/** * We want to preview a single post, we are going to fake a lot of things... */ function preview_from_request() { global $current_User; if (empty($current_User)) { // dh> only logged in user's can preview. Alternatively we need those checks where $current_User gets used below. return; } global $DB, $localtimenow, $Messages, $BlogCache; global $Plugins; if ($this->Blog->get_setting('allow_html_post')) { // HTML is allowed for this post $text_format = 'html'; } else { // HTML is disallowed for this post $text_format = 'htmlspecialchars'; } $preview_userid = param('preview_userid', 'integer', true); $post_status = param('post_status', 'string', true); $post_locale = param('post_locale', 'string', $current_User->locale); $content = param('content', $text_format, true); $post_title = param('post_title', $text_format, true); $post_titletag = param('titletag', 'string', true); $post_excerpt = param('post_excerpt', 'string', true); $post_url = param('post_url', 'string', ''); check_categories_nosave($post_category, $post_extracats); $post_views = param('post_views', 'integer', 0); $renderers = param('renderers', 'array/string', array('default')); if (!is_array($renderers)) { // dh> workaround for param() bug. See rev 1.93 of /inc/_misc/_misc.funcs.php $renderers = array('default'); } if ($post_category == 0) { $post_category = $this->Blog->get_default_cat_ID(); } $comment_Blog =& $BlogCache->get_by_ID(get_catblog($post_category)); if ($comment_Blog->get_setting('allow_comments') != 'never' && $comment_Blog->get_setting('disable_comments_bypost')) { // param is required $post_comment_status = param('post_comment_status', 'string', true); } else { $post_comment_status = $comment_Blog->get_setting('allow_comments'); } // Get issue date, using the user's locale (because it's entered like this in the form): locale_temp_switch($current_User->locale); param_date('item_issue_date', T_('Please enter a valid issue date.'), false); // TODO: dh> get_param() is always true here, also on invalid dates: if (strlen(get_param('item_issue_date'))) { // only set it, if a date was given: param_time('item_issue_time'); $item_issue_date = form_date(get_param('item_issue_date'), get_param('item_issue_time')); // TODO: cleanup... } else { $item_issue_date = date('Y-m-d H:i:s', $localtimenow); } locale_restore_previous(); $item_typ_ID = param('item_typ_ID', 'integer', NULL); $item_st_ID = param('item_st_ID', 'integer', NULL); $item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL); $item_deadline = param('item_deadline', 'string', NULL); $item_priority = param('item_priority', 'integer', NULL); // QUESTION: can this be also empty/NULL? // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Plugins_admin(); $params = array('object_type' => 'Item', 'object_Blog' => &$comment_Blog); $Plugins_admin->filter_contents($post_title, $content, $renderers, $params); $post_title = format_to_post($post_title); $content = format_to_post($content); $post_ID = param('post_ID', 'integer', 0); $this->sql = "SELECT\n\t\t\t{$post_ID} AS post_ID,\n\t\t\t{$preview_userid} AS post_creator_user_ID,\n\t\t\t{$preview_userid} AS post_lastedit_user_ID,\n\t\t\t'{$item_issue_date}' AS post_datestart,\n\t\t\t'{$item_issue_date}' AS post_datecreated,\n\t\t\t'{$item_issue_date}' AS post_datemodified,\n\t\t\t'{$item_issue_date}' AS post_last_touched_ts,\n\t\t\t0 AS post_dateset,\n\t\t\t'" . $DB->escape($post_status) . "' AS post_status,\n\t\t\t'" . $DB->escape($post_locale) . "' AS post_locale,\n\t\t\t'" . $DB->escape($content) . "' AS post_content,\n\t\t\t'" . $DB->escape($post_title) . "' AS post_title,\n\t\t\t'" . $DB->escape($post_titletag) . "' AS post_titletag,\n\t\t\t'" . $DB->escape($post_excerpt) . "' AS post_excerpt,\n\t\t\tNULL AS post_excerpt_autogenerated,\n\t\t\tNULL AS post_urltitle,\n\t\t\tNULL AS post_canonical_slug_ID,\n\t\t\tNULL AS post_tiny_slug_ID,\n\t\t\t'" . $DB->escape($post_url) . "' AS post_url,\n\t\t\t{$post_category} AS post_main_cat_ID,\n\t\t\t{$post_views} AS post_views,\n\t\t\t'' AS post_flags,\n\t\t\t'noreq' AS post_notifications_status,\n\t\t\tNULL AS post_notifications_ctsk_ID,\n\t\t\t" . bpost_count_words($content) . " AS post_wordcount,\n\t\t\t" . $DB->quote($post_comment_status) . " AS post_comment_status,\n\t\t\t'" . $DB->escape(implode('.', $renderers)) . "' AS post_renderers,\n\t\t\t" . $DB->quote($item_assigned_user_ID) . " AS post_assigned_user_ID,\n\t\t\t" . $DB->quote($item_typ_ID) . " AS post_ptyp_ID,\n\t\t\t" . $DB->quote($item_st_ID) . " AS post_pst_ID,\n\t\t\t" . $DB->quote($item_deadline) . " AS post_datedeadline,\n\t\t\t" . $DB->quote($item_priority) . " AS post_priority,"; $this->sql .= $DB->quote(param('item_order', 'double', NULL)) . ' AS post_order' . ",\n" . $DB->quote(param('item_featured', 'integer', NULL)) . ' AS post_featured' . "\n"; $this->total_rows = 1; $this->total_pages = 1; $this->page = 1; // ATTENTION: we skip the parent on purpose here!! fp> refactor DataObjectList2::query(false, false, false, 'PREVIEW QUERY'); $Item =& $this->Cache->instantiate($this->rows[0]); // set Item settings $Item->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0)); $Item->set_setting('post_metadesc', param('metadesc', 'string', true)); $Item->set_setting('post_custom_headers', param('custom_headers', 'string', true)); // set custom Item settings foreach (array('double', 'varchar') as $type) { $count_custom_field = $comment_Blog->get_setting('count_custom_' . $type); $param_type = $type == 'varchar' ? 'string' : $type; for ($i = 1; $i <= $count_custom_field; $i++) { // For each custom double field: $field_guid = $comment_Blog->get_setting('custom_' . $type . $i); $Item->set_setting('custom_' . $type . '_' . $field_guid, param('item_' . $type . '_' . $field_guid, $param_type, NULL)); } } // Trigger plugin event, allowing to manipulate or validate the item before it gets previewed $Plugins->trigger_event('AppendItemPreviewTransact', array('Item' => &$Item)); if ($Messages->has_errors()) { $errcontent = $Messages->display(T_('Invalid post, please correct these errors:'), '', false); $Item->content = $errcontent . "\n<hr />\n" . $content; } // little funky fix for IEwin, rawk on that code global $Hit; if ($Hit->is_winIE() && !isset($IEWin_bookmarklet_fix)) { // QUESTION: Is this still needed? What about $IEWin_bookmarklet_fix? (blueyed) $Item->content = preg_replace('/\\%u([0-9A-F]{4,4})/e', "'&#'.base_convert('\\1',16,10). ';'", $Item->content); } }
case 'edit_switchtab': // this gets set as action by JS, when we switch tabs // This is somewhat in between new and edit... // Check permission based on DB status: $current_User->check_perm('item_post!CURSTATUS', 'edit', true, $edited_Item); $edited_Item->status = param('post_status', 'string', NULL); // 'published' or 'draft' or ... // We know we can use at least one status, // but we need to make sure the requested/default one is ok: $edited_Item->status = $Blog->get_allowed_item_status($edited_Item->status); // We use the request variables to fill the edit form, because we need to be able to pass those values // from tab to tab via javascript when the editor wants to switch views... $edited_Item->load_from_Request(true); // needs Blog set // Check if new category was started to create. If yes then set up parameters for next page check_categories_nosave($post_category, $post_extracats); $edited_Item->set('main_cat_ID', $post_category); if ($edited_Item->main_cat_ID && get_allow_cross_posting() < 2 && $edited_Item->get_blog_ID() != $blog) { // the main cat is not in the list of categories; this happens, if the user switches blogs during editing: $edited_Item->set('main_cat_ID', $Blog->get_default_cat_ID()); } $post_extracats = param('post_extracats', 'array/integer', $post_extracats); param('item_tags', 'string', ''); // Trackback addresses (never saved into item) param('trackback_url', 'string', ''); // Page title: $AdminUI->title_titlearea = sprintf(T_('Editing post #%d: %s'), $edited_Item->ID, $Blog->get('name')); $AdminUI->breadcrumbpath_add(sprintf(T_('Post #%s'), $edited_Item->ID), '?ctrl=items&blog=' . $Blog->ID . '&p=' . $edited_Item->ID); $AdminUI->breadcrumbpath_add(T_('Edit'), '?ctrl=items&action=edit&blog=' . $Blog->ID . '&p=' . $edited_Item->ID); // Params we need for tab switching: $tab_switch_params = 'p=' . $edited_Item->ID;
/** * * Check if new category needs to be created or not (after post editing). * If the new category radio is checked creates the new category and set it to post category * If the new category checkbox is checked creates the new category and set it to post extracat * * Function is called during post creation or post update * * @param Object Post category (by reference). * @param Array Post extra categories (by reference). * @return boolean true - if there is no new category, or new category created succesfull; false if new category creation failed. */ function check_categories(&$post_category, &$post_extracats) { $post_category = param('post_category', 'integer', -1); $post_extracats = param('post_extracats', 'array/integer', array()); global $Messages, $Blog, $blog; load_class('chapters/model/_chaptercache.class.php', 'ChapterCache'); $GenericCategoryCache =& get_ChapterCache(); if ($post_category == -1) { // no main cat select if (count($post_extracats) == 0) { // no extra cat select $post_category = $Blog->get_default_cat_ID(); } else { // first extracat become main_cat if (get_allow_cross_posting() >= 2) { // allow moving posts between different blogs is enabled, set first selected cat as main cat $post_category = $post_extracats[0]; } else { // allow moving posts between different blogs is disabled - we need a main cat from $blog foreach ($post_extracats as $cat) { if (get_catblog($cat) != $blog) { // this cat is not from $blog continue; } // set first cat from $blog as main cat $post_category = $cat; break; } if ($post_category == -1) { // wasn't cat selected from $blog select a default as main cat $post_category = $Blog->get_default_cat_ID(); } } } if ($post_category) { // If main cat is not a new category, and has been autoselected $GenericCategory =& $GenericCategoryCache->get_by_ID($post_category); $post_category_Blog = $GenericCategory->get_Blog(); $Messages->add(sprintf(T_('The main category for this post has been automatically set to "%s" (Blog "%s")'), $GenericCategory->get_name(), $post_category_Blog->get('name')), 'warning'); } } if (!$post_category || in_array(0, $post_extracats)) { global $current_User; if (!$current_User->check_perm('blog_cats', '', false, $Blog->ID)) { // Current user cannot add a categories for this blog check_categories_nosave($post_category, $post_extracats); // set up the category parameters $Messages->add(T_('You are not allowed to create a new category.'), 'error'); return false; } $category_name = param('category_name', 'string', true); if ($category_name == '') { $show_error = !$post_category; // new main category without name => error message check_categories_nosave($post_category, $post_extracats); // set up the category parameters if ($show_error) { // new main category without name $Messages->add(T_('Please provide a name for new category.'), 'error'); return false; } return true; } $new_GenericCategory =& $GenericCategoryCache->new_obj(NULL, $blog); // create new category object $new_GenericCategory->set('name', $category_name); if ($new_GenericCategory->dbinsert() !== false) { $Messages->add(T_('New category created.'), 'success'); if (!$post_category) { $post_category = $new_GenericCategory->ID; // set the new ID } if (($extracat_key = array_search('0', $post_extracats)) || $post_extracats[0] == '0') { if ($extracat_key) { unset($post_extracats[$extracat_key]); } else { unset($post_extracats[0]); } $post_extracats[] = $new_GenericCategory->ID; } $GenericCategoryCache->add($new_GenericCategory); } else { $Messages->add(T_('New category creation failed.'), 'error'); return false; } } if (get_allow_cross_posting() == 2) { // Extra cats in different blogs is disabled, check selected extra cats $post_category_blog = get_catblog($post_category); $ignored_cats = ''; foreach ($post_extracats as $key => $cat) { if (get_catblog($cat) != $post_category_blog) { // this cat is not from main category blog, it has to be ingnored $GenericCategory =& $GenericCategoryCache->get_by_ID($cat); $ignored_cats = $ignored_cats . $GenericCategory->get_name() . ', '; unset($post_extracats[$key]); } } $ingnored_length = strlen($ignored_cats); if ($ingnored_length > 2) { // ingnore list is not empty global $current_User, $admin_url; if ($current_User->check_perm('options', 'view', false)) { $cross_posting_text = '<a href="' . $admin_url . '?ctrl=features">' . T_('cross-posting is disabled') . '</a>'; } else { $cross_posting_text = T_('cross-posting is disabled'); } $ignored_cats = substr($ignored_cats, 0, $ingnored_length - 2); $Messages->add(sprintf(T_('The category selection "%s" was ignored since %s'), $ignored_cats, $cross_posting_text), 'warning'); } } // make sure main cat is in extracat list and there are no duplicates $post_extracats[] = $post_category; $post_extracats = array_unique($post_extracats); return true; }