Project

General

Profile

« Previous | Next » 

Revision 2088

Added by darkviper almost 11 years ago

  1. news/delete_post invalid arguments for AccessFile corrected
    ! search/search.php read settings optimized
    ! WbDatabase visibility of constructor corrected

View differences:

branches/2.8.x/CHANGELOG
11 11
! = Update/Change
12 12
===============================================================================
13 13

  
14

  
14
19 Jan-2014 Build 2088 Manuela v.d.Decken(DarkViper)
15
# news/delete_post invalid arguments for AccessFile corrected
16
! search/search.php  read settings optimized
17
! WbDatabase  visibility of constructor corrected
15 18
17 Jan-2014 Build 2087 Manuela v.d.Decken(DarkViper)
16 19
! admin/pages/add class AccessFile implemented
17 20
16 Jan-2014 Build 2086 Manuela v.d.Decken(DarkViper)
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.4');
54
if(!defined('REVISION')) define('REVISION', '2087');
54
if(!defined('REVISION')) define('REVISION', '2088');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/framework/WbDatabase.php
52 52
 * __constructor
53 53
 *  prevent from public instancing
54 54
 */
55
	protected function  __construct() {}
55
	private function  __construct() {}
56 56
/**
57 57
 * prevent from cloning
58 58
 */
branches/2.8.x/wb/search/search.php
31 31

  
32 32
// Include the WB functions file
33 33
require_once(WB_PATH.'/framework/functions.php');
34

  
34
$oDb = WbDatabase::getInstance();
35 35
// Get search settings
36 36
$table=TABLE_PREFIX.'search';
37
$query = $database->query("SELECT value FROM $table WHERE name = 'header' LIMIT 1");
38
$fetch_header = $query->fetchRow();
39
$query = $database->query("SELECT value FROM $table WHERE name = 'footer' LIMIT 1");
40
$fetch_footer = $query->fetchRow();
41
$query = $database->query("SELECT value FROM $table WHERE name = 'results_header' LIMIT 1");
42
$fetch_results_header = $query->fetchRow();
43
$query = $database->query("SELECT value FROM $table WHERE name = 'results_footer' LIMIT 1");
44
$fetch_results_footer = $query->fetchRow();
45
$query = $database->query("SELECT value FROM $table WHERE name = 'results_loop' LIMIT 1");
46
$fetch_results_loop = $query->fetchRow();
47
$query = $database->query("SELECT value FROM $table WHERE name = 'no_results' LIMIT 1");
48
$fetch_no_results = $query->fetchRow();
49
$query = $database->query("SELECT value FROM $table WHERE name = 'module_order' LIMIT 1");
50
if($query->numRows() > 0) { $res = $query->fetchRow(); } else { $res['value']='faqbaker,manual,wysiwyg'; }
51
$search_module_order = $res['value'];
52
$query = $database->query("SELECT value FROM $table WHERE name = 'max_excerpt' LIMIT 1");
53
if($query->numRows() > 0) { $res = $query->fetchRow(); } else { $res['value'] = '15'; }
54
$search_max_excerpt = (int)($res['value']);
55
if(!is_numeric($search_max_excerpt)) { $search_max_excerpt = 15; }
56
$query = $database->query("SELECT value FROM $table WHERE name = 'cfg_show_description' LIMIT 1");
57
if($query->numRows() > 0) { $res = $query->fetchRow(); } else { $res['value'] = 'true'; }
58
if($res['value'] == 'false') { $cfg_show_description = false; } else { $cfg_show_description = true; }
59
$query = $database->query("SELECT value FROM $table WHERE name = 'cfg_search_description' LIMIT 1");
60
if($query->numRows() > 0) { $res = $query->fetchRow(); } else { $res['value'] = 'true'; }
61
if($res['value'] == 'false') { $cfg_search_description = false; } else { $cfg_search_description = true; }
62
$query = $database->query("SELECT value FROM $table WHERE name = 'cfg_search_keywords' LIMIT 1");
63
if($query->numRows() > 0) { $res = $query->fetchRow(); } else { $res['value'] = 'true'; }
64
if($res['value'] == 'false') { $cfg_search_keywords = false; } else { $cfg_search_keywords = true; }
65
$query = $database->query("SELECT value FROM $table WHERE name = 'cfg_enable_old_search' LIMIT 1");
66
if($query->numRows() > 0) { $res = $query->fetchRow(); } else { $res['value'] = 'true'; }
67
if($res['value'] == 'false') { $cfg_enable_old_search = false; } else { $cfg_enable_old_search = true; }
68
$query = $database->query("SELECT value FROM $table WHERE name = 'cfg_enable_flush' LIMIT 1");
69
if($query->numRows() > 0) { $res = $query->fetchRow(); } else { $res['value'] = 'false'; }
70
if($res['value'] == 'false') { $cfg_enable_flush = false; } else { $cfg_enable_flush = true; }
71
$query = $database->query("SELECT value FROM $table WHERE name = 'time_limit' LIMIT 1"); // time-limit per module
72
if($query->numRows() > 0) { $res = $query->fetchRow(); } else { $res['value'] = '0'; }
73
$search_time_limit = (int)($res['value']);
74
if($search_time_limit < 1) $search_time_limit = 0;
37
// set default values if needed
38
$aSettings = array( 'search_module_order'   => 'wysiwyg',
39
                    'search_max_excerpt'    => 15,
40
                    'cfg_show_description'  => true,
41
                    'cfg_search_description'=> true,
42
                    'cfg_search_keywords'   => true,
43
                    'cfg_enable_old_search' => true,
44
                    'cfg_enable_flush'      => true,
45
                    'search_time_limit'     => 0
46
                  );
47
$sql = 'SELECT `name`, `value` FROM `'.$oDb->TablePrefix.'search`';
48
$oSearchSettings = $oDb->doQuery($sql);
49
while ($aSettingsRecord = $oSearchSettings->fetchRow(MYSQL_ASSOC)) {
50
// read settings and sanitize it
51
    switch ($aSettingsRecord['name']) {
52
        case 'header':
53
        case 'footer':
54
        case 'results_header':
55
        case 'results_footer':
56
        case 'results_loop':
57
        case 'no_results':
58
            $aSettings['fetch_'.$aSettingsRecord['name']] = $aSettingsRecord['value'];
59
            break;
60
        case 'module_order':
61
            $aSettings['search_module_order'] = ( $aSettingsRecord['value']
62
                                                  ? $aSettingsRecord['value']
63
                                                  : 'wysiwyg'
64
                                                );
65
            break;
66
        case 'max_excerpt':
67
            $aSettings['search_max_excerpt'] = ( intval($aSettingsRecord['value'])
68
                                                 ? intval($aSettingsRecord['value'])
69
                                                 : $aSettings['search_max_excerpt']
70
                                               );
71
            break;
72
        case 'cfg_show_description':
73
        case 'cfg_search_description':
74
        case 'cfg_search_keywords':
75
        case 'cfg_enable_old_search':
76
        case 'cfg_enable_flush':
77
            $aSettings[$aSettingsRecord['name']] = (filter_var( $aSettingsRecord['value'],
78
                                                                FILTER_VALIDATE_BOOLEAN,
79
                                                                FILTER_NULL_ON_FAILURE
80
                                                              ) !== false);
81
            break;
82
        case 'time_limit':
83
            $aSettings['search_time_limit'] = ( intval($aSettingsRecord['value']) < 0
84
                                                ? 0
85
                                                : intval($aSettingsRecord['value'])
86
                                              );
87
            break;
88
        default:
89
            break;
90
    }
91
}
75 92

  
76 93
// search-module-extension: get helper-functions
77 94
require_once(WB_PATH.'/search/search_modext.php');
......
273 290
// Replace vars in search settings with values
274 291
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_RESULTS_FOR]');
275 292
$values = array($search_display_string, WB_URL, PAGE_EXTENSION, $TEXT['RESULTS_FOR']);
276
$search_footer = str_replace($vars, $values, ($fetch_footer['value']));
277
$search_results_header = str_replace($vars, $values, ($fetch_results_header['value']));
278
$search_results_footer = str_replace($vars, $values, ($fetch_results_footer['value']));
293
$search_footer = str_replace($vars, $values, ($aSettings['fetch_footer']));
294
$search_results_header = str_replace($vars, $values, ($aSettings['fetch_results_header']));
295
$search_results_footer = str_replace($vars, $values, ($aSettings['fetch_results_footer']));
279 296

  
280 297
// Do extra vars/values replacement
281 298
$vars = array('[SEARCH_STRING]', '[WB_URL]', '[PAGE_EXTENSION]', '[TEXT_SEARCH]', '[TEXT_ALL_WORDS]', '[TEXT_ANY_WORDS]', '[TEXT_EXACT_MATCH]', '[TEXT_MATCH]', '[TEXT_MATCHING]', '[ALL_CHECKED]', '[ANY_CHECKED]', '[EXACT_CHECKED]', '[REFERRER_ID]', '[SEARCH_PATH]');
282 299
$values = array($search_display_string, WB_URL, PAGE_EXTENSION, $TEXT['SEARCH'], $TEXT['ALL_WORDS'], $TEXT['ANY_WORDS'], $TEXT['EXACT_MATCH'], $TEXT['MATCH'], $TEXT['MATCHING'], $all_checked, $any_checked, $exact_checked, REFERRER_ID, $search_path);
283
$search_header = str_replace($vars, $values, ($fetch_header['value']));
300
$search_header = str_replace($vars, $values, ($aSettings['fetch_header']));
284 301
$vars = array('[TEXT_NO_RESULTS]');
285 302
$values = array($TEXT['NO_RESULTS']);
286
$search_no_results = str_replace($vars, $values, ($fetch_no_results['value']));
303
$search_no_results = str_replace($vars, $values, ($aSettings['fetch_no_results']));
287 304

  
288 305
/*
289 306
 * Start of output
......
307 324
		}
308 325
	}
309 326
	// sort module search-order
310
	// get the modules from $search_module_order first ...
327
	// get the modules from $aSettings['search_module_order'] first ...
311 328
	$sorted_modules = array();
312 329
	$m = count($modules);
313
	$search_modules = explode(',', $search_module_order);
330
	$search_modules = explode(',', $aSettings['search_module_order']);
314 331
	foreach($search_modules AS $item) {
315 332
		$item = trim($item);
316 333
		for($i=0; $i < $m; $i++) {
......
346 363
		'search_match' => $match, // match-type
347 364
		'search_url_array' => $search_url_array, // array of strings from the original search-string. ATTN: strings are not quoted!
348 365
		'search_entities_array' => $search_entities_array, // entities
349
		'results_loop_string' => $fetch_results_loop['value'],
350
		'default_max_excerpt' => $search_max_excerpt,
351
		'time_limit' => $search_time_limit, // time-limit in secs
366
		'results_loop_string' => $aSettings['fetch_results_loop'],
367
		'default_max_excerpt' => $aSettings['search_max_excerpt'],
368
		'time_limit' => $aSettings['search_time_limit'], // time-limit in secs
352 369
		'search_path' => $search_path // see docu
353 370
	);
354 371
	foreach($search_funcs['__before'] as $func) {
......
357 374
	// now call module-based $search_funcs[]
358 375
	$seen_pages = array(); // seen pages per module.
359 376
	$pages_listed = array(); // seen pages.
360
	if($search_max_excerpt!=0) { // skip this search if $search_max_excerpt==0
377
	if($aSettings['search_max_excerpt']!=0) { // skip this search if $aSettings['search_max_excerpt']==0
361 378
		foreach($sorted_modules AS $module_name) {
362 379
			$start_time = time();	// get start-time to check time-limit; not very accurate, but ok
363 380
			$seen_pages[$module_name] = array();
......
378 395
			if($sections_query->numRows() > 0) {
379 396
				while($res = $sections_query->fetchRow()) {
380 397
					// check if time-limit is exceeded for this module
381
					if($search_time_limit > 0 && (time()-$start_time > $search_time_limit)) {
398
					if($aSettings['search_time_limit'] > 0 && (time()-$start_time > $aSettings['search_time_limit'])) {
382 399
						break;
383 400
					}
384 401
					// Only show this section if it is not "out of publication-date"
......
393 410
						'section_id' => $res['section_id'],
394 411
						'page_title' => $res['page_title'],
395 412
						'page_menu_title' => $res['menu_title'],
396
						'page_description' => ($cfg_show_description?$res['description']:""),
413
						'page_description' => ($aSettings['cfg_show_description']?$res['description']:""),
397 414
						'page_keywords' => $res['keywords'],
398 415
						'page_link' => $res['link'],
399 416
						'page_modified_when' => $res['modified_when'],
......
403 420
						'search_match' => $match,
404 421
						'search_url_array' => $search_url_array, // needed for url-string only
405 422
						'search_entities_array' => $search_entities_array, // entities
406
						'results_loop_string' => $fetch_results_loop['value'],
407
						'default_max_excerpt' => $search_max_excerpt,
408
						'enable_flush' => $cfg_enable_flush,
409
						'time_limit' => $search_time_limit // time-limit in secs
423
						'results_loop_string' => $aSettings['fetch_results_loop'],
424
						'default_max_excerpt' => $aSettings['search_max_excerpt'],
425
						'enable_flush' => $aSettings['cfg_enable_flush'],
426
						'time_limit' => $aSettings['search_time_limit'] // time-limit in secs
410 427
					);
411 428
					// Only show this page if we are allowed to see it
412 429
					if($admin->page_is_visible($res) == false) {
......
445 462
		'search_match' => $match, // match-type
446 463
		'search_url_array' => $search_url_array, // array of strings from the original search-string. ATTN: strings are not quoted!
447 464
		'search_entities_array' => $search_entities_array, // entities
448
		'results_loop_string' => $fetch_results_loop['value'],
449
		'default_max_excerpt' => $search_max_excerpt,
450
		'time_limit' => $search_time_limit, // time-limit in secs
465
		'results_loop_string' => $aSettings['fetch_results_loop'],
466
		'default_max_excerpt' => $aSettings['search_max_excerpt'],
467
		'time_limit' => $aSettings['search_time_limit'], // time-limit in secs
451 468
		'search_path' => $search_path // see docu
452 469
	);
453 470
	foreach($search_funcs['__after'] as $func) {
......
475 492
				'page_id' => $page['page_id'],
476 493
				'page_title' => $page['page_title'],
477 494
				'page_menu_title' => $page['menu_title'],
478
				'page_description' => ($cfg_show_description?$page['description']:""),
495
				'page_description' => ($aSettings['cfg_show_description']?$page['description']:""),
479 496
				'page_keywords' => $page['keywords'],
480 497
				'page_link' => $page['link'],
481 498
				'page_modified_when' => $page['modified_when'],
......
485 502
				'search_match' => $match,
486 503
				'search_url_array' => $search_url_array, // needed for url-string only
487 504
				'search_entities_array' => $search_entities_array, // entities
488
				'results_loop_string' => $fetch_results_loop['value'],
505
				'results_loop_string' => $aSettings['fetch_results_loop'],
489 506
				'default_max_excerpt' => $max_excerpt_num,
490
				'enable_flush' => $cfg_enable_flush
507
				'enable_flush' => $aSettings['cfg_enable_flush']
491 508
			);
492 509
			// Only show this page if we are allowed to see it
493 510
			if($admin->page_is_visible($page) == false) {
......
502 519
			}
503 520
			$text = $func_vars['page_title'].$divider
504 521
				.$func_vars['page_menu_title'].$divider
505
				.($cfg_search_description?$func_vars['page_description']:"").$divider
506
				.($cfg_search_keywords?$func_vars['page_keywords']:"").$divider;
522
				.($aSettings['cfg_search_description']?$func_vars['page_description']:"").$divider
523
				.($aSettings['cfg_search_keywords']?$func_vars['page_keywords']:"").$divider;
507 524
			$mod_vars = array(
508 525
				'page_link' => $func_vars['page_link'],
509 526
				'page_link_target' => "",
......
539 556
		}
540 557
	}
541 558
	// sort module search-order
542
	// get the modules from $search_module_order first ...
559
	// get the modules from $aSettings['search_module_order'] first ...
543 560
	$sorted_modules = array();
544 561
	$m = count($modules);
545
	$search_modules = explode(',', $search_module_order);
562
	$search_modules = explode(',', $aSettings['search_module_order']);
546 563
	foreach($search_modules AS $item) {
547 564
		$item = trim($item);
548 565
		for($i=0; $i < $m; $i++) {
......
558 575
		$sorted_modules[] = $item;
559 576
	}
560 577

  
561
	if($cfg_enable_old_search) { // this is the old (wb <= 2.6.7) search-function
578
	if($aSettings['cfg_enable_old_search']) { // this is the old (wb <= 2.6.7) search-function
562 579
		$search_path_SQL = str_replace(' link ', ' '.TABLE_PREFIX.'pages.link ', $search_path_SQL);
563 580
		foreach($sorted_modules AS $module) {
564 581
			if(isset($seen_pages[$module['value']]) && count($seen_pages[$module['value']])>0) // skip modules handled by new search-func
......
686 703
							$time = $TEXT['UNKNOWN'].' '.$TEXT['TIME'];
687 704
						}
688 705
						$excerpt="";
689
						if($cfg_show_description == 0) {
706
						if($aSettings['cfg_show_description'] == 0) {
690 707
							$page['description'] = "";
691 708
						}
692 709
						$values = array($link, $page['page_title'], $page['description'], $users[$page['modified_by']]['username'], $users[$page['modified_by']]['display_name'], $date, $time, $TEXT['LAST_UPDATED_BY'], strtolower($TEXT['ON']), $excerpt);
693 710
						// Show loop code with vars replaced by values
694
						echo str_replace($vars, $values, ($fetch_results_loop['value']));
711
						echo str_replace($vars, $values, ($aSettings['fetch_results_loop']));
695 712
						// Say that this page has been listed
696 713
						$seen_pages[$module_name][$page['page_id']] = true;
697 714
						$pages_listed[$page['page_id']] = true;
branches/2.8.x/wb/modules/news/delete_post.php
15 15
 *
16 16
 */
17 17

  
18
require('../../config.php');
18
    require('../../config.php');
19 19

  
20
$admin_header = false;
21
// Tells script to update when this page was last updated
22
$update_when_modified = true;
23
// Include WB admin wrapper script
24
require(WB_PATH.'/modules/admin.php');
20
    $admin_header = false;
21
    $update_when_modified = true; // Tells script to update when this page was last updated
22
    $oReg   = WbAdaptor::getInstance();
23
    $oDb    = WbDatabase::getInstance();
24
    $oTrans = Translate::getInstance();
25
    $oTrans->enableAddon('modules\news');
26
    require($oReg->AppPath.'/modules/admin.php'); // Include WB admin wrapper script
27
    $sErrMsg = '';
28
    $sRedirectLink = $oReg->AcpUrl.'pages/modify.php?page_id='.$page_id;
29
    if (($post_id = ($admin->checkIDKEY('post_id', false, 'GET')))) {
30
    // Get post details
31
        $sql = 'SELECT `link` FROM `'.$oDb->TablePrefix.'mod_news_posts` '
32
             . 'WHERE `post_id`='.$post_id;
33
        if (($sPostLink = $oDb->getOne($sql))) {
34
            try {
35
                $sAccesFilesRootDir = $oReg->AppPath.$oReg->PagesDir.'posts/';
36
                $sAccesFileName = str_replace('posts/', '', trim($sPostLink, '/')).$oReg->PageExtension;
37
            // Unlink post access file
38
                $oAF = new AccessFile($sAccesFilesRootDir, $sAccesFileName);
39
                $oAF->delete();
40
                unset($oAF);
41
            // first delete all depending records
42
                $sql = 'DELETE FROM `'.$oDb->TablePrefix.'mod_news_comments` '
43
                     . 'WHERE `post_id`='.$post_id;
44
                $oDb->doQuery($sql);
45
            // now delete master record
46
                $sql = 'DELETE FROM `'.$oDb->TablePrefix.'mod_news_posts` '
47
                     . 'WHERE `post_id`='.$post_id;
48
                $oDb->doQuery($sql);
49
            // reorder positions
50
                $oOrder = new order($oDb->TablePrefix.'mod_news_posts', 'position', 'post_id', 'section_id');
51
                $oOrder->clean($section_id);
52
            } catch(AccessFileException $e) {
53
                $sErrMsg = (string)$e;
54
            } catch(WbDatabaseException $e) {
55
                $sErrMsg = (string)$e;
56
                $sRedirectLink = $oReg->AppUrl.'modules/news/modify_post.php?page_id='.$page_id.'&post_id='.$post_id;
57
            }
58
        } else {
59
            $sErrMsg = $oTrans->TEXT_NOT_FOUND;
60
        }
61
    } else {
62
        $sErrMsg = $oTrans->MESSAGE_GENERIC_SECURITY_ACCESS;
63
    }
64
    // print result
65
    $admin->print_header();
66
    if($sErrMsg) {
67
        $admin->print_error($sErrMsg, $sRedirectLink);
68
    } else {
69
        $admin->print_success($oTrans->TEXT_SUCCESS, $sRedirectLink);
70
    }
71
    $oTrans->disableAddon();
72
    $admin->print_footer();
25 73

  
26
$post_id = ($admin->checkIDKEY('post_id', false, 'GET'));
27
if (!$post_id) {
28
	$admin->print_header();
29
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
30
}
31
$admin->print_header();
32

  
33
// Get post details
34
$query_details = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_posts WHERE post_id = '$post_id'");
35
if($query_details->numRows() > 0) {
36
	$get_details = $query_details->fetchRow();
37
} else {
38
	$admin->print_error($TEXT['NOT_FOUND'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
39
}
40

  
41
// Unlink post access file
42
try {
43
    $sFilename = WB_PATH.PAGES_DIRECTORY.$get_details['link'].PAGE_EXTENSION;
44
    $oAF = new AccessFile($sFilename, $page_id);
45
    $oAF->delete();
46
    unset($oAF);
47
}catch(AccessFileException $e) {
48
    $admin->print_error($e,ADMIN_URL.'/pages/modify.php?page_id='.$page_id );
49
}
50

  
51
// Delete post
52
$database->query("DELETE FROM ".TABLE_PREFIX."mod_news_posts WHERE post_id = '$post_id' LIMIT 1");
53
$database->query("DELETE FROM ".TABLE_PREFIX."mod_news_comments WHERE post_id = '$post_id'");
54

  
55
// Clean up ordering
56
require(WB_PATH.'/framework/class.order.php');
57
$order = new order(TABLE_PREFIX.'mod_news_posts', 'position', 'post_id', 'section_id');
58
$order->clean($section_id);
59

  
60
// Check if there is a db error, otherwise say successful
61
if($database->is_error()) {
62
	$admin->print_error($database->get_error(), WB_URL.'/modules/news/modify_post.php?page_id='.$page_id.'&post_id='.$post_id);
63
} else {
64
	$admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
65
}
66

  
67
// Print admin footer
68
$admin->print_footer();

Also available in: Unified diff