/** * * @param string $rowId * @param string[] $columnsToFill * @return boolean */ public function updateRowFromPost($rowId, $columnsToFill) { $siteBasePath = WOOOF::$instance->getConfigurationFor('siteBasePath'); $imagesRelativePath = WOOOF::$instance->getConfigurationFor('imagesRelativePath'); global $__isAdminPage; if (!is_array($columnsToFill)) { WOOOF::$instance->log(WOOOF_loggingLevels::WOOOF_ERROR, self::_ECP . "0110 " . 'Update from post failed as no array with columns to update was provided!'); return FALSE; } $query1 = 'update ' . $this->tableName . ' set'; $query = ''; $error = ''; $columnsToFill = array_values($columnsToFill); $pleaseNoComma = false; for ($q = 0; $q < count($columnsToFill); $q++) { $succ = TRUE; if (!isset($_POST[$columnsToFill[$q]]) && !isset($_POST[$columnsToFill[$q] . '4']) && !isset($_POST[$columnsToFill[$q] . '1']) && !isset($_FILES[$columnsToFill[$q]])) { WOOOF::$instance->debug("Warning in updateRowFromPost: Column to fill [{$columnsToFill[$q]}] does not appear in POST or FILES."); continue; } // antonis $skipColumn = array(); if ($columnsToFill[$q] != 'id' && isset($this->columns[$columnsToFill[$q]])) { if (isset($skipColumn[$columnsToFill[$q]]) && $skipColumn[$columnsToFill[$q]] == TRUE) { continue; } if ($query != '') { if ($pleaseNoComma) { $pleaseNoComma = false; } else { $query .= ','; } } $metaData = $this->columns[$columnsToFill[$q]]->getColumnMetaData(); $trimmedOrderingColumn = trim(str_replace('desc', '', $this->getOrderingColumnForListings())); $trimmedOrderingColumn = trim(str_replace('asc', '', $trimmedOrderingColumn)); if ($trimmedOrderingColumn == $columnsToFill[$q] && (isset($_POST[$columnsToFill[$q]]) && (trim($_POST[$columnsToFill[$q]]) == '0' || trim($_POST[$columnsToFill[$q]]) == '')) && $metaData['type'] == WOOOF_dataBaseColumnTypes::int) { $oR = $this->dataBase->query('select max(' . $trimmedOrderingColumn . ') as maxOrd from ' . $this->tableName); if ($oR !== FALSE && $this->dataBase->getNumRows($oR) > 0) { $o = $this->dataBase->fetchAssoc($oR); $_POST[$columnsToFill[$q]] = $o['maxOrd'] + 10; } else { WOOOF::$instance->log(WOOOF_loggingLevels::WOOOF_ERROR, 'No maximum ' . $trimmedOrderingColumn . ' was returned from database uppon insert of new row.'); } } if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::file) { $externalFileId = $this->handleFileUpload($columnsToFill[$q]); if ($externalFileId === FALSE) { //die('File Upload Failure!'); WOOOf::$instance->log(WOOOF_loggingLevels::WOOOF_NOTICE, self::_ECP . "0120 " . 'No file uploaded or file upload error for \'' . $columnsToFill[$q] . '\'.'); $pleaseNoComma = true; } else { $query .= ' ' . $columnsToFill[$q] . '=\'' . $externalFileId . '\''; } } elseif ($metaData['presentationType'] == WOOOF_columnPresentationTypes::picture && isset($_FILES[$columnsToFill[$q]])) { if (trim($metaData['presentationParameters']) != '') { $outputPath = $siteBasePath . $metaData['presentationParameters']; } else { $outputPath = $siteBasePath . $imagesRelativePath; } $fromFile = $outputPath . WOOOF::randomString(10) . '_' . $_FILES[$columnsToFill[$q]]['name']; $mvResult = move_uploaded_file($_FILES[$columnsToFill[$q]]['tmp_name'], $fromFile); if ($mvResult) { if ($metaData['resizeWidth'] != '') { $choppedFile = ''; $filePieces = explode('.', $_FILES[$columnsToFill[$q]]['name']); for ($b = 0; $b < count($filePieces) - 1; $b++) { $choppedFile .= $filePieces[$b] . '.'; } $choppedFile .= 'jpg'; $targetFilename = $this->tableId . '_' . $metaData['columnId'] . '_' . $rowId . '_' . $choppedFile; WOOOF::resizePicture($fromFile, $outputPath . $targetFilename, $metaData['resizeWidth'], $metaData['resizeHeight']); $query .= ' ' . $columnsToFill[$q] . '=\'' . WOOOF::$instance->cleanUserInput($targetFilename) . '\''; if ($metaData['thumbnailWidth'] != '') { WOOOF::resizePicture($fromFile, $outputPath . 'thumb_' . $targetFilename, $metaData['thumbnailWidth'], $metaData['thumbnailHeight']); if ($metaData['thumbnailColumn'] != '') { $this->dataBase->query('update ' . $this->tableName . ' set ' . $metaData['thumbnailColumn'] . '=\'' . 'thumb_' . $targetFilename . '\' where id=\'' . $rowId . '\''); } } if ($metaData['midSizeWidth'] != '') { WOOOF::resizePicture($fromFile, $outputPath . 'mid_' . $targetFilename, $metaData['midSizeWidth'], $metaData['midSizeHeight']); if ($metaData['thumbnailColumn'] != '') { $this->dataBase->query('update ' . $this->tableName . ' set ' . $metaData['midSizeColumn'] . '=\'' . 'mid_' . $targetFilename . '\' where id=\'' . $rowId . '\''); } } unlink($fromFile); } else { //echo basename(WOOOF::$instance->cleanUserInput($fromFile)); $query .= ' ' . $columnsToFill[$q] . '=\'' . basename(WOOOF::$instance->cleanUserInput($fromFile)) . '\''; //exit; } } else { WOOOf::$instance->log(WOOOF_loggingLevels::WOOOF_ERROR, self::_ECP . "0130 " . 'File upload error for \'' . $columnsToFill[$q] . '\': File was uploaded but move failed to the designated directory.'); $query .= ' ' . $columnsToFill[$q] . '=' . $columnsToFill[$q]; } } elseif ($metaData['presentationType'] == WOOOF_columnPresentationTypes::htmlText) { if (!$__isAdminPage) { require_once 'HTMLPurifier.standalone.php'; $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); if (!is_object($purifier)) { WOOOf::$instance->log(WOOOF_loggingLevels::WOOOF_ERROR, self::_ECP . "0140 " . 'Html purification for \'' . $columnsToFill[$q] . '\' failed. Object was not initialized. Posted information was not entered in the database for security reasons.'); return FALSE; } else { $query .= ' ' . $columnsToFill[$q] . '=\'' . $this->dataBase->escape($purifier->purify($_POST[$columnsToFill[$q]])) . '\''; } } else { $query .= ' ' . $columnsToFill[$q] . '=\'' . $this->dataBase->escape($_POST[$columnsToFill[$q]]) . '\''; } } elseif ($metaData['presentationType'] == WOOOF_columnPresentationTypes::date || $metaData['presentationType'] == WOOOF_columnPresentationTypes::time || $metaData['presentationType'] == WOOOF_columnPresentationTypes::dateAndTime) { if ($metaData['isReadOnly'] || $metaData['isReadOnlyAfterFirstUpdate']) { $pleaseNoComma = true; continue; } $tempDate = WOOOF::buildDateTimeFromAdminPost($columnsToFill[$q], $metaData['presentationType']); if ($this->columns[$columnsToFill[$q]]->checkValue($tempDate) === FALSE) { return FALSE; } $query .= ' ' . $columnsToFill[$q] . '=\'' . WOOOF::$instance->cleanUserInput($tempDate) . '\''; } else { if ($this->columns[$columnsToFill[$q]]->checkValue($_POST[$columnsToFill[$q]]) === FALSE) { return FALSE; } $query .= ' ' . $columnsToFill[$q] . '=\'' . WOOOF::$instance->cleanUserInput($_POST[$columnsToFill[$q]]) . '\''; // $succ = $this->columns[$columnsToFill[$q]]->checkValue($_POST[$columnsToFill[$q]]); if (trim($metaData['orderingMirror']) != '') { $query .= ', ' . $metaData['orderingMirror'] . ' = \'' . WOOOF::customOrderTranslation(WOOOF::$instance->cleanUserInput($_POST[$columnsToFill[$q]])) . '\''; $skipColumn[$metaData['orderingMirror']] = TRUE; } } } } if ($succ === FALSE) { return FALSE; } if (trim($query) == '') { WOOOf::$instance->log(WOOOF_loggingLevels::WOOOF_ERROR, self::_ECP . "0150 " . 'No columns to update.'); return FALSE; } $query = $query1 . $query . ' where id=\'' . WOOOF::$instance->cleanUserInput($rowId) . '\''; //echo $query; $result = $this->dataBase->query($query); return $result === FALSE ? FALSE : TRUE; }