$type = '';
if (isset($_POST['type'])) {
$type = COM_applyFilter($_POST['type']);
}
if (!isset($sid) || empty($sid)) {
COM_errorLog('Attempted to delete story sid=' . $sid);
echo COM_refresh($_CONF['site_admin_url'] . '/story.php');
} else {
if ($type == 'submission') {
if (TOPIC_hasMultiTopicAccess('article', $sid) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
} else {
if (SEC_checkToken()) {
// Delete Topic Assignments for this submission
TOPIC_deleteTopicAssignments('article', $sid);
DB_delete($_TABLES['storysubmission'], 'sid', $sid, $_CONF['site_admin_url'] . '/moderation.php');
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
}
} else {
if (SEC_checkToken()) {
echo STORY_deleteStory($sid);
} else {
COM_accessLog("User {$_USER['username']} tried to delete story and failed CSRF checks {$sid}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
}
}
/**
* Performs story exclusive work for items deleted by moderation
* While moderation.php handles the actual removal from the submission
* table, within this function we handle all other deletion related tasks
*
* @param string $sid Identifying string, i.e. the story id
* @return string Any wanted HTML output
*/
function plugin_moderationdelete_story($sid)
{
global $_TABLES;
TOPIC_deleteTopicAssignments('article', $sid);
DB_delete($_TABLES['storysubmission'], 'sid', $sid);
return '';
}
/**
* Delete an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC;
$output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php?msg=20');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
$sp_id = $args['sp_id'];
if (!SEC_hasRights('staticpages.delete')) {
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied']));
if ($_USER['uid'] > 1) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
// If a staticpage template, remove any use of the file
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages'));
TOPIC_deleteTopicAssignments('staticpages', $sp_id);
PLG_itemDeleted($sp_id, 'staticpages');
// Clear Cache
$cacheInstance = 'staticpage__' . $sp_id . '__';
CACHE_remove_instance($cacheInstance);
return PLG_RET_OK;
}
/**
* Delete a block
*
* @param string $bid id of block to delete
* @return string HTML redirect or error message
*
*/
function deleteBlock($bid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}.");
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
}
TOPIC_deleteTopicAssignments('block', $bid);
DB_delete($_TABLES['blocks'], 'bid', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12');
}
/**
* Saves the story in it's final state to the database.
* Handles all the SID magic etc.
*
* @return int status result from a constant list.
*/
public function saveToDatabase()
{
global $_TABLES, $_DB_dbms;
$tids = TOPIC_getTopicIdsForObject('topic');
$archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag=1');
if (!empty($tids) && !empty($archive_tid)) {
if (in_array($archive_tid, $tids)) {
$this->_featured = 0;
$this->_frontpage = 0;
$this->_statuscode = STORY_ARCHIVE_ON_EXPIRE;
}
}
/* if a featured, non-draft, that goes live straight away, unfeature
* other stories in same topic:
*/
if ($this->_featured == '1') {
// there can only be one non-draft featured story
if ($this->_draft_flag == 0 and $this->_date <= time()) {
if ($this->_frontpage == 1) {
// un-feature any featured frontpage story
DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND frontpage = 1 AND date <= NOW()");
}
// un-feature any featured story in the same topic
//DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND tid = '{$this->_tid}' AND date <= NOW()");
$tids = TOPIC_getTopicIdsForObject('topic');
if (!empty($tids)) {
DB_query("UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta SET s.featured = 0 WHERE s.featured = 1 AND s.draft_flag = 0 AND (ta.tid IN ('" . implode("','", $tids) . "')) AND ta.type = 'article' AND ta.id = s.sid AND s.date <= NOW()");
}
}
}
$oldArticleExists = false;
$currentSidExists = false;
// Fix up old sid => new sid stuff
$checkSid = DB_escapeString($this->_originalSid);
// needed below
if ($this->_sid != $this->_originalSid) {
/* The sid has changed. Load from request will have
* ensured that if the new sid exists an error has
* been thrown, but we need to know if the old sid
* actually existed (as opposed to being a generated
* sid that was then thrown away) to reduce the sheer
* number of SQL queries we do.
*/
$newSid = DB_escapeString($this->_sid);
$sql = "SELECT 1 FROM {$_TABLES['stories']} WHERE sid='{$checkSid}'";
$result = DB_query($sql);
if ($result && DB_numRows($result) > 0) {
$oldArticleExists = true;
}
if ($oldArticleExists) {
// Move Comments
$sql = "UPDATE {$_TABLES['comments']} SET sid='{$newSid}' WHERE type='article' AND sid='{$checkSid}'";
DB_query($sql);
// Move Images
$sql = "UPDATE {$_TABLES['article_images']} SET ai_sid = '{$newSid}' WHERE ai_sid = '{$checkSid}'";
DB_query($sql);
// Move trackbacks
$sql = "UPDATE {$_TABLES['trackback']} SET sid='{$newSid}' WHERE sid='{$checkSid}' AND type='article'";
DB_query($sql);
}
}
// Acquire Comment Count
$sql = "SELECT COUNT(1) FROM {$_TABLES['comments']} WHERE type='article' AND sid='{$this->_sid}'";
$result = DB_query($sql);
if ($result && DB_numRows($result) == 1) {
$array = DB_fetchArray($result);
$this->_comments = $array[0];
} else {
$this->_comments = 0;
}
/* Format dates for storage: */
/*
* Doing this here would use the webserver's timezone, but we need
* to use the DB server's timezone so that ye olde timezone hack
* still works. See use of FROM_UNIXTIME in the SQL below.
*
* $this->_date = date('Y-m-d H:i:s', $this->_date);
* $this->_expire = date('Y-m-d H:i:s', $this->_expire);
*
*/
// Get the related URLs
$this->_related = implode("\n", STORY_extractLinks($this->DisplayElements('introtext') . ' ' . $this->DisplayElements('bodytext')));
$fields = '';
$values = '';
reset($this->_dbFields);
$this->_text_version = GLTEXT_LATEST_VERSION;
// Apply HTML filter to the text just before save
// with the permissions of current editor
$this->_introtext = GLText::applyHTMLFilter($this->_introtext, $this->_postmode, 'story.edit', $this->_text_version);
$this->_bodytext = GLText::applyHTMLFilter($this->_bodytext, $this->_postmode, 'story.edit', $this->_text_version);
/* This uses the database field array to generate a SQL Statement. This
* means that when adding new fields to save and load, all we need to do
* is add the field name to the array, and the code will magically cope.
*/
while (list($fieldName, $save) = each($this->_dbFields)) {
if ($save === 1) {
$varName = '_' . $fieldName;
$fields .= $fieldName . ', ';
if ($fieldName === 'date' || $fieldName === 'expire' || $fieldName === 'comment_expire') {
// let the DB server do this conversion (cf. timezone hack)
$values .= 'FROM_UNIXTIME(' . $this->{$varName} . '), ';
} else {
if ($this->{$varName} === '') {
$values .= "'', ";
} else {
if (is_numeric($this->{$varName})) {
$values .= DB_escapeString($this->{$varName}) . ', ';
} else {
$values .= '\'' . DB_escapeString($this->{$varName}) . '\', ';
}
}
}
}
}
$fields = substr($fields, 0, strlen($fields) - 2);
$values = substr($values, 0, strlen($values) - 2);
DB_save($_TABLES['stories'], $fields, $values);
// Save Topics selected
TOPIC_saveTopicSelectionControl('article', $this->_sid);
if ($oldArticleExists) {
// Clean up the old story
DB_delete($_TABLES['stories'], 'sid', $checkSid);
// Delete Topic Assignments for this old article id since we just created new ones
TOPIC_deleteTopicAssignments('article', $checkSid);
}
if ($this->type === 'submission') {
// there might be a submission, clean it up
DB_delete($_TABLES['storysubmission'], 'sid', $checkSid);
}
return STORY_SAVED;
}
