示例#1
0
 function prefs_post()
 {
     // special considerations
     if (isset($_POST['siteurl'])) {
         $_POST['siteurl'] = rtrim(str_replace("http://", '', $this->ps('siteurl')), "/ ");
     }
     if (isset($_POST['tempdir']) && empty($_POST['tempdir'])) {
         $_POST['tempdir'] = doSlash(find_temp_dir());
     }
     if (!empty($_POST['file_max_upload_size'])) {
         $_POST['file_max_upload_size'] = $this->real_max_upload_size($this->ps('file_max_upload_size'));
     }
     // safe them all
     $prefnames = array_keys(get_prefs());
     foreach ($prefnames as $prefname) {
         if (isset($_POST[$prefname])) {
             update_pref($prefname, $this->ps($prefname));
         }
     }
     update_lastmod();
     $this->_message(gTxt('preferences_saved'));
 }
示例#2
0
function css_save()
{
    extract(gpsa(array('name', 'css', 'savenew', 'newname', 'copy')));
    $css = doSlash($css);
    if ($savenew or $copy) {
        $newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname'))));
        if ($newname and safe_field('name', 'txp_css', "name = '{$newname}'")) {
            $message = gTxt('css_already_exists', array('{name}' => $newname), E_ERROR);
            if ($savenew) {
                $_POST['newname'] = '';
            }
        } elseif ($newname) {
            safe_insert('txp_css', "name = '" . $newname . "', css = '{$css}'");
            // update site last mod time
            update_lastmod();
            $message = gTxt('css_created', array('{name}' => $newname));
        } else {
            $message = array(gTxt('css_name_required'), E_ERROR);
        }
        css_edit($message);
    } else {
        safe_update('txp_css', "css = '{$css}'", "name = '" . doSlash($name) . "'");
        // update site last mod time
        update_lastmod();
        $message = gTxt('css_updated', array('{name}' => $name));
        css_edit($message);
    }
}
示例#3
0
function article_save()
{
    global $txp_user, $vars, $txpcfg, $prefs;
    extract($prefs);
    $incoming = psa($vars);
    $oldArticle = safe_row('Status, url_title, Title, unix_timestamp(LastMod) as sLastMod, LastModID', 'textpattern', 'ID = ' . (int) $incoming['ID']);
    if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) {
        // Not allowed, you silly rabbit, you shouldn't even be here.
        // Show default editing screen.
        article_edit();
        return;
    }
    if ($oldArticle['sLastMod'] != $incoming['sLastMod']) {
        article_edit(gTxt('concurrent_edit_by', array('{author}' => htmlspecialchars($oldArticle['LastModID']))), TRUE);
        return;
    }
    $incoming = textile_main_fields($incoming, $use_textile);
    extract(doSlash($incoming));
    extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt'))));
    $Annotate = (int) $Annotate;
    if (!has_privs('article.publish') && $Status >= 4) {
        $Status = 3;
    }
    if ($reset_time) {
        $whenposted = "Posted=now()";
        $when_ts = time();
    } else {
        $when = $when_ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset();
        $whenposted = "Posted=from_unixtime({$when})";
    }
    if (empty($exp_year)) {
        $expires = 0;
        $whenexpires = "Expires=" . NULLDATETIME;
    } else {
        if (empty($exp_month)) {
            $exp_month = 1;
        }
        if (empty($exp_day)) {
            $exp_day = 1;
        }
        if (empty($exp_hour)) {
            $exp_hour = 0;
        }
        if (empty($exp_minute)) {
            $exp_minute = 0;
        }
        if (empty($exp_second)) {
            $exp_second = 0;
        }
        $expires = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second) - tz_offset();
        $whenexpires = "Expires=from_unixtime({$expires})";
    }
    if ($expires) {
        if ($expires <= $when_ts) {
            article_edit(gTxt('article_expires_before_postdate'));
            return;
        }
    }
    //Auto-Update custom-titles according to Title, as long as unpublished and NOT customized
    if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) {
        $url_title = stripSpace($Title_plain, 1);
    }
    $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', '));
    safe_update("textpattern", "Title           = '{$Title}',\n\t\t\tBody            = '{$Body}',\n\t\t\tBody_html       = '{$Body_html}',\n\t\t\tExcerpt         = '{$Excerpt}',\n\t\t\tExcerpt_html    = '{$Excerpt_html}',\n\t\t\tKeywords        = '{$Keywords}',\n\t\t\tImage           = '{$Image}',\n\t\t\tStatus          =  {$Status},\n\t\t\tLastMod         =  now(),\n\t\t\tLastModID       = '{$txp_user}',\n\t\t\tSection         = '{$Section}',\n\t\t\tCategory1       = '{$Category1}',\n\t\t\tCategory2       = '{$Category2}',\n\t\t\tAnnotate        =  {$Annotate},\n\t\t\ttextile_body    =  {$textile_body},\n\t\t\ttextile_excerpt =  {$textile_excerpt},\n\t\t\toverride_form   = '{$override_form}',\n\t\t\turl_title       = '{$url_title}',\n\t\t\tAnnotateInvite  = '{$AnnotateInvite}',\n\t\t\tcustom_1        = '{$custom_1}',\n\t\t\tcustom_2        = '{$custom_2}',\n\t\t\tcustom_3        = '{$custom_3}',\n\t\t\tcustom_4        = '{$custom_4}',\n\t\t\tcustom_5        = '{$custom_5}',\n\t\t\tcustom_6        = '{$custom_6}',\n\t\t\tcustom_7        = '{$custom_7}',\n\t\t\tcustom_8        = '{$custom_8}',\n\t\t\tcustom_9        = '{$custom_9}',\n\t\t\tcustom_10       = '{$custom_10}',\n\t\t\t{$whenposted},\n\t\t\t{$whenexpires}", "ID = {$ID}");
    if ($Status >= 4) {
        if ($oldArticle['Status'] < 4) {
            do_pings();
        }
        update_lastmod();
    }
    article_edit(get_status_message($Status) . check_url_title($url_title));
}
示例#4
0
function section_save()
{
    global $app_mode;
    $in = array_map('assert_string', psa(array('name', 'title', 'old_name', 'section_page', 'css')));
    if (empty($in['title'])) {
        $in['title'] = $in['name'];
    }
    // Prevent non url chars on section names
    include_once txpath . '/lib/classTextile.php';
    $textile = new Textile();
    $in['title'] = $textile->TextileThis($in['title'], 1);
    $in['name'] = strtolower(sanitizeForUrl($in['name']));
    extract($in);
    $in = doSlash($in);
    extract($in, EXTR_PREFIX_ALL, 'safe');
    if ($name != strtolower($old_name)) {
        if (safe_field('name', 'txp_section', "name='{$safe_name}'")) {
            // Invalid input. Halt all further processing (e.g. plugin event handlers).
            $message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
            //				modal_halt($message);
            sec_section_list($message);
            return;
        }
    }
    $ok = false;
    if ($name == 'default') {
        $ok = safe_update('txp_section', "page = '{$safe_section_page}', css = '{$safe_css}'", "name = 'default'");
    } else {
        if ($name) {
            extract(array_map('assert_int', psa(array('on_frontpage', 'in_rss', 'searchable'))));
            if ($safe_old_name) {
                $ok = safe_update('txp_section', "\n\t\t\t\t\tname         = '{$safe_name}',\n\t\t\t\t\ttitle        = '{$safe_title}',\n\t\t\t\t\tpage         = '{$safe_section_page}',\n\t\t\t\t\tcss          = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\t\tsearchable   = {$searchable}\n\t\t\t\t\t", "name = '{$safe_old_name}'");
                // Manually maintain referential integrity
                if ($ok) {
                    $ok = safe_update('textpattern', "Section = '{$safe_name}'", "Section = '{$safe_old_name}'");
                }
            } else {
                $ok = safe_insert('txp_section', "\n\t\t\t\t\tname         = '{$safe_name}',\n\t\t\t\t\ttitle        = '{$safe_title}',\n\t\t\t\t\tpage         = '{$safe_section_page}',\n\t\t\t\t\tcss          = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\t\tsearchable   = {$searchable}");
            }
        }
    }
    if ($ok) {
        update_lastmod();
    }
    if ($ok) {
        sec_section_list(gTxt($safe_old_name ? 'section_updated' : 'section_created', array('{name}' => $name)));
    } else {
        sec_section_list(array(gTxt('section_save_failed'), E_ERROR));
    }
}
示例#5
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = getComment();
    $evaluator =& get_comment_evaluator();
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        txp_die(gTxt('comments_closed'), '403');
    }
    $ip = serverset('REMOTE_ADDR');
    if (!checkBan($ip)) {
        txp_die(gTxt('you_have_been_banned'), '403');
    }
    $blacklisted = is_blacklisted($ip);
    if ($blacklisted) {
        txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
    }
    $web = clean_url($web);
    $email = clean_url($email);
    if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
        setCookies($name, $email, $web);
    } else {
        destroyCookies();
    }
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(strip_tags(deEntBrackets($web)));
    $email = doSlash(strip_tags(deEntBrackets($email)));
    $message = substr(trim($message), 0, 65535);
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
    if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
        $evaluator->add_estimate(RELOAD, 1);
        // The error-messages are added in the preview-code
    }
    if ($isdup) {
        $evaluator->add_estimate(RELOAD, 1);
    }
    // FIXME? Tell the user about dupe?
    if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
        callback_event('comment.save');
        $visible = $evaluator->get_result();
        if ($visible != RELOAD) {
            $parentid = assert_int($parentid);
            $rs = safe_insert("txp_discuss", "parentid  = {$parentid},\n\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t ip\t\t  = '" . doSlash($ip) . "',\n\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t visible   = " . intval($visible) . ",\n\t\t\t\t\t posted\t  = now()");
            if ($rs) {
                safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
                if ($prefs['comment_means_site_updated']) {
                    update_lastmod();
                }
                if ($comments_sendmail) {
                    mail_comment($message, $name, $email, $web, $parentid, $rs);
                }
                $updated = update_comments_count($parentid);
                $backpage = substr($backpage, 0, $prefs['max_url_len']);
                $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
                if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
                    $backpage = permlinkurl_id($parentid);
                }
                $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
                txp_status_header('302 Found');
                if ($comments_moderate) {
                    header('Location: ' . $backpage . '#txpCommentInputForm');
                } else {
                    header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                }
                log_hit('302');
                $evaluator->write_trace();
                exit;
            }
        }
    }
    // Force another Preview
    $_POST['preview'] = RELOAD;
    //$evaluator->write_trace();
}
示例#6
0
function link_save()
{
    global $txpcfg, $vars;
    $varray = gpsa($vars);
    extract(doSlash($varray));
    if (!$linksort) {
        $linksort = $linkname;
    }
    $id = assert_int($id);
    $rs = safe_update("txp_link", "category    = '{$category}',\n\t\t\turl         = '" . trim($url) . "',\n\t\t\tlinkname    = '{$linkname}',\n\t\t\tlinksort    = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
    if ($rs) {
        update_lastmod();
        $message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
        link_edit($message);
    }
}
示例#7
0
function link_multi_edit()
{
    global $txp_user, $all_link_cats, $all_link_authors;
    // Empty entry to permit clearing the category
    $categories = array('');
    foreach ($all_link_cats as $row) {
        $categories[] = $row['name'];
    }
    $selected = ps('selected');
    if (!$selected or !is_array($selected)) {
        link_list();
        return;
    }
    $selected = array_map('assert_int', $selected);
    $method = ps('edit_method');
    $changed = array();
    $key = '';
    switch ($method) {
        case 'delete':
            if (!has_privs('link.delete')) {
                if (has_privs('link.delete.own')) {
                    $selected = safe_column('id', 'txp_link', 'id IN (' . join(',', $selected) . ') AND author=\'' . doSlash($txp_user) . '\'');
                } else {
                    $selected = array();
                }
            }
            foreach ($selected as $id) {
                if (safe_delete('txp_link', 'id = ' . $id)) {
                    $changed[] = $id;
                }
            }
            if ($changed) {
                callback_event('links_deleted', '', 0, $changed);
            }
            $key = '';
            break;
        case 'changecategory':
            $val = ps('category');
            if (in_array($val, $categories)) {
                $key = 'category';
            }
            break;
        case 'changeauthor':
            $val = ps('author');
            if (in_array($val, $all_link_authors)) {
                $key = 'author';
            }
            break;
        default:
            $key = '';
            $val = '';
            break;
    }
    if ($selected and $key) {
        foreach ($selected as $id) {
            if (safe_update('txp_link', "{$key} = '" . doSlash($val) . "'", "id = {$id}")) {
                $changed[] = $id;
            }
        }
    }
    if ($changed) {
        update_lastmod();
        link_list(gTxt($method == 'delete' ? 'links_deleted' : 'link_updated', array($method == 'delete' ? '{list}' : '{name}' => join(', ', $changed))));
        return;
    }
    link_list();
}
示例#8
0
function link_post()
{
    global $txpcfg, $vars;
    $varray = gpsa($vars);
    extract(doSlash($varray));
    if (!$linksort) {
        $linksort = $linkname;
    }
    $q = safe_insert("txp_link", "category    = '{$category}',\n\t\t\tdate        = now(),\n\t\t\turl         = '" . trim($url) . "',\n\t\t\tlinkname    = '{$linkname}',\n\t\t\tlinksort    = '{$linksort}',\n\t\t\tdescription = '{$description}'");
    $GLOBALS['ID'] = mysql_insert_id();
    if ($q) {
        //update lastmod due to link feeds
        update_lastmod();
        $message = gTxt('link_created', array('{name}' => $linkname));
        link_edit($message);
    }
}
示例#9
0
function advanced_prefs_save()
{
    // update custom fields count from database schema and cache it as a hidden pref
    $max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings('describe `' . PFX . 'textpattern`')));
    set_pref('max_custom_fields', $max_custom_fields, 'publish', 2);
    // safe all regular advanced prefs
    $prefnames = safe_column("name", "txp_prefs", "prefs_id = 1 AND type = 1");
    $post = doSlash(stripPost());
    if (empty($post['tempdir'])) {
        $post['tempdir'] = doSlash(find_temp_dir());
    }
    if (!empty($post['file_max_upload_size'])) {
        $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']);
    }
    foreach ($prefnames as $prefname) {
        if (isset($post[$prefname])) {
            safe_update("txp_prefs", "val = '" . $post[$prefname] . "'", "name = '" . doSlash($prefname) . "' and prefs_id = 1");
        }
    }
    update_lastmod();
    advanced_prefs(gTxt('preferences_saved'));
}
示例#10
0
 function thumbnail_create_post()
 {
     $id = $this->psi('id');
     extract(doSlash(gpsa(array('thumbnail_clear_settings', 'thumbnail_delete', 'width', 'height', 'crop'))));
     if ($thumbnail_clear_settings) {
         $message = $this->thumbnail_clear_settings($id);
     } elseif ($thumbnail_delete) {
         $message = $this->thumbnail_delete($id);
     } else {
         $width = (int) $width;
         $height = (int) $height;
         if ($width != 0 || $height != 0) {
             if (img_makethumb($id, $width, $height, $crop)) {
                 global $prefs;
                 if ($width == 0) {
                     $width = '';
                 }
                 if ($height == 0) {
                     $height = '';
                 }
                 $prefs['thumb_w'] = $width;
                 $prefs['thumb_h'] = $height;
                 $prefs['thumb_crop'] = $crop;
                 // hidden prefs
                 set_pref('thumb_w', $width, 'image', 2);
                 set_pref('thumb_h', $height, 'image', 2);
                 set_pref('thumb_crop', $crop, 'image', 2);
                 update_lastmod();
                 $message = gTxt('thumbnail_saved', array('{id}' => $id));
             } else {
                 $message = gTxt('thumbnail_not_saved', array('{id}' => $id));
             }
         } else {
             $message = messenger('invalid_width_or_height', "({$width})/({$height})", '');
         }
     }
     $this->_message($message);
     $this->_set_view('edit', $id);
 }
示例#11
0
/**
 * Saves a form template.
 */
function form_save()
{
    global $essential_forms, $form_types;
    extract(doSlash(array_map('assert_string', psa(array('savenew', 'Form', 'type', 'copy')))));
    $name = sanitizeForPage(assert_string(ps('name')));
    $newname = sanitizeForPage(assert_string(ps('newname')));
    $save_error = false;
    $message = '';
    if (in_array($name, $essential_forms)) {
        $newname = $name;
        $type = fetch('type', 'txp_form', 'name', $newname);
        $_POST['newname'] = $newname;
    }
    if (!$newname) {
        $message = array(gTxt('form_name_invalid'), E_ERROR);
        $save_error = true;
    } else {
        if (!isset($form_types[$type])) {
            $message = array(gTxt('form_type_missing'), E_ERROR);
            $save_error = true;
        } else {
            if ($copy && $name === $newname) {
                $newname .= '_copy';
                $_POST['newname'] = $newname;
            }
            $exists = safe_field('name', 'txp_form', "name = '" . doSlash($newname) . "'");
            if ($newname !== $name && $exists !== false) {
                $message = array(gTxt('form_already_exists', array('{name}' => $newname)), E_ERROR);
                if ($savenew) {
                    $_POST['newname'] = '';
                }
                $save_error = true;
            } else {
                if ($savenew or $copy) {
                    if ($newname) {
                        if (safe_insert('txp_form', "Form = '{$Form}',\n                                type = '{$type}',\n                                name = '" . doSlash($newname) . "'")) {
                            update_lastmod();
                            $message = gTxt('form_created', array('{name}' => $newname));
                        } else {
                            $message = array(gTxt('form_save_failed'), E_ERROR);
                            $save_error = true;
                        }
                    } else {
                        $message = array(gTxt('form_name_invalid'), E_ERROR);
                        $save_error = true;
                    }
                } else {
                    if (safe_update('txp_form', "Form = '{$Form}',\n                            type = '{$type}',\n                            name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
                        update_lastmod();
                        $message = gTxt('form_updated', array('{name}' => $name));
                    } else {
                        $message = array(gTxt('form_save_failed'), E_ERROR);
                        $save_error = true;
                    }
                }
            }
        }
    }
    if ($save_error === true) {
        $_POST['save_error'] = '1';
    } else {
        callback_event('form_saved', '', 0, $name, $newname);
    }
    form_edit($message);
}
示例#12
0
function link_multi_edit()
{
    global $txp_user;
    $selected = ps('selected');
    if (!$selected or !is_array($selected)) {
        link_edit();
        return;
    }
    $selected = array_map('assert_int', $selected);
    $method = ps('edit_method');
    $changed = array();
    switch ($method) {
        case 'delete':
            if (!has_privs('link.delete')) {
                if (has_privs('link.delete.own')) {
                    $selected = safe_column('id', 'txp_link', 'id IN (' . join(',', $selected) . ') AND author=\'' . doSlash($txp_user) . '\'');
                } else {
                    $selected = array();
                }
            }
            foreach ($selected as $id) {
                if (safe_delete('txp_link', 'id = ' . $id)) {
                    $changed[] = $id;
                }
            }
            $key = '';
            break;
        case 'changecategory':
            $key = 'category';
            $val = ps('category');
            break;
        case 'changeauthor':
            $key = 'author';
            $val = ps('author');
            break;
        default:
            $key = '';
            $val = '';
            break;
    }
    if ($selected and $key) {
        foreach ($selected as $id) {
            if (safe_update('txp_link', "{$key} = '" . doSlash($val) . "'", "id = {$id}")) {
                $changed[] = $id;
            }
        }
    }
    if ($changed) {
        update_lastmod();
        link_edit(gTxt($method == 'delete' ? 'links_deleted' : 'link_updated', array($method == 'delete' ? '{list}' : '{name}' => join(', ', $changed))));
        return;
    }
    link_edit();
}
示例#13
0
function file_delete($ids = array())
{
    global $file_base_path, $txp_user;
    $ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
    if (!has_privs('file.delete')) {
        if (has_privs('file.delete.own')) {
            $ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\'');
        } else {
            $ids = array();
        }
    }
    if (!empty($ids)) {
        $fail = array();
        $rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $filepath = build_file_path($file_base_path, $filename);
                // Notify plugins of pending deletion, pass file's id and path.
                callback_event('file_deleted', '', false, $id, $filepath);
                $rsd = safe_delete('txp_file', "id = {$id}");
                $ul = false;
                if ($rsd && is_file($filepath)) {
                    $ul = unlink($filepath);
                }
                if (!$rsd or !$ul) {
                    $fail[] = $id;
                }
            }
            if ($fail) {
                file_list(array(messenger(gTxt('file_delete_failed'), join(', ', $fail)), E_ERROR));
                return;
            } else {
                update_lastmod('file_deleted', $ids);
                file_list(gTxt('file_deleted', array('{name}' => join(', ', $ids))));
                return;
            }
        } else {
            file_list(array(messenger(gTxt('file_not_found'), join(', ', $ids), ''), E_ERROR));
            return;
        }
    }
    file_list();
}
示例#14
0
$HeadURL: http://svn.textpattern.com/current/textpattern/_update.php $
$LastChangedRevision: 711 $
*/
if (!defined('TXP_UPDATE')) {
    exit("Nothing here. You can't access this file directly.");
}
if (!safe_field('name', 'txp_prefs', "name = 'allow_raw_php_scripting'")) {
    safe_insert('txp_prefs', "prefs_id = 1, name = 'allow_raw_php_scripting', val = '1', type = '1', html='yesnoradio'");
} else {
    safe_update('txp_prefs', "html='yesnoradio'", "name='allow_raw_php_scripting'");
}
if (!safe_field('name', 'txp_prefs', "name = 'log_list_pageby'")) {
    safe_insert('txp_prefs', "prefs_id = 1, name = 'log_list_pageby', val = '25', type = 2, event = 'publish'");
}
// turn on lastmod handling, and reset the lastmod date
safe_update('txp_prefs', "val='1'", "name='send_lastmod' and prefs_id='1'");
update_lastmod();
// speed up article queries
$has_ss_idx = 0;
$rs = getRows('show index from `' . PFX . 'textpattern`');
foreach ($rs as $row) {
    if ($row['Key_name'] == 'section_status_idx') {
        $has_ss_idx = 1;
    }
}
if (!$has_ss_idx) {
    safe_query('alter ignore table `' . PFX . 'textpattern` add index section_status_idx (Section,Status)');
}
if (!safe_field('name', 'txp_prefs', "name = 'title_no_widow'")) {
    safe_insert('txp_prefs', "prefs_id = 1, name = 'title_no_widow', val = '1', type = '1', html='yesnoradio'");
}
示例#15
0
function thumbnail_delete()
{
    global $txp_user;
    $id = assert_int(gps('id'));
    $author = fetch('author', 'txp_image', 'id', $id);
    if (!has_privs('image.edit') && !($author === $txp_user && has_privs('image.edit.own'))) {
        image_list(gTxt('restricted_area'));
        return;
    }
    $t = new txp_thumb($id);
    if ($t->delete()) {
        callback_event('thumbnail_deleted', '', false, $id);
        update_lastmod();
        image_edit(gTxt('thumbnail_deleted'), $id);
    } else {
        image_edit(array(gTxt('thumbnail_delete_failed'), E_ERROR), $id);
    }
}
示例#16
0
function list_multi_edit()
{
    global $txp_user;
    $selected = ps('selected');
    if (!$selected or !is_array($selected)) {
        return list_list();
    }
    $selected = array_map('assert_int', $selected);
    $method = ps('edit_method');
    $changed = false;
    $ids = array();
    if ($method == 'delete') {
        if (!has_privs('article.delete')) {
            $allowed = array();
            if (has_privs('article.delete.own')) {
                foreach ($selected as $id) {
                    $author = safe_field('AuthorID', 'textpattern', "ID = {$id}");
                    if ($author == $txp_user) {
                        $allowed[] = $id;
                    }
                }
            }
            $selected = $allowed;
        }
        foreach ($selected as $id) {
            if (safe_delete('textpattern', "ID = {$id}")) {
                $ids[] = $id;
            }
        }
        $changed = join(', ', $ids);
        if ($changed) {
            safe_update('txp_discuss', "visible = " . MODERATE, "parentid in({$changed})");
        }
    } else {
        $selected = array_map('assert_int', $selected);
        $selected = safe_rows('ID, AuthorID, Status', 'textpattern', 'ID in (' . implode(',', $selected) . ')');
        $allowed = array();
        foreach ($selected as $item) {
            if ($item['Status'] >= 4 and has_privs('article.edit.published') or $item['Status'] >= 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $item['Status'] < 4 and has_privs('article.edit') or $item['Status'] < 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own')) {
                $allowed[] = $item['ID'];
            }
        }
        $selected = $allowed;
        unset($allowed);
        switch ($method) {
            // change author
            case 'changeauthor':
                $key = 'AuthorID';
                $val = has_privs('article.edit') ? ps('AuthorID') : '';
                // do not allow to be set to an empty value
                if (!$val) {
                    $selected = array();
                }
                break;
                // change category1
            // change category1
            case 'changecategory1':
                $key = 'Category1';
                $val = ps('Category1');
                break;
                // change category2
            // change category2
            case 'changecategory2':
                $key = 'Category2';
                $val = ps('Category2');
                break;
                // change comments
            // change comments
            case 'changecomments':
                $key = 'Annotate';
                $val = (int) ps('Annotate');
                break;
                // change section
            // change section
            case 'changesection':
                $key = 'Section';
                $val = ps('Section');
                // do not allow to be set to an empty value
                if (!$val) {
                    $selected = array();
                }
                break;
                // change status
            // change status
            case 'changestatus':
                $key = 'Status';
                $val = ps('Status');
                if (!has_privs('article.publish') && $val >= 4) {
                    $val = 3;
                }
                // do not allow to be set to an empty value
                if (!$val) {
                    $selected = array();
                }
                break;
            default:
                $key = '';
                $val = '';
                break;
        }
        if ($selected and $key) {
            foreach ($selected as $id) {
                if (safe_update('textpattern', "{$key} = '" . doSlash($val) . "'", "ID = {$id}")) {
                    $ids[] = $id;
                }
            }
            $changed = join(', ', $ids);
        }
    }
    if ($changed) {
        update_lastmod();
        return list_list(messenger('article', $changed, $method == 'delete' ? 'deleted' : 'modified'));
    }
    return list_list();
}
示例#17
0
function file_delete($ids = array())
{
    global $file_base_path, $txp_user;
    $ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
    $message = '';
    if (!has_privs('file.delete')) {
        if (has_privs('file.delete.own')) {
            $ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\'');
        } else {
            $ids = array();
        }
    }
    if (!empty($ids)) {
        $fail = array();
        $rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $filepath = build_file_path($file_base_path, $filename);
                $rsd = safe_delete('txp_file', "id = {$id}");
                $ul = false;
                if ($rsd && is_file($filepath)) {
                    $ul = unlink($filepath);
                }
                if (!$rsd or !$ul) {
                    $fail[] = $id;
                }
            }
            if ($fail) {
                $message = messenger(gTxt('file_delete_failed'), join(', ', $fail), '');
            } else {
                update_lastmod();
                $message = gTxt('file_deleted', array('{name}' => join(', ', $ids)));
            }
        } else {
            $message = messenger(gTxt('file_not_found'), join(', ', $ids), '');
        }
    }
    file_list($message);
}
示例#18
0
function form_save()
{
    global $vars, $step, $essential_forms, $form_types;
    extract(doSlash(array_map('assert_string', gpsa($vars))));
    $name = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('name'))));
    if (!$name) {
        $step = 'form_create';
        $message = gTxt('form_name_invalid');
        return form_edit(array($message, E_ERROR));
    }
    if (!isset($form_types[$type])) {
        $step = 'form_create';
        $message = gTxt('form_type_missing');
        return form_edit(array($message, E_ERROR));
    }
    if ($savenew) {
        $exists = safe_field('name', 'txp_form', "name = '{$name}'");
        if ($exists) {
            $step = 'form_create';
            $message = gTxt('form_already_exists', array('{name}' => $name));
            return form_edit(array($message, E_ERROR));
        }
        if (safe_insert('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'")) {
            update_lastmod();
            $message = gTxt('form_created', array('{name}' => $name));
        } else {
            $message = array(gTxt('form_save_failed'), E_ERROR);
        }
        return form_edit($message);
    }
    if (safe_update('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'", "name = '{$oldname}'")) {
        update_lastmod();
        $message = gTxt('form_updated', array('{name}' => $name));
    } else {
        $message = array(gTxt('form_save_failed'), E_ERROR);
    }
    form_edit($message);
}
示例#19
0
function file_multi_edit()
{
    $selected = ps('selected');
    if (!$selected or !is_array($selected)) {
        return file_list();
    }
    $selected = array_map('assert_int', $selected);
    $method = ps('edit_method');
    $changed = array();
    if ($method == 'delete') {
        return file_delete($selected);
    }
    if ($method == 'changecategory') {
        foreach ($selected as $id) {
            if (safe_update('txp_file', "category = '" . doSlash(ps('category')) . "'", "id = {$id}")) {
                $changed[] = $id;
            }
        }
    }
    if ($changed) {
        update_lastmod();
        return file_list(gTxt('file_updated', array('{name}' => join(', ', $changed))));
    }
    return file_list();
}
示例#20
0
/**
 * Processes sent forms and updates existing articles.
 */
function article_save()
{
    global $txp_user, $vars, $prefs;
    extract($prefs);
    $incoming = array_map('assert_string', psa($vars));
    $oldArticle = safe_row("Status, url_title, Title, textile_body, textile_excerpt,\n        UNIX_TIMESTAMP(LastMod) AS sLastMod, LastModID,\n        UNIX_TIMESTAMP(Posted) AS sPosted,\n        UNIX_TIMESTAMP(Expires) AS sExpires", 'textpattern', "ID = " . (int) $incoming['ID']);
    if (!($oldArticle['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $oldArticle['Status'] >= STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < STATUS_LIVE and has_privs('article.edit') or $oldArticle['Status'] < STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own'))) {
        // Not allowed, you silly rabbit, you shouldn't even be here.
        // Show default editing screen.
        article_edit();
        return;
    }
    if ($oldArticle['sLastMod'] != $incoming['sLastMod']) {
        article_edit(array(gTxt('concurrent_edit_by', array('{author}' => txpspecialchars($oldArticle['LastModID']))), E_ERROR), true, true);
        return;
    }
    if (!has_privs('article.set_markup')) {
        $incoming['textile_body'] = $oldArticle['textile_body'];
        $incoming['textile_excerpt'] = $oldArticle['textile_excerpt'];
    }
    $incoming = textile_main_fields($incoming);
    extract(doSlash($incoming));
    extract(array_map('assert_int', psa(array('ID', 'Status'))));
    // Comments may be on, off, or disabled.
    $Annotate = (int) $Annotate;
    if (!has_privs('article.publish') && $Status >= STATUS_LIVE) {
        $Status = STATUS_PENDING;
    }
    // Set and validate article timestamp.
    if ($reset_time) {
        $whenposted = "Posted = NOW()";
        $when_ts = time();
    } else {
        if (!is_numeric($year) || !is_numeric($month) || !is_numeric($day) || !is_numeric($hour) || !is_numeric($minute) || !is_numeric($second)) {
            $ts = false;
        } else {
            $ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
        }
        if ($ts === false || $ts < 0) {
            $when = $when_ts = $oldArticle['sPosted'];
            $msg = array(gTxt('invalid_postdate'), E_ERROR);
        } else {
            $when = $when_ts = $ts - tz_offset($ts);
        }
        $whenposted = "Posted = FROM_UNIXTIME({$when})";
    }
    // Set and validate expiry timestamp.
    if (empty($exp_year)) {
        $expires = 0;
    } else {
        if (empty($exp_month)) {
            $exp_month = 1;
        }
        if (empty($exp_day)) {
            $exp_day = 1;
        }
        if (empty($exp_hour)) {
            $exp_hour = 0;
        }
        if (empty($exp_minute)) {
            $exp_minute = 0;
        }
        if (empty($exp_second)) {
            $exp_second = 0;
        }
        $ts = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second);
        if ($ts === false || $ts < 0) {
            $expires = $oldArticle['sExpires'];
            $msg = array(gTxt('invalid_expirydate'), E_ERROR);
        } else {
            $expires = $ts - tz_offset($ts);
        }
    }
    if ($expires && $expires <= $when_ts) {
        $expires = $oldArticle['sExpires'];
        $msg = array(gTxt('article_expires_before_postdate'), E_ERROR);
    }
    if ($expires) {
        $whenexpires = "Expires = FROM_UNIXTIME({$expires})";
    } else {
        $whenexpires = "Expires = " . NULLDATETIME;
    }
    // Auto-update custom-titles according to Title, as long as unpublished and
    // NOT customised.
    if (empty($url_title) || $oldArticle['Status'] < STATUS_LIVE && $oldArticle['url_title'] === $url_title && $oldArticle['url_title'] === stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] !== $Title) {
        $url_title = stripSpace($Title_plain, 1);
    }
    $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', '));
    $user = doSlash($txp_user);
    $description = doSlash($description);
    $cfq = array();
    $cfs = getCustomFields();
    foreach ($cfs as $i => $cf_name) {
        $custom_x = "custom_{$i}";
        $cfq[] = "custom_{$i} = '" . ${$custom_x} . "'";
    }
    $cfq = join(', ', $cfq);
    $rs = compact($vars);
    if (article_validate($rs, $msg)) {
        if (safe_update('textpattern', "Title           = '{$Title}',\n            Body            = '{$Body}',\n            Body_html       = '{$Body_html}',\n            Excerpt         = '{$Excerpt}',\n            Excerpt_html    = '{$Excerpt_html}',\n            Keywords        = '{$Keywords}',\n            description     = '{$description}',\n            Image           = '{$Image}',\n            Status          =  {$Status},\n            LastMod         =  NOW(),\n            LastModID       = '{$user}',\n            Section         = '{$Section}',\n            Category1       = '{$Category1}',\n            Category2       = '{$Category2}',\n            Annotate        =  {$Annotate},\n            textile_body    = '{$textile_body}',\n            textile_excerpt = '{$textile_excerpt}',\n            override_form   = '{$override_form}',\n            url_title       = '{$url_title}',\n            AnnotateInvite  = '{$AnnotateInvite}'," . ($cfs ? $cfq . ',' : '') . "{$whenposted},\n            {$whenexpires}", "ID = {$ID}")) {
            if ($Status >= STATUS_LIVE && $oldArticle['Status'] < STATUS_LIVE) {
                do_pings();
            }
            if ($Status >= STATUS_LIVE || $oldArticle['Status'] >= STATUS_LIVE) {
                update_lastmod('article_saved', $rs);
            }
            now('posted', true);
            now('expires', true);
            callback_event('article_saved', '', false, $rs);
            if (empty($msg)) {
                $s = check_url_title($url_title);
                $msg = array(get_status_message($Status) . ' ' . $s, $s ? E_WARNING : 0);
            }
        } else {
            $msg = array(gTxt('article_save_failed'), E_ERROR);
        }
    }
    article_edit($msg, false, true);
}
示例#21
0
/**
 * Commits prefs to the database.
 */
function prefs_save()
{
    global $prefs, $gmtoffset, $is_dst, $auto_dst, $timezone_key, $txp_user;
    // Update custom fields count from database schema and cache it as a hidden pref.
    // TODO: move this when custom fields are refactored.
    $max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings('describe ' . safe_pfx('textpattern'))));
    set_pref('max_custom_fields', $max_custom_fields, 'publish', 2);
    $sql = array();
    $sql[] = 'prefs_id = 1 and event != "" and type in(' . PREF_CORE . ', ' . PREF_PLUGIN . ', ' . PREF_HIDDEN . ')';
    $sql[] = "(user_name = '' or (user_name='" . doSlash($txp_user) . "' and name not in(\n            select name from " . safe_pfx('txp_prefs') . " where user_name = ''\n        )))";
    if (!get_pref('use_comments', 1, 1)) {
        $sql[] = "event != 'comments'";
    }
    $prefnames = safe_rows_start("name, event, user_name, val", 'txp_prefs', join(' and ', $sql));
    $post = stripPost();
    if (isset($post['tempdir']) && empty($post['tempdir'])) {
        $post['tempdir'] = find_temp_dir();
    }
    if (!empty($post['file_max_upload_size'])) {
        $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']);
    }
    if (isset($post['auto_dst'])) {
        $prefs['auto_dst'] = $auto_dst = $post['auto_dst'];
        if (isset($post['is_dst']) && !$post['auto_dst']) {
            $is_dst = $post['is_dst'];
        }
    }
    // Forge $gmtoffset and $is_dst from $timezone_key if present.
    if (isset($post['timezone_key'])) {
        $key = $post['timezone_key'];
        $tzd = Txp::get('Textpattern_Date_Timezone')->getTimeZones();
        if (isset($tzd[$key])) {
            $prefs['timezone_key'] = $timezone_key = $key;
            $post['gmtoffset'] = $prefs['gmtoffset'] = $gmtoffset = $tzd[$key]['offset'];
            $post['is_dst'] = $prefs['is_dst'] = $is_dst = Txp::get('Textpattern_Date_Timezone')->isDst(null, $key);
        }
    }
    if (isset($post['siteurl'])) {
        $post['siteurl'] = preg_replace('#^https?://#', '', rtrim($post['siteurl'], '/ '));
    }
    while ($a = nextRow($prefnames)) {
        extract($a);
        if (!isset($post[$name]) || !has_privs('prefs.' . $event)) {
            continue;
        }
        if ($name === 'logging' && $post[$name] === 'none' && $post[$name] !== $val) {
            safe_truncate('txp_log');
        }
        if ($name === 'expire_logs_after' && (int) $post[$name] !== (int) $val) {
            safe_delete('txp_log', 'time < date_sub(now(), interval ' . intval($post[$name]) . ' day)');
        }
        update_pref($name, (string) $post[$name], null, null, null, null, (string) $user_name);
    }
    update_lastmod();
    prefs_list(gTxt('preferences_saved'));
}
示例#22
0
function section_save()
{
    global $txpcfg, $app_mode;
    extract(doSlash(psa(array('page', 'css', 'old_name'))));
    extract(psa(array('name', 'title')));
    $prequel = '';
    $sequel = '';
    if (empty($title)) {
        $title = $name;
    }
    // Prevent non url chars on section names
    include_once txpath . '/lib/classTextile.php';
    $textile = new Textile();
    $title = doSlash($textile->TextileThis($title, 1));
    $name = doSlash(sanitizeForUrl($name));
    if ($old_name && strtolower($name) != strtolower($old_name)) {
        if (safe_field('name', 'txp_section', "name='{$name}'")) {
            $message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
            if ($app_mode == 'async') {
                // TODO: Better/themeable popup
                send_script_response('window.alert("' . escape_js(strip_tags(gTxt('section_name_already_exists', array('{name}' => $name)))) . '")');
            } else {
                sec_section_list($message);
                return;
            }
        }
    }
    if ($name == 'default') {
        safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'");
        update_lastmod();
    } else {
        extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable'))));
        // note this means 'selected by default' not 'default page'
        if ($is_default) {
            safe_update("txp_section", "is_default = 0", "name != '{$old_name}'");
            // switch off $is_default for all sections in async app_mode
            if ($app_mode == 'async') {
                $prequel = '$("input[name=\\"is_default\\"][value=\\"1\\"]").attr("checked", false);' . '$("input[name=\\"is_default\\"][value=\\"0\\"]").attr("checked", true);';
            }
        }
        safe_update('txp_section', "\n\t\t\t\tname         = '{$name}',\n\t\t\t\ttitle        = '{$title}',\n\t\t\t\tpage         = '{$page}',\n\t\t\t\tcss          = '{$css}',\n\t\t\t\tis_default   = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\tsearchable   = {$searchable}\n\t\t\t", "name = '{$old_name}'");
        safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'");
        update_lastmod();
    }
    $message = gTxt('section_updated', array('{name}' => $name));
    if ($app_mode == 'async') {
        // Caveat: Use unslashed params for DTO
        $s = psa(array('name', 'title', 'page', 'css')) + compact('is_default', 'on_frontpage', 'in_rss', 'searchable');
        $s = section_detail_partial($s);
        send_script_response($prequel . '$("#section-form-' . $name . '").replaceWith("' . escape_js($s) . '");' . $sequel);
    } else {
        sec_section_list($message);
    }
}
示例#23
0
/**
 * Saves or clones a page template.
 */
function page_save()
{
    extract(doSlash(array_map('assert_string', psa(array('savenew', 'html', 'copy')))));
    $name = sanitizeForPage(assert_string(ps('name')));
    $newname = sanitizeForPage(assert_string(ps('newname')));
    $save_error = false;
    $message = '';
    if (!$newname) {
        $message = array(gTxt('page_name_invalid'), E_ERROR);
        $save_error = true;
    } else {
        if ($copy && $name === $newname) {
            $newname .= '_copy';
            $_POST['newname'] = $newname;
        }
        $exists = safe_field("name", 'txp_page', "name = '" . doSlash($newname) . "'");
        if ($newname !== $name && $exists !== false) {
            $message = array(gTxt('page_already_exists', array('{name}' => $newname)), E_ERROR);
            if ($savenew) {
                $_POST['newname'] = '';
            }
            $save_error = true;
        } else {
            if ($savenew or $copy) {
                if ($newname) {
                    if (safe_insert('txp_page', "name = '" . doSlash($newname) . "', user_html = '{$html}'")) {
                        update_lastmod('page_created', compact('newname', 'name', 'html'));
                        $message = gTxt('page_created', array('{name}' => $newname));
                    } else {
                        $message = array(gTxt('page_save_failed'), E_ERROR);
                        $save_error = true;
                    }
                } else {
                    $message = array(gTxt('page_name_invalid'), E_ERROR);
                    $save_error = true;
                }
            } else {
                if (safe_update('txp_page', "user_html = '{$html}', name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
                    safe_update('txp_section', "page = '" . doSlash($newname) . "'", "page = '" . doSlash($name) . "'");
                    update_lastmod('page_saved', compact('newname', 'name', 'html'));
                    $message = gTxt('page_updated', array('{name}' => $name));
                } else {
                    $message = array(gTxt('page_save_failed'), E_ERROR);
                    $save_error = true;
                }
            }
        }
    }
    if ($save_error === true) {
        $_POST['save_error'] = '1';
    } else {
        callback_event('page_saved', '', 0, $name, $newname);
    }
    page_edit($message);
}
示例#24
0
/**
 * Saves a section.
 */
function section_save()
{
    $in = array_map('assert_string', psa(array('name', 'title', 'description', 'old_name', 'section_page', 'css')));
    if (empty($in['title'])) {
        $in['title'] = $in['name'];
    }
    // Prevent non-URL characters on section names.
    $in['name'] = strtolower(sanitizeForUrl($in['name']));
    extract($in);
    $in = doSlash($in);
    extract($in, EXTR_PREFIX_ALL, 'safe');
    if ($name != strtolower($old_name)) {
        if (safe_field('name', 'txp_section', "name='{$safe_name}'")) {
            // Invalid input. Halt all further processing (e.g. plugin event
            // handlers).
            $message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
            //            modal_halt($message);
            sec_section_list($message);
            return;
        }
    }
    $ok = false;
    if ($name == 'default') {
        $ok = safe_update('txp_section', "page = '{$safe_section_page}', css = '{$safe_css}', description = '{$safe_description}'", "name = 'default'");
    } elseif ($name) {
        extract(array_map('assert_int', psa(array('on_frontpage', 'in_rss', 'searchable'))));
        if ($safe_old_name) {
            $ok = safe_update('txp_section', "\n                name         = '{$safe_name}',\n                title        = '{$safe_title}',\n                page         = '{$safe_section_page}',\n                css          = '{$safe_css}',\n                description  = '{$safe_description}',\n                on_frontpage = {$on_frontpage},\n                in_rss       = {$in_rss},\n                searchable   = {$searchable}\n                ", "name = '{$safe_old_name}'");
            // Manually maintain referential integrity.
            if ($ok) {
                $ok = safe_update('textpattern', "Section = '{$safe_name}'", "Section = '{$safe_old_name}'");
            }
        } else {
            $ok = safe_insert('txp_section', "\n                name         = '{$safe_name}',\n                title        = '{$safe_title}',\n                page         = '{$safe_section_page}',\n                css          = '{$safe_css}',\n                description  = '{$safe_description}',\n                on_frontpage = {$on_frontpage},\n                in_rss       = {$in_rss},\n                searchable   = {$searchable}");
        }
    }
    if ($ok) {
        update_lastmod('section_saved', compact('name', 'title', 'page', 'css', 'description', 'on_frontpage', 'in_rss', 'searchable'));
    }
    if ($ok) {
        sec_section_list(gTxt($safe_old_name ? 'section_updated' : 'section_created', array('{name}' => $name)));
    } else {
        sec_section_list(array(gTxt('section_save_failed'), E_ERROR));
    }
}
示例#25
0
function page_save()
{
    extract(doSlash(gpsa(array('name', 'html', 'copy'))));
    if ($copy) {
        $newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname'))));
        if ($newname and safe_field('name', 'txp_page', "name = '{$newname}'")) {
            $message = gTxt('page_already_exists', array('{name}' => $newname));
        } elseif ($newname) {
            safe_insert('txp_page', "name = '{$newname}', user_html = '{$html}'");
            update_lastmod();
            $message = gTxt('page_created', array('{name}' => $newname));
        } else {
            $message = gTxt('page_name_invalid');
        }
        page_edit($message);
    } else {
        safe_update('txp_page', "user_html = '{$html}'", "name = '{$name}'");
        update_lastmod();
        $message = gTxt('page_updated', array('{name}' => $name));
        page_edit($message);
    }
}
示例#26
0
function advanced_prefs_save()
{
    $prefnames = safe_column("name", "txp_prefs", "prefs_id = 1 AND type = 1");
    $post = doSlash(stripPost());
    if (empty($post['tempdir'])) {
        $post['tempdir'] = doSlash(find_temp_dir());
    }
    if (!empty($post['file_max_upload_size'])) {
        $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']);
    }
    foreach ($prefnames as $prefname) {
        if (isset($post[$prefname])) {
            safe_update("txp_prefs", "val = '" . $post[$prefname] . "'", "name = '" . doSlash($prefname) . "' and prefs_id = 1");
        }
    }
    update_lastmod();
    advanced_prefs(gTxt('preferences_saved'));
}
示例#27
0
function form_save()
{
    global $vars, $step, $essential_forms;
    extract(doSlash(gpsa($vars)));
    $name = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('name'))));
    if (!$name) {
        $step = 'form_create';
        $message = gTxt('form_name_invalid');
        return form_edit(array($message, E_ERROR));
    }
    if (!in_array($type, array('article', 'category', 'comment', 'file', 'link', 'misc', 'section'))) {
        $step = 'form_create';
        $message = gTxt('form_type_missing');
        return form_edit(array($message, E_ERROR));
    }
    if ($savenew) {
        $exists = safe_field('name', 'txp_form', "name = '{$name}'");
        if ($exists) {
            $step = 'form_create';
            $message = gTxt('form_already_exists', array('{name}' => $name));
            return form_edit(array($message, E_ERROR));
        }
        safe_insert('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'");
        update_lastmod();
        $message = gTxt('form_created', array('{name}' => $name));
        return form_edit($message);
    }
    safe_update('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'", "name = '{$oldname}'");
    update_lastmod();
    $message = gTxt('form_updated', array('{name}' => $name));
    form_edit($message);
}
示例#28
0
/**
 * Commits prefs to the database.
 */
function prefs_save()
{
    global $prefs, $gmtoffset, $is_dst, $auto_dst, $timezone_key, $txp_user;
    // Update custom fields count from database schema and cache it as a hidden pref.
    // TODO: move this when custom fields are refactored.
    $max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings("DESCRIBE " . safe_pfx('textpattern'))));
    set_pref('max_custom_fields', $max_custom_fields, 'publish', 2);
    $sql = array();
    $sql[] = "prefs_id = 1 AND event != '' AND type IN (" . PREF_CORE . ", " . PREF_PLUGIN . ", " . PREF_HIDDEN . ")";
    $sql[] = "(user_name = '' OR (user_name = '" . doSlash($txp_user) . "' AND name NOT IN (\n            SELECT name FROM " . safe_pfx('txp_prefs') . " WHERE user_name = ''\n        )))";
    if (!get_pref('use_comments', 1, 1)) {
        $sql[] = "event != 'comments'";
    }
    $prefnames = safe_rows_start("name, event, user_name, val", 'txp_prefs', join(" AND ", $sql));
    $post = stripPost();
    if (isset($post['tempdir']) && empty($post['tempdir'])) {
        $post['tempdir'] = find_temp_dir();
    }
    if (!empty($post['file_max_upload_size'])) {
        $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']);
    }
    if (isset($post['auto_dst'])) {
        $prefs['auto_dst'] = $auto_dst = $post['auto_dst'];
        if (isset($post['is_dst']) && !$post['auto_dst']) {
            $is_dst = $post['is_dst'];
        }
    }
    // Forge $gmtoffset and $is_dst from $timezone_key if present.
    if (isset($post['timezone_key'])) {
        $key = $post['timezone_key'];
        $tzd = Txp::get('\\Textpattern\\Date\\Timezone')->getTimeZones();
        if (isset($tzd[$key])) {
            $prefs['timezone_key'] = $timezone_key = $key;
            $post['gmtoffset'] = $prefs['gmtoffset'] = $gmtoffset = $tzd[$key]['offset'];
            $post['is_dst'] = $prefs['is_dst'] = $is_dst = Txp::get('\\Textpattern\\Date\\Timezone')->isDst(null, $key);
        }
    }
    if (isset($post['siteurl'])) {
        $post['siteurl'] = preg_replace('#^https?://#', '', rtrim($post['siteurl'], '/ '));
    }
    while ($a = nextRow($prefnames)) {
        extract($a);
        if (!isset($post[$name]) || !has_privs('prefs.' . $event)) {
            continue;
        }
        if ($name === 'logging' && $post[$name] === 'none' && $post[$name] !== $val) {
            safe_truncate('txp_log');
        }
        if ($name === 'expire_logs_after' && (int) $post[$name] !== (int) $val) {
            safe_delete('txp_log', "time < DATE_SUB(NOW(), INTERVAL " . intval($post[$name]) . " DAY)");
        }
        update_pref($name, (string) $post[$name], null, null, null, null, (string) $user_name);
    }
    update_lastmod('preferences_saved');
    prefs_list(gTxt('preferences_saved'));
}
示例#29
0
function delete_declaration($css)
{
    $thedec = gps('declaration');
    $name = gps('name');
    $i = 0;
    foreach ($css as $a => $b) {
        $cursel = $i++;
        $ii = 0;
        foreach ($b as $c => $d) {
            $curdec = $ii++;
            if ($cursel . '-' . $curdec != $thedec) {
                $out[$a][$c] = $d;
            }
        }
    }
    $css = base64_encode(css_format($out));
    safe_update("txp_css", "css='" . doSlash($css) . "'", "name='" . doSlash($name) . "'");
    // update site last mod time
    update_lastmod();
    return parseCSS(base64_decode(fetch('css', 'txp_css', 'name', $name)));
}
示例#30
0
/**
 * Processes multi-edit actions.
 */
function list_multi_edit()
{
    global $txp_user, $statuses, $all_cats, $all_authors, $all_sections;
    extract(psa(array('selected', 'edit_method')));
    if (!$selected || !is_array($selected)) {
        return list_list();
    }
    $selected = array_map('assert_int', $selected);
    // Empty entry to permit clearing the categories.
    $categories = array('');
    foreach ($all_cats as $row) {
        $categories[] = $row['name'];
    }
    $allowed = array();
    $field = $value = '';
    switch ($edit_method) {
        // Delete.
        case 'delete':
            if (!has_privs('article.delete')) {
                if (has_privs('article.delete.own')) {
                    $allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'");
                }
                $selected = $allowed;
            }
            if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) {
                safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")");
                callback_event('articles_deleted', '', 0, $selected);
                callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value'));
                update_lastmod('articles_deleted', $selected);
                now('posted', true);
                now('expires', true);
                return list_list(messenger('article', join(', ', $selected), 'deleted'));
            }
            return list_list();
            break;
            // Change author.
        // Change author.
        case 'changeauthor':
            $value = ps('AuthorID');
            if (has_privs('article.edit') && in_array($value, $all_authors, true)) {
                $field = 'AuthorID';
            }
            break;
            // Change category1.
        // Change category1.
        case 'changecategory1':
            $value = ps('Category1');
            if (in_array($value, $categories, true)) {
                $field = 'Category1';
            }
            break;
            // Change category2.
        // Change category2.
        case 'changecategory2':
            $value = ps('Category2');
            if (in_array($value, $categories, true)) {
                $field = 'Category2';
            }
            break;
            // Change comment status.
        // Change comment status.
        case 'changecomments':
            $field = 'Annotate';
            $value = (int) ps('Annotate');
            break;
            // Change section.
        // Change section.
        case 'changesection':
            $value = ps('Section');
            if (in_array($value, $all_sections, true)) {
                $field = 'Section';
            }
            break;
            // Change status.
        // Change status.
        case 'changestatus':
            $value = (int) ps('Status');
            if (array_key_exists($value, $statuses)) {
                $field = 'Status';
            }
            if (!has_privs('article.publish') && $value >= STATUS_LIVE) {
                $value = STATUS_PENDING;
            }
            break;
    }
    $selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")");
    foreach ($selected as $item) {
        if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) {
            $allowed[] = $item['ID'];
        }
    }
    $selected = $allowed;
    if ($selected) {
        $message = messenger('article', join(', ', $selected), 'modified');
        if ($edit_method === 'duplicate') {
            $rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")");
            if ($rs) {
                while ($a = nextRow($rs)) {
                    unset($a['ID'], $a['LastMod'], $a['LastModID'], $a['Expires']);
                    $a['uid'] = md5(uniqid(rand(), true));
                    $a['AuthorID'] = $txp_user;
                    foreach ($a as $name => &$value) {
                        $value = "`{$name}` = '" . doSlash($value) . "'";
                    }
                    if ($id = (int) safe_insert('textpattern', join(',', $a))) {
                        safe_update('textpattern', "Title = CONCAT(Title, ' (', {$id}, ')'),\n                            url_title = CONCAT(url_title, '-', {$id}),\n                            Posted = NOW(),\n                            feed_time = NOW()", "ID = {$id}");
                    }
                }
            }
            $message = gTxt('duplicated_articles', array('{id}' => join(', ', $selected)));
        } elseif (!$field || safe_update('textpattern', "{$field} = '" . doSlash($value) . "'", "ID IN (" . join(',', $selected) . ")") === false) {
            return list_list();
        }
        update_lastmod('articles_updated', compact('selected', 'field', 'value'));
        now('posted', true);
        now('expires', true);
        callback_event('multi_edited.articles', $edit_method, 0, compact('selected', 'field', 'value'));
        return list_list($message);
    }
    return list_list();
}