示例#1
0
 function set_config($item, $value)
 {
     global $serendipity;
     serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options\n                               WHERE okey = 't_" . serendipity_db_escape_string($serendipity['template']) . "'\n                                 AND name = '" . serendipity_db_escape_string($item) . "'");
     serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (okey, name, value)\n                                   VALUES ('t_" . serendipity_db_escape_string($serendipity['template']) . "', '" . serendipity_db_escape_string($item) . "', '" . serendipity_db_escape_string($value) . "')");
     return true;
 }
 static function addEntryProperties($entryId, $supported_properties, &$properties, $deleteMissing = true)
 {
     global $serendipity;
     // Get existing data
     $property = serendipity_fetchEntryProperties($entryId);
     foreach ($supported_properties as $prop_key) {
         $prop_val = isset($properties[$prop_key]) ? $properties[$prop_key] : null;
         if (!$deleteMissing && empty($prop_val)) {
             continue;
         }
         // Don't clear data if not allowed.
         $q = '';
         if (!isset($property[$prop_key]) && !empty($prop_val)) {
             if ($prop_val != '#') {
                 $q = "INSERT INTO {$serendipity['dbPrefix']}entryproperties (entryid, property, value) VALUES (" . (int) $entryId . ", '" . serendipity_db_escape_string($prop_key) . "', '" . serendipity_db_escape_string($prop_val) . "')";
             }
         } elseif ($property[$prop_key] != $prop_val && !empty($prop_val)) {
             if ($prop_val == '#') {
                 $q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int) $entryId . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
             } else {
                 $q = "UPDATE {$serendipity['dbPrefix']}entryproperties SET value = '" . serendipity_db_escape_string($prop_val) . "' WHERE entryid = " . (int) $entryId . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
             }
         } elseif (empty($property[$prop_key])) {
             $q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int) $entryId . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
         }
         if (!empty($q)) {
             serendipity_db_query($q);
         }
     }
 }
示例#3
0
function staticpage_display($params, &$smarty)
{
    global $serendipity;
    if (empty($params['template'])) {
        $params['template'] = 'plugin_staticpage.tpl';
    }
    if (empty($params['pagevar'])) {
        $params['pagevar'] = 'staticpage_';
    }
    if (!empty($params['id'])) {
        $where = "id = '" . serendipity_db_escape_string($params['id']) . "'";
    } elseif (!empty($params['pagetitle'])) {
        $where = "pagetitle = '" . serendipity_db_escape_string($params['pagetitle']) . "'";
    } elseif (!empty($params['permalink'])) {
        $where = "permalink = '" . serendipity_db_escape_string($params['permalink']) . "'";
    } else {
        $smarty->trigger_error(__FUNCTION__ . ": missing 'id', 'permalink' or 'pagetitle' parameter");
        return;
    }
    if (!empty($params['authorid'])) {
        $where .= " AND authorid = " . (int) $params['authorid'];
    }
    if (empty($params['query'])) {
        $params['query'] = "SELECT *\n                              FROM {$serendipity['dbPrefix']}staticpages\n                             WHERE {$where}\n                             LIMIT 1";
    }
    $page = serendipity_db_query($params['query'], true, 'assoc');
    if (is_array($page)) {
        $old_staticpage = $serendipity['staticpage_plugin']->staticpage;
        $serendipity['staticpage_plugin']->staticpage =& $page;
        $serendipity['staticpage_plugin']->checkPage();
        echo $serendipity['staticpage_plugin']->parseStaticPage($params['pagevar'], $params['template']);
        $serendipity['staticpage_plugin']->staticpage = $old_staticpage;
        return;
    }
}
 function generate_content(&$title)
 {
     global $serendipity;
     $number = $this->get_config('number');
     $showpicsonly = $this->get_config('showpicsonly');
     if (!$number || !is_numeric($number) || $number < 1) {
         $number = 5;
     }
     $title = PLUGIN_PHOTOBLOG_TITLE;
     if (!isset($serendipity['GET']['id']) || !is_numeric($serendipity['GET']['id'])) {
         $number = $number * $number + 1;
         $entries = serendipity_db_query("SELECT id,\n                                                title,\n                                                timestamp\n                                           FROM {$serendipity['dbPrefix']}entries\n                                          WHERE isdraft = 'false'\n                                       ORDER BY timestamp DESC\n                                          LIMIT {$number}");
     } else {
         $id = serendipity_db_escape_string($serendipity['GET']['id']);
         $entries1 = serendipity_db_query("SELECT id,\n                                                title,\n                                                timestamp\n                                           FROM {$serendipity['dbPrefix']}entries\n                                          WHERE isdraft = 'false'\n                                            AND id > {$id}\n                                       ORDER BY timestamp ASC\n                                          LIMIT {$number}");
         $number++;
         $entries2 = serendipity_db_query("SELECT id,\n                                                title,\n                                                timestamp\n                                           FROM {$serendipity['dbPrefix']}entries\n                                          WHERE isdraft = 'false'\n                                            AND id <= {$id}\n                                       ORDER BY timestamp DESC\n                                          LIMIT {$number}");
         if (isset($entries1) && is_array($entries1) && isset($entries2) && is_array($entries2)) {
             $entries = array_merge(array_reverse($entries1), $entries2);
         } elseif (isset($entries1) && is_array($entries1)) {
             $entries = array_reverse($entries1);
         } elseif (isset($entries2) && is_array($entries2)) {
             $entries = $entries2;
         }
     }
     if (isset($entries) && is_array($entries)) {
         foreach ($entries as $k => $entry) {
             $entryLink = serendipity_archiveURL($entry['id'], $entry['title'], 'serendipityHTTPPath', true, array('timestamp' => $entry['timestamp']));
             $photo = $this->getPhoto($entry['id']);
             if ($showpicsonly == 'true' && isset($photo) || $showpicsonly != 'true') {
                 if (isset($photo)) {
                     $file = serendipity_fetchImageFromDatabase($photo['photoid']);
                     $imgsrc = $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $file['path'] . $file['name'] . '.' . $file['thumbnail_name'] . '.' . $file['extension'];
                     $thumbbasename = $file['path'] . $file['name'] . '.' . $file['thumbnail_name'] . '.' . $file['extension'];
                     $thumbName = $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $thumbbasename;
                     $thumbsize = @getimagesize($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $thumbbasename);
                 }
                 echo '<a href="' . $entryLink . '" title="' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($entry['title']) : htmlspecialchars($entry['title'], ENT_COMPAT, LANG_CHARSET)) . '">';
                 if (isset($photo)) {
                     echo '<img style="margin:5px;" src="' . $imgsrc . '" width=' . $thumbsize[0] . ' height=' . $thumbsize[1];
                     if (isset($id) && $id == $entry['id']) {
                         echo ' border=4';
                     }
                     echo ' />';
                 } else {
                     if (isset($id) && $id == $entry['id']) {
                         echo '<b>';
                     }
                     echo $entry['title'];
                     if (isset($id) && $id == $entry['id']) {
                         echo '</b>';
                     }
                 }
                 echo '</a><br />';
             }
         }
     }
 }
 static function countComments($email)
 {
     global $serendipity;
     if (empty($email)) {
         return 0;
     }
     $db_email = serendipity_db_escape_string($email);
     $q = "SELECT COUNT(*) AS commentcount FROM {$serendipity['dbPrefix']}comments WHERE email='{$db_email}'";
     $row = serendipity_db_query($q, true);
     return $row['commentcount'];
 }
 function showSearch()
 {
     global $serendipity;
     $this->setupDB();
     $term = serendipity_db_escape_string($serendipity['GET']['searchTerm']);
     if ($serendipity['dbType'] == 'postgres') {
         $group = '';
         $distinct = 'DISTINCT';
         $find_part = "(c.title ILIKE '%{$term}%' OR c.body ILIKE '%{$term}%')";
     } elseif ($serendipity['dbType'] == 'sqlite') {
         $group = 'GROUP BY id';
         $distinct = '';
         $term = serendipity_mb('strtolower', $term);
         $find_part = "(lower(c.title) LIKE '%{$term}%' OR lower(c.body) LIKE '%{$term}%')";
     } else {
         $group = 'GROUP BY id';
         $distinct = '';
         $term = str_replace('&quot;', '"', $term);
         if (preg_match('@["\\+\\-\\*~<>\\(\\)]+@', $term)) {
             $find_part = "MATCH(c.title,c.body) AGAINST('{$term}' IN BOOLEAN MODE)";
         } else {
             $find_part = "MATCH(c.title,c.body) AGAINST('{$term}')";
         }
     }
     $querystring = "SELECT c.title AS ctitle, c.body, c.author, c.entry_id, c.timestamp AS ctimestamp, c.url, c.type,\n                               e.id, e.title, e.timestamp\n                          FROM {$serendipity['dbPrefix']}comments AS c\n               LEFT OUTER JOIN {$serendipity['dbPrefix']}entries AS e\n                            ON e.id = c.entry_id\n                         WHERE c.status = 'approved'\n                           AND {$find_part}\n                               {$group}\n                      ORDER BY c.timestamp DESC";
     $results = serendipity_db_query($querystring, false, 'assoc');
     if (!is_array($results)) {
         if ($results !== 1 && $results !== true) {
             echo function_exists('serendipity_specialchars') ? serendipity_specialchars($results) : htmlspecialchars($results, ENT_COMPAT, LANG_CHARSET);
         }
         $results = array();
     }
     $myAddData = array("from" => "serendipity_plugin_commentsearch:generate_content");
     foreach ($results as $idx => $result) {
         $results[$idx]['permalink'] = serendipity_archiveURL($result['id'], $result['title'], 'baseURL', true, $result);
         $results[$idx]['comment'] = $result['body'];
         //(function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($result['body'])) : htmlspecialchars(strip_tags($result['body']), ENT_COMPAT, LANG_CHARSET));
         serendipity_plugin_api::hook_event('frontend_display', $results[$idx], $myAddData);
         // let the template decide, if we want to have tags or not
         $results[$idx]['commenthtml'] = $results[$idx]['comment'];
         $results[$idx]['comment'] = strip_tags($results[$idx]['comment']);
     }
     $serendipity['smarty']->assign(array('comment_searchresults' => count($results), 'comment_results' => $results));
     $filename = 'plugin_commentsearch_searchresults.tpl';
     $tfile = serendipity_getTemplateFile($filename, 'serendipityPath');
     if (!$tfile) {
         $tfile = dirname(__FILE__) . '/' . $filename;
     }
     $inclusion = $serendipity['smarty']->security_settings[INCLUDE_ANY];
     $serendipity['smarty']->security_settings[INCLUDE_ANY] = true;
     $content = $serendipity['smarty']->fetch('file:' . $tfile);
     $serendipity['smarty']->security_settings[INCLUDE_ANY] = $inclusion;
     echo $content;
 }
示例#7
0
 function export_items($table, $primary_key, $ref_key, $primary_key_value)
 {
     global $serendipity;
     $result = serendipity_db_Query("SELECT * FROM {$serendipity['dbPrefix']}{$table} WHERE {$ref_key} = {$primary_key_value}", false, 'assoc');
     foreach ($result as $row) {
         $row[$ref_key] = '@last';
         if ($primary_key !== null) {
             unset($row[$primary_key]);
         }
         foreach ($row as $key => $val) {
             if ($val != '@last') {
                 $row[$key] = "'" . serendipity_db_escape_string($val) . "'";
             }
         }
         echo "INSERT INTO {$serendipity['dbPrefix']}{$table} (" . implode(', ', array_keys($row)) . ") VALUES (" . implode(', ', $row) . ");\n";
     }
 }
示例#8
0
 function import()
 {
     global $serendipity;
     // Save this so we can return it to its original value at the end of this method.
     $noautodiscovery = isset($serendipity['noautodiscovery']) ? $serendipity['noautodiscovery'] : false;
     if ($this->data['autodiscovery'] == 'false') {
         $serendipity['noautodiscovery'] = 1;
     }
     $this->getTransTable();
     $this->data['prefix'] = serendipity_db_escape_string($this->data['prefix']);
     $users = array();
     $categories = array();
     $entries = array();
     if (!extension_loaded('pgsql')) {
         return PGSQL_REQUIRED;
     }
     $wpdb = pg_connect("{$this->data}['host'], {$this->data}['port'], {$this->data}['user'], {$this->data}['pass'], {$this->data}['name']");
     if (!$wpdb) {
         return sprintf(PGSQL_COULDNT_CONNECT, $this->data['pass']);
     }
     /* Users */
     $res = pg_query($wpdb, "SELECT ID, user_login, user_pass, user_email, user_level FROM {$this->data['prefix']}users;");
     if (!$res) {
         return sprintf(COULDNT_SELECT_USER_INFO, pg_last_error($wpdb));
     }
     for ($x = 0; $x < pg_num_rows($res); $x++) {
         $users[$x] = pg_fetch_assoc($res);
         $data = array('right_publish' => $users[$x]['user_level'] >= 1 ? 1 : 0, 'realname' => $users[$x]['user_login'], 'username' => $users[$x]['user_login'], 'password' => $users[$x]['user_pass']);
         // WP uses md5, too.
         if ($users[$x]['user_level'] <= 1) {
             $data['userlevel'] = USERLEVEL_EDITOR;
         } elseif ($users[$x]['user_level'] < 5) {
             $data['userlevel'] = USERLEVEL_CHIEF;
         } else {
             $data['userlevel'] = USERLEVEL_ADMIN;
         }
         if ($serendipity['serendipityUserlevel'] < $data['userlevel']) {
             $data['userlevel'] = $serendipity['serendipityUserlevel'];
         }
         serendipity_db_insert('authors', $this->strtrRecursive($data));
         $users[$x]['authorid'] = serendipity_db_insert_id('authors', 'authorid');
     }
     /* Categories */
     $res = @pg_query($wpdb, "SELECT cat_ID, cat_name, category_description, category_parent FROM {$this->data['prefix']}categories ORDER BY category_parent, cat_ID;");
     if (!$res) {
         return sprintf(COULDNT_SELECT_CATEGORY_INFO, pg_last_error($wpdb));
     }
     // Get all the info we need
     for ($x = 0; $x < pg_num_rows($res); $x++) {
         $categories[] = pg_fetch_assoc($res);
     }
     // Insert all categories as top level (we need to know everyone's ID before we can represent the hierarchy).
     for ($x = 0; $x < sizeof($categories); $x++) {
         $cat = array('category_name' => $categories[$x]['cat_name'], 'category_description' => $categories[$x]['category_description'], 'parentid' => 0, 'category_left' => 0, 'category_right' => 0);
         serendipity_db_insert('category', $this->strtrRecursive($cat));
         $categories[$x]['categoryid'] = serendipity_db_insert_id('category', 'categoryid');
     }
     // There has to be a more efficient way of doing this...
     foreach ($categories as $cat) {
         if ($cat['category_parent'] != 0) {
             // Find the parent
             $par_id = 0;
             foreach ($categories as $possible_par) {
                 if ($possible_par['cat_ID'] == $cat['category_parent']) {
                     $par_id = $possible_par['categoryid'];
                     break;
                 }
             }
             if ($par_id != 0) {
                 serendipity_db_query("UPDATE {$serendipity['dbPrefix']}category SET parentid={$par_id} WHERE categoryid={$cat['categoryid']};");
             }
             // else { echo "D'oh! " . random_string_of_profanity(); }
         }
     }
     serendipity_rebuildCategoryTree();
     /* Entries */
     $res = @pg_query($wpdb, "SELECT * FROM {$this->data['prefix']}posts ORDER BY post_date;");
     if (!$res) {
         return sprintf(COULDNT_SELECT_ENTRY_INFO, pg_last_error($wpdb));
     }
     for ($x = 0; $x < pg_num_rows($res); $x++) {
         $entries[$x] = pg_fetch_assoc($res);
         $entry = array('title' => $this->decode($entries[$x]['post_title']), 'isdraft' => $entries[$x]['post_status'] == 'publish' ? 'false' : 'true', 'allow_comments' => $entries[$x]['comment_status'] == 'open' ? 'true' : 'false', 'timestamp' => strtotime($entries[$x]['post_date']), 'body' => $this->strtr($entries[$x]['post_content']));
         foreach ($users as $user) {
             if ($user['ID'] == $entries[$x]['post_author']) {
                 $entry['authorid'] = $user['authorid'];
                 break;
             }
         }
         if (!is_int($entries[$x]['entryid'] = serendipity_updertEntry($entry))) {
             return $entries[$x]['entryid'];
         }
     }
     /* Entry/category */
     $res = @pg_query($wpdb, "SELECT * FROM {$this->data['prefix']}post2cat;");
     if (!$res) {
         return sprintf(COULDNT_SELECT_ENTRY_INFO, pg_last_error($wpdb));
     }
     while ($a = pg_fetch_assoc($res)) {
         foreach ($categories as $category) {
             if ($category['cat_ID'] == $a['category_id']) {
                 foreach ($entries as $entry) {
                     if ($a['post_id'] == $entry['ID']) {
                         $data = array('entryid' => $entry['entryid'], 'categoryid' => $category['categoryid']);
                         serendipity_db_insert('entrycat', $this->strtrRecursive($data));
                         break;
                     }
                 }
                 break;
             }
         }
     }
     /* Comments */
     $res = @pg_query($wpdb, "SELECT * FROM {$this->data['prefix']}comments;");
     if (!$res) {
         return sprintf(COULDNT_SELECT_COMMENT_INFO, pg_last_error($wpdb));
     }
     while ($a = pg_fetch_assoc($res)) {
         foreach ($entries as $entry) {
             if ($entry['ID'] == $a['comment_post_ID']) {
                 $comment = array('entry_id ' => $entry['entryid'], 'parent_id' => 0, 'timestamp' => strtotime($a['comment_date']), 'author' => $a['comment_author'], 'email' => $a['comment_author_email'], 'url' => $a['comment_author_url'], 'ip' => $a['comment_author_IP'], 'status' => empty($a['comment_approved']) || $a['comment_approved'] == '1' ? 'approved' : 'pending', 'subscribed' => 'false', 'body' => $a['comment_content'], 'type' => 'NORMAL');
                 serendipity_db_insert('comments', $this->strtrRecursive($comment));
                 if ($comment['status'] == 'approved') {
                     $cid = serendipity_db_insert_id('comments', 'id');
                     serendipity_approveComment($cid, $entry['entryid'], true);
                 }
             }
         }
     }
     $serendipity['noautodiscovery'] = $noautodiscovery;
     // That was fun.
     return true;
 }
示例#9
0
/**
 * Operates on an array to prepare it for SQL usage.
 *
 * @access public
 * @param   string Concatenation character
 * @param   array  Input array
 * @param   string How to convert (int: Only numbers, string: serendipity_db_escape_String)
 * @return  string Imploded string
 */
function serendipity_db_implode($string, &$array, $type = 'int')
{
    $new_array = array();
    if (!is_array($array)) {
        return '';
    }
    foreach ($array as $idx => $key) {
        if ($type == 'int') {
            $new_array[$idx] = (int) $key;
        } else {
            $new_array[$idx] = serendipity_db_escape_string($key);
        }
    }
    $string = implode($string, $new_array);
    return $string;
}
 function generate_content(&$title)
 {
     global $serendipity;
     $title = $this->get_config('title', $this->title);
     $max_entries = $this->get_config('max_entries');
     $max_chars = $this->get_config('max_chars');
     $wordwrap = $this->get_config('wordwrap');
     $dateformat = $this->get_config('dateformat');
     if (!$max_entries || !is_numeric($max_entries) || $max_entries < 1) {
         $max_entries = 15;
     }
     if (!$max_chars || !is_numeric($max_chars) || $max_chars < 1) {
         $max_chars = 120;
     }
     if (!$wordwrap || !is_numeric($wordwrap) || $wordwrap < 1) {
         $wordwrap = 30;
     }
     if (!$dateformat || strlen($dateformat) < 1) {
         $dateformat = '%a, %d.%m.%Y %H:%M';
     }
     $viewtype = '';
     if ($this->get_config('viewmode') == 'comments') {
         $viewtype .= ' AND co.type = \'NORMAL\'';
     } elseif ($this->get_config('viewmode') == 'trackbacks') {
         $viewtype .= ' AND (co.type = \'TRACKBACK\' OR co.type = \'PINGBACK\')';
     }
     $cond = array();
     $cond['and'] = ' AND e.isdraft = \'false\' ';
     if ($this->get_config('authorid') == 'login') {
         serendipity_ACL_SQL($cond, true);
         serendipity_plugin_api::hook_event('frontend_fetchentries', $cond, array('source' => 'entries'));
     }
     $q = 'SELECT    co.body              AS comment,
                     co.timestamp         AS stamp,
                     co.author            AS user,
                     e.title              AS subject,
                     e.timestamp          AS entrystamp,
                     e.id                 AS entry_id,
                     co.id                AS comment_id,
                     co.type              AS comment_type,
                     co.url               AS comment_url,
                     co.title             AS comment_title,
                     co.email             AS comment_email
             FROM    ' . $serendipity['dbPrefix'] . 'comments AS co,
                     ' . $serendipity['dbPrefix'] . 'entries  AS e
                     ' . $cond['joins'] . '
            WHERE    e.id = co.entry_id
              AND    NOT (co.type = \'TRACKBACK\' AND co.author = \'' . serendipity_db_escape_string($serendipity['blogTitle']) . '\' AND co.title != \'\')
              AND    co.status = \'approved\'
                     ' . $viewtype . '
                     ' . $cond['and'] . '
         ORDER BY    co.timestamp DESC
         LIMIT ' . $max_entries;
     $sql = serendipity_db_query($q);
     // echo $q;
     if ($sql && is_array($sql)) {
         foreach ($sql as $key => $row) {
             if (function_exists('mb_strimwidth')) {
                 $comment = mb_strimwidth(strip_tags($row['comment']), 0, $max_chars, " [...]", LANG_CHARSET);
             } else {
                 $comments = wordwrap(strip_tags($row['comment']), $max_chars, '@@@', 1);
                 $aComment = explode('@@@', $comments);
                 $comment = $aComment[0];
                 if (count($aComment) > 1) {
                     $comment .= ' [...]';
                 }
             }
             $showurls = $this->get_config('showurls', 'trackbacks');
             $isTrackBack = $row['comment_type'] == 'TRACKBACK' || $row['comment_type'] == 'PINGBACK';
             if ($row['comment_url'] != '' && ($isTrackBack && ($showurls == 'trackbacks' || $showurls == 'all') || !$isTrackBack && ($showurls == 'comments' || $showurls == 'all'))) {
                 /* Fix invalid cases in protocoll part */
                 $row['comment_url'] = preg_replace('@^http://@i', 'http://', $row['comment_url']);
                 $row['comment_url'] = preg_replace('@^https://@i', 'https://', $row['comment_url']);
                 if (substr($row['comment_url'], 0, 7) != 'http://' && substr($row['comment_url'], 0, 8) != 'https://') {
                     $row['comment_url'] = 'http://' . $row['comment_url'];
                 }
                 $user = '******' . htmlspecialchars(strip_tags($row['comment_url'])) . '" title="' . htmlspecialchars(strip_tags($row['comment_title'])) . '">' . htmlspecialchars(strip_tags($row['user'])) . '</a>';
             } else {
                 $user = htmlspecialchars(strip_tags($row['user']));
             }
             $user = trim($user);
             if (empty($user)) {
                 $user = PLUGIN_COMMENTS_ANONYMOUS;
             }
             if (function_exists('mb_strimwidth')) {
                 $pos = 0;
                 $parts = array();
                 $enc = LANG_CHARSET;
                 $comment_len = mb_strlen($comment, $enc);
                 while ($pos < $comment_len) {
                     $part = mb_strimwidth($comment, $pos, $wordwrap, '', $enc);
                     $pos += mb_strlen($part, $enc);
                     $parts[] = $part;
                 }
                 $comment = implode("\n", $parts);
             } else {
                 $comment = wordwrap($comment, $wordwrap, "\n", 1);
             }
             $entry = array('comment' => $comment, 'email' => $row['comment_email'], 'url' => $row['comment_url'], 'author' => $row['user']);
             // Let's help the BBCOde plugin a bit:
             if (class_exists('serendipity_event_bbcode')) {
                 $entry['comment'] = preg_replace('@((\\[.*)[\\n\\r]+(.*\\]))+@imsU', '\\2\\3', $entry['comment']);
                 $entry['comment'] = preg_replace('@((\\[.+\\].*)[\\r\\n]+(.*\\[/.+\\]))+@imsU', '\\2\\3', $entry['comment']);
             }
             $addData = array('from' => 'serendipity_plugin_comments:generate_content');
             serendipity_plugin_api::hook_event('frontend_display', $entry, $addData);
             printf('<div class="plugin_comment_wrap">' . PLUGIN_COMMENTS_ABOUT . '</div>', '<div class="plugin_comment_subject"><span class="plugin_comment_author">' . $user . '</span>', ' <a class="highlight" href="' . serendipity_archiveURL($row['entry_id'], $row['subject'], 'baseURL', true, array('timestamp' => $row['entrystamp'])) . '#c' . $row['comment_id'] . '" title="' . htmlspecialchars($row['subject']) . '">' . htmlspecialchars($row['subject']) . '</a></div>' . "\n" . '<div class="plugin_comment_date">' . htmlspecialchars(serendipity_strftime($dateformat, $row['stamp'])) . '</div>' . "\n" . '<div class="plugin_comment_body">' . strip_tags($entry['comment'], '<br /><img><a>') . '</div>' . "\n\n");
         }
     }
 }
示例#11
0
/**
 * Shows the entry panel overview
 *
 * Shows a list of existing entries, with pagination and cookie-remember settings.
 *
 * @access public
 * @return null
 */
function serendipity_drawList()
{
    global $serendipity, $sort_order, $per_page;
    $filter_import = array('author', 'category', 'isdraft');
    $sort_import = array('perPage', 'ordermode', 'order');
    foreach ($filter_import as $f_import) {
        serendipity_restoreVar($serendipity['COOKIE']['entrylist_filter_' . $f_import], $serendipity['GET']['filter'][$f_import]);
        serendipity_JSsetCookie('entrylist_filter_' . $f_import, $serendipity['GET']['filter'][$f_import]);
    }
    foreach ($sort_import as $s_import) {
        serendipity_restoreVar($serendipity['COOKIE']['entrylist_sort_' . $s_import], $serendipity['GET']['sort'][$s_import]);
        serendipity_JSsetCookie('entrylist_sort_' . $s_import, $serendipity['GET']['sort'][$s_import]);
    }
    $perPage = !empty($serendipity['GET']['sort']['perPage']) ? $serendipity['GET']['sort']['perPage'] : $per_page[0];
    $page = (int) $serendipity['GET']['page'];
    $offSet = $perPage * $page;
    if (empty($serendipity['GET']['sort']['ordermode']) || $serendipity['GET']['sort']['ordermode'] != 'ASC') {
        $serendipity['GET']['sort']['ordermode'] = 'DESC';
    }
    if (!empty($serendipity['GET']['sort']['order']) && !empty($sort_order[$serendipity['GET']['sort']['order']])) {
        $orderby = serendipity_db_escape_string($serendipity['GET']['sort']['order'] . ' ' . $serendipity['GET']['sort']['ordermode']);
    } else {
        $orderby = 'timestamp ' . serendipity_db_escape_string($serendipity['GET']['sort']['ordermode']);
    }
    $filter = array();
    if (!empty($serendipity['GET']['filter']['author'])) {
        $filter[] = "e.authorid = '" . serendipity_db_escape_string($serendipity['GET']['filter']['author']) . "'";
    }
    if (!empty($serendipity['GET']['filter']['category'])) {
        $filter[] = "ec.categoryid = '" . serendipity_db_escape_string($serendipity['GET']['filter']['category']) . "'";
    }
    if (!empty($serendipity['GET']['filter']['isdraft'])) {
        if ($serendipity['GET']['filter']['isdraft'] == 'draft') {
            $filter[] = "e.isdraft = 'true'";
        } elseif ($serendipity['GET']['filter']['isdraft'] == 'publish') {
            $filter[] = "e.isdraft = 'false'";
        }
    }
    if (!empty($serendipity['GET']['filter']['body'])) {
        if ($serendipity['dbType'] == 'mysql') {
            $filter[] = "MATCH (title,body,extended) AGAINST ('" . serendipity_db_escape_string($serendipity['GET']['filter']['body']) . "')";
            $full = true;
        }
    }
    $filter_sql = implode(' AND ', $filter);
    // Fetch the entries
    $entries = serendipity_fetchEntries(false, false, serendipity_db_limit($offSet, $perPage + 1), true, false, $orderby, $filter_sql);
    ?>
<div class="serendipity_admin_list">
<form action="?" method="get">
    <input type="hidden" name="serendipity[action]"      value="admin"      />
    <input type="hidden" name="serendipity[adminModule]" value="entries"    />
    <input type="hidden" name="serendipity[adminAction]" value="editSelect" />
    <table width="100%" class="serendipity_admin_filters">
        <tr>
            <td class="serendipity_admin_filters_headline" colspan="6"><strong><?php 
    echo FILTERS;
    ?>
</strong> - <?php 
    echo FIND_ENTRIES;
    ?>
</td>
        </tr>
        <tr>
            <td valign="top" width="80"><?php 
    echo AUTHOR;
    ?>
</td>
            <td valign="top">
                <select name="serendipity[filter][author]">
                    <option value="">--</option>
<?php 
    $users = serendipity_fetchUsers('', null, true);
    if (is_array($users)) {
        foreach ($users as $user) {
            if (isset($user['artcount']) && $user['artcount'] < 1) {
                continue;
            }
            echo '<option value="' . $user['authorid'] . '" ' . (isset($serendipity['GET']['filter']['author']) && $serendipity['GET']['filter']['author'] == $user['authorid'] ? 'selected="selected"' : '') . '>' . htmlspecialchars($user['realname']) . '</option>' . "\n";
        }
    }
    ?>
              </select> <select name="serendipity[filter][isdraft]">
                    <option value="all"><?php 
    echo COMMENTS_FILTER_ALL;
    ?>
</option>
                    <option value="draft"   <?php 
    echo isset($serendipity['GET']['filter']['isdraft']) && $serendipity['GET']['filter']['isdraft'] == 'draft' ? 'selected="selected"' : '';
    ?>
><?php 
    echo DRAFT;
    ?>
</option>
                    <option value="publish" <?php 
    echo isset($serendipity['GET']['filter']['isdraft']) && $serendipity['GET']['filter']['isdraft'] == 'publish' ? 'selected="selected"' : '';
    ?>
><?php 
    echo PUBLISH;
    ?>
</option>
                </select>
            </td>
            <td valign="top" width="80"><?php 
    echo CATEGORY;
    ?>
</td>
            <td valign="top">
                <select name="serendipity[filter][category]">
                    <option value="">--</option>
<?php 
    $categories = serendipity_fetchCategories();
    $categories = serendipity_walkRecursive($categories, 'categoryid', 'parentid', VIEWMODE_THREADED);
    foreach ($categories as $cat) {
        echo '<option value="' . $cat['categoryid'] . '"' . ($serendipity['GET']['filter']['category'] == $cat['categoryid'] ? ' selected="selected"' : '') . '>' . str_repeat('&nbsp;', $cat['depth']) . htmlspecialchars($cat['category_name']) . '</option>' . "\n";
    }
    ?>
              </select>
            </td>
            <td valign="top" width="80"><?php 
    echo CONTENT;
    ?>
</td>
            <td valign="top"><input class="input_textbox" size="10" type="text" name="serendipity[filter][body]" value="<?php 
    echo isset($serendipity['GET']['filter']['body']) ? htmlspecialchars($serendipity['GET']['filter']['body']) : '';
    ?>
" /></td>
        </tr>
        <tr>
            <td class="serendipity_admin_filters_headline" colspan="6"><strong><?php 
    echo SORT_ORDER;
    ?>
</strong></td>
        </tr>
        <tr>
            <td>
                <?php 
    echo SORT_BY;
    ?>
            </td>
            <td>
                <select name="serendipity[sort][order]">
<?php 
    foreach ($sort_order as $so_key => $so_val) {
        echo '<option value="' . $so_key . '" ' . (isset($serendipity['GET']['sort']['order']) && $serendipity['GET']['sort']['order'] == $so_key ? 'selected="selected"' : '') . '>' . $so_val . '</option>' . "\n";
    }
    ?>
              </select>
            </td>
            <td><?php 
    echo SORT_ORDER;
    ?>
</td>
            <td>
                <select name="serendipity[sort][ordermode]">
                    <option value="DESC" <?php 
    echo isset($serendipity['GET']['sort']['ordermode']) && $serendipity['GET']['sort']['ordermode'] == 'DESC' ? 'selected="selected"' : '';
    ?>
><?php 
    echo SORT_ORDER_DESC;
    ?>
</option>
                    <option value="ASC" <?php 
    echo isset($serendipity['GET']['sort']['ordermode']) && $serendipity['GET']['sort']['ordermode'] == 'ASC' ? 'selected="selected"' : '';
    ?>
><?php 
    echo SORT_ORDER_ASC;
    ?>
</option>
                </select>
            </td>
            <td><?php 
    echo ENTRIES_PER_PAGE;
    ?>
</td>
            <td>
                <select name="serendipity[sort][perPage]">
<?php 
    foreach ($per_page as $per_page_nr) {
        echo '<option value="' . $per_page_nr . '"   ' . (isset($serendipity['GET']['sort']['perPage']) && $serendipity['GET']['sort']['perPage'] == $per_page_nr ? 'selected="selected"' : '') . '>' . $per_page_nr . '</option>' . "\n";
    }
    ?>
                </select>
            </td>
        </tr>
        <tr>
            <td align="right" colspan="6"><input type="submit" name="go" value="<?php 
    echo GO;
    ?>
" class="serendipityPrettyButton input_button" /></td>
        </tr>
    </table>
    </form>

    <table class="serendipity_admin_list" cellpadding="5" width="100%">
<?php 
    if (is_array($entries)) {
        $count = count($entries);
        $qString = '?serendipity[adminModule]=entries&amp;serendipity[adminAction]=editSelect';
        foreach ((array) $serendipity['GET']['sort'] as $k => $v) {
            $qString .= '&amp;serendipity[sort][' . $k . ']=' . $v;
        }
        foreach ((array) $serendipity['GET']['filter'] as $k => $v) {
            $qString .= '&amp;serendipity[filter][' . $k . ']=' . $v;
        }
        $linkPrevious = $qString . '&amp;serendipity[page]=' . ($page - 1);
        $linkNext = $qString . '&amp;serendipity[page]=' . ($page + 1);
        ?>
        <tr>
            <td>
                <?php 
        if ($offSet > 0) {
            ?>
                    <a href="<?php 
            echo $linkPrevious;
            ?>
" class="serendipityIconLink"><img src="<?php 
            echo serendipity_getTemplateFile('admin/img/previous.png');
            ?>
" /><?php 
            echo PREVIOUS;
            ?>
</a>
                <?php 
        }
        ?>
            </td>
            <td align="right">
                <?php 
        if ($count > $perPage) {
            ?>
                    <a href="<?php 
            echo $linkNext;
            ?>
" class="serendipityIconLinkRight"><?php 
            echo NEXT;
            ?>
<img src="<?php 
            echo serendipity_getTemplateFile('admin/img/next.png');
            ?>
" /></a>
                <?php 
        }
        ?>
            </td>
        </tr>
    </table>
    <script type="text/javascript">
    function invertSelection() {
        var f = document.formMultiDelete;
        for (var i = 0; i < f.elements.length; i++) {
            if (f.elements[i].type == 'checkbox') {
                f.elements[i].checked = !(f.elements[i].checked);
            }
        }
    }
    </script>
    <form action="?" method="post" name="formMultiDelete" id="formMultiDelete">
        <?php 
        echo serendipity_setFormToken();
        ?>
        <input type="hidden" name="serendipity[action]" value="admin" />
        <input type="hidden" name="serendipity[adminModule]" value="entries" />
        <input type="hidden" name="serendipity[adminAction]" value="multidelete" />
<?php 
        // Print the entries
        $rows = 0;
        foreach ($entries as $entry) {
            $rows++;
            if ($rows > $perPage) {
                continue;
            }
            // Find out if the entry has been modified later than 30 minutes after creation
            if ($entry['timestamp'] <= $entry['last_modified'] - 60 * 30) {
                $lm = '<a href="#" title="' . LAST_UPDATED . ': ' . serendipity_formatTime(DATE_FORMAT_SHORT, $entry['last_modified']) . '" onclick="alert(this.title)"><img src="' . serendipity_getTemplateFile('admin/img/clock.png') . '" alt="*" style="border: 0px none ; vertical-align: bottom;" /></a>';
            } else {
                $lm = '';
            }
            if (!$serendipity['showFutureEntries'] && $entry['timestamp'] >= serendipity_serverOffsetHour()) {
                $entry_pre = '<a href="#" title="' . ENTRY_PUBLISHED_FUTURE . '" onclick="alert(this.title)"><img src="' . serendipity_getTemplateFile('admin/img/clock_future.png') . '" alt="*" style="border: 0px none ; vertical-align: bottom;" /></a> ';
            } else {
                $entry_pre = '';
            }
            if (serendipity_db_bool($entry['properties']['ep_is_sticky'])) {
                $entry_pre .= ' ' . STICKY_POSTINGS . ': ';
            }
            if (serendipity_db_bool($entry['isdraft'])) {
                $entry_pre .= ' ' . DRAFT . ': ';
            }
            ?>
<!--            <div class="serendipity_admin_list_item serendipity_admin_list_item_<?php 
            echo $rows % 2 ? 'even' : 'uneven';
            ?>
"> -->
            <div class="serendipity_admin_list_item serendipity_admin_list_item_<?php 
            echo $rows % 2 ? 'even' : 'uneven';
            ?>
">

                <table width="100%" cellspacing="0" cellpadding="3">
                    <tr>
                        <td>
                            <strong><?php 
            echo $entry_pre;
            ?>
<a href="?serendipity[action]=admin&amp;serendipity[adminModule]=entries&amp;serendipity[adminAction]=edit&amp;serendipity[id]=<?php 
            echo $entry['id'];
            ?>
" title="#<?php 
            echo $entry['id'];
            ?>
"><?php 
            echo serendipity_truncateString(htmlspecialchars($entry['title']), 50);
            ?>
</a></strong>
                        </td>
                        <td align="right">
                            <?php 
            echo serendipity_formatTime(DATE_FORMAT_SHORT, $entry['timestamp']) . ' ' . $lm;
            ?>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <?php 
            echo POSTED_BY . ' ' . htmlspecialchars($entry['author']);
            if (count($entry['categories'])) {
                echo ' ' . IN . ' ';
                $cats = array();
                foreach ($entry['categories'] as $cat) {
                    $caturl = serendipity_categoryURL($cat);
                    $cats[] = '<a href="' . $caturl . '">' . htmlspecialchars($cat['category_name']) . '</a>';
                }
                echo implode(', ', $cats);
            }
            $entry['link'] = serendipity_archiveURL($entry['id'], $entry['title'], 'serendipityHTTPPath', true, array('timestamp' => $entry['timestamp']));
            $entry['preview_link'] = '?serendipity[noBanner]=true&amp;serendipity[noSidebar]=true&amp;serendipity[action]=admin&amp;serendipity[adminModule]=entries&amp;serendipity[adminAction]=preview&amp;serendipity[id]=' . $entry['id'];
            ?>

                        </td>
                        <td align="right">
                            <?php 
            if (serendipity_db_bool($entry['isdraft']) || !$serendipity['showFutureEntries'] && $entry['timestamp'] >= serendipity_serverOffsetHour()) {
                ?>
                            <a target="_blank" href="<?php 
                echo $entry['preview_link'];
                ?>
" title="<?php 
                echo PREVIEW . ' #' . $entry['id'];
                ?>
" class="serendipityIconLink"><img src="<?php 
                echo serendipity_getTemplateFile('admin/img/zoom.png');
                ?>
" alt="<?php 
                echo PREVIEW;
                ?>
" /><?php 
                echo PREVIEW;
                ?>
</a>
                            <?php 
            } else {
                ?>
                            <a target="_blank" href="<?php 
                echo $entry['link'];
                ?>
" title="<?php 
                echo VIEW . ' #' . $entry['id'];
                ?>
" class="serendipityIconLink"><img src="<?php 
                echo serendipity_getTemplateFile('admin/img/zoom.png');
                ?>
" alt="<?php 
                echo VIEW;
                ?>
" /><?php 
                echo VIEW;
                ?>
</a>
                            <?php 
            }
            ?>
                            <a href="?serendipity[action]=admin&amp;serendipity[adminModule]=entries&amp;serendipity[adminAction]=edit&amp;serendipity[id]=<?php 
            echo $entry['id'];
            ?>
" title="<?php 
            echo EDIT . ' #' . $entry['id'];
            ?>
" class="serendipityIconLink"><img src="<?php 
            echo serendipity_getTemplateFile('admin/img/edit.png');
            ?>
" alt="<?php 
            echo EDIT;
            ?>
" /><?php 
            echo EDIT;
            ?>
</a>
                            <a href="?<?php 
            echo serendipity_setFormToken('url');
            ?>
&amp;serendipity[action]=admin&amp;serendipity[adminModule]=entries&amp;serendipity[adminAction]=delete&amp;serendipity[id]=<?php 
            echo $entry['id'];
            ?>
" title="<?php 
            echo DELETE . ' #' . $entry['id'];
            ?>
" class="serendipityIconLink"><img src="<?php 
            echo serendipity_getTemplateFile('admin/img/delete.png');
            ?>
" alt="<?php 
            echo DELETE;
            ?>
" /><?php 
            echo DELETE;
            ?>
</a>
                            <input class="input_checkbox" type="checkbox" name="serendipity[multiDelete][]" value="<?php 
            echo $entry['id'];
            ?>
" />
                        </td>
                    </tr>
                </table>
            </div>
<?php 
        }
        // end entries output
        ?>
        <table class="serendipity_admin_list" cellpadding="5" width="100%">
            <tr>
                <td>
                    <?php 
        if ($offSet > 0) {
            ?>
                        <a href="<?php 
            echo $linkPrevious;
            ?>
" class="serendipityIconLink"><img src="<?php 
            echo serendipity_getTemplateFile('admin/img/previous.png');
            ?>
" /><?php 
            echo PREVIOUS;
            ?>
</a>
                    <?php 
        }
        ?>
                </td>
                <td align="right">
                    <?php 
        if ($count > $perPage) {
            ?>
                        <a href="<?php 
            echo $linkNext;
            ?>
" class="serendipityIconLinkRight"><?php 
            echo NEXT;
            ?>
<img src="<?php 
            echo serendipity_getTemplateFile('admin/img/next.png');
            ?>
" /></a>
                    <?php 
        }
        ?>
                </td>
            </tr>
        </table>

        <table class="serendipity_admin_list" cellpadding="0" width="100%">
            <tr>
                <td align="right">
                    <input type="button" name="toggle" value="<?php 
        echo INVERT_SELECTIONS;
        ?>
" onclick="invertSelection()" class="serendipityPrettyButton input_button" />
                    <input type="submit" name="toggle" value="<?php 
        echo DELETE_SELECTED_ENTRIES;
        ?>
" class="serendipityPrettyButton input_button" />
                </td>
            </tr>
        </table>
        </form>

        <div class="serendipity_admin_list_item serendipity_admin_list_item_<?php 
        echo ($rows + 1) % 2 ? 'even' : 'uneven';
        ?>
">
            <table width="100%" cellspacing="0" cellpadding="3">
                    <tr>
                        <td>
                            <form action="?" method="get">
                                <input type="hidden" name="serendipity[action]"      value="admin"      />
                                <input type="hidden" name="serendipity[adminModule]" value="entries"    />
                                <input type="hidden" name="serendipity[adminAction]" value="editSelect" />
                            <?php 
        echo EDIT_ENTRY;
        ?>
: #<input class="input_textbox" type="text" size="3" name="serendipity[id]" /> <input type="submit" name="serendipity[editSubmit]" value="<?php 
        echo GO;
        ?>
" class="serendipityPrettyButton input_button" />
                            </form>
                        </td>
                    </tr>
            </table>
        </div>
 <?php 
    } else {
        // We've got nothing
        ?>
        <tr>
            <td align="center" class="serendipityAdminMsgNote">
                <img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="<?php 
        echo serendipity_getTemplateFile('admin/img/admin_msg_note.png');
        ?>
" alt="" />
                <?php 
        echo NO_ENTRIES_TO_PRINT;
        ?>
            </td>
        </tr>
    </table>
<?php 
    }
    ?>
</div>
<?php 
}
 function log($logfile, $id, $switch, $reason, $comment)
 {
     global $serendipity;
     $method = $this->get_config('logtype');
     switch ($method) {
         case 'file':
             if (empty($logfile)) {
                 return;
             }
             if (strpos($logfile, '%') !== false) {
                 $logfile = strftime($logfile);
             }
             $fp = @fopen($logfile, 'a+');
             if (!is_resource($fp)) {
                 return;
             }
             fwrite($fp, sprintf('[%s] - [%s: %s] - [#%s, Name "%s", E-Mail "%s", URL "%s", User-Agent "%s", IP %s] - [%s]' . "\n", date('Y-m-d H:i:s', serendipity_serverOffsetHour()), $switch, $reason, $id, str_replace("\n", ' ', $comment['name']), str_replace("\n", ' ', $comment['email']), str_replace("\n", ' ', $comment['url']), str_replace("\n", ' ', $_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'], str_replace("\n", ' ', $comment['comment'])));
             fclose($fp);
             break;
         case 'none':
             return;
             break;
         case 'db':
         default:
             $q = sprintf("INSERT INTO {$serendipity['dbPrefix']}spamblocklog\n                                          (timestamp, type, reason, entry_id, author, email, url,  useragent, ip,   referer, body)\n                                   VALUES (%d,        '%s',  '%s',  '%s',     '%s',   '%s',  '%s', '%s',      '%s', '%s',    '%s')", serendipity_serverOffsetHour(), serendipity_db_escape_string($switch), serendipity_db_escape_string($reason), serendipity_db_escape_string($id), serendipity_db_escape_string($comment['name']), serendipity_db_escape_string($comment['email']), serendipity_db_escape_string($comment['url']), substr(serendipity_db_escape_string($_SERVER['HTTP_USER_AGENT']), 0, 255), serendipity_db_escape_string($_SERVER['REMOTE_ADDR']), substr(serendipity_db_escape_string(isset($_SESSION['HTTP_REFERER']) ? $_SESSION['HTTP_REFERER'] : $_SERVER['HTTP_REFERER']), 0, 255), serendipity_db_escape_string($comment['comment']));
             serendipity_db_query($q);
             break;
     }
 }
/**
 * Show the list of plugins
 *
 * Shows a HTML list of all installed plugins, complete with config/delete/sort order options
 *
 * @access public
 * @param  boolean  Indicates if event plugins (TRUE) or sidebar plugins (FALSE) shall be shown
 * @return null
 */
function show_plugins($event_only = false, $sidebars = null)
{
    global $serendipity;
    $sql_filter = '';
    if (is_array($sidebars)) {
        foreach ($sidebars as $sidebar) {
            $up = strtoupper($sidebar);
            if ($sidebar == 'hide') {
                $opts[$sidebar] = HIDDEN;
            } elseif (defined('SIDEBAR_' . $up)) {
                $opts[$sidebar] = constant('SIDEBAR_' . $up);
            } elseif (defined($up)) {
                $opts[$sidebar] = constant($up);
            } else {
                $opts[$sidebar] = $up;
            }
            $sql_filter .= "AND placement != '" . serendipity_db_escape_string($sidebar) . "' ";
        }
    }
    if (!$event_only) {
        $sql = "SELECT * from {$serendipity['dbPrefix']}plugins\n                   WHERE placement != 'event'\n                     AND placement != 'eventh'\n                         " . $sql_filter;
        $invisible_plugins = serendipity_db_query($sql);
        if (is_array($invisible_plugins)) {
            $sidebars[] = 'NONE';
            $opts['NONE'] = NONE;
        }
    }
    $opts['event'] = PLUGIN_ACTIVE;
    $opts['eventh'] = PLUGIN_INACTIVE;
    $data['event_only'] = $event_only;
    if (!$event_only) {
        $data['is_first'] = true;
    }
    $data['serendipity_setFormToken'] = serendipity_setFormToken();
    $data['serendipity_setFormTokenUrl'] = serendipity_setFormToken('url');
    /* Block display the plugins per placement location. */
    if ($event_only) {
        $plugin_placements = array('event', 'eventh');
    } else {
        $plugin_placements = $sidebars;
    }
    $data['plugin_placements'] = $plugin_placements;
    static $users = array();
    if (empty($users)) {
        $users = serendipity_fetchUsers('', 'hidden');
    }
    $data['users'] = $users;
    $i = 0;
    foreach ($plugin_placements as $plugin_placement) {
        if (!$event_only && $plugin_placement == 'NONE') {
            $is_invisible = true;
        } else {
            $is_invisible = false;
        }
        $data['placement'][$plugin_placement]['ptitle'] = $ptitle = $opts[$plugin_placement];
        $data['placement'][$plugin_placement]['pid'] = $pid = $plugin_placement;
        if ($is_invisible) {
            $plugins = $invisible_plugins;
        } else {
            $plugins = serendipity_plugin_api::enum_plugins($plugin_placement);
        }
        if (!is_array($plugins)) {
            continue;
        }
        $sort_idx = 0;
        foreach ($plugins as $plugin_data) {
            $i++;
            $plugin =& serendipity_plugin_api::load_plugin($plugin_data['name'], $plugin_data['authorid']);
            $key = urlencode($plugin_data['name']);
            $css_key = 's9ycid' . str_replace('%', '-', $key);
            $is_plugin_owner = $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers');
            $is_plugin_editable = $is_plugin_owner || $plugin_data['authorid'] == '0';
            $cname = explode(':', $plugin_data['name']);
            if (!is_object($plugin)) {
                $name = $title = ERROR . '!';
                $desc = ERROR . ': ' . $plugin_data['name'];
                $can_configure = false;
            } else {
                /* query for its name, description and configuration data */
                $bag = new serendipity_property_bag();
                $plugin->introspect($bag);
                $name = serendipity_specialchars($bag->get('name'));
                $desc = '<details class="plugin_data">';
                $desc .= '<summary><var class="perm_name">' . $cname[0] . '</var></summary>';
                $desc .= '<div class="plugin_desc clearfix">' . serendipity_specialchars($bag->get('description')) . '</div>';
                $desc .= '<span class="block_level">' . VERSION . ': ' . $bag->get('version') . '</span>';
                $desc .= '</details>';
                $title = serendipity_plugin_api::get_plugin_title($plugin, '[' . $name . ']');
                if ($bag->is_set('configuration') && ($plugin->protected === FALSE || $plugin_data['authorid'] == '0' || $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'))) {
                    $can_configure = true;
                } else {
                    $can_configure = false;
                }
            }
            if ($opts === null) {
                $opts = array('left' => LEFT, 'right' => RIGHT, 'hide' => HIDDEN);
            }
            $event_opts = array('event' => PLUGIN_ACTIVE, 'eventh' => PLUGIN_INACTIVE);
            if ($event_only) {
                $gopts = $event_opts;
            } else {
                $gopts = $opts;
            }
            $data['placement'][$plugin_placement]['plugin_data'][$i]['sort_idx'] = $sort_idx;
            $data['placement'][$plugin_placement]['plugin_data'][$i]['css_key'] = $css_key;
            $data['placement'][$plugin_placement]['plugin_data'][$i]['is_plugin_editable'] = $is_plugin_editable;
            $data['placement'][$plugin_placement]['plugin_data'][$i]['is_plugin_owner'] = $is_plugin_owner;
            $data['placement'][$plugin_placement]['plugin_data'][$i]['name'] = $plugin_data['name'];
            $data['placement'][$plugin_placement]['plugin_data'][$i]['authorid'] = $plugin_data['authorid'];
            $data['placement'][$plugin_placement]['plugin_data'][$i]['can_configure'] = $can_configure;
            $data['placement'][$plugin_placement]['plugin_data'][$i]['key'] = $key;
            $data['placement'][$plugin_placement]['plugin_data'][$i]['title'] = $title;
            $data['placement'][$plugin_placement]['plugin_data'][$i]['desc'] = $desc;
            $data['placement'][$plugin_placement]['plugin_data'][$i]['placement'] = $plugin_data['placement'];
            $data['placement'][$plugin_placement]['plugin_data'][$i]['gopts'] = $gopts;
            $sort_idx++;
        }
    }
    $data['total'] = $i;
    return serendipity_smarty_show('admin/show_plugins.fnc.tpl', $data);
}
/**
 * Parses entries to display them for RSS/Atom feeds to be passed on to generic Smarty templates
 *
 * This function searches for existing RSS feed template customizations. As long as a template
 * with the same name as the $version variable exists, it will be emitted.
 *
 * @access public
 * @see serendipity_fetchEntries(), rss.php
 * @param   array       A superarray of entries to output
 * @param   string      The version/type of a RSS/Atom feed to display (atom1_0, rss2_0 etc)
 * @param   boolean     If true, this is a comments feed. If false, it's an Entry feed.
 * @param   boolean     Indicates if this feed is a fulltext feed (true) or only excercpt (false)
 * @param   boolean     Indicates if E-Mail addresses should be shown (true) or hidden (false)
 * @return
 */
function serendipity_printEntries_rss(&$entries, $version, $comments = false, $fullFeed = false, $showMail = true)
{
    global $serendipity;
    $options = array('version' => $version, 'comments' => $comments, 'fullFeed' => $fullFeed, 'showMail' => $showMail);
    serendipity_plugin_api::hook_event('frontend_entries_rss', $entries, $options);
    if (is_array($entries)) {
        foreach ($entries as $key => $_entry) {
            $entry =& $entries[$key];
            if (isset($entry['entrytimestamp'])) {
                $e_ts = $entry['entrytimestamp'];
            } else {
                $e_ts = $entry['timestamp'];
            }
            $entry['feed_id'] = isset($entry['entryid']) && !empty($entry['entryid']) ? $entry['entryid'] : $entry['id'];
            // set feed guid only, if not already defined externaly
            if (empty($entry['feed_guid'])) {
                $entry['feed_guid'] = serendipity_rss_getguid($entry, $options['comments']);
            }
            $entry['feed_entryLink'] = serendipity_archiveURL($entry['feed_id'], $entry['title'], 'baseURL', true, array('timestamp' => $e_ts));
            if ($options['comments'] == true) {
                // Display username as part of the title for easier feed-readability
                if ($entry['type'] == 'TRACKBACK' && !empty($entry['ctitle'])) {
                    $entry['author'] .= ' - ' . $entry['ctitle'];
                }
                $entry['title'] = (!empty($entry['author']) ? $entry['author'] : ANONYMOUS) . ': ' . $entry['title'];
                // No HTML allowed here:
                $entry['body'] = strip_tags($entry['body']);
            }
            // Embed a link to extended entry, if existing
            if ($options['fullFeed']) {
                $entry['body'] .= ' ' . $entry['extended'];
                $ext = '';
            } elseif ($entry['exflag']) {
                $ext = '<br /><a href="' . $entry['feed_entryLink'] . '#extended">' . sprintf(VIEW_EXTENDED_ENTRY, htmlspecialchars($entry['title'])) . '</a>';
            } else {
                $ext = '';
            }
            $addData = array('from' => 'functions_entries:printEntries_rss', 'rss_options' => $options);
            serendipity_plugin_api::hook_event('frontend_display', $entry, $addData);
            // Do some relative -> absolute URI replacing magic. Replaces all HREF/SRC (<a>, <img>, ...) references to only the serendipitypath with the full baseURL URI
            // garvin: Could impose some problems. Closely watch this one.
            $entry['body'] = preg_replace('@(href|src)=("|\')(' . preg_quote($serendipity['serendipityHTTPPath']) . ')(.*)("|\')(.*)>@imsU', '\\1=\\2' . $serendipity['baseURL'] . '\\4\\2\\6>', $entry['body']);
            // jbalcorn: clean up body for XML compliance as best we can.
            $entry['body'] = xhtml_cleanup($entry['body']);
            // extract author information
            if (isset($entry['no_email']) && $entry['no_email'] || $options['showMail'] === FALSE) {
                $entry['email'] = '*****@*****.**';
                // RSS Feeds need an E-Mail address!
            } elseif (empty($entry['email'])) {
                $query = "select email FROM {$serendipity['dbPrefix']}authors WHERE authorid = '" . serendipity_db_escape_string($entry['authorid']) . "'";
                $results = serendipity_db_query($query);
                $entry['email'] = $results[0]['email'];
            }
            if (!is_array($entry['categories'])) {
                $entry['categories'] = array(0 => array('category_name' => $entry['category_name'], 'feed_category_name' => serendipity_utf8_encode(htmlspecialchars($entry['category_name'])), 'categoryURL' => serendipity_categoryURL($entry, 'baseURL')));
            } else {
                foreach ($entry['categories'] as $cid => $_cat) {
                    $cat =& $entry['categories'][$cid];
                    $cat['categoryURL'] = serendipity_categoryURL($cat, 'baseURL');
                    $cat['feed_category_name'] = serendipity_utf8_encode(htmlspecialchars($cat['category_name']));
                }
            }
            // Prepare variables
            // 1. UTF8 encoding + htmlspecialchars.
            $entry['feed_title'] = serendipity_utf8_encode(htmlspecialchars($entry['title']));
            $entry['feed_blogTitle'] = serendipity_utf8_encode(htmlspecialchars($serendipity['blogTitle']));
            $entry['feed_title'] = serendipity_utf8_encode(htmlspecialchars($entry['title']));
            $entry['feed_author'] = serendipity_utf8_encode(htmlspecialchars($entry['author']));
            $entry['feed_email'] = serendipity_utf8_encode(htmlspecialchars($entry['email']));
            // 2. gmdate
            $entry['feed_timestamp'] = gmdate('Y-m-d\\TH:i:s\\Z', serendipity_serverOffsetHour($entry['timestamp']));
            $entry['feed_last_modified'] = gmdate('Y-m-d\\TH:i:s\\Z', serendipity_serverOffsetHour($entry['last_modified']));
            $entry['feed_timestamp_r'] = date('r', serendipity_serverOffsetHour($entry['timestamp']));
            // 3. UTF8 encoding
            $entry['feed_body'] = serendipity_utf8_encode($entry['body']);
            $entry['feed_ext'] = serendipity_utf8_encode($ext);
            $entry_hook = 'frontend_display:unknown:per-entry';
            switch ($version) {
                case 'opml1.0':
                    $entry_hook = 'frontend_display:opml-1.0:per_entry';
                    break;
                case '0.91':
                    $entry_hook = 'frontend_display:rss-0.91:per_entry';
                    break;
                case '1.0':
                    $entry_hook = 'frontend_display:rss-1.0:per_entry';
                    break;
                case '2.0':
                    $entry_hook = 'frontend_display:rss-2.0:per_entry';
                    break;
                case 'atom0.3':
                    $entry_hook = 'frontend_display:atom-0.3:per_entry';
                    break;
                case 'atom1.0':
                    $entry_hook = 'frontend_display:atom-1.0:per_entry';
                    break;
            }
            serendipity_plugin_api::hook_event($entry_hook, $entry);
            $entry['per_entry_display_dat'] = $entry['display_dat'];
        }
    }
}
示例#15
0
 function import()
 {
     global $serendipity;
     // Save this so we can return it to its original value at the end of this method.
     $noautodiscovery = isset($serendipity['noautodiscovery']) ? $serendipity['noautodiscovery'] : false;
     if ($this->data['autodiscovery'] == 'false') {
         $serendipity['noautodiscovery'] = 1;
     }
     $this->getTransTable();
     $this->data['prefix'] = serendipity_db_escape_string($this->data['prefix']);
     $users = array();
     $entries = array();
     if (!extension_loaded('mysqli')) {
         return MYSQL_REQUIRED;
     }
     $gdb = @mysqli_connect($this->data['host'], $this->data['user'], $this->data['pass']);
     if (!$gdb || mysqli_connect_error()) {
         return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
     }
     if (!@mysqli_select_db($gdb, $this->data['name'])) {
         return sprintf(COULDNT_SELECT_DB, mysqli_error($gdb));
     }
     /* Users */
     $res = @$this->nativeQuery("SELECT user_id       AS ID,\n                                    username      AS user_login,\n                                    user_password AS user_pass,\n                                    user_email    AS user_email,\n                                    user_website  AS user_url,\n                                    user_level\n                               FROM {$this->data['prefix']}users\n                              WHERE user_active = 1", $gdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_USER_INFO, mysqli_error($gdb));
     }
     for ($x = 0, $max_x = mysqli_num_rows($res); $x < $max_x; $x++) {
         $users[$x] = mysqli_fetch_assoc($res);
         $data = array('right_publish' => 1, 'realname' => $users[$x]['user_login'], 'username' => $users[$x]['user_login'], 'email' => $users[$x]['user_email'], 'userlevel' => $users[$x]['user_level'] == 0 ? USERLEVEL_EDITOR : USERLEVEL_ADMIN, 'password' => $users[$x]['user_pass']);
         // MD5 compatible
         if ($serendipity['serendipityUserlevel'] < $data['userlevel']) {
             $data['userlevel'] = $serendipity['serendipityUserlevel'];
         }
         serendipity_db_insert('authors', $this->strtrRecursive($data));
         echo mysqli_error();
         $users[$x]['authorid'] = serendipity_db_insert_id('authors', 'authorid');
     }
     /* Categories */
     $res = @$this->nativeQuery("SELECT cat_id AS cat_ID, \n                                    cat_title AS cat_name \n                               FROM {$this->data['prefix']}categories", $gdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_CATEGORY_INFO, mysqli_error($gdb));
     }
     // Get all the info we need
     for ($x = 0, $max_x = mysqli_num_rows($res); $x < $max_x; $x++) {
         $parent_categories[] = mysqli_fetch_assoc($res);
     }
     for ($x = 0, $max_x = sizeof($parent_categories); $x < $max_x; $x++) {
         $cat = array('category_name' => $parent_categories[$x]['cat_name'], 'category_description' => '', 'parentid' => 0, 'category_left' => 0, 'category_right' => 0);
         serendipity_db_insert('category', $this->strtrRecursive($cat));
         $parent_categories[$x]['categoryid'] = serendipity_db_insert_id('category', 'categoryid');
     }
     /* Categories */
     $res = @$this->nativeQuery("SELECT forum_id AS cat_ID,\n                                    cat_id   AS parent_cat_id, \n                                    forum_name AS cat_name, \n                                    forum_desc AS category_description \n                               FROM {$this->data['prefix']}forums ORDER BY forum_order;", $gdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_CATEGORY_INFO, mysqli_error($gdb));
     }
     // Get all the info we need
     for ($x = 0, $max_x = mysqli_num_rows($res); $x < $max_x; $x++) {
         $categories[] = mysqli_fetch_assoc($res);
     }
     // Insert all categories as top level (we need to know everyone's ID before we can represent the hierarchy).
     for ($x = 0, $max_x = sizeof($categories); $x < $max_x; $x++) {
         $pcatid = 0;
         foreach ($parent_categories as $pcat) {
             if ($pcat['cat_ID'] == $categories[$x]['parent_cat_id']) {
                 $pcatid = $pcat['cat_ID'];
                 break;
             }
         }
         $cat = array('category_name' => $categories[$x]['cat_name'], 'category_description' => $categories[$x]['category_description'], 'parentid' => $pcatid, 'category_left' => 0, 'category_right' => 0);
         serendipity_db_insert('category', $this->strtrRecursive($cat));
         $categories[$x]['categoryid'] = serendipity_db_insert_id('category', 'categoryid');
     }
     serendipity_rebuildCategoryTree();
     /* Entries */
     $res = @$this->nativeQuery("SELECT t.topic_title, \n                                    t.topic_poster,\n                                    t.forum_id,\n                                    p.post_time,\n                                    pt.post_subject,\n                                    pt.post_text,\n                                    count(p.topic_id) AS ccount,\n                                    p.topic_id,\n                                    MIN(p.post_id) AS post_id\n                               FROM {$this->data['prefix']}topics AS t\n                    LEFT OUTER JOIN {$this->data['prefix']}posts  AS p\n                                 ON t.topic_id = p.topic_id\n                    LEFT OUTER JOIN {$this->data['prefix']}posts_text  AS pt\n                                 ON pt.post_id = p.post_id\n                           GROUP BY p.topic_id\n                           ", $gdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_ENTRY_INFO, mysqli_error($gdb));
     }
     for ($x = 0, $max_x = mysqli_num_rows($res); $x < $max_x; $x++) {
         $entries[$x] = mysqli_fetch_assoc($res);
         $entry = array('title' => $this->decode($entries[$x]['post_subject']), 'isdraft' => 'false', 'allow_comments' => 'true', 'timestamp' => $entries[$x]['post_time'], 'body' => $this->strtr($entries[$x]['post_text']), 'extended' => '');
         $entry['authorid'] = '';
         $entry['author'] = '';
         foreach ($users as $user) {
             if ($user['ID'] == $entries[$x]['topic_poster']) {
                 $entry['authorid'] = $user['authorid'];
                 $entry['author'] = $user['user_login'];
                 break;
             }
         }
         if (!is_int($entries[$x]['entryid'] = serendipity_updertEntry($entry))) {
             return $entries[$x]['entryid'];
         }
         /* Entry/category */
         foreach ($categories as $category) {
             if ($category['cat_ID'] == $entries[$x]['forum_id']) {
                 $data = array('entryid' => $entries[$x]['entryid'], 'categoryid' => $category['categoryid']);
                 serendipity_db_insert('entrycat', $this->strtrRecursive($data));
                 break;
             }
         }
         /* Comments */
         $topic_id = $entries[$x]['topic_id'];
         $c_res = @$this->nativeQuery("SELECT t.topic_title, \n                                        t.topic_poster,\n                                        p.poster_id,\n                                        t.forum_id,\n                                        p.post_time,\n                                        pt.post_subject,\n                                        pt.post_text,\n                                        pt.post_id\n                                   FROM {$this->data['prefix']}topics AS t\n                        LEFT OUTER JOIN {$this->data['prefix']}posts  AS p\n                                     ON t.topic_id = p.topic_id\n                        LEFT OUTER JOIN {$this->data['prefix']}posts_text  AS pt\n                                     ON pt.post_id = p.post_id\n                                  WHERE p.topic_id = {$topic_id} \n                               ", $gdb);
         if (!$c_res) {
             return sprintf(COULDNT_SELECT_COMMENT_INFO, mysqli_error($gdb));
         }
         while ($a = mysqli_fetch_assoc($c_res)) {
             if ($a['post_id'] == $entries[$x]['post_id']) {
                 continue;
             }
             $author = '';
             $mail = '';
             $url = '';
             foreach ($users as $user) {
                 if ($user['ID'] == $a['poster_id']) {
                     $author = $user['user_login'];
                     $mail = $user['user_email'];
                     $url = $user['user_url'];
                     break;
                 }
             }
             $comment = array('entry_id ' => $entries[$x]['entryid'], 'parent_id' => 0, 'timestamp' => $a['post_time'], 'author' => $author, 'email' => $mail, 'url' => $url, 'ip' => '', 'status' => 'approved', 'body' => $a['post_text'], 'subscribed' => 'false', 'type' => 'NORMAL');
             serendipity_db_insert('comments', $this->strtrRecursive($comment));
             $cid = serendipity_db_insert_id('comments', 'id');
             serendipity_approveComment($cid, $entries[$x]['entryid'], true);
         }
     }
     $serendipity['noautodiscovery'] = $noautodiscovery;
     // That was fun.
     return true;
 }
/**
 * Load available/configured options for a specific theme (through config.inc.php of a template directory)
 * into an array.
 *
 * @param   array   Referenced variable coming from the config.inc.php file, where the config values will be stored in
 * @param   boolean Use true boolean mode in array $template_config in the config.inc.php file
 * @return  array   Final return array with default values
 */
function &serendipity_loadThemeOptions(&$template_config, $okey = '', $bc_bool = false)
{
    global $serendipity;
    if (empty($okey)) {
        $okey = $serendipity['template'];
    }
    $_template_vars =& serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}options\n                                             WHERE okey = 't_" . serendipity_db_escape_string($okey) . "'\n                                                OR okey = 't_global'", false, 'assoc', false, 'name', 'value');
    if (!is_array($_template_vars)) {
        $template_vars = array();
    } else {
        $template_vars =& $_template_vars;
    }
    foreach ($template_config as $key => $item) {
        if (!isset($template_vars[$item['var']])) {
            $template_vars[$item['var']] = $item['default'];
        }
    }
    if ($bc_bool) {
        foreach ($template_vars as $k => $i) {
            if ($i == 'true' || $i == 'false') {
                $template_vars[$k] = serendipity_db_bool($i);
            }
        }
        //reset smarty compiled template ?
    }
    return $template_vars;
}
示例#17
0
 if (isset($_POST['SAVE']) && isset($_POST['serendipity']['placement']) && serendipity_checkFormToken()) {
     foreach ($_POST['serendipity']['placement'] as $plugin_name => $placement) {
         serendipity_plugin_api::update_plugin_placement(addslashes($plugin_name), addslashes($placement));
         serendipity_plugin_api::update_plugin_owner(addslashes($plugin_name), addslashes($_POST['serendipity']['ownership'][$plugin_name]));
     }
 }
 if (isset($serendipity['GET']['install_plugin'])) {
     $authorid = $serendipity['authorid'];
     if (serendipity_checkPermission('adminPluginsMaintainOthers')) {
         $authorid = '0';
     }
     $fetchplugin_data = array('GET' => &$serendipity['GET'], 'install' => true);
     serendipity_plugin_api::hook_event('backend_plugins_fetchplugin', $fetchplugin_data);
     if ($fetchplugin_data['install']) {
         $serendipity['debug']['pluginload'] = array();
         $inst = serendipity_plugin_api::create_plugin_instance($serendipity['GET']['install_plugin'], null, serendipity_plugin_api::is_event_plugin($serendipity['GET']['install_plugin']) ? 'event' : 'right', $authorid, serendipity_db_escape_string($serendipity['GET']['pluginPath']));
         /* Load the new plugin */
         $plugin =& serendipity_plugin_api::load_plugin($inst);
         if (!is_object($plugin)) {
             echo "DEBUG: Plugin {$inst} not an object: " . print_r($plugin, true) . ".<br />Input: " . print_r($serendipity['GET'], true) . ".<br /><br />\n\nThis error can happen if a plugin was not properly downloaded (check your plugins directory if the requested plugin was downloaded) or the inclusion of a file failed (permissions?)<br />\n";
             echo "Backtrace:<br />\n" . implode("<br />\n", $serendipity['debug']['pluginload']) . "<br />";
         }
         $bag = new serendipity_property_bag();
         $plugin->introspect($bag);
         if ($bag->is_set('configuration')) {
             /* Only play with the plugin if there is something to play with */
             echo '<script type="text/javascript">location.href = \'' . $serendipity['baseurl'] . '?serendipity[adminModule]=plugins&serendipity[plugin_to_conf]=' . $inst . '\';</script>';
             die;
         } else {
             /* If no config is available, redirect to plugin overview, because we do not want that a user can install the plugin a second time via accidental browser refresh */
             echo '<script type="text/javascript">location.href = \'' . $serendipity['baseurl'] . '?serendipity[adminModule]=plugins\';</script>';
/**
 * Moves a media directory
 *
 * @param  string   The old directory
 * @param  string   The new directory
 * @param  string   The type of what to remove (dir|file|filedir)
 * @param  string   An item id of a file
 * @param  array    Result of serendipity_fetchImageFromDatabase($id)
 * @return boolean
 *
 */
function serendipity_moveMediaDirectory($oldDir, $newDir, $type = 'dir', $item_id = null, $file = null)
{
    global $serendipity;
    $real_oldDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir;
    $real_newDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir;
    if ($type == 'dir') {
        if (!is_dir($real_oldDir)) {
            echo '<span class="msg_error"><span class="icon-attention-circled"></span> ';
            printf(ERROR_FILE_NOT_EXISTS, $oldDir);
            echo "</span>\n";
            return false;
        }
        if (is_dir($real_newDir)) {
            echo '<span class="msg_error"><span class="icon-attention-circled"></span> ';
            printf(ERROR_FILE_EXISTS, $newDir);
            echo "</span>\n";
            return false;
        }
        if (!rename($real_oldDir, $real_newDir)) {
            echo '<span class="msg_error"><span class="icon-attention-circled"></span> ';
            printf(MEDIA_DIRECTORY_MOVE_ERROR, $newDir);
            echo "</span>\n";
            return false;
        }
        echo '<span class="msg_success"><span class="icon-ok-circled"></span> ';
        printf(MEDIA_DIRECTORY_MOVED, $newDir);
        echo "</span>\n";
        $dirs = serendipity_db_query("SELECT id, path\n                                        FROM {$serendipity['dbPrefix']}images\n                                       WHERE path LIKE '" . serendipity_db_escape_string($oldDir) . "%'", false, 'assoc');
        if (is_array($dirs)) {
            foreach ($dirs as $dir) {
                $old = $dir['path'];
                $new = preg_replace('@^(' . preg_quote($oldDir) . ')@i', $newDir, $old);
                serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images\n                                         SET path = '" . serendipity_db_escape_string($new) . "'\n                                       WHERE id = {$dir['id']}");
            }
        }
        $dirs = serendipity_db_query("SELECT groupid, artifact_id, artifact_type, artifact_mode, artifact_index\n                                        FROM {$serendipity['dbPrefix']}access\n                                       WHERE artifact_type = 'directory'\n                                         AND artifact_index LIKE '" . serendipity_db_escape_string($oldDir) . "%'", false, 'assoc');
        if (is_array($dirs)) {
            foreach ($dirs as $dir) {
                $old = $dir['artifact_index'];
                $new = preg_replace('@^(' . preg_quote($oldDir) . ')@i', $newDir, $old);
                serendipity_db_query("UPDATE {$serendipity['dbPrefix']}access\n                                         SET artifact_index = '" . serendipity_db_escape_string($new) . "'\n                                       WHERE groupid        = '" . serendipity_db_escape_string($dir['groupid']) . "'\n                                         AND artifact_id    = '" . serendipity_db_escape_string($dir['artifact_id']) . "'\n                                         AND artifact_type  = '" . serendipity_db_escape_string($dir['artifact_type']) . "'\n                                         AND artifact_mode  = '" . serendipity_db_escape_string($dir['artifact_mode']) . "'\n                                         AND artifact_index = '" . serendipity_db_escape_string($dir['artifact_index']) . "'");
            }
        }
    }
    if ($type == 'file') {
        if (serendipity_isActiveFile(basename($newDir))) {
            echo '<span class="msg_error"><span class="icon-attention-circled"></span> ';
            printf(ERROR_FILE_FORBIDDEN, serendipity_specialchars($newDir));
            echo "</span>\n";
            return false;
        }
        if ($file['hotlink']) {
            serendipity_updateImageInDatabase(array('realname' => $newDir, 'name' => $newDir), $item_id);
        } else {
            $file_new = $newDir . $file['name'] . (empty($file['extension']) ? '' : '.');
            $file_old = $file['path'] . $file['name'] . (empty($file['extension']) ? '' : '.');
            $newfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file_new . $file['extension'];
            $oldfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file_old . $file['extension'];
            if ($newDir != '' && file_exists($oldfile) && !file_exists($newfile)) {
                $renameValues = array(array('from' => $oldfile, 'to' => $newfile, 'thumb' => $serendipity['thumbSuffix'], 'fthumb' => $file['thumbnail_name'], 'oldDir' => $oldDir, 'newDir' => $newDir, 'type' => $type, 'item_id' => $item_id, 'file' => $file));
                serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
                // eg. for staticpage entries path regex replacements
                // Rename file
                rename($renameValues[0]['from'], $renameValues[0]['to']);
                foreach ($renameValues as $renameData) {
                    // Rename thumbnail
                    @rename($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $file['name'] . (!empty($renameData['fthumb']) ? '.' . $renameData['fthumb'] : '') . (empty($file['extension']) ? '' : '.' . $file['extension']), $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir . $file['name'] . (!empty($file['thumbnail_name']) ? '.' . $renameData['thumb'] : '') . (empty($file['extension']) ? '' : '.' . $file['extension']));
                }
                serendipity_updateImageInDatabase(array('thumbnail_name' => $renameValues[0]['thumb'], 'realname' => $newDir, 'name' => $newDir), $item_id);
                $oldDir = $file_old;
                $newDir = $file_new;
                $real_oldDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir;
                $real_newDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir;
                // Forward user to overview (we don't want the user's back button to rename things again)
            } else {
                if (!file_exists($oldfile)) {
                    echo '<span class="msg_error"><span class="icon-attention-circled"></span> ' . ERROR_FILE_NOT_EXISTS . '</span>';
                } elseif (file_exists($newfile)) {
                    echo '<span class="msg_error"><span class="icon-attention-circled"></span> ' . ERROR_FILE_EXISTS . '</span>';
                } else {
                    echo '<span class="msg_error"><span class="icon-attention-circled"></span> ' . ERROR_SOMETHING . '</span>';
                }
                return false;
            }
        }
    } elseif ($type == 'filedir') {
        serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images\n                                 SET path = '" . serendipity_db_escape_string($newDir) . "'\n                               WHERE id   = " . (int) $item_id);
        $pick = serendipity_db_query("SELECT * FROM  {$serendipity['dbPrefix']}images\n                               WHERE id   = " . (int) $item_id, true, 'assoc');
        // Move thumbs
        $oldfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir . $pick['name'] . (empty($pick['extension']) ? '' : '.' . $pick['extension']);
        $newfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir . $pick['name'] . (empty($pick['extension']) ? '' : '.' . $pick['extension']);
        $renameValues = array(array('from' => $oldfile, 'to' => $newfile, 'thumb' => $serendipity['thumbSuffix'], 'fthumb' => $pick['thumbnail_name'], 'oldDir' => $oldDir, 'newDir' => $newDir, 'type' => $type, 'item_id' => $item_id, 'file' => $pick, 'name' => $pick['name']));
        serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
        // Rename file
        rename($renameValues[0]['from'], $renameValues[0]['to']);
        foreach ($renameValues as $renameData) {
            // Rename thumbnail
            @rename($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir . $pick['name'] . (!empty($renameData['fthumb']) ? '.' . $renameData['fthumb'] : '') . (empty($pick['extension']) ? '' : '.' . $pick['extension']), $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir . $pick['name'] . (!empty($pick['thumbnail_name']) ? '.' . $pick['thumbnail_name'] : '') . (empty($pick['extension']) ? '' : '.' . $pick['extension']));
        }
        $oldDir .= $pick['name'];
        $newDir .= $pick['name'];
        $hasExt = isset($pick['extension']) ? '.' . $pick['extension'] : '';
        if (file_exists($newfile)) {
            echo '<span class="msg_success"><span class="icon-ok-circled"></span> ';
            printf(MEDIA_DIRECTORY_MOVED, $newDir . $hasExt);
            echo "</span>\n";
        }
    } elseif ($type == 'dir') {
        $renameValues = array(array('from' => $oldfile, 'to' => $newfile, 'thumb' => $serendipity['thumbSuffix'], 'fthumb' => $file['thumbnail_name'], 'oldDir' => $oldDir, 'newDir' => $newDir, 'type' => $type, 'item_id' => $item_id, 'file' => $file));
        serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
    }
    // Only MySQL supported, since I don't know how to use REGEXPs differently.
    if ($serendipity['dbType'] != 'mysql' && $serendipity['dbType'] != 'mysqli') {
        echo '<span class="msg_notice"><span class="icon-info-circled"></span> ' . MEDIA_DIRECTORY_MOVE_ENTRY . "</span>\n";
        return true;
    }
    // Prepare the SELECT query for filetypes
    if ($type == 'filedir' || $type == 'file') {
        $_file = $type == 'filedir' ? $pick : $file;
        $oldDir = $type == 'file' ? str_replace($_file['name'] . '.', '', $oldDir) : $oldDir;
        // Path patterns to SELECT en detail to not pick path parts in a loop
        $oldDirThumb = $oldDir . $_file['name'] . '.' . $_file['thumbnail_name'] . ($_file['extension'] ? '.' . $_file['extension'] : '');
        $oldDirFile = $oldDir . $_file['name'] . ($_file['extension'] ? '.' . $_file['extension'] : '');
        $quickblogFilePath = $serendipity['serendipityPath'] . $serendipity['uploadHTTPPath'] . $oldDirFile;
        // REPLACE BY Path and Name only to also match Thumbs
        if (strpos($oldDir, $_file['name']) === FALSE) {
            $oldDir .= $_file['name'];
        }
        if (strpos($newDir, $_file['name']) === FALSE) {
            $newDir .= $_file['name'];
        }
        // imageselectorplus plugin quickblog is either quickblog:FullPath or quickblog:none|FullPath or quickblog:|(plugin|js|_blankl)|FullPath
        // For a possible future isp regex change, we search for 'none' between pipes too
        $q = "SELECT id, body, extended\n                FROM {$serendipity['dbPrefix']}entries\n               WHERE body     REGEXP '(src=|href=|window.open.|<!--quickblog:)(\\'|\"|none\\\\||\\\\|(plugin|none|js|_blank)\\\\|)(" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDirFile) . "|" . serendipity_db_escape_String($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDirFile) . "|" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDirThumb) . "|" . serendipity_db_escape_String($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDirThumb) . "|" . serendipity_db_escape_String($quickblogFilePath) . ")'\n                  OR extended REGEXP '(src=|href=|window.open.)(\\'|\")(" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDirFile) . "|" . serendipity_db_escape_String($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDirFile) . "|" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDirThumb) . "|" . serendipity_db_escape_String($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDirThumb) . ")'\n        ";
    } else {
        $q = "SELECT id, body, extended\n                FROM {$serendipity['dbPrefix']}entries\n               WHERE body     REGEXP '(src=|href=|window.open.)(\\'|\")(" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . "|" . serendipity_db_escape_string($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ")'\n                  OR extended REGEXP '(src=|href=|window.open.)(\\'|\")(" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . "|" . serendipity_db_escape_string($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ")'\n        ";
    }
    // strip, if last char is a period ".", which may happen with quickblog image path strings
    $newDir = rtrim($newDir, '.');
    $dirs = serendipity_db_query($q);
    if (is_array($dirs)) {
        foreach ($dirs as $dir) {
            $dir['body'] = preg_replace('@(src=|href=|window.open.)(\'|")(' . preg_quote($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . '|' . preg_quote($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ')@', '\\1\\2' . $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $newDir, $dir['body']);
            $dir['body'] = preg_replace('@(<!--quickblog:)(none\\||\\|(plugin|none|js|_blank)\\|)(' . preg_quote($serendipity['serendipityPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ')@', '\\1\\2' . $serendipity['serendipityPath'] . $serendipity['uploadHTTPPath'] . $newDir, $dir['body']);
            $dir['extended'] = preg_replace('@(src=|href=|window.open.)(\'|")(' . preg_quote($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . '|' . preg_quote($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ')@', '\\1\\2' . $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $newDir, $dir['extended']);
            $uq = "UPDATE {$serendipity['dbPrefix']}entries\n                                     SET body     = '" . serendipity_db_escape_string($dir['body']) . "' ,\n                                         extended = '" . serendipity_db_escape_string($dir['extended']) . "'\n                                   WHERE id       =  " . serendipity_db_escape_string($dir['id']);
            serendipity_db_query($uq);
        }
        $imgmovedtodir = sprintf(MEDIA_DIRECTORY_MOVE_ENTRIES, count($dirs));
        printf('<span class="msg_notice"><span class="icon-info-circled"></span> ' . $imgmovedtodir . '</span>');
    }
    return true;
}
function serveCategory($matches)
{
    global $serendipity;
    $serendipity['view'] = 'categories';
    $uri = $_SERVER['REQUEST_URI'];
    $is_multicat = isset($serendipity['POST']['isMultiCat']) && is_array($serendipity['POST']['multiCat']);
    if ($is_multicat) {
        $serendipity['GET']['category'] = implode(';', $serendipity['POST']['multiCat']);
        $serendipity['uriArguments'][] = PATH_CATEGORIES;
        $serendipity['uriArguments'][] = serendipity_db_escape_string($serendipity['GET']['category']) . '-multi';
    } elseif (preg_match('@/([0-9;]+)@', $uri, $multimatch)) {
        if (stristr($multimatch[1], ';')) {
            $is_multicat = true;
            $serendipity['GET']['category'] = $multimatch[1];
        }
    }
    $serendipity['GET']['action'] = 'read';
    $_args = locateHiddenVariables($serendipity['uriArguments']);
    if (!$is_multicat) {
        $matches[1] = serendipity_searchPermalink($serendipity['permalinkCategoryStructure'], implode('/', $_args), $matches[1], 'category');
        $serendipity['GET']['category'] = $matches[1];
    }
    $cInfo = serendipity_fetchCategoryInfo($serendipity['GET']['category']);
    if (!is_array($cInfo)) {
        $serendipity['view'] = '404';
        $serendipity['viewtype'] = '404_2';
        header('HTTP/1.0 404 Not found');
        header('Status: 404 Not found');
    } else {
        $serendipity['head_title'] = $cInfo['category_name'];
        if (isset($serendipity['GET']['page'])) {
            $serendipity['head_title'] .= " - " . serendipity_specialchars($serendipity['GET']['page']);
        }
        $serendipity['head_subtitle'] = $serendipity['blogTitle'];
    }
    include S9Y_INCLUDE_PATH . 'include/genpage.inc.php';
}
/**
 * Searches the list of entries by a specific term
 *
 * @todo: Allow to show results of staticpage plugins or others
 * @access public
 * @param   string      The searchterm (may contain wildcards)
 * @param   int         Restrict the number of results [also uses $serendipity['GET']['page'] for pagination]
 * @param   array       Add search Results at the top
 * @return  array       Returns the superarray of entries found
 */
function &serendipity_searchEntries($term, $limit = '', $searchresults = '')
{
    global $serendipity;
    static $log_queries = false;
    if ($log_queries) {
        $fp = fopen($serendipity['serendipityPath'] . '/archives/queries.csv', 'a');
        fwrite($fp, date('Y-m-d H:i') . ';' . $_SERVER['REMOTE_ADDR'] . ';' . $term . "\n");
        fclose($fp);
    }
    $orig_limit = $limit;
    if ($limit == '') {
        $limit = $serendipity['fetchLimit'];
    }
    if (isset($serendipity['GET']['page']) && $serendipity['GET']['page'] > 1 && !strstr($limit, ',')) {
        $limit = serendipity_db_limit(($serendipity['GET']['page'] - 1) * $limit, $limit);
    }
    $limit = serendipity_db_limit_sql($limit);
    $term = serendipity_db_escape_string($term);
    $cond = array();
    $relevance_enabled = false;
    if ($serendipity['dbType'] == 'postgres' || $serendipity['dbType'] == 'pdo-postgres') {
        $cond['group'] = '';
        $cond['distinct'] = 'DISTINCT';
        $r = serendipity_db_query("SELECT count(routine_name) AS counter\n                                     FROM information_schema.routines\n                                    WHERE routine_name LIKE 'to_tsvector'\n                                      AND specific_catalog = '" . $serendipity['dbName'] . "'");
        if (is_array($r) && $r[0]['counter'] > 0) {
            $term = str_replace('&amp;', '&', $term);
            $cond['find_part'] = "(\n            to_tsvector('english', title)    @@to_tsquery('{$term}') OR\n            to_tsvector('english', body)     @@to_tsquery('{$term}') OR\n            to_tsvector('english', extended) @@to_tsquery('{$term}')\n            )";
        } else {
            $cond['find_part'] = "(title ILIKE '%{$term}%' OR body ILIKE '%{$term}%' OR extended ILIKE '%{$term}%')";
        }
    } elseif ($serendipity['dbType'] == 'sqlite' || $serendipity['dbType'] == 'sqlite3') {
        // Very extensive SQLite search. There currently seems no other way to perform fulltext search in SQLite
        // But it's better than no search at all :-D
        $cond['group'] = 'GROUP BY e.id';
        $cond['distinct'] = '';
        $term = serendipity_mb('strtolower', $term);
        $cond['find_part'] = "(lower(title) LIKE '%{$term}%' OR lower(body) LIKE '%{$term}%' OR lower(extended) LIKE '%{$term}%')";
    } else {
        $cond['group'] = 'GROUP BY e.id';
        $cond['distinct'] = '';
        $term = str_replace('&quot;', '"', $term);
        $relevance_enabled = true;
        if (preg_match('@["\\+\\-\\*~<>\\(\\)]+@', $term)) {
            $cond['find_part'] = "MATCH(title,body,extended) AGAINST('{$term}' IN BOOLEAN MODE)";
        } else {
            $cond['find_part'] = "MATCH(title,body,extended) AGAINST('{$term}')";
        }
    }
    switch ($serendipity['searchsort']) {
        case 'relevance':
            if ($relevance_enabled) {
                $cond['searchorderby'] = $cond['find_part'] . " DESC";
            } else {
                $cond['searchorderby'] = "timestamp DESC";
            }
            break;
        case 'timestamp':
        default:
            $cond['searchorderby'] = "timestamp DESC";
            break;
    }
    $cond['and'] = " AND isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND timestamp <= " . serendipity_db_time() : '');
    serendipity_plugin_api::hook_event('frontend_fetchentries', $cond, array('source' => 'search', 'term' => $term));
    serendipity_ACL_SQL($cond, 'limited');
    $serendipity['fullCountQuery'] = "\n                      FROM\n                            {$serendipity['dbPrefix']}entries e\n                 LEFT JOIN  {$serendipity['dbPrefix']}authors a\n                        ON  e.authorid = a.authorid\n                 LEFT JOIN  {$serendipity['dbPrefix']}entrycat ec\n                        ON  e.id = ec.entryid\n                            {$cond['joins']}\n                     WHERE\n                            ({$cond['find_part']})\n                            {$cond['and']}";
    $querystring = "SELECT {$cond['distinct']}\n                            {$cond['addkey']}\n                            e.id,\n                            e.authorid,\n                            a.realname AS author,\n                            e.allow_comments,\n                            e.moderate_comments,\n                            a.email,\n                            e.timestamp,\n                            e.comments,\n                            e.title,\n                            e.body,\n                            e.extended,\n                            e.trackbacks,\n                            e.exflag,\n                            e.isdraft,\n                            e.last_modified,\n                            a.username AS loginname\n                    {$serendipity['fullCountQuery']}\n                    {$cond['group']}\n                    {$cond['having']}\n                  ORDER BY  {$cond['searchorderby']}\n                    {$limit}";
    $search =& serendipity_db_query($querystring);
    //Add param searchresults at the top and remove duplicates.
    if (is_array($searchresults)) {
        $ids_current = array();
        foreach ($searchresults as $idx => $data) {
            $ids_current[$data['id']] = true;
        }
        foreach ($search as $idx => $data) {
            if (isset($ids_current[$data['id']])) {
                unset($search[$idx]);
            }
        }
        $search = array_merge($searchresults, $search);
    }
    //if * wasn't already appended and if there are none or not enough
    //results, search again for entries containing the searchterm as a part
    if (strpos($term, '*') === false) {
        if (!is_array($search)) {
            return serendipity_searchEntries($term . '*', $orig_limit);
        } else {
            if (count($search) < 4) {
                return serendipity_searchEntries($term . '*', $orig_limit, $search);
            }
        }
    }
    if (is_array($search)) {
        serendipity_fetchEntryData($search);
    }
    return $search;
}
/**
 * Moves a media directory
 *
 * @param  string   The old directory
 * @param  string   The new directory
 * @param  string   The type of what to remove (dir|file|filedir)
 * @param  string   An item id of a file
 * @return boolean
 *
 */
function serendipity_moveMediaDirectory($oldDir, $newDir, $type = 'dir', $item_id = null, $file = null)
{
    global $serendipity;
    $real_oldDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir;
    $real_newDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir;
    if ($type == 'dir') {
        if (!is_dir($real_oldDir)) {
            printf(ERROR_FILE_NOT_EXISTS . '<br />', $oldDir);
            return false;
        }
        if (is_dir($real_newDir)) {
            printf(ERROR_FILE_EXISTS . '<br />', $newDir);
            return false;
        }
        if (!rename($real_oldDir, $real_newDir)) {
            printf(MEDIA_DIRECTORY_MOVE_ERROR . '<br />', $newDir);
            return false;
        }
        printf(MEDIA_DIRECTORY_MOVED . '<br />', $newDir);
        $dirs = serendipity_db_query("SELECT id, path\n                                        FROM {$serendipity['dbPrefix']}images\n                                       WHERE path LIKE '" . serendipity_db_escape_string($oldDir) . "%'", false, 'assoc');
        if (is_array($dirs)) {
            foreach ($dirs as $dir) {
                $old = $dir['path'];
                $new = preg_replace('@^(' . preg_quote($oldDir) . ')@i', $newDir, $old);
                serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images\n                                         SET path = '" . serendipity_db_escape_string($new) . "'\n                                       WHERE id = {$dir['id']}");
            }
        }
        $dirs = serendipity_db_query("SELECT groupid, artifact_id, artifact_type, artifact_mode, artifact_index\n                                        FROM {$serendipity['dbPrefix']}access\n                                       WHERE artifact_type = 'directory'\n                                         AND artifact_index LIKE '" . serendipity_db_escape_string($oldDir) . "%'", false, 'assoc');
        if (is_array($dirs)) {
            foreach ($dirs as $dir) {
                $old = $dir['artifact_index'];
                $new = preg_replace('@^(' . preg_quote($oldDir) . ')@i', $newDir, $old);
                serendipity_db_query("UPDATE {$serendipity['dbPrefix']}access\n                                         SET artifact_index = '" . serendipity_db_escape_string($new) . "'\n                                       WHERE groupid        = '" . serendipity_db_escape_string($dir['groupid']) . "'\n                                         AND artifact_id    = '" . serendipity_db_escape_string($dir['artifact_id']) . "'\n                                         AND artifact_type  = '" . serendipity_db_escape_string($dir['artifact_type']) . "'\n                                         AND artifact_mode  = '" . serendipity_db_escape_string($dir['artifact_mode']) . "'\n                                         AND artifact_index = '" . serendipity_db_escape_string($dir['artifact_index']) . "'");
            }
        }
    }
    if ($type == 'file') {
        if (serendipity_isActiveFile(basename($newDir))) {
            printf(ERROR_FILE_FORBIDDEN, htmlspecialchars($newDir));
            return false;
        }
        if ($file['hotlink']) {
            serendipity_updateImageInDatabase(array('realname' => $newDir, 'name' => $newDir), $item_id);
        } else {
            $file_new = $file['path'] . $newDir . '.';
            $file_old = $file['path'] . $file['name'] . '.';
            $newfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file_new . $file['extension'];
            $oldfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file_old . $file['extension'];
            if ($newDir != '' && file_exists($oldfile) && !file_exists($newfile)) {
                $renameValues = array(array('from' => $oldfile, 'to' => $newfile, 'thumb' => $serendipity['thumbSuffix'], 'fthumb' => $file['thumbnail_name'], 'oldDir' => $oldDir, 'newDir' => $newDir, 'type' => $type, 'item_id' => $item_id, 'file' => $file));
                serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
                // Rename file
                rename($renameValues[0]['from'], $renameValues[0]['to']);
                foreach ($renameValues as $renameData) {
                    // Rename thumbnail
                    rename($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $file['name'] . (!empty($renameData['fthumb']) ? '.' . $renameData['fthumb'] : '') . '.' . $file['extension'], $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $newDir . '.' . $renameData['thumb'] . '.' . $file['extension']);
                }
                serendipity_updateImageInDatabase(array('thumbnail_name' => $renameValues[0]['thumb'], 'realname' => $newDir, 'name' => $newDir), $item_id);
                $oldDir = $file_old;
                $newDir = $file_new;
                $real_oldDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir;
                $real_newDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir;
                // Forward user to overview (we don't want the user's back button to rename things again)
            } else {
                if (!file_exists($oldfile)) {
                    echo ERROR_FILE_NOT_EXISTS;
                } elseif (file_exists($newfile)) {
                    echo ERROR_FILE_EXISTS;
                } else {
                    echo ERROR_SOMETHING;
                }
                return false;
            }
        }
    } elseif ($type == 'filedir') {
        serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images\n                                 SET path = '" . serendipity_db_escape_string($newDir) . "'\n                               WHERE id   = " . (int) $item_id);
        $pick = serendipity_db_query("SELECT * FROM  {$serendipity['dbPrefix']}images\n                               WHERE id   = " . (int) $item_id, true, 'assoc');
        // Move thumbs
        $oldfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir . $pick['name'] . '.' . $pick['extension'];
        $newfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir . $pick['name'] . '.' . $pick['extension'];
        $renameValues = array(array('from' => $oldfile, 'to' => $newfile, 'thumb' => $serendipity['thumbSuffix'], 'fthumb' => $pick['thumbnail_name'], 'oldDir' => $oldDir, 'newDir' => $newDir, 'type' => $type, 'item_id' => $item_id, 'file' => $file, 'name' => $pick['name']));
        serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
        // Rename file
        rename($renameValues[0]['from'], $renameValues[0]['to']);
        foreach ($renameValues as $renameData) {
            // Rename thumbnail
            rename($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir . $pick['name'] . (!empty($renameData['fthumb']) ? '.' . $renameData['fthumb'] : '') . '.' . $pick['extension'], $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir . $pick['name'] . '.' . $renameData['thumb'] . '.' . $pick['extension']);
        }
        $oldDir .= $pick['name'];
        $newDir .= $pick['name'];
    } elseif ($type == 'dir') {
        $renameValues = array(array('from' => $oldfile, 'to' => $newfile, 'thumb' => $serendipity['thumbSuffix'], 'fthumb' => $file['thumbnail_name'], 'oldDir' => $oldDir, 'newDir' => $newDir, 'type' => $type, 'item_id' => $item_id, 'file' => $file));
        serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
    }
    // Only MySQL supported, since I don't know how to use REGEXPs differently.
    if ($serendipity['dbType'] != 'mysql' && $serendipity['dbType'] != 'mysqli') {
        echo MEDIA_DIRECTORY_MOVE_ENTRY . '<br />';
        return true;
    }
    $q = "SELECT id, body, extended\n            FROM {$serendipity['dbPrefix']}entries\n           WHERE body     REGEXP '(src=|href=|window.open.)(\\'|\")(" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . "|" . serendipity_db_escape_string($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ")'\n              OR extended REGEXP '(src=|href=|window.open.)(\\'|\")(" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . "|" . serendipity_db_escape_string($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ")'\n    ";
    $dirs = serendipity_db_query($q);
    if (is_array($dirs)) {
        foreach ($dirs as $dir) {
            $dir['body'] = preg_replace('@(src=|href=|window.open.)(\'|")(' . preg_quote($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . '|' . preg_quote($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ')@', '\\1\\2' . $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $newDir, $dir['body']);
            $dir['extended'] = preg_replace('@(src=|href=|window.open.)(\'|")(' . preg_quote($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . '|' . preg_quote($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ')@', '\\1\\2' . $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $newDir, $dir['extended']);
            $uq = "UPDATE {$serendipity['dbPrefix']}entries\n                                     SET body     = '" . serendipity_db_escape_string($dir['body']) . "' ,\n                                         extended = '" . serendipity_db_escape_string($dir['extended']) . "'\n                                   WHERE id       = " . serendipity_db_escape_string($dir['id']);
            serendipity_db_query($uq);
        }
        printf(MEDIA_DIRECTORY_MOVE_ENTRIES . '<br />', count($dirs));
    }
    return true;
}
示例#22
0
 function import()
 {
     global $serendipity;
     // Save this so we can return it to its original value at the end of this method.
     $noautodiscovery = isset($serendipity['noautodiscovery']) ? $serendipity['noautodiscovery'] : false;
     if ($this->data['autodiscovery'] == 'false') {
         $serendipity['noautodiscovery'] = 1;
     }
     $this->getTransTable();
     $this->data['prefix'] = serendipity_db_escape_string($this->data['prefix']);
     $users = array();
     $categories = array();
     $entries = array();
     if (!extension_loaded('mysql')) {
         return MYSQL_REQUIRED;
     }
     $nucdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
     if (!$nucdb) {
         return sprintf(COULDNT_CONNECT, $this->data['host']);
     }
     if (!@mysql_select_db($this->data['name'])) {
         return sprintf(COULDNT_SELECT_DB, mysql_error($nucdb));
     }
     /* Users */
     $res = @$this->nativeQuery("SELECT mnumber AS ID, mname AS user_login, mpassword AS user_pass, memail AS user_email, madmin AS user_level FROM {$this->data['prefix']}member;", $nucdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_USER_INFO, mysql_error($nucdb));
     }
     for ($x = 0, $max_x = mysql_num_rows($res); $x < $max_x; $x++) {
         $users[$x] = mysql_fetch_assoc($res);
         $data = array('right_publish' => $users[$x]['user_level'] >= 1 ? 1 : 0, 'realname' => $users[$x]['user_login'], 'username' => $users[$x]['user_login'], 'email' => $users[$x]['user_email'], 'password' => $users[$x]['user_pass']);
         // Nucleus uses md5, too.
         if ($users[$x]['user_level'] < 1) {
             $data['userlevel'] = USERLEVEL_EDITOR;
         } else {
             $data['userlevel'] = USERLEVEL_ADMIN;
         }
         if ($serendipity['serendipityUserlevel'] < $data['userlevel']) {
             $data['userlevel'] = $serendipity['serendipityUserlevel'];
         }
         serendipity_db_insert('authors', $this->strtrRecursive($data));
         $users[$x]['authorid'] = serendipity_db_insert_id('authors', 'authorid');
     }
     /* Categories */
     $res = @$this->nativeQuery("SELECT catid AS cat_ID, cname AS cat_name, cdesc AS category_description FROM {$this->data['prefix']}category ORDER BY catid;", $nucdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_CATEGORY_INFO, mysql_error($nucdb));
     }
     // Get all the info we need
     for ($x = 0, $max_x = mysql_num_rows($res); $x < $max_x; $x++) {
         $categories[] = mysql_fetch_assoc($res);
     }
     // Insert all categories as top level (we need to know everyone's ID before we can represent the hierarchy).
     for ($x = 0, $max_x = sizeof($categories); $x < $max_x; $x++) {
         $cat = array('category_name' => $categories[$x]['cat_name'], 'category_description' => $categories[$x]['category_description'], 'parentid' => 0, 'category_left' => 0, 'category_right' => 0);
         serendipity_db_insert('category', $this->strtrRecursive($cat));
         $categories[$x]['categoryid'] = serendipity_db_insert_id('category', 'categoryid');
     }
     serendipity_rebuildCategoryTree();
     /* Entries */
     $res = @$this->nativeQuery("SELECT * FROM {$this->data['prefix']}item ORDER BY itime;", $nucdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_ENTRY_INFO, mysql_error($nucdb));
     }
     for ($x = 0, $max_x = mysql_num_rows($res); $x < $max_x; $x++) {
         $entries[$x] = mysql_fetch_assoc($res);
         $entry = array('title' => $this->decode($entries[$x]['ititle']), 'isdraft' => $entries[$x]['idraft'] != '1' ? 'false' : 'true', 'allow_comments' => $entries[$x]['iclosed'] == '1' ? 'false' : 'true', 'timestamp' => strtotime($entries[$x]['itime']), 'extended' => $this->strtr($entries[$x]['imore']), 'body' => $this->strtr($entries[$x]['ibody']));
         $entry['authorid'] = '';
         $entry['author'] = '';
         foreach ($users as $user) {
             if ($user['ID'] == $entries[$x]['iauthor']) {
                 $entry['authorid'] = $user['authorid'];
                 $entry['author'] = $user['realname'];
                 break;
             }
         }
         if (!is_int($entries[$x]['entryid'] = serendipity_updertEntry($entry))) {
             return $entries[$x]['entryid'];
         }
         /* Entry/category */
         foreach ($categories as $category) {
             if ($category['cat_ID'] == $entries[$x]['icat']) {
                 $data = array('entryid' => $entries[$x]['entryid'], 'categoryid' => $category['categoryid']);
                 serendipity_db_insert('entrycat', $this->strtrRecursive($data));
                 break;
             }
         }
     }
     /* Comments */
     $res = @$this->nativeQuery("SELECT * FROM {$this->data['prefix']}comment;", $nucdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_COMMENT_INFO, mysql_error($nucdb));
     }
     while ($a = mysql_fetch_assoc($res)) {
         foreach ($entries as $entry) {
             if ($entry['inumber'] == $a['citem']) {
                 $author = '';
                 $mail = '';
                 if (!empty($a['cmember'])) {
                     foreach ($users as $user) {
                         if ($user['ID'] == $a['cmember']) {
                             $author = $user['user_login'];
                             $mail = $user['user_email'];
                             break;
                         }
                     }
                 }
                 if (empty($author) && empty($mail)) {
                     $author = $a['cuser'];
                     $mail = $a['cmail'];
                 }
                 $comment = array('entry_id ' => $entry['entryid'], 'parent_id' => 0, 'timestamp' => strtotime($a['ctime']), 'author' => $author, 'email' => $mail, 'url' => $a['chost'], 'ip' => $a['cip'], 'status' => 'approved', 'body' => $a['cbody'], 'subscribed' => 'false', 'type' => 'NORMAL');
                 serendipity_db_insert('comments', $this->strtrRecursive($comment));
                 $cid = serendipity_db_insert_id('comments', 'id');
                 serendipity_approveComment($cid, $entry['entryid'], true);
             }
         }
     }
     $serendipity['noautodiscovery'] = $noautodiscovery;
     // That was fun.
     return true;
 }
/**
 * Cancel a subscription to an entry
 *
 * @access public
 * @param   string      E-Mail address to cancel subscription
 * @param   int         The entry ID to unsubscribe from
 * @return  int         Return number of unsubscriptions
 */
function serendipity_cancelSubscription($email, $entry_id)
{
    global $serendipity;
    $sql = "UPDATE {$serendipity['dbPrefix']}comments\n                SET subscribed = 'false'\n            WHERE entry_id = '" . (int) $entry_id . "'\n                AND email = '" . serendipity_db_escape_string($email) . "'";
    serendipity_db_query($sql);
    return serendipity_db_affected_rows();
}
 function addProperties(&$properties, &$eventData)
 {
     global $serendipity;
     // Get existing data
     $property = serendipity_fetchEntryProperties($eventData['id']);
     $supported_properties = serendipity_event_entryproperties::getSupportedProperties();
     // Cleanup properties first, if none disable_markups plugins were set, or a previous selected one was re-set
     if (is_array($serendipity['POST']['properties']) && !is_array($serendipity['POST']['properties']['disable_markups'])) {
         $q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int) $eventData['id'] . " AND property LIKE 'ep_disable_markup_%'";
         serendipity_db_query($q);
     }
     // Special case for input type checkbox entryproperties
     $reset_properties = array('is_sticky', 'no_frontpage', 'hiderss');
     foreach ($reset_properties as $property) {
         if (!isset($serendipity['POST']['propertyform']) && is_array($serendipity['POST']['properties']) && !in_array($property, $serendipity['POST']['properties'])) {
             $q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int) $eventData['id'] . " AND property = 'ep_{$property}'";
             serendipity_db_query($q);
         }
     }
     // Special case for disable markups.
     if (is_array($properties['disable_markups'])) {
         $q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int) $eventData['id'] . " AND property LIKE 'ep_disable_markup_%'";
         serendipity_db_query($q);
         foreach ($properties['disable_markups'] as $idx => $instance) {
             $supported_properties[] = 'disable_markup_' . $instance;
         }
     }
     serendipity_plugin_api::hook_event('backend_entryproperties', $supported_properties);
     foreach ($supported_properties as $prop_key) {
         // Do not delete a property if it is not subbmitted to this function, because serendipity_updertEntry
         // possibly only wants to update entry metadata and left out any specific properties, which need to be kept.
         // An empty string like "" will properly remove an entryproperty, and POST values will always set an array index to an empty string.
         // $serendipipty['POST']['propertyform'] will be set whenever the entryeditor was properly displayed and unticked checkboxes shall remain.
         // (Not for checkboxes, but checkboxes are not used for entryproperties) - (Edit: Well, actually we do have some, see reset special case checkboxed properties above!)
         if (!isset($properties[$prop_key]) && !isset($serendipity['POST']['propertyform'])) {
             continue;
         }
         $prop_val = isset($properties[$prop_key]) ? $properties[$prop_key] : null;
         $prop_key = 'ep_' . $prop_key;
         if (is_array($prop_val)) {
             $prop_val = ";" . implode(';', $prop_val) . ";";
         }
         $q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int) $eventData['id'] . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
         serendipity_db_query($q);
         if (!empty($prop_val)) {
             $q = "INSERT INTO {$serendipity['dbPrefix']}entryproperties (entryid, property, value) VALUES (" . (int) $eventData['id'] . ", '" . serendipity_db_escape_string($prop_key) . "', '" . serendipity_db_escape_string($prop_val) . "')";
             serendipity_db_query($q);
         }
     }
 }
 function event_hook($event, &$bag, &$eventData, $addData = null)
 {
     global $serendipity;
     static $login_url = null;
     if ($login_url === null) {
         $login_url = $serendipity['baseURL'] . $serendipity['indexFile'] . '?/plugin/loginbox';
     }
     $hooks =& $bag->get('event_hooks');
     if (isset($hooks[$event])) {
         switch ($event) {
             case 'frontend_saveComment':
                 if (!isset($serendipity['csuccess'])) {
                     $serendipity['csuccess'] = 'true';
                 }
                 if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn() && $addData['source2'] != 'adduser') {
                     $eventData = array('allow_comments' => false);
                     $serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
                     return false;
                 }
                 if (serendipity_db_bool($this->get_config('registered_only')) && !$this->inGroup() && $addData['source2'] != 'adduser') {
                     $eventData = array('allow_comments' => false);
                     $serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
                     return false;
                 }
                 if (serendipity_db_bool($this->get_config('true_identities')) && !serendipity_userLoggedIn()) {
                     $user = str_replace(" b", '', $addData['name']);
                     $user = serendipity_db_escape_string(preg_replace('@\\s+@', ' ', trim($user)));
                     $user = trim($user);
                     $authors = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}authors WHERE realname = '" . $user . "'");
                     if (is_array($authors) && isset($authors[0]['authorid'])) {
                         $eventData = array('allow_comments' => false);
                         $serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_CHECK_REASON, $login_url, 'onclick="javascript:loginbox = window.open(this.href, \'loginbox\', \'width=300,height=300,locationbar=no,menubar=no,personalbar=no,statusbar=yes,status=yes,toolbar=no\'); return false;"');
                     }
                 }
                 break;
             case 'external_plugin':
                 if ($eventData != 'loginbox') {
                     return true;
                 }
                 $out = array();
                 serendipity_plugin_api::hook_event('backend_login_page', $out);
                 serendipity_smarty_init();
                 $serendipity['smarty']->assign(array('loginform_add' => $out, 'loginform_url' => $login_url, 'loginform_user' => $_SESSION['serendipityUser'], 'loginform_mail' => $_SESSION['serendipityEmail'], 'close_window' => defined('LOGIN_ACTION'), 'is_logged_in' => serendipity_userLoggedIn(), 'is_error' => defined('LOGIN_ERROR')));
                 $filename = 'loginbox.tpl';
                 $tfile = serendipity_getTemplateFile($filename, 'serendipityPath');
                 if (!$tfile || $tfile == $filename) {
                     $tfile = dirname(__FILE__) . '/' . $filename;
                 }
                 $inclusion = $serendipity['smarty']->security_settings[INCLUDE_ANY];
                 $serendipity['smarty']->security_settings[INCLUDE_ANY] = true;
                 $serendipity['smarty']->display($tfile);
                 break;
             case 'frontend_display':
                 if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn()) {
                     $serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_ONLY_REASON, $serendipity['baseURL'] . $serendipity['indexFile'] . '?serendipity[subpage]=adduser', $serendipity['baseURL'] . 'serendipity_admin.php');
                     $eventData['allow_comments'] = false;
                 }
                 break;
             case 'frontend_configure':
                 if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) {
                     serendipity_login();
                     if (serendipity_userLoggedIn()) {
                         define('LOGIN_ACTION', 'login');
                         header('X-s9y-auth: Login');
                     } else {
                         define('LOGIN_ERROR', true);
                     }
                 } elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) {
                     serendipity_logout();
                     if (!serendipity_userLoggedIn()) {
                         header('X-s9y-auth: Logout');
                         define('LOGIN_ACTION', 'logout');
                     }
                 }
                 if ((serendipity_db_bool($this->get_config('registered_only')) || serendipity_db_bool($this->get_config('true_identities'))) && $_SESSION['serendipityAuthedUser']) {
                     if (defined('IN_serendipity_admin') && $serendipity['GET']['adminAction'] == 'doEdit') {
                         // void
                     } else {
                         $serendipity['COOKIE']['name'] = isset($_SESSION['serendipityRealname']) ? $_SESSION['serendipityRealname'] : $_SESSION['serendipityUser'];
                         $serendipity['COOKIE']['email'] = $_SESSION['serendipityEmail'];
                         if ($serendipity['POST']['comment']) {
                             $serendipity['POST']['name'] = $serendipity['COOKIE']['name'];
                             $serendipity['POST']['email'] = $serendipity['COOKIE']['email'];
                         }
                     }
                 }
                 return true;
                 break;
             case 'entry_display':
                 if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation']) || !empty($this->clean_page)) {
                     if (is_array($eventData)) {
                         $eventData['clean_page'] = true;
                     }
                 }
                 break;
             case 'entries_header':
                 if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation'])) {
                     $this->clean_page = true;
                     $url = $serendipity['baseURL'] . $serendipity['indexFile'];
                     $hidden['subpage'] = 'adduser';
                     $username = substr($serendipity['POST']['adduser_user'], 0, 40);
                     $password = substr($serendipity['POST']['adduser_pass'], 0, 32);
                     $email = $serendipity['POST']['adduser_email'];
                     echo '<div id="adduser_form" style="padding-left: 4px; padding-right: 10px"><a id="adduser"></a>';
                     // Get the config from the sidebar plugin
                     $pair_config = array('userlevel' => USERLEVEL_EDITOR, 'no_create' => false, 'right_publish' => false, 'instructions' => $this->get_config('instructions', ''), 'usergroups' => array(), 'straight_insert' => false, 'approve' => false, 'use_captcha' => false);
                     $config = serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}config WHERE name LIKE 'serendipity_plugin_adduser:%'");
                     if (is_array($config)) {
                         foreach ($config as $conf) {
                             $names = explode('/', $conf['name']);
                             if ($names[1] == 'instructions' && !empty($pair_config['instructions'])) {
                                 continue;
                             }
                             if ($names[1] == 'usergroups') {
                                 $ug = (array) explode(',', $conf['value']);
                                 foreach ($ug as $cid) {
                                     if ($cid === false || empty($cid)) {
                                         continue;
                                     }
                                     $pair_config[$names[1]][$cid] = $cid;
                                 }
                             } else {
                                 $pair_config[$names[1]] = serendipity_get_bool($conf['value']);
                             }
                         }
                     }
                     if (!serendipity_common_adduser::adduser($username, $password, $email, $pair_config['userlevel'], $pair_config['usergroups'], $pair_config['no_create'], $pair_config['right_publish'], $pair_config['straight_insert'], $pair_config['approve'], $pair_config['use_captcha'])) {
                         serendipity_common_adduser::loginform($url, $hidden, $pair_config['instructions'], $username, $password, $email, $pair_config['use_captcha']);
                     }
                     echo '</div>';
                 }
                 return true;
                 break;
             default:
                 return false;
         }
     } else {
         return false;
     }
 }
 /**
  * Gets an image ID based on the URL
  * 
  * The URL can be in the form:
  * 
  *     <maybe-something-here>/uploads/fireworks.jpg
  *   or
  *     <maybe-something-here>/templates_c/mediacache/cache_img1_300_300
  * 
  * The first example will cause the database to be queried. In the second 
  * example the image ID will be extracted directly from the URL
  * 
  * @param string The image URL
  * @return mixed An image ID if the URL could be matched, or false if the URL could not be matched
  */
 function getImageIdByUrl($url)
 {
     global $serendipity;
     if (preg_match('#.*templates_c/mediacache/cache_img(\\d+)_(\\d*)_(\\d*)#i', $url, $m)) {
         $imageId = $m[1];
     } else {
         if (preg_match('#.*uploads(.*/)([^/]+)\\.([a-z0-9]+)#i', $url, $m)) {
             $name = serendipity_db_escape_string($m[2]);
             $extension = serendipity_db_escape_string($m[3]);
             $path = serendipity_db_escape_string(ltrim($m[1], '/'));
             $sql = "SELECT id FROM {$serendipity['dbPrefix']}images WHERE name = '%s' AND extension = '%s' AND path = '%s'";
             $sql = sprintf($sql, $name, $extension, $path);
             $row = serendipity_db_query($sql, true);
             $imageId = $row['id'];
         } else {
             //We got an unrecognised url so return false
             $imageId = false;
         }
     }
     return $imageId;
 }
示例#27
0
 function import()
 {
     global $serendipity;
     // Save this so we can return it to its original value at the end of this method.
     $noautodiscovery = isset($serendipity['noautodiscovery']) ? $serendipity['noautodiscovery'] : false;
     if ($this->data['autodiscovery'] == 'false') {
         $serendipity['noautodiscovery'] = 1;
     }
     $this->getTransTable();
     $this->data['prefix'] = serendipity_db_escape_string($this->data['prefix']);
     $users = array();
     $categories = array();
     $entries = array();
     if (!extension_loaded('mysqli')) {
         return MYSQL_REQUIRED;
     }
     $pmdb = @mysqli_connect($this->data['host'], $this->data['user'], $this->data['pass']);
     if (!$pmdb || mysqli_connect_error()) {
         return sprintf(COULDNT_CONNECT, serendipity_specialchars($this->data['host']));
     }
     if (!@mysqli_select_db($pmdb, $this->data['name'])) {
         return sprintf(COULDNT_SELECT_DB, mysqli_error($pmdb));
     }
     /* Users */
     $res = @$this->nativeQuery("SELECT id         AS ID,\n                                    username   AS user_login,\n                                    `password` AS user_pass,\n                                    email      AS user_email,\n                                    status     AS user_level,\n                                    url        AS url\n                               FROM {$this->data['prefix']}members", $pmdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_USER_INFO, mysqli_error($pmdb));
     }
     for ($x = 0, $max_x = mysqli_num_rows($res); $x < $max_x; $x++) {
         $users[$x] = mysqli_fetch_assoc($res);
         $data = array('right_publish' => $users[$x]['user_level'] >= 3 ? 1 : 0, 'realname' => $users[$x]['user_login'], 'username' => $users[$x]['user_login'], 'email' => $users[$x]['user_email'], 'password' => $users[$x]['user_pass']);
         // pMachine uses md5, too.
         if ($users[$x]['user_level'] < 12) {
             $data['userlevel'] = USERLEVEL_EDITOR;
         } else {
             $data['userlevel'] = USERLEVEL_ADMIN;
         }
         if ($serendipity['serendipityUserlevel'] < $data['userlevel']) {
             $data['userlevel'] = $serendipity['serendipityUserlevel'];
         }
         serendipity_db_insert('authors', $this->strtrRecursive($data));
         $users[$x]['authorid'] = serendipity_db_insert_id('authors', 'authorid');
     }
     /* Categories */
     $res = @$this->nativeQuery("SELECT id       AS cat_ID,\n                                    category AS cat_name,\n                                    category AS category_description\n                               FROM {$this->data['prefix']}categories ORDER BY id", $pmdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_CATEGORY_INFO, mysqli_error($pmdb));
     }
     // Get all the info we need
     for ($x = 0, $max_x = mysqli_num_rows($res); $x < $max_x; $x++) {
         $categories[] = mysqli_fetch_assoc($res);
     }
     // Insert all categories as top level (we need to know everyone's ID before we can represent the hierarchy).
     for ($x = 0, $max_x = sizeof($categories); $x < $max_x; $x++) {
         $cat = array('category_name' => $categories[$x]['cat_name'], 'category_description' => $categories[$x]['category_description'], 'parentid' => 0, 'category_left' => 0, 'category_right' => 0);
         serendipity_db_insert('category', $this->strtrRecursive($cat));
         $categories[$x]['categoryid'] = serendipity_db_insert_id('category', 'categoryid');
     }
     serendipity_rebuildCategoryTree();
     /* Entries */
     $res = @$this->nativeQuery("SELECT * FROM {$this->data['prefix']}weblog ORDER BY t_stamp;", $pmdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_ENTRY_INFO, mysqli_error($pmdb));
     }
     for ($x = 0, $max_x = mysqli_num_rows($res); $x < $max_x; $x++) {
         $entries[$x] = mysqli_fetch_assoc($res);
         $entry = array('title' => $this->decode($entries[$x]['title']), 'isdraft' => $entries[$x]['status'] == 'open' ? 'false' : 'true', 'allow_comments' => $entries[$x]['showcomments'] == '1' ? 'true' : 'false', 'timestamp' => $entries[$x]['t_stamp'], 'extended' => $this->strtr($entries[$x]['more']), 'body' => $this->strtr($entries[$x]['body']));
         $entry['authorid'] = '';
         $entry['author'] = '';
         foreach ($users as $user) {
             if ($user['ID'] == $entries[$x]['member_id']) {
                 $entry['authorid'] = $user['authorid'];
                 $entry['author'] = $user['username'];
                 break;
             }
         }
         if (!is_int($entries[$x]['entryid'] = serendipity_updertEntry($entry))) {
             return $entries[$x]['entryid'];
         }
         /* Entry/category */
         foreach ($categories as $category) {
             if ($category['cat_ID'] == $entries[$x]['category']) {
                 $data = array('entryid' => $entries[$x]['entryid'], 'categoryid' => $category['categoryid']);
                 serendipity_db_insert('entrycat', $this->strtrRecursive($data));
                 break;
             }
         }
     }
     /* Comments */
     $res = @$this->nativeQuery("SELECT * FROM {$this->data['prefix']}comments;", $pmdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_COMMENT_INFO, mysqli_error($pmdb));
     }
     while ($a = mysqli_fetch_assoc($res)) {
         foreach ($entries as $entry) {
             if ($entry['post_id'] == $a['post_id']) {
                 $author = '';
                 $mail = '';
                 $url = '';
                 if (!empty($a['member_id'])) {
                     foreach ($users as $user) {
                         if ($user['ID'] == $a['member_id']) {
                             $author = $user['user_login'];
                             $mail = $user['user_email'];
                             $url = $user['url'];
                             break;
                         }
                     }
                 }
                 $comment = array('entry_id ' => $entry['entryid'], 'parent_id' => 0, 'timestamp' => $a['t_stamp'], 'author' => $author, 'email' => $mail, 'url' => $url, 'ip' => $a['comment_ip'], 'status' => $a['status'] == 'open' ? 'approved' : 'pending', 'body' => $a['body'], 'subscribed' => 'false', 'type' => 'NORMAL');
                 serendipity_db_insert('comments', $this->strtrRecursive($comment));
                 if ($a['status'] == 'open') {
                     $cid = serendipity_db_insert_id('comments', 'id');
                     serendipity_approveComment($cid, $entry['entryid'], true);
                 }
             }
         }
     }
     $serendipity['noautodiscovery'] = $noautodiscovery;
     // That was fun.
     return true;
 }
    function event_hook($event, &$bag, &$eventData, $addData = null)
    {
        global $serendipity;
        $hooks =& $bag->get('event_hooks');
        if (isset($hooks[$event])) {
            switch ($event) {
                case 'genpage':
                    $args = implode('/', serendipity_getUriArguments($eventData, true));
                    if ($serendipity['rewrite'] != 'none') {
                        $nice_url = $serendipity['serendipityHTTPPath'] . $args;
                    } else {
                        $nice_url = $serendipity['serendipityHTTPPath'] . $serendipity['indexFile'] . '?/' . $args;
                    }
                    $myi = strpos($nice_url, '?');
                    if ($myi != 0 && $serendipity['rewrite'] != 'none') {
                        $nice_url2 = substr($nice_url, $myi + 1);
                    }
                    $myi = strpos($nice_url, '?');
                    if ($myi != 0 && $serendipity['rewrite'] != 'none') {
                        $nice_url = substr($nice_url, 0, $myi);
                    }
                    $myi = strpos($nice_url, '&');
                    if ($myi != 0 && $serendipity['rewrite'] != 'none') {
                        $nice_url = substr($nice_url, 0, $myi);
                    }
                    $myi = strpos($nice_url2, '&');
                    if ($myi != 0 && $serendipity['rewrite'] != 'none') {
                        $nice_url2 = substr($nice_url2, 0, $myi);
                    }
                    $query = "SELECT entryid FROM {$serendipity['dbPrefix']}entryproperties WHERE property = 'permalink'\n                                     AND value IN ('" . serendipity_db_escape_string($nice_url) . "', '/" . serendipity_db_escape_string($nice_url) . "',\n                                                   '" . serendipity_db_escape_string($nice_url2) . "', '/" . serendipity_db_escape_string($nice_url2) . "')";
                    $retid = serendipity_db_query($query);
                    if (is_array($retid) && !empty($retid[0]['entryid'])) {
                        $this->show($retid[0]['entryid']);
                    }
                    break;
                case 'entry_display':
                    $ids = array();
                    if (!is_array($eventData)) {
                        return true;
                    }
                    foreach ($eventData as $entry) {
                        $ids[] = $entry['id'];
                    }
                    $query = "SELECT entryid,value FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid IN (" . implode(', ', $ids) . ") AND property = 'permalink'";
                    $retval = serendipity_db_query($query);
                    if (is_array($retval)) {
                        foreach ((array) $retval as $pl) {
                            $this->ids[$pl['entryid']] = $pl['value'];
                        }
                    }
                    break;
                case 'frontend_display:html:per_entry':
                    if (isset($this->ids[$eventData['id']]) && stristr($this->ids[$eventData['id']], '/' . UNKNOWN) === FALSE) {
                        $eventData['link'] = $this->ids[$eventData['id']];
                        $urldata = parse_url($serendipity['baseURL']);
                        $eventData['rdf_ident'] = $urldata['scheme'] . '://' . $urldata['host'] . $this->ids[$eventData['id']];
                    }
                    break;
                case 'backend_display':
                    $permalink = !empty($serendipity['POST']['permalink']) ? $serendipity['POST']['permalink'] : '';
                    if (!empty($eventData['id']) && empty($permalink)) {
                        $query = "SELECT value FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = '" . $eventData['id'] . "' AND property = 'permalink'";
                        $retval = serendipity_db_query($query);
                        if (is_array($retval) && !empty($retval[0]['value'])) {
                            $permalink = $retval[0]['value'];
                        }
                    }
                    $title = $eventData['title'];
                    if (empty($title)) {
                        $title = UNKNOWN;
                    }
                    if (empty($permalink)) {
                        $permalink = $serendipity['rewrite'] != 'none' ? $serendipity['serendipityHTTPPath'] . 'permalink/' . serendipity_makeFilename($title) . '.html' : $serendipity['serendipityHTTPPath'] . $serendipity['indexFile'] . '?/permalink/' . serendipity_makeFilename($title) . '.html';
                    }
                    ?>
                    <fieldset style="margin: 5px">
                        <legend><?php 
                    echo PLUGIN_EVENT_CUSTOM_PERMALINKS_PL;
                    ?>
</legend>
                            <div><?php 
                    echo PLUGIN_EVENT_CUSTOM_PERMALINKS_PL_DESC;
                    ?>
<br /><br /></div>
                            <label for="permalink" title="<?php 
                    echo htmlentities(PLUGIN_EVENT_CUSTOM_PERMALINKS_PL, ENT_COMPAT, LANG_CHARSET);
                    ?>
"><?php 
                    echo PLUGIN_EVENT_CUSTOM_PERMALINKS_PL;
                    ?>
:</label> <input class="input_textbox" type="text" style="width: 60%" name="serendipity[permalink]" id="permalink" value="<?php 
                    echo function_exists('serendipity_specialchars') ? serendipity_specialchars($permalink) : htmlspecialchars($permalink, ENT_COMPAT, LANG_CHARSET);
                    ?>
" />
                    </fieldset>
<?php 
                    return true;
                    break;
                case 'backend_publish':
                case 'backend_save':
                    if (!isset($serendipity['POST']['permalink']) || !isset($eventData['id'])) {
                        return true;
                    }
                    serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = '" . $eventData['id'] . "' AND property = 'permalink'");
                    serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}entryproperties (entryid, value, property) VALUES ('" . $eventData['id'] . "', '" . serendipity_db_escape_string($serendipity['POST']['permalink']) . "', 'permalink')");
                    return true;
                    break;
                default:
                    return false;
                    break;
            }
        } else {
            return false;
        }
    }
示例#29
0
 function import()
 {
     global $serendipity;
     // Save this so we can return it to its original value at the end of this method.
     $noautodiscovery = isset($serendipity['noautodiscovery']) ? $serendipity['noautodiscovery'] : false;
     if ($this->data['autodiscovery'] == 'false') {
         $serendipity['noautodiscovery'] = 1;
     }
     $this->getTransTable();
     $this->data['prefix'] = serendipity_db_escape_string($this->data['prefix']);
     $users = array();
     $entries = array();
     if (!extension_loaded('mysql')) {
         return MYSQL_REQUIRED;
     }
     $sunlogdb = @mysql_connect($this->data['host'], $this->data['user'], $this->data['pass']);
     if (!$sunlogdb) {
         return sprintf(COULDNT_CONNECT, $this->data['host']);
     }
     if (!@mysql_select_db($this->data['name'])) {
         return sprintf(COULDNT_SELECT_DB, mysql_error($sunlogdb));
     }
     /* Users */
     $res = @$this->nativeQuery("SELECT id         AS ID,\n                                    name       AS user_login,\n                                    email      AS user_email,\n                                    homepage   AS user_url\n                               FROM {$this->data['prefix']}users", $sunlogdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_USER_INFO, mysql_error($sunlogdb));
     }
     for ($x = 0, $max_x = mysql_num_rows($res); $x < $max_x; $x++) {
         $users[$x] = mysql_fetch_assoc($res);
         $data = array('right_publish' => 1, 'realname' => $users[$x]['user_login'], 'username' => $users[$x]['user_login'], 'email' => $users[$x]['user_email'], 'userlevel' => USERLEVEL_ADMIN, 'password' => md5('sunlog'));
         if ($serendipity['serendipityUserlevel'] < $data['userlevel']) {
             $data['userlevel'] = $serendipity['serendipityUserlevel'];
         }
         serendipity_db_insert('authors', $this->strtrRecursive($data));
         echo mysql_error();
         $users[$x]['authorid'] = serendipity_db_insert_id('authors', 'authorid');
     }
     /* Categories */
     if (!$this->importCategories(null, 0, $sunlogdb)) {
         return sprintf(COULDNT_SELECT_CATEGORY_INFO, mysql_error($sunlogdb));
     }
     serendipity_rebuildCategoryTree();
     /* Entries */
     $res = @$this->nativeQuery("SELECT * FROM {$this->data['prefix']}articles ORDER BY id;", $sunlogdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_ENTRY_INFO, mysql_error($sunlogdb));
     }
     for ($x = 0, $max_x = mysql_num_rows($res); $x < $max_x; $x++) {
         $entries[$x] = mysql_fetch_assoc($res);
         $entry = array('title' => $this->decode($entries[$x]['title']), 'isdraft' => $entries[$x]['draft'] == '0' ? 'false' : 'true', 'allow_comments' => $entries[$x]['c_comments'] == '1' ? 'true' : 'false', 'timestamp' => strtotime($entries[$x]['timestamp']), 'body' => $this->strtr($entries[$x]['lead_converted']), 'extended' => $this->strtr($entries[$x]['article_converted']));
         $entry['authorid'] = '';
         $entry['author'] = '';
         foreach ($users as $user) {
             if ($user['ID'] == $entries[$x]['author']) {
                 $entry['authorid'] = $user['authorid'];
                 $entry['author'] = $user['user_login'];
                 break;
             }
         }
         if (!is_int($entries[$x]['entryid'] = serendipity_updertEntry($entry))) {
             return $entries[$x]['entryid'];
         }
     }
     /* Even more category stuff */
     $res = @$this->nativeQuery("SELECT * FROM {$this->data['prefix']}transfer_c;", $sunlogdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_CATEGORY_INFO, mysql_error($sunlogdb));
     }
     for ($x = 0, $max_x = mysql_num_rows($res); $x < $max_x; $x++) {
         $entrycat = mysql_fetch_assoc($res);
         $entryid = 0;
         $categoryid = 0;
         foreach ($entries as $entry) {
             if ($entry['id'] == $entrycat['article']) {
                 $entryid = $entry['entryid'];
                 break;
             }
         }
         foreach ($this->categories as $category) {
             if ($category['id'] == $entrycat['category']) {
                 $categoryid = $category['categoryid'];
             }
         }
         if ($entryid > 0 && $categoryid > 0) {
             $data = array('entryid' => $entryid, 'categoryid' => $categoryid);
             serendipity_db_insert('entrycat', $this->strtrRecursive($data));
         }
     }
     /* Comments */
     $res = @$this->nativeQuery("SELECT * FROM {$this->data['prefix']}c_comments;", $sunlogdb);
     if (!$res) {
         return sprintf(COULDNT_SELECT_COMMENT_INFO, mysql_error($sunlogdb));
     }
     while ($a = mysql_fetch_assoc($res)) {
         foreach ($entries as $entry) {
             if ($entry['id'] == $a['for_entry']) {
                 $author = '';
                 $mail = '';
                 $url = '';
                 foreach ($users as $user) {
                     if ($user['ID'] == $a['user']) {
                         $author = $user['user_login'];
                         $mail = $user['user_email'];
                         $url = $user['user_url'];
                         break;
                     }
                 }
                 $comment = array('entry_id ' => $entry['entryid'], 'parent_id' => 0, 'timestamp' => strtotime($a['insertdate']), 'author' => $author, 'email' => $mail, 'url' => $url, 'ip' => '', 'status' => 'approved', 'body' => $a['comment'], 'subscribed' => 'false', 'type' => 'NORMAL');
                 serendipity_db_insert('comments', $this->strtrRecursive($comment));
                 $cid = serendipity_db_insert_id('comments', 'id');
                 serendipity_approveComment($cid, $entry['entryid'], true);
             }
         }
     }
     $serendipity['noautodiscovery'] = $noautodiscovery;
     // That was fun.
     return true;
 }
示例#30
0
 /**
  * Set cache information about a plugin
  *
  * @access public
  * @param   mixed       Either an plugin object or a plugin information array that holds the information about the plugin
  * @param   string      The filename of the plugin
  * @param   object      The property bag object bundled with the plugin
  * @param   array       Previous/additional information about the plugin
  * @param   string      The location/type of a plugin (local|spartacus)
  * @return
  */
 function &setPluginInfo(&$plugin, &$pluginFile, &$bag, &$class_data, $pluginlocation = 'local')
 {
     global $serendipity;
     static $dbfields = array('plugin_file', 'class_name', 'plugin_class', 'pluginPath', 'name', 'description', 'version', 'upgrade_version', 'plugintype', 'pluginlocation', 'stackable', 'author', 'requirements', 'website', 'last_modified');
     serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}pluginlist WHERE plugin_file = '" . serendipity_db_escape_string($pluginFile) . "' AND pluginlocation = '" . serendipity_db_escape_string($pluginlocation) . "'");
     if (!empty($pluginFile) && file_exists($pluginFile)) {
         $lastModified = filemtime($pluginFile);
     } else {
         $lastModified = 0;
     }
     if (is_object($plugin)) {
         $data = array('class_name' => get_class($plugin), 'stackable' => $bag->get('stackable'), 'name' => $bag->get('name'), 'description' => $bag->get('description'), 'author' => $bag->get('author'), 'version' => $bag->get('version'), 'upgrade_version' => isset($class_data['upgrade_version']) ? $class_data['upgrade_version'] : $bag->get('version'), 'requirements' => serialize($bag->get('requirements')), 'website' => $bag->get('website'), 'plugin_class' => $class_data['name'], 'pluginPath' => $class_data['pluginPath'], 'plugin_file' => $pluginFile, 'pluginlocation' => $pluginlocation, 'plugintype' => $serendipity['GET']['type'], 'last_modified' => $lastModified);
         $groups = $bag->get('groups');
     } elseif (is_array($plugin)) {
         $data = $plugin;
         $groups = $data['groups'];
         unset($data['installable']);
         unset($data['true_name']);
         unset($data['customURI']);
         unset($data['groups']);
         if (isset($data['pluginpath'])) {
             $data['pluginPath'] = $data['pluginpath'];
         }
         $data['requirements'] = serialize($data['requirements']);
     }
     if (!isset($data['stackable']) || empty($data['stackable'])) {
         $data['stackable'] = '0';
     }
     if (!isset($data['last_modified'])) {
         $data['last_modified'] = $lastModified;
     }
     // Only insert data keys that exist in the DB.
     $insertdata = array();
     foreach ($dbfields as $field) {
         $insertdata[$field] = $data[$field];
     }
     if ($data['upgradable']) {
         serendipity_db_query("UPDATE {$serendipity['dbPrefix']}pluginlist\n                                     SET upgrade_version = '" . serendipity_db_escape_string($data['upgrade_version']) . "'\n                                   WHERE plugin_class    = '" . serendipity_db_escape_string($data['plugin_class']) . "'");
     }
     serendipity_db_insert('pluginlist', $insertdata);
     serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}plugincategories WHERE class_name = '" . serendipity_db_escape_string($data['class_name']) . "'");
     foreach ((array) $groups as $group) {
         if (empty($group)) {
             continue;
         }
         $cat = array('class_name' => $data['class_name'], 'category' => $group);
         serendipity_db_insert('plugincategories', $cat);
     }
     $data['groups'] = $groups;
     return $data;
 }