/** * Fiddle with the article's category selects */ function wet_article_partial_category_1($rs) { static $cats = null; if ($cats == null) { $cats = getTree('root', 'article'); } // Make radio buttons, not drop-downs $out = array(); if ($cats) { foreach ($cats as $c) { $c = doSpecial($c); $id = 'wet_cat-' . $c['name']; $out[] = radio('Category1', $c['name'], $rs['Category1'] == $c['name'] ? '1' : '', 'cat-' . $c['name']) . "<label for='{$id}'>{$c['title']}</label>"; } } return '<ul class="plain-list"><li>' . join('</li><li>', $out) . '</li></ul>'; }
/** * Render a link element to hook up txpAsyncHref() with request parameters * * @param string $item Link text * @param array $parms Request parameters; array keys are 'event', 'step', 'thing', 'property' * @param string $atts HTML attributes * @return string HTML * @since 4.5.0 * @see textpattern.js: txpAsyncHref */ function asyncHref($item, $parms, $atts = '') { extract(doSpecial(lAtts(array('event' => $GLOBALS['event'], 'step' => $GLOBALS['step'], 'thing' => '', 'property' => ''), $parms))); $class = "{$step} async"; $href = "?event={$event}&step={$step}&thing={$thing}&property={$property}"; if (AJAXALLY_CHALLENGED) { $href .= '&value=' . txpspecialchars($item) . '&_txp_token=' . form_token(); } return href($item, $href, $atts . " class=\"{$class}\""); }
function linklist($atts) { global $thislink; extract(lAtts(array('form' => 'plainlinks', 'sort' => 'linksort', 'label' => '', 'break' => '', 'limit' => '', 'wraptag' => '', 'category' => '', 'class' => __FUNCTION__), $atts)); $Form = fetch_form($form); $qparts = array($category ? "category='{$category}'" : '1', "order by", $sort, $limit ? "limit {$limit}" : ''); $rs = safe_rows_start("*", "txp_link", join(' ', $qparts)); if ($rs) { if ($label) { $outlist[] = $label; } while ($a = nextRow($rs)) { extract($a); $linkname = str_replace("& ", "& ", $linkname); $link = '<a href="' . doSpecial($url) . '">' . $linkname . '</a>'; $linkdesctitle = '<a href="' . doSpecial($url) . '" title="' . $description . '">' . $linkname . '</a>'; $thislink = $a; $out = str_replace("<txp:link />", $link, $Form); $out = str_replace("<txp:linkdesctitle />", $linkdesctitle, $out); $out = str_replace("<txp:link_description />", $description, $out); $outlist[] = parse($out); } if (!empty($outlist)) { return doWrap($outlist, $wraptag, $break, $class); } } return false; }
function rss() { global $prefs, $txpac; extract($prefs); ob_start(); extract(doSlash(gpsa(array('category', 'section', 'limit', 'area')))); // send a 304 if nothing has changed since the last visit $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last); header("Last-Modified: {$last}"); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); if ($hims == $last) { header("HTTP/1.1 304 Not Modified"); exit; } $area = gps('area'); $sitename .= $section ? ' - ' . $section : ''; $sitename .= $category ? ' - ' . $category : ''; $out[] = tag(doSpecial($sitename), 'title'); $out[] = tag('http://' . $siteurl . $path_from_root, 'link'); $out[] = tag(doSpecial($site_slogan), 'description'); if (!$area or $area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : '5'; $frs = safe_column("name", "txp_section", "in_rss != '1'"); if ($frs) { foreach ($frs as $f) { $query[] = "and Section != '" . $f . "'"; } } $query[] = $sfilter; $query[] = $cfilter; $rs = safe_rows("*", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}"); if ($rs) { foreach ($rs as $a) { extract($a); $Body = !$txpac['syndicate_body_or_excerpt'] ? $Body_html : $Excerpt; $Body = !trim($Body) ? $Body_html : $Body; $Body = str_replace('href="/', 'href="http://' . $siteurl . '/', $Body); $Body = htmlspecialchars($Body, ENT_NOQUOTES); $link = $url_mode == 0 ? 'http://' . $siteurl . $path_from_root . 'index.php?id=' . $ID : 'http://' . $siteurl . $path_from_root . $Section . '/' . $ID . '/'; if ($txpac['show_comment_count_in_feed']) { $dc = getCount('txp_discuss', "parentid={$ID} and visible=1"); $count = $dc > 0 ? ' [' . $dc . ']' : ''; } else { $count = ''; } $Title = doSpecial($Title) . $count; $item = tag(strip_tags($Title), 'title') . n . tag($Body, 'description') . n . tag($link, 'link'); $out[] = tag($item, 'item'); } header("Content-Type: text/xml"); return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>'; } } elseif ($area == 'link') { $cfilter = $category ? "category='{$category}'" : '1'; $limit = $limit ? $limit : 15; $rs = safe_rows("*", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { foreach ($rs as $a) { extract($a); $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag($url, 'link'); $out[] = tag($item, 'item'); } header("Content-Type: text/xml"); return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>'; } } return 'no articles recorded yet'; }
function render_feed($rs, $area, $type, $feedtitle, $atom_self_ref, $atom_id_ext) { global $prefs, $thisarticle; extract($prefs); set_error_handler('tagErrorHandler'); $atom = $type == 'atom'; if ($atom) { define("t_texthtml", ' type="text/html"'); define("t_text", ' type="text"'); define("t_html", ' type="html"'); define("t_xhtml", ' type="xhtml"'); define('t_appxhtml', ' type="xhtml"'); define("r_relalt", ' rel="alternate"'); define("r_relself", ' rel="self"'); } else { define("t_texthtml", ''); define("t_text", ''); define("t_html", ''); define("t_xhtml", ''); define('t_appxhtml', ''); define("r_relalt", ''); define("r_relself", ''); } $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); if ($atom) { $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"'); $out[] = tag(htmlspecialchars($feedtitle), 'title', t_text); $out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text); $out[] = tag(safe_strftime("w3cdtf", $last), 'updated'); $out[] = '<link' . r_relself . ' href="' . $atom_self_ref . '" />'; $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />'; //Atom feeds with mail or domain name $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . $atom_id_ext, 'id'); $pub = safe_row("RealName, email", "txp_users", "privs=1"); $auth[] = tag($pub['RealName'], 'name'); $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : ''; $auth[] = tag(hu, 'uri'); $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author'); } else { $out[] = tag('http://textpattern.com/?v=' . $version, 'generator'); $out[] = tag(doSpecial($feedtitle), 'title'); $out[] = tag(doSpecial($site_slogan), 'description'); $out[] = tag(safe_strftime('rfc822', $last), 'pubDate'); $out[] = tag(hu, 'link'); $out[] = '<atom:link href="' . $atom_self_ref . '" rel="self" type="application/rss+xml" />'; } $out[] = callback_event($atom ? 'atom_head' : 'rss_head'); $articles = array(); if (!$area or $area == 'article') { if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event($atom ? 'atom_entry' : 'rss_entry'); $e = array(); $thisauthor = doSpecial(get_author_name($AuthorID)); $thisauthor = tag($thisauthor, $atom ? 'name' : 'dc:creator'); if ($atom) { $thisauthor = tag(n . t . t . t . $thisauthor . n . t . t, 'author'); } $e['thisauthor'] = $thisauthor; if ($atom) { $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published'); } else { $e['issued'] = tag(safe_strftime('rfc822', $uPosted), 'pubDate'); } if ($atom) { $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated'); $e['category1'] = trim($Category1) ? '<category term="' . doSpecial($Category1) . '" />' : ''; $e['category2'] = trim($Category2) ? '<category term="' . doSpecial($Category2) . '" />' : ''; } $count = ''; if ($show_comment_count_in_feed && $comments_count > 0) { $count = ' [' . $comments_count . ']'; } $escaped_title = $atom ? htmlspecialchars($Title) : htmlspecialchars(strip_tags($Title)); $e['title'] = tag($escaped_title . $count, 'title', t_html); $a['posted'] = $uPosted; $permlink = permlinkurl($a); if ($atom) { $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />'; } else { $e['link'] = tag($permlink, 'link'); } $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, $atom ? 'id' : 'guid', $atom ? '' : ' isPermaLink="false"'); $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if (trim($summary)) { $e['summary'] = tag(n . escape_cdata($summary) . n, $atom ? 'summary' : 'description', t_html); } if (trim($content)) { $e['content'] = tag(n . escape_cdata($content) . n, $atom ? 'content' : 'content:encoded', t_html); } $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, $atom ? 'entry' : 'item'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $atom ? $uLastMod : $uPosted; } } } elseif ($area == 'link') { if ($rs) { while ($a = nextRow($rs)) { extract($a); $e['title'] = tag(doSpecial($linkname), 'title', t_html); if ($atom) { $e['content'] = tag(n . doSpecial($description) . n, 'content', t_html); $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url); $url = preg_replace("/&((?U).*)=/", "&\\1=", $url); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />'; $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published'); $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated'); $e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id'); } else { $e['content'] = tag(doSpecial($description), 'description'); $e['link'] = tag(doSpecial($url), 'link'); $e['issued'] = tag(safe_strftime('rfc822', $uDate), 'pubDate'); } $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, $atom ? 'entry' : 'item'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!$articles) { if ($section) { if (safe_field('name', 'txp_section', "name = '{$section}'") == false) { txp_die(gTxt('404_not_found'), '404'); } } elseif ($category) { switch ($area) { case 'link': if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; case 'article': default: if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'article'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; } } } else { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { // make sure notices/warnings/errors don't // fudge up the feed when compression is used $buf = ''; while ($b = @ob_get_clean()) { $buf .= $b; } @ob_start('ob_gzhandler'); echo $buf; } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id]) !== false) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { txp_status_header('304 Not Modified'); exit(0); } if ($etag) { header('ETag: "' . $etag . '"'); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } } $out = array_merge($out, $articles); header('Content-type: application/' . ($atom ? 'atom' : 'rss') . '+xml; charset=utf-8'); if ($atom) { return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . n . join(n, $out) . '</feed>'; } else { return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>'; } }
function author_list() { global $txp_user; echo n . n . hed(gTxt('authors'), 3, ' style="text-align: center;"') . n . n . startTable('list') . n . tr(n . hCell(gTxt('real_name')) . n . hCell(gTxt('login_name')) . n . hCell(gTxt('email')) . n . hCell(gTxt('privileges')) . n . hCell() . n . hCell()); $rs = safe_rows_start('*', 'txp_users', '1 = 1 order by name asc'); if ($rs) { if (has_privs('admin.edit')) { while ($a = nextRow($rs)) { extract($a); echo n . n . '<tr>' . n . '<form method="post" action="index.php">' . n . td(fInput('text', 'RealName', $RealName, 'edit')) . td(htmlspecialchars($name)) . td(fInput('text', 'email', $email, 'edit')); if ($name != $txp_user) { echo td(privs($privs) . sp . popHelp('about_privileges')); } else { echo td(get_priv_level($privs) . sp . popHelp('about_privileges') . hInput('privs', $privs)); } echo td(fInput('submit', 'save', gTxt('save'), 'smallerbox')) . n . hInput('user_id', $user_id) . n . eInput('admin') . n . sInput('author_save') . n . '</form>'; if ($name != $txp_user) { echo td(dLink('admin', 'author_delete', 'user_id', $user_id)); } else { echo td(); } echo n . '</tr>'; } } else { while ($a = nextRow($rs)) { extract(doSpecial($a)); echo tr(td($RealName) . td($name) . td('<a href="mailto:' . $email . '">' . $email . '</a>') . td(get_priv_level($privs) . sp . popHelp('about_privileges') . hInput('privs', $privs)) . td() . td()); } } echo n . endTable(); } }
function rss() { global $prefs, $thisarticle; set_error_handler('feedErrorHandler'); ob_clean(); extract($prefs); extract(doSlash(gpsa(array('limit', 'area')))); // build filter criteria from a comma-separated list of sections and categories $feed_filter_limit = get_pref('feed_filter_limit', 10); $section = gps('section'); $category = gps('category'); if (!is_scalar($section) || !is_scalar($category)) { txp_die('Not Found', 404); } $section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array(); $category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array(); $st = array(); foreach ($section as $s) { $st[] = fetch_section_title($s); } $ct = array(); foreach ($category as $c) { $ct[] = fetch_category_title($c); } $sitename .= $section ? ' - ' . join(' - ', $st) : ''; $sitename .= $category ? ' - ' . join(' - ', $ct) : ''; $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; // feed header $out[] = tag('http://textpattern.com/?v=' . $version, 'generator'); $out[] = tag(doSpecial($sitename), 'title'); $out[] = tag(hu, 'link'); $out[] = '<atom:link href="' . pagelinkurl(array('rss' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" rel="self" type="application/rss+xml" />'; $out[] = tag(doSpecial($site_slogan), 'description'); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $out[] = tag(safe_strftime('rfc822', $last), 'pubDate'); $out[] = callback_event('rss_head'); // feed items $articles = array(); $section = doSlash($section); $category = doSlash($category); if (!$area or $area == 'article') { $sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : ''; $cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", "txp_section", "in_rss != '1'"); if ($frs) { foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } } $query[] = $sfilter; $query[] = $cfilter; $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') '; $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(LastMod) as uLastMod, unix_timestamp(Expires) as uExpires, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now()" . $expired . "order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event('rss_entry'); $a['posted'] = $uPosted; $permlink = permlinkurl($a); $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $Title = escape_title(strip_tags($Title)) . $count; $thisauthor = get_author_name($AuthorID); $item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb; $articles[$ID] = tag($item, 'item'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uPosted; } } } elseif ($area == 'link') { $cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate'); $articles[$id] = tag($item, 'item'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!$articles) { if ($section) { if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) { txp_die(gTxt('404_not_found'), '404'); } } elseif ($category) { switch ($area) { case 'link': if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; case 'article': default: if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; } } } else { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { // make sure notices/warnings/errors don't fudge up the feed // when compression is used $buf = ''; while ($b = @ob_get_clean()) { $buf .= $b; } @ob_start('ob_gzhandler'); echo $buf; } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id]) !== false) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { txp_status_header('304 Not Modified'); exit(0); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } } $out = array_merge($out, $articles); header("Content-Type: application/rss+xml; charset=utf-8"); if (isset($etag)) { header('ETag: "' . $etag . '"'); } return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>'; }
function author_list() { global $txp_user, $author_list_pageby; extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) { $sort = 'name'; } $dir = $dir == 'desc' ? 'desc' : 'asc'; $sort_sql = $sort . ' ' . $dir; $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $total = getCount('txp_users', '1=1'); $limit = max($author_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); $rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', '1 = 1 order by ' . $sort_sql . ' limit ' . $offset . ', ' . $limit); if ($rs) { echo '<form action="index.php" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list') . tr(column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', 'name' == $sort ? $dir : '') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', 'RealName' == $sort ? $dir : '') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', 'email' == $sort ? $dir : '') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', 'privs' == $sort ? $dir : '') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', 'last_login' == $sort ? $dir : '') . hCell() . hCell()); while ($a = nextRow($rs)) { extract(doSpecial($a)); echo tr(td($name) . td($RealName) . td('<a href="mailto:' . $email . '">' . $email . '</a>') . td(get_priv_level($privs)) . td($last_login ? safe_strftime('%b %Y', $last_login) : '') . td(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, gTxt('edit')) : '') . td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name']) : '')); } echo n . n . tr(tda(select_buttons() . author_multiedit_form($page, $sort, $dir, $crit, $search_method), ' colspan="6" style="text-align: right; border: none;"')) . endTable() . '</form>' . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . pageby_form('admin', $author_list_pageby); } }
function link_url() { global $thislink; assert_link(); return doSpecial($thislink['url']); }
function makeConfig($ar) { define("nl", "';\n"); define("o", '$txpcfg[\''); define("m", "'] = '"); $open = chr(60) . '?php'; $close = '?' . chr(62); // Escape single quotes and backslashes in literal PHP strings foreach ($ar as $k => $v) { $ar[$k] = addcslashes($ar[$k], "'\\"); } $ar = doSpecial($ar); extract($ar); return $open . "\n" . o . 'db' . m . $ddb . nl . o . 'user' . m . $duser . nl . o . 'pass' . m . $dpass . nl . o . 'host' . m . $dhost . nl . ($dclient_flags ? o . 'client_flags' . "'] = " . $dclient_flags . ";\n" : '') . o . 'table_prefix' . m . $dprefix . nl . o . 'txpath' . m . txpath . nl . o . 'dbcharset' . m . $dbcharset . nl . $close; }
function atom() { global $thisarticle; extract($GLOBALS['prefs']); define("textplain", ' type="text/plain"'); define("texthtml", ' type="text/html"'); define("relalt", ' rel="alternate"'); define('appxhtml', ' type="application/xhtml+xml"'); define("divxhtml", '<div xmlns="http://www.w3.org/1999/xhtml">'); $area = doSlash(gps('area')); extract(doSlash(gpsa(array('category', 'section', 'limit')))); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $sitename .= $section ? ' - ' . $section : ''; $sitename .= $category ? ' - ' . $category : ''; $pub = safe_row("RealName, email", "txp_users", "privs=1"); $out[] = tag($sitename, 'title', textplain); $out[] = tag($site_slogan, 'tagline', textplain); $out[] = '<link' . relalt . texthtml . ' href="' . hu . '" />'; $articles = array(); //Atom feeds with mail or domain name $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id'); $out[] = tag('Textpattern', 'generator', ' url="http://textpattern.com" version="' . $version . '"'); $out[] = tag(date("Y-m-d\\TH:i:s\\Z", $last), 'modified'); $auth[] = tag($pub['RealName'], 'name'); $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : ''; $auth[] = tag(hu, 'url'); $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author'); if (!$area or $area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : '5'; $frs = safe_column("name", "txp_section", "in_rss != '1'"); foreach ($frs as $f) { $query[] = "and Section != '" . $f . "'"; } $query[] = $sfilter; $query[] = $cfilter; $rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $a['posted'] = $uPosted; if ($show_comment_count_in_feed) { $dc = getCount('txp_discuss', "parentid={$ID} and visible=1"); $count = $dc > 0 ? ' [' . $dc . ']' : ''; } else { $count = ''; } $thisauthor = safe_field("RealName", "txp_users", "name='{$AuthorID}'"); $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author'); $e['issued'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $uPosted), 'issued'); $e['modified'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $uLastMod), 'modified'); $escaped_title = safe_hed($Title); $escaped_title = preg_replace("/&(?![#a-z0-9]+;)/i", '&', $escaped_title); $escaped_title = str_replace('<', '<', $escaped_title); $escaped_title = str_replace('>', '>', $escaped_title); $e['title'] = tag($escaped_title . $count, 'title'); $uTitle = $url_title ? $url_title : stripSpace($Title); $uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES); $permlink = permlinkurl($a); $e['link'] = '<link' . relalt . texthtml . ' href="' . $permlink . '" />'; $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id'); $e['subject'] = tag(htmlspecialchars($Category1), 'dc:subject'); // pull Body or Excerpt? $Body = !$syndicate_body_or_excerpt ? $thisarticle['body'] : $thisarticle['excerpt']; // if Excerpt is empty, switch back to Body_html $Body = !trim($Body) ? $thisarticle['body'] : $Body; // fix relative urls $Body = str_replace('href="/', 'href="' . hu, $Body); $Body = preg_replace("/href=\\\"#(.*)\"/", "href=\"" . permlinkurl($a) . "#\\1\"", $Body); $Body = safe_hed($Body); // encode and entify $Body = preg_replace(array('/</', '/>/', "/'/", '/"/'), array('<', '>', ''', '"'), $Body); // encode bare ampersands $Body = preg_replace("/&(?![#0-9]+;|\\w+;)/i", '&', $Body); $e['content'] = tag(n . $Body . n, 'content', ' type="text/html" mode="escaped"'); $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uLastMod; } } } elseif ($area == 'link') { $cfilter = $category ? "category='{$category}'" : '1'; $limit = $limit ? $limit : 15; $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $e['title'] = tag(doSpecial($linkname), 'title'); $content = utf8_encode(htmlspecialchars($description)); $e['content'] = tag(n . $description . n, 'content', ' type="text/html" mode="escaped"'); $url = preg_replace("/^\\/(.*)/", "http://{$siteurl}/\$1", $url); $url = preg_replace("/&((?U).*)=/", "&\\1=", $url); $e['link'] = '<link' . relalt . texthtml . ' href="' . $url . '" />'; $e['issued'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $date), 'issued'); $e['modified'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $date), 'modified'); $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id'); $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!empty($articles)) { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { ob_start("ob_gzhandler"); } $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last); header("Last-Modified: {$last}"); $expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1); header("Expires: {$expires}"); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); if ($hims == $last) { header("HTTP/1.1 304 Not Modified"); exit; } $imsd = @strtotime($hims); if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id])) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { header("HTTP/1.1 304 Not Modified"); exit; } if ($etag) { header('ETag: "' . $etag . '"'); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } $out = array_merge($out, $articles); ob_start(); header('Content-type: application/atom+xml; charset=utf-8'); return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed version="0.3" xml:lang="' . $language . '" xmlns="http://purl.org/atom/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">' . join(n, $out) . '</feed>'; } }
function linkdesctitle($atts) { global $thislink; extract(lAtts(array('rel' => ''), $atts)); $description = $thislink['description'] ? ' title="' . escape_output($thislink['description']) . '"' : ''; return tag(escape_output($thislink['linkname']), 'a', ($rel ? ' rel="' . $rel . '"' : '') . ' href="' . doSpecial($thislink['url']) . '"' . $description); }
function atom() { global $txpac; extract($GLOBALS['prefs']); define("textplain", ' type="text/plain"'); define("texthtml", ' type="text/html"'); define("relalt", ' rel="alternate"'); define('appxhtml', ' type="application/xhtml+xml"'); define("divxhtml", '<div xmlns="http://www.w3.org/1999/xhtml">'); $area = gps('area'); extract(doSlash(gpsa(array('category', 'section', 'limit')))); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $sitename .= $section ? ' - ' . $section : ''; $sitename .= $category ? ' - ' . $category : ''; $out[] = tag($sitename, 'title', textplain); $out[] = tag($site_slogan, 'tagline', textplain); $out[] = '<link' . relalt . texthtml . ' href="http://' . $siteurl . $path_from_root . '" />'; $out[] = tag('tag:' . $siteurl . ',' . date("Y") . ':/', 'id'); $out[] = tag('Textpattern', 'generator', ' url="http://textpattern.com" version="g1.17"'); $out[] = tag(date("Y-m-d\\TH:i:s\\Z", $last), 'modified'); $pub = safe_row("RealName, email", "txp_users", "privs=1"); $auth[] = tag($pub['RealName'], 'name'); $auth[] = $txpac['include_email_atom'] ? tag(eE($pub['email']), 'email') : ''; $auth[] = tag('http://' . $siteurl . $path_from_root, 'url'); $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author'); if (!$area or $area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : '5'; $frs = safe_column("name", "txp_section", "in_rss != '1'"); foreach ($frs as $f) { $query[] = "and Section != '" . $f . "'"; } $query[] = $sfilter; $query[] = $cfilter; $rs = safe_rows("*, unix_timestamp(Posted) as uPosted,unix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}"); if ($rs) { foreach ($rs as $a) { extract($a); if ($txpac['show_comment_count_in_feed']) { $dc = getCount('txp_discuss', "parentid={$ID} and visible=1"); $count = $dc > 0 ? ' [' . $dc . ']' : ''; } else { $count = ''; } $e['issued'] = tag(date("Y-m-d\\TH:i:s\\Z", $uPosted), 'issued'); $e['modified'] = tag(date("Y-m-d\\TH:i:s\\Z", $uLastMod), 'modified'); $e['title'] = tag($Title . $count, 'title'); $elink = $url_mode == 0 ? 'http://' . $siteurl . $path_from_root . 'index.php?id=' . $ID : 'http://' . $siteurl . $path_from_root . $Section . '/' . $ID . '/'; $e['link'] = '<link' . relalt . texthtml . ' href="' . $elink . '" />'; $e['id'] = tag('tag:' . $siteurl . ',' . date("Y-m-d", $uPosted) . ':' . $ID, 'id'); $e['subject'] = tag(htmlspecialchars($Category1), 'dc:subject'); // pull Body or Excerpt? $Body = !$txpac['syndicate_body_or_excerpt'] ? $Body_html : $Excerpt; // if Excerpt is empty, switch back to Body_html $Body = !trim($Body) ? $Body_html : $Body; // fix relative urls $Body = str_replace('href="/', 'href="http://' . $siteurl . '/', $Body); // encode and entify $Body = utf8_encode(htmlspecialchars($Body)); $e['content'] = tag(n . $Body . n, 'content', ' type="text/html" mode="escaped" xml:lang="en"'); $out[] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); } } } elseif ($area == 'link') { $cfilter = $category ? "category='{$category}'" : '1'; $limit = $limit ? $limit : 15; $rs = safe_rows("*", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { foreach ($rs as $a) { extract($a); $e['title'] = tag(doSpecial($linkname), 'title'); $content = utf8_encode(htmlspecialchars($description)); $e['content'] = tag(n . $description . n, 'content', ' type="text/html" mode="escaped" xml:lang="en"'); $url = preg_replace("/^\\/(.*)/", "http://{$siteurl}/\$1", $url); $e['link'] = '<link' . relalt . texthtml . ' href="' . $url . '" />'; $out[] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); } } } if (!empty($out)) { ob_start(); header('Content-type: text/xml'); return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed version="0.3" xmlns="http://purl.org/atom/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">' . join(n, $out) . '</feed>'; } }
function linkdesctitle($atts) { global $thislink; assert_link(); extract(lAtts(array('rel' => ''), $atts)); $description = $thislink['description'] ? ' title="' . htmlspecialchars($thislink['description']) . '"' : ''; return tag(htmlspecialchars($thislink['linkname']), 'a', ($rel ? ' rel="' . $rel . '"' : '') . ' href="' . doSpecial($thislink['url']) . '"' . $description); }
function atom() { global $thisarticle; extract($GLOBALS['prefs']); define("t_texthtml", ' type="text/html"'); define("t_text", ' type="text"'); define("t_html", ' type="html"'); define("t_xhtml", ' type="xhtml"'); define('t_appxhtml', ' type="xhtml"'); define("r_relalt", ' rel="alternate"'); define("r_relself", ' rel="self"'); $area = doSlash(gps('area')); extract(doSlash(gpsa(array('category', 'section', 'limit')))); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $sitename .= $section ? ' - ' . $section : ''; $sitename .= $category ? ' - ' . $category : ''; $pub = safe_row("RealName, email", "txp_users", "privs=1"); $out[] = tag($sitename, 'title', t_text); $out[] = tag($site_slogan, 'subtitle', t_text); $out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1)) . '" />'; $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />'; $articles = array(); //Atom feeds with mail or domain name $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id'); $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"'); $out[] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $last), 'updated'); $auth[] = tag($pub['RealName'], 'name'); $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : ''; $auth[] = tag(hu, 'uri'); $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author'); if (!$area or $area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = min($limit, max(100, $rss_how_many)); $frs = safe_column("name", "txp_section", "in_rss != '1'"); $query = array(); foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } $query[] = $sfilter; $query[] = $cfilter; $rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $e = array(); $a['posted'] = $uPosted; if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $thisauthor = get_author_name($AuthorID); $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author'); $e['issued'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', $uPosted), 'published'); $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', $uLastMod), 'updated'); $escaped_title = escape_title($Title); $escaped_title = preg_replace("/&(?![#a-z0-9]+;)/i", '&', $escaped_title); $escaped_title = str_replace('<', '<', $escaped_title); $escaped_title = str_replace('>', '>', $escaped_title); $e['title'] = tag($escaped_title . $count, 'title'); $uTitle = $url_title ? $url_title : stripSpace($Title); $uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES); $permlink = permlinkurl($a); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />'; $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id'); $e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : ''; $e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : ''; $Excerpt = fixup_for_feed($thisarticle['excerpt'], permlinkurl($a)); if ($syndicate_body_or_excerpt == 0) { $Body = fixup_for_feed($thisarticle['body'], permlinkurl($a)); } else { $Body = ''; // If there's no excerpt, use body as content instead of body as summary if (!trim($Excerpt)) { $Body = fixup_for_feed($thisarticle['body'], permlinkurl($a)); } } if (trim($Body)) { $e['content'] = tag(n . $Body . n, 'content', t_html); } if (trim($Excerpt)) { $e['summary'] = tag(n . $Excerpt . n, 'summary', t_html); } $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uLastMod; } } } elseif ($area == 'link') { $cfilter = $category ? "category='" . $category . "'" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = min($limit, max(100, $rss_how_many)); $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $e['title'] = tag(doSpecial($linkname), 'title'); $content = utf8_encode(htmlspecialchars($description)); $e['content'] = tag(n . $description . n, 'content', t_texthtml); $url = preg_replace("/^\\/(.*)/", "http://{$siteurl}/\$1", $url); $url = preg_replace("/&((?U).*)=/", "&\\1=", $url); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />'; $e['issued'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'published'); $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated'); $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id'); $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!empty($articles)) { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { @ob_start("ob_gzhandler"); } $expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1); header("Expires: {$expires}"); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if ($imsd >= $last) { txp_status_header("304 Not Modified"); exit; } header("Last-Modified: " . gmdate('D, d M Y H:i:s \\G\\M\\T', $last)); if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id])) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { header("HTTP/1.1 304 Not Modified"); exit; } if ($etag) { header('ETag: "' . $etag . '"'); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } $out = array_merge($out, $articles); header('Content-type: application/atom+xml; charset=utf-8'); return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>'; } }
function author_list() { global $txp_user, $author_list_pageby; extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); if ($sort === '') { $sort = get_pref('admin_sort_column', 'name'); } if ($dir === '') { $dir = get_pref('admin_sort_dir', 'asc'); } $dir = $dir == 'desc' ? 'desc' : 'asc'; if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) { $sort = 'name'; } $sort_sql = $sort . ' ' . $dir; set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE); set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE); $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $total = getCount('txp_users', '1=1'); $limit = max($author_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); $rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', '1 = 1 order by ' . $sort_sql . ' limit ' . $offset . ', ' . $limit); if ($rs) { echo n . '<div class="txp-list">'; echo '<form action="index.php" id="users_form" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', 'list') . n . '<thead>' . n . tr(column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'name login-name') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'name real-name') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'email') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'privs') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'date last-login modified') . hCell('', '', ' class="actions"') . hCell('', '', ' class="multi-edit"')) . n . '</thead>'; $tfoot = n . '<tfoot>' . tr(tda(has_privs('admin.edit') ? select_buttons() . author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '', ' class="multi-edit" colspan="7" style="text-align: right; border: none;"')) . n . '</tfoot>'; echo $tfoot; echo '<tbody>'; $ctr = 1; while ($a = nextRow($rs)) { extract(doSpecial($a)); echo tr(td($name, '', 'name login-name') . td($RealName, '', 'name real-name') . td('<a href="mailto:' . $email . '">' . $email . '</a>', '', 'email') . td(get_priv_level($privs), '', 'privs') . td($last_login ? safe_strftime('%b %Y', $last_login) : '', '', 'date last-login modified') . td(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, gTxt('edit')) : '', '', 'actions') . td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'multi-edit'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"'); $ctr++; } echo '</tbody>' . n . endTable() . n . '</form>' . n . '<div id="users_navigation" class="txp-navigation">' . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . pageby_form('admin', $author_list_pageby) . n . '</div>' . n . '</div>'; } }
function rss() { global $prefs, $thisarticle; extract($prefs); ob_start(); extract(doSlash(gpsa(array('category', 'section', 'limit', 'area')))); $area = gps('area'); $sitename .= $section ? ' - ' . $section : ''; $sitename .= $category ? ' - ' . $category : ''; $out[] = tag(doSpecial($sitename), 'title'); $out[] = tag(hu, 'link'); $out[] = tag(doSpecial($site_slogan), 'description'); $articles = array(); if (!$area or $area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : '5'; $frs = safe_column("name", "txp_section", "in_rss != '1'"); if ($frs) { foreach ($frs as $f) { $query[] = "and Section != '" . $f . "'"; } } $query[] = $sfilter; $query[] = $cfilter; $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $a['posted'] = $uPosted; $Body = !$syndicate_body_or_excerpt ? $thisarticle['body'] : $thisarticle['excerpt']; $Body = !trim($Body) ? $thisarticle['body'] : $Body; $Body = str_replace('href="/', 'href="' . hu, $Body); $Body = preg_replace("/href=\\\"#(.*)\"/", "href=\"" . permlinkurl($a) . "#\\1\"", $Body); $Body = safe_hed($Body); $Body = preg_replace(array('/</', '/>/', "/'/", '/"/'), array('<', '>', ''', '"'), $Body); // encode bare ampersands $Body = preg_replace("/&(?![#0-9]+;|\\w+;)/i", '&', $Body); $uTitle = $url_title ? $url_title : stripSpace($Title); $uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES); if ($show_comment_count_in_feed) { $dc = getCount('txp_discuss', "parentid={$ID} and visible=1"); $count = $dc > 0 ? ' [' . $dc . ']' : ''; } else { $count = ''; } $Title = doSpecial($Title) . $count; $permlink = permlinkurl($a); $item = tag(strip_tags($Title), 'title') . n . tag($Body, 'description') . n . tag($permlink, 'link'); $articles[$ID] = tag($item, 'item'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uPosted; } } } elseif ($area == 'link') { $cfilter = $category ? "category='{$category}'" : '1'; $limit = $limit ? $limit : 15; $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link'); $articles[$id] = tag($item, 'item'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { ob_start("ob_gzhandler"); } $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last); header("Last-Modified: {$last}"); $expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1); header("Expires: {$expires}"); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); if ($hims == $last) { header("HTTP/1.1 304 Not Modified"); exit; } $imsd = @strtotime($hims); if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id]) !== false) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { header("HTTP/1.1 304 Not Modified"); exit; } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } $out = array_merge($out, $articles); header("Content-Type: application/rss+xml; charset=utf-8"); if ($etag) { header('ETag: "' . $etag . '"'); } return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>'; }
/** * The main panel listing all authors. * * @param string|array $message The activity message */ function author_list($message = '') { global $event, $txp_user, $author_list_pageby, $levels; pagetop(gTxt('tab_site_admin'), $message); if (is_disabled('mail')) { echo graf(span(null, array('class' => 'ui-icon ui-icon-alert')) . ' ' . gTxt('warn_mail_unavailable'), array('class' => 'alert-block warning')); } $buttons = array(); // Change password button. $buttons[] = sLink('admin', 'new_pass_form', gTxt('change_password'), 'txp-button'); if (!has_privs('admin.edit')) { // Change email address button. $buttons[] = sLink('admin', 'change_email_form', gTxt('change_email_address'), 'txp-button'); } else { // New author button. $buttons[] = sLink('admin', 'author_edit', gTxt('add_new_author'), 'txp-button'); } // User list. if (has_privs('admin.list')) { extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); if ($sort === '') { $sort = get_pref('admin_sort_column', 'name'); } else { if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) { $sort = 'name'; } set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE); } if ($dir === '') { $dir = get_pref('admin_sort_dir', 'asc'); } else { $dir = $dir == 'desc' ? "desc" : "asc"; set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE); } $sort_sql = $sort . ' ' . $dir; $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $search = new Filter($event, array('login' => array('column' => 'txp_users.name', 'label' => gTxt('login_name')), 'RealName' => array('column' => 'txp_users.RealName', 'label' => gTxt('real_name')), 'email' => array('column' => 'txp_users.email', 'label' => gTxt('email')), 'privs' => array('column' => array('txp_users.privs'), 'label' => gTxt('privileges'), 'type' => 'boolean'))); $search->setAliases('privs', $levels); list($criteria, $crit, $search_method) = $search->getFilter(); $search_render_options = array('placeholder' => 'search_users'); $total = getCount('txp_users', $criteria); echo n . tag(hed(gTxt('tab_site_admin'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1')); $searchBlock = n . tag($search->renderForm('author_list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => 'users_control')); $createBlock = array(); $createBlock[] = n . tag(implode(n, $buttons), 'div', array('class' => 'txp-control-panel')); $contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => 'users_container')); $createBlock = implode(n, $createBlock); if ($total < 1) { if ($criteria != 1) { echo $searchBlock . $contentBlockStart . $createBlock . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information')) . n . tag_end('div'); } return; } $limit = max($author_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); $use_multi_edit = has_privs('admin.edit') && ($total > 1 or safe_count('txp_users', "1 = 1") > 1); echo $searchBlock . $contentBlockStart . $createBlock; $rs = safe_rows_start("*, UNIX_TIMESTAMP(last_access) AS last_login", 'txp_users', "{$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}"); if ($rs) { echo n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'users_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(($use_multi_edit ? hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') : hCell('', '', ' class="txp-list-col-multi-edit" scope="col"')) . column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'txp-list-col-login-name name') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'txp-list-col-real-name name') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'txp-list-col-email') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'txp-list-col-privs') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'txp-list-col-last-login date')) . n . tag_end('thead') . n . tag_start('tbody'); while ($a = nextRow($rs)) { extract(doSpecial($a)); echo tr(td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'txp-list-col-multi-edit') . hCell(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, $name) : $name, '', ' class="txp-list-col-login-name name" scope="row"') . td($RealName, '', 'txp-list-col-real-name name') . td(href($email, 'mailto:' . $email), '', 'txp-list-col-email') . td(get_priv_level($privs), '', 'txp-list-col-privs') . td($last_login ? safe_strftime('%b %Y', $last_login) : '', '', 'txp-list-col-last-login date')); } echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . ($use_multi_edit ? author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '') . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => 'users_navigation')) . pageby_form('admin', $author_list_pageby) . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . n . tag_end('div'); } echo n . tag_end('div'); } else { echo n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => 'users_container')) . n . tag(implode(n, $buttons), 'div', array('class' => 'txp-control-panel')) . n . tag_end('div'); } }
/** * The main author list. * * @param string|array $message The activity message */ function author_list($message = '') { global $txp_user, $author_list_pageby; pagetop(gTxt('tab_site_admin'), $message); if (is_disabled('mail')) { echo graf(span(null, array('class' => 'ui-icon ui-icon-alert')) . ' ' . gTxt('warn_mail_unavailable'), array('class' => 'alert-block warning')); } echo hed(gTxt('tab_site_admin'), 1, array('class' => 'txp-heading')); echo n . '<div id="users_control" class="txp-control-panel">'; $buttons = array(); // Change password button. $buttons[] = sLink('admin', 'new_pass_form', gTxt('change_password')); if (!has_privs('admin.edit')) { // Change email address button. $buttons[] = sLink('admin', 'change_email_form', gTxt('change_email_address')); } else { // New author button. $buttons[] = sLink('admin', 'author_edit', gTxt('add_new_author')); } echo graf(join(n, $buttons), array('class' => 'txp-buttons')); // User list. if (has_privs('admin.list')) { extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); if ($sort === '') { $sort = get_pref('admin_sort_column', 'name'); } if ($dir === '') { $dir = get_pref('admin_sort_dir', 'asc'); } $dir = $dir == 'desc' ? 'desc' : 'asc'; if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) { $sort = 'name'; } $sort_sql = $sort . ' ' . $dir; set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE); set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE); $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $criteria = 1; if ($search_method and $crit != '') { $verbatim = preg_match('/^"(.*)"$/', $crit, $m); $crit_escaped = $verbatim ? doSlash($m[1]) : doLike($crit); $critsql = $verbatim ? array('id' => "user_id in ('" . join("','", do_list($crit_escaped)) . "')", 'login' => "name = '{$crit_escaped}'", 'real_name' => "RealName = '{$crit_escaped}'", 'email' => "email = '{$crit_escaped}'", 'privs' => "convert(privs, char) in ('" . join("','", do_list($crit_escaped)) . "')") : array('id' => "user_id in ('" . join("','", do_list($crit_escaped)) . "')", 'login' => "name like '%{$crit_escaped}%'", 'real_name' => "RealName like '%{$crit_escaped}%'", 'email' => "email like '%{$crit_escaped}%'", 'privs' => "convert(privs, char) in ('" . join("','", do_list($crit_escaped)) . "')"); if (array_key_exists($search_method, $critsql)) { $criteria = $critsql[$search_method]; } else { $search_method = ''; $crit = ''; } } else { $search_method = ''; $crit = ''; } $criteria .= callback_event('admin_criteria', 'author_list', 0, $criteria); $total = getCount('txp_users', $criteria); if ($total < 1) { if ($criteria != 1) { echo n . author_search_form($crit, $search_method) . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>'; } return; } $limit = max($author_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); $use_multi_edit = has_privs('admin.edit') && safe_count('txp_users', '1=1') > 1; echo author_search_form($crit, $search_method) . '</div>'; $rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}"); if ($rs) { echo n . tag_start('div', array('id' => 'users_container', 'class' => 'txp-container')) . n . tag_start('form', array('action' => 'index.php', 'id' => 'users_form', 'class' => 'multi_edit_form', 'method' => 'post', 'name' => 'longform')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(($use_multi_edit ? hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' scope="col" title="' . gTxt('toggle_all_selected') . '" class="txp-list-col-multi-edit"') : hCell('', '', ' scope="col" class="txp-list-col-multi-edit"')) . column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'txp-list-col-login-name name') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'txp-list-col-real-name name') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'txp-list-col-email') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'txp-list-col-privs') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'txp-list-col-last-login date')) . n . tag_end('thead') . n . tag_start('tbody'); while ($a = nextRow($rs)) { extract(doSpecial($a)); echo tr(td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'txp-list-col-multi-edit') . hCell(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, $name) : $name, '', ' scope="row" class="txp-list-col-login-name name"') . td($RealName, '', 'txp-list-col-real-name name') . td(href($email, 'mailto:' . $email), '', 'txp-list-col-email') . td(get_priv_level($privs), '', 'txp-list-col-privs') . td($last_login ? safe_strftime('%b %Y', $last_login) : '', '', 'txp-list-col-last-login date')); } echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . ($use_multi_edit ? author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '') . tInput() . n . tag_end('form') . n . tag_start('div', array('id' => 'users_navigation', 'class' => 'txp-navigation')) . pageby_form('admin', $author_list_pageby) . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . n . tag_end('div') . n . tag_end('div'); } } else { echo n . tag_end('div'); } }
/** * Outputs a diagnostics report. * * This is the main panel. */ function doDiagnostics() { global $prefs, $files, $txpcfg, $event, $step, $theme, $DB; extract(get_prefs()); $urlparts = parse_url(hu); $mydomain = $urlparts['host']; $is_apache = stristr(serverSet('SERVER_SOFTWARE'), 'Apache') || is_callable('apache_get_version'); $real_doc_root = isset($_SERVER['DOCUMENT_ROOT']) ? realpath($_SERVER['DOCUMENT_ROOT']) : ''; // ini_get() returns string values passed via php_value as a string, not boolean. $is_register_globals = (strcasecmp(ini_get('register_globals'), 'on') === 0 or ini_get('register_globals') === '1'); // Check for Textpattern updates, at most once every 24 hours. $now = time(); $updateInfo = unserialize(get_pref('last_update_check', '')); if (!$updateInfo || $now > $updateInfo['when'] + 60 * 60 * 24) { $updates = checkUpdates(); $updateInfo['msg'] = $updates ? gTxt($updates['msg'], array('{version}' => $updates['version'])) : ''; $updateInfo['when'] = $now; set_pref('last_update_check', serialize($updateInfo), 'publish', PREF_HIDDEN, 'text_input'); } $fail = array(); if (!empty($updateInfo['msg'])) { $fail['textpattern_version_update'] = diag_msg_wrap($updateInfo['msg'], 'information'); } if (!is_callable('version_compare') || version_compare(PHP_VERSION, REQUIRED_PHP_VERSION, '<')) { $fail['php_version_required'] = diag_msg_wrap(gTxt('php_version_required', array('{version}' => REQUIRED_PHP_VERSION))); } if (!isset($path_to_site)) { $fail['path_to_site_missing'] = diag_msg_wrap(gTxt('path_to_site_missing'), 'warning'); } if (@gethostbyname($mydomain) === $mydomain) { $fail['dns_lookup_fails'] = diag_msg_wrap(gTxt('dns_lookup_fails') . cs . $mydomain, 'warning'); } if (!@is_dir($path_to_site)) { $fail['path_to_site_inacc'] = diag_msg_wrap(gTxt('path_to_site_inacc') . cs . $path_to_site); } if (rtrim($siteurl, '/') != $siteurl) { $fail['site_trailing_slash'] = diag_msg_wrap(gTxt('site_trailing_slash') . cs . $path_to_site, 'warning'); } if (!@is_file($path_to_site . "/index.php") || !@is_readable($path_to_site . "/index.php")) { $fail['index_inaccessible'] = diag_msg_wrap("{$path_to_site}/index.php " . gTxt('is_inaccessible')); } $not_readable = array(); if (!@is_writable($path_to_site . '/' . $img_dir)) { $not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('img_dir'), gTxt('dir_not_writable')) . ": {$path_to_site}/{$img_dir}", 'warning'); } if (!@is_writable($file_base_path)) { $not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('file_base_path'), gTxt('dir_not_writable')) . ": {$file_base_path}", 'warning'); } if (!@is_writable($tempdir)) { $not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('tempdir'), gTxt('dir_not_writable')) . ": {$tempdir}", 'warning'); } if ($not_readable) { $fail['dir_not_writable'] = join(n, $not_readable); } if ($permlink_mode != 'messy' && !$is_apache) { $fail['cleanurl_only_apache'] = diag_msg_wrap(gTxt('cleanurl_only_apache'), 'information'); } if ($permlink_mode != 'messy' and !@is_readable($path_to_site . '/.htaccess')) { $fail['htaccess_missing'] = diag_msg_wrap(gTxt('htaccess_missing')); } if ($permlink_mode != 'messy' and is_callable('apache_get_modules') and !apache_module('mod_rewrite')) { $fail['mod_rewrite_missing'] = diag_msg_wrap(gTxt('mod_rewrite_missing')); } if (!ini_get('file_uploads')) { $fail['file_uploads_disabled'] = diag_msg_wrap(gTxt('file_uploads_disabled'), 'information'); } if (@is_dir(txpath . DS . 'setup')) { $fail['setup_still_exists'] = diag_msg_wrap(txpath . DS . "setup" . DS . ' ' . gTxt('still_exists'), 'warning'); } if (empty($tempdir)) { $fail['no_temp_dir'] = diag_msg_wrap(gTxt('no_temp_dir'), 'warning'); } if (is_disabled('mail')) { $fail['warn_mail_unavailable'] = diag_msg_wrap(gTxt('warn_mail_unavailable'), 'warning'); } if ($is_register_globals) { $fail['warn_register_globals_or_update'] = diag_msg_wrap(gTxt('warn_register_globals_or_update'), 'warning'); } if ($permlink_mode != 'messy') { $rs = safe_column("name", "txp_section", "1"); foreach ($rs as $name) { if ($name and @file_exists($path_to_site . '/' . $name)) { $fail['old_placeholder_exists'] = diag_msg_wrap(gTxt('old_placeholder') . ": {$path_to_site}/{$name}"); } } } $cs = check_file_integrity(INTEGRITY_REALPATH); if (!$cs) { $cs = array(); } // Files that don't match their checksums. if ($modified_files = array_keys($cs, INTEGRITY_MODIFIED)) { $fail['modified_files'] = diag_msg_wrap(gTxt('modified_files') . cs . n . t . join(', ' . n . t, $modified_files), 'warning'); } // Running development code in live mode is not recommended. if (preg_match('/-dev$/', txp_version) and $production_status == 'live') { $fail['dev_version_live'] = diag_msg_wrap(gTxt('dev_version_live'), 'warning'); } // Missing files. if ($missing = array_merge(array_keys($cs, INTEGRITY_MISSING), array_keys($cs, INTEGRITY_NOT_FILE), array_keys($cs, INTEGRITY_NOT_READABLE))) { $fail['missing_files'] = diag_msg_wrap(gTxt('missing_files') . cs . n . t . join(', ' . n . t, $missing)); } // Anything might break if arbitrary functions are disabled. if (ini_get('disable_functions')) { $disabled_funcs = array_map('trim', explode(',', ini_get('disable_functions'))); // Commonly disabled functions that we don't need. $disabled_funcs = array_diff($disabled_funcs, array('imagefilltoborder', 'escapeshellarg', 'escapeshellcmd', 'exec', 'passthru', 'proc_close', 'proc_get_status', 'proc_nice', 'proc_open', 'proc_terminate', 'shell_exec', 'system', 'popen', 'dl', 'chown')); if ($disabled_funcs) { $fail['some_php_functions_disabled'] = diag_msg_wrap(gTxt('some_php_functions_disabled') . cs . join(', ', $disabled_funcs), 'warning'); } } // Not sure about this one. // if (strncmp(php_sapi_name(), 'cgi', 3) == 0 and ini_get('cgi.rfc2616_headers')) // $fail['cgi_header_config'] = gTxt('cgi_header_config'); $guess_site_url = $_SERVER['HTTP_HOST'] . preg_replace('#[/\\\\]$#', '', dirname(dirname($_SERVER['SCRIPT_NAME']))); if ($siteurl and strip_prefix($siteurl, 'www.') != strip_prefix($guess_site_url, 'www.')) { $fail['site_url_mismatch'] = diag_msg_wrap(gTxt('site_url_mismatch') . cs . $guess_site_url, 'warning'); } // Test clean URL server vars. if (hu) { if (ini_get('allow_url_fopen') and $permlink_mode != 'messy') { $s = md5(uniqid(rand(), true)); ini_set('default_socket_timeout', 10); $pretext_data = @file(hu . $s . '/?txpcleantest=1'); if ($pretext_data) { $pretext_req = trim(@$pretext_data[0]); if ($pretext_req != md5('/' . $s . '/?txpcleantest=1')) { $fail['clean_url_data_failed'] = diag_msg_wrap(gTxt('clean_url_data_failed') . cs . txpspecialchars($pretext_req), 'warning'); } } else { $fail['clean_url_test_failed'] = diag_msg_wrap(gTxt('clean_url_test_failed'), 'warning'); } } } if ($tables = list_txp_tables()) { $table_errors = check_tables($tables); if ($table_errors) { $fail['mysql_table_errors'] = diag_msg_wrap(gTxt('mysql_table_errors') . cs . n . t . join(', ' . n . t, $table_errors)); } } $active_plugins = array(); if ($rows = safe_rows('name, version, code_md5, md5(code) as md5', 'txp_plugin', 'status > 0')) { foreach ($rows as $row) { $n = $row['name'] . '-' . $row['version']; if (strtolower($row['md5']) != strtolower($row['code_md5'])) { $n .= 'm'; } $active_plugins[] = $n; } } $theme_manifest = $theme->manifest(); // Check GD info. if (function_exists('gd_info')) { $gd_info = gd_info(); $gd_support = array(); if ($gd_info['GIF Create Support']) { $gd_support[] = 'GIF'; } // Aside: In PHP 5.3, they chose to add a previously unemployed capital "E" to the array key. if (!empty($gd_info['JPEG Support']) || !empty($gd_info['JPG Support'])) { $gd_support[] = 'JPG'; } if ($gd_info['PNG Support']) { $gd_support[] = 'PNG'; } if ($gd_support) { $gd_support = join(', ', $gd_support); } else { $gd_support = gTxt('none'); } $gd = gTxt('gd_info', array('{version}' => $gd_info['GD Version'], '{supported}' => $gd_support)); } else { $gd = gTxt('gd_unavailable'); } if (realpath($prefs['tempdir']) === realpath($prefs['plugin_cache_dir'])) { $fail['tmp_plugin_paths_match'] = diag_msg_wrap(gTxt('tmp_plugin_paths_match')); } // Database server time. extract(doSpecial(getRow('select @@global.time_zone as db_global_timezone, @@session.time_zone as db_session_timezone, now() as db_server_time, unix_timestamp(now()) as db_server_timestamp'))); $db_server_timeoffset = $db_server_timestamp - $now; echo pagetop(gTxt('tab_diagnostics'), ''); echo hed(gTxt('tab_diagnostics'), 1, array('class' => 'txp-heading')); echo n . '<div id="' . $event . '_container" class="txp-container">' . n . '<div id="pre_flight_check">' . hed(gTxt('preflight_check'), 2); if ($fail) { foreach ($fail as $help => $message) { echo graf(nl2br($message) . popHelp($help)); } } else { echo graf(diag_msg_wrap(gTxt('all_checks_passed'), 'success')); } echo '</div>'; echo '<div id="diagnostics">', hed(gTxt('diagnostic_info'), 2); $fmt_date = '%Y-%m-%d %H:%M:%S'; $out = array('<p><textarea class="code" id="diagnostics-detail" cols="' . INPUT_LARGE . '" rows="' . TEXTAREA_HEIGHT_LARGE . '" dir="ltr" readonly>', gTxt('txp_version') . cs . txp_version . ' (' . check_file_integrity(INTEGRITY_DIGEST) . ')' . n, gTxt('last_update') . cs . gmstrftime($fmt_date, $dbupdatetime) . '/' . gmstrftime($fmt_date, @filemtime(txpath . '/update/_update.php')) . n, gTxt('document_root') . cs . @$_SERVER['DOCUMENT_ROOT'] . ($real_doc_root != @$_SERVER['DOCUMENT_ROOT'] ? ' (' . $real_doc_root . ')' : '') . n, '$path_to_site' . cs . $path_to_site . n, gTxt('txp_path') . cs . txpath . n, gTxt('permlink_mode') . cs . $permlink_mode . n, ini_get('open_basedir') ? 'open_basedir: ' . ini_get('open_basedir') . n : '', ini_get('upload_tmp_dir') ? 'upload_tmp_dir: ' . ini_get('upload_tmp_dir') . n : '', gTxt('tempdir') . cs . $tempdir . n, gTxt('web_domain') . cs . $siteurl . n, gTxt('php_version') . cs . phpversion() . n, $is_register_globals ? gTxt('register_globals') . cs . $is_register_globals . n : '', gTxt('gd_library') . cs . $gd . n, gTxt('server') . ' TZ: ' . Txp::get('Textpattern_Date_Timezone')->getTimeZone() . n, gTxt('server_time') . cs . strftime('%Y-%m-%d %H:%M:%S') . n, strip_tags(gTxt('is_dst')) . cs . $is_dst . n, strip_tags(gTxt('auto_dst')) . cs . $auto_dst . n, strip_tags(gTxt('gmtoffset')) . cs . $timezone_key . sp . "({$gmtoffset})" . n, 'MySQL' . cs . mysql_get_server_info() . n, gTxt('db_server_time') . cs . $db_server_time . n, gTxt('db_server_timeoffset') . cs . $db_server_timeoffset . ' s' . n, gTxt('db_global_timezone') . cs . $db_global_timezone . n, gTxt('db_session_timezone') . cs . $db_session_timezone . n, gTxt('locale') . cs . $locale . n, isset($_SERVER['SERVER_SOFTWARE']) ? gTxt('server') . cs . $_SERVER['SERVER_SOFTWARE'] . n : '', is_callable('apache_get_version') ? gTxt('apache_version') . cs . @apache_get_version() . n : '', gTxt('php_sapi_mode') . cs . PHP_SAPI . n, gTxt('rfc2616_headers') . cs . ini_get('cgi.rfc2616_headers') . n, gTxt('os_version') . cs . php_uname('s') . ' ' . php_uname('r') . n, $active_plugins ? gTxt('active_plugins') . cs . join(', ', $active_plugins) . n : '', gTxt('theme_name') . cs . $theme_name . sp . $theme_manifest['version'] . n, $fail ? n . gTxt('preflight_check') . cs . n . ln . join("\n", doStripTags($fail)) . n . ln : '', is_readable($path_to_site . '/.htaccess') ? n . gTxt('htaccess_contents') . cs . n . ln . txpspecialchars(join('', file($path_to_site . '/.htaccess'))) . n . ln : ''); if ($step == 'high') { $out[] = n . 'Charset (default/config)' . cs . $DB->default_charset . '/' . $DB->charset . n; $result = safe_query("SHOW variables like 'character_se%'"); while ($row = mysql_fetch_row($result)) { $out[] = $row[0] . cs . $row[1] . n; if ($row[0] == 'character_set_connection') { $conn_char = $row[1]; } } $table_names = array(PFX . 'textpattern'); $result = safe_query("SHOW TABLES LIKE '" . PFX . "txp\\_%'"); while ($row = mysql_fetch_row($result)) { $table_names[] = $row[0]; } $table_msg = array(); foreach ($table_names as $table) { $ctr = safe_query("SHOW CREATE TABLE " . $table . ""); if (!$ctr) { unset($table_names[$table]); continue; } $ctcharset = preg_replace('#^CREATE TABLE.*SET=([^ ]+)[^)]*$#is', '\\1', mysql_result($ctr, 0, 'Create Table')); if (isset($conn_char) && !stristr($ctcharset, 'CREATE') && $conn_char != $ctcharset) { $table_msg[] = "{$table} is {$ctcharset}"; } $ctr = safe_query("CHECK TABLE " . $table); if (in_array(mysql_result($ctr, 0, 'Msg_type'), array('error', 'warning'))) { $table_msg[] = $table . cs . mysql_result($ctr, 0, 'Msg_Text'); } } if ($table_msg == array()) { $table_msg = count($table_names) < 17 ? array('-') : array('OK'); } $out[] = count($table_names) . ' Tables' . cs . implode(', ', $table_msg) . n; $cf = preg_grep('/^custom_\\d+/', getThings('describe `' . PFX . 'textpattern`')); $out[] = n . get_pref('max_custom_fields', 10) . sp . gTxt('custom') . cs . implode(', ', $cf) . sp . '(' . count($cf) . ')' . n; $extns = get_loaded_extensions(); $extv = array(); foreach ($extns as $e) { $extv[] = $e . (phpversion($e) ? '/' . phpversion($e) : ''); } $out[] = n . gTxt('php_extensions') . cs . join(', ', $extv) . n; if (is_callable('apache_get_modules')) { $out[] = n . gTxt('apache_modules') . cs . join(', ', apache_get_modules()) . n; } if (@is_array($pretext_data) and count($pretext_data) > 1) { $out[] = n . gTxt('pretext_data') . cs . txpspecialchars(join('', array_slice($pretext_data, 1, 20))) . n; } $out[] = n; if ($md5s = check_file_integrity(INTEGRITY_MD5)) { foreach ($md5s as $f => $checksum) { $out[] = $f . cs . n . t . (!$checksum ? gTxt('unknown') : $checksum) . n; } } $out[] = n . ln; } $out[] = callback_event('diag_results', $step) . n; $out[] = '</textarea></p>'; $dets = array('low' => gTxt('low'), 'high' => gTxt('high')); $out[] = form(graf(eInput('diag') . n . '<label>' . gTxt('detail') . '</label>' . selectInput('step', $dets, $step, 0, 1))); echo join('', $out), '</div>', '</div>'; }
function makeConfig() { define("nl", "';\n"); define("o", '$txpcfg[\''); define("m", "'] = '"); $open = chr(60) . '?php'; $close = '?' . chr(62); // Escape single quotes and backslashes in literal PHP strings foreach ($_SESSION as $k => $v) { $_SESSION[$k] = addcslashes($_SESSION[$k], "'\\"); } $_SESSION = doSpecial($_SESSION); return $open . "\n" . o . 'db' . m . $_SESSION['ddb'] . nl . o . 'user' . m . $_SESSION['duser'] . nl . o . 'pass' . m . $_SESSION['dpass'] . nl . o . 'host' . m . $_SESSION['dhost'] . nl . ($_SESSION['dclient_flags'] ? o . 'client_flags' . "'] = " . $_SESSION['dclient_flags'] . ";\n" : '') . o . 'table_prefix' . m . $_SESSION['dprefix'] . nl . o . 'txpath' . m . txpath . nl . o . 'dbcharset' . m . $_SESSION['dbcharset'] . nl . $close; }
function author_list($message = '') { global $txp_user, $author_list_pageby; pagetop(gTxt('tab_site_admin'), $message); if (is_disabled('mail')) { echo tag(gTxt('warn_mail_unavailable'), 'p', ' class="alert-block warning" '); } echo '<h1 class="txp-heading">' . gTxt('tab_site_admin') . '</h1>'; echo '<div id="users_control" class="txp-control-panel">'; // Change password button echo '<p class="txp-buttons">'; echo sLink('admin', 'new_pass_form', gTxt('change_password')); // Change email address button if (!has_privs('admin.edit')) { echo n . sLink('admin', 'change_email_form', gTxt('change_email_address')); } // User list if (has_privs('admin.list')) { extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); if ($sort === '') { $sort = get_pref('admin_sort_column', 'name'); } if ($dir === '') { $dir = get_pref('admin_sort_dir', 'asc'); } $dir = $dir == 'desc' ? 'desc' : 'asc'; if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) { $sort = 'name'; } $sort_sql = $sort . ' ' . $dir; set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE); set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE); $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $criteria = 1; if ($search_method and $crit != '') { $crit_escaped = doSlash(str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit)); $critsql = array('id' => "user_id in ('" . join("','", do_list($crit_escaped)) . "')", 'login' => "name like '%{$crit_escaped}%'", 'real_name' => "RealName like '%{$crit_escaped}%'", 'email' => "email like '%{$crit_escaped}%'", 'privs' => "privs in ('" . join("','", do_list($crit_escaped)) . "')"); if (array_key_exists($search_method, $critsql)) { $criteria = $critsql[$search_method]; } else { $search_method = ''; $crit = ''; } } else { $search_method = ''; $crit = ''; } $criteria .= callback_event('admin_criteria', 'author_list', 0, $criteria); $total = getCount('txp_users', $criteria); // New author button if (has_privs('admin.edit')) { echo n . sLink('admin', 'author_edit', gTxt('add_new_author')); } echo '</p>'; // end txp-buttons if ($total < 1) { if ($criteria != 1) { echo n . author_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>'; } return; } $limit = max($author_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); $use_multi_edit = has_privs('admin.edit') && safe_count('txp_users', '1=1') > 1; echo author_search_form($crit, $search_method) . '</div>'; $rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}"); if ($rs) { echo n . '<div id="users_container" class="txp-container">'; echo '<form action="index.php" id="users_form" class="multi_edit_form" method="post" name="longform">' . n . '<div class="txp-listtables">' . n . startTable('', '', 'txp-list') . n . '<thead>' . n . tr(n . ($use_multi_edit ? hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' title="' . gTxt('toggle_all_selected') . '" class="multi-edit"') : hCell('', '', ' class="multi-edit"')) . n . column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'name login-name') . n . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'name real-name') . n . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'email') . n . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'privs') . n . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'date last-login modified')) . n . '</thead>'; echo '<tbody>'; while ($a = nextRow($rs)) { extract(doSpecial($a)); echo tr(td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'multi-edit') . td(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, $name) : $name, '', 'name login-name') . td($RealName, '', 'name real-name') . td('<a href="mailto:' . $email . '">' . $email . '</a>', '', 'email') . td(get_priv_level($privs), '', 'privs') . td($last_login ? safe_strftime('%b %Y', $last_login) : '', '', 'date last-login modified')); } echo '</tbody>', n, endTable(), n, '</div>', n, $use_multi_edit ? author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '', n, tInput(), n, '</form>', n, '<div id="users_navigation" class="txp-navigation">', n, nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method), n, pageby_form('admin', $author_list_pageby), n, '</div>', n, '</div>'; } } else { echo '</div>'; } }
function send_xml_response($response = array()) { ob_clean(); $default_response = array('http-status' => '200 OK'); // backfill default response properties $response = $response + $default_response; header('Content-Type: text/xml'); txp_status_header($response['http-status']); $out[] = '<?xml version="1.0" encoding="utf-8" standalone="yes"?>'; $out[] = '<textpattern>'; foreach ($response as $element => $value) { // element *names* must not contain <>&, *values* may. $value = doSpecial($value); if (is_array($value)) { $out[] = t . "<{$element}>" . n; foreach ($value as $e => $v) { $out[] = t . t . "<{$e} value='{$v}' />" . n; } $out[] = t . "</{$element}>" . n; } else { $out[] = t . "<{$element} value='{$value}' />" . n; } } $out[] = '</textpattern>'; echo join(n, $out); exit; }
function rss() { global $prefs, $thisarticle; extract($prefs); extract(doSlash(gpsa(array('category', 'section', 'limit', 'area')))); $area = gps('area'); $sitename .= $section ? ' - ' . $section : ''; $sitename .= $category ? ' - ' . $category : ''; $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $out[] = tag('http://textpattern.com/?v=' . $version, 'generator'); $out[] = tag(doSpecial($sitename), 'title'); $out[] = tag(hu, 'link'); $out[] = tag(doSpecial($site_slogan), 'description'); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $out[] = tag(safe_strftime('rfc822', $last), 'pubDate'); $articles = array(); if (!$area or $area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", "txp_section", "in_rss != '1'"); if ($frs) { foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } } $query[] = $sfilter; $query[] = $cfilter; $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event('rss_entry'); $a['posted'] = $uPosted; $permlink = permlinkurl($a); $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $Title = escape_output(strip_tags($Title)) . $count; $thisauthor = get_author_name($AuthorID); $item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb; $articles[$ID] = tag($item, 'item'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uPosted; } } } elseif ($area == 'link') { $cfilter = $category ? "category='{$category}'" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate'); $articles[$id] = tag($item, 'item'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { @ob_start("ob_gzhandler"); } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id]) !== false) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { header("HTTP/1.1 304 Not Modified"); exit; } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } $out = array_merge($out, $articles); header("Content-Type: application/rss+xml; charset=utf-8"); if ($etag) { header('ETag: "' . $etag . '"'); } return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/">' . n . tag(join(n, $out), 'channel') . n . '</rss>'; }