function prefs_post()
{
// special considerations
if (isset($_POST['siteurl'])) {
$_POST['siteurl'] = rtrim(str_replace("http://", '', $this->ps('siteurl')), "/ ");
}
if (isset($_POST['tempdir']) && empty($_POST['tempdir'])) {
$_POST['tempdir'] = doSlash(find_temp_dir());
}
if (!empty($_POST['file_max_upload_size'])) {
$_POST['file_max_upload_size'] = $this->real_max_upload_size($this->ps('file_max_upload_size'));
}
// safe them all
$prefnames = array_keys(get_prefs());
foreach ($prefnames as $prefname) {
if (isset($_POST[$prefname])) {
update_pref($prefname, $this->ps($prefname));
}
}
update_lastmod();
$this->_message(gTxt('preferences_saved'));
}
function css_save()
{
extract(gpsa(array('name', 'css', 'savenew', 'newname', 'copy')));
$css = doSlash($css);
if ($savenew or $copy) {
$newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname'))));
if ($newname and safe_field('name', 'txp_css', "name = '{$newname}'")) {
$message = gTxt('css_already_exists', array('{name}' => $newname), E_ERROR);
if ($savenew) {
$_POST['newname'] = '';
}
} elseif ($newname) {
safe_insert('txp_css', "name = '" . $newname . "', css = '{$css}'");
// update site last mod time
update_lastmod();
$message = gTxt('css_created', array('{name}' => $newname));
} else {
$message = array(gTxt('css_name_required'), E_ERROR);
}
css_edit($message);
} else {
safe_update('txp_css', "css = '{$css}'", "name = '" . doSlash($name) . "'");
// update site last mod time
update_lastmod();
$message = gTxt('css_updated', array('{name}' => $name));
css_edit($message);
}
}
function article_save()
{
global $txp_user, $vars, $txpcfg, $prefs;
extract($prefs);
$incoming = psa($vars);
$oldArticle = safe_row('Status, url_title, Title, unix_timestamp(LastMod) as sLastMod, LastModID', 'textpattern', 'ID = ' . (int) $incoming['ID']);
if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) {
// Not allowed, you silly rabbit, you shouldn't even be here.
// Show default editing screen.
article_edit();
return;
}
if ($oldArticle['sLastMod'] != $incoming['sLastMod']) {
article_edit(gTxt('concurrent_edit_by', array('{author}' => htmlspecialchars($oldArticle['LastModID']))), TRUE);
return;
}
$incoming = textile_main_fields($incoming, $use_textile);
extract(doSlash($incoming));
extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt'))));
$Annotate = (int) $Annotate;
if (!has_privs('article.publish') && $Status >= 4) {
$Status = 3;
}
if ($reset_time) {
$whenposted = "Posted=now()";
$when_ts = time();
} else {
$when = $when_ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset();
$whenposted = "Posted=from_unixtime({$when})";
}
if (empty($exp_year)) {
$expires = 0;
$whenexpires = "Expires=" . NULLDATETIME;
} else {
if (empty($exp_month)) {
$exp_month = 1;
}
if (empty($exp_day)) {
$exp_day = 1;
}
if (empty($exp_hour)) {
$exp_hour = 0;
}
if (empty($exp_minute)) {
$exp_minute = 0;
}
if (empty($exp_second)) {
$exp_second = 0;
}
$expires = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second) - tz_offset();
$whenexpires = "Expires=from_unixtime({$expires})";
}
if ($expires) {
if ($expires <= $when_ts) {
article_edit(gTxt('article_expires_before_postdate'));
return;
}
}
//Auto-Update custom-titles according to Title, as long as unpublished and NOT customized
if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) {
$url_title = stripSpace($Title_plain, 1);
}
$Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', '));
safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = {$Status},\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = {$Annotate},\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted},\n\t\t\t{$whenexpires}", "ID = {$ID}");
if ($Status >= 4) {
if ($oldArticle['Status'] < 4) {
do_pings();
}
update_lastmod();
}
article_edit(get_status_message($Status) . check_url_title($url_title));
}
function section_save()
{
global $app_mode;
$in = array_map('assert_string', psa(array('name', 'title', 'old_name', 'section_page', 'css')));
if (empty($in['title'])) {
$in['title'] = $in['name'];
}
// Prevent non url chars on section names
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$in['title'] = $textile->TextileThis($in['title'], 1);
$in['name'] = strtolower(sanitizeForUrl($in['name']));
extract($in);
$in = doSlash($in);
extract($in, EXTR_PREFIX_ALL, 'safe');
if ($name != strtolower($old_name)) {
if (safe_field('name', 'txp_section', "name='{$safe_name}'")) {
// Invalid input. Halt all further processing (e.g. plugin event handlers).
$message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
// modal_halt($message);
sec_section_list($message);
return;
}
}
$ok = false;
if ($name == 'default') {
$ok = safe_update('txp_section', "page = '{$safe_section_page}', css = '{$safe_css}'", "name = 'default'");
} else {
if ($name) {
extract(array_map('assert_int', psa(array('on_frontpage', 'in_rss', 'searchable'))));
if ($safe_old_name) {
$ok = safe_update('txp_section', "\n\t\t\t\t\tname = '{$safe_name}',\n\t\t\t\t\ttitle = '{$safe_title}',\n\t\t\t\t\tpage = '{$safe_section_page}',\n\t\t\t\t\tcss = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss = {$in_rss},\n\t\t\t\t\tsearchable = {$searchable}\n\t\t\t\t\t", "name = '{$safe_old_name}'");
// Manually maintain referential integrity
if ($ok) {
$ok = safe_update('textpattern', "Section = '{$safe_name}'", "Section = '{$safe_old_name}'");
}
} else {
$ok = safe_insert('txp_section', "\n\t\t\t\t\tname = '{$safe_name}',\n\t\t\t\t\ttitle = '{$safe_title}',\n\t\t\t\t\tpage = '{$safe_section_page}',\n\t\t\t\t\tcss = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss = {$in_rss},\n\t\t\t\t\tsearchable = {$searchable}");
}
}
}
if ($ok) {
update_lastmod();
}
if ($ok) {
sec_section_list(gTxt($safe_old_name ? 'section_updated' : 'section_created', array('{name}' => $name)));
} else {
sec_section_list(array(gTxt('section_save_failed'), E_ERROR));
}
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = getComment();
$evaluator =& get_comment_evaluator();
extract($in);
if (!checkCommentsAllowed($parentid)) {
txp_die(gTxt('comments_closed'), '403');
}
$ip = serverset('REMOTE_ADDR');
if (!checkBan($ip)) {
txp_die(gTxt('you_have_been_banned'), '403');
}
$blacklisted = is_blacklisted($ip);
if ($blacklisted) {
txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403');
}
$web = clean_url($web);
$email = clean_url($email);
if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) {
setCookies($name, $email, $web);
} else {
destroyCookies();
}
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(strip_tags(deEntBrackets($web)));
$email = doSlash(strip_tags(deEntBrackets($email)));
$message = substr(trim($message), 0, 65535);
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'");
if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) {
$evaluator->add_estimate(RELOAD, 1);
// The error-messages are added in the preview-code
}
if ($isdup) {
$evaluator->add_estimate(RELOAD, 1);
}
// FIXME? Tell the user about dupe?
if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) {
callback_event('comment.save');
$visible = $evaluator->get_result();
if ($visible != RELOAD) {
$parentid = assert_int($parentid);
$rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'");
if ($prefs['comment_means_site_updated']) {
update_lastmod();
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid, $rs);
}
$updated = update_comments_count($parentid);
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage;
if (defined('PARTLY_MESSY') and PARTLY_MESSY) {
$backpage = permlinkurl_id($parentid);
}
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0');
txp_status_header('302 Found');
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
log_hit('302');
$evaluator->write_trace();
exit;
}
}
}
// Force another Preview
$_POST['preview'] = RELOAD;
//$evaluator->write_trace();
}
function link_save()
{
global $txpcfg, $vars;
$varray = gpsa($vars);
extract(doSlash($varray));
if (!$linksort) {
$linksort = $linkname;
}
$id = assert_int($id);
$rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
if ($rs) {
update_lastmod();
$message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
link_edit($message);
}
}
function link_multi_edit()
{
global $txp_user, $all_link_cats, $all_link_authors;
// Empty entry to permit clearing the category
$categories = array('');
foreach ($all_link_cats as $row) {
$categories[] = $row['name'];
}
$selected = ps('selected');
if (!$selected or !is_array($selected)) {
link_list();
return;
}
$selected = array_map('assert_int', $selected);
$method = ps('edit_method');
$changed = array();
$key = '';
switch ($method) {
case 'delete':
if (!has_privs('link.delete')) {
if (has_privs('link.delete.own')) {
$selected = safe_column('id', 'txp_link', 'id IN (' . join(',', $selected) . ') AND author=\'' . doSlash($txp_user) . '\'');
} else {
$selected = array();
}
}
foreach ($selected as $id) {
if (safe_delete('txp_link', 'id = ' . $id)) {
$changed[] = $id;
}
}
if ($changed) {
callback_event('links_deleted', '', 0, $changed);
}
$key = '';
break;
case 'changecategory':
$val = ps('category');
if (in_array($val, $categories)) {
$key = 'category';
}
break;
case 'changeauthor':
$val = ps('author');
if (in_array($val, $all_link_authors)) {
$key = 'author';
}
break;
default:
$key = '';
$val = '';
break;
}
if ($selected and $key) {
foreach ($selected as $id) {
if (safe_update('txp_link', "{$key} = '" . doSlash($val) . "'", "id = {$id}")) {
$changed[] = $id;
}
}
}
if ($changed) {
update_lastmod();
link_list(gTxt($method == 'delete' ? 'links_deleted' : 'link_updated', array($method == 'delete' ? '{list}' : '{name}' => join(', ', $changed))));
return;
}
link_list();
}
function link_post()
{
global $txpcfg, $vars;
$varray = gpsa($vars);
extract(doSlash($varray));
if (!$linksort) {
$linksort = $linkname;
}
$q = safe_insert("txp_link", "category = '{$category}',\n\t\t\tdate = now(),\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'");
$GLOBALS['ID'] = mysql_insert_id();
if ($q) {
//update lastmod due to link feeds
update_lastmod();
$message = gTxt('link_created', array('{name}' => $linkname));
link_edit($message);
}
}
function advanced_prefs_save()
{
// update custom fields count from database schema and cache it as a hidden pref
$max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings('describe `' . PFX . 'textpattern`')));
set_pref('max_custom_fields', $max_custom_fields, 'publish', 2);
// safe all regular advanced prefs
$prefnames = safe_column("name", "txp_prefs", "prefs_id = 1 AND type = 1");
$post = doSlash(stripPost());
if (empty($post['tempdir'])) {
$post['tempdir'] = doSlash(find_temp_dir());
}
if (!empty($post['file_max_upload_size'])) {
$post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']);
}
foreach ($prefnames as $prefname) {
if (isset($post[$prefname])) {
safe_update("txp_prefs", "val = '" . $post[$prefname] . "'", "name = '" . doSlash($prefname) . "' and prefs_id = 1");
}
}
update_lastmod();
advanced_prefs(gTxt('preferences_saved'));
}
function thumbnail_create_post()
{
$id = $this->psi('id');
extract(doSlash(gpsa(array('thumbnail_clear_settings', 'thumbnail_delete', 'width', 'height', 'crop'))));
if ($thumbnail_clear_settings) {
$message = $this->thumbnail_clear_settings($id);
} elseif ($thumbnail_delete) {
$message = $this->thumbnail_delete($id);
} else {
$width = (int) $width;
$height = (int) $height;
if ($width != 0 || $height != 0) {
if (img_makethumb($id, $width, $height, $crop)) {
global $prefs;
if ($width == 0) {
$width = '';
}
if ($height == 0) {
$height = '';
}
$prefs['thumb_w'] = $width;
$prefs['thumb_h'] = $height;
$prefs['thumb_crop'] = $crop;
// hidden prefs
set_pref('thumb_w', $width, 'image', 2);
set_pref('thumb_h', $height, 'image', 2);
set_pref('thumb_crop', $crop, 'image', 2);
update_lastmod();
$message = gTxt('thumbnail_saved', array('{id}' => $id));
} else {
$message = gTxt('thumbnail_not_saved', array('{id}' => $id));
}
} else {
$message = messenger('invalid_width_or_height', "({$width})/({$height})", '');
}
}
$this->_message($message);
$this->_set_view('edit', $id);
}
/**
* Saves a form template.
*/
function form_save()
{
global $essential_forms, $form_types;
extract(doSlash(array_map('assert_string', psa(array('savenew', 'Form', 'type', 'copy')))));
$name = sanitizeForPage(assert_string(ps('name')));
$newname = sanitizeForPage(assert_string(ps('newname')));
$save_error = false;
$message = '';
if (in_array($name, $essential_forms)) {
$newname = $name;
$type = fetch('type', 'txp_form', 'name', $newname);
$_POST['newname'] = $newname;
}
if (!$newname) {
$message = array(gTxt('form_name_invalid'), E_ERROR);
$save_error = true;
} else {
if (!isset($form_types[$type])) {
$message = array(gTxt('form_type_missing'), E_ERROR);
$save_error = true;
} else {
if ($copy && $name === $newname) {
$newname .= '_copy';
$_POST['newname'] = $newname;
}
$exists = safe_field('name', 'txp_form', "name = '" . doSlash($newname) . "'");
if ($newname !== $name && $exists !== false) {
$message = array(gTxt('form_already_exists', array('{name}' => $newname)), E_ERROR);
if ($savenew) {
$_POST['newname'] = '';
}
$save_error = true;
} else {
if ($savenew or $copy) {
if ($newname) {
if (safe_insert('txp_form', "Form = '{$Form}',\n type = '{$type}',\n name = '" . doSlash($newname) . "'")) {
update_lastmod();
$message = gTxt('form_created', array('{name}' => $newname));
} else {
$message = array(gTxt('form_save_failed'), E_ERROR);
$save_error = true;
}
} else {
$message = array(gTxt('form_name_invalid'), E_ERROR);
$save_error = true;
}
} else {
if (safe_update('txp_form', "Form = '{$Form}',\n type = '{$type}',\n name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
update_lastmod();
$message = gTxt('form_updated', array('{name}' => $name));
} else {
$message = array(gTxt('form_save_failed'), E_ERROR);
$save_error = true;
}
}
}
}
}
if ($save_error === true) {
$_POST['save_error'] = '1';
} else {
callback_event('form_saved', '', 0, $name, $newname);
}
form_edit($message);
}
function link_multi_edit()
{
global $txp_user;
$selected = ps('selected');
if (!$selected or !is_array($selected)) {
link_edit();
return;
}
$selected = array_map('assert_int', $selected);
$method = ps('edit_method');
$changed = array();
switch ($method) {
case 'delete':
if (!has_privs('link.delete')) {
if (has_privs('link.delete.own')) {
$selected = safe_column('id', 'txp_link', 'id IN (' . join(',', $selected) . ') AND author=\'' . doSlash($txp_user) . '\'');
} else {
$selected = array();
}
}
foreach ($selected as $id) {
if (safe_delete('txp_link', 'id = ' . $id)) {
$changed[] = $id;
}
}
$key = '';
break;
case 'changecategory':
$key = 'category';
$val = ps('category');
break;
case 'changeauthor':
$key = 'author';
$val = ps('author');
break;
default:
$key = '';
$val = '';
break;
}
if ($selected and $key) {
foreach ($selected as $id) {
if (safe_update('txp_link', "{$key} = '" . doSlash($val) . "'", "id = {$id}")) {
$changed[] = $id;
}
}
}
if ($changed) {
update_lastmod();
link_edit(gTxt($method == 'delete' ? 'links_deleted' : 'link_updated', array($method == 'delete' ? '{list}' : '{name}' => join(', ', $changed))));
return;
}
link_edit();
}
function file_delete($ids = array())
{
global $file_base_path, $txp_user;
$ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
if (!has_privs('file.delete')) {
if (has_privs('file.delete.own')) {
$ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\'');
} else {
$ids = array();
}
}
if (!empty($ids)) {
$fail = array();
$rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$filepath = build_file_path($file_base_path, $filename);
// Notify plugins of pending deletion, pass file's id and path.
callback_event('file_deleted', '', false, $id, $filepath);
$rsd = safe_delete('txp_file', "id = {$id}");
$ul = false;
if ($rsd && is_file($filepath)) {
$ul = unlink($filepath);
}
if (!$rsd or !$ul) {
$fail[] = $id;
}
}
if ($fail) {
file_list(array(messenger(gTxt('file_delete_failed'), join(', ', $fail)), E_ERROR));
return;
} else {
update_lastmod('file_deleted', $ids);
file_list(gTxt('file_deleted', array('{name}' => join(', ', $ids))));
return;
}
} else {
file_list(array(messenger(gTxt('file_not_found'), join(', ', $ids), ''), E_ERROR));
return;
}
}
file_list();
}
$HeadURL: http://svn.textpattern.com/current/textpattern/_update.php $
$LastChangedRevision: 711 $
*/
if (!defined('TXP_UPDATE')) {
exit("Nothing here. You can't access this file directly.");
}
if (!safe_field('name', 'txp_prefs', "name = 'allow_raw_php_scripting'")) {
safe_insert('txp_prefs', "prefs_id = 1, name = 'allow_raw_php_scripting', val = '1', type = '1', html='yesnoradio'");
} else {
safe_update('txp_prefs', "html='yesnoradio'", "name='allow_raw_php_scripting'");
}
if (!safe_field('name', 'txp_prefs', "name = 'log_list_pageby'")) {
safe_insert('txp_prefs', "prefs_id = 1, name = 'log_list_pageby', val = '25', type = 2, event = 'publish'");
}
// turn on lastmod handling, and reset the lastmod date
safe_update('txp_prefs', "val='1'", "name='send_lastmod' and prefs_id='1'");
update_lastmod();
// speed up article queries
$has_ss_idx = 0;
$rs = getRows('show index from `' . PFX . 'textpattern`');
foreach ($rs as $row) {
if ($row['Key_name'] == 'section_status_idx') {
$has_ss_idx = 1;
}
}
if (!$has_ss_idx) {
safe_query('alter ignore table `' . PFX . 'textpattern` add index section_status_idx (Section,Status)');
}
if (!safe_field('name', 'txp_prefs', "name = 'title_no_widow'")) {
safe_insert('txp_prefs', "prefs_id = 1, name = 'title_no_widow', val = '1', type = '1', html='yesnoradio'");
}
function thumbnail_delete()
{
global $txp_user;
$id = assert_int(gps('id'));
$author = fetch('author', 'txp_image', 'id', $id);
if (!has_privs('image.edit') && !($author === $txp_user && has_privs('image.edit.own'))) {
image_list(gTxt('restricted_area'));
return;
}
$t = new txp_thumb($id);
if ($t->delete()) {
callback_event('thumbnail_deleted', '', false, $id);
update_lastmod();
image_edit(gTxt('thumbnail_deleted'), $id);
} else {
image_edit(array(gTxt('thumbnail_delete_failed'), E_ERROR), $id);
}
}
function list_multi_edit()
{
global $txp_user;
$selected = ps('selected');
if (!$selected or !is_array($selected)) {
return list_list();
}
$selected = array_map('assert_int', $selected);
$method = ps('edit_method');
$changed = false;
$ids = array();
if ($method == 'delete') {
if (!has_privs('article.delete')) {
$allowed = array();
if (has_privs('article.delete.own')) {
foreach ($selected as $id) {
$author = safe_field('AuthorID', 'textpattern', "ID = {$id}");
if ($author == $txp_user) {
$allowed[] = $id;
}
}
}
$selected = $allowed;
}
foreach ($selected as $id) {
if (safe_delete('textpattern', "ID = {$id}")) {
$ids[] = $id;
}
}
$changed = join(', ', $ids);
if ($changed) {
safe_update('txp_discuss', "visible = " . MODERATE, "parentid in({$changed})");
}
} else {
$selected = array_map('assert_int', $selected);
$selected = safe_rows('ID, AuthorID, Status', 'textpattern', 'ID in (' . implode(',', $selected) . ')');
$allowed = array();
foreach ($selected as $item) {
if ($item['Status'] >= 4 and has_privs('article.edit.published') or $item['Status'] >= 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $item['Status'] < 4 and has_privs('article.edit') or $item['Status'] < 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own')) {
$allowed[] = $item['ID'];
}
}
$selected = $allowed;
unset($allowed);
switch ($method) {
// change author
case 'changeauthor':
$key = 'AuthorID';
$val = has_privs('article.edit') ? ps('AuthorID') : '';
// do not allow to be set to an empty value
if (!$val) {
$selected = array();
}
break;
// change category1
// change category1
case 'changecategory1':
$key = 'Category1';
$val = ps('Category1');
break;
// change category2
// change category2
case 'changecategory2':
$key = 'Category2';
$val = ps('Category2');
break;
// change comments
// change comments
case 'changecomments':
$key = 'Annotate';
$val = (int) ps('Annotate');
break;
// change section
// change section
case 'changesection':
$key = 'Section';
$val = ps('Section');
// do not allow to be set to an empty value
if (!$val) {
$selected = array();
}
break;
// change status
// change status
case 'changestatus':
$key = 'Status';
$val = ps('Status');
if (!has_privs('article.publish') && $val >= 4) {
$val = 3;
}
// do not allow to be set to an empty value
if (!$val) {
$selected = array();
}
break;
default:
$key = '';
$val = '';
break;
}
if ($selected and $key) {
foreach ($selected as $id) {
if (safe_update('textpattern', "{$key} = '" . doSlash($val) . "'", "ID = {$id}")) {
$ids[] = $id;
}
}
$changed = join(', ', $ids);
}
}
if ($changed) {
update_lastmod();
return list_list(messenger('article', $changed, $method == 'delete' ? 'deleted' : 'modified'));
}
return list_list();
}
function file_delete($ids = array())
{
global $file_base_path, $txp_user;
$ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
$message = '';
if (!has_privs('file.delete')) {
if (has_privs('file.delete.own')) {
$ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\'');
} else {
$ids = array();
}
}
if (!empty($ids)) {
$fail = array();
$rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$filepath = build_file_path($file_base_path, $filename);
$rsd = safe_delete('txp_file', "id = {$id}");
$ul = false;
if ($rsd && is_file($filepath)) {
$ul = unlink($filepath);
}
if (!$rsd or !$ul) {
$fail[] = $id;
}
}
if ($fail) {
$message = messenger(gTxt('file_delete_failed'), join(', ', $fail), '');
} else {
update_lastmod();
$message = gTxt('file_deleted', array('{name}' => join(', ', $ids)));
}
} else {
$message = messenger(gTxt('file_not_found'), join(', ', $ids), '');
}
}
file_list($message);
}
function form_save()
{
global $vars, $step, $essential_forms, $form_types;
extract(doSlash(array_map('assert_string', gpsa($vars))));
$name = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('name'))));
if (!$name) {
$step = 'form_create';
$message = gTxt('form_name_invalid');
return form_edit(array($message, E_ERROR));
}
if (!isset($form_types[$type])) {
$step = 'form_create';
$message = gTxt('form_type_missing');
return form_edit(array($message, E_ERROR));
}
if ($savenew) {
$exists = safe_field('name', 'txp_form', "name = '{$name}'");
if ($exists) {
$step = 'form_create';
$message = gTxt('form_already_exists', array('{name}' => $name));
return form_edit(array($message, E_ERROR));
}
if (safe_insert('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'")) {
update_lastmod();
$message = gTxt('form_created', array('{name}' => $name));
} else {
$message = array(gTxt('form_save_failed'), E_ERROR);
}
return form_edit($message);
}
if (safe_update('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'", "name = '{$oldname}'")) {
update_lastmod();
$message = gTxt('form_updated', array('{name}' => $name));
} else {
$message = array(gTxt('form_save_failed'), E_ERROR);
}
form_edit($message);
}
function file_multi_edit()
{
$selected = ps('selected');
if (!$selected or !is_array($selected)) {
return file_list();
}
$selected = array_map('assert_int', $selected);
$method = ps('edit_method');
$changed = array();
if ($method == 'delete') {
return file_delete($selected);
}
if ($method == 'changecategory') {
foreach ($selected as $id) {
if (safe_update('txp_file', "category = '" . doSlash(ps('category')) . "'", "id = {$id}")) {
$changed[] = $id;
}
}
}
if ($changed) {
update_lastmod();
return file_list(gTxt('file_updated', array('{name}' => join(', ', $changed))));
}
return file_list();
}
/**
* Processes sent forms and updates existing articles.
*/
function article_save()
{
global $txp_user, $vars, $prefs;
extract($prefs);
$incoming = array_map('assert_string', psa($vars));
$oldArticle = safe_row("Status, url_title, Title, textile_body, textile_excerpt,\n UNIX_TIMESTAMP(LastMod) AS sLastMod, LastModID,\n UNIX_TIMESTAMP(Posted) AS sPosted,\n UNIX_TIMESTAMP(Expires) AS sExpires", 'textpattern', "ID = " . (int) $incoming['ID']);
if (!($oldArticle['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $oldArticle['Status'] >= STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < STATUS_LIVE and has_privs('article.edit') or $oldArticle['Status'] < STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own'))) {
// Not allowed, you silly rabbit, you shouldn't even be here.
// Show default editing screen.
article_edit();
return;
}
if ($oldArticle['sLastMod'] != $incoming['sLastMod']) {
article_edit(array(gTxt('concurrent_edit_by', array('{author}' => txpspecialchars($oldArticle['LastModID']))), E_ERROR), true, true);
return;
}
if (!has_privs('article.set_markup')) {
$incoming['textile_body'] = $oldArticle['textile_body'];
$incoming['textile_excerpt'] = $oldArticle['textile_excerpt'];
}
$incoming = textile_main_fields($incoming);
extract(doSlash($incoming));
extract(array_map('assert_int', psa(array('ID', 'Status'))));
// Comments may be on, off, or disabled.
$Annotate = (int) $Annotate;
if (!has_privs('article.publish') && $Status >= STATUS_LIVE) {
$Status = STATUS_PENDING;
}
// Set and validate article timestamp.
if ($reset_time) {
$whenposted = "Posted = NOW()";
$when_ts = time();
} else {
if (!is_numeric($year) || !is_numeric($month) || !is_numeric($day) || !is_numeric($hour) || !is_numeric($minute) || !is_numeric($second)) {
$ts = false;
} else {
$ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
}
if ($ts === false || $ts < 0) {
$when = $when_ts = $oldArticle['sPosted'];
$msg = array(gTxt('invalid_postdate'), E_ERROR);
} else {
$when = $when_ts = $ts - tz_offset($ts);
}
$whenposted = "Posted = FROM_UNIXTIME({$when})";
}
// Set and validate expiry timestamp.
if (empty($exp_year)) {
$expires = 0;
} else {
if (empty($exp_month)) {
$exp_month = 1;
}
if (empty($exp_day)) {
$exp_day = 1;
}
if (empty($exp_hour)) {
$exp_hour = 0;
}
if (empty($exp_minute)) {
$exp_minute = 0;
}
if (empty($exp_second)) {
$exp_second = 0;
}
$ts = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second);
if ($ts === false || $ts < 0) {
$expires = $oldArticle['sExpires'];
$msg = array(gTxt('invalid_expirydate'), E_ERROR);
} else {
$expires = $ts - tz_offset($ts);
}
}
if ($expires && $expires <= $when_ts) {
$expires = $oldArticle['sExpires'];
$msg = array(gTxt('article_expires_before_postdate'), E_ERROR);
}
if ($expires) {
$whenexpires = "Expires = FROM_UNIXTIME({$expires})";
} else {
$whenexpires = "Expires = " . NULLDATETIME;
}
// Auto-update custom-titles according to Title, as long as unpublished and
// NOT customised.
if (empty($url_title) || $oldArticle['Status'] < STATUS_LIVE && $oldArticle['url_title'] === $url_title && $oldArticle['url_title'] === stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] !== $Title) {
$url_title = stripSpace($Title_plain, 1);
}
$Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', '));
$user = doSlash($txp_user);
$description = doSlash($description);
$cfq = array();
$cfs = getCustomFields();
foreach ($cfs as $i => $cf_name) {
$custom_x = "custom_{$i}";
$cfq[] = "custom_{$i} = '" . ${$custom_x} . "'";
}
$cfq = join(', ', $cfq);
$rs = compact($vars);
if (article_validate($rs, $msg)) {
if (safe_update('textpattern', "Title = '{$Title}',\n Body = '{$Body}',\n Body_html = '{$Body_html}',\n Excerpt = '{$Excerpt}',\n Excerpt_html = '{$Excerpt_html}',\n Keywords = '{$Keywords}',\n description = '{$description}',\n Image = '{$Image}',\n Status = {$Status},\n LastMod = NOW(),\n LastModID = '{$user}',\n Section = '{$Section}',\n Category1 = '{$Category1}',\n Category2 = '{$Category2}',\n Annotate = {$Annotate},\n textile_body = '{$textile_body}',\n textile_excerpt = '{$textile_excerpt}',\n override_form = '{$override_form}',\n url_title = '{$url_title}',\n AnnotateInvite = '{$AnnotateInvite}'," . ($cfs ? $cfq . ',' : '') . "{$whenposted},\n {$whenexpires}", "ID = {$ID}")) {
if ($Status >= STATUS_LIVE && $oldArticle['Status'] < STATUS_LIVE) {
do_pings();
}
if ($Status >= STATUS_LIVE || $oldArticle['Status'] >= STATUS_LIVE) {
update_lastmod('article_saved', $rs);
}
now('posted', true);
now('expires', true);
callback_event('article_saved', '', false, $rs);
if (empty($msg)) {
$s = check_url_title($url_title);
$msg = array(get_status_message($Status) . ' ' . $s, $s ? E_WARNING : 0);
}
} else {
$msg = array(gTxt('article_save_failed'), E_ERROR);
}
}
article_edit($msg, false, true);
}
/**
* Commits prefs to the database.
*/
function prefs_save()
{
global $prefs, $gmtoffset, $is_dst, $auto_dst, $timezone_key, $txp_user;
// Update custom fields count from database schema and cache it as a hidden pref.
// TODO: move this when custom fields are refactored.
$max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings('describe ' . safe_pfx('textpattern'))));
set_pref('max_custom_fields', $max_custom_fields, 'publish', 2);
$sql = array();
$sql[] = 'prefs_id = 1 and event != "" and type in(' . PREF_CORE . ', ' . PREF_PLUGIN . ', ' . PREF_HIDDEN . ')';
$sql[] = "(user_name = '' or (user_name='" . doSlash($txp_user) . "' and name not in(\n select name from " . safe_pfx('txp_prefs') . " where user_name = ''\n )))";
if (!get_pref('use_comments', 1, 1)) {
$sql[] = "event != 'comments'";
}
$prefnames = safe_rows_start("name, event, user_name, val", 'txp_prefs', join(' and ', $sql));
$post = stripPost();
if (isset($post['tempdir']) && empty($post['tempdir'])) {
$post['tempdir'] = find_temp_dir();
}
if (!empty($post['file_max_upload_size'])) {
$post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']);
}
if (isset($post['auto_dst'])) {
$prefs['auto_dst'] = $auto_dst = $post['auto_dst'];
if (isset($post['is_dst']) && !$post['auto_dst']) {
$is_dst = $post['is_dst'];
}
}
// Forge $gmtoffset and $is_dst from $timezone_key if present.
if (isset($post['timezone_key'])) {
$key = $post['timezone_key'];
$tzd = Txp::get('Textpattern_Date_Timezone')->getTimeZones();
if (isset($tzd[$key])) {
$prefs['timezone_key'] = $timezone_key = $key;
$post['gmtoffset'] = $prefs['gmtoffset'] = $gmtoffset = $tzd[$key]['offset'];
$post['is_dst'] = $prefs['is_dst'] = $is_dst = Txp::get('Textpattern_Date_Timezone')->isDst(null, $key);
}
}
if (isset($post['siteurl'])) {
$post['siteurl'] = preg_replace('#^https?://#', '', rtrim($post['siteurl'], '/ '));
}
while ($a = nextRow($prefnames)) {
extract($a);
if (!isset($post[$name]) || !has_privs('prefs.' . $event)) {
continue;
}
if ($name === 'logging' && $post[$name] === 'none' && $post[$name] !== $val) {
safe_truncate('txp_log');
}
if ($name === 'expire_logs_after' && (int) $post[$name] !== (int) $val) {
safe_delete('txp_log', 'time < date_sub(now(), interval ' . intval($post[$name]) . ' day)');
}
update_pref($name, (string) $post[$name], null, null, null, null, (string) $user_name);
}
update_lastmod();
prefs_list(gTxt('preferences_saved'));
}
function section_save()
{
global $txpcfg, $app_mode;
extract(doSlash(psa(array('page', 'css', 'old_name'))));
extract(psa(array('name', 'title')));
$prequel = '';
$sequel = '';
if (empty($title)) {
$title = $name;
}
// Prevent non url chars on section names
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$title = doSlash($textile->TextileThis($title, 1));
$name = doSlash(sanitizeForUrl($name));
if ($old_name && strtolower($name) != strtolower($old_name)) {
if (safe_field('name', 'txp_section', "name='{$name}'")) {
$message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
if ($app_mode == 'async') {
// TODO: Better/themeable popup
send_script_response('window.alert("' . escape_js(strip_tags(gTxt('section_name_already_exists', array('{name}' => $name)))) . '")');
} else {
sec_section_list($message);
return;
}
}
}
if ($name == 'default') {
safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'");
update_lastmod();
} else {
extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable'))));
// note this means 'selected by default' not 'default page'
if ($is_default) {
safe_update("txp_section", "is_default = 0", "name != '{$old_name}'");
// switch off $is_default for all sections in async app_mode
if ($app_mode == 'async') {
$prequel = '$("input[name=\\"is_default\\"][value=\\"1\\"]").attr("checked", false);' . '$("input[name=\\"is_default\\"][value=\\"0\\"]").attr("checked", true);';
}
}
safe_update('txp_section', "\n\t\t\t\tname = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss = {$in_rss},\n\t\t\t\tsearchable = {$searchable}\n\t\t\t", "name = '{$old_name}'");
safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'");
update_lastmod();
}
$message = gTxt('section_updated', array('{name}' => $name));
if ($app_mode == 'async') {
// Caveat: Use unslashed params for DTO
$s = psa(array('name', 'title', 'page', 'css')) + compact('is_default', 'on_frontpage', 'in_rss', 'searchable');
$s = section_detail_partial($s);
send_script_response($prequel . '$("#section-form-' . $name . '").replaceWith("' . escape_js($s) . '");' . $sequel);
} else {
sec_section_list($message);
}
}
/**
* Saves or clones a page template.
*/
function page_save()
{
extract(doSlash(array_map('assert_string', psa(array('savenew', 'html', 'copy')))));
$name = sanitizeForPage(assert_string(ps('name')));
$newname = sanitizeForPage(assert_string(ps('newname')));
$save_error = false;
$message = '';
if (!$newname) {
$message = array(gTxt('page_name_invalid'), E_ERROR);
$save_error = true;
} else {
if ($copy && $name === $newname) {
$newname .= '_copy';
$_POST['newname'] = $newname;
}
$exists = safe_field("name", 'txp_page', "name = '" . doSlash($newname) . "'");
if ($newname !== $name && $exists !== false) {
$message = array(gTxt('page_already_exists', array('{name}' => $newname)), E_ERROR);
if ($savenew) {
$_POST['newname'] = '';
}
$save_error = true;
} else {
if ($savenew or $copy) {
if ($newname) {
if (safe_insert('txp_page', "name = '" . doSlash($newname) . "', user_html = '{$html}'")) {
update_lastmod('page_created', compact('newname', 'name', 'html'));
$message = gTxt('page_created', array('{name}' => $newname));
} else {
$message = array(gTxt('page_save_failed'), E_ERROR);
$save_error = true;
}
} else {
$message = array(gTxt('page_name_invalid'), E_ERROR);
$save_error = true;
}
} else {
if (safe_update('txp_page', "user_html = '{$html}', name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
safe_update('txp_section', "page = '" . doSlash($newname) . "'", "page = '" . doSlash($name) . "'");
update_lastmod('page_saved', compact('newname', 'name', 'html'));
$message = gTxt('page_updated', array('{name}' => $name));
} else {
$message = array(gTxt('page_save_failed'), E_ERROR);
$save_error = true;
}
}
}
}
if ($save_error === true) {
$_POST['save_error'] = '1';
} else {
callback_event('page_saved', '', 0, $name, $newname);
}
page_edit($message);
}
/**
* Saves a section.
*/
function section_save()
{
$in = array_map('assert_string', psa(array('name', 'title', 'description', 'old_name', 'section_page', 'css')));
if (empty($in['title'])) {
$in['title'] = $in['name'];
}
// Prevent non-URL characters on section names.
$in['name'] = strtolower(sanitizeForUrl($in['name']));
extract($in);
$in = doSlash($in);
extract($in, EXTR_PREFIX_ALL, 'safe');
if ($name != strtolower($old_name)) {
if (safe_field('name', 'txp_section', "name='{$safe_name}'")) {
// Invalid input. Halt all further processing (e.g. plugin event
// handlers).
$message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
// modal_halt($message);
sec_section_list($message);
return;
}
}
$ok = false;
if ($name == 'default') {
$ok = safe_update('txp_section', "page = '{$safe_section_page}', css = '{$safe_css}', description = '{$safe_description}'", "name = 'default'");
} elseif ($name) {
extract(array_map('assert_int', psa(array('on_frontpage', 'in_rss', 'searchable'))));
if ($safe_old_name) {
$ok = safe_update('txp_section', "\n name = '{$safe_name}',\n title = '{$safe_title}',\n page = '{$safe_section_page}',\n css = '{$safe_css}',\n description = '{$safe_description}',\n on_frontpage = {$on_frontpage},\n in_rss = {$in_rss},\n searchable = {$searchable}\n ", "name = '{$safe_old_name}'");
// Manually maintain referential integrity.
if ($ok) {
$ok = safe_update('textpattern', "Section = '{$safe_name}'", "Section = '{$safe_old_name}'");
}
} else {
$ok = safe_insert('txp_section', "\n name = '{$safe_name}',\n title = '{$safe_title}',\n page = '{$safe_section_page}',\n css = '{$safe_css}',\n description = '{$safe_description}',\n on_frontpage = {$on_frontpage},\n in_rss = {$in_rss},\n searchable = {$searchable}");
}
}
if ($ok) {
update_lastmod('section_saved', compact('name', 'title', 'page', 'css', 'description', 'on_frontpage', 'in_rss', 'searchable'));
}
if ($ok) {
sec_section_list(gTxt($safe_old_name ? 'section_updated' : 'section_created', array('{name}' => $name)));
} else {
sec_section_list(array(gTxt('section_save_failed'), E_ERROR));
}
}
function page_save()
{
extract(doSlash(gpsa(array('name', 'html', 'copy'))));
if ($copy) {
$newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname'))));
if ($newname and safe_field('name', 'txp_page', "name = '{$newname}'")) {
$message = gTxt('page_already_exists', array('{name}' => $newname));
} elseif ($newname) {
safe_insert('txp_page', "name = '{$newname}', user_html = '{$html}'");
update_lastmod();
$message = gTxt('page_created', array('{name}' => $newname));
} else {
$message = gTxt('page_name_invalid');
}
page_edit($message);
} else {
safe_update('txp_page', "user_html = '{$html}'", "name = '{$name}'");
update_lastmod();
$message = gTxt('page_updated', array('{name}' => $name));
page_edit($message);
}
}
function advanced_prefs_save()
{
$prefnames = safe_column("name", "txp_prefs", "prefs_id = 1 AND type = 1");
$post = doSlash(stripPost());
if (empty($post['tempdir'])) {
$post['tempdir'] = doSlash(find_temp_dir());
}
if (!empty($post['file_max_upload_size'])) {
$post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']);
}
foreach ($prefnames as $prefname) {
if (isset($post[$prefname])) {
safe_update("txp_prefs", "val = '" . $post[$prefname] . "'", "name = '" . doSlash($prefname) . "' and prefs_id = 1");
}
}
update_lastmod();
advanced_prefs(gTxt('preferences_saved'));
}
function form_save()
{
global $vars, $step, $essential_forms;
extract(doSlash(gpsa($vars)));
$name = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('name'))));
if (!$name) {
$step = 'form_create';
$message = gTxt('form_name_invalid');
return form_edit(array($message, E_ERROR));
}
if (!in_array($type, array('article', 'category', 'comment', 'file', 'link', 'misc', 'section'))) {
$step = 'form_create';
$message = gTxt('form_type_missing');
return form_edit(array($message, E_ERROR));
}
if ($savenew) {
$exists = safe_field('name', 'txp_form', "name = '{$name}'");
if ($exists) {
$step = 'form_create';
$message = gTxt('form_already_exists', array('{name}' => $name));
return form_edit(array($message, E_ERROR));
}
safe_insert('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'");
update_lastmod();
$message = gTxt('form_created', array('{name}' => $name));
return form_edit($message);
}
safe_update('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'", "name = '{$oldname}'");
update_lastmod();
$message = gTxt('form_updated', array('{name}' => $name));
form_edit($message);
}
/**
* Commits prefs to the database.
*/
function prefs_save()
{
global $prefs, $gmtoffset, $is_dst, $auto_dst, $timezone_key, $txp_user;
// Update custom fields count from database schema and cache it as a hidden pref.
// TODO: move this when custom fields are refactored.
$max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings("DESCRIBE " . safe_pfx('textpattern'))));
set_pref('max_custom_fields', $max_custom_fields, 'publish', 2);
$sql = array();
$sql[] = "prefs_id = 1 AND event != '' AND type IN (" . PREF_CORE . ", " . PREF_PLUGIN . ", " . PREF_HIDDEN . ")";
$sql[] = "(user_name = '' OR (user_name = '" . doSlash($txp_user) . "' AND name NOT IN (\n SELECT name FROM " . safe_pfx('txp_prefs') . " WHERE user_name = ''\n )))";
if (!get_pref('use_comments', 1, 1)) {
$sql[] = "event != 'comments'";
}
$prefnames = safe_rows_start("name, event, user_name, val", 'txp_prefs', join(" AND ", $sql));
$post = stripPost();
if (isset($post['tempdir']) && empty($post['tempdir'])) {
$post['tempdir'] = find_temp_dir();
}
if (!empty($post['file_max_upload_size'])) {
$post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']);
}
if (isset($post['auto_dst'])) {
$prefs['auto_dst'] = $auto_dst = $post['auto_dst'];
if (isset($post['is_dst']) && !$post['auto_dst']) {
$is_dst = $post['is_dst'];
}
}
// Forge $gmtoffset and $is_dst from $timezone_key if present.
if (isset($post['timezone_key'])) {
$key = $post['timezone_key'];
$tzd = Txp::get('\\Textpattern\\Date\\Timezone')->getTimeZones();
if (isset($tzd[$key])) {
$prefs['timezone_key'] = $timezone_key = $key;
$post['gmtoffset'] = $prefs['gmtoffset'] = $gmtoffset = $tzd[$key]['offset'];
$post['is_dst'] = $prefs['is_dst'] = $is_dst = Txp::get('\\Textpattern\\Date\\Timezone')->isDst(null, $key);
}
}
if (isset($post['siteurl'])) {
$post['siteurl'] = preg_replace('#^https?://#', '', rtrim($post['siteurl'], '/ '));
}
while ($a = nextRow($prefnames)) {
extract($a);
if (!isset($post[$name]) || !has_privs('prefs.' . $event)) {
continue;
}
if ($name === 'logging' && $post[$name] === 'none' && $post[$name] !== $val) {
safe_truncate('txp_log');
}
if ($name === 'expire_logs_after' && (int) $post[$name] !== (int) $val) {
safe_delete('txp_log', "time < DATE_SUB(NOW(), INTERVAL " . intval($post[$name]) . " DAY)");
}
update_pref($name, (string) $post[$name], null, null, null, null, (string) $user_name);
}
update_lastmod('preferences_saved');
prefs_list(gTxt('preferences_saved'));
}
function delete_declaration($css)
{
$thedec = gps('declaration');
$name = gps('name');
$i = 0;
foreach ($css as $a => $b) {
$cursel = $i++;
$ii = 0;
foreach ($b as $c => $d) {
$curdec = $ii++;
if ($cursel . '-' . $curdec != $thedec) {
$out[$a][$c] = $d;
}
}
}
$css = base64_encode(css_format($out));
safe_update("txp_css", "css='" . doSlash($css) . "'", "name='" . doSlash($name) . "'");
// update site last mod time
update_lastmod();
return parseCSS(base64_decode(fetch('css', 'txp_css', 'name', $name)));
}
/**
* Processes multi-edit actions.
*/
function list_multi_edit()
{
global $txp_user, $statuses, $all_cats, $all_authors, $all_sections;
extract(psa(array('selected', 'edit_method')));
if (!$selected || !is_array($selected)) {
return list_list();
}
$selected = array_map('assert_int', $selected);
// Empty entry to permit clearing the categories.
$categories = array('');
foreach ($all_cats as $row) {
$categories[] = $row['name'];
}
$allowed = array();
$field = $value = '';
switch ($edit_method) {
// Delete.
case 'delete':
if (!has_privs('article.delete')) {
if (has_privs('article.delete.own')) {
$allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'");
}
$selected = $allowed;
}
if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) {
safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")");
callback_event('articles_deleted', '', 0, $selected);
callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value'));
update_lastmod('articles_deleted', $selected);
now('posted', true);
now('expires', true);
return list_list(messenger('article', join(', ', $selected), 'deleted'));
}
return list_list();
break;
// Change author.
// Change author.
case 'changeauthor':
$value = ps('AuthorID');
if (has_privs('article.edit') && in_array($value, $all_authors, true)) {
$field = 'AuthorID';
}
break;
// Change category1.
// Change category1.
case 'changecategory1':
$value = ps('Category1');
if (in_array($value, $categories, true)) {
$field = 'Category1';
}
break;
// Change category2.
// Change category2.
case 'changecategory2':
$value = ps('Category2');
if (in_array($value, $categories, true)) {
$field = 'Category2';
}
break;
// Change comment status.
// Change comment status.
case 'changecomments':
$field = 'Annotate';
$value = (int) ps('Annotate');
break;
// Change section.
// Change section.
case 'changesection':
$value = ps('Section');
if (in_array($value, $all_sections, true)) {
$field = 'Section';
}
break;
// Change status.
// Change status.
case 'changestatus':
$value = (int) ps('Status');
if (array_key_exists($value, $statuses)) {
$field = 'Status';
}
if (!has_privs('article.publish') && $value >= STATUS_LIVE) {
$value = STATUS_PENDING;
}
break;
}
$selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")");
foreach ($selected as $item) {
if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) {
$allowed[] = $item['ID'];
}
}
$selected = $allowed;
if ($selected) {
$message = messenger('article', join(', ', $selected), 'modified');
if ($edit_method === 'duplicate') {
$rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")");
if ($rs) {
while ($a = nextRow($rs)) {
unset($a['ID'], $a['LastMod'], $a['LastModID'], $a['Expires']);
$a['uid'] = md5(uniqid(rand(), true));
$a['AuthorID'] = $txp_user;
foreach ($a as $name => &$value) {
$value = "`{$name}` = '" . doSlash($value) . "'";
}
if ($id = (int) safe_insert('textpattern', join(',', $a))) {
safe_update('textpattern', "Title = CONCAT(Title, ' (', {$id}, ')'),\n url_title = CONCAT(url_title, '-', {$id}),\n Posted = NOW(),\n feed_time = NOW()", "ID = {$id}");
}
}
}
$message = gTxt('duplicated_articles', array('{id}' => join(', ', $selected)));
} elseif (!$field || safe_update('textpattern', "{$field} = '" . doSlash($value) . "'", "ID IN (" . join(',', $selected) . ")") === false) {
return list_list();
}
update_lastmod('articles_updated', compact('selected', 'field', 'value'));
now('posted', true);
now('expires', true);
callback_event('multi_edited.articles', $edit_method, 0, compact('selected', 'field', 'value'));
return list_list($message);
}
return list_list();
}