function editor_post()
{
if (!jabCanUser("edit")) {
return;
}
global $editor;
$model['editor'] = $editor;
$model['referrer'] = jabRequestParam("referrer");
if (strlen($model['referrer']) == 0) {
$model['referrer'] = "/";
}
$model['file'] = str_replace("..", ".", jabRequestParam("file"));
$model['content'] = jabRequestParam("content");
// Handle no file specified
if (strlen($model['file']) == 0) {
return;
}
// Handle attempt to escape the document root
if (strstr($model['file'], "..")) {
return;
}
// Cancel?
if (jabRequestParam("cancel")) {
return jabRedirect($model['referrer']);
}
$fullpath = jabPathAppend($_SERVER['DOCUMENT_ROOT'], $model['file']);
// Handle file uploads
for ($i = 1; $i <= (isset($editor['maxuploadfiles']) ? $editor['maxuploadfiles'] : 4); $i++) {
if (strlen($_FILES['file' . $i]['name']) == 0) {
continue;
}
$target_path = jabPathAppend(dirname($fullpath), basename($_FILES['file' . $i]['name']));
if (is_file($target_path) && jabRequestParam('overwrite') == "") {
$errors[] = "File " . $_FILES['file' . $i]['name'] . " would be overwriten";
} else {
if (!move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path)) {
$errors[] = "Failed to upload " . $_FILES['file' . $i]['name'];
} else {
if (jabRequestParam("addtoarticle") != "") {
$file = $_FILES['file' . $i]['name'];
$ext = strrpos($file, ".") === false ? null : substr($file, strrpos($file, ".") + 1);
if (in_array($ext, explode(";", "png;jpg;jpeg;tif;tiff;gif"))) {
$model['content'] .= "\n\n<center></center>\n\n";
} else {
$model['content'] .= "\n\n[{$file}]({$file})\n\n";
}
}
}
}
}
if (jabRequestParam("delete")) {
if (jabRequestParam("deleteconfirmed") == "yes") {
try {
unlink($fullpath);
return jabRedirect($model['referrer']);
} catch (Exception $ex) {
$model['errors'][] = "Failed to delete {$ex->getMessage()}.";
}
} else {
$model['errors'][] = "Press Delete again to really delete this file";
$model['deleteconfirmed'] = "yes";
}
return jabRenderView("editor_view.php", $model);
}
if (jabRequestParam("save")) {
try {
$fh = @fopen($fullpath, 'w');
fwrite($fh, $model['content']);
fclose($fh);
jabRedirect($model['referrer']);
} catch (Exception $ex) {
$model['errors'][] = "Failed to save file - {$ex->getMessage()}.";
}
}
return jabRenderView("editor_view.php", $model);
}
?>
</h2>
<?php
// ---------------- Command Bar-----------------
?>
<p>
<a href="<?php
echo blog_link("/index");
?>
">Articles</a>
| <a href="<?php
echo blog_link("/feed.rss");
?>
">RSS Feed</a>
<?php
if (jabCanUser("author")) {
?>
| <a href="/<?php
echo $model['blog']['routePrefix'];
?>
/drafts">Drafts</a>
| <a href="/<?php
echo $model['blog']['routePrefix'];
?>
/edit/new">New Post</a>
</p>
<hr/>
<?php
}
?>
function InitFromForm(&$errors)
{
$this->Name = jabRequestParam("Name");
$this->Email = jabRequestParam("Email");
$this->Website = jabRequestParam("Website");
$this->Content = jabRequestParam("Content");
$this->ByAuthor = false;
global $blog;
if (jabCanUser("author")) {
$this->ByAuthor = true;
$this->Name = $blog['managingEditor'];
$this->Email = $blog['notifyEmailFrom'];
if (isset($blog['authorSite'])) {
$this->Website = $blog['authorSite'];
} else {
$this->Website = "http://" . $_SERVER['HTTP_HOST'];
}
}
if (strlen($this->Name) == 0) {
$errors[] = "Please enter your name";
}
if (strlen($this->Email) != 0 && !jabIsValidEmail($this->Email)) {
$errors[] = "Email address is not valid";
}
if (strlen($this->Content) == 0) {
$errors[] = "No article content";
}
return sizeof($errors) == 0;
}
function jabDoRouteStaticContent($urlTail, $contentRoot)
{
global $jab;
// Remove querystring
$qpos = strchr($urlTail, "?");
if ($qpos !== false) {
$urlTail = substr($urlTail, 0, $qpos);
}
// Find jab file
$path = jabPathAppend($contentRoot, $urlTail);
if (is_dir($path)) {
// If folder path doesn't end in trailing slash, add one and redirect
if (substr($path, -1) != "/") {
$url = $_SERVER['REQUEST_URI'];
$qpos = strchr($url, "?");
if ($qpos !== false) {
$url = substr($url, 0, $qpos);
}
jabRedirect("http://" . $_SERVER['HTTP_HOST'] . $url . "/");
}
$path = jabPathAppend($path, "index.jab");
} else {
// .html at the end is optional
if (strtolower(substr($path, -5)) == ".html") {
$path = substr($path, 0, -5);
}
// Use jab file?
if (is_file($path . ".jab")) {
$path .= ".jab";
}
}
if (jabCanUser('cms.edit')) {
$model['sourceFile'] = $path;
if (!is_file($path)) {
$jab['missingSourceFile'] = $model['sourceFile'] . ".jab";
}
}
// Exists?
if (!is_file($path)) {
return false;
}
// Render it
if (substr($path, -4) == ".php" || substr($path, -4) == ".jab") {
jabRenderView($path, $model);
} else {
jabEchoFile($path);
}
}
<form class="mainform" id="theform" method="post" action="<?php echo $_SERVER["REQUEST_URI_CLEAN"]?>">
<?php jabHtmlHidden("ID", $model['article']->ID) ?>
<?php if (!jabCanUser("author")): ?>
<?php jabHtmlInput("Your Name:", "Name", $model['comment']->Name, "stdfield") ?>
<?php jabHtmlInput("Email Address: <small>(optional, not shown, used for <a href=\"http://www.gravatar.com\" target=\"_blank\">Gravatar</a>)</small>", "Email", $model['comment']->Email, "stdfield") ?>
<?php jabHtmlInput("Website: <small>(optional, nofollow)</small>", "Website", $model['comment']->Website, "stdfield") ?>
<?php else: ?>
<?php jabHtmlInput("Reply To:", "ReplyTo", $model['ReplyTo'], "stdfield") ?>
<?php endif; ?>
<?php jabHtmlTextArea("Message: <small>(supports some <a href=\"http://michelf.com/projects/php-markdown/extra/\" target=\"_blank\">Markdown Extra</a>)</small>", "Content", $model['comment']->Content, $class="stdtextareafield") ?>
<div class="clearer"></div>
<?php if (!jabCanUser("author")): ?>
<?php jabRenderCaptcha() ?>
<?php endif; ?>
<?php jabHtmlSubmitButton("Post Comment", "post") ?>
<?php jabHtmlSubmitButton("Preview", "preview") ?>
<small>All comments will be reviewed for spam before being displayed.</small>
</form>
<?php endif; ?>
<?php if (!$model['blog']['enableComments']): ?>
<p><small>Comments disabled</small></p>
<?php endif; ?>
echo $article->Format();
?>
<p><small>Posted <?php
echo formatRelativeTime($article->TimeStamp);
?>
</small></p>
<p>
<?php
if (function_exists(jabRenderShareLink)) {
jabRenderShareLink($article->Title, "http://" . $_SERVER['HTTP_HOST'] . $article->FullUrl());
}
if ($model['blog']['enableComments']) {
if (function_exists(jabRenderDisqusLink)) {
jabRenderDisqusLink($article->FullUrl());
} else {
echo "<span class=\"blog_comment_button\"><a href=\"" . $article->FullUrl() . "\">Read or Leave Comments</a> (" . $article->GetCommentCount(jabCanUser("author")) . ")</span>\n";
}
} else {
echo "<a href=\"" . $article->FullUrl() . "\">Permalink</a>\n";
}
?>
</p>
</div>
<?php
// ---------------- End of Article Loop -----------------
}
?>
</div>
<?php
} else {
function import_post()
{
jabCanUser("author", true);
blog_import($_FILES['importFile']['tmp_name'], jabRequestParam("dropoldcontent") != "");
// Render import upload view
jabRedirect(blog_link(""));
}
