachment['height']); $pool->setAttribute('attached', Timestamp::getUNIXtime()); $pool->setAttribute('downloads', 0); $pool->setAttribute('enclosure', 0); $result = $pool->insert(); if (!$result) { @unlink($attachment['path']); return false; } return $attachment; }
function api_update_attaches_with_replace($entryId) { global $database; $newFiles = POD::queryAll("SELECT name, label FROM {$database['prefix']}Attachments WHERE blogid=" . getBlogId() . " AND parent=0"); if ($newFiles) { foreach ($newFiles as $newfile) { $newfile['label'] = POD::escapeString(UTF8::lessenAsEncoding($newfile['label'], 64)); $oldFile = POD::queryCell("SELECT name FROM {$database['prefix']}Attachments WHERE blogid=" . getBlogId() . " AND parent={$entryId} AND label='{$newfile['label']}'"); if (!is_null($oldFile)) { deleteAttachment(getBlogId(), $entryId, $oldFile); } } } api_update_attaches($entryId); }