Menu
▾
▴
[mxbb-commits] mx_kb/admin admin_kb_art.php,1.12,1.13 admin_kb_config.php,1.13,1.14
|
From: Jon O. <jon...@us...> - 2005-03-26 22:53:14
|
Update of /cvsroot/mxbb/mx_kb/admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25039/modules/mx_kb/admin Modified Files: admin_kb_art.php admin_kb_config.php Log Message: finally rewriting this module, once and for all - rewritten post methods - better security - separated html. bbcode, smilies from phpbb - wysiwyg support Index: admin_kb_art.php =================================================================== RCS file: /cvsroot/mxbb/mx_kb/admin/admin_kb_art.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** admin_kb_art.php 17 Mar 2005 12:37:24 -0000 1.12 --- admin_kb_art.php 26 Mar 2005 22:52:35 -0000 1.13 *************** *** 81,152 **** } switch ( $mode ) { case 'approve': ! ! $article_id = intval( $HTTP_GET_VARS['a'] ); ! $topic_sql = ''; if ( $kb_config['use_comments'] ) { - $sql = "SELECT * FROM " . KB_ARTICLES_TABLE . " WHERE article_id = " . $article_id; - if ( !( $results = $db->sql_query( $sql ) ) ) - { - mx_message_die( GENERAL_ERROR, "Could not obtain article data", '', __LINE__, __FILE__, $sql ); - } - - $row = $db->sql_fetchrow( $results ); - if ( !$row['topic_id'] ) { ! // choose a user ! $user_id = $row['article_author_id']; ! // initialise the userdata ! $sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = $user_id"; ! if ( !( $result = $db->sql_query( $sql ) ) ) ! { ! mx_message_die( CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql ); ! } ! $user = $db->sql_fetchrow( $result ); ! init_userprefs( $user ); ! ! $kb_cat = get_kb_cat( $row['article_category_id'] ); ! $type = get_kb_type( $row['article_type'] ); ! $author = get_kb_author( $row['article_author_id'] ); ! ! $sql = "SELECT comments_forum_id FROM " . KB_CATEGORIES_TABLE . " WHERE category_id = '" . $row['article_category_id'] . "'"; ! if ( !( $results = $db->sql_query( $sql ) ) ) ! { ! mx_message_die( GENERAL_ERROR, "Could not get comments_forum_id", '', __LINE__, __FILE__, $sql ); ! } ! $cat_row = $db->sql_fetchrow( $results ); ! $forum_id = $cat_row['comments_forum_id']; - $search = array ( "'&(quot|#34);'i", // Replace HTML entities - "'&(amp|#38);'i", - "'&(lt|#60);'i", - "'&(gt|#62);'i" - ); - $replace = array ( "\"", - "&", - "<", - ">" - ); - - $temp_url = PORTAL_URL . "modules/mx_kb/kb." . $phpEx . "?mode=article&k=" . $article_id; - $message = "[b]" . $lang['Category'] . ":[/b] " . $kb_cat['category_name'] . "\n"; - $message .= "[b]" . $lang['Article_type'] . ":[/b] " . $type . "\n\n"; - $message .= "[b]" . $lang['Article_title'] . ":[/b] " . preg_replace( $search, $replace, $row['article_title'] ) . "\n"; - $message .= "[b]" . $lang['Author'] . ":[/b] " . $author . "\n"; - $message .= "[b]" . $lang['Article_description'] . ":[/b] " . preg_replace( $search, $replace, $row['article_description'] ) . "\n\n"; - $message .= "[b][url=" . $temp_url . "]" . $lang['Read_full_article'] . "[/url][/b]"; - - $subject = '[ KB ] ' . $row['article_title']; - - $subject = str_replace( "'", "\'" , $subject ); - $message = str_replace( "'", "\'" , $message ); - - $topic_data = insert_post( $message, $subject, $forum_id, $user['user_id'], $user['username'], $user['user_attachsig'] ); $topic_sql = ", topic_id = " . $topic_data['topic_id']; } --- 81,119 ---- } + $article_id = intval( $HTTP_GET_VARS['a'] ); + switch ( $mode ) { case 'approve': ! ! $sql = "SELECT * FROM " . KB_ARTICLES_TABLE . " WHERE article_id = " . $article_id; ! if ( !( $results = $db->sql_query( $sql ) ) ) ! { ! mx_message_die( GENERAL_ERROR, "Could not obtain article data", '', __LINE__, __FILE__, $sql ); ! } ! $row = $db->sql_fetchrow( $results ); ! $topic_sql = ''; + + // Insert comment, if not already present if ( $kb_config['use_comments'] ) { if ( !$row['topic_id'] ) { ! $kb_comment = array(); ! // Populate the kb_comment variable ! $kb_comment = kb_get_data($row, $userdata); ! ! // Compose post header ! $subject = $lang['KB_comment_prefix'] . $kb_comment['article_title']; ! $message_temp = kb_compose_comment( $kb_comment ); ! ! $kb_message = $message_temp['message']; ! $kb_update_message = $message_temp['update_message']; ! ! // Post ! $topic_data = kb_insert_post( $kb_message, $subject, $kb_comment['category_forum_id'], $kb_comment['article_author_id'], $userdata['article_author'], $userdata['article_author_sig'], $kb_comment['topic_id'], $kb_update_message ); $topic_sql = ", topic_id = " . $topic_data['topic_id']; } *************** *** 154,158 **** $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET approved = 1 " . $topic_sql . " ! WHERE article_id = " . $article_id; if ( !( $result = $db->sql_query( $sql ) ) ) --- 121,125 ---- $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET approved = 1 " . $topic_sql . " ! WHERE article_id = " . $article_id; if ( !( $result = $db->sql_query( $sql ) ) ) *************** *** 161,192 **** } ! $sql = "SELECT article_category_id, article_body ! FROM " . KB_ARTICLES_TABLE . " ! WHERE article_id = " . $article_id; ! ! if ( !( $result = $db->sql_query( $sql ) ) ) ! { ! message_die( GENERAL_ERROR, "Could not obtain article category", '', __LINE__, __FILE__, $sql ); ! } ! ! if ( $article = $db->sql_fetchrow( $result ) ) ! { ! $article_category_id = $article['article_category_id']; ! $body = $article['article_body']; ! } update_kb_number( $article_category_id, '+ 1' ); ! ! add_kb_words( $article_id, $body ); ! $message = $lang['Article_approved'] . '<br /><br />' . sprintf( $lang['Click_return_article_manager'], '<a href="' . append_sid( "admin_kb_art.$phpEx" ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_admin_index'], '<a href="' . append_sid( $mx_root_path . "admin/index.$phpEx?pane=right" ) . '">', '</a>' ); - message_die( GENERAL_MESSAGE, $message ); break; case 'unapprove': - $article_id = intval( $HTTP_GET_VARS['a'] ); - $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET approved = 0 WHERE article_id = " . $article_id; --- 128,143 ---- } ! $article_category_id = $row['article_category_id']; update_kb_number( $article_category_id, '+ 1' ); ! mx_add_search_words( 'single', $article_id, stripslashes( $row['article_body'] ), stripslashes( $row['article_title'] ), 'kb' ); ! $message = $lang['Article_approved'] . '<br /><br />' . sprintf( $lang['Click_return_article_manager'], '<a href="' . append_sid( "admin_kb_art.$phpEx" ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_admin_index'], '<a href="' . append_sid( $mx_root_path . "admin/index.$phpEx?pane=right" ) . '">', '</a>' ); message_die( GENERAL_MESSAGE, $message ); + break; case 'unapprove': $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET approved = 0 WHERE article_id = " . $article_id; *************** *** 198,203 **** $sql = "SELECT article_category_id ! FROM " . KB_ARTICLES_TABLE . " ! WHERE article_id = " . $article_id; if ( !( $result = $db->sql_query( $sql ) ) ) --- 149,154 ---- $sql = "SELECT article_category_id ! FROM " . KB_ARTICLES_TABLE . " ! WHERE article_id = " . $article_id; if ( !( $result = $db->sql_query( $sql ) ) ) *************** *** 212,218 **** update_kb_number( $article_category_id, '- 1' ); $message = $lang['Article_unapproved'] . '<br /><br />' . sprintf( $lang['Click_return_article_manager'], '<a href="' . append_sid( "admin_kb_art.$phpEx" ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_admin_index'], '<a href="' . append_sid( $mx_root_path . "admin/index.$phpEx?pane=right" ) . '">', '</a>' ); - message_die( GENERAL_MESSAGE, $message ); break; --- 163,169 ---- update_kb_number( $article_category_id, '- 1' ); + mx_remove_search_words( $article_id, 'kb' ); $message = $lang['Article_unapproved'] . '<br /><br />' . sprintf( $lang['Click_return_article_manager'], '<a href="' . append_sid( "admin_kb_art.$phpEx" ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_admin_index'], '<a href="' . append_sid( $mx_root_path . "admin/index.$phpEx?pane=right" ) . '">', '</a>' ); message_die( GENERAL_MESSAGE, $message ); break; *************** *** 220,230 **** case 'delete': - $article_id = intval( $HTTP_GET_VARS['a'] ); - if ( $HTTP_GET_VARS['c'] == "yes" ) { $sql = "SELECT article_category_id, approved, topic_id ! FROM " . KB_ARTICLES_TABLE . " ! WHERE article_id = " . $article_id; if ( !( $result = $db->sql_query( $sql ) ) ) --- 171,179 ---- case 'delete': if ( $HTTP_GET_VARS['c'] == "yes" ) { $sql = "SELECT article_category_id, approved, topic_id ! FROM " . KB_ARTICLES_TABLE . " ! WHERE article_id = " . $article_id; if ( !( $result = $db->sql_query( $sql ) ) ) *************** *** 373,378 **** } $message = $lang['Article_deleted'] . '<br /><br />' . sprintf( $lang['Click_return_article_manager'], '<a href="' . append_sid( "admin_kb_art.$phpEx" ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_admin_index'], '<a href="' . append_sid( $mx_root_path . "admin/index.$phpEx?pane=right" ) . '">', '</a>' ); - message_die( GENERAL_MESSAGE, $message ); } --- 322,328 ---- } + mx_remove_search_words( $article_id, 'kb' ); + $message = $lang['Article_deleted'] . '<br /><br />' . sprintf( $lang['Click_return_article_manager'], '<a href="' . append_sid( "admin_kb_art.$phpEx" ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_admin_index'], '<a href="' . append_sid( $mx_root_path . "admin/index.$phpEx?pane=right" ) . '">', '</a>' ); message_die( GENERAL_MESSAGE, $message ); } *************** *** 380,384 **** { $message = $lang['Confirm_art_delete'] . '<br /><br />' . sprintf( $lang['Confirm_art_delete_yes'], '<a href="' . append_sid( "admin_kb_art.$phpEx?mode=delete&c=yes&a=" . $article_id ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Confirm_art_delete_no'], '<a href="' . append_sid( "admin_kb_art.$phpEx" ) . '">', '</a>' ); - message_die( GENERAL_MESSAGE, $message ); } --- 330,333 ---- Index: admin_kb_config.php =================================================================== RCS file: /cvsroot/mxbb/mx_kb/admin/admin_kb_config.php,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** admin_kb_config.php 17 Mar 2005 12:37:24 -0000 1.13 --- admin_kb_config.php 26 Mar 2005 22:52:35 -0000 1.14 *************** *** 87,98 **** $new_no = ( !$new['allow_new'] ) ? "checked=\"checked\"" : ""; ! //$approve_new_yes = ( $new['approve_new'] ) ? "checked=\"checked\"" : ""; ! //$approve_new_no = ( !$new['approve_new'] ) ? "checked=\"checked\"" : ""; ! //$edit_yes = ( $new['allow_edit'] ) ? "checked=\"checked\"" : ""; ! //$edit_no = ( !$new['allow_edit'] ) ? "checked=\"checked\"" : ""; ! //$approve_edit_yes = ( $new['approve_edit'] ) ? "checked=\"checked\"" : ""; ! //$approve_edit_no = ( !$new['approve_edit'] ) ? "checked=\"checked\"" : ""; $pretext_show = ( $new['show_pretext'] ) ? "checked=\"checked\"" : ""; --- 87,108 ---- $new_no = ( !$new['allow_new'] ) ? "checked=\"checked\"" : ""; ! $allow_html_yes = ( $new['allow_html'] ) ? "checked=\"checked\"" : ""; ! $allow_html_no = ( !$new['allow_html'] ) ? "checked=\"checked\"" : ""; ! $allow_bbcode_yes = ( $new['allow_bbcode'] ) ? "checked=\"checked\"" : ""; ! $allow_bbcode_no = ( !$new['allow_bbcode'] ) ? "checked=\"checked\"" : ""; ! $allow_smilies_yes = ( $new['allow_smilies'] ) ? "checked=\"checked\"" : ""; ! $allow_smilies_no = ( !$new['allow_smilies'] ) ? "checked=\"checked\"" : ""; ! ! $formatting_fixup_yes = ( $new['formatting_fixup'] ) ? "checked=\"checked\"" : ""; ! $formatting_fixup_no = ( !$new['formatting_fixup'] ) ? "checked=\"checked\"" : ""; ! ! $wysiwyg_yes = ( $new['wysiwyg'] ) ? "checked=\"checked\"" : ""; ! $wysiwyg_no = ( !$new['wysiwyg'] ) ? "checked=\"checked\"" : ""; ! ! $kb_allowed_html_tags = $new['allowed_html_tags']; ! ! $wysiwyg_path = $new['wysiwyg_path']; $pretext_show = ( $new['show_pretext'] ) ? "checked=\"checked\"" : ""; *************** *** 111,119 **** $use_comments_no = ( !$new['use_comments'] ) ? "checked=\"checked\"" : ""; - // $forums = get_forums( $new['forum_id'] ); - - //$anon_yes = ( $new['allow_anon'] ) ? "checked=\"checked\"" : ""; - //$anon_no = ( !$new['allow_anon'] ) ? "checked=\"checked\"" : ""; - $del_topic_yes = ( $new['del_topic'] ) ? "checked=\"checked\"" : ""; $del_topic_no = ( !$new['del_topic'] ) ? "checked=\"checked\"" : ""; --- 121,124 ---- *************** *** 243,246 **** --- 248,284 ---- 'S_BUMP_POST_YES' => $bump_post_yes, 'S_BUMP_POST_NO' => $bump_post_no, + + 'L_FORMATTING_FIXUP' => $lang['Formatting_fixup'], + 'L_FORMATTING_FIXUP_EXPLAIN' => $lang['Formatting_fixup_explain'], + 'S_FORMATTING_FIXUP_YES' => $formatting_fixup_yes, + 'S_FORMATTING_FIXUP_NO' => $formatting_fixup_no, + + 'L_WYSIWYG' => $lang['Wysiwyg'], + 'L_WYSIWYG_EXPLAIN' => $lang['Wysiwyg_explain'], + 'S_WYSIWYG_YES' => $wysiwyg_yes, + 'S_WYSIWYG_NO' => $wysiwyg_no, + + 'L_WYSIWYG_PATH' => $lang['Wysiwyg_path'], + 'L_WYSIWYG_PATH_EXPLAIN' => $lang['Wysiwyg_path_explain'], + 'WYSIWYG_PATH' => $wysiwyg_path, + + 'L_ALLOW_HTML' => $lang['Allow_HTML'], + 'L_ALLOW_HTML_EXPLAIN' => $lang['Allow_html_explain'], + 'S_ALLOW_HTML_YES' => $allow_html_yes, + 'S_ALLOW_HTML_NO' => $allow_html_no, + + 'L_ALLOW_BBCODE' => $lang['Allow_BBCode'], + 'L_ALLOW_BBCODE_EXPLAIN' => $lang['Allow_bbcode_explain'], + 'S_ALLOW_BBCODE_YES' => $allow_bbcode_yes, + 'S_ALLOW_BBCODE_NO' => $allow_bbcode_no, + + 'L_ALLOW_SMILIES' => $lang['Allow_smilies'], + 'L_ALLOW_SMILIES_EXPLAIN' => $lang['Allow_smilies_explain'], + 'S_ALLOW_SMILIES_YES' => $allow_smilies_yes, + 'S_ALLOW_SMILIES_NO' => $allow_smilies_no, + + 'L_ALLOWED_HTML_TAGS' => $lang['Allowed_tags'], + 'L_ALLOWED_HTML_TAGS_EXPLAIN' => $lang['Allowed_tags_explain'], + 'ALLOWED_HTML_TAGS' => $kb_allowed_html_tags, 'L_STATS_LIST' => $lang['Stats_list'], |
