$content = $val->sanitizePost('content' . $section_id);
// for non-admins only
if (!CAT_Users::getInstance()->ami_group_member(1)) {
// if HTMLPurifier is enabled...
$r = $backend->db()->get_one('SELECT * FROM `' . CAT_TABLE_PREFIX . 'mod_wysiwyg_admin_v2` WHERE set_name="enable_htmlpurifier" AND set_value="1"');
if ($r) {
// use HTMLPurifier to clean up the output
$content = CAT_Helper_Protect::getInstance()->purify($content, array('Core.CollectErrors' => true));
}
} else {
$content = $val->add_slashes($content);
}
/**
* searching in $text will be much easier this way
*/
$text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0);
/**
* save
**/
$query = "REPLACE INTO `" . CAT_TABLE_PREFIX . "mod_wysiwyg` VALUES ( '{$section_id}', {$page_id}, '{$content}', '{$text}' );";
$backend->db()->query($query);
if ($backend->db()->isError()) {
trigger_error(sprintf('[%s - %s] %s', __FILE__, __LINE__, $backend->db()->getError()), E_USER_ERROR);
}
$edit_page = CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id . '#' . SEC_ANCHOR . $section_id;
// Check if there is a database error, otherwise say successful
if ($backend->db()->isError()) {
$backend->print_error($backend->db()->getError(), $js_back);
} else {
$backend->print_success('Page saved successfully', $edit_page);
}
function prepare_excerpts($excerpt_array, $search_words, $max_excerpt_num)
{
// excerpts: text before and after a single excerpt, html-tag for markup
$EXCERPT_BEFORE = '... ';
$EXCERPT_AFTER = ' ...<br />';
$EXCERPT_MARKUP_START = '<b>';
$EXCERPT_MARKUP_END = '</b>';
// remove duplicate matches from $excerpt_array, if any.
$excerpt_array = array_unique($excerpt_array);
// use the first $max_excerpt_num excerpts only
if (count($excerpt_array) > $max_excerpt_num) {
$excerpt_array = array_slice($excerpt_array, 0, $max_excerpt_num);
}
// prepare search-string
$string = "(" . implode("|", $search_words) . ")";
// we want markup on search-results page,
// but we need some 'magic' to prevent <br />, <b>... from being highlighted
$excerpt = '';
foreach ($excerpt_array as $str) {
$excerpt .= '#,,#' . preg_replace("/({$string})/i", "#,,,,#\$1#,,,,,#", $str) . '#,,,#';
}
$excerpt = str_replace(array('&', '<', '>', '"', '\'', " "), array('&', '<', '>', '"', ''', ' '), $excerpt);
$excerpt = str_replace(array('#,,,,#', '#,,,,,#'), array($EXCERPT_MARKUP_START, $EXCERPT_MARKUP_END), $excerpt);
$excerpt = str_replace(array('#,,#', '#,,,#'), array($EXCERPT_BEFORE, $EXCERPT_AFTER), $excerpt);
// prepare to write out
if (DEFAULT_CHARSET != 'utf-8') {
$excerpt = umlauts_to_entities($excerpt, 'UTF-8');
}
return $excerpt;
}
/**
*
* @staticvar boolean $string_ul_umlaut
* @staticvar boolean $string_ul_regex
* @param string $foo
* @param array $arr_string
* @return string
*/
function search_highlight($foo = '', $arr_string = array())
{
require_once WB_PATH . '/framework/functions.php';
static $string_ul_umlaut = FALSE;
static $string_ul_regex = FALSE;
if ($string_ul_umlaut === FALSE || $string_ul_regex === FALSE) {
require WB_PATH . '/search/search_convert.php';
}
$foo = entities_to_umlauts($foo, 'UTF-8');
array_walk($arr_string, create_function('&$v,$k', '$v = preg_quote($v, \'~\');'));
$search_string = implode("|", $arr_string);
$string = str_replace($string_ul_umlaut, $string_ul_regex, $search_string);
// the highlighting
// match $string, but not inside <style>...</style>, <script>...</script>, <!--...--> or HTML-Tags
// Also droplet tags are now excluded from highlighting.
// split $string into pieces - "cut away" styles, scripts, comments, HTML-tags and eMail-addresses
// we have to cut <pre> and <code> as well.
// for HTML-Tags use <(?:[^<]|<.*>)*> which will match strings like <input ... value="<b>value</b>" >
$matches = preg_split("~(\\[\\[.*\\]\\]|<style.*</style>|<script.*</script>|<pre.*</pre>|<code.*</code>|<!--.*-->|<(?:[^<]|<.*>)*>|\\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,8}\\b)~iUs", $foo, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
if (is_array($matches) && $matches != array()) {
$foo = "";
foreach ($matches as $match) {
if ($match[0] != "<" && !preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,8}$/i', $match) && !preg_match('~\\[\\[.*\\]\\]~', $match)) {
$match = str_replace(array('<', '>', '&', '"', ''', ' '), array('<', '>', '&', '"', '\'', " "), $match);
$match = preg_replace('~(' . $string . ')~ui', '_span class=_highlight__$1_/span_', $match);
$match = str_replace(array('&', '<', '>', '"', '\'', " "), array('&', '<', '>', '"', ''', ' '), $match);
$match = str_replace(array('_span class=_highlight__', '_/span_'), array('<span class="highlight">', '</span>'), $match);
}
$foo .= $match;
}
}
if (DEFAULT_CHARSET != 'utf-8') {
$foo = umlauts_to_entities($foo, 'UTF-8');
}
return $foo;
}
/**
* Prepare the search before really executing
*
* @access protected
*/
protected function prepareSearch()
{
global $wb;
$search_entities_string = '';
// for SQL's LIKE
$search_display_string = '';
// for displaying
$search_url_string = '';
// for $_GET -- ATTN: unquoted! Will become urldecoded later
$string = '';
if (isset($_REQUEST[REQUEST_SEARCH_STRING])) {
if ($this->search_type != SEARCH_TYPE_EXACT) {
// remove all comma's
$string = str_replace(',', '', $_REQUEST[REQUEST_SEARCH_STRING]);
} else {
$string = $_REQUEST[REQUEST_SEARCH_STRING];
}
// redo possible magic quotes
$string = stripslashes($string);
$string = preg_replace('/[ \\r\\n\\t]+/', ' ', $string);
$string = trim($string);
// remove some bad chars
$string = str_replace(array('[[', ']]'), '', $string);
$string = preg_replace('/(^|\\s+)[|.]+(?=\\s+|$)/', '', $string);
$search_display_string = htmlspecialchars($string);
$search_entities_string = addslashes(umlauts_to_entities(htmlspecialchars($string)));
// mySQL needs four backslashes to match one in LIKE comparisons)
$search_entities_string = str_replace('\\\\', '\\\\\\\\', $search_entities_string);
// convert string to utf-8
$string = entities_to_umlauts($string, 'UTF-8');
$search_url_string = $string;
$search_entities_string = addslashes(htmlentities($string, ENT_COMPAT, 'UTF-8'));
// mySQL needs four backslashes to match one in LIKE comparisons)
$search_entities_string = str_replace('\\\\', '\\\\\\\\', $search_entities_string);
$string = preg_quote($string);
// quote ' " and / -we need quoted / for regex
$this->search_string = str_replace(array('\'', '"', '/'), array('\\\'', '\\"', '\\/'), $string);
}
// make arrays from the search_..._strings above
if ($this->search_type == SEARCH_TYPE_EXACT) {
$this->search_url_array[] = $search_url_string;
} else {
$this->search_url_array = explode(' ', $search_url_string);
}
$search_normal_array = array();
$this->search_entities_array = array();
if ($this->search_type == SEARCH_TYPE_EXACT) {
$search_normal_array[] = $this->search_string;
$this->search_entities_array[] = $search_entities_string;
} else {
$exploded_string = explode(' ', $this->search_string);
// Make sure there is no blank values in the array
foreach ($exploded_string as $each_exploded_string) {
if ($each_exploded_string != '') {
$search_normal_array[] = $each_exploded_string;
}
}
$exploded_string = explode(' ', $search_entities_string);
// Make sure there is no blank values in the array
foreach ($exploded_string as $each_exploded_string) {
if ($each_exploded_string != '') {
$this->search_entities_array[] = $each_exploded_string;
}
}
}
// make an extra copy of search_normal_array for use in regex
$this->search_words = array();
// include the translation tables for special chars
$search_language = $this->search_language;
include_once LEPTON_PATH . '/modules/' . basename(dirname(__FILE__)) . '/search.convert.php';
global $search_table_umlauts_local;
include_once LEPTON_PATH . '/modules/' . basename(dirname(__FILE__)) . '/search.convert.umlaute.php';
global $search_table_ul_umlauts;
foreach ($search_normal_array as $str) {
$str = strtr($str, $search_table_umlauts_local);
$str = strtr($str, $search_table_ul_umlauts);
$this->search_words[] = $str;
}
}