示例#1
0
文件: _blog.class.php 项目: LFSF/oras
    /**
     * Load data from Request form fields.
     *
     * @param array groups of params to load
     * @return boolean true if loaded data seems valid.
     */
    function load_from_Request($groups = array())
    {
        global $Messages, $default_locale, $DB;
        /**
         * @var User
         */
        global $current_User;
        if (param('blog_name', 'string', NULL) !== NULL) {
            // General params:
            $this->set_from_Request('name');
            $this->set('shortname', param('blog_shortname', 'string', true));
            $this->set('locale', param('blog_locale', 'string', $default_locale));
        }
        if (param('archive_links', 'string', NULL) !== NULL) {
            // Archive link type:
            $this->set_setting('archive_links', get_param('archive_links'));
            $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true);
        }
        if (param('chapter_links', 'string', NULL) !== NULL) {
            // Chapter link type:
            $this->set_setting('chapter_links', get_param('chapter_links'));
        }
        if (param('category_prefix', 'string', NULL) !== NULL) {
            $category_prefix = get_param('category_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
                param_error('category_prefix', T_('Invalid category prefix.'));
            }
            $this->set_setting('category_prefix', $category_prefix);
        }
        if (param('tag_links', 'string', NULL) !== NULL) {
            // Tag page link type:
            $this->set_setting('tag_links', get_param('tag_links'));
        }
        if (param('tag_prefix', 'string', NULL) !== NULL) {
            $category_prefix = get_param('tag_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
                param_error('tag_prefix', T_('Invalid category prefix.'));
            }
            $this->set_setting('tag_prefix', $category_prefix);
        }
        if (param('chapter_posts_per_page', 'integer', NULL) !== NULL) {
            // Chapter link type:
            $this->set_setting('chapter_posts_per_page', get_param('chapter_posts_per_page'), true);
            $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true);
        }
        if (param('single_links', 'string', NULL) !== NULL) {
            // Single post link type:
            $this->set_setting('single_links', get_param('single_links'));
        }
        if (param('blog_skin_ID', 'integer', NULL) !== NULL) {
            // Default blog:
            $this->set_from_Request('skin_ID');
        }
        if (param('what_to_show', 'string', NULL) !== NULL) {
            // Show x days or x posts?:
            $this->set_setting('what_to_show', get_param('what_to_show'));
            param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.'));
            $this->set_setting('posts_per_page', get_param('posts_per_page'));
            $this->set_setting('archive_mode', param('archive_mode', 'string', true));
            $this->set_setting('orderby', param('orderby', 'string', true));
            $this->set_setting('orderdir', param('orderdir', 'string', true));
        }
        if (param('feed_content', 'string', NULL) !== NULL) {
            // How much content in feeds?
            $this->set_setting('feed_content', get_param('feed_content'));
            param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.'));
            $this->set_setting('posts_per_feed', get_param('posts_per_feed'));
        }
        if (param('blog_description', 'string', NULL) !== NULL) {
            // Description:
            $this->set_from_Request('shortdesc', 'blog_description');
        }
        if (param('blog_keywords', 'string', NULL) !== NULL) {
            // Keywords:
            $this->set_from_Request('keywords');
        }
        if (param('blog_tagline', 'html', NULL) !== NULL) {
            // HTML tagline:
            param_check_html('blog_tagline', T_('Invalid tagline'));
            $this->set('tagline', get_param('blog_tagline'));
        }
        if (param('blog_longdesc', 'html', NULL) !== NULL) {
            // HTML long description:
            param_check_html('blog_longdesc', T_('Invalid long description'));
            $this->set('longdesc', get_param('blog_longdesc'));
        }
        if (param('blog_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('blog_footer_text', T_('Invalid blog footer'));
            $this->set_setting('blog_footer_text', get_param('blog_footer_text'));
        }
        if (param('single_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('single_item_footer_text', T_('Invalid single post footer'));
            $this->set_setting('single_item_footer_text', get_param('single_item_footer_text'));
        }
        if (param('xml_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('xml_item_footer_text', T_('Invalid RSS footer'));
            $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text'));
        }
        if (param('blog_notes', 'html', NULL) !== NULL) {
            // HTML notes:
            param_check_html('blog_notes', T_('Invalid Blog Notes'));
            $this->set('notes', get_param('blog_notes'));
        }
        if (in_array('pings', $groups)) {
            // we want to load the ping checkboxes:
            $blog_ping_plugins = param('blog_ping_plugins', 'array', array());
            $blog_ping_plugins = array_unique($blog_ping_plugins);
            $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins));
        }
        if (in_array('features', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0));
            $this->set('advanced_perms', param('advanced_perms', 'integer', 0));
            $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0));
            $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0));
            $this->set('allowusercss', param('blog_allowusercss', 'integer', 0));
        }
        if (param('blog_allowcomments', 'string', NULL) !== NULL) {
            // Feedback options:
            $this->set_from_Request('allowcomments');
            $this->set_setting('new_feedback_status', param('new_feedback_status', 'string', 'draft'));
            $this->set_setting('allow_rating', param('allow_rating', 'string', 'never'));
            $this->set('allowtrackbacks', param('blog_allowtrackbacks', 'integer', 0));
            // Public blog list
            $this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0));
        }
        if (in_array('seo', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0));
            $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0));
            $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0));
            $this->set_setting('default_noindex', param('default_noindex', 'integer', 0));
            $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0));
            $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0));
            $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0));
            $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0));
            $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0));
            $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0));
            $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0));
            $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0));
            $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0));
            $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0));
            $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0));
            $this->set_setting('special_noindex', param('special_noindex', 'integer', 0));
            $this->set_setting('title_link_type', param('title_link_type', 'string', ''));
            $this->set_setting('permalinks', param('permalinks', 'string', ''));
        }
        /*
         * ADVANCED ADMIN SETTINGS
         */
        if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) {
            // We have permission to edit advanced admin settings:
            if (param('owner_login', 'string', NULL) !== NULL) {
                // Permissions:
                $UserCache =& get_Cache('UserCache');
                $owner_User =& $UserCache->get_by_login(get_param('owner_login'), false, false);
                if (empty($owner_User)) {
                    param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login')));
                } else {
                    $this->set('owner_user_ID', $owner_User->ID);
                    $this->owner_User =& $owner_User;
                }
            }
            if (param('blog_urlname', 'string', NULL) !== NULL) {
                // check urlname
                if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) {
                    $this->set_from_Request('urlname');
                    if (!preg_match('|^[A-Za-z0-9\\-]+$|', $this->urlname)) {
                        param_error('blog_urlname', T_('The url name is invalid.'));
                    }
                    if ($DB->get_var('SELECT COUNT(*)
															 FROM T_blogs
															WHERE blog_urlname = ' . $DB->quote($this->get('urlname')) . '
															  AND blog_ID <> ' . $this->ID)) {
                        // urlname is already in use
                        param_error('blog_urlname', T_('This URL name is already in use by another blog. Please choose another name.'));
                    }
                }
            }
            if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) {
                // Blog URL parameters:
                $this->set('access_type', $access_type);
                if ($access_type == 'absolute') {
                    $blog_siteurl = param('blog_siteurl_absolute', 'string', true);
                    if (!preg_match('#^https?://.+#', $blog_siteurl)) {
                        $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'), 'error');
                    }
                    $this->set('siteurl', $blog_siteurl);
                } elseif ($access_type == 'relative') {
                    // relative siteurl
                    $blog_siteurl = param('blog_siteurl_relative', 'string', true);
                    if (preg_match('#^https?://#', $blog_siteurl)) {
                        $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error');
                    }
                    $this->set('siteurl', $blog_siteurl);
                } else {
                    $this->set('siteurl', '');
                }
            }
            if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) {
                // Aggregate list:
                // fp> TODO: check perms on each aggregated blog (if changed)
                // fp> TODO: better interface
                if (!preg_match('#^([0-9]+(,[0-9]+)*)?$#', get_param('aggregate_coll_IDs'))) {
                    param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!'));
                }
                $this->set_setting('aggregate_coll_IDs', get_param('aggregate_coll_IDs'));
            }
            if (param('source_file', 'string', NULL) !== NULL) {
                // Static file:
                $this->set_setting('source_file', get_param('source_file'));
                $this->set_setting('static_file', param('static_file', 'string', ''));
            }
            if (param('blog_media_location', 'string', NULL) !== NULL) {
                // Media files location:
                $this->set_from_Request('media_location');
                $this->set_media_subdir(param('blog_media_subdir', 'string', ''));
                $this->set_media_fullpath(param('blog_media_fullpath', 'string', ''));
                $this->set_media_url(param('blog_media_url', 'string', ''));
                // check params
                switch ($this->get('media_location')) {
                    case 'custom':
                        // custom path and URL
                        global $demo_mode, $media_path;
                        if ($this->get('media_fullpath') == '') {
                            param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.'));
                        }
                        if (!preg_match('#^https?://#', $this->get('media_url'))) {
                            param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'));
                        }
                        if ($demo_mode) {
                            $canonical_fullpath = get_canonical_path($this->get('media_fullpath'));
                            if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) {
                                param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.');
                            }
                        }
                        break;
                    case 'subdir':
                        global $media_path;
                        if ($this->get('media_subdir') == '') {
                            param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.'));
                        } else {
                            // Test if it's below $media_path (subdir!)
                            $canonical_path = get_canonical_path($media_path . $this->get('media_subdir'));
                            if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) {
                                param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory &laquo;%s&raquo;.'), format_to_output($this->get('media_subdir'))));
                            } else {
                                // Validate if it's a valid directory name:
                                $subdir = substr($canonical_path, strlen($media_path));
                                if ($error = validate_dirname($subdir)) {
                                    param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error);
                                }
                            }
                        }
                        break;
                }
            }
        }
        return !param_errors_detected();
    }
示例#2
0
/**
 * metaWeblog.newMediaObject image upload
 * wp.uploadFile
 *
 * Supplied image is encoded into the struct as bits
 *
 * @see http://www.xmlrpc.com/metaWeblogApi#metaweblognewmediaobject
 * @see http://codex.wordpress.org/XML-RPC_wp#wp.uploadFile
 *
 * @param xmlrpcmsg XML-RPC Message
 *					0 blogid (string): Unique identifier of the blog the post will be added to.
 *						Currently ignored in b2evo, in favor of the category.
 *					1 username (string): Login for a Blogger user who has permission to edit the given
 *						post (either the user who originally created it or an admin of the blog).
 *					2 password (string): Password for said username.
 *					3 struct (struct)
 * 							- name : filename
 * 							- type : mimetype
 * 							- bits : base64 encoded file
 * @return xmlrpcresp XML-RPC Response
 */
function _wp_mw_newmediaobject($m)
{
    global $Settings, $Plugins, $force_upload_forbiddenext;
    // CHECK LOGIN:
    /**
     * @var User
     */
    if (!($current_User =& xmlrpcs_login($m, 1, 2))) {
        // Login failed, return (last) error:
        return xmlrpcs_resperror();
    }
    // GET BLOG:
    /**
     * @var Blog
     */
    if (!($Blog =& xmlrpcs_get_Blog($m, 0))) {
        // Login failed, return (last) error:
        return xmlrpcs_resperror();
    }
    // CHECK PERMISSION:
    if (!$current_User->check_perm('files', 'add', false, $Blog->ID)) {
        // Permission denied
        return xmlrpcs_resperror(3);
        // User error 3
    }
    logIO('Permission granted.');
    if (!$Settings->get('upload_enabled')) {
        return xmlrpcs_resperror(2, 'Object upload not allowed');
    }
    $xcontent = $m->getParam(3);
    // Get the main data - and decode it properly for the image - sorry, binary object
    logIO('Decoding content...');
    $contentstruct = xmlrpc_decode_recurse($xcontent);
    $data = $contentstruct['bits'];
    $file_mimetype = isset($contentstruct['type']) ? $contentstruct['type'] : '(none)';
    logIO('Received MIME type: ' . $file_mimetype);
    $overwrite = false;
    if (isset($contentstruct['overwrite'])) {
        $overwrite = (bool) $contentstruct['overwrite'];
    }
    logIO('Overwrite if exists: ' . ($overwrite ? 'yes' : 'no'));
    load_funcs('files/model/_file.funcs.php');
    $filesize = evo_bytes($data);
    if (($maxfilesize = $Settings->get('upload_maxkb') * 1024) && $filesize > $maxfilesize) {
        return xmlrpcs_resperror(4, sprintf(T_('The file is too large: %s but the maximum allowed is %s.'), bytesreadable($filesize, false), bytesreadable($maxfilesize, false)));
    }
    logIO('File size is OK: ' . bytesreadable($filesize, false));
    $FileRootCache =& get_FileRootCache();
    $fm_FileRoot =& $FileRootCache->get_by_type_and_ID('collection', $Blog->ID, true);
    if (!$fm_FileRoot) {
        // fileRoot not found:
        return xmlrpcs_resperror(14, 'File root not found');
    }
    $rf_filepath = $contentstruct['name'];
    logIO('Received filepath: ' . $rf_filepath);
    // Split into path + name:
    $filepath_parts = explode('/', $rf_filepath);
    $filename = array_pop($filepath_parts);
    logIO('Original file name: ' . $filename);
    // Validate and sanitize filename
    if ($error_filename = process_filename($filename, true)) {
        return xmlrpcs_resperror(5, $error_filename);
    }
    logIO('Sanitized file name: ' . $filename);
    // Check valid path parts:
    $rds_subpath = '';
    foreach ($filepath_parts as $filepath_part) {
        if (empty($filepath_part) || $filepath_part == '.') {
            // self ref not useful
            continue;
        }
        if ($error = validate_dirname($filepath_part)) {
            // invalid relative path:
            logIO($error);
            return xmlrpcs_resperror(6, $error);
        }
        $rds_subpath .= $filepath_part . '/';
    }
    logIO('Subpath: ' . $rds_subpath);
    // Create temporary file and insert contents into it.
    $tmpfile_name = tempnam(sys_get_temp_dir(), 'fmupload');
    if ($tmpfile_name) {
        if (save_to_file($data, $tmpfile_name, 'wb')) {
            $image_info = @getimagesize($tmpfile_name);
        } else {
            return xmlrpcs_resperror(13, 'Error while writing to temp file.');
        }
    }
    if (!empty($image_info)) {
        // This is an image file, let's check mimetype and correct extension
        if ($image_info['mime'] != $file_mimetype) {
            // Invalid file type
            $FiletypeCache =& get_FiletypeCache();
            // Get correct file type based on mime type
            $correct_Filetype = $FiletypeCache->get_by_mimetype($image_info['mime'], false, false);
            $file_mimetype = $image_info['mime'];
            // Check if file type is known by us, and if it is allowed for upload.
            // If we don't know this file type or if it isn't allowed we don't change the extension! The current extension is allowed for sure.
            if ($correct_Filetype && $correct_Filetype->is_allowed()) {
                // A FileType with the given mime type exists in database and it is an allowed file type for current User
                // The "correct" extension is a plausible one, proceed...
                $correct_extension = array_shift($correct_Filetype->get_extensions());
                $path_info = pathinfo($filename);
                $current_extension = $path_info['extension'];
                // change file extension to the correct extension, but only if the correct extension is not restricted, this is an extra security check!
                if (strtolower($current_extension) != strtolower($correct_extension) && !in_array($correct_extension, $force_upload_forbiddenext)) {
                    // change the file extension to the correct extension
                    $old_filename = $filename;
                    $filename = $path_info['filename'] . '.' . $correct_extension;
                }
            }
        }
    }
    // Get File object for requested target location:
    $FileCache =& get_FileCache();
    $newFile =& $FileCache->get_by_root_and_path($fm_FileRoot->type, $fm_FileRoot->in_type_ID, trailing_slash($rds_subpath) . $filename, true);
    if ($newFile->exists()) {
        if ($overwrite && $newFile->unlink()) {
            // OK, file deleted
            // Delete thumb caches from old location:
            logIO('Old file deleted');
            $newFile->rm_cache();
        } else {
            return xmlrpcs_resperror(8, sprintf(T_('The file &laquo;%s&raquo; already exists.'), $filename));
        }
    }
    // Trigger plugin event
    if ($Plugins->trigger_event_first_false('AfterFileUpload', array('File' => &$newFile, 'name' => &$filename, 'type' => &$file_mimetype, 'tmp_name' => &$tmpfile_name, 'size' => &$filesize))) {
        // Plugin returned 'false'.
        // Abort upload for this file:
        @unlink($tmpfile_name);
        return xmlrpcs_resperror(16, 'File upload aborted by a plugin.');
    }
    if (!mkdir_r($newFile->get_dir())) {
        // Dir didn't already exist and could not be created
        return xmlrpcs_resperror(9, 'Error creating sub directories: ' . $newFile->get_rdfs_rel_path());
    }
    if (!@rename($tmpfile_name, $newFile->get_full_path())) {
        return xmlrpcs_resperror(13, 'Error while writing to file.');
    }
    // chmod the file
    $newFile->chmod();
    // Initializes file properties (type, size, perms...)
    $newFile->load_properties();
    // Load meta data AND MAKE SURE IT IS CREATED IN DB:
    $newFile->meta == 'unknown';
    $newFile->load_meta(true);
    // Resize and rotate
    logIO('Running file post-processing (resize and rotate)...');
    prepare_uploaded_files(array($newFile));
    logIO('Done');
    $url = $newFile->get_url();
    logIO('URL of new file: ' . $url);
    $struct = new xmlrpcval(array('file' => new xmlrpcval($filename, 'string'), 'url' => new xmlrpcval($url, 'string'), 'type' => new xmlrpcval($file_mimetype, 'string')), 'struct');
    logIO('OK.');
    return new xmlrpcresp($struct);
}
示例#3
0
    /**
     * Load data from Request form fields.
     *
     * @param array groups of params to load
     * @return boolean true if loaded data seems valid.
     */
    function load_from_Request($groups = array())
    {
        global $Messages, $default_locale, $DB;
        /**
         * @var User
         */
        global $current_User;
        // Load collection settings and clear update cascade array
        $this->load_CollectionSettings();
        $this->CollectionSettings->clear_update_cascade();
        if (param('blog_name', 'string', NULL) !== NULL) {
            // General params:
            $this->set_from_Request('name');
            $this->set('shortname', param('blog_shortname', 'string', true));
            $this->set('locale', param('blog_locale', 'string', $default_locale));
        }
        if (param('archive_links', 'string', NULL) !== NULL) {
            // Archive link type:
            $this->set_setting('archive_links', get_param('archive_links'));
            $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true);
        }
        if (param('chapter_links', 'string', NULL) !== NULL) {
            // Chapter link type:
            $this->set_setting('chapter_links', get_param('chapter_links'));
        }
        if (param('category_prefix', 'string', NULL) !== NULL) {
            $category_prefix = get_param('category_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
                param_error('category_prefix', T_('Invalid category prefix.'));
            }
            $this->set_setting('category_prefix', $category_prefix);
        }
        if (param('atom_redirect', 'string', NULL) !== NULL) {
            param_check_url('atom_redirect', 'commenting');
            $this->set_setting('atom_redirect', get_param('atom_redirect'));
            param('rss2_redirect', 'string', NULL);
            param_check_url('rss2_redirect', 'commenting');
            $this->set_setting('rss2_redirect', get_param('rss2_redirect'));
        }
        if (param('image_size', 'string', NULL) !== NULL) {
            $this->set_setting('image_size', get_param('image_size'));
        }
        if (param('tag_links', 'string', NULL) !== NULL) {
            // Tag page link type:
            $this->set_setting('tag_links', get_param('tag_links'));
        }
        if (param('tag_prefix', 'string', NULL) !== NULL) {
            $tag_prefix = get_param('tag_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) {
                param_error('tag_prefix', T_('Invalid tag prefix.'));
            }
            $this->set_setting('tag_prefix', $tag_prefix);
        }
        // Default to "tag", if "prefix-only" is used, but no tag_prefix was provided.
        if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) {
            $this->set_setting('tag_prefix', 'tag');
        }
        // Use rel="tag" attribute? (checkbox)
        $this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0));
        if (param('chapter_content', 'string', NULL) !== NULL) {
            // What kind of content on chapter pages?
            $this->set_setting('chapter_content', get_param('chapter_content'));
        }
        if (param('tag_content', 'string', NULL) !== NULL) {
            // What kind of content on tags pages?
            $this->set_setting('tag_content', get_param('tag_content'));
        }
        if (param('archive_content', 'string', NULL) !== NULL) {
            // What kind of content on archive pages?
            $this->set_setting('archive_content', get_param('archive_content'));
        }
        if (param('filtered_content', 'string', NULL) !== NULL) {
            // What kind of content on filtered pages?
            $this->set_setting('filtered_content', get_param('filtered_content'));
        }
        if (param('main_content', 'string', NULL) !== NULL) {
            // What kind of content on main pages?
            $this->set_setting('main_content', get_param('main_content'));
        }
        // Chapter posts per page:
        $this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true);
        // Tag posts per page:
        $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true);
        if (param('single_links', 'string', NULL) !== NULL) {
            // Single post link type:
            $this->set_setting('single_links', get_param('single_links'));
        }
        if (param('slug_limit', 'integer', NULL) !== NULL) {
            // Limit slug length:
            $this->set_setting('slug_limit', get_param('slug_limit'));
        }
        if (param('normal_skin_ID', 'integer', NULL) !== NULL) {
            // Default blog:
            $this->set_setting('normal_skin_ID', get_param('normal_skin_ID'));
        }
        if (param('mobile_skin_ID', 'integer', NULL) !== NULL) {
            // Default blog:
            $this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID'));
        }
        if (param('tablet_skin_ID', 'integer', NULL) !== NULL) {
            // Default blog:
            $this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID'));
        }
        if (param('archives_sort_order', 'string', NULL) !== NULL) {
            $this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false));
        }
        if (param('feed_content', 'string', NULL) !== NULL) {
            // How much content in feeds?
            $this->set_setting('feed_content', get_param('feed_content'));
            param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.'));
            $this->set_setting('posts_per_feed', get_param('posts_per_feed'));
        }
        if (param('comment_feed_content', 'string', NULL) !== NULL) {
            // How much content in comment feeds?
            $this->set_setting('comment_feed_content', get_param('comment_feed_content'));
            param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.'));
            $this->set_setting('comments_per_feed', get_param('comments_per_feed'));
        }
        if (param('require_title', 'string', NULL) !== NULL) {
            // Title for items required?
            $this->set_setting('require_title', get_param('require_title'));
        }
        if (param('blog_description', 'string', NULL) !== NULL) {
            // Description:
            $this->set_from_Request('shortdesc', 'blog_description');
        }
        if (param('blog_keywords', 'string', NULL) !== NULL) {
            // Keywords:
            $this->set_from_Request('keywords');
        }
        if (param('blog_tagline', 'html', NULL) !== NULL) {
            // HTML tagline:
            param_check_html('blog_tagline', T_('Invalid tagline'));
            $this->set('tagline', get_param('blog_tagline'));
        }
        if (param('blog_longdesc', 'html', NULL) !== NULL) {
            // HTML long description:
            param_check_html('blog_longdesc', T_('Invalid long description'));
            $this->set('longdesc', get_param('blog_longdesc'));
        }
        if (param('blog_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('blog_footer_text', T_('Invalid blog footer'));
            $this->set_setting('blog_footer_text', get_param('blog_footer_text'));
        }
        if (param('single_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('single_item_footer_text', T_('Invalid single post footer'));
            $this->set_setting('single_item_footer_text', get_param('single_item_footer_text'));
        }
        if (param('xml_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('xml_item_footer_text', T_('Invalid RSS footer'));
            $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text'));
        }
        if (param('blog_notes', 'html', NULL) !== NULL) {
            // HTML notes:
            param_check_html('blog_notes', T_('Invalid Blog Notes'));
            $this->set('notes', get_param('blog_notes'));
            param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.'));
            $this->set_setting('max_footer_credits', get_param('max_footer_credits'));
        }
        if (in_array('pings', $groups)) {
            // we want to load the ping checkboxes:
            $blog_ping_plugins = param('blog_ping_plugins', 'array/string', array());
            $blog_ping_plugins = array_unique($blog_ping_plugins);
            $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins));
        }
        if (in_array('authors', $groups)) {
            // we want to load the multiple authors params
            $this->set('advanced_perms', param('advanced_perms', 'integer', 0));
            $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0));
        }
        if (in_array('features', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('allow_html_post', param('allow_html_post', 'integer', 0));
            $this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL));
            $this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL));
            $this->set_setting('default_post_status', param('default_post_status', 'string', NULL));
            $this->set_setting('post_categories', param('post_categories', 'string', NULL));
            $this->set_setting('post_navigation', param('post_navigation', 'string', NULL));
            // Show x days or x posts?:
            $this->set_setting('what_to_show', param('what_to_show', 'string', ''));
            param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.'));
            $this->set_setting('posts_per_page', get_param('posts_per_page'));
            $this->set_setting('orderby', param('orderby', 'string', true));
            $this->set_setting('orderdir', param('orderdir', 'string', true));
            // Time frame
            $this->set_setting('timestamp_min', param('timestamp_min', 'string', ''));
            $this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration'));
            $this->set_setting('timestamp_max', param('timestamp_max', 'string', ''));
            $this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration'));
            // Location
            $location_country = param('location_country', 'string', 'hidden');
            $location_region = param('location_region', 'string', 'hidden');
            $location_subregion = param('location_subregion', 'string', 'hidden');
            $location_city = param('location_city', 'string', 'hidden');
            if ($location_city == 'required') {
                // If city is required - all location fields also are required
                $location_country = $location_region = $location_subregion = 'required';
            } else {
                if ($location_subregion == 'required') {
                    // If subregion is required - country & region fields also are required
                    $location_country = $location_region = 'required';
                } else {
                    if ($location_region == 'required') {
                        // If region is required - country field also is required
                        $location_country = 'required';
                    }
                }
            }
            $this->set_setting('location_country', $location_country);
            $this->set_setting('location_region', $location_region);
            $this->set_setting('location_subregion', $location_subregion);
            $this->set_setting('location_city', $location_city);
            // Set to show Latitude & Longitude params for this blog items
            $this->set_setting('show_location_coordinates', param('show_location_coordinates', 'integer', 0));
            // Load custom double & varchar fields
            $custom_field_names = array();
            $this->load_custom_fields('double', $update_cascade_query, $custom_field_names);
            $this->load_custom_fields('varchar', $update_cascade_query, $custom_field_names);
            if (!empty($update_cascade_query)) {
                // Some custom fields were deleted and these fields must be deleted from the item settings table also. Add required query.
                $this->CollectionSettings->add_update_cascade($update_cascade_query);
            }
            // call modules update_collection_features on this blog
            modules_call_method('update_collection_features', array('edited_Blog' => &$this));
        }
        if (in_array('comments', $groups)) {
            // we want to load the workflow checkboxes:
            // load moderation statuses
            $moderation_statuses = get_visibility_statuses('moderation');
            $blog_moderation_statuses = array();
            foreach ($moderation_statuses as $status) {
                if (param('notif_' . $status, 'integer', 0)) {
                    $blog_moderation_statuses[] = $status;
                }
            }
            $this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses));
            $this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire'));
            $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
            $this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0));
            $this->set_setting('comments_register', param('comments_register', 'integer', 0));
        }
        if (in_array('other', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0));
            $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0));
            $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
            // Public blog list
            $this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0));
            $this->set_setting('image_size_user_list', param('image_size_user_list', 'string'));
            $this->set_setting('image_size_messaging', param('image_size_messaging', 'string'));
            $this->set_setting('archive_mode', param('archive_mode', 'string', true));
        }
        if (param('allow_comments', 'string', NULL) !== NULL) {
            // Feedback options:
            $this->set_setting('allow_comments', param('allow_comments', 'string', 'any'));
            $this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any'));
            $new_feedback_status = param('new_feedback_status', 'string', 'draft');
            if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
                // Only admin can set this setting to 'Public'
                $this->set_setting('new_feedback_status', $new_feedback_status);
            }
            $this->set_setting('disable_comments_bypost', param('disable_comments_bypost', 'string', '0'));
            $this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0'));
            $this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0'));
            $this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered'));
            $this->set_setting('max_attachments', param('max_attachments', 'integer', ''));
            $this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never'));
            $this->set_setting('rating_question', param('rating_question', 'text'));
            $this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0'));
            $blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0);
            if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
                // Only admin can turn ON this setting
                $this->set('allowtrackbacks', $blog_allowtrackbacks);
            }
            $this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC'));
            // call modules update_collection_comments on this blog
            modules_call_method('update_collection_comments', array('edited_Blog' => &$this));
            $threaded_comments = param('threaded_comments', 'integer', 0);
            $this->set_setting('threaded_comments', $threaded_comments);
            $this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0));
            param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.'));
            $this->set_setting('comments_per_page', get_param('comments_per_page'));
            $this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0));
            $this->set_setting('comments_latest', param('comments_latest', 'integer', 0));
        }
        if (in_array('seo', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0));
            $this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0));
            $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0));
            $this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0));
            $this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0));
            $this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0));
            $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0));
            $this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0));
            $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0));
            $this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0));
            $this->set_setting('default_noindex', param('default_noindex', 'integer', 0));
            $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0));
            $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0));
            $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0));
            $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0));
            $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0));
            $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0));
            $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0));
            $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0));
            $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0));
            $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0));
            $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0));
            $this->set_setting('special_noindex', param('special_noindex', 'integer', 0));
            $this->set_setting('title_link_type', param('title_link_type', 'string', ''));
            $this->set_setting('permalinks', param('permalinks', 'string', ''));
            $this->set_setting('404_response', param('404_response', 'string', ''));
            $this->set_setting('help_link', param('help_link', 'string', ''));
            $this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0));
            $this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0));
            $this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0));
        }
        /*
         * ADVANCED ADMIN SETTINGS
         */
        if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) {
            // We have permission to edit advanced admin settings:
            if (in_array('cache', $groups)) {
                // we want to load the cache params:
                $this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0));
                $this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0));
                $this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0));
            }
            if (in_array('styles', $groups)) {
                // we want to load the styles params:
                $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0));
                $this->set('allowusercss', param('blog_allowusercss', 'integer', 0));
            }
            if (in_array('login', $groups)) {
                // we want to load the login params:
                $this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0));
                $this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0));
            }
            if (param('blog_head_includes', 'html', NULL) !== NULL) {
                // HTML header includes:
                param_check_html('blog_head_includes', T_('Invalid Custom meta section'));
                $this->set_setting('head_includes', get_param('blog_head_includes'));
            }
            if (param('blog_footer_includes', 'html', NULL) !== NULL) {
                // HTML header includes:
                param_check_html('blog_footer_includes', T_('Invalid Custom javascript section'));
                $this->set_setting('footer_includes', get_param('blog_footer_includes'));
            }
            if (param('owner_login', 'string', NULL) !== NULL) {
                // Permissions:
                $UserCache =& get_UserCache();
                $owner_User =& $UserCache->get_by_login(get_param('owner_login'));
                if (empty($owner_User)) {
                    param_error('owner_login', sprintf(T_('User &laquo;%s&raquo; does not exist!'), get_param('owner_login')));
                } else {
                    $this->set('owner_user_ID', $owner_User->ID);
                    $this->owner_User =& $owner_User;
                }
            }
            if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) {
                // check urlname
                if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) {
                    if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) {
                        param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "&laquo;{$blog_urlname}&raquo;"));
                        $blog_urlname = NULL;
                    }
                    if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*)
															FROM T_blogs
															WHERE blog_urlname = ' . $DB->quote($blog_urlname) . '
															AND blog_ID <> ' . $this->ID)) {
                        // urlname is already in use
                        param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another blog. Please choose another name.'), "&laquo;{$blog_urlname}&raquo;"));
                        $blog_urlname = NULL;
                    }
                    if (isset($blog_urlname)) {
                        $this->set_from_Request('urlname');
                    }
                }
            }
            if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) {
                // Blog URL parameters:
                $this->set('access_type', $access_type);
                if ($access_type == 'absolute') {
                    $blog_siteurl = param('blog_siteurl_absolute', 'string', true);
                    if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) {
                        // It looks like valid absolute URL, so we may update the blog siteurl
                        $this->set('siteurl', $blog_siteurl);
                    } else {
                        // It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors
                        $Messages->add(T_('Blog Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '&laquo;' . htmlspecialchars($blog_siteurl) . '&raquo;') . ' ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error');
                    }
                } elseif ($access_type == 'relative') {
                    // relative siteurl
                    $blog_siteurl = param('blog_siteurl_relative', 'string', true);
                    if (preg_match('#^https?://#', $blog_siteurl)) {
                        $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error');
                    }
                    $this->set('siteurl', $blog_siteurl);
                } else {
                    $this->set('siteurl', '');
                }
            }
            if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) {
                // Aggregate list: (can be '*')
                $aggregate_coll_IDs = get_param('aggregate_coll_IDs');
                if ($aggregate_coll_IDs != '*') {
                    // Sanitize the string
                    $aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs);
                }
                // fp> TODO: check perms on each aggregated blog (if changed)
                // fp> TODO: better interface
                if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) {
                    param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!'));
                }
                $this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs);
            }
            if (param('blog_media_location', 'string', NULL) !== NULL) {
                // Media files location:
                $this->set_from_Request('media_location');
                $this->set_media_subdir(param('blog_media_subdir', 'string', ''));
                $this->set_media_fullpath(param('blog_media_fullpath', 'string', ''));
                $this->set_media_url(param('blog_media_url', 'string', ''));
                // check params
                switch ($this->get('media_location')) {
                    case 'custom':
                        // custom path and URL
                        global $demo_mode, $media_path;
                        if ($this->get('media_fullpath') == '') {
                            param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.'));
                        }
                        if (!preg_match('#^https?://#', $this->get('media_url'))) {
                            param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'));
                        }
                        if ($demo_mode) {
                            $canonical_fullpath = get_canonical_path($this->get('media_fullpath'));
                            if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) {
                                param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.');
                            }
                        }
                        break;
                    case 'subdir':
                        global $media_path;
                        if ($this->get('media_subdir') == '') {
                            param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.'));
                        } else {
                            // Test if it's below $media_path (subdir!)
                            $canonical_path = get_canonical_path($media_path . $this->get('media_subdir'));
                            if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) {
                                param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory &laquo;%s&raquo;.'), format_to_output($this->get('media_subdir'))));
                            } else {
                                // Validate if it's a valid directory name:
                                $subdir = no_trailing_slash(substr($canonical_path, strlen($media_path)));
                                if ($error = validate_dirname($subdir)) {
                                    param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error);
                                }
                            }
                        }
                        break;
                }
            }
        }
        return !param_errors_detected();
    }
示例#4
0
        // Use a hidden field only for current folder and not for subfolders
        // It is used to detect a duplicate file on quick upload
        $filename_hidden_field = '<input type="hidden" value="' . $lFile->get_root_and_rel_path() . '" />';
    } else {
        // Don't use the hidden field for this file because it is from another folder
        $filename_hidden_field = '';
    }
    echo '<td class="fm_filename">' . $filename_hidden_field;
    /*************  Invalid filename warning:  *************/
    if (!$lFile->is_dir()) {
        if ($error_filename = validate_filename($lFile->get_name())) {
            // TODO: Warning icon with hint
            echo get_icon('warning', 'imgtag', array('class' => 'filenameIcon', 'title' => $error_filename));
            syslog_insert(sprintf('The unrecognized extension is detected for file %s', '<b>' . $lFile->get_name() . '</b>'), 'warning', 'file', $lFile->ID);
        }
    } elseif ($error_dirname = validate_dirname($lFile->get_name())) {
        // TODO: Warning icon with hint
        echo get_icon('warning', 'imgtag', array('class' => 'filenameIcon', 'title' => $error_dirname));
        syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $lFile->get_name() . '</b>'), 'warning', 'file', $lFile->ID);
    }
    /****  Open in a new window  (only directories)  ****/
    if ($lFile->is_dir()) {
        // Directory
        $browse_dir_url = $lFile->get_view_url();
        $popup_url = url_add_param($browse_dir_url, 'mode=popup');
        $target = 'evo_fm_' . $lFile->get_md5_ID();
        echo '<a href="' . $browse_dir_url . '" target="' . $target . ' " class="pull-right"
							title="' . T_('Open in a new window') . '" onclick="' . "return pop_up_window( '{$popup_url}', '{$target}' )" . '">' . get_icon('window_new') . '</a>';
    }
    // Only provide link/"chain" icons for files.
    // TODO: dh> provide support for direcories (display included files).
示例#5
0
/**
 * Check if file rename is acceptable
 *
 * used when renaming a file, File settings
 *
 * @param string the new name
 * @param boolean true if it is a directory, false if not
 * @param string the absolute path of the parent directory
 * @param boolean true if user has permission to all kind of fill types, false otherwise
 * @return mixed NULL if the rename is acceptable, error message if not
 */
function check_rename(&$newname, $is_dir, $dir_path, $allow_locked_filetypes)
{
    global $dirpath_max_length;
    // Check if provided name is okay:
    $newname = trim(strip_tags($newname));
    if ($is_dir) {
        if ($error_dirname = validate_dirname($newname)) {
            // invalid directory name
            return $error_dirname;
        }
        if ($dirpath_max_length < strlen($dir_path) + strlen($newname)) {
            // The new path length would be too long
            return T_('The new name is too long for this folder.');
        }
    } elseif ($error_filename = validate_filename($newname, $allow_locked_filetypes)) {
        // Not a file name or not an allowed extension
        return $error_filename;
    }
    return NULL;
}
示例#6
0
/**
 * Check if file rename is acceptable
 *
 * used when renaming a file, File settings
 *
 * @param string the new name
 * @param boolean true if it is a directory, false if not
 * @param string the absolute path of the parent directory
 * @param boolean true if user has permission to all kind of fill types, false otherwise
 * @return mixed NULL if the rename is acceptable, error message if not
 */
function check_rename(&$newname, $is_dir, $dir_path, $allow_locked_filetypes)
{
    global $dirpath_max_length;
    // Check if provided name is okay:
    $newname = trim(strip_tags($newname));
    if ($is_dir) {
        if ($error_dirname = validate_dirname($newname)) {
            // invalid directory name
            syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $newname . '</b>'), 'warning', 'file');
            return $error_dirname;
        }
        if ($dirpath_max_length < strlen($dir_path) + strlen($newname)) {
            // The new path length would be too long
            syslog_insert(sprintf('The renamed file %s is too long for the folder', '<b>' . $newname . '</b>'), 'warning', 'file');
            return T_('The new name is too long for this folder.');
        }
    } elseif ($error_filename = validate_filename($newname, $allow_locked_filetypes)) {
        // Not a file name or not an allowed extension
        syslog_insert(sprintf('The renamed file %s has an unrecognized extension', '<b>' . $newname . '</b>'), 'warning', 'file');
        return $error_filename;
    }
    return NULL;
}
示例#7
0
/**
 * metaWeblog.newMediaObject  image upload
 *
 * image is supplied coded in the info struct as bits
 *
 * @see http://www.xmlrpc.com/metaWeblogApi#metaweblognewmediaobject
 *
 * @todo do not overwrite existing pics with same name
 * @todo extensive permissions
 *
 * @param xmlrpcmsg XML-RPC Message
 *					0 blogid (string): Unique identifier of the blog the post will be added to.
 *						Currently ignored in b2evo, in favor of the category.
 *					1 username (string): Login for a Blogger user who has permission to edit the given
 *						post (either the user who originally created it or an admin of the blog).
 *					2 password (string): Password for said username.
 *					3 struct (struct)
 * 							- name : filename
 * 							- type : mimetype
 * 							- bits : base64 encoded file
 * @return xmlrpcresp XML-RPC Response
 */
function mw_newmediaobject($m)
{
    global $xmlrpcerruser;
    // import user errcode value
    global $Settings, $baseurl, $fileupload_allowedtypes;
    // CHECK LOGIN:
    /**
     * @var User
     */
    if (!($current_User =& xmlrpcs_login($m, 1, 2))) {
        // Login failed, return (last) error:
        return xmlrpcs_resperror();
    }
    // GET BLOG:
    /**
     * @var Blog
     */
    if (!($Blog =& xmlrpcs_get_Blog($m, 0))) {
        // Login failed, return (last) error:
        return xmlrpcs_resperror();
    }
    // CHECK PERMISSION:
    // For lack of more subtle perm: require any edit perm on blog + global file add perm.
    if (!$current_User->check_perm('blog_post_statuses', 'edit', false, $Blog->ID) || !$current_User->check_perm('files', 'add', false)) {
        // Permission denied
        return xmlrpcs_resperror(3);
        // User error 3
    }
    logIO('Permission granted.');
    if (!$Settings->get('upload_enabled')) {
        return new xmlrpcresp(0, $xmlrpcerruser + 2, 'Object upload not allowed ');
    }
    $xcontent = $m->getParam(3);
    // Get the main data - and decode it properly for the image - sorry, binary object
    $contentstruct = xmlrpc_decode_recurse($xcontent);
    $data = $contentstruct['bits'];
    $type = $contentstruct['type'];
    logIO('Received MIME type: ' . $type);
    $rf_filepath = $contentstruct['name'];
    logIO('Received filepath: ' . $rf_filepath);
    // Avoid problems:
    $rf_filepath = strtolower($rf_filepath);
    $rf_filepath = preg_replace('¤[^a-z0-9\\-_./]¤', '-', $rf_filepath);
    logIO('Sanitized filepath: ' . $rf_filepath);
    load_funcs('files/model/_file.funcs.php');
    // Split into path + name:
    $filepath_parts = explode('/', $rf_filepath);
    $filename = array_pop($filepath_parts);
    // Check valid filename/extension: (includes check for locked filenames)
    logIO('File name: ' . $filename);
    if ($error_filename = validate_filename($filename, false)) {
        return new xmlrpcresp(0, $xmlrpcerruser + 4, 'Invalid objecttype for upload (' . $filename . '): ' . $error_filename);
    }
    // Check valid path parts:
    $rds_subpath = '';
    foreach ($filepath_parts as $filepath_part) {
        if (empty($filepath_part) || $filepath_part == '.') {
            // self ref not useful
            continue;
        }
        if ($error = validate_dirname($filepath_part)) {
            // invalid relative path:
            logIO($error);
            return new xmlrpcresp(0, $xmlrpcerruser + 3, $error);
        }
        $rds_subpath .= $filepath_part . '/';
    }
    logIO('Subpath: ' . $rds_subpath);
    $fileupload_path = $Blog->get_media_dir();
    if (!$fileupload_path) {
        return new xmlrpcresp(0, $xmlrpcerruser + 5, 'Error accessing Blog media directory.');
    }
    // Create subdirs, if necessary:
    if (!empty($rds_subpath)) {
        $fileupload_path = $fileupload_path . $rds_subpath;
        if (!mkdir_r($fileupload_path)) {
            // Dir didn't already exist and could not be created
            return new xmlrpcresp(0, $xmlrpcerruser + 6, 'Error creating sub directories: ' . rel_path_to_base($fileupload_path));
        }
    }
    $afs_filepath = $fileupload_path . $filename;
    logIO('Saving to: ' . $afs_filepath);
    $fh = @fopen($afs_filepath, 'wb');
    if (!$fh) {
        logIO('Error opening file');
        return new xmlrpcresp(0, $xmlrpcerruser + 7, 'Error opening file for writing.');
    }
    $ok = @fwrite($fh, $data);
    @fclose($fh);
    if (!$ok) {
        logIO('Error writing to file');
        return new xmlrpcresp(0, $xmlrpcerruser + 8, 'Error while writing to file.');
    }
    // chmod uploaded file:
    $chmod = $Settings->get('fm_default_chmod_file');
    logIO('chmod to: ' . $chmod);
    @chmod($afs_filepath, octdec($chmod));
    $url = $Blog->get_media_url() . $rds_subpath . $filename;
    logIO('URL of new file: ' . $url);
    // - return URL as XML
    $urlstruct = new xmlrpcval(array('url' => new xmlrpcval($url, 'string')), 'struct');
    logIO('OK.');
    return new xmlrpcresp($urlstruct);
}
示例#8
0
     // We have not yet provided a name to rename to...
     $confirm = 0;
     $new_names[$loop_src_File->get_md5_ID()] = $loop_src_File->get('name');
     continue;
 }
 // Check if provided name is okay:
 $new_names[$loop_src_File->get_md5_ID()] = trim(strip_tags($new_names[$loop_src_File->get_md5_ID()]));
 if (!$loop_src_File->is_dir()) {
     if ($error_filename = validate_filename($new_names[$loop_src_File->get_md5_ID()])) {
         // Not a file name or not an allowed extension
         $confirm = 0;
         $Messages->add($error_filename, 'error');
         syslog_insert(sprintf('The copied file %s has an unrecognized extension', '<b>' . $new_names[$loop_src_File->get_md5_ID()] . '</b>'), 'warning', 'file', $loop_src_File->ID);
         continue;
     }
 } elseif ($error_dirname = validate_dirname($new_names[$loop_src_File->get_md5_ID()])) {
     // Not a directory name
     $confirm = 0;
     $Messages->add($error_dirname, 'error');
     continue;
 }
 // If the source is a directory, then we must check if the target path length is allowed or not
 $FileCache =& get_FileCache();
 $dest_File =& $FileCache->get_by_root_and_path($fm_Filelist->get_root_type(), $fm_Filelist->get_root_ID(), $fm_Filelist->get_rds_list_path() . $new_names[$loop_src_File->get_md5_ID()]);
 if ($loop_src_File->is_dir() && strlen($dest_File->get_full_path()) > $dirpath_max_length) {
     // The path would be too long we can not allowe to move this folder
     param_error('new_names[' . $loop_src_File->get_md5_ID() . ']', T_('The target path is too long for this folder.'));
     $confirm = 0;
     continue;
 }
 // Check if destination file exists:
示例#9
0
    /**
     * Load data from Request form fields.
     *
     * @param array groups of params to load
     * @return boolean true if loaded data seems valid.
     */
    function load_from_Request($groups = array())
    {
        global $Messages, $default_locale, $DB;
        /**
         * @var User
         */
        global $current_User;
        // Load collection settings and clear update cascade array
        $this->load_CollectionSettings();
        if (param('blog_name', 'string', NULL) !== NULL) {
            // General params:
            $this->set_from_Request('name');
            $this->set('shortname', param('blog_shortname', 'string', true));
            // Language / locale:
            if (param('blog_locale', 'string', NULL) !== NULL) {
                // These settings can be hidden when only one locale is enaled in the system
                $this->set_from_Request('locale');
                $this->set_setting('locale_source', param('blog_locale_source', 'string', 'blog'));
                $this->set_setting('post_locale_source', param('blog_post_locale_source', 'string', 'post'));
            }
            // Collection permissions:
            $this->set('advanced_perms', param('advanced_perms', 'integer', 0));
            $this->set_setting('allow_access', param('blog_allow_access', 'string', ''));
            if ($this->get_setting('allow_access') == 'users' || $this->get_setting('allow_access') == 'members') {
                // Disable site maps, feeds and ping plugins when access is restricted on this blog
                $this->set_setting('enable_sitemaps', 0);
                $this->set_setting('feed_content', 'none');
                $this->set_setting('ping_plugins', '');
            }
            // Lists of collections:
            $this->set('order', param('blog_order', 'integer'));
            $this->set('in_bloglist', param('blog_in_bloglist', 'string', 'public'));
            $this->set('favorite', param('favorite', 'integer', 0));
        }
        if (param('archive_links', 'string', NULL) !== NULL) {
            // Archive link type:
            $this->set_setting('archive_links', get_param('archive_links'));
            $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true);
        }
        if (param('chapter_links', 'string', NULL) !== NULL) {
            // Chapter link type:
            $this->set_setting('chapter_links', get_param('chapter_links'));
        }
        if (param('category_prefix', 'string', NULL) !== NULL) {
            $category_prefix = get_param('category_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
                param_error('category_prefix', T_('Invalid category prefix.'));
            }
            $this->set_setting('category_prefix', $category_prefix);
        }
        if (param('atom_redirect', 'string', NULL) !== NULL) {
            param_check_url('atom_redirect', 'commenting');
            $this->set_setting('atom_redirect', get_param('atom_redirect'));
            param('rss2_redirect', 'string', NULL);
            param_check_url('rss2_redirect', 'commenting');
            $this->set_setting('rss2_redirect', get_param('rss2_redirect'));
        }
        if (param('image_size', 'string', NULL) !== NULL) {
            $this->set_setting('image_size', get_param('image_size'));
        }
        if (param('tag_links', 'string', NULL) !== NULL) {
            // Tag page link type:
            $this->set_setting('tag_links', get_param('tag_links'));
        }
        if (param('tag_prefix', 'string', NULL) !== NULL) {
            $tag_prefix = get_param('tag_prefix');
            if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) {
                param_error('tag_prefix', T_('Invalid tag prefix.'));
            }
            $this->set_setting('tag_prefix', $tag_prefix);
        }
        // Default to "tag", if "prefix-only" is used, but no tag_prefix was provided.
        if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) {
            $this->set_setting('tag_prefix', 'tag');
        }
        // Use rel="tag" attribute? (checkbox)
        $this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0));
        if (param('chapter_content', 'string', NULL) !== NULL) {
            // What kind of content on chapter pages?
            $this->set_setting('chapter_content', get_param('chapter_content'));
        }
        if (param('tag_content', 'string', NULL) !== NULL) {
            // What kind of content on tags pages?
            $this->set_setting('tag_content', get_param('tag_content'));
        }
        if (param('archive_content', 'string', NULL) !== NULL) {
            // What kind of content on archive pages?
            $this->set_setting('archive_content', get_param('archive_content'));
        }
        if (param('filtered_content', 'string', NULL) !== NULL) {
            // What kind of content on filtered pages?
            $this->set_setting('filtered_content', get_param('filtered_content'));
        }
        if (param('main_content', 'string', NULL) !== NULL) {
            // What kind of content on main pages?
            $this->set_setting('main_content', get_param('main_content'));
        }
        // Chapter posts per page:
        $this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true);
        // Tag posts per page:
        $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true);
        if (param('single_links', 'string', NULL) !== NULL) {
            // Single post link type:
            $this->set_setting('single_links', get_param('single_links'));
        }
        if (param('slug_limit', 'integer', NULL) !== NULL) {
            // Limit slug length:
            $this->set_setting('slug_limit', get_param('slug_limit'));
        }
        if (param('normal_skin_ID', 'integer', NULL) !== NULL) {
            // Normal skin ID:
            $this->set_setting('normal_skin_ID', get_param('normal_skin_ID'));
        }
        if (param('mobile_skin_ID', 'integer', NULL) !== NULL) {
            // Mobile skin ID:
            if (get_param('mobile_skin_ID') == 0) {
                // Don't store this empty setting in DB
                $this->delete_setting('mobile_skin_ID');
            } else {
                // Set mobile skin
                $this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID'));
            }
        }
        if (param('tablet_skin_ID', 'integer', NULL) !== NULL) {
            // Tablet skin ID:
            if (get_param('tablet_skin_ID') == 0) {
                // Don't store this empty setting in DB
                $this->delete_setting('tablet_skin_ID');
            } else {
                // Set tablet skin
                $this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID'));
            }
        }
        if (param('archives_sort_order', 'string', NULL) !== NULL) {
            // Archive sorting
            $this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false));
        }
        if (param('download_delay', 'integer', NULL) !== NULL) {
            // Download delay
            param_check_range('download_delay', 0, 10, T_('Download delay must be numeric (0-10).'));
            $this->set_setting('download_delay', get_param('download_delay'));
        }
        if (param('feed_content', 'string', NULL) !== NULL) {
            // How much content in feeds?
            $this->set_setting('feed_content', get_param('feed_content'));
            param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.'));
            $this->set_setting('posts_per_feed', get_param('posts_per_feed'));
        }
        if (param('comment_feed_content', 'string', NULL) !== NULL) {
            // How much content in comment feeds?
            $this->set_setting('comment_feed_content', get_param('comment_feed_content'));
            param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.'));
            $this->set_setting('comments_per_feed', get_param('comments_per_feed'));
        }
        if (param('blog_shortdesc', 'string', NULL) !== NULL) {
            // Description:
            $this->set_from_Request('shortdesc');
        }
        if (param('blog_keywords', 'string', NULL) !== NULL) {
            // Keywords:
            $this->set_from_Request('keywords');
        }
        if (param('blog_tagline', 'html', NULL) !== NULL) {
            // HTML tagline:
            param_check_html('blog_tagline', T_('Invalid tagline'));
            $this->set('tagline', get_param('blog_tagline'));
        }
        if (param('blog_longdesc', 'html', NULL) !== NULL) {
            // HTML long description:
            param_check_html('blog_longdesc', T_('Invalid long description'));
            $this->set('longdesc', get_param('blog_longdesc'));
        }
        if (param('blog_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('blog_footer_text', T_('Invalid blog footer'));
            $this->set_setting('blog_footer_text', get_param('blog_footer_text'));
        }
        if (param('single_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('single_item_footer_text', T_('Invalid single post footer'));
            $this->set_setting('single_item_footer_text', get_param('single_item_footer_text'));
        }
        if (param('xml_item_footer_text', 'html', NULL) !== NULL) {
            // Blog footer:
            param_check_html('xml_item_footer_text', T_('Invalid RSS footer'));
            $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text'));
        }
        if (param('blog_notes', 'html', NULL) !== NULL) {
            // HTML notes:
            param_check_html('blog_notes', T_('Invalid Blog Notes'));
            $this->set('notes', get_param('blog_notes'));
            param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.'));
            $this->set_setting('max_footer_credits', get_param('max_footer_credits'));
        }
        if (in_array('pings', $groups)) {
            // we want to load the ping checkboxes:
            $blog_ping_plugins = param('blog_ping_plugins', 'array:string', array());
            $blog_ping_plugins = array_unique($blog_ping_plugins);
            $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins));
        }
        if (in_array('authors', $groups)) {
            // we want to load the workflow & permissions params
            $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0));
        }
        if (in_array('home', $groups)) {
            // we want to load the front page params:
            $front_disp = param('front_disp', 'string', '');
            $this->set_setting('front_disp', $front_disp);
            $front_post_ID = param('front_post_ID', 'integer', 0);
            if ($front_disp == 'page') {
                // Post ID must be required
                param_check_not_empty('front_post_ID', T_('Please enter a specific post ID'));
            }
            $this->set_setting('front_post_ID', $front_post_ID);
        }
        if (in_array('features', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL));
            $this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL));
            $this->set_setting('default_post_status', param('default_post_status', 'string', NULL));
            $this->set_setting('post_categories', param('post_categories', 'string', NULL));
            $this->set_setting('post_navigation', param('post_navigation', 'string', NULL));
            // Show x days or x posts?:
            $this->set_setting('what_to_show', param('what_to_show', 'string', ''));
            param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.'));
            $this->set_setting('posts_per_page', get_param('posts_per_page'));
            $this->set_setting('orderby', param('orderby', 'string', true));
            $this->set_setting('orderdir', param('orderdir', 'string', true));
            // Front office statuses
            $this->load_inskin_statuses('post');
            // Time frame
            $this->set_setting('timestamp_min', param('timestamp_min', 'string', ''));
            $this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration'));
            $this->set_setting('timestamp_max', param('timestamp_max', 'string', ''));
            $this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration'));
            // call modules update_collection_features on this blog
            modules_call_method('update_collection_features', array('edited_Blog' => &$this));
            // load post moderation statuses
            $moderation_statuses = get_visibility_statuses('moderation');
            $post_moderation_statuses = array();
            foreach ($moderation_statuses as $status) {
                if (param('post_notif_' . $status, 'integer', 0)) {
                    $post_moderation_statuses[] = $status;
                }
            }
            $this->set_setting('post_moderation_statuses', implode(',', $post_moderation_statuses));
        }
        if (in_array('comments', $groups)) {
            // we want to load the comments settings:
            // load moderation statuses
            $moderation_statuses = get_visibility_statuses('moderation');
            $blog_moderation_statuses = array();
            foreach ($moderation_statuses as $status) {
                if (param('notif_' . $status, 'integer', 0)) {
                    $blog_moderation_statuses[] = $status;
                }
            }
            $this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses));
            $this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire'));
            $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
            $this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0));
            $this->set_setting('comments_register', param('comments_register', 'integer', 0));
        }
        if (in_array('other', $groups)) {
            // we want to load the other settings:
            // Search results:
            param_integer_range('search_per_page', 1, 9999, T_('Number of search results per page must be between %d and %d.'));
            $this->set_setting('search_per_page', get_param('search_per_page'));
            // Latest comments :
            param_integer_range('latest_comments_num', 1, 9999, T_('Number of shown comments must be between %d and %d.'));
            $this->set_setting('latest_comments_num', get_param('latest_comments_num'));
            // User directory:
            $this->set_setting('image_size_user_list', param('image_size_user_list', 'string'));
            // Messaging pages:
            $this->set_setting('image_size_messaging', param('image_size_messaging', 'string'));
            // Archive pages:
            $this->set_setting('archive_mode', param('archive_mode', 'string', true));
        }
        if (in_array('more', $groups)) {
            // we want to load more settings:
            // Tracking:
            $this->set_setting('track_unread_content', param('track_unread_content', 'integer', 0));
            // Subscriptions:
            $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0));
            $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
            // Sitemaps:
            $this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0));
        }
        if (param('allow_comments', 'string', NULL) !== NULL) {
            // Feedback options:
            $this->set_setting('allow_comments', param('allow_comments', 'string', 'any'));
            $this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any'));
            $new_feedback_status = param('new_feedback_status', 'string', 'draft');
            if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
                // Only admin can set this setting to 'Public'
                $this->set_setting('new_feedback_status', $new_feedback_status);
            }
            $this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0'));
            $this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0'));
            $this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered'));
            $this->set_setting('max_attachments', param('max_attachments', 'integer', ''));
            $this->set_setting('autocomplete_usernames', param('autocomplete_usernames', 'integer', ''));
            $this->set_setting('display_rating_summary', param('display_rating_summary', 'string', '0'));
            $this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never'));
            $this->set_setting('rating_question', param('rating_question', 'text'));
            $this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0'));
            $blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0);
            if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
                // Only admin can turn ON this setting
                $this->set('allowtrackbacks', $blog_allowtrackbacks);
            }
            $this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC'));
            // call modules update_collection_comments on this blog
            modules_call_method('update_collection_comments', array('edited_Blog' => &$this));
            $threaded_comments = param('threaded_comments', 'integer', 0);
            $this->set_setting('threaded_comments', $threaded_comments);
            $this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0));
            param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.'));
            $this->set_setting('comments_per_page', get_param('comments_per_page'));
            $this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0));
            $this->set_setting('comments_latest', param('comments_latest', 'integer', 0));
            // load blog front office comment statuses
            $this->load_inskin_statuses('comment');
        }
        if (in_array('seo', $groups)) {
            // we want to load the workflow checkboxes:
            $this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0));
            $this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0));
            $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0));
            $this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0));
            $this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0));
            $this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0));
            $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0));
            $this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0));
            $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0));
            $this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0));
            $this->set_setting('default_noindex', param('default_noindex', 'integer', 0));
            $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0));
            $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0));
            $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0));
            $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0));
            $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0));
            $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0));
            $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0));
            $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0));
            $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0));
            $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0));
            $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0));
            $this->set_setting('special_noindex', param('special_noindex', 'integer', 0));
            $this->set_setting('title_link_type', param('title_link_type', 'string', ''));
            $this->set_setting('permalinks', param('permalinks', 'string', ''));
            $this->set_setting('404_response', param('404_response', 'string', ''));
            $this->set_setting('help_link', param('help_link', 'string', ''));
            $this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0));
            $this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0));
            $this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0));
            $this->set_setting('tags_open_graph', param('tags_open_graph', 'integer', 0));
            $this->set_setting('download_noindex', param('download_noindex', 'integer', 0));
            $this->set_setting('download_nofollowto', param('download_nofollowto', 'integer', 0));
        }
        /*
         * ADVANCED ADMIN SETTINGS
         */
        if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) {
            // We have permission to edit advanced admin settings:
            if (in_array('cache', $groups)) {
                // we want to load the cache params:
                $this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0));
                $this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0));
                $this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0));
            }
            if (in_array('styles', $groups)) {
                // we want to load the styles params:
                $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0));
                $this->set('allowusercss', param('blog_allowusercss', 'integer', 0));
            }
            if (in_array('login', $groups)) {
                // we want to load the login params:
                if (!get_setting_Blog('login_blog_ID')) {
                    // Update this only when no blog is defined for login/registration
                    $this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0));
                }
                $this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0));
            }
            if (param('blog_head_includes', 'html', NULL) !== NULL) {
                // HTML header includes:
                param_check_html('blog_head_includes', T_('Invalid Custom meta tag/css section.'), '#', 'head_extension');
                $this->set_setting('head_includes', get_param('blog_head_includes'));
            }
            if (param('blog_footer_includes', 'html', NULL) !== NULL) {
                // HTML header includes:
                param_check_html('blog_footer_includes', T_('Invalid Custom javascript section'));
                $this->set_setting('footer_includes', get_param('blog_footer_includes'));
            }
            if (param('owner_login', 'string', NULL) !== NULL) {
                // Permissions:
                $UserCache =& get_UserCache();
                $owner_User =& $UserCache->get_by_login(get_param('owner_login'));
                if (empty($owner_User)) {
                    param_error('owner_login', sprintf(T_('User &laquo;%s&raquo; does not exist!'), get_param('owner_login')));
                } else {
                    $this->set('owner_user_ID', $owner_User->ID);
                    $this->owner_User =& $owner_User;
                }
            }
            if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) {
                // check urlname
                if (param_check_not_empty('blog_urlname', T_('You must provide an URL collection name!'))) {
                    if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) {
                        param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "&laquo;{$blog_urlname}&raquo;"));
                        $blog_urlname = NULL;
                    }
                    if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*)
															FROM T_blogs
															WHERE blog_urlname = ' . $DB->quote($blog_urlname) . '
															AND blog_ID <> ' . $this->ID)) {
                        // urlname is already in use
                        param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another collection. Please choose another name.'), "&laquo;{$blog_urlname}&raquo;"));
                        $blog_urlname = NULL;
                    }
                    if (isset($blog_urlname)) {
                        // Set new urlname and save old media dir in order to rename folder to new
                        $old_media_dir = $this->get_media_dir(false);
                        $this->set_from_Request('urlname');
                    }
                }
            }
            if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) {
                // Blog URL parameters:
                // Note: We must avoid to set an invalid url, because the new blog url will be displayed in the evobar even if it was not saved
                $allow_new_access_type = true;
                if ($access_type == 'absolute') {
                    $blog_siteurl = param('blog_siteurl_absolute', 'string', true);
                    if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) {
                        // It looks like valid absolute URL, so we may update the blog siteurl
                        $this->set('siteurl', $blog_siteurl);
                    } else {
                        // It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors
                        $allow_new_access_type = false;
                        // If site url is not updated do not allow access_type update either
                        $Messages->add(T_('Collection Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '&laquo;' . htmlspecialchars($blog_siteurl) . '&raquo;') . '. ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error');
                    }
                } elseif ($access_type == 'relative') {
                    // relative siteurl
                    $blog_siteurl = param('blog_siteurl_relative', 'string', true);
                    if (preg_match('#^https?://#', $blog_siteurl)) {
                        $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error');
                    }
                    $this->set('siteurl', $blog_siteurl);
                } else {
                    $this->set('siteurl', '');
                }
                if ($allow_new_access_type) {
                    // The received siteurl value was correct, may update the access_type value
                    $this->set('access_type', $access_type);
                }
            }
            if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) {
                // Aggregate list: (can be '*')
                $aggregate_coll_IDs = get_param('aggregate_coll_IDs');
                if ($aggregate_coll_IDs != '*') {
                    // Sanitize the string
                    $aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs);
                }
                // fp> TODO: check perms on each aggregated blog (if changed)
                // fp> TODO: better interface
                if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) {
                    param_error('aggregate_coll_IDs', T_('Invalid aggregate collection ID list!'));
                }
                $this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs);
            }
            $media_location = param('blog_media_location', 'string', NULL);
            if ($media_location !== NULL) {
                // Media files location:
                $old_media_dir = $this->get_media_dir(false);
                $old_media_location = $this->get('media_location');
                $this->set_from_Request('media_location');
                $this->set_media_subdir(param('blog_media_subdir', 'string', ''));
                $this->set_media_fullpath(param('blog_media_fullpath', 'string', ''));
                $this->set_media_url(param('blog_media_url', 'string', ''));
                // check params
                switch ($this->get('media_location')) {
                    case 'custom':
                        // custom path and URL
                        global $demo_mode, $media_path;
                        if ($this->get('media_fullpath') == '') {
                            param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.'));
                        }
                        if (!preg_match('#^https?://#', $this->get('media_url'))) {
                            param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'));
                        }
                        if ($demo_mode) {
                            $canonical_fullpath = get_canonical_path($this->get('media_fullpath'));
                            if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) {
                                param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.');
                            }
                        }
                        break;
                    case 'subdir':
                        global $media_path;
                        if ($this->get('media_subdir') == '') {
                            param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.'));
                        } else {
                            // Test if it's below $media_path (subdir!)
                            $canonical_path = get_canonical_path($media_path . $this->get('media_subdir'));
                            if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) {
                                param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory &laquo;%s&raquo;.'), format_to_output($this->get('media_subdir'))));
                            } else {
                                // Validate if it's a valid directory name:
                                $subdir = no_trailing_slash(substr($canonical_path, strlen($media_path)));
                                if ($error = validate_dirname($subdir)) {
                                    param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error);
                                    syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $subdir . '</b>'), 'warning', 'file');
                                }
                            }
                        }
                        break;
                }
            }
            if (!param_errors_detected() && !empty($old_media_dir)) {
                // No error were detected before and possibly the media directory path was updated, check if it can be managed
                $this->check_media_dir_change($old_media_dir, isset($old_media_location) ? $old_media_location : NULL);
            }
        }
        return !param_errors_detected();
    }