function article_save() { global $txp_user, $vars, $txpcfg, $prefs; extract($prefs); $incoming = psa($vars); $oldArticle = safe_row('Status, url_title, Title, unix_timestamp(LastMod) as sLastMod, LastModID', 'textpattern', 'ID = ' . (int) $incoming['ID']); if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } if ($oldArticle['sLastMod'] != $incoming['sLastMod']) { article_edit(gTxt('concurrent_edit_by', array('{author}' => htmlspecialchars($oldArticle['LastModID']))), TRUE); return; } $incoming = textile_main_fields($incoming, $use_textile); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt')))); $Annotate = (int) $Annotate; if (!has_privs('article.publish') && $Status >= 4) { $Status = 3; } if ($reset_time) { $whenposted = "Posted=now()"; $when_ts = time(); } else { $when = $when_ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset(); $whenposted = "Posted=from_unixtime({$when})"; } if (empty($exp_year)) { $expires = 0; $whenexpires = "Expires=" . NULLDATETIME; } else { if (empty($exp_month)) { $exp_month = 1; } if (empty($exp_day)) { $exp_day = 1; } if (empty($exp_hour)) { $exp_hour = 0; } if (empty($exp_minute)) { $exp_minute = 0; } if (empty($exp_second)) { $exp_second = 0; } $expires = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second) - tz_offset(); $whenexpires = "Expires=from_unixtime({$expires})"; } if ($expires) { if ($expires <= $when_ts) { article_edit(gTxt('article_expires_before_postdate')); return; } } //Auto-Update custom-titles according to Title, as long as unpublished and NOT customized if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) { $url_title = stripSpace($Title_plain, 1); } $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', ')); safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = {$Status},\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = {$Annotate},\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted},\n\t\t\t{$whenexpires}", "ID = {$ID}"); if ($Status >= 4) { if ($oldArticle['Status'] < 4) { do_pings(); } update_lastmod(); } article_edit(get_status_message($Status) . check_url_title($url_title)); }
function article_save() { global $txp_user, $vars, $txpcfg; extract(get_prefs()); $incoming = psa($vars); $oldArticle = safe_row('Status, url_title, Title', 'textpattern', 'ID = ' . (int) $incoming['ID']); if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } include_once $txpcfg['txpath'] . '/lib/classTextile.php'; $textile = new Textile(); $incoming['Title_plain'] = $incoming['Title']; if ($use_textile == 0 or !$incoming['textile_body']) { $incoming['Body_html'] = trim($incoming['Body']); } else { if ($use_textile == 1) { $incoming['Body_html'] = nl2br(trim($incoming['Body'])); } else { if ($use_textile == 2 && $incoming['textile_body']) { $incoming['Body_html'] = $textile->TextileThis($incoming['Body']); $incoming['Title'] = $textile->TextileThis($incoming['Title'], '', 1); } } } if ($incoming['textile_excerpt']) { $incoming['Excerpt_html'] = $textile->TextileThis($incoming['Excerpt']); } else { $incoming['Excerpt_html'] = $textile->TextileThis($incoming['Excerpt'], 1); } extract(doSlash($incoming)); if (!has_privs('article.publish') && $Status >= 4) { $Status = 3; } if ($reset_time) { $whenposted = "Posted=now()"; } else { $when = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ":00") - tz_offset(); $when = "from_unixtime({$when})"; $whenposted = "Posted={$when}"; } $textile_body = !$textile_body ? 0 : 1; $textile_excerpt = !$textile_excerpt ? 0 : 1; if (empty($url_title)) { $url_title = stripSpace($Title_plain, 1); } elseif ($oldArticle['Status'] < 4 && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1)) { $url_title = stripSpace($Title_plain, 1); } safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = '{$Status}',\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = '{$Annotate}',\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted}", "ID='{$ID}'"); if ($Status >= 4) { if ($oldArticle['Status'] < 4) { include_once $txpcfg['txpath'] . '/lib/IXRClass.php'; if ($ping_textpattern_com) { $tx_client = new IXR_Client('http://textpattern.com/xmlrpc/'); $tx_client->query('ping.Textpattern', $sitename, $siteurl); } if ($ping_weblogsdotcom == 1) { $wl_client = new IXR_Client('http://rpc.pingomatic.com/'); $wl_client->query('weblogUpdates.ping', $sitename, hu); } } safe_update("txp_prefs", "val = now()", "`name` = 'lastmod'"); $message = gTxt("article_saved"); } else { if ($Status == 3) { $message = gTxt("article_saved_pending"); } else { if ($Status == 2) { $message = gTxt("article_saved_hidden"); } else { if ($Status == 1) { $message = gTxt("article_saved_draft"); } } } } $message .= check_url_title($url_title); article_edit($message); }
/** * validate_article_data * * * * * * */ function validate_article_post_data() { $article_data['error'] = array(); // set status - archive, draft, published, withdrawn $status_list = array('A', 'D', 'P', 'W'); $article_data = $_POST; if (isset($_POST['draft'])) { $article_data['status'] = 'D'; } else { $article_data['status'] = 'P'; if (isset($_POST['status'])) { $post_status = $_POST['status']; $article_data['status'] = in_array($post_status, $status_list) ? $_POST['status'] : 'A'; } } // id $article_data['id'] = isset($_GET['article_id']) ? (int) $_GET['article_id'] : 0; // title - required if (isset($_POST['title']) && !empty($_POST['title'])) { $article_data['title'] = clean_input($_POST['title']); } else { $article_data['title'] = 'New article'; $article_data['error'][] = "No title entered"; } // url title - update url title only if article is new, url is empty, or update_url is checked if (empty($article_data['id']) || !empty($_POST['update_url']) || empty($_POST['url'])) { $article_data['url'] = create_url_title($article_data['title']); } else { $article_data['url'] = clean_input($_POST['url']); } // check for url duplicates $article_data['url'] = check_url_title($article_data['url'], $article_data['id']); // summary $article_data['summary'] = isset($_POST['summary']) ? clean_input($_POST['summary']) : ''; // body - no need to clean html here $article_data['body'] = isset($_POST['body']) ? prepare_article_body($_POST['body']) : ''; // author id $article_data['author_id'] = (int) $_POST['author_id']; // category_url $article_data['category_url'] = $_POST['category_url']; // category new if (!empty($_POST['category_new'])) { $new_category = clean_input($_POST['category_new']); $article_data['category_id'] = quick_insert_category($new_category); if (!is_int($article_data['category_id'])) { $article_data['error'][] = $article_data['category_id']; } } else { // category id $article_data['category_id'] = (int) $_POST['category_id']; } // error check category if (!isset($article_data['category_id'])) { $article_data['error'][] = "No category selected (or no new category entered)"; } // date_uploaded if (isset($_POST['date_uploaded'])) { $article_data['date_uploaded'] = $_POST['date_uploaded']; } else { // ensure gmt date is saved $year = empty($_POST['year']) ? gmdate('Y') : $_POST['year']; $month = empty($_POST['month']) ? gmdate('m') : $_POST['month']; $day = empty($_POST['day']) ? gmdate('d') : $_POST['day']; $hour = empty($_POST['hour']) ? gmdate('H') : $_POST['hour']; $minute = empty($_POST['minute']) ? gmdate('i') : $_POST['minute']; // calculate GMT timestamp $ts_uploaded = strtotime($year . "-" . $month . "-" . $day . " " . $hour . ":" . $minute . ":00"); $article_data['date_uploaded'] = gmdate('Y-m-d H:i:s', $ts_uploaded); // just to avoid messy errors we'll resend the date/time variables again /* $article_data['year'] = $_POST['year']; $article_data['month'] = $_POST['month']; $article_data['day'] = $_POST['day']; $article_data['hour'] = $_POST['hour']; $article_data['minute'] = $_POST['minute']; */ } // date amended $article_data['date_amended'] = gmdate('Y-m-d H:i:s'); // seo data $article_data['seo_title'] = isset($_POST['seo_title']) ? clean_input($_POST['seo_title']) : ''; $article_data['seo_desc'] = isset($_POST['seo_desc']) ? clean_input($_POST['seo_desc']) : ''; $article_data['seo_keywords'] = isset($_POST['seo_keywords']) ? clean_input($_POST['seo_keywords']) : ''; $article_data['redirect_code'] = isset($_POST['redirect_code']) ? (int) $_POST['redirect_code'] : ''; $article_data['redirect_url'] = isset($_POST['redirect_url']) ? clean_input($_POST['redirect_url']) : ''; // validate redirect url if (!empty($_POST['redirect_url'])) { if (validate_url($_POST['redirect_url']) === false) { $article_data['error'][] = "Invalid redirect url entered: " . $_POST['redirect_url']; $article_data['redirect_url'] = ''; } else { $article_data['redirect_url'] = $_POST['redirect_url']; // if redirect url is set then we automatically change status to archived $article_data['status'] = 'A'; } } // comment settings $article_data['comments_hide'] = isset($_POST['comments_hide']) && !empty($_POST['comments_hide']) ? 1 : 0; $article_data['comments_disable'] = isset($_POST['comments_disable']) && !empty($_POST['comments_disable']) ? 1 : 0; // tags $article_data['tags'] = isset($_POST['tags']) && !empty($_POST['tags']) ? $_POST['tags'] : array(); // attachments $article_data['attachments'] = isset($_POST['attachments']) && !empty($_POST['attachments']) ? $_POST['attachments'] : array(); // tag new if (!empty($_POST['tag_new'])) { $new_tag = clean_input($_POST['tag_new']); $new_tag_ids = quick_insert_tags($new_tag); foreach ($new_tag_ids as $new_id) { if (is_int($new_id)) { $article_data['tags'][] = $new_id; } else { $article_data['error'][] = $new_id; } } } // any errors if (empty($article_data['error'])) { if (empty($article_data['id'])) { return insert_article($article_data); } else { return update_article($article_data); } } else { // we need to return timezone corrected dates to avoid errors $article_data = parse_article_dates($article_data); return stripslashes_deep($article_data); } }
/** * Processes sent forms and updates existing articles. */ function article_save() { global $txp_user, $vars, $prefs; extract($prefs); $incoming = array_map('assert_string', psa($vars)); $oldArticle = safe_row("Status, url_title, Title, textile_body, textile_excerpt,\n UNIX_TIMESTAMP(LastMod) AS sLastMod, LastModID,\n UNIX_TIMESTAMP(Posted) AS sPosted,\n UNIX_TIMESTAMP(Expires) AS sExpires", 'textpattern', "ID = " . (int) $incoming['ID']); if (!($oldArticle['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $oldArticle['Status'] >= STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < STATUS_LIVE and has_privs('article.edit') or $oldArticle['Status'] < STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } if ($oldArticle['sLastMod'] != $incoming['sLastMod']) { article_edit(array(gTxt('concurrent_edit_by', array('{author}' => txpspecialchars($oldArticle['LastModID']))), E_ERROR), true, true); return; } if (!has_privs('article.set_markup')) { $incoming['textile_body'] = $oldArticle['textile_body']; $incoming['textile_excerpt'] = $oldArticle['textile_excerpt']; } $incoming = textile_main_fields($incoming); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('ID', 'Status')))); // Comments may be on, off, or disabled. $Annotate = (int) $Annotate; if (!has_privs('article.publish') && $Status >= STATUS_LIVE) { $Status = STATUS_PENDING; } // Set and validate article timestamp. if ($reset_time) { $whenposted = "Posted = NOW()"; $when_ts = time(); } else { if (!is_numeric($year) || !is_numeric($month) || !is_numeric($day) || !is_numeric($hour) || !is_numeric($minute) || !is_numeric($second)) { $ts = false; } else { $ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); } if ($ts === false || $ts < 0) { $when = $when_ts = $oldArticle['sPosted']; $msg = array(gTxt('invalid_postdate'), E_ERROR); } else { $when = $when_ts = $ts - tz_offset($ts); } $whenposted = "Posted = FROM_UNIXTIME({$when})"; } // Set and validate expiry timestamp. if (empty($exp_year)) { $expires = 0; } else { if (empty($exp_month)) { $exp_month = 1; } if (empty($exp_day)) { $exp_day = 1; } if (empty($exp_hour)) { $exp_hour = 0; } if (empty($exp_minute)) { $exp_minute = 0; } if (empty($exp_second)) { $exp_second = 0; } $ts = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second); if ($ts === false || $ts < 0) { $expires = $oldArticle['sExpires']; $msg = array(gTxt('invalid_expirydate'), E_ERROR); } else { $expires = $ts - tz_offset($ts); } } if ($expires && $expires <= $when_ts) { $expires = $oldArticle['sExpires']; $msg = array(gTxt('article_expires_before_postdate'), E_ERROR); } if ($expires) { $whenexpires = "Expires = FROM_UNIXTIME({$expires})"; } else { $whenexpires = "Expires = " . NULLDATETIME; } // Auto-update custom-titles according to Title, as long as unpublished and // NOT customised. if (empty($url_title) || $oldArticle['Status'] < STATUS_LIVE && $oldArticle['url_title'] === $url_title && $oldArticle['url_title'] === stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] !== $Title) { $url_title = stripSpace($Title_plain, 1); } $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', ')); $user = doSlash($txp_user); $description = doSlash($description); $cfq = array(); $cfs = getCustomFields(); foreach ($cfs as $i => $cf_name) { $custom_x = "custom_{$i}"; $cfq[] = "custom_{$i} = '" . ${$custom_x} . "'"; } $cfq = join(', ', $cfq); $rs = compact($vars); if (article_validate($rs, $msg)) { if (safe_update('textpattern', "Title = '{$Title}',\n Body = '{$Body}',\n Body_html = '{$Body_html}',\n Excerpt = '{$Excerpt}',\n Excerpt_html = '{$Excerpt_html}',\n Keywords = '{$Keywords}',\n description = '{$description}',\n Image = '{$Image}',\n Status = {$Status},\n LastMod = NOW(),\n LastModID = '{$user}',\n Section = '{$Section}',\n Category1 = '{$Category1}',\n Category2 = '{$Category2}',\n Annotate = {$Annotate},\n textile_body = '{$textile_body}',\n textile_excerpt = '{$textile_excerpt}',\n override_form = '{$override_form}',\n url_title = '{$url_title}',\n AnnotateInvite = '{$AnnotateInvite}'," . ($cfs ? $cfq . ',' : '') . "{$whenposted},\n {$whenexpires}", "ID = {$ID}")) { if ($Status >= STATUS_LIVE && $oldArticle['Status'] < STATUS_LIVE) { do_pings(); } if ($Status >= STATUS_LIVE || $oldArticle['Status'] >= STATUS_LIVE) { update_lastmod('article_saved', $rs); } now('posted', true); now('expires', true); callback_event('article_saved', '', false, $rs); if (empty($msg)) { $s = check_url_title($url_title); $msg = array(get_status_message($Status) . ' ' . $s, $s ? E_WARNING : 0); } } else { $msg = array(gTxt('article_save_failed'), E_ERROR); } } article_edit($msg, false, true); }
function article_save() { global $txp_user, $vars, $txpcfg, $prefs; extract($prefs); $incoming = psa($vars); $oldArticle = safe_row('Status, url_title, Title', 'textpattern', 'ID = ' . (int) $incoming['ID']); if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } $incoming = textile_main_fields($incoming, $use_textile); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt')))); $Annotate = ps('Annotate') ? assert_int(ps('Annotate')) : 0; if (!has_privs('article.publish') && $Status >= 4) { $Status = 3; } if ($reset_time) { $whenposted = "Posted=now()"; } else { $when = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset(); $when = "from_unixtime({$when})"; $whenposted = "Posted={$when}"; } //Auto-Update custom-titles according to Title, as long as unpublished and NOT customized if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) { $url_title = stripSpace($Title_plain, 1); } if (!$Annotate) { $Annotate = 0; } safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = {$Status},\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = {$Annotate},\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted}", "ID = {$ID}"); if ($Status >= 4) { if ($oldArticle['Status'] < 4) { do_pings(); } update_lastmod(); } article_edit(get_status_message($Status) . check_url_title($url_title)); }