/*
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
- * Copyright (C) 2002-2009 The Nucleus Group
+ * Copyright (C) 2002-2010 The Nucleus Group
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* on the screen
*
* @license http://nucleuscms.org/license.txt GNU General Public License
- * @copyright Copyright (C) 2002-2009 The Nucleus Group
+ * @copyright Copyright (C) 2002-2010 The Nucleus Group
* @version $Id$
* $NucleusJP: BLOG.php,v 1.12.2.2 2007/08/08 05:26:22 kimitake Exp $
*/
* Shows the given amount of items for this blog
*
* @param $template
- * String representing the template _NAME_ (!)
+ * String representing the template _NAME_ (!)
* @param $amountEntries
- * amount of entries to show
+ * amount of entries to show
* @param $startpos
- * offset from where items should be shown (e.g. 5 = start at fifth item)
+ * offset from where items should be shown (e.g. 5 = start at fifth item)
* @returns int
- * amount of items shown
+ * amount of items shown
*/
function readLog($template, $amountEntries, $offset = 0, $startpos = 0) {
return $this->readLogAmount($template,$amountEntries,'','',1,1,$offset, $startpos);
* Shows an archive for a given month
*
* @param $year
- * year
+ * year
* @param $month
- * month
+ * month
* @param $template
- * String representing the template name to be used
+ * String representing the template name to be used
*/
- function showArchive($templatename, $year, $month, $day=0) {
+ function showArchive($templatename, $year, $month = 0, $day = 0) {
// create extra where clause for select query
- if ($day == 0) {
+ if ($day == 0 && $month != 0) {
$timestamp_start = mktime(0,0,0,$month,1,$year);
$timestamp_end = mktime(0,0,0,$month+1,1,$year); // also works when $month==12
+ } elseif ($month == 0) {
+ $timestamp_start = mktime(0,0,0,1,1,$year);
+ $timestamp_end = mktime(0,0,0,12,31,$year); // also works when $month==12
} else {
$timestamp_start = mktime(0,0,0,$month,$day,$year);
$timestamp_end = mktime(0,0,0,$month,$day+1,$year);
* Shows the given amount of items for this blog
*
* @param $template
- * String representing the template _NAME_ (!)
+ * String representing the template _NAME_ (!)
* @param $amountEntries
- * amount of entries to show (0 = no limit)
+ * amount of entries to show (0 = no limit)
* @param $extraQuery
- * extra conditions to be added to the query
+ * extra conditions to be added to the query
* @param $highlight
- * contains a query that should be highlighted
+ * contains a query that should be highlighted
* @param $comments
- * 1=show comments 0=don't show comments
+ * 1=show comments 0=don't show comments
* @param $dateheads
- * 1=show dateheads 0=don't show dateheads
+ * 1=show dateheads 0=don't show dateheads
* @param $offset
- * offset
+ * offset
* @returns int
- * amount of items shown
+ * amount of items shown
*/
function readLogAmount($template, $amountEntries, $extraQuery, $highlight, $comments, $dateheads, $offset = 0, $startpos = 0) {
$old_date = 0;
while ($item = sql_fetch_object($items)) {
- $item->timestamp = strtotime($item->itime); // string timestamp -> unix timestamp
+ $item->timestamp = strtotime($item->itime); // string timestamp -> unix timestamp
// action handler needs to know the item we're handling
$actions->setCurrentItem($item);
function additem($catid, $title, $body, $more, $blogid, $authorid, $timestamp, $closed, $draft, $posted='1') {
global $manager;
- $blogid = intval($blogid);
- $authorid = intval($authorid);
- $title = $title;
- $body = $body;
- $more = $more;
- $catid = intval($catid);
+ $blogid = intval($blogid);
+ $authorid = intval($authorid);
+ $title = $title;
+ $body = $body;
+ $more = $more;
+ $catid = intval($catid);
// convert newlines to <br />
if ($this->convertBreaks()) {
$manager->notify('PreAddItem',array('title' => &$title, 'body' => &$body, 'more' => &$more, 'blog' => &$this, 'authorid' => &$authorid, 'timestamp' => &$timestamp, 'closed' => &$closed, 'draft' => &$draft, 'catid' => &$catid));
- $title = addslashes($title);
- $body = addslashes($body);
- $more = addslashes($more);
+ $title = sql_real_escape_string($title);
+ $body = sql_real_escape_string($body);
+ $more = sql_real_escape_string($more);
$query = 'INSERT INTO '.sql_table('item').' (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IDRAFT, ICAT, IPOSTED) '
. "VALUES ('$title', '$body', '$more', $blogid, $authorid, '$timestamp', $closed, $draft, $catid, $posted)";
* Creates a new category for this blog
*
* @param $catName
- * name of the new category. When empty, a name is generated automatically
- * (starting with newcat)
+ * name of the new category. When empty, a name is generated automatically
+ * (starting with newcat)
* @param $catDescription
- * description of the new category. Defaults to 'New Category'
+ * description of the new category. Defaults to 'New Category'
*
* @returns
- * the new category-id in case of success.
- * 0 on failure
+ * the new category-id in case of success.
+ * 0 on failure
*/
function createNewCategory($catName = '', $catDescription = _CREATED_NEW_CATEGORY_DESC) {
global $member, $manager;
)
);
- $query = 'INSERT INTO '.sql_table('category').' (cblog, cname, cdesc) VALUES (' . $this->getID() . ", '" . addslashes($catName) . "', '" . addslashes($catDescription) . "')";
+ $query = 'INSERT INTO '.sql_table('category').' (cblog, cname, cdesc) VALUES (' . $this->getID() . ", '" . sql_real_escape_string($catName) . "', '" . sql_real_escape_string($catDescription) . "')";
sql_query($query);
$catid = sql_insert_id();
* Searches all months of this blog for the given query
*
* @param $query
- * search query
+ * search query
* @param $template
- * template to be used (__NAME__ of the template)
+ * template to be used (__NAME__ of the template)
* @param $amountMonths
- * max amount of months to be search (0 = all)
+ * max amount of months to be search (0 = all)
* @param $maxresults
- * max number of results to show
+ * max number of results to show
* @param $startpos
- * offset
+ * offset
* @returns
- * amount of hits found
+ * amount of hits found
*/
function search($query, $template, $amountMonths, $maxresults, $startpos) {
global $CONF, $manager;
- $highlight = '';
- $sqlquery = $this->getSqlSearch($query, $amountMonths, $highlight);
+ $highlight = '';
+ $sqlquery = $this->getSqlSearch($query, $amountMonths, $highlight);
if ($sqlquery == '')
{
{
$template =& $manager->getTemplate($template);
$vars = array(
- 'query' => htmlspecialchars($query),
+ 'query' => htmlspecialchars($query),
'blogid' => $this->getID()
);
echo TEMPLATE::fill($template['SEARCH_NOTHINGFOUND'],$vars);
* Returns an SQL query to use for a search query
*
* @param $query
- * search query
+ * search query
* @param $amountMonths
- * amount of months to search back. Default = 0 = unlimited
+ * amount of months to search back. Default = 0 = unlimited
* @param $mode
- * either empty, or 'count'. In this case, the query will be a SELECT COUNT(*) query
+ * either empty, or 'count'. In this case, the query will be a SELECT COUNT(*) query
* @returns $highlight
- * words to highlight (out parameter)
+ * words to highlight (out parameter)
* @returns
- * either a full SQL query, or an empty string (if querystring empty)
+ * either a full SQL query, or an empty string (if querystring empty)
* @note
- * No LIMIT clause is added. (caller should add this if multiple pages are requested)
+ * No LIMIT clause is added. (caller should add this if multiple pages are requested)
*/
function getSqlSearch($query, $amountMonths = 0, &$highlight, $mode = '')
{
$searchclass =& new SEARCH($query);
- $highlight = $searchclass->inclusive;
+ $highlight = $searchclass->inclusive;
// if querystring is empty, return empty string
if ($searchclass->inclusive == '')
$select = $searchclass->boolean_sql_select('ititle,ibody,imore');
// get list of blogs to search
- $blogs = $searchclass->blogs; // array containing blogs that always need to be included
- $blogs[] = $this->getID(); // also search current blog (duh)
- $blogs = array_unique($blogs); // remove duplicates
+ $blogs = $searchclass->blogs; // array containing blogs that always need to be included
+ $blogs[] = $this->getID(); // also search current blog (duh)
+ $blogs = array_unique($blogs); // remove duplicates
$selectblogs = '';
if (count($blogs) > 0)
$selectblogs = ' and i.iblog in (' . implode(',', $blogs) . ')';
$query .= ' FROM '.sql_table('item').' as i, '.sql_table('member').' as m, '.sql_table('category').' as c'
. ' WHERE i.iauthor=m.mnumber'
. ' and i.icat=c.catid'
- . ' and i.idraft=0' // exclude drafts
+ . ' and i.idraft=0' // exclude drafts
. $selectblogs
// don't show future items
. ' and i.itime<=' . mysqldate($this->getCorrectTime())
* Returns the SQL query that's normally used to display the blog items on the index type skins
*
* @param $mode
- * either empty, or 'count'. In this case, the query will be a SELECT COUNT(*) query
+ * either empty, or 'count'. In this case, the query will be a SELECT COUNT(*) query
* @returns
- * either a full SQL query, or an empty string
+ * either a full SQL query, or an empty string
* @note
- * No LIMIT clause is added. (caller should add this if multiple pages are requested)
+ * No LIMIT clause is added. (caller should add this if multiple pages are requested)
*/
function getSqlBlog($extraQuery, $mode = '')
{
. ' WHERE i.iblog='.$this->blogid
. ' and i.iauthor=m.mnumber'
. ' and i.icat=c.catid'
- . ' and i.idraft=0' // exclude drafts
+ . ' and i.idraft=0' // exclude drafts
// don't show future items
. ' and i.itime<=' . mysqldate($this->getCorrectTime());
$template =& $manager->getTemplate($template);
$data['blogid'] = $this->getID();
- echo TEMPLATE::fill($template['ARCHIVELIST_HEADER'],$data);
+ $tplt = isset($template['ARCHIVELIST_HEADER']) ? $template['ARCHIVELIST_HEADER']
+ : '';
+ echo TEMPLATE::fill($tplt, $data);
$query = 'SELECT itime, SUBSTRING(itime,1,4) AS Year, SUBSTRING(itime,6,2) AS Month, SUBSTRING(itime,9,2) as Day FROM '.sql_table('item')
. ' WHERE iblog=' . $this->getID()
- . ' and itime <=' . mysqldate($this->getCorrectTime()) // don't show future items!
+ . ' and itime <=' . mysqldate($this->getCorrectTime()) // don't show future items!
. ' and idraft=0'; // don't show draft items
if ($catid)
if ($mode == 'day')
$query .= ', Day';
-
$query .= ' ORDER BY itime DESC';
if ($limit > 0)
$res = sql_query($query);
while ($current = sql_fetch_object($res)) {
- $current->itime = strtotime($current->itime); // string time -> unix timestamp
+ $current->itime = strtotime($current->itime); // string time -> unix timestamp
if ($mode == 'day') {
- $archivedate = date('Y-m-d',$current->itime);
+ $archivedate = date('Y-m-d',$current->itime);
$archive['day'] = date('d',$current->itime);
- $data['day'] = date('d',$current->itime);
- $data['month'] = date('m',$current->itime);
+ $data['day'] = date('d',$current->itime);
+ $data['month'] = date('m',$current->itime);
$archive['month'] = $data['month'];
} elseif ($mode == 'year') {
- $archivedate = date('Y',$current->itime);
- $data['day'] = '';
- $data['month'] = '';
+ $archivedate = date('Y',$current->itime);
+ $data['day'] = '';
+ $data['month'] = '';
$archive['day'] = '';
$archive['month'] = '';
} else {
$data['day'] = '';
$archive['day'] = '';
}
+
$data['year'] = date('Y',$current->itime);
$archive['year'] = $data['year'];
$data['archivelink'] = createArchiveLink($this->getID(),$archivedate,$linkparams);
sql_free_result($res);
- echo TEMPLATE::fill($template['ARCHIVELIST_FOOTER'],$data);
+ $tplt = isset($template['ARCHIVELIST_FOOTER']) ? $template['ARCHIVELIST_FOOTER']
+ : '';
+ echo TEMPLATE::fill($tplt, $data);
}
)
);
$data['self'] = $CONF['Self'];
+
+ //catiscurrent
+ if ($this->getSelectedCategory()) {
+ if ($this->getSelectedCategory() == $data['catid']) {
+ $data['catiscurrent'] = 'yes';
+ $data['currentcat'] = 'yes';
+ }
+ else {
+ $data['catiscurrent'] = 'no';
+ $data['currentcat'] = 'no';
+ }
+ }
+ else {
+ global $itemid;
+ if (intval($itemid) && $manager->existsItem(intval($itemid),0,0)) {
+ $iobj =& $manager->getItem(intval($itemid),0,0);
+ $cid = $iobj['catid'];
+ if ($cid == $data['catid']) {
+ $data['catiscurrent'] = 'yes';
+ $data['currentcat'] = 'yes';
+ }
+ else {
+ $data['catiscurrent'] = 'no';
+ $data['currentcat'] = 'no';
+ }
+ }
+ }
$manager->notify(
'PreCategoryListItem',
/**
* Shows a list of all blogs in the system using a given template
- * ordered by number, name, shortname or description
+ * ordered by number, name, shortname or description
* in ascending or descending order
*/
function showBlogList($template, $bnametype, $orderby, $direction) {
$offset = intval($offset);
$query = 'UPDATE '.sql_table('blog')
- . " SET bname='" . addslashes($this->getName()) . "',"
- . " bshortname='". addslashes($this->getShortName()) . "',"
- . " bcomments=". intval($this->commentsEnabled()) . ","
- . " bmaxcomments=" . intval($this->getMaxComments()) . ","
- . " btimeoffset=" . $offset . ","
- . " bpublic=" . intval($this->isPublic()) . ","
- . " breqemail=" . intval($this->emailRequired()) . ","
- . " bsendping=" . intval($this->sendPing()) . ","
- . " bconvertbreaks=" . intval($this->convertBreaks()) . ","
- . " ballowpast=" . intval($this->allowPastPosting()) . ","
- . " bnotify='" . addslashes($this->getNotifyAddress()) . "',"
- . " bnotifytype=" . intval($this->getNotifyType()) . ","
- . " burl='" . addslashes($this->getURL()) . "',"
- . " bupdate='" . addslashes($this->getUpdateFile()) . "',"
- . " bdesc='" . addslashes($this->getDescription()) . "',"
- . " bdefcat=" . intval($this->getDefaultCategory()) . ","
- . " bdefskin=" . intval($this->getDefaultSkin()) . ","
- . " bincludesearch=" . intval($this->getSearchable())
+ . " SET bname='" . sql_real_escape_string($this->getName()) . "',"
+ . " bshortname='". sql_real_escape_string($this->getShortName()) . "',"
+ . " bcomments=". intval($this->commentsEnabled()) . ","
+ . " bmaxcomments=" . intval($this->getMaxComments()) . ","
+ . " btimeoffset=" . $offset . ","
+ . " bpublic=" . intval($this->isPublic()) . ","
+ . " breqemail=" . intval($this->emailRequired()) . ","
+ . " bconvertbreaks=" . intval($this->convertBreaks()) . ","
+ . " ballowpast=" . intval($this->allowPastPosting()) . ","
+ . " bnotify='" . sql_real_escape_string($this->getNotifyAddress()) . "',"
+ . " bnotifytype=" . intval($this->getNotifyType()) . ","
+ . " burl='" . sql_real_escape_string($this->getURL()) . "',"
+ . " bupdate='" . sql_real_escape_string($this->getUpdateFile()) . "',"
+ . " bdesc='" . sql_real_escape_string($this->getDescription()) . "',"
+ . " bdefcat=" . intval($this->getDefaultCategory()) . ","
+ . " bdefskin=" . intval($this->getDefaultSkin()) . ","
+ . " bincludesearch=" . intval($this->getSearchable())
. " WHERE bnumber=" . intval($this->getID());
sql_query($query);
}
function getCategoryIdFromName($name) {
- $res = sql_query('SELECT catid FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and cname="' . addslashes($name) . '"');
+ $res = sql_query('SELECT catid FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and cname="' . sql_real_escape_string($name) . '"');
if (sql_num_rows($res) > 0) {
$o = sql_fetch_object($res);
return $o->catid;
}
}
- function sendPing() {
- return $this->getSetting('bsendping');
- }
-
- function setPingUserland($val) {
- $this->setSetting('bsendping',$val);
- }
-
function convertBreaks() {
return $this->getSetting('bconvertbreaks');
}
setConvertBreaks(<?php echo $this->convertBreaks() ? 'true' : 'false' ?>);
setMediaUrl("<?php echo $CONF['MediaURL']?>");
setAuthorId(<?php echo $authorid?>);
- </script><?php }
+ </script><?php }
function setConvertBreaks($val) {
$this->setSetting('bconvertbreaks',$val);
// returns true if there is a blog with the given shortname (static)
function exists($name) {
- $r = sql_query('select * FROM '.sql_table('blog').' WHERE bshortname="'.addslashes($name).'"');
+ $r = sql_query('select * FROM '.sql_table('blog').' WHERE bshortname="'.sql_real_escape_string($name).'"');
return (sql_num_rows($r) != 0);
}
return (sql_num_rows($r) != 0);
}
- // flag there is a future post pending
- function setFuturePost() {
+ // flag there is a future post pending
+ function setFuturePost() {
$query = 'UPDATE '.sql_table('blog')
. " SET bfuturepost='1' WHERE bnumber=" . $this->getID();
sql_query($query);
- }
+ }
// clear there is a future post pending
function clearFuturePost() {
if ($this->settings['bfuturepost'] == 1) {
$blogid = $this->getID();
$result = sql_query("SELECT * FROM " . sql_table('item')
- . " WHERE iposted=0 AND iblog=" . $blogid . " AND itime<NOW()");
+ . " WHERE iposted=0 AND iblog=" . $blogid . " AND itime<NOW()");
if (sql_num_rows($result) > 0) {
// This $pinged is allow a plugin to tell other hook to the event that a ping is sent already
// Note that the plugins's calling order is subject to thri order in the plugin list
// check to see any pending future post, clear the flag is none
$result = sql_query("SELECT * FROM " . sql_table('item')
- . " WHERE iposted=0 AND iblog=" . $blogid);
+ . " WHERE iposted=0 AND iblog=" . $blogid);
if (sql_num_rows($result) == 0) {
$this->clearFuturePost();
}
* Shows the given list of items for this blog
*
* @param $itemarray
- * array of item numbers to be displayed
+ * array of item numbers to be displayed
* @param $template
- * String representing the template _NAME_ (!)
+ * String representing the template _NAME_ (!)
* @param $highlight
- * contains a query that should be highlighted
+ * contains a query that should be highlighted
* @param $comments
- * 1=show comments 0=don't show comments
+ * 1=show comments 0=don't show comments
* @param $dateheads
- * 1=show dateheads 0=don't show dateheads
+ * 1=show dateheads 0=don't show dateheads
+ * @param $showDrafts
+ * 0=do not show drafts 1=show drafts
+ * @param $showFuture
+ * 0=do not show future posts 1=show future posts
* @returns int
- * amount of items shown
+ * amount of items shown
*/
- function readLogFromList($itemarray, $template, $highlight = '', $comments = 1, $dateheads = 1) {
-
- $query = $this->getSqlItemList($itemarray);
-
+ function readLogFromList($itemarray, $template, $highlight = '', $comments = 1, $dateheads = 1,$showDrafts = 0, $showFuture = 0) {
+
+ $query = $this->getSqlItemList($itemarray,$showDrafts,$showFuture);
+
return $this->showUsingQuery($template, $query, $highlight, $comments, $dateheads);
}
* Returns the SQL query used to fill out templates for a list of items
*
* @param $itemarray
- * an array holding the item numbers of the items to be displayed
+ * an array holding the item numbers of the items to be displayed
+ * @param $showDrafts
+ * 0=do not show drafts 1=show drafts
+ * @param $showFuture
+ * 0=do not show future posts 1=show future posts
* @returns
- * either a full SQL query, or an empty string
+ * either a full SQL query, or an empty string
* @note
- * No LIMIT clause is added. (caller should add this if multiple pages are requested)
+ * No LIMIT clause is added. (caller should add this if multiple pages are requested)
*/
- function getSqlItemList($itemarray)
+ function getSqlItemList($itemarray,$showDrafts = 0,$showFuture = 0)
{
if (!is_array($itemarray)) return '';
+ $showDrafts = intval($showDrafts);
+ $showFuture = intval($showFuture);
$items = array();
foreach ($itemarray as $value) {
if (intval($value)) $items[] = intval($value);
. sql_table('item') . ' as i, '
. sql_table('member') . ' as m, '
. sql_table('category').' as c'
- . ' WHERE'
- . ' i.iblog = ' . $this->blogid
- . ' and i.iauthor = m.mnumber'
- . ' and i.icat = c.catid'
- . ' and i.idraft = 0' // exclude drafts
+ . ' WHERE'
+ . ' i.iblog = ' . $this->blogid
+ . ' and i.iauthor = m.mnumber'
+ . ' and i.icat = c.catid'
+ . ' and i.idraft = 0' // exclude drafts
// don't show future items
- . ' and i.itime <= ' . mysqldate($this->getCorrectTime());
-
+ . ' and i.itime <= ' . mysqldate($this->getCorrectTime());
+ if (!$showDrafts) $query .= ' and i.idraft=0'; // exclude drafts
+ if (!$showFuture) $query .= ' and i.itime<=' . mysqldate($this->getCorrectTime()); // don't show future items
+
//$query .= ' and i.inumber IN ('.$itemlist.')';
$query .= ' and i.inumber = '.intval($value);
$query .= ')';