示例#1
0
    $topiclimit = DB_getItem($_TABLES['topics'], 'limitnews', "tid = '{$topic}'");
    if ($topiclimit >= $_CONF['minnews']) {
        $maxstories = $topiclimit;
    }
}
if ($maxstories == 0) {
    $maxstories = $_CONF['limitnews'];
}
$limit = $maxstories;
if ($limit < 1) {
    $limit = 1;
}
// Geeklog now allows for articles to be published in the future.  Because of
// this, we need to check to see if we need to rebuild the RDF file in the case
// that any such articles have now been published
COM_rdfUpToDateCheck();
// For similar reasons, we need to see if there are currently two featured
// articles.  Can only have one but you can have one current featured article
// and one for the future...this check will set the latest one as featured
// solely
COM_featuredCheck();
// Scan for any stories that have expired and should be archived or deleted
$asql = "SELECT sid,tid,title,expire,statuscode FROM {$_TABLES['stories']} ";
$asql .= 'WHERE (expire <= NOW()) AND (statuscode = ' . STORY_DELETE_ON_EXPIRE;
if (empty($archivetid)) {
    $asql .= ')';
} else {
    $asql .= ' OR statuscode = ' . STORY_ARCHIVE_ON_EXPIRE . ") AND tid != '{$archivetid}'";
}
$expiresql = DB_query($asql);
while (list($sid, $expiretopic, $title, $expire, $statuscode) = DB_fetchArray($expiresql)) {
示例#2
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
        return PLG_RET_AUTH_FAILED;
    }
    require_once $_CONF['path_system'] . 'lib-comment.php';
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    // Store the first CATEGORY as the Topic ID
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    // - START: Set all the defaults -
    /*
        if (empty($args['tid'])) {
            // see if we have a default topic
            $topic = DB_getItem($_TABLES['topics'], 'tid',
                                'is_default = 1' . COM_getPermSQL('AND'));
            if (!empty($topic)) {
                $args['tid'] = $topic;
            } else {
                // otherwise, just use the first one
                $o = array();
                $s = array();
                if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                    $args['tid'] = $o[0];
                } else {
                    $svc_msg['error_desc'] = 'No topics available';
                    return PLG_RET_ERROR;
                }
            }
        } */
    /* This is a solution for above but the above has issues
        if (!TOPIC_checkTopicSelectionControl()) {
            $svc_msg['error_desc'] = 'No topics selected or available';
            return PLG_RET_ERROR;
        }
       */
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    // - END: Set all the defaults -
    // TEST CODE
    /* foreach ($args as $k => $v) {
           if (!is_array($v)) {
               echo "$k => $v\r\n";
           } else {
               echo "$k => $v\r\n";
               foreach ($v as $k1 => $v1) {
                   echo "        $k1 => $v1\r\n";
               }
           }
       }*/
    // exit ();
    // END TEST CODE
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
            } else {
                $args['sid'] = COM_makeSid();
            }
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original story to check if it has been modified
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    // This function is also doing the security checks
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    // Check if topics selected if not prompt required field
    if ($result == STORY_LOADED_OK) {
        if (!TOPIC_checkTopicSelectionControl()) {
            $result = STORY_EMPTY_REQUIRED_FIELDS;
        }
    }
    switch ($result) {
        case STORY_DUPLICATE_SID:
            $output .= COM_errorLog($LANG24[24], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
            return PLG_RET_ERROR;
            break;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_EMPTY_REQUIRED_FIELDS:
            $output .= COM_errorLog($LANG24[31], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output);
            return PLG_RET_ERROR;
            break;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new Upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            if (!empty($_CONF['image_lib'])) {
                if ($_CONF['image_lib'] == 'imagemagick') {
                    // Using imagemagick
                    $upload->setMogrifyPath($_CONF['path_to_mogrify']);
                } elseif ($_CONF['image_lib'] == 'netpbm') {
                    // using netPBM
                    $upload->setNetPBM($_CONF['path_to_netpbm']);
                } elseif ($_CONF['image_lib'] == 'gdlib') {
                    // using the GD library
                    $upload->setGDLib();
                }
                $upload->setAutomaticResize(true);
                if ($_CONF['keep_unscaled_image'] == 1) {
                    $upload->keepOriginalImage(true);
                } else {
                    $upload->keepOriginalImage(false);
                }
                if (isset($_CONF['jpeg_quality'])) {
                    $upload->setJpegQuality($_CONF['jpeg_quality']);
                }
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $end_index = $index_start + $upload->numFiles() - 1;
            for ($z = $index_start; $z <= $end_index; $z++) {
                $curfile = current($_FILES);
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $z . '.' . $fextension;
                }
                next($_FILES);
            }
            $upload->setFileNames($filenames);
            reset($_FILES);
            $upload->uploadFiles();
            if ($upload->areErrors()) {
                $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $retval;
                exit;
            }
            reset($filenames);
            for ($z = $index_start; $z <= $end_index; $z++) {
                DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
                next($filenames);
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkAttachedImages();
            if (count($errors) > 0) {
                $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
                $output .= $LANG24[55] . LB . '<ul>' . LB;
                foreach ($errors as $err) {
                    $output .= '<li>' . $err . '</li>' . LB;
                }
                $output .= '</ul>' . LB;
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                $output .= storyeditor($sid);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s)
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_rdfUpToDateCheck('comment');
        STORY_updateLastArticlePublished();
        CMT_updateCommentcodes();
        if ($story->type == 'submission') {
            $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}
示例#3
0
/**
* Delete a topic
*
* @param    string  $tid    Topic ID
* @return   string          HTML redirect
*
*/
function deleteTopic($tid)
{
    global $_CONF, $_TABLES, $_USER;
    $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
    $A = DB_fetchArray($result);
    $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    if ($access < 3) {
        COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
        return COM_refresh($_CONF['site_admin_url'] . '/topic.php');
    }
    // don't delete topic blocks - assign them to 'all' and disable them
    DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'");
    // same with feeds
    DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
    // delete comments, trackbacks, images associated with stories in this topic
    $result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'");
    $numStories = DB_numRows($result);
    for ($i = 0; $i < $numStories; $i++) {
        $A = DB_fetchArray($result);
        STORY_deleteImages($A['sid']);
        DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
        DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
    }
    // delete these
    DB_delete($_TABLES['stories'], 'tid', $tid);
    DB_delete($_TABLES['storysubmission'], 'tid', $tid);
    DB_delete($_TABLES['topics'], 'tid', $tid);
    // update feed(s) and Older Stories block
    COM_rdfUpToDateCheck('article');
    COM_olderStuff();
    return COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
示例#4
0
文件: migrate.php 项目: ivywe/forum
            if ($dpm == 1) {
                PLG_deleteSubmission('story', $sid);
            }
        } else {
            $sql = "SELECT sid,date,uid,title,introtext,bodytext,hits " . "FROM {$_TABLES['stories']} WHERE sid='{$sid}'";
            $result = DB_query($sql);
            list($sid, $storydate, $uid, $subject, $introtext, $bodytext, $hits) = DB_fetchArray($result);
            $num_posts = migratetopic($selforum, $sid, $storydate, $uid, $subject, $introtext, $bodytext, $hits) + $num_posts;
            $num_stories++;
            if ($dpm == 1) {
                STORY_doDeleteThisStoryNow($sid);
            }
        }
    }
    gf_resyncforum($selforum);
    COM_rdfUpToDateCheck('forum');
    // forum rss feeds update
    echo COM_refresh($_CONF['site_admin_url'] . "/plugins/forum/migrate.php?num_stories=" . $num_stories . "&num_posts=" . $num_posts);
    exit;
}
function migratetopic($forum, $sid, $storydate, $uid, $subject, $introtext, $bodytext, $hits)
{
    global $_TABLES;
    $comment = $introtext . $bodytext;
    $comment = prepareStringForDB($comment);
    $subject = prepareStringForDB($subject);
    $postmode = "HTML";
    $name = DB_getItem($_TABLES['users'], 'username', "uid={$uid}");
    $email = DB_getItem($_TABLES['users'], 'email', "uid={$uid}");
    $website = DB_getItem($_TABLES['users'], 'homepage', "uid={$uid}");
    $datetime = explode(" ", $storydate);
示例#5
0
/**
* Saves link to the database
*
* @param    string  $lid            ID for link
* @param    string  $old_lid        old ID for link
* @param    string  $cid            cid of category link belongs to
* @param    string  $categorydd     Category links belong to
* @param    string  $url            URL of link to save
* @param    string  $description    Description of link
* @param    string  $title          Title of link
* @param    int     $hits           Number of hits for link
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group link belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_members   Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @return   string                  HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
    $title = DB_escapeString(strip_tags(COM_checkWords($title)));
    $cid = DB_escapeString($cid);
    if (empty($owner_id)) {
        // this is new link from admin, set default values
        $owner_id = $_USER['uid'];
        if (isset($_GROUPS['Links Admin'])) {
            $group_id = $_GROUPS['Links Admin'];
        } else {
            $group_id = SEC_getFeatureGroup('links.edit');
        }
        $perm_owner = 3;
        $perm_group = 2;
        $perm_members = 2;
        $perm_anon = 2;
    }
    $lid = COM_sanitizeID($lid);
    $old_lid = COM_sanitizeID($old_lid);
    if (empty($lid)) {
        if (empty($old_lid)) {
            $lid = COM_makeSid();
        } else {
            $lid = $old_lid;
        }
    }
    // check for link id change
    if (!empty($old_lid) && $lid != $old_lid) {
        // check if new lid is already in use
        if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
            // TBD: abort, display editor with all content intact again
            $lid = $old_lid;
            // for now ...
        }
    }
    $access = 0;
    $old_lid = DB_escapeString($old_lid);
    if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
        COM_output($display);
        exit;
    } elseif (!empty($title) && !empty($description) && !empty($url)) {
        if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
            $cid = DB_escapeString($categorydd);
        } else {
            if ($categorydd != $LANG_LINKS_ADMIN[7]) {
                echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
            }
        }
        DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
        DB_delete($_TABLES['links'], 'lid', $old_lid);
        DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        if (empty($old_lid) || $old_lid == $lid) {
            PLG_itemSaved($lid, 'links');
        } else {
            PLG_itemSaved($lid, 'links', $old_lid);
        }
        // Get category for rdf check
        $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
        COM_rdfUpToDateCheck('links', $category, $lid);
        return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
    } else {
        // missing fields
        $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
        if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
            $retval .= editlink('edit', $old_lid);
        } else {
            $retval .= editlink('edit', '');
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
        return $retval;
    }
}
示例#6
0
/**
* Moderates a single item
*
* This will actually perform moderation (approve or delete) one or more items
*
* @param    string  $action     Action to perform ('delete' or 'approve')
* @param    string  $type       Type of item ('user', 'draftstory', 'story', etc.)
* @param    string  $id         ID of item to approve or delete
* @return   string              HTML for "command and control" page
*
*/
function MODERATE_item($action = '', $type = '', $id = '')
{
    global $_CONF, $_TABLES;
    $retval = '';
    if (empty($action)) {
        // null action
        $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null action.");
        return $retval;
    }
    if (empty($type)) {
        // null item type
        $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate a null item type.");
        return $retval;
    }
    if (empty($id)) {
        // null item type
        $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null id.");
        return $retval;
    }
    list($key, $table, $fields, $submissiontable) = PLG_getModerationValues($type);
    switch ($action) {
        case 'delete':
            switch ($type) {
                case 'user':
                    // user
                    if ($id > 1) {
                        USER_deleteAccount($id);
                    }
                    break;
                case 'story':
                    // story (needs to move to a plugin)
                    DB_delete($submissiontable, "{$key}", $id);
                    break;
                case 'draftstory':
                    // draft story
                    STORY_deleteStory($id);
                    break;
                default:
                    // plugin
                    $retval .= PLG_deleteSubmission($type, $id);
                    DB_delete($submissiontable, "{$key}", $id);
                    break;
            }
            break;
        case 'approve':
            switch ($type) {
                case 'story':
                    // story (needs to move to a plugin)
                    $result = DB_query("SELECT * FROM {$submissiontable} WHERE {$key} = '{$id}'");
                    $A = DB_fetchArray($result);
                    $A['related'] = DB_escapeString(implode("\n", STORY_extractLinks($A['introtext'])));
                    $A['owner_id'] = $A['uid'];
                    $A['title'] = DB_escapeString($A['title']);
                    $A['introtext'] = DB_escapeString($A['introtext']);
                    $A['bodytext'] = DB_escapeString($A['bodytext']);
                    $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'");
                    $T = DB_fetchArray($result);
                    if ($T['archive_flag'] == 1) {
                        $frontpage = 0;
                    } else {
                        if (isset($_CONF['frontpage'])) {
                            $frontpage = $_CONF['frontpage'];
                        } else {
                            $frontpage = 1;
                        }
                    }
                    DB_save($table, 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}");
                    DB_delete($submissiontable, "{$key}", $id);
                    PLG_itemSaved($A['sid'], 'article');
                    COM_rdfUpToDateCheck();
                    COM_olderStuff();
                    break;
                case 'draftstory':
                    // draft story
                    DB_query("UPDATE {$table} SET draft_flag = 0 WHERE {$key} = '{$id}'");
                    COM_rdfUpToDateCheck();
                    COM_olderStuff();
                    break;
                case 'user':
                    // user
                    $result = DB_query("SELECT {$fields} FROM {$table} WHERE {$key} = '{$id}'");
                    $nrows = DB_numRows($result);
                    if ($nrows == 1) {
                        $A = DB_fetchArray($result);
                        if ($_CONF['registration_type'] == 1) {
                            $sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_VERIFICATION . " WHERE {$key} = '{$A['uid']}'";
                        } else {
                            $sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_ACTIVATION . " WHERE {$key} = '{$A['uid']}'";
                        }
                        DB_query($sql);
                        USER_createAndSendPassword($A['username'], $A['email'], $A['uid']);
                    }
                    break;
                default:
                    // plugin
                    DB_copy($table, $fields, $fields, $submissiontable, $key, $id);
                    $retval .= PLG_approveSubmission($type, $id);
                    break;
            }
            break;
    }
    // switch ($action)
    return $retval;
}
示例#7
0
$result = DB_query($sql);
$A = DB_fetchArray($result);
if (DB_getItem($_TABLES['vars'], 'value', "name='last_article_publish'") != $A['date']) {
    //Set new latest article published
    DB_query("UPDATE {$_TABLES['vars']} SET value='{$A['date']}' WHERE name='last_article_publish'");
    // We need to see if there are currently two featured articles (because of future article).
    // Can only have one but you can have one current featured article
    // and one for the future...this check will set the latest one as featured
    // solely
    COM_featuredCheck();
    // Geeklog now allows for articles to be published in the future.  Because of
    // this, we need to check to see if we need to rebuild the RDF file in the case
    // that any such articles have now been published. Need to do this for comments
    // as well since article can have comments
    COM_rdfUpToDateCheck('article');
    COM_rdfUpToDateCheck('comment');
}
// +---------------------------------------------------------------------------+
// | HTML WIDGETS                                                              |
// +---------------------------------------------------------------------------+
/**
* Return the file to use for a block template.
*
* This returns the template needed to build the HTML for a block.  This function
* allows designers to give a block it's own custom look and feel.  If no
* templates for the block are specified, the default blockheader.html and
* blockfooter.html will be used.
*
* @param        string      $blockname      corresponds to name field in block table
* @param        string      $which          can be either 'header' or 'footer' for corresponding template
* @param        string      $position       can be 'left', 'right' or blank. If set, will be used to find a side specific override template.
示例#8
0
/**
 * Moves comment from submission table to comments table
 *
 * @param   int   cid  comment id
 * @copyright Jared Wenerd 2008
 * @author Jared Wenerd, wenerd87 AT gmail DOT com
 * @param  string $cid comment id
 * @return string of story id
 */
function CMT_approveModeration($cid)
{
    global $_CONF, $_TABLES;
    $result = DB_query("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress FROM {$_TABLES['commentsubmissions']} WHERE cid = '{$cid}'");
    $A = DB_fetchArray($result);
    if ($A['pid'] > 0) {
        // get indent+1 of parent
        $indent = DB_getItem($_TABLES['comments'], 'indent+1', "cid = '{$A['pid']}'");
        if (empty($indent)) {
            $indent = 0;
        }
    } else {
        $indent = 0;
    }
    $A['title'] = DB_escapeString($A['title']);
    $A['comment'] = DB_escapeString($A['comment']);
    if (isset($A['name'])) {
        // insert data
        $A['name'] = DB_escapeString($A['name']);
        DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['name']}','{$A['pid']}','{$A['ipaddress']}',{$indent}");
    } else {
        // insert data, null automatically goes into name column
        DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['pid']}','{$A['ipaddress']}',{$indent}");
    }
    $newcid = DB_insertId('', 'comments_cid_seq');
    DB_delete($_TABLES['commentsubmissions'], 'cid', $cid);
    DB_change($_TABLES['commentnotifications'], 'cid', $newcid, 'mid', $cid);
    // notify of new published comment
    if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 0) {
        // $sql = "SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = $pid"; // Used in Geeklog 2.0.0 and before. Notification sent only if someone directly replies to the comment (not a reply of a reply)
        $sql = "SELECT cn.cid, cn.uid, cn.deletehash " . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " . "{$_TABLES['commentnotifications']} AS cn " . "WHERE c2.cid = cn.cid AND (c.lft >= c2.lft AND c.lft <= c2.rht) " . "AND c.cid = {$A['pid']} GROUP BY cn.uid";
        $result = DB_query($sql);
        $B = DB_fetchArray($result);
        if ($B !== false) {
            CMT_sendReplyNotification($B);
        }
    }
    // Update Comment Feeds
    COM_rdfUpToDateCheck('comment');
    // Delete What's New block cache so it can get updated again
    if ($_CONF['whatsnew_cache_time'] > 0 and !$_CONF['hidenewcomments']) {
        $cacheInstance = 'whatsnew__';
        // remove all whatsnew instances
        CACHE_remove_instance($cacheInstance);
    }
    return $A['sid'];
}
示例#9
0
/**
* Saves an event to the database
*
* (parameters should be obvious - old list was incomplete anyway)
* @return   string                  HTML redirect or error message
*
*/
function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode)
{
    global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $access = 0;
    if (DB_count($_TABLES['events'], 'eid', $eid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
        return $retval;
    }
    if ($hour_mode == 24) {
        // to avoid having to mess with the tried and tested code below, map
        // the 24-hour values onto their 12-hour counterparts and use those
        if ($start_hour >= 12) {
            $start_ampm = 'pm';
            $start_hour = $start_hour - 12;
        } else {
            $start_ampm = 'am';
            $start_hour = $start_hour;
        }
        if ($start_hour == 0) {
            $start_hour = 12;
        }
        if ($end_hour >= 12) {
            $end_ampm = 'pm';
            $end_hour = $end_hour - 12;
        } else {
            $end_ampm = 'am';
            $end_hour = $end_hour;
        }
        if ($end_hour == 0) {
            $end_hour = 12;
        }
    }
    if ($allday == 'on') {
        $allday = 1;
    } else {
        $allday = 0;
    }
    // Make sure start date is before end date
    if (checkdate($start_month, $start_day, $start_year)) {
        $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
        $timestart = $start_hour . ':' . $start_minute . ':00';
    } else {
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
        return $retval;
    }
    if (checkdate($end_month, $end_day, $end_year)) {
        $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
        $timeend = $end_hour . ':' . $end_minute . ':00';
    } else {
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
        return $retval;
    }
    if ($allday == 0) {
        if ($dateend < $datestart) {
            $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
            return $retval;
        }
    } else {
        if ($dateend < $datestart) {
            // Force end date to be same as start date
            $dateend = $datestart;
        }
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    if ($postmode == 'html') {
        $description = COM_checkHTML(COM_checkWords($description), 'calendar.edit');
    } else {
        $postmode = 'plaintext';
        $description = htmlspecialchars(COM_checkWords($description));
    }
    $description = DB_escapeString($description);
    $title = DB_escapeString(strip_tags(COM_checkWords($title)));
    $location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit'));
    $address1 = DB_escapeString(strip_tags(COM_checkWords($address1)));
    $address2 = DB_escapeString(strip_tags(COM_checkWords($address2)));
    $city = DB_escapeString(strip_tags(COM_checkWords($city)));
    $zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode)));
    $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
    $url = DB_escapeString(strip_tags($url));
    if ($allday == 0) {
        // Add 12 to make time on 24 hour clock if needed
        if ($start_ampm == 'pm' and $start_hour != 12) {
            $start_hour = $start_hour + 12;
        }
        // If 12AM set hour to 00
        if ($start_ampm == 'am' and $start_hour == 12) {
            $start_hour = '00';
        }
        // Add 12 to make time on 24 hour clock if needed
        if ($end_ampm == 'pm' and $end_hour != 12) {
            $end_hour = $end_hour + 12;
        }
        // If 12AM set hour to 00
        if ($end_ampm == 'am' and $end_hour == 12) {
            $end_hour = '00';
        }
        $timestart = $start_hour . ':' . $start_minute . ':00';
        $timeend = $end_hour . ':' . $end_minute . ':00';
    }
    if (!empty($eid) and !empty($description) and !empty($title)) {
        if (!SEC_checkToken()) {
            COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks.");
            COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php');
        }
        $hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'");
        if (empty($hits)) {
            $hits = 0;
        }
        DB_delete($_TABLES['eventsubmission'], 'eid', $eid);
        DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}");
        if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) {
            $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'");
            $numrows = DB_numRows($result);
            for ($i = 1; $i <= $numrows; $i++) {
                $P = DB_fetchArray($result);
                DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'");
            }
        }
        PLG_itemSaved($eid, 'calendar');
        COM_rdfUpToDateCheck('calendar', $event_type, $eid);
        return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17);
    } else {
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
        return $retval;
    }
}
示例#10
0
/**
* Delete an event
*
* @param    string  $eid    id of event to delete
* @param    string  $type   'submission' when attempting to delete a submission
* @param    string          HTML redirect
*/
function CALENDAR_delete($eid, $type = '')
{
    global $_CONF, $_TABLES, $_USER;
    if (empty($type)) {
        // delete regular event
        $result = DB_query("SELECT * FROM {$_TABLES['events']} WHERE eid = '" . DB_escapeString($eid) . "'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
        if ($access < 3) {
            COM_accessLog("User {$_USER['username']} tried to illegally delete event {$eid}.");
            return COM_refresh($_CONF['site_admin_url'] . '/plugins/calendar/index.php');
        }
        DB_delete($_TABLES['events'], 'eid', DB_escapeString($eid));
        DB_delete($_TABLES['personal_events'], 'eid', DB_escapeString($eid));
        PLG_itemDeleted($eid, 'calendar');
        COM_rdfUpToDateCheck('calendar', $A['event_type'], $A['eid']);
        return COM_refresh($_CONF['site_admin_url'] . '/plugins/calendar/index.php?msg=18');
    } elseif ($type == 'submission') {
        if (plugin_ismoderator_calendar()) {
            DB_delete($_TABLES['eventsubmission'], 'eid', DB_escapeString($eid));
            return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
        } else {
            COM_accessLog("User {$_USER['username']} tried to illegally delete event submission {$eid}.");
        }
    } else {
        COM_accessLog("User {$_USER['username']} tried to illegally delete event {$eid} of type {$type}.");
    }
    return COM_refresh($_CONF['site_admin_url'] . '/plugins/calendar/index.php');
}
示例#11
0
/**
* Moderates an item
*
* This will actually perform moderation (approve or delete) one or more items
*
* @param    array   $mid        Array of items
* @param    array   $action     Array of actions to perform on items
* @param    string  $type       Type of items ('story', etc.)
* @param    int     $count      Number of items to moderate
* @return   string              HTML for "command and control" page
*
*/
function moderation($mid, $action, $type, $count)
{
    global $_CONF, $_TABLES;
    $retval = '';
    switch ($type) {
        case 'story':
            $id = 'sid';
            $table = $_TABLES['stories'];
            $submissiontable = $_TABLES['storysubmission'];
            $fields = 'sid,uid,tid,title,introtext,date,postmode';
            break;
        case 'comment':
            $id = 'cid';
            $submissiontable = $_TABLES['commentsubmissions'];
            $sidArray[] = '';
            break;
        default:
            if (strlen($type) <= 0) {
                // something is terribly wrong, bail
                $retval .= COM_errorLog("Unable to find type of {$type} in moderation() in moderation.php");
                return $retval;
            }
            list($id, $table, $fields, $submissiontable) = PLG_getModerationValues($type);
    }
    // Set true if an valid action other than delete_all is selected
    $formaction = false;
    for ($i = 0; $i < $count; $i++) {
        if (isset($action[$i]) and $action[$i] != '') {
            $formaction = true;
        } else {
            continue;
        }
        switch ($action[$i]) {
            case 'delete':
                if (!empty($type) && $type != 'story' && $type != 'draft') {
                    // There may be some plugin specific processing that needs to
                    // happen first.
                    $retval .= PLG_deleteSubmission($type, $mid[$i]);
                }
                if (empty($mid[$i])) {
                    $retval .= COM_errorLog("moderation.php just tried deleting everything in table {$submissiontable} because it got an empty id.  Please report this immediately to your site administrator");
                    return $retval;
                }
                if ($type == 'draft') {
                    STORY_deleteStory($mid[$i]);
                } else {
                    DB_delete($submissiontable, "{$id}", $mid[$i]);
                }
                break;
            case 'approve':
                if ($type == 'story') {
                    $result = DB_query("SELECT * FROM {$_TABLES['storysubmission']} WHERE sid = '{$mid[$i]}'");
                    $A = DB_fetchArray($result);
                    $A['related'] = addslashes(implode("\n", STORY_extractLinks($A['introtext'])));
                    $A['owner_id'] = $A['uid'];
                    $A['title'] = addslashes($A['title']);
                    $A['introtext'] = addslashes($A['introtext']);
                    $A['bodytext'] = addslashes($A['bodytext']);
                    $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'");
                    $T = DB_fetchArray($result);
                    if ($T['archive_flag'] == 1) {
                        $frontpage = 0;
                    } else {
                        if (isset($_CONF['frontpage'])) {
                            $frontpage = $_CONF['frontpage'];
                        } else {
                            $frontpage = 1;
                        }
                    }
                    DB_save($_TABLES['stories'], 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}");
                    DB_delete($_TABLES['storysubmission'], "{$id}", $mid[$i]);
                    PLG_itemSaved($A['sid'], 'article');
                    COM_rdfUpToDateCheck();
                    COM_olderStuff();
                } else {
                    if ($type == 'draft') {
                        DB_query("UPDATE {$_TABLES['stories']} SET draft_flag = 0 WHERE sid = '{$mid[$i]}'");
                        COM_rdfUpToDateCheck();
                        COM_olderStuff();
                    } else {
                        if ($type == 'comment') {
                            $sid = CMT_approveModeration($mid[$i]);
                            if (!in_array($sid, $sidArray)) {
                                $sidArray[$i] = $sid;
                            }
                        } else {
                            // This is called in case this is a plugin. There may be some
                            // plugin specific processing that needs to happen.
                            DB_copy($table, $fields, $fields, $submissiontable, $id, $mid[$i]);
                            $retval .= PLG_approveSubmission($type, $mid[$i]);
                        }
                    }
                }
                break;
        }
    }
    // after loop update comment tree and count for each story
    if (isset($sidArray)) {
        foreach ($sidArray as $sid) {
            CMT_rebuildTree($sid);
            //update comment count of stories;
            $comments = DB_count($_TABLES['comments'], 'sid', $sid);
            DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
        }
    }
    //Add new comment users to group comment.submit group
    if (isset($_POST['publishfuture'])) {
        for ($i = 0; $i < count($_POST['publishfuture']); $i++) {
            $uid = COM_applyFilter($_POST['publishfuture'][$i], true);
            if ($uid > 1 && !SEC_inGroup('Comment Submitters', $uid)) {
                SEC_addUserToGroup($uid, 'Comment Submitters');
            }
        }
    }
    // Check if there was no direct action used on the form
    // and if the delete_all submit action was used
    if (!$formaction and isset($_POST['delitem'])) {
        foreach ($_POST['delitem'] as $delitem) {
            $delitem = COM_applyFilter($delitem);
            if (!empty($type) && $type != 'story' && $type != 'draft') {
                // There may be some plugin specific processing that needs to
                // happen first.
                $retval .= PLG_deleteSubmission($type, $delitem);
            }
            if ($type == 'draft') {
                STORY_deleteStory($delitem);
            } else {
                DB_delete($submissiontable, "{$id}", $delitem);
            }
        }
    }
    $retval .= commandcontrol(SEC_createToken());
    return $retval;
}
示例#12
0
 /**
  * Saves a story submission.
  *
  * @return  integer result code explaining behaviour.
  */
 public function saveSubmission()
 {
     global $_USER, $_CONF, $_TABLES;
     $this->_sid = COM_makeSid();
     if (COM_isAnonUser()) {
         $this->_uid = 1;
     } else {
         $this->_uid = $_USER['uid'];
     }
     // Remove any autotags the user doesn't have permission to use
     $introText = PLG_replaceTags($this->_introtext, '', true);
     $bodyText = PLG_replaceTags($this->_bodytext, '', true);
     if (!TOPIC_hasMultiTopicAccess('topic')) {
         // user doesn't have access to one or more topics - bail
         return STORY_NO_ACCESS_TOPIC;
     }
     if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) {
         $sid = DB_escapeString($this->_sid);
         $title = DB_escapeString($this->_title);
         $introText = DB_escapeString($introText);
         $bodyText = DB_escapeString($bodyText);
         $postMode = DB_escapeString($this->_postmode);
         DB_save($_TABLES['storysubmission'], 'sid,uid,title,introtext,bodytext,date,postmode,text_version', "{$sid},{$this->_uid},'{$title}'," . "'{$introText}','{$bodyText}',NOW(),'{$postMode}','{$this->_text_version}'");
         // Save Topics selected
         TOPIC_saveTopicSelectionControl('article', $sid);
         return STORY_SAVED_SUBMISSION;
     } else {
         // post this story directly. First establish the necessary missing data.
         $this->sanitizeData();
         if (!isset($_CONF['show_topic_icon'])) {
             $_CONF['show_topic_icon'] = 1;
         }
         /*
                     if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) { // A bug using undefined variable $tmptid
                         $this->_frontpage = 0;
                     } elseif (isset($_CONF['frontpage'])) {
                         $this->_frontpage = $_CONF['frontpage'];
                     } else {
                         $this->_frontpage = 1;
                     }
         
                     $this->_oldsid = $this->_sid; // dead code
         */
         $this->_date = mktime();
         $this->_featured = 0;
         $this->_commentcode = $_CONF['comment_code'];
         $this->_trackbackcode = $_CONF['trackback_code'];
         $this->_statuscode = 0;
         $this->_show_topic_icon = $_CONF['show_topic_icon'];
         $this->_cache_time = $_CONF['default_cache_time_article'];
         if (COM_isAnonUser()) {
             $this->_owner_id = 1;
         } else {
             $this->_owner_id = $_USER['uid'];
         }
         /*
         $this->_group_id = $T['group_id'];
         $this->_perm_owner = $T['perm_owner'];
         $this->_perm_group = $T['perm_group'];
         $this->_perm_members = $T['perm_members'];
         $this->_perm_anon = $T['perm_anon'];
         */
         // Save Topics selected
         TOPIC_saveTopicSelectionControl('article', $this->_sid);
         $sql = "SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag " . "FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta " . "WHERE ta.type = 'article' AND ta.id = '{$this->_sid}' " . "AND ta.tdefault = 1 AND ta.tid = t.tid";
         $result = DB_query($sql);
         $A = DB_fetchArray($result);
         if ($A['archive_flag'] == 1) {
             $this->_frontpage = 0;
         } elseif (isset($_CONF['frontpage'])) {
             $this->_frontpage = $_CONF['frontpage'];
         } else {
             $this->_frontpage = 1;
         }
         $this->_group_id = $A['group_id'];
         $this->_perm_owner = $A['perm_owner'];
         $this->_perm_group = $A['perm_group'];
         $this->_perm_members = $A['perm_members'];
         $this->_perm_anon = $A['perm_anon'];
         $this->saveToDatabase();
         PLG_itemSaved($this->_sid, 'article');
         COM_rdfUpToDateCheck('article');
         COM_rdfUpToDateCheck('comment');
         STORY_updateLastArticlePublished();
         return STORY_SAVED;
     }
 }
示例#13
0
/**
 * Delete an existing story
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_delete_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER;
    if (empty($args['sid']) && !empty($args['id'])) {
        $args['sid'] = $args['id'];
    }
    if ($args['gl_svc']) {
        $args['sid'] = COM_applyBasicFilter($args['sid']);
    }
    $sid = $args['sid'];
    $result = DB_query("SELECT tid,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'");
    $A = DB_fetchArray($result);
    $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    $access = min($access, SEC_hasTopicAccess($A['tid']));
    if ($access < 3) {
        COM_accessLog("User {$_USER['username']} tried to illegally delete story {$sid}.");
        $output = COM_refresh($_CONF['site_admin_url'] . '/story.php');
        if ($_USER['uid'] > 1) {
            return PLG_RET_PERMISSION_DENIED;
        } else {
            return PLG_RET_AUTH_FAILED;
        }
    }
    STORY_deleteImages($sid);
    DB_query("DELETE FROM {$_TABLES['comments']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article'");
    DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid));
    // delete Trackbacks
    DB_query("DELETE FROM {$_TABLES['trackback']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article';");
    PLG_itemDeleted($sid, 'article');
    // update RSS feed and Older Stories block
    COM_rdfUpToDateCheck();
    COM_olderStuff();
    COM_setMessage(10);
    $output = COM_refresh($_CONF['site_admin_url'] . '/story.php');
    return PLG_RET_OK;
}
示例#14
0
/**
* Saves banner to the database
*
* @param    string  $bid            ID for banner
* @param    string  $old_bid        old ID for banner
* @param    string  $cid            cid of category banner belongs to
* @param    string  $categorydd     Category banner belong to
* @param    string  $url            URL of banner to save
* @param    string  $description    Description of banner
* @param    string  $title          Title of banner
* @param    int     $hits           Number of hits for banner
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group banner belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_members   Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @return   string                  HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array banner plugin lang admin vars
*
*/
function savebanner($bid, $old_bid, $cid, $categorydd, $url, $description, $title, $publishstart, $publishend, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_BANNER_ADMIN, $_BAN_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // clean 'em up
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $title = addslashes(COM_checkHTML(COM_checkWords($title)));
    $cid = addslashes($cid);
    //$description = str_replace('<p>','',$description);
    //$description = str_replace('</p>','',$description);
    if (empty($owner_id)) {
        // this is new banner from admin, set default values
        $owner_id = $_USER['uid'];
        if (isset($_GROUPS['Banner Admin'])) {
            $group_id = $_GROUPS['Banner Admin'];
        } else {
            $group_id = SEC_getFeatureGroup('banner.edit');
        }
        $perm_owner = 3;
        $perm_group = 2;
        $perm_members = 2;
        $perm_anon = 2;
    }
    if (empty($publishstart)) {
        $publishstart = 'NULL';
    } else {
        $publishstart = "'" . $publishstart . "'";
    }
    if (empty($publishend)) {
        $publishend = 'NULL';
    } else {
        $publishend = "'" . $publishend . "'";
    }
    $bid = COM_sanitizeID($bid);
    $old_bid = COM_sanitizeID($old_bid);
    if (empty($bid)) {
        if (empty($old_bid)) {
            $bid = COM_makeSid();
        } else {
            $bid = $old_bid;
        }
    }
    // check for banner id change
    if (!empty($old_bid) && $bid != $old_bid) {
        // check if new bid is already in use
        if (DB_count($_TABLES['banner'], 'bid', $bid) > 0) {
            // TBD: abort, display editor with all content intact again
            $bid = $old_bid;
            // for now ...
        }
    }
    $access = 0;
    $old_bid = addslashes($old_bid);
    if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE bid = '{$old_bid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[31], $MESSAGE[30]) . COM_siteFooter();
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit banner {$bid}.");
        echo $display;
        exit;
    } elseif (!empty($title) && !empty($description)) {
        if ($categorydd != $LANG_BANNER_ADMIN[7] && !empty($categorydd)) {
            $cid = addslashes($categorydd);
        } else {
            if ($categorydd != $LANG_BANNER_ADMIN[7]) {
                echo COM_refresh($_CONF['site_admin_url'] . '/plugins/banner/index.php');
            }
        }
        DB_delete($_TABLES['bannersubmission'], 'bid', $old_bid);
        DB_delete($_TABLES['banner'], 'bid', $old_bid);
        DB_save($_TABLES['banner'], 'bid,cid,url,description,title,date,publishstart,publishend,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$bid}','{$cid}','{$url}','{$description}','{$title}',NOW(),{$publishstart},{$publishend},'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        // Get category for rdf check
        $category = DB_getItem($_TABLES['bannercategories'], "category", "cid='{$cid}'");
        COM_rdfUpToDateCheck('banner', $category, $bid);
        return PLG_afterSaveSwitch($_BAN_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/banner/portal.php?what=banner&item={$bid}"), 'banner', 2);
    } else {
        // missing fields
        $retval .= COM_siteHeader('menu', $LANG_BANNER_ADMIN[1]);
        $retval .= COM_errorLog($LANG_BANNER_ADMIN[10], 2);
        if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) {
            $retval .= editbanner('edit', $old_bid);
        } else {
            $retval .= editbanner('edit', '');
        }
        $retval .= COM_siteFooter();
        return $retval;
    }
}
示例#15
0
/**
 * Delete a topic
 *
 * @param    string $tid Topic ID
 * @return   string          HTML redirect
 */
function deleteTopic($tid)
{
    global $_CONF, $_TABLES, $_USER, $_TOPICS;
    $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
    $A = DB_fetchArray($result);
    $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    if ($access < 3) {
        COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
        COM_redirect($_CONF['site_admin_url'] . '/topic.php');
    }
    // Update any child topics to root and un hide them
    DB_query("UPDATE {$_TABLES['topics']} SET parent_id = '" . TOPIC_ROOT . "', hidden = 0 WHERE parent_id = '{$tid}'");
    // same with feeds
    DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
    // Need to cycle through stories from topic
    // Only delete story if only this one topic
    // Make sure to check if this topic is default for story. If is make another topic default.
    $object_tables[] = $_TABLES['stories'];
    $object_tables[] = $_TABLES['storysubmission'];
    $object_tables[] = $_TABLES['blocks'];
    $object_tables_id[$_TABLES['stories']] = 'sid';
    $object_tables_id[$_TABLES['storysubmission']] = 'sid';
    $object_tables_id[$_TABLES['blocks']] = 'bid';
    $object_type[$_TABLES['stories']] = 'article';
    $object_type[$_TABLES['storysubmission']] = 'article';
    $object_type[$_TABLES['blocks']] = 'block';
    foreach ($object_tables as $object_table) {
        $sql = "SELECT {$object_tables_id[$object_table]}, ta.tdefault\n            FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n            WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = CAST({$object_tables_id[$object_table]} AS CHAR) AND ta.tid = '{$tid}'";
        $result = DB_query($sql);
        $numStories = DB_numRows($result);
        for ($i = 0; $i < $numStories; $i++) {
            $A = DB_fetchArray($result);
            // Now check if another topic exists for this story
            $sql = "SELECT {$object_tables_id[$object_table]}, ta.tid\n                FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n                WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = {$object_tables_id[$object_table]}\n                AND ta.tid <> '{$tid}' AND {$object_tables_id[$object_table]} = '{$A[$object_tables_id[$object_table]]}'";
            $resultB = DB_query($sql);
            $numTopics = DB_numRows($resultB);
            if ($numTopics == 0) {
                // Delete comments, trackbacks, images associated with stories in this topic since only topic
                if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
                    STORY_deleteImages($A['sid']);
                    DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
                    DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
                    if ($object_table == $_TABLES['stories']) {
                        PLG_itemDeleted($A['sid'], 'article');
                    }
                }
                DB_delete($object_table, $object_tables_id[$object_table], $A[$object_tables_id[$object_table]]);
            } else {
                // Story still exists for other topics so make sure one is default
                if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
                    if ($A['tdefault'] == 1) {
                        $B = DB_fetchArray($resultB);
                        $sql = "UPDATE {$_TABLES['topic_assignments']} SET tdefault = 1 WHERE type = 'article' AND tid = '{$B['tid']}' AND id = '{$B['sid']}'";
                        DB_query($sql);
                    }
                }
            }
        }
    }
    // Notify of Delete topic so other plugins can deal with their items without topics
    PLG_itemDeleted($tid, 'topic');
    // delete these
    DB_delete($_TABLES['topic_assignments'], 'tid', $tid);
    DB_delete($_TABLES['topics'], 'tid', $tid);
    // Reorder Topics, Delete topic cache and reload topic tree
    reorderTopics();
    // update feed(s)
    COM_rdfUpToDateCheck('article');
    COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
示例#16
0
 /**
  * Saves a story submission.
  *
  * @return  integer result code explaining behaviour.
  */
 function saveSubmission()
 {
     global $_USER, $_CONF, $_TABLES;
     $this->_sid = COM_makeSid();
     if (COM_isAnonUser()) {
         $this->_uid = 1;
     } else {
         $this->_uid = $_USER['uid'];
     }
     $tmptid = addslashes(COM_sanitizeID($this->_tid));
     $result = DB_query('SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM ' . "{$_TABLES['topics']} WHERE tid = '{$tmptid}'" . COM_getTopicSQL('AND'));
     if (DB_numRows($result) == 0) {
         // user doesn't have access to this topic - bail
         return STORY_NO_ACCESS_TOPIC;
     }
     $T = DB_fetchArray($result);
     if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) {
         $this->_sid = addslashes($this->_sid);
         $this->_tid = $tmptid;
         $this->_title = addslashes($this->_title);
         $this->_introtext = addslashes($this->_introtext);
         $this->_bodytext = addslashes($this->_bodytext);
         $this->_postmode = addslashes($this->_postmode);
         DB_save($_TABLES['storysubmission'], 'sid,tid,uid,title,introtext,bodytext,date,postmode', "{$this->_sid},'{$this->_tid}',{$this->_uid},'{$this->_title}'," . "'{$this->_introtext}','{$this->_bodytext}',NOW(),'{$this->_postmode}'");
         return STORY_SAVED_SUBMISSION;
     } else {
         // post this story directly. First establish the necessary missing data.
         $this->_sanitizeData();
         if (!isset($_CONF['show_topic_icon'])) {
             $_CONF['show_topic_icon'] = 1;
         }
         if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) {
             $this->_frontpage = 0;
         } elseif (isset($_CONF['frontpage'])) {
             $this->_frontpage = $_CONF['frontpage'];
         } else {
             $this->_frontpage = 1;
         }
         $this->_oldsid = $this->_sid;
         $this->_date = mktime();
         $this->_featured = 0;
         $this->_commentcode = $_CONF['comment_code'];
         $this->_trackbackcode = $_CONF['trackback_code'];
         $this->_statuscode = 0;
         $this->_show_topic_icon = $_CONF['show_topic_icon'];
         if (COM_isAnonUser()) {
             $this->_owner_id = 1;
         } else {
             $this->_owner_id = $_USER['uid'];
         }
         $this->_group_id = $T['group_id'];
         $this->_perm_owner = $T['perm_owner'];
         $this->_perm_group = $T['perm_group'];
         $this->_perm_members = $T['perm_members'];
         $this->_perm_anon = $T['perm_anon'];
         $this->saveToDatabase();
         PLG_itemSaved($this->_sid, 'article');
         COM_rdfUpToDateCheck();
         COM_olderStuff();
         return STORY_SAVED;
     }
 }
示例#17
0
function migrate_deletestory($sid)
{
    global $_TABLES, $_CONF;
    $result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid='" . DB_escapeString($sid) . "'");
    $nrows = DB_numRows($result);
    for ($i = 1; $i <= $nrows; $i++) {
        $A = DB_fetchArray($result);
        $filename = $_CONF['path_html'] . 'images/articles/' . $A['ai_filename'];
        if (!@unlink($filename)) {
            // log the problem but don't abort the script
            COM_errorLog('Unable to remove the following image from the article: ' . $filename);
        }
        // remove unscaled image, if it exists
        $lFilename_large = substr_replace($A['ai_filename'], '_original.', strrpos($A['ai_filename'], '.'), 1);
        $lFilename_large_complete = $_CONF['path_html'] . 'images/articles/' . $lFilename_large;
        if (file_exists($lFilename_large_complete)) {
            if (!@unlink($lFilename_large_complete)) {
                // ;og the problem but don't abort the script
                COM_errorLog('Unable to remove the following image from the article: ' . $lFilename_large_complete);
            }
        }
    }
    DB_delete($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid));
    DB_delete($_TABLES['comments'], 'sid', DB_escapeString($sid));
    DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid));
    // update RSS feed and Older Stories block
    COM_rdfUpToDateCheck();
    COM_olderStuff();
    return;
}
示例#18
0
 function _saveToDatabase($mode = '')
 {
     global $_CONF, $_TABLES;
     $sql_additions = '';
     if (version_compare(VERSION, '2.1.0') >= 0) {
         $this->_text_version = GLTEXT_LATEST_VERSION;
         $text_version = $this->_text_version;
         $sql_additions = "text_version='{$text_version}', ";
         // Apply HTML filter to the text just before save
         // with the permissions of current editor
         require_once $_CONF['path_system'] . 'classes/gltext.class.php';
         $description = GLText::applyHTMLFilter($this->_description, $this->_postmode, 'story.edit', $this->_text_version);
         $detail = GLText::applyHTMLFilter($this->_detail, $this->_postmode, 'story.edit', $this->_text_version);
     } else {
         $description = $this->_description;
         $detail = $this->_detail;
     }
     $lid = addslashes($this->_lid);
     $cid = addslashes($this->_cid);
     $title = addslashes($this->_title);
     $url = addslashes($this->_url);
     $homepage = addslashes($this->_homepage);
     $version = addslashes($this->_version);
     $size = (int) $this->_size;
     $md5 = addslashes($this->_md5);
     $logourl = addslashes($this->_logourl);
     $mg_autotag = addslashes($this->_mg_autotag);
     $tags = addslashes($this->_tags);
     $date = (int) $this->_date;
     $commentcode = (int) $this->_commentcode;
     $project = addslashes($this->_project);
     $description = addslashes($description);
     $detail = addslashes($detail);
     $owner_id = (int) $this->_owner_id;
     $postmode = addslashes($this->_postmode);
     $is_released = (int) $this->_is_released;
     $is_listing = (int) $this->_is_listing;
     $createddate = addslashes($this->_createddate);
     $table = empty($mode) ? $_TABLES['downloads'] : $_TABLES['downloadsubmission'];
     DB_query("UPDATE {$table} " . "SET lid='{$lid}', cid='{$cid}', title='{$title}', url='{$url}', mg_autotag='{$mg_autotag}', tags='{$tags}', " . "homepage='{$homepage}', project='{$project}', description='{$description}', detail='{$detail}', " . "version='{$version}', size={$size}, md5='{$md5}', commentcode={$commentcode}, owner_id={$owner_id}, " . "postmode='{$postmode}', logourl='{$logourl}', is_released={$is_released}, is_listing={$is_listing}, " . $sql_additions . "date={$date}, createddate='{$createddate}' " . "WHERE lid='{$this->_old_lid}'");
     if ($this->_old_lid == $this->_lid) {
         PLG_itemSaved($this->_lid, 'downloads');
     } else {
         DB_change($_TABLES['comments'], 'sid', addslashes($this->_lid), array('sid', 'type'), array(addslashes($this->_old_lid), 'downloads'));
         PLG_itemSaved($this->_lid, 'downloads', $this->_old_lid);
     }
     COM_rdfUpToDateCheck('downloads', $this->_cid, $this->_lid);
 }