示例#1
0
文件: _blog.class.php 项目: LFSF/oras
    /**
     * Load data from Request form fields.
     *
     * @param array groups of params to load
     * @return boolean true if loaded data seems valid.
     */
    function load_from_Request($groups = array())
    {
        global $Messages, $default_locale, $DB;
        /**
         * @var User
         */
        global $current_User;
        if (param('blog_name', 'string', NULL) !== NULL) {
            // General params:
            $this->set_from_Request('name');
            $this->set('shortname', param('blog_shortname', 'string', true));
            $this->set('locale', param('blog_locale', 'string', $default_locale));
        }
        if (param('archive_links', 'string', NULL) !== NULL) {
            // Archive link type:
            $this->set_setting('archive_links', get_param('archive_links'));
            $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true);
        }
        if (param('chapter_links', 'string', NULL) !== NULL) {
            // Chapter link type:
            $this->set_setting('chapter_links', get_param('chapter_links'));
        }
        if (param('category_prefix', 'string', NULL) !== NULL) {
            $category_prefix = get_param('category_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
                param_error('category_prefix', T_('Invalid category prefix.'));
            }
            $this->set_setting('category_prefix', $category_prefix);
        }
        if (param('tag_links', 'string', NULL) !== NULL) {
            // Tag page link type:
            $this->set_setting('tag_links', get_param('tag_links'));
        }
        if (param('tag_prefix', 'string', NULL) !== NULL) {
            $category_prefix = get_param('tag_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
                param_error('tag_prefix', T_('Invalid category prefix.'));
            }
            $this->set_setting('tag_prefix', $category_prefix);
        }
        if (param('chapter_posts_per_page', 'integer', NULL) !== NULL) {
            // Chapter link type:
            $this->set_setting('chapter_posts_per_page', get_param('chapter_posts_per_page'), true);
            $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true);
        }
        if (param('single_links', 'string', NULL) !== NULL) {
            // Single post link type:
            $this->set_setting('single_links', get_param('single_links'));
        }
        if (param('blog_skin_ID', 'integer', NULL) !== NULL) {
            // Default blog:
            $this->set_from_Request('skin_ID');
        }
        if (param('what_to_show', 'string', NULL) !== NULL) {
            // Show x days or x posts?:
            $this->set_setting('what_to_show', get_param('what_to_show'));
            param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.'));
            $this->set_setting('posts_per_page', get_param('posts_per_page'));
            $this->set_setting('archive_mode', param('archive_mode', 'string', true));
            $this->set_setting('orderby', param('orderby', 'string', true));
            $this->set_setting('orderdir', param('orderdir', 'string', true));
        }
        if (param('feed_content', 'string', NULL) !== NULL) {
            // How much content in feeds?
            $this->set_setting('feed_content', get_param('feed_content'));
            param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.'));
            $this->set_setting('posts_per_feed', get_param('posts_per_feed'));
        }
        if (param('blog_description', 'string', NULL) !== NULL) {
            // Description:
            $this->set_from_Request('shortdesc', 'blog_description');
        }
        if (param('blog_keywords', 'string', NULL) !== NULL) {
            // Keywords:
            $this->set_from_Request('keywords');
        }
        if (param('blog_tagline', 'html', NULL) !== NULL) {
            // HTML tagline:
            param_check_html('blog_tagline', T_('Invalid tagline'));
            $this->set('tagline', get_param('blog_tagline'));
        }
        if (param('blog_longdesc', 'html', NULL) !== NULL) {
            // HTML long description:
            param_check_html('blog_longdesc', T_('Invalid long description'));
            $this->set('longdesc', get_param('blog_longdesc'));
        }
        if (param('blog_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('blog_footer_text', T_('Invalid blog footer'));
            $this->set_setting('blog_footer_text', get_param('blog_footer_text'));
        }
        if (param('single_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('single_item_footer_text', T_('Invalid single post footer'));
            $this->set_setting('single_item_footer_text', get_param('single_item_footer_text'));
        }
        if (param('xml_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('xml_item_footer_text', T_('Invalid RSS footer'));
            $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text'));
        }
        if (param('blog_notes', 'html', NULL) !== NULL) {
            // HTML notes:
            param_check_html('blog_notes', T_('Invalid Blog Notes'));
            $this->set('notes', get_param('blog_notes'));
        }
        if (in_array('pings', $groups)) {
            // we want to load the ping checkboxes:
            $blog_ping_plugins = param('blog_ping_plugins', 'array', array());
            $blog_ping_plugins = array_unique($blog_ping_plugins);
            $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins));
        }
        if (in_array('features', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0));
            $this->set('advanced_perms', param('advanced_perms', 'integer', 0));
            $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0));
            $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0));
            $this->set('allowusercss', param('blog_allowusercss', 'integer', 0));
        }
        if (param('blog_allowcomments', 'string', NULL) !== NULL) {
            // Feedback options:
            $this->set_from_Request('allowcomments');
            $this->set_setting('new_feedback_status', param('new_feedback_status', 'string', 'draft'));
            $this->set_setting('allow_rating', param('allow_rating', 'string', 'never'));
            $this->set('allowtrackbacks', param('blog_allowtrackbacks', 'integer', 0));
            // Public blog list
            $this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0));
        }
        if (in_array('seo', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0));
            $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0));
            $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0));
            $this->set_setting('default_noindex', param('default_noindex', 'integer', 0));
            $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0));
            $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0));
            $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0));
            $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0));
            $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0));
            $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0));
            $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0));
            $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0));
            $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0));
            $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0));
            $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0));
            $this->set_setting('special_noindex', param('special_noindex', 'integer', 0));
            $this->set_setting('title_link_type', param('title_link_type', 'string', ''));
            $this->set_setting('permalinks', param('permalinks', 'string', ''));
        }
        /*
         * ADVANCED ADMIN SETTINGS
         */
        if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) {
            // We have permission to edit advanced admin settings:
            if (param('owner_login', 'string', NULL) !== NULL) {
                // Permissions:
                $UserCache =& get_Cache('UserCache');
                $owner_User =& $UserCache->get_by_login(get_param('owner_login'), false, false);
                if (empty($owner_User)) {
                    param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login')));
                } else {
                    $this->set('owner_user_ID', $owner_User->ID);
                    $this->owner_User =& $owner_User;
                }
            }
            if (param('blog_urlname', 'string', NULL) !== NULL) {
                // check urlname
                if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) {
                    $this->set_from_Request('urlname');
                    if (!preg_match('|^[A-Za-z0-9\\-]+$|', $this->urlname)) {
                        param_error('blog_urlname', T_('The url name is invalid.'));
                    }
                    if ($DB->get_var('SELECT COUNT(*)
															 FROM T_blogs
															WHERE blog_urlname = ' . $DB->quote($this->get('urlname')) . '
															  AND blog_ID <> ' . $this->ID)) {
                        // urlname is already in use
                        param_error('blog_urlname', T_('This URL name is already in use by another blog. Please choose another name.'));
                    }
                }
            }
            if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) {
                // Blog URL parameters:
                $this->set('access_type', $access_type);
                if ($access_type == 'absolute') {
                    $blog_siteurl = param('blog_siteurl_absolute', 'string', true);
                    if (!preg_match('#^https?://.+#', $blog_siteurl)) {
                        $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'), 'error');
                    }
                    $this->set('siteurl', $blog_siteurl);
                } elseif ($access_type == 'relative') {
                    // relative siteurl
                    $blog_siteurl = param('blog_siteurl_relative', 'string', true);
                    if (preg_match('#^https?://#', $blog_siteurl)) {
                        $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error');
                    }
                    $this->set('siteurl', $blog_siteurl);
                } else {
                    $this->set('siteurl', '');
                }
            }
            if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) {
                // Aggregate list:
                // fp> TODO: check perms on each aggregated blog (if changed)
                // fp> TODO: better interface
                if (!preg_match('#^([0-9]+(,[0-9]+)*)?$#', get_param('aggregate_coll_IDs'))) {
                    param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!'));
                }
                $this->set_setting('aggregate_coll_IDs', get_param('aggregate_coll_IDs'));
            }
            if (param('source_file', 'string', NULL) !== NULL) {
                // Static file:
                $this->set_setting('source_file', get_param('source_file'));
                $this->set_setting('static_file', param('static_file', 'string', ''));
            }
            if (param('blog_media_location', 'string', NULL) !== NULL) {
                // Media files location:
                $this->set_from_Request('media_location');
                $this->set_media_subdir(param('blog_media_subdir', 'string', ''));
                $this->set_media_fullpath(param('blog_media_fullpath', 'string', ''));
                $this->set_media_url(param('blog_media_url', 'string', ''));
                // check params
                switch ($this->get('media_location')) {
                    case 'custom':
                        // custom path and URL
                        global $demo_mode, $media_path;
                        if ($this->get('media_fullpath') == '') {
                            param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.'));
                        }
                        if (!preg_match('#^https?://#', $this->get('media_url'))) {
                            param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'));
                        }
                        if ($demo_mode) {
                            $canonical_fullpath = get_canonical_path($this->get('media_fullpath'));
                            if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) {
                                param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.');
                            }
                        }
                        break;
                    case 'subdir':
                        global $media_path;
                        if ($this->get('media_subdir') == '') {
                            param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.'));
                        } else {
                            // Test if it's below $media_path (subdir!)
                            $canonical_path = get_canonical_path($media_path . $this->get('media_subdir'));
                            if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) {
                                param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory &laquo;%s&raquo;.'), format_to_output($this->get('media_subdir'))));
                            } else {
                                // Validate if it's a valid directory name:
                                $subdir = substr($canonical_path, strlen($media_path));
                                if ($error = validate_dirname($subdir)) {
                                    param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error);
                                }
                            }
                        }
                        break;
                }
            }
        }
        return !param_errors_detected();
    }
示例#2
0
 /**
  * Load data from Request form fields.
  *
  * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set).
  *
  * @param boolean true if we are returning to edit mode (new, switchtab...)
  * @return boolean true if loaded data seems valid.
  */
 function load_from_Request($editing = false, $creating = false)
 {
     global $default_locale, $current_User, $localtimenow;
     global $posttypes_reserved_IDs, $item_typ_ID;
     // LOCALE:
     if (param('post_locale', 'string', NULL) !== NULL) {
         $this->set_from_Request('locale');
     }
     // POST TYPE:
     $item_typ_ID = get_param('item_typ_ID');
     if (empty($item_typ_ID)) {
         // Try to get this from request if it has been not initialized by controller:
         $item_typ_ID = param('item_typ_ID', 'integer', NULL);
     }
     if (!empty($item_typ_ID)) {
         // Set new post type ID only if it is defined on request:
         $this->set('ityp_ID', $item_typ_ID);
     }
     // URL associated with Item:
     $post_url = param('post_url', 'string', NULL);
     if ($post_url !== NULL) {
         param_check_url('post_url', 'posting', '');
         $this->set_from_Request('url');
     }
     if (empty($post_url) && $this->get_type_setting('use_url') == 'required') {
         // URL must be entered
         param_check_not_empty('post_url', T_('Please provide a "Link To" URL.'), '');
     }
     // Item parent ID:
     $post_parent_ID = param('post_parent_ID', 'integer', NULL);
     if ($post_parent_ID !== NULL) {
         // If item parent ID is entered:
         $ItemCache =& get_ItemCache();
         if ($ItemCache->get_by_ID($post_parent_ID, false, false)) {
             // Save only ID of existing item:
             $this->set_from_Request('parent_ID');
         } else {
             // Display an error of the entered item parent ID is incorrect:
             param_error('post_parent_ID', T_('The parent ID is not a correct Item ID.'));
         }
     }
     if (empty($post_parent_ID)) {
         // If empty parent ID is entered:
         if ($this->get_type_setting('use_parent') == 'required') {
             // Item parent ID must be entered:
             param_check_not_empty('post_parent_ID', T_('Please provide a parent ID.'), '');
         } else {
             // Remove parent ID:
             $this->set_from_Request('parent_ID');
         }
     }
     if ($this->status == 'redirected' && empty($this->url)) {
         // Note: post_url is not part of the simple form, so this message can be a little bit awkward there
         param_error('post_url', T_('If you want to redirect this post, you must specify an URL!') . ' (' . T_('Advanced properties panel') . ')', T_('If you want to redirect this post, you must specify an URL!'));
     }
     // ISSUE DATE / TIMESTAMP:
     $this->load_Blog();
     if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) {
         // Allow to update timestamp fields only if user has a permission to edit such fields
         //    and also if user has an access to back-office
         $item_dateset = param('item_dateset', 'integer', NULL);
         if ($item_dateset !== NULL) {
             $this->set('dateset', $item_dateset);
             if ($editing || $this->dateset == 1) {
                 // We can use user date:
                 if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) {
                     // only set it, if a (valid) date and time was given:
                     $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time')));
                     // TODO: cleanup...
                 }
             } elseif ($this->dateset == 0) {
                 // Set date to NOW:
                 $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow));
             }
         }
     }
     // DEADLINE:
     if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) {
         $this->set_from_Request('datedeadline', 'item_deadline', true);
     }
     // SLUG:
     if (param('post_urltitle', 'string', NULL) !== NULL) {
         $this->set_from_Request('urltitle');
     }
     // <title> TAG:
     $titletag = param('titletag', 'string', NULL);
     if ($titletag !== NULL) {
         $this->set_from_Request('titletag', 'titletag');
     }
     if (empty($titletag) && $this->get_type_setting('use_title_tag') == 'required') {
         // Title tag must be entered
         param_check_not_empty('titletag', T_('Please provide a title tag.'), '');
     }
     // <meta> DESC:
     $metadesc = param('metadesc', 'string', NULL);
     if ($metadesc !== NULL) {
         $this->set_setting('metadesc', get_param('metadesc'));
     }
     if (empty($metadesc) && $this->get_type_setting('use_meta_desc') == 'required') {
         // Meta description must be entered
         param_check_not_empty('metadesc', T_('Please provide a meta description.'), '');
     }
     // <meta> KEYWORDS:
     $metakeywords = param('metakeywords', 'string', NULL);
     if ($metakeywords !== NULL) {
         $this->set_setting('metakeywords', get_param('metakeywords'));
     }
     if (empty($metakeywords) && $this->get_type_setting('use_meta_keywds') == 'required') {
         // Meta keywords must be entered
         param_check_not_empty('metakeywords', T_('Please provide the meta keywords.'), '');
     }
     // TAGS:
     if ($current_User->check_perm('admin', 'restricted')) {
         // User should has an access to back-office to edit tags
         $item_tags = param('item_tags', 'string', NULL);
         if ($item_tags !== NULL) {
             $this->set_tags_from_string(get_param('item_tags'));
             // Update setting 'suggest_item_tags' of the current User
             global $UserSettings;
             $UserSettings->set('suggest_item_tags', param('suggest_item_tags', 'integer', 0));
             $UserSettings->dbupdate();
         }
         if (empty($item_tags) && $this->get_type_setting('use_tags') == 'required') {
             // Tags must be entered
             param_check_not_empty('item_tags', T_('Please provide at least one tag.'), '');
         }
     }
     // WORKFLOW stuff:
     param('item_st_ID', 'integer', NULL);
     $this->set_from_Request('pst_ID', 'item_st_ID', true);
     $item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL);
     $item_assigned_user_login = param('item_assigned_user_login', 'string', NULL);
     $this->assign_to($item_assigned_user_ID, $item_assigned_user_login);
     $item_priority = param('item_priority', 'integer', NULL);
     if ($item_priority !== NULL) {
         // Set task priority only if it is gone from form
         $this->set_from_Request('priority', 'item_priority', true);
     }
     // FEATURED checkbox:
     $this->set('featured', param('item_featured', 'integer', 0), false);
     // HIDE TEASER checkbox:
     $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0));
     $goal_ID = param('goal_ID', 'integer', NULL);
     if ($goal_ID !== NULL) {
         // Goal ID
         $this->set_setting('goal_ID', $goal_ID, true);
     }
     // ORDER:
     param('item_order', 'double', NULL);
     $this->set_from_Request('order', 'item_order', true);
     // OWNER:
     $this->creator_user_login = param('item_owner_login', 'string', NULL);
     if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) {
         // only admins can change the owner..
         if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) {
             $this->set_creator_by_login($this->creator_user_login);
         }
     }
     // LOCATION COORDINATES:
     if ($this->get_type_setting('use_coordinates') != 'never') {
         // location coordinates are enabled, save map settings
         param('item_latitude', 'double', NULL);
         // get par value
         $this->set_setting('latitude', get_param('item_latitude'), true);
         param('item_longitude', 'double', NULL);
         // get par value
         $this->set_setting('longitude', get_param('item_longitude'), true);
         param('google_map_zoom', 'integer', NULL);
         // get par value
         $this->set_setting('map_zoom', get_param('google_map_zoom'), true);
         param('google_map_type', 'string', NULL);
         // get par value
         $this->set_setting('map_type', get_param('google_map_type'), true);
         if ($this->get_type_setting('use_coordinates') == 'required') {
             // The location coordinates are required
             param_check_not_empty('item_latitude', T_('Please provide a latitude.'), '');
             param_check_not_empty('item_longitude', T_('Please provide a longitude.'), '');
         }
     }
     // CUSTOM FIELDS:
     $custom_fields = $this->get_type_custom_fields();
     foreach ($custom_fields as $custom_field) {
         // update each custom field
         $param_name = 'item_' . $custom_field['type'] . '_' . $custom_field['ID'];
         if (isset_param($param_name)) {
             // param is set
             $param_type = $custom_field['type'] == 'varchar' ? 'string' : $custom_field['type'];
             param($param_name, $param_type, NULL);
             // get par value
             $custom_field_make_null = $custom_field['type'] != 'double';
             // store '0' values in DB for numeric fields
             $this->set_setting('custom_' . $custom_field['type'] . '_' . $custom_field['ID'], get_param($param_name), $custom_field_make_null);
         }
     }
     // COMMENTS:
     if ($this->allow_comment_statuses()) {
         // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and by current post type
         $post_comment_status = param('post_comment_status', 'string', 'open');
         if (!empty($post_comment_status)) {
             // 'open' or 'closed' or ...
             $this->set_from_Request('comment_status');
         }
     }
     // EXPIRY DELAY:
     $expiry_delay = param_duration('expiry_delay');
     if (empty($expiry_delay)) {
         // Check if we have 'expiry_delay' param set as string from simple or mass form
         $expiry_delay = param('expiry_delay', 'string', NULL);
     }
     if (empty($expiry_delay) && $this->get_type_setting('use_comment_expiration') == 'required') {
         // Comment expiration must be entered
         param_check_not_empty('expiry_delay', T_('Please provide a comment expiration delay.'), '');
     }
     $this->set_setting('comment_expiry_delay', $expiry_delay, true);
     // EXTRA PARAMS FROM MODULES:
     modules_call_method('update_item_settings', array('edited_Item' => $this));
     // RENDERERS:
     if (param('renderers_displayed', 'integer', 0)) {
         // use "renderers" value only if it has been displayed (may be empty)
         global $Plugins;
         $renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Item' => &$this));
         $this->set('renderers', $renderers);
     } else {
         $renderers = $this->get_renderers_validated();
     }
     // CONTENT + TITLE:
     if ($this->get_type_setting('allow_html')) {
         // HTML is allowed for this post, we'll accept HTML tags:
         $text_format = 'html';
     } else {
         // HTML is disallowed for this post, we'll encode all special chars:
         $text_format = 'htmlspecialchars';
     }
     $editor_code = param('editor_code', 'string', NULL);
     if ($editor_code) {
         // Update item editor code if it was explicitly set
         $this->set_setting('editor_code', $editor_code);
     }
     $content = param('content', $text_format, NULL);
     if ($content !== NULL) {
         // Never allow html content on post titles:  (fp> probably so as to not mess up backoffice and all sorts of tools)
         param('post_title', 'htmlspecialchars', NULL);
         // Do some optional filtering on the content
         // Typically stuff that will help the content to validate
         // Useful for code display.
         // Will probably be used for validation also.
         $Plugins_admin =& get_Plugins_admin();
         $params = array('object_type' => 'Item', 'object' => &$this, 'object_Blog' => &$this->Blog);
         $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params);
         // Title checking:
         $use_title = $this->get_type_setting('use_title');
         if ((!$editing || $creating) && $use_title == 'required') {
             param_check_not_empty('post_title', T_('Please provide a title.'), '');
         }
         // Format raw HTML input to cleaned up and validated HTML:
         param_check_html('content', T_('Invalid content.'));
         $content = prepare_item_content(get_param('content'));
         $this->set('content', $content);
         $this->set('title', get_param('post_title'));
     }
     if (empty($content) && $this->get_type_setting('use_text') == 'required') {
         // Content must be entered
         param_check_not_empty('content', T_('Please enter some text.'), '');
     }
     // EXCERPT: (must come after content (to handle excerpt_autogenerated))
     $post_excerpt = param('post_excerpt', 'text', NULL);
     if ($post_excerpt !== NULL && $post_excerpt != $this->excerpt) {
         $this->set('excerpt_autogenerated', 0);
         // Set this to the '0' for saving a field 'excerpt' from a request
         $this->set_from_Request('excerpt');
     }
     if (empty($post_excerpt) && $this->get_type_setting('use_excerpt') == 'required') {
         // Content must be entered
         param_check_not_empty('post_excerpt', T_('Please provide an excerpt.'), '');
     }
     // LOCATION (COUNTRY -> CITY):
     load_funcs('regional/model/_regional.funcs.php');
     // Check if this item has a special post type. Location is not required for special posts.
     $not_special_post = !$this->is_special();
     if ($this->country_visible()) {
         // Save country
         $country_ID = param('item_ctry_ID', 'integer', 0);
         $country_is_required = $this->get_type_setting('use_country') == 'required' && $not_special_post && countries_exist();
         param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required);
         $this->set_from_Request('ctry_ID', 'item_ctry_ID', true);
     }
     if ($this->region_visible()) {
         // Save region
         $region_ID = param('item_rgn_ID', 'integer', 0);
         $region_is_required = $this->get_type_setting('use_region') == 'required' && $not_special_post && regions_exist($country_ID);
         param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required);
         $this->set_from_Request('rgn_ID', 'item_rgn_ID', true);
     }
     if ($this->subregion_visible()) {
         // Save subregion
         $subregion_ID = param('item_subrg_ID', 'integer', 0);
         $subregion_is_required = $this->get_type_setting('use_sub_region') == 'required' && $not_special_post && subregions_exist($region_ID);
         param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required);
         $this->set_from_Request('subrg_ID', 'item_subrg_ID', true);
     }
     if ($this->city_visible()) {
         // Save city
         param('item_city_ID', 'integer', 0);
         $city_is_required = $this->get_type_setting('use_city') == 'required' && $not_special_post && cities_exist($country_ID, $region_ID, $subregion_ID);
         param_check_number('item_city_ID', T_('Please select a city'), $city_is_required);
         $this->set_from_Request('city_ID', 'item_city_ID', true);
     }
     return !param_errors_detected();
 }
示例#3
0
    /**
     * Load data from Request form fields.
     *
     * @param array groups of params to load
     * @return boolean true if loaded data seems valid.
     */
    function load_from_Request($groups = array())
    {
        global $Messages, $default_locale, $DB;
        /**
         * @var User
         */
        global $current_User;
        // Load collection settings and clear update cascade array
        $this->load_CollectionSettings();
        $this->CollectionSettings->clear_update_cascade();
        if (param('blog_name', 'string', NULL) !== NULL) {
            // General params:
            $this->set_from_Request('name');
            $this->set('shortname', param('blog_shortname', 'string', true));
            $this->set('locale', param('blog_locale', 'string', $default_locale));
        }
        if (param('archive_links', 'string', NULL) !== NULL) {
            // Archive link type:
            $this->set_setting('archive_links', get_param('archive_links'));
            $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true);
        }
        if (param('chapter_links', 'string', NULL) !== NULL) {
            // Chapter link type:
            $this->set_setting('chapter_links', get_param('chapter_links'));
        }
        if (param('category_prefix', 'string', NULL) !== NULL) {
            $category_prefix = get_param('category_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
                param_error('category_prefix', T_('Invalid category prefix.'));
            }
            $this->set_setting('category_prefix', $category_prefix);
        }
        if (param('atom_redirect', 'string', NULL) !== NULL) {
            param_check_url('atom_redirect', 'commenting');
            $this->set_setting('atom_redirect', get_param('atom_redirect'));
            param('rss2_redirect', 'string', NULL);
            param_check_url('rss2_redirect', 'commenting');
            $this->set_setting('rss2_redirect', get_param('rss2_redirect'));
        }
        if (param('image_size', 'string', NULL) !== NULL) {
            $this->set_setting('image_size', get_param('image_size'));
        }
        if (param('tag_links', 'string', NULL) !== NULL) {
            // Tag page link type:
            $this->set_setting('tag_links', get_param('tag_links'));
        }
        if (param('tag_prefix', 'string', NULL) !== NULL) {
            $tag_prefix = get_param('tag_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) {
                param_error('tag_prefix', T_('Invalid tag prefix.'));
            }
            $this->set_setting('tag_prefix', $tag_prefix);
        }
        // Default to "tag", if "prefix-only" is used, but no tag_prefix was provided.
        if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) {
            $this->set_setting('tag_prefix', 'tag');
        }
        // Use rel="tag" attribute? (checkbox)
        $this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0));
        if (param('chapter_content', 'string', NULL) !== NULL) {
            // What kind of content on chapter pages?
            $this->set_setting('chapter_content', get_param('chapter_content'));
        }
        if (param('tag_content', 'string', NULL) !== NULL) {
            // What kind of content on tags pages?
            $this->set_setting('tag_content', get_param('tag_content'));
        }
        if (param('archive_content', 'string', NULL) !== NULL) {
            // What kind of content on archive pages?
            $this->set_setting('archive_content', get_param('archive_content'));
        }
        if (param('filtered_content', 'string', NULL) !== NULL) {
            // What kind of content on filtered pages?
            $this->set_setting('filtered_content', get_param('filtered_content'));
        }
        if (param('main_content', 'string', NULL) !== NULL) {
            // What kind of content on main pages?
            $this->set_setting('main_content', get_param('main_content'));
        }
        // Chapter posts per page:
        $this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true);
        // Tag posts per page:
        $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true);
        if (param('single_links', 'string', NULL) !== NULL) {
            // Single post link type:
            $this->set_setting('single_links', get_param('single_links'));
        }
        if (param('slug_limit', 'integer', NULL) !== NULL) {
            // Limit slug length:
            $this->set_setting('slug_limit', get_param('slug_limit'));
        }
        if (param('normal_skin_ID', 'integer', NULL) !== NULL) {
            // Default blog:
            $this->set_setting('normal_skin_ID', get_param('normal_skin_ID'));
        }
        if (param('mobile_skin_ID', 'integer', NULL) !== NULL) {
            // Default blog:
            $this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID'));
        }
        if (param('tablet_skin_ID', 'integer', NULL) !== NULL) {
            // Default blog:
            $this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID'));
        }
        if (param('archives_sort_order', 'string', NULL) !== NULL) {
            $this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false));
        }
        if (param('feed_content', 'string', NULL) !== NULL) {
            // How much content in feeds?
            $this->set_setting('feed_content', get_param('feed_content'));
            param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.'));
            $this->set_setting('posts_per_feed', get_param('posts_per_feed'));
        }
        if (param('comment_feed_content', 'string', NULL) !== NULL) {
            // How much content in comment feeds?
            $this->set_setting('comment_feed_content', get_param('comment_feed_content'));
            param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.'));
            $this->set_setting('comments_per_feed', get_param('comments_per_feed'));
        }
        if (param('require_title', 'string', NULL) !== NULL) {
            // Title for items required?
            $this->set_setting('require_title', get_param('require_title'));
        }
        if (param('blog_description', 'string', NULL) !== NULL) {
            // Description:
            $this->set_from_Request('shortdesc', 'blog_description');
        }
        if (param('blog_keywords', 'string', NULL) !== NULL) {
            // Keywords:
            $this->set_from_Request('keywords');
        }
        if (param('blog_tagline', 'html', NULL) !== NULL) {
            // HTML tagline:
            param_check_html('blog_tagline', T_('Invalid tagline'));
            $this->set('tagline', get_param('blog_tagline'));
        }
        if (param('blog_longdesc', 'html', NULL) !== NULL) {
            // HTML long description:
            param_check_html('blog_longdesc', T_('Invalid long description'));
            $this->set('longdesc', get_param('blog_longdesc'));
        }
        if (param('blog_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('blog_footer_text', T_('Invalid blog footer'));
            $this->set_setting('blog_footer_text', get_param('blog_footer_text'));
        }
        if (param('single_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('single_item_footer_text', T_('Invalid single post footer'));
            $this->set_setting('single_item_footer_text', get_param('single_item_footer_text'));
        }
        if (param('xml_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('xml_item_footer_text', T_('Invalid RSS footer'));
            $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text'));
        }
        if (param('blog_notes', 'html', NULL) !== NULL) {
            // HTML notes:
            param_check_html('blog_notes', T_('Invalid Blog Notes'));
            $this->set('notes', get_param('blog_notes'));
            param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.'));
            $this->set_setting('max_footer_credits', get_param('max_footer_credits'));
        }
        if (in_array('pings', $groups)) {
            // we want to load the ping checkboxes:
            $blog_ping_plugins = param('blog_ping_plugins', 'array/string', array());
            $blog_ping_plugins = array_unique($blog_ping_plugins);
            $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins));
        }
        if (in_array('authors', $groups)) {
            // we want to load the multiple authors params
            $this->set('advanced_perms', param('advanced_perms', 'integer', 0));
            $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0));
        }
        if (in_array('features', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('allow_html_post', param('allow_html_post', 'integer', 0));
            $this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL));
            $this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL));
            $this->set_setting('default_post_status', param('default_post_status', 'string', NULL));
            $this->set_setting('post_categories', param('post_categories', 'string', NULL));
            $this->set_setting('post_navigation', param('post_navigation', 'string', NULL));
            // Show x days or x posts?:
            $this->set_setting('what_to_show', param('what_to_show', 'string', ''));
            param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.'));
            $this->set_setting('posts_per_page', get_param('posts_per_page'));
            $this->set_setting('orderby', param('orderby', 'string', true));
            $this->set_setting('orderdir', param('orderdir', 'string', true));
            // Time frame
            $this->set_setting('timestamp_min', param('timestamp_min', 'string', ''));
            $this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration'));
            $this->set_setting('timestamp_max', param('timestamp_max', 'string', ''));
            $this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration'));
            // Location
            $location_country = param('location_country', 'string', 'hidden');
            $location_region = param('location_region', 'string', 'hidden');
            $location_subregion = param('location_subregion', 'string', 'hidden');
            $location_city = param('location_city', 'string', 'hidden');
            if ($location_city == 'required') {
                // If city is required - all location fields also are required
                $location_country = $location_region = $location_subregion = 'required';
            } else {
                if ($location_subregion == 'required') {
                    // If subregion is required - country & region fields also are required
                    $location_country = $location_region = 'required';
                } else {
                    if ($location_region == 'required') {
                        // If region is required - country field also is required
                        $location_country = 'required';
                    }
                }
            }
            $this->set_setting('location_country', $location_country);
            $this->set_setting('location_region', $location_region);
            $this->set_setting('location_subregion', $location_subregion);
            $this->set_setting('location_city', $location_city);
            // Set to show Latitude & Longitude params for this blog items
            $this->set_setting('show_location_coordinates', param('show_location_coordinates', 'integer', 0));
            // Load custom double & varchar fields
            $custom_field_names = array();
            $this->load_custom_fields('double', $update_cascade_query, $custom_field_names);
            $this->load_custom_fields('varchar', $update_cascade_query, $custom_field_names);
            if (!empty($update_cascade_query)) {
                // Some custom fields were deleted and these fields must be deleted from the item settings table also. Add required query.
                $this->CollectionSettings->add_update_cascade($update_cascade_query);
            }
            // call modules update_collection_features on this blog
            modules_call_method('update_collection_features', array('edited_Blog' => &$this));
        }
        if (in_array('comments', $groups)) {
            // we want to load the workflow checkboxes:
            // load moderation statuses
            $moderation_statuses = get_visibility_statuses('moderation');
            $blog_moderation_statuses = array();
            foreach ($moderation_statuses as $status) {
                if (param('notif_' . $status, 'integer', 0)) {
                    $blog_moderation_statuses[] = $status;
                }
            }
            $this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses));
            $this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire'));
            $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
            $this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0));
            $this->set_setting('comments_register', param('comments_register', 'integer', 0));
        }
        if (in_array('other', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0));
            $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0));
            $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
            // Public blog list
            $this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0));
            $this->set_setting('image_size_user_list', param('image_size_user_list', 'string'));
            $this->set_setting('image_size_messaging', param('image_size_messaging', 'string'));
            $this->set_setting('archive_mode', param('archive_mode', 'string', true));
        }
        if (param('allow_comments', 'string', NULL) !== NULL) {
            // Feedback options:
            $this->set_setting('allow_comments', param('allow_comments', 'string', 'any'));
            $this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any'));
            $new_feedback_status = param('new_feedback_status', 'string', 'draft');
            if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
                // Only admin can set this setting to 'Public'
                $this->set_setting('new_feedback_status', $new_feedback_status);
            }
            $this->set_setting('disable_comments_bypost', param('disable_comments_bypost', 'string', '0'));
            $this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0'));
            $this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0'));
            $this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered'));
            $this->set_setting('max_attachments', param('max_attachments', 'integer', ''));
            $this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never'));
            $this->set_setting('rating_question', param('rating_question', 'text'));
            $this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0'));
            $blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0);
            if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
                // Only admin can turn ON this setting
                $this->set('allowtrackbacks', $blog_allowtrackbacks);
            }
            $this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC'));
            // call modules update_collection_comments on this blog
            modules_call_method('update_collection_comments', array('edited_Blog' => &$this));
            $threaded_comments = param('threaded_comments', 'integer', 0);
            $this->set_setting('threaded_comments', $threaded_comments);
            $this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0));
            param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.'));
            $this->set_setting('comments_per_page', get_param('comments_per_page'));
            $this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0));
            $this->set_setting('comments_latest', param('comments_latest', 'integer', 0));
        }
        if (in_array('seo', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0));
            $this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0));
            $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0));
            $this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0));
            $this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0));
            $this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0));
            $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0));
            $this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0));
            $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0));
            $this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0));
            $this->set_setting('default_noindex', param('default_noindex', 'integer', 0));
            $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0));
            $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0));
            $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0));
            $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0));
            $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0));
            $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0));
            $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0));
            $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0));
            $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0));
            $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0));
            $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0));
            $this->set_setting('special_noindex', param('special_noindex', 'integer', 0));
            $this->set_setting('title_link_type', param('title_link_type', 'string', ''));
            $this->set_setting('permalinks', param('permalinks', 'string', ''));
            $this->set_setting('404_response', param('404_response', 'string', ''));
            $this->set_setting('help_link', param('help_link', 'string', ''));
            $this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0));
            $this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0));
            $this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0));
        }
        /*
         * ADVANCED ADMIN SETTINGS
         */
        if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) {
            // We have permission to edit advanced admin settings:
            if (in_array('cache', $groups)) {
                // we want to load the cache params:
                $this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0));
                $this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0));
                $this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0));
            }
            if (in_array('styles', $groups)) {
                // we want to load the styles params:
                $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0));
                $this->set('allowusercss', param('blog_allowusercss', 'integer', 0));
            }
            if (in_array('login', $groups)) {
                // we want to load the login params:
                $this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0));
                $this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0));
            }
            if (param('blog_head_includes', 'html', NULL) !== NULL) {
                // HTML header includes:
                param_check_html('blog_head_includes', T_('Invalid Custom meta section'));
                $this->set_setting('head_includes', get_param('blog_head_includes'));
            }
            if (param('blog_footer_includes', 'html', NULL) !== NULL) {
                // HTML header includes:
                param_check_html('blog_footer_includes', T_('Invalid Custom javascript section'));
                $this->set_setting('footer_includes', get_param('blog_footer_includes'));
            }
            if (param('owner_login', 'string', NULL) !== NULL) {
                // Permissions:
                $UserCache =& get_UserCache();
                $owner_User =& $UserCache->get_by_login(get_param('owner_login'));
                if (empty($owner_User)) {
                    param_error('owner_login', sprintf(T_('User &laquo;%s&raquo; does not exist!'), get_param('owner_login')));
                } else {
                    $this->set('owner_user_ID', $owner_User->ID);
                    $this->owner_User =& $owner_User;
                }
            }
            if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) {
                // check urlname
                if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) {
                    if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) {
                        param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "&laquo;{$blog_urlname}&raquo;"));
                        $blog_urlname = NULL;
                    }
                    if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*)
															FROM T_blogs
															WHERE blog_urlname = ' . $DB->quote($blog_urlname) . '
															AND blog_ID <> ' . $this->ID)) {
                        // urlname is already in use
                        param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another blog. Please choose another name.'), "&laquo;{$blog_urlname}&raquo;"));
                        $blog_urlname = NULL;
                    }
                    if (isset($blog_urlname)) {
                        $this->set_from_Request('urlname');
                    }
                }
            }
            if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) {
                // Blog URL parameters:
                $this->set('access_type', $access_type);
                if ($access_type == 'absolute') {
                    $blog_siteurl = param('blog_siteurl_absolute', 'string', true);
                    if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) {
                        // It looks like valid absolute URL, so we may update the blog siteurl
                        $this->set('siteurl', $blog_siteurl);
                    } else {
                        // It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors
                        $Messages->add(T_('Blog Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '&laquo;' . htmlspecialchars($blog_siteurl) . '&raquo;') . ' ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error');
                    }
                } elseif ($access_type == 'relative') {
                    // relative siteurl
                    $blog_siteurl = param('blog_siteurl_relative', 'string', true);
                    if (preg_match('#^https?://#', $blog_siteurl)) {
                        $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error');
                    }
                    $this->set('siteurl', $blog_siteurl);
                } else {
                    $this->set('siteurl', '');
                }
            }
            if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) {
                // Aggregate list: (can be '*')
                $aggregate_coll_IDs = get_param('aggregate_coll_IDs');
                if ($aggregate_coll_IDs != '*') {
                    // Sanitize the string
                    $aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs);
                }
                // fp> TODO: check perms on each aggregated blog (if changed)
                // fp> TODO: better interface
                if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) {
                    param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!'));
                }
                $this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs);
            }
            if (param('blog_media_location', 'string', NULL) !== NULL) {
                // Media files location:
                $this->set_from_Request('media_location');
                $this->set_media_subdir(param('blog_media_subdir', 'string', ''));
                $this->set_media_fullpath(param('blog_media_fullpath', 'string', ''));
                $this->set_media_url(param('blog_media_url', 'string', ''));
                // check params
                switch ($this->get('media_location')) {
                    case 'custom':
                        // custom path and URL
                        global $demo_mode, $media_path;
                        if ($this->get('media_fullpath') == '') {
                            param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.'));
                        }
                        if (!preg_match('#^https?://#', $this->get('media_url'))) {
                            param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'));
                        }
                        if ($demo_mode) {
                            $canonical_fullpath = get_canonical_path($this->get('media_fullpath'));
                            if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) {
                                param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.');
                            }
                        }
                        break;
                    case 'subdir':
                        global $media_path;
                        if ($this->get('media_subdir') == '') {
                            param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.'));
                        } else {
                            // Test if it's below $media_path (subdir!)
                            $canonical_path = get_canonical_path($media_path . $this->get('media_subdir'));
                            if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) {
                                param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory &laquo;%s&raquo;.'), format_to_output($this->get('media_subdir'))));
                            } else {
                                // Validate if it's a valid directory name:
                                $subdir = no_trailing_slash(substr($canonical_path, strlen($media_path)));
                                if ($error = validate_dirname($subdir)) {
                                    param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error);
                                }
                            }
                        }
                        break;
                }
            }
        }
        return !param_errors_detected();
    }
示例#4
0
文件: _item.class.php 项目: LFSF/oras
 /**
  * Load data from Request form fields.
  *
  * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set).
  *
  * @param boolean true to force edit date (as long as perms permit)
  * @return boolean true if loaded data seems valid.
  */
 function load_from_Request($force_edit_date = false)
 {
     global $default_locale, $current_User;
     if (param('post_locale', 'string', NULL) !== NULL) {
         $this->set_from_Request('locale');
     }
     if (param('item_typ_ID', 'integer', NULL) !== NULL) {
         $this->set_from_Request('ptyp_ID', 'item_typ_ID');
     }
     if (param('post_url', 'string', NULL) !== NULL) {
         param_check_url('post_url', 'posting', '');
         $this->set_from_Request('url');
     }
     // Note: post_url is not part of the simple form, so this message can be a little bit awkward there
     if ($this->status == 'redirected' && empty($this->url)) {
         param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)'));
     }
     if (($force_edit_date || param('edit_date', 'integer', 0)) && $current_User->check_perm('edit_timestamp')) {
         // We can use user date:
         param_date('item_issue_date', T_('Please enter a valid issue date.'), $force_edit_date);
         if (strlen(get_param('item_issue_date'))) {
             // only set it, if a date was given:
             param_time('item_issue_time');
             $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time')));
             // TODO: cleanup...
         }
     }
     if (param('post_excerpt', 'string', NULL) !== NULL) {
         $this->set_from_Request('excerpt');
     }
     if (param('post_urltitle', 'string', NULL) !== NULL) {
         $this->set_from_Request('urltitle');
     }
     if (param('item_tags', 'string', NULL) !== NULL) {
         $this->set_tags_from_string(get_param('item_tags'));
         // pre_dump( $this->tags );
     }
     // Workflow stuff:
     if (param('item_st_ID', 'integer', NULL) !== NULL) {
         $this->set_from_Request('pst_ID', 'item_st_ID');
     }
     if (param('item_assigned_user_ID', 'integer', NULL) !== NULL) {
         $this->assign_to(get_param('item_assigned_user_ID'));
     }
     if (param('item_priority', 'integer', NULL) !== NULL) {
         $this->set_from_Request('priority', 'item_priority', true);
     }
     if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) {
         $this->set_from_Request('datedeadline', 'item_deadline', true);
     }
     // Allow comments for this item (only if set to "post_by_post" for the Blog):
     $this->load_Blog();
     if ($this->Blog->allowcomments == 'post_by_post') {
         if (param('post_comment_status', 'string', 'open') !== NULL) {
             // 'open' or 'closed' or ...
             $this->set_from_Request('comment_status');
         }
     }
     if (param('renderers_displayed', 'integer', 0)) {
         // use "renderers" value only if it has been displayed (may be empty)
         $Plugins_admin =& get_Cache('Plugins_admin');
         $renderers = $Plugins_admin->validate_renderer_list(param('renderers', 'array', array()));
         $this->set('renderers', $renderers);
     } else {
         $renderers = $this->get_renderers_validated();
     }
     if (param('content', 'html', NULL) !== NULL) {
         param('post_title', 'html', NULL);
         // Do some optional filtering on the content
         // Typically stuff that will help the content to validate
         // Useful for code display.
         // Will probably be used for validation also.
         $Plugins_admin =& get_Cache('Plugins_admin');
         $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers);
         // Format raw HTML input to cleaned up and validated HTML:
         param_check_html('post_title', T_('Invalid title.'), '');
         $this->set('title', get_param('post_title'));
         param_check_html('content', T_('Invalid content.'));
         $this->set('content', get_param('content'));
     }
     return !param_errors_detected();
 }
示例#5
0
     // If this is not a member comment
     param('newcomment_author', 'string', true);
     param('newcomment_author_email', 'string');
     param('newcomment_author_url', 'string');
     param_check_not_empty('newcomment_author', T_('Please enter and author name.'), '');
     $edited_Comment->set('author', $newcomment_author);
     param_check_email('newcomment_author_email', false);
     $edited_Comment->set('author_email', $newcomment_author_email);
     param_check_url('newcomment_author_url', 'posting', '');
     // Give posting permissions here
     $edited_Comment->set('author_url', $newcomment_author_url);
 }
 // Content:
 param('content', 'html');
 param('post_autobr', 'integer', $comments_use_autobr == 'always' ? 1 : 0);
 param_check_html('content', T_('Invalid comment text.'), '#', $post_autobr);
 // Check this is backoffice content (NOT with comment rules)
 $edited_Comment->set('content', get_param('content'));
 if ($current_User->check_perm('edit_timestamp')) {
     // We use user date
     param_date('comment_issue_date', T_('Please enter a valid comment date.'), true);
     if (strlen(get_param('comment_issue_date'))) {
         // only set it, if a date was given:
         param_time('comment_issue_time');
         $edited_Comment->set('date', form_date(get_param('comment_issue_date'), get_param('comment_issue_time')));
         // TODO: cleanup...
     }
 }
 param('comment_rating', 'integer', NULL);
 $edited_Comment->set_from_Request('rating');
 param('comment_status', 'string', 'published');
示例#6
0
             $Messages->add(T_('The ID of the parent comment you entered does not exist.'), 'error');
         } elseif ($Comment->item_ID != $edited_Comment_Item->ID) {
             // Item of new reply comment is not same
             $Messages->add(T_('The ID of the parent comment must belong to the same post.'), 'error');
         }
     } else {
         // Deny wrong comment ID
         $in_reply_to_cmt_ID = NULL;
     }
     $edited_Comment->set('in_reply_to_cmt_ID', $in_reply_to_cmt_ID, true);
 }
 // Trigger event: a Plugin could add a $category="error" message here..
 // This must get triggered before any internal validation and must pass all relevant params.
 // The OpenID plugin will validate a given OpenID here (via redirect and coming back here).
 $Plugins->trigger_event('CommentFormSent', array('dont_remove_pre' => true, 'comment_item_ID' => $edited_Comment_Item->ID, 'comment' => &$content, 'renderers' => $edited_Comment->get_renderers()));
 param_check_html('content', T_('Invalid comment text.'));
 // Check this is backoffice content (NOT with comment rules)
 param_check_not_empty('content', T_('Empty comment content is not allowed.'));
 $edited_Comment->set('content', get_param('content'));
 if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $Blog->ID)) {
     // We use user date
     param_date('comment_issue_date', T_('Please enter a valid comment date.'), true);
     if (strlen(get_param('comment_issue_date'))) {
         // only set it, if a date was given:
         param_time('comment_issue_time');
         $edited_Comment->set('date', form_date(get_param('comment_issue_date'), get_param('comment_issue_time')));
         // TODO: cleanup...
     }
 }
 param('comment_rating', 'integer', NULL);
 $edited_Comment->set_from_Request('rating');
示例#7
0
 /**
  * Load data from Request form fields.
  *
  * @return boolean true if loaded data seems valid.
  */
 function load_from_Request()
 {
     global $Plugins, $msg_text, $Settings;
     $new_thread = empty($this->thread_ID);
     // Renderers:
     if (param('renderers_displayed', 'integer', 0)) {
         // use "renderers" value only if it has been displayed (may be empty)
         $renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Message' => &$this));
         $this->set_renderers($renderers);
     }
     // Text
     if ($Settings->get('allow_html_message')) {
         // HTML is allowed for messages
         $text_format = 'html';
     } else {
         // HTML is disallowed for messages
         $text_format = 'htmlspecialchars';
     }
     $msg_text = param('msg_text', $text_format);
     $this->original_text = html_entity_decode($msg_text);
     // This must get triggered before any internal validation and must pass all relevant params.
     $Plugins->trigger_event('MessageThreadFormSent', array('content' => &$msg_text, 'dont_remove_pre' => true, 'renderers' => $this->get_renderers_validated()));
     if (!$new_thread) {
         param_check_not_empty('msg_text');
     }
     if ($text_format == 'html') {
         // message text may contain html, check the html sanity
         param_check_html('msg_text', T_('Invalid message content.'));
     }
     $this->set('text', get_param('msg_text'));
     // Thread
     if ($new_thread) {
         $this->Thread->load_from_Request();
     } else {
         // this is a reply to an existing conversation, check if current User is allowed to reply
         $this->get_Thread();
         if ($this->Thread->check_allow_reply()) {
             // If reply is allowed we should check if this message is not a duplicate
             global $DB, $current_User;
             // Get last message of current user in this thread
             $SQL = new SQL();
             $SQL->SELECT('msg_text');
             $SQL->FROM('T_messaging__message');
             $SQL->WHERE('msg_thread_ID = ' . $this->Thread->ID);
             $SQL->WHERE_and('msg_author_user_ID = ' . $current_User->ID);
             $SQL->ORDER_BY('msg_ID DESC');
             $last_message = $DB->get_var($SQL->get());
             if ($last_message == $msg_text) {
                 param_error('msg_text', T_('It seems you tried to send the same message twice. We only kept one copy.'));
             }
         }
     }
     return !param_errors_detected();
 }
 /**
  * Load data from Request form fields.
  *
  * @return boolean true if loaded data seems valid.
  */
 function load_from_Request()
 {
     if (param('ecmp_name', 'string', NULL) !== NULL) {
         // Name
         param_string_not_empty('ecmp_name', T_('Please enter a campaign name.'));
         $this->set_from_Request('name');
     }
     if (param('ecmp_email_title', 'string', NULL) !== NULL) {
         // Email title
         param_string_not_empty('ecmp_email_title', T_('Please enter an email title.'));
         $this->set_from_Request('email_title');
     }
     if (param('ecmp_email_html', 'html', NULL) !== NULL) {
         // Email HTML message
         param_check_html('ecmp_email_html', T_('Please enter an HTML message.'));
         $this->set_from_Request('email_html');
     }
     if (param('ecmp_email_text', 'text', NULL) !== NULL) {
         // Email Plain- Text message
         $this->set_from_Request('email_text');
     }
     return !param_errors_detected();
 }
示例#9
0
    /**
     * Load data from Request form fields.
     *
     * @param array groups of params to load
     * @return boolean true if loaded data seems valid.
     */
    function load_from_Request($groups = array())
    {
        global $Messages, $default_locale, $DB;
        /**
         * @var User
         */
        global $current_User;
        // Load collection settings and clear update cascade array
        $this->load_CollectionSettings();
        if (param('blog_name', 'string', NULL) !== NULL) {
            // General params:
            $this->set_from_Request('name');
            $this->set('shortname', param('blog_shortname', 'string', true));
            // Language / locale:
            if (param('blog_locale', 'string', NULL) !== NULL) {
                // These settings can be hidden when only one locale is enaled in the system
                $this->set_from_Request('locale');
                $this->set_setting('locale_source', param('blog_locale_source', 'string', 'blog'));
                $this->set_setting('post_locale_source', param('blog_post_locale_source', 'string', 'post'));
            }
            // Collection permissions:
            $this->set('advanced_perms', param('advanced_perms', 'integer', 0));
            $this->set_setting('allow_access', param('blog_allow_access', 'string', ''));
            if ($this->get_setting('allow_access') == 'users' || $this->get_setting('allow_access') == 'members') {
                // Disable site maps, feeds and ping plugins when access is restricted on this blog
                $this->set_setting('enable_sitemaps', 0);
                $this->set_setting('feed_content', 'none');
                $this->set_setting('ping_plugins', '');
            }
            // Lists of collections:
            $this->set('order', param('blog_order', 'integer'));
            $this->set('in_bloglist', param('blog_in_bloglist', 'string', 'public'));
            $this->set('favorite', param('favorite', 'integer', 0));
        }
        if (param('archive_links', 'string', NULL) !== NULL) {
            // Archive link type:
            $this->set_setting('archive_links', get_param('archive_links'));
            $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true);
        }
        if (param('chapter_links', 'string', NULL) !== NULL) {
            // Chapter link type:
            $this->set_setting('chapter_links', get_param('chapter_links'));
        }
        if (param('category_prefix', 'string', NULL) !== NULL) {
            $category_prefix = get_param('category_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
                param_error('category_prefix', T_('Invalid category prefix.'));
            }
            $this->set_setting('category_prefix', $category_prefix);
        }
        if (param('atom_redirect', 'string', NULL) !== NULL) {
            param_check_url('atom_redirect', 'commenting');
            $this->set_setting('atom_redirect', get_param('atom_redirect'));
            param('rss2_redirect', 'string', NULL);
            param_check_url('rss2_redirect', 'commenting');
            $this->set_setting('rss2_redirect', get_param('rss2_redirect'));
        }
        if (param('image_size', 'string', NULL) !== NULL) {
            $this->set_setting('image_size', get_param('image_size'));
        }
        if (param('tag_links', 'string', NULL) !== NULL) {
            // Tag page link type:
            $this->set_setting('tag_links', get_param('tag_links'));
        }
        if (param('tag_prefix', 'string', NULL) !== NULL) {
            $tag_prefix = get_param('tag_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) {
                param_error('tag_prefix', T_('Invalid tag prefix.'));
            }
            $this->set_setting('tag_prefix', $tag_prefix);
        }
        // Default to "tag", if "prefix-only" is used, but no tag_prefix was provided.
        if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) {
            $this->set_setting('tag_prefix', 'tag');
        }
        // Use rel="tag" attribute? (checkbox)
        $this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0));
        if (param('chapter_content', 'string', NULL) !== NULL) {
            // What kind of content on chapter pages?
            $this->set_setting('chapter_content', get_param('chapter_content'));
        }
        if (param('tag_content', 'string', NULL) !== NULL) {
            // What kind of content on tags pages?
            $this->set_setting('tag_content', get_param('tag_content'));
        }
        if (param('archive_content', 'string', NULL) !== NULL) {
            // What kind of content on archive pages?
            $this->set_setting('archive_content', get_param('archive_content'));
        }
        if (param('filtered_content', 'string', NULL) !== NULL) {
            // What kind of content on filtered pages?
            $this->set_setting('filtered_content', get_param('filtered_content'));
        }
        if (param('main_content', 'string', NULL) !== NULL) {
            // What kind of content on main pages?
            $this->set_setting('main_content', get_param('main_content'));
        }
        // Chapter posts per page:
        $this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true);
        // Tag posts per page:
        $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true);
        if (param('single_links', 'string', NULL) !== NULL) {
            // Single post link type:
            $this->set_setting('single_links', get_param('single_links'));
        }
        if (param('slug_limit', 'integer', NULL) !== NULL) {
            // Limit slug length:
            $this->set_setting('slug_limit', get_param('slug_limit'));
        }
        if (param('normal_skin_ID', 'integer', NULL) !== NULL) {
            // Normal skin ID:
            $this->set_setting('normal_skin_ID', get_param('normal_skin_ID'));
        }
        if (param('mobile_skin_ID', 'integer', NULL) !== NULL) {
            // Mobile skin ID:
            if (get_param('mobile_skin_ID') == 0) {
                // Don't store this empty setting in DB
                $this->delete_setting('mobile_skin_ID');
            } else {
                // Set mobile skin
                $this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID'));
            }
        }
        if (param('tablet_skin_ID', 'integer', NULL) !== NULL) {
            // Tablet skin ID:
            if (get_param('tablet_skin_ID') == 0) {
                // Don't store this empty setting in DB
                $this->delete_setting('tablet_skin_ID');
            } else {
                // Set tablet skin
                $this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID'));
            }
        }
        if (param('archives_sort_order', 'string', NULL) !== NULL) {
            // Archive sorting
            $this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false));
        }
        if (param('download_delay', 'integer', NULL) !== NULL) {
            // Download delay
            param_check_range('download_delay', 0, 10, T_('Download delay must be numeric (0-10).'));
            $this->set_setting('download_delay', get_param('download_delay'));
        }
        if (param('feed_content', 'string', NULL) !== NULL) {
            // How much content in feeds?
            $this->set_setting('feed_content', get_param('feed_content'));
            param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.'));
            $this->set_setting('posts_per_feed', get_param('posts_per_feed'));
        }
        if (param('comment_feed_content', 'string', NULL) !== NULL) {
            // How much content in comment feeds?
            $this->set_setting('comment_feed_content', get_param('comment_feed_content'));
            param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.'));
            $this->set_setting('comments_per_feed', get_param('comments_per_feed'));
        }
        if (param('blog_shortdesc', 'string', NULL) !== NULL) {
            // Description:
            $this->set_from_Request('shortdesc');
        }
        if (param('blog_keywords', 'string', NULL) !== NULL) {
            // Keywords:
            $this->set_from_Request('keywords');
        }
        if (param('blog_tagline', 'html', NULL) !== NULL) {
            // HTML tagline:
            param_check_html('blog_tagline', T_('Invalid tagline'));
            $this->set('tagline', get_param('blog_tagline'));
        }
        if (param('blog_longdesc', 'html', NULL) !== NULL) {
            // HTML long description:
            param_check_html('blog_longdesc', T_('Invalid long description'));
            $this->set('longdesc', get_param('blog_longdesc'));
        }
        if (param('blog_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('blog_footer_text', T_('Invalid blog footer'));
            $this->set_setting('blog_footer_text', get_param('blog_footer_text'));
        }
        if (param('single_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('single_item_footer_text', T_('Invalid single post footer'));
            $this->set_setting('single_item_footer_text', get_param('single_item_footer_text'));
        }
        if (param('xml_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('xml_item_footer_text', T_('Invalid RSS footer'));
            $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text'));
        }
        if (param('blog_notes', 'html', NULL) !== NULL) {
            // HTML notes:
            param_check_html('blog_notes', T_('Invalid Blog Notes'));
            $this->set('notes', get_param('blog_notes'));
            param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.'));
            $this->set_setting('max_footer_credits', get_param('max_footer_credits'));
        }
        if (in_array('pings', $groups)) {
            // we want to load the ping checkboxes:
            $blog_ping_plugins = param('blog_ping_plugins', 'array:string', array());
            $blog_ping_plugins = array_unique($blog_ping_plugins);
            $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins));
        }
        if (in_array('authors', $groups)) {
            // we want to load the workflow & permissions params
            $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0));
        }
        if (in_array('home', $groups)) {
            // we want to load the front page params:
            $front_disp = param('front_disp', 'string', '');
            $this->set_setting('front_disp', $front_disp);
            $front_post_ID = param('front_post_ID', 'integer', 0);
            if ($front_disp == 'page') {
                // Post ID must be required
                param_check_not_empty('front_post_ID', T_('Please enter a specific post ID'));
            }
            $this->set_setting('front_post_ID', $front_post_ID);
        }
        if (in_array('features', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL));
            $this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL));
            $this->set_setting('default_post_status', param('default_post_status', 'string', NULL));
            $this->set_setting('post_categories', param('post_categories', 'string', NULL));
            $this->set_setting('post_navigation', param('post_navigation', 'string', NULL));
            // Show x days or x posts?:
            $this->set_setting('what_to_show', param('what_to_show', 'string', ''));
            param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.'));
            $this->set_setting('posts_per_page', get_param('posts_per_page'));
            $this->set_setting('orderby', param('orderby', 'string', true));
            $this->set_setting('orderdir', param('orderdir', 'string', true));
            // Front office statuses
            $this->load_inskin_statuses('post');
            // Time frame
            $this->set_setting('timestamp_min', param('timestamp_min', 'string', ''));
            $this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration'));
            $this->set_setting('timestamp_max', param('timestamp_max', 'string', ''));
            $this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration'));
            // call modules update_collection_features on this blog
            modules_call_method('update_collection_features', array('edited_Blog' => &$this));
            // load post moderation statuses
            $moderation_statuses = get_visibility_statuses('moderation');
            $post_moderation_statuses = array();
            foreach ($moderation_statuses as $status) {
                if (param('post_notif_' . $status, 'integer', 0)) {
                    $post_moderation_statuses[] = $status;
                }
            }
            $this->set_setting('post_moderation_statuses', implode(',', $post_moderation_statuses));
        }
        if (in_array('comments', $groups)) {
            // we want to load the comments settings:
            // load moderation statuses
            $moderation_statuses = get_visibility_statuses('moderation');
            $blog_moderation_statuses = array();
            foreach ($moderation_statuses as $status) {
                if (param('notif_' . $status, 'integer', 0)) {
                    $blog_moderation_statuses[] = $status;
                }
            }
            $this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses));
            $this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire'));
            $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
            $this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0));
            $this->set_setting('comments_register', param('comments_register', 'integer', 0));
        }
        if (in_array('other', $groups)) {
            // we want to load the other settings:
            // Search results:
            param_integer_range('search_per_page', 1, 9999, T_('Number of search results per page must be between %d and %d.'));
            $this->set_setting('search_per_page', get_param('search_per_page'));
            // Latest comments :
            param_integer_range('latest_comments_num', 1, 9999, T_('Number of shown comments must be between %d and %d.'));
            $this->set_setting('latest_comments_num', get_param('latest_comments_num'));
            // User directory:
            $this->set_setting('image_size_user_list', param('image_size_user_list', 'string'));
            // Messaging pages:
            $this->set_setting('image_size_messaging', param('image_size_messaging', 'string'));
            // Archive pages:
            $this->set_setting('archive_mode', param('archive_mode', 'string', true));
        }
        if (in_array('more', $groups)) {
            // we want to load more settings:
            // Tracking:
            $this->set_setting('track_unread_content', param('track_unread_content', 'integer', 0));
            // Subscriptions:
            $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0));
            $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
            // Sitemaps:
            $this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0));
        }
        if (param('allow_comments', 'string', NULL) !== NULL) {
            // Feedback options:
            $this->set_setting('allow_comments', param('allow_comments', 'string', 'any'));
            $this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any'));
            $new_feedback_status = param('new_feedback_status', 'string', 'draft');
            if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
                // Only admin can set this setting to 'Public'
                $this->set_setting('new_feedback_status', $new_feedback_status);
            }
            $this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0'));
            $this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0'));
            $this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered'));
            $this->set_setting('max_attachments', param('max_attachments', 'integer', ''));
            $this->set_setting('autocomplete_usernames', param('autocomplete_usernames', 'integer', ''));
            $this->set_setting('display_rating_summary', param('display_rating_summary', 'string', '0'));
            $this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never'));
            $this->set_setting('rating_question', param('rating_question', 'text'));
            $this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0'));
            $blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0);
            if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
                // Only admin can turn ON this setting
                $this->set('allowtrackbacks', $blog_allowtrackbacks);
            }
            $this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC'));
            // call modules update_collection_comments on this blog
            modules_call_method('update_collection_comments', array('edited_Blog' => &$this));
            $threaded_comments = param('threaded_comments', 'integer', 0);
            $this->set_setting('threaded_comments', $threaded_comments);
            $this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0));
            param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.'));
            $this->set_setting('comments_per_page', get_param('comments_per_page'));
            $this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0));
            $this->set_setting('comments_latest', param('comments_latest', 'integer', 0));
            // load blog front office comment statuses
            $this->load_inskin_statuses('comment');
        }
        if (in_array('seo', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0));
            $this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0));
            $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0));
            $this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0));
            $this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0));
            $this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0));
            $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0));
            $this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0));
            $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0));
            $this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0));
            $this->set_setting('default_noindex', param('default_noindex', 'integer', 0));
            $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0));
            $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0));
            $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0));
            $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0));
            $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0));
            $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0));
            $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0));
            $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0));
            $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0));
            $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0));
            $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0));
            $this->set_setting('special_noindex', param('special_noindex', 'integer', 0));
            $this->set_setting('title_link_type', param('title_link_type', 'string', ''));
            $this->set_setting('permalinks', param('permalinks', 'string', ''));
            $this->set_setting('404_response', param('404_response', 'string', ''));
            $this->set_setting('help_link', param('help_link', 'string', ''));
            $this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0));
            $this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0));
            $this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0));
            $this->set_setting('tags_open_graph', param('tags_open_graph', 'integer', 0));
            $this->set_setting('download_noindex', param('download_noindex', 'integer', 0));
            $this->set_setting('download_nofollowto', param('download_nofollowto', 'integer', 0));
        }
        /*
         * ADVANCED ADMIN SETTINGS
         */
        if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) {
            // We have permission to edit advanced admin settings:
            if (in_array('cache', $groups)) {
                // we want to load the cache params:
                $this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0));
                $this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0));
                $this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0));
            }
            if (in_array('styles', $groups)) {
                // we want to load the styles params:
                $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0));
                $this->set('allowusercss', param('blog_allowusercss', 'integer', 0));
            }
            if (in_array('login', $groups)) {
                // we want to load the login params:
                if (!get_setting_Blog('login_blog_ID')) {
                    // Update this only when no blog is defined for login/registration
                    $this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0));
                }
                $this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0));
            }
            if (param('blog_head_includes', 'html', NULL) !== NULL) {
                // HTML header includes:
                param_check_html('blog_head_includes', T_('Invalid Custom meta tag/css section.'), '#', 'head_extension');
                $this->set_setting('head_includes', get_param('blog_head_includes'));
            }
            if (param('blog_footer_includes', 'html', NULL) !== NULL) {
                // HTML header includes:
                param_check_html('blog_footer_includes', T_('Invalid Custom javascript section'));
                $this->set_setting('footer_includes', get_param('blog_footer_includes'));
            }
            if (param('owner_login', 'string', NULL) !== NULL) {
                // Permissions:
                $UserCache =& get_UserCache();
                $owner_User =& $UserCache->get_by_login(get_param('owner_login'));
                if (empty($owner_User)) {
                    param_error('owner_login', sprintf(T_('User &laquo;%s&raquo; does not exist!'), get_param('owner_login')));
                } else {
                    $this->set('owner_user_ID', $owner_User->ID);
                    $this->owner_User =& $owner_User;
                }
            }
            if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) {
                // check urlname
                if (param_check_not_empty('blog_urlname', T_('You must provide an URL collection name!'))) {
                    if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) {
                        param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "&laquo;{$blog_urlname}&raquo;"));
                        $blog_urlname = NULL;
                    }
                    if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*)
															FROM T_blogs
															WHERE blog_urlname = ' . $DB->quote($blog_urlname) . '
															AND blog_ID <> ' . $this->ID)) {
                        // urlname is already in use
                        param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another collection. Please choose another name.'), "&laquo;{$blog_urlname}&raquo;"));
                        $blog_urlname = NULL;
                    }
                    if (isset($blog_urlname)) {
                        // Set new urlname and save old media dir in order to rename folder to new
                        $old_media_dir = $this->get_media_dir(false);
                        $this->set_from_Request('urlname');
                    }
                }
            }
            if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) {
                // Blog URL parameters:
                // Note: We must avoid to set an invalid url, because the new blog url will be displayed in the evobar even if it was not saved
                $allow_new_access_type = true;
                if ($access_type == 'absolute') {
                    $blog_siteurl = param('blog_siteurl_absolute', 'string', true);
                    if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) {
                        // It looks like valid absolute URL, so we may update the blog siteurl
                        $this->set('siteurl', $blog_siteurl);
                    } else {
                        // It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors
                        $allow_new_access_type = false;
                        // If site url is not updated do not allow access_type update either
                        $Messages->add(T_('Collection Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '&laquo;' . htmlspecialchars($blog_siteurl) . '&raquo;') . '. ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error');
                    }
                } elseif ($access_type == 'relative') {
                    // relative siteurl
                    $blog_siteurl = param('blog_siteurl_relative', 'string', true);
                    if (preg_match('#^https?://#', $blog_siteurl)) {
                        $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error');
                    }
                    $this->set('siteurl', $blog_siteurl);
                } else {
                    $this->set('siteurl', '');
                }
                if ($allow_new_access_type) {
                    // The received siteurl value was correct, may update the access_type value
                    $this->set('access_type', $access_type);
                }
            }
            if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) {
                // Aggregate list: (can be '*')
                $aggregate_coll_IDs = get_param('aggregate_coll_IDs');
                if ($aggregate_coll_IDs != '*') {
                    // Sanitize the string
                    $aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs);
                }
                // fp> TODO: check perms on each aggregated blog (if changed)
                // fp> TODO: better interface
                if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) {
                    param_error('aggregate_coll_IDs', T_('Invalid aggregate collection ID list!'));
                }
                $this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs);
            }
            $media_location = param('blog_media_location', 'string', NULL);
            if ($media_location !== NULL) {
                // Media files location:
                $old_media_dir = $this->get_media_dir(false);
                $old_media_location = $this->get('media_location');
                $this->set_from_Request('media_location');
                $this->set_media_subdir(param('blog_media_subdir', 'string', ''));
                $this->set_media_fullpath(param('blog_media_fullpath', 'string', ''));
                $this->set_media_url(param('blog_media_url', 'string', ''));
                // check params
                switch ($this->get('media_location')) {
                    case 'custom':
                        // custom path and URL
                        global $demo_mode, $media_path;
                        if ($this->get('media_fullpath') == '') {
                            param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.'));
                        }
                        if (!preg_match('#^https?://#', $this->get('media_url'))) {
                            param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'));
                        }
                        if ($demo_mode) {
                            $canonical_fullpath = get_canonical_path($this->get('media_fullpath'));
                            if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) {
                                param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.');
                            }
                        }
                        break;
                    case 'subdir':
                        global $media_path;
                        if ($this->get('media_subdir') == '') {
                            param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.'));
                        } else {
                            // Test if it's below $media_path (subdir!)
                            $canonical_path = get_canonical_path($media_path . $this->get('media_subdir'));
                            if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) {
                                param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory &laquo;%s&raquo;.'), format_to_output($this->get('media_subdir'))));
                            } else {
                                // Validate if it's a valid directory name:
                                $subdir = no_trailing_slash(substr($canonical_path, strlen($media_path)));
                                if ($error = validate_dirname($subdir)) {
                                    param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error);
                                    syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $subdir . '</b>'), 'warning', 'file');
                                }
                            }
                        }
                        break;
                }
            }
            if (!param_errors_detected() && !empty($old_media_dir)) {
                // No error were detected before and possibly the media directory path was updated, check if it can be managed
                $this->check_media_dir_change($old_media_dir, isset($old_media_location) ? $old_media_location : NULL);
            }
        }
        return !param_errors_detected();
    }
示例#10
0
 /**
  * Load data from Request form fields.
  *
  * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set).
  *
  * @param boolean true if we are returning to edit mode (new, switchtab...)
  * @return boolean true if loaded data seems valid.
  */
 function load_from_Request($editing = false, $creating = false)
 {
     global $default_locale, $current_User, $localtimenow;
     global $posttypes_reserved_IDs, $item_typ_ID;
     // LOCALE:
     if (param('post_locale', 'string', NULL) !== NULL) {
         $this->set_from_Request('locale');
     }
     // TYPE:
     if (param('post_type', 'string', NULL) !== NULL) {
         // Set type ID from request type code, happens when e.g. we add an intro from manual skin by url: /blog6.php?disp=edit&cat=25&post_type=intro-cat
         $this->set('ptyp_ID', get_item_type_ID(get_param('post_type')));
     } elseif (param('item_typ_ID', 'integer', NULL) !== NULL) {
         // fp> when does this happen?
         // yura>fp: this happens on submit expert form
         $this->set_from_Request('ptyp_ID', 'item_typ_ID');
         if (in_array($item_typ_ID, $posttypes_reserved_IDs)) {
             param_error('item_typ_ID', T_('This post type is reserved and cannot be used. Please choose another one.'), '');
         }
     }
     // URL associated with Item:
     if (param('post_url', 'string', NULL) !== NULL) {
         param_check_url('post_url', 'posting', '');
         $this->set_from_Request('url');
     }
     if ($this->status == 'redirected' && empty($this->url)) {
         // Note: post_url is not part of the simple form, so this message can be a little bit awkward there
         param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)'));
     }
     // ISSUE DATE / TIMESTAMP:
     $this->load_Blog();
     if ($current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) {
         $this->set('dateset', param('item_dateset', 'integer', 0));
         if ($editing || $this->dateset == 1) {
             // We can use user date:
             if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) {
                 // only set it, if a (valid) date and time was given:
                 $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time')));
                 // TODO: cleanup...
             }
         } elseif ($this->dateset == 0) {
             // Set date to NOW:
             $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow));
         }
     }
     // DEADLINE:
     if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) {
         $this->set_from_Request('datedeadline', 'item_deadline', true);
     }
     // SLUG:
     if (param('post_urltitle', 'string', NULL) !== NULL) {
         $this->set_from_Request('urltitle');
     }
     // <title> TAG:
     if (param('titletag', 'string', NULL) !== NULL) {
         $this->set_from_Request('titletag', 'titletag');
     }
     // <meta> DESC:
     if (param('metadesc', 'string', NULL) !== NULL) {
         $this->set_setting('post_metadesc', get_param('metadesc'));
     }
     // <meta> KEYWORDS:
     if (param('custom_headers', 'string', NULL) !== NULL) {
         $this->set_setting('post_custom_headers', get_param('custom_headers'));
     }
     // TAGS:
     if (param('item_tags', 'string', NULL) !== NULL) {
         $this->set_tags_from_string(get_param('item_tags'));
         // pre_dump( $this->tags );
     }
     // WORKFLOW stuff:
     param('item_st_ID', 'integer', NULL);
     $this->set_from_Request('pst_ID', 'item_st_ID', true);
     param('item_assigned_user_ID', 'integer', NULL);
     $this->assign_to(get_param('item_assigned_user_ID'));
     param('item_priority', 'integer', NULL);
     $this->set_from_Request('priority', 'item_priority', true);
     // FEATURED checkbox:
     $this->set('featured', param('item_featured', 'integer', 0), false);
     // HIDE TEASER checkbox:
     $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0));
     // ORDER:
     param('item_order', 'double', NULL);
     $this->set_from_Request('order', 'item_order', true);
     // OWNER:
     $this->creator_user_login = param('item_owner_login', 'string', NULL);
     if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) {
         // only admins can change the owner..
         if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) {
             $this->set_creator_by_login($this->creator_user_login);
         }
     }
     // LOCATION COORDINATES:
     if ($this->Blog->get_setting('show_location_coordinates')) {
         // location coordinates are enabled, save map settings
         param('item_latitude', 'double', NULL);
         // get par value
         $this->set_setting('latitude', get_param('item_latitude'), true);
         param('item_longitude', 'double', NULL);
         // get par value
         $this->set_setting('longitude', get_param('item_longitude'), true);
         param('google_map_zoom', 'integer', NULL);
         // get par value
         $this->set_setting('map_zoom', get_param('google_map_zoom'), true);
         param('google_map_type', 'string', NULL);
         // get par value
         $this->set_setting('map_type', get_param('google_map_type'), true);
     }
     // CUSTOM FIELDS:
     foreach (array('double', 'varchar') as $type) {
         $field_count = $this->Blog->get_setting('count_custom_' . $type);
         for ($i = 1; $i <= $field_count; $i++) {
             // update each custom field
             $field_guid = $this->Blog->get_setting('custom_' . $type . $i);
             $param_name = 'item_' . $type . '_' . $field_guid;
             if (isset_param($param_name)) {
                 // param is set
                 $param_type = $type == 'varchar' ? 'string' : $type;
                 param($param_name, $param_type, NULL);
                 // get par value
                 $custom_field_make_null = $type != 'double';
                 // store '0' values in DB for numeric fields
                 $this->set_setting('custom_' . $type . '_' . $field_guid, get_param($param_name), $custom_field_make_null);
             }
         }
     }
     // COMMENTS:
     if ($this->Blog->get_setting('allow_comments') != 'never' && $this->Blog->get_setting('disable_comments_bypost')) {
         // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and disable_comments_bypost is enabled):
         $post_comment_status = param('post_comment_status', 'string', 'open');
         if (!empty($post_comment_status)) {
             // 'open' or 'closed' or ...
             $this->set_from_Request('comment_status');
         }
     }
     // EXPIRY DELAY:
     $expiry_delay = param_duration('expiry_delay');
     if (empty($expiry_delay)) {
         // Check if we have 'expiry_delay' param set as string from simple or mass form
         $expiry_delay = param('expiry_delay', 'string', NULL);
     }
     $this->set_setting('post_expiry_delay', $expiry_delay, true);
     // EXTRA PARAMS FROM MODULES:
     modules_call_method('update_item_settings', array('edited_Item' => $this));
     // RENDERERS:
     if (param('renderers_displayed', 'integer', 0)) {
         // use "renderers" value only if it has been displayed (may be empty)
         global $Plugins;
         $renderers = $Plugins->validate_renderer_list(param('renderers', 'array/string', array()), array('Item' => &$this));
         $this->set('renderers', $renderers);
     } else {
         $renderers = $this->get_renderers_validated();
     }
     // CONTENT + TITLE:
     if ($this->Blog->get_setting('allow_html_post')) {
         // HTML is allowed for this post, we'll accept HTML tags:
         $text_format = 'html';
     } else {
         // HTML is disallowed for this post, we'll encode all special chars:
         $text_format = 'htmlspecialchars';
     }
     if (param('content', $text_format, NULL) !== NULL) {
         // Never allow html content on post titles:  (fp> probably so as to not mess up backoffice and all sorts of tools)
         param('post_title', 'htmlspecialchars', NULL);
         // Do some optional filtering on the content
         // Typically stuff that will help the content to validate
         // Useful for code display.
         // Will probably be used for validation also.
         $Plugins_admin =& get_Plugins_admin();
         $params = array('object_type' => 'Item', 'object_Blog' => &$this->Blog);
         $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params);
         // Title checking:
         $require_title = $this->Blog->get_setting('require_title');
         if ((!$editing || $creating) && $require_title == 'required') {
             param_check_not_empty('post_title', T_('Please provide a title.'), '');
         }
         // Format raw HTML input to cleaned up and validated HTML:
         param_check_html('content', T_('Invalid content.'));
         $this->set('content', get_param('content'));
         $this->set('title', get_param('post_title'));
     }
     // EXCERPT: (must come after content (to handle excerpt_autogenerated))
     if (param('post_excerpt', 'text', NULL) !== NULL) {
         $this->set('excerpt_autogenerated', 0);
         // Set this to the '0' for saving a field 'excerpt' from a request
         $this->set_from_Request('excerpt');
     }
     // LOCATION (COUNTRY -> CITY):
     load_funcs('regional/model/_regional.funcs.php');
     if ($this->Blog->country_visible()) {
         // Save country
         $country_ID = param('item_ctry_ID', 'integer', 0);
         $country_is_required = $this->Blog->get_setting('location_country') == 'required' && countries_exist() && !$this->is_special();
         param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required);
         $this->set_from_Request('ctry_ID', 'item_ctry_ID', true);
     }
     if ($this->Blog->region_visible()) {
         // Save region
         $region_ID = param('item_rgn_ID', 'integer', 0);
         $region_is_required = $this->Blog->get_setting('location_region') == 'required' && regions_exist($country_ID) && !$this->is_special();
         param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required);
         $this->set_from_Request('rgn_ID', 'item_rgn_ID', true);
     }
     if ($this->Blog->subregion_visible()) {
         // Save subregion
         $subregion_ID = param('item_subrg_ID', 'integer', 0);
         $subregion_is_required = $this->Blog->get_setting('location_subregion') == 'required' && subregions_exist($region_ID) && !$this->is_special();
         param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required);
         $this->set_from_Request('subrg_ID', 'item_subrg_ID', true);
     }
     if ($this->Blog->city_visible()) {
         // Save city
         param('item_city_ID', 'integer', 0);
         $city_is_required = $this->Blog->get_setting('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID) && !$this->is_special();
         param_check_number('item_city_ID', T_('Please select a city'), $city_is_required);
         $this->set_from_Request('city_ID', 'item_city_ID', true);
     }
     return !param_errors_detected();
 }