Commit: 56266cb2fb0ee5de83755efdc991aafa13e27c37 - nucleus-jp-ancient (git) - Nucleus日本語版

R/O
HTTP
SSH
HTTPS

nucleus-jp-ancient: Commit

Nucleus CMS日本語版SVNをgit-svnしたもの。リポジトリの変換作業用

Commit MetaInfo

Revisão	56266cb2fb0ee5de83755efdc991aafa13e27c37 (tree)
Hora	2008-11-19 06:25:01
Autor	kmorimatsu <kmorimatsu@1ca2...>
Commiter	kmorimatsu

Mensagem de Log

Security fix to avoid deletion of item by non-admin acount.

git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/nucleus-jp/branches/branch-3-3@712 1ca29b6e-896d-4ea0-84a5-967f57386b96

Mudança Sumário

modified: euc/nucleus/libs/ITEM.php (diff)
modified: utf8/nucleus/libs/ITEM.php (diff)

Diff

--- a/euc/nucleus/libs/ITEM.php

+++ b/euc/nucleus/libs/ITEM.php

		@@ -1,425 +1,426 @@
1		-<?php
2		-
3		-/*
4		- * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5		- * Copyright (C) 2002-2007 The Nucleus Group
6		- *
7		- * This program is free software; you can redistribute it and/or
8		- * modify it under the terms of the GNU General Public License
9		- * as published by the Free Software Foundation; either version 2
10		- * of the License, or (at your option) any later version.
11		- * (see nucleus/documentation/index.html#license for more info)
12		- */
13		-/**
14		- * A class representing an item
15		- *
16		- * @license http://nucleuscms.org/license.txt GNU General Public License
17		- * @copyright Copyright (C) 2002-2007 The Nucleus Group
18		- * @version $Id: ITEM.php,v 1.4.2.3 2008-02-07 06:13:45 kimitake Exp $
19		- * $NucleusJP: ITEM.php,v 1.4.2.2 2008/02/05 08:31:16 kimitake Exp $
20		- */
21		-class ITEM {
22		-
23		- var $itemid;
24		-
25		- function ITEM($itemid) {
26		- $this->itemid = $itemid;
27		- }
28		-
29		- /**
30		- * Returns one item with the specific itemid
31		- * (static)
32		- */
33		- function getitem($itemid, $allowdraft, $allowfuture) {
34		- global $manager;
35		-
36		- $itemid = intval($itemid);
37		-
38		- $query = 'SELECT i.idraft as draft, i.inumber as itemid, i.iclosed as closed, '
39		- . ' i.ititle as title, i.ibody as body, m.mname as author, '
40		- . ' i.iauthor as authorid, i.itime, i.imore as more, i.ikarmapos as karmapos, '
41		- . ' i.ikarmaneg as karmaneg, i.icat as catid, i.iblog as blogid '
42		- . ' FROM '.sql_table('item').' as i, '.sql_table('member').' as m, ' . sql_table('blog') . ' as b '
43		- . ' WHERE i.inumber=' . $itemid
44		- . ' and i.iauthor=m.mnumber '
45		- . ' and i.iblog=b.bnumber';
46		-
47		- if (!$allowdraft)
48		- $query .= ' and i.idraft=0';
49		-
50		- if (!$allowfuture) {
51		- $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
52		- $query .= ' and i.itime <=' . mysqldate($blog->getCorrectTime());
53		- }
54		-
55		- $query .= ' LIMIT 1';
56		-
57		- $res = sql_query($query);
58		-
59		- if (mysql_num_rows($res) == 1)
60		- {
61		- $aItemInfo = mysql_fetch_assoc($res);
62		- $aItemInfo['timestamp'] = strtotime($aItemInfo['itime']);
63		- return $aItemInfo;
64		- } else {
65		- return 0;
66		- }
67		-
68		- }
69		-
70		- /**
71		- * Tries to create an item from the data in the current request (comes from
72		- * bookmarklet or admin area
73		- *
74		- * Returns an array with status info (status = 'added', 'error', 'newcategory')
75		- *
76		- * (static)
77		- */
78		- function createFromRequest() {
79		- global $member, $manager;
80		-
81		- $i_author = $member->getID();
82		- $i_body = postVar('body');
83		- $i_title = postVar('title');
84		- $i_more = postVar('more');
85		- $i_actiontype = postVar('actiontype');
86		- $i_closed = intPostVar('closed');
87		- $i_hour = intPostVar('hour');
88		- $i_minutes = intPostVar('minutes');
89		- $i_month = intPostVar('month');
90		- $i_day = intPostVar('day');
91		- $i_year = intPostVar('year');
92		-
93		- $i_catid = postVar('catid');
94		-
95		- $i_draftid = intPostVar('draftid');
96		-
97		- if (!$member->canAddItem($i_catid))
98		- return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
99		-
100		- if (!$i_actiontype) $i_actiontype = 'addnow';
101		-
102		- switch ($i_actiontype) {
103		- case 'adddraft':
104		- $i_draft = 1;
105		- break;
106		- case 'addfuture':
107		- case 'addnow':
108		- default:
109		- $i_draft = 0;
110		- }
111		-
112		- if (!trim($i_body))
113		- return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
114		-
115		- // create new category if needed
116		- if (strstr($i_catid,'newcat')) {
117		- // get blogid
118		- list($i_blogid) = sscanf($i_catid,"newcat-%d");
119		-
120		- // create
121		- $blog =& $manager->getBlog($i_blogid);
122		- $i_catid = $blog->createNewCategory();
123		-
124		- // show error when sth goes wrong
125		- if (!$i_catid)
126		- return array('status' => 'error','message' => 'Could not create new category');
127		- } else {
128		- // force blogid (must be same as category id)
129		- $i_blogid = getBlogIDFromCatID($i_catid);
130		- $blog =& $manager->getBlog($i_blogid);
131		- }
132		-
133		- if ($i_actiontype == 'addfuture') {
134		- $posttime = mktime($i_hour, $i_minutes, 0, $i_month, $i_day, $i_year);
135		-
136		- // make sure the date is in the future, unless we allow past dates
137		- if ((!$blog->allowPastPosting()) && ($posttime < $blog->getCorrectTime()))
138		- $posttime = $blog->getCorrectTime();
139		- } else {
140		- // time with offset, or 0 for drafts
141		- $posttime = $i_draft ? 0 : $blog->getCorrectTime();
142		- }
143		-
144		- if ($posttime > $blog->getCorrectTime()) {
145		- $posted = 0;
146		- $blog->setFuturePost();
147		- }
148		- else {
149		- $posted = 1;
150		- }
151		-
152		- $itemid = $blog->additem($i_catid, $i_title,$i_body,$i_more,$i_blogid,$i_author,$posttime,$i_closed,$i_draft,$posted);
153		-
154		- //Setting the itemOptions
155		- $aOptions = requestArray('plugoption');
156		- NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
157		- $manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
158		-
159		- if ($i_draftid > 0) {
160		- ITEM::delete($i_draftid);
161		- }
162		-
163		- // success
164		- if ($i_catid != intRequestVar('catid'))
165		- return array('status' => 'newcategory', 'itemid' => $itemid, 'catid' => $i_catid);
166		- else
167		- return array('status' => 'added', 'itemid' => $itemid);
168		- }
169		-
170		-
171		- /**
172		- * Updates an item (static)
173		- */
174		- function update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp = 0) {
175		- global $manager;
176		-
177		- $itemid = intval($itemid);
178		-
179		- // make sure value is 1 or 0
180		- if ($closed != 1) $closed = 0;
181		-
182		- // get destination blogid
183		- $new_blogid = getBlogIDFromCatID($catid);
184		- $old_blogid = getBlogIDFromItemID($itemid);
185		-
186		- // move will be done on end of method
187		- if ($new_blogid != $old_blogid)
188		- $moveNeeded = 1;
189		-
190		- // add <br /> before newlines
191		- $blog =& $manager->getBlog($new_blogid);
192		- if ($blog->convertBreaks()) {
193		- $body = addBreaks($body);
194		- $more = addBreaks($more);
195		- }
196		-
197		- // call plugins
198		- $manager->notify('PreUpdateItem',array('itemid' => $itemid, 'title' => &$title, 'body' => &$body, 'more' => &$more, 'blog' => &$blog, 'closed' => &$closed, 'catid' => &$catid));
199		-
200		- // update item itsself
201		- $query = 'UPDATE '.sql_table('item')
202		- . ' SET'
203		- . " ibody='". addslashes($body) ."',"
204		- . " ititle='" . addslashes($title) . "',"
205		- . " imore='" . addslashes($more) . "',"
206		- . " iclosed=" . intval($closed) . ","
207		- . " icat=" . intval($catid);
208		-
209		- // if we received an updated timestamp in the past, but past posting is not allowed,
210		- // reject that date change (timestamp = 0 will make sure the current date is kept)
211		- if ( (!$blog->allowPastPosting()) && ($timestamp < $blog->getCorrectTime()))
212		- $timestamp = 0;
213		-
214		- if ($timestamp > $blog->getCorrectTime(time())) {
215		- $isFuture = 1;
216		- $query .= ', iposted=0';
217		- }
218		- else {
219		- $isFuture = 0;
220		- $query .= ', iposted=1';
221		- }
222		-
223		- if ($wasdraft && $publish) {
224		- // set timestamp to current date only if it's not a future item
225		- // draft items have timestamp == 0
226		- // don't allow timestamps in the past (unless otherwise defined in blogsettings)
227		- $query .= ', idraft=0';
228		-
229		- if ($timestamp == 0)
230		- $timestamp = $blog->getCorrectTime();
231		-
232		- // send new item notification
233		- if (!$isFuture && $blog->getNotifyAddress() && $blog->notifyOnNewItem())
234		- $blog->sendNewItemNotification($itemid, $title, $body);
235		- }
236		-
237		- // update timestamp when needed
238		- if ($timestamp != 0)
239		- $query .= ", itime=" . mysqldate($timestamp);
240		-
241		- // make sure the correct item is updated
242		- $query .= ' WHERE inumber=' . $itemid;
243		-
244		- // off we go!
245		- sql_query($query);
246		-
247		- $manager->notify('PostUpdateItem',array('itemid' => $itemid));
248		-
249		- // when needed, move item and comments to new blog
250		- if ($moveNeeded)
251		- ITEM::move($itemid, $catid);
252		-
253		- //update the itemOptions
254		- $aOptions = requestArray('plugoption');
255		- NucleusPlugin::_applyPluginOptions($aOptions);
256		- $manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $title, 'body' => $body, 'more' => $more, 'closed' => $closed, 'catid' => $catid)));
257		-
258		- }
259		-
260		- // move an item to another blog (no checks, static)
261		- function move($itemid, $new_catid) {
262		- global $manager;
263		-
264		- $itemid = intval($itemid);
265		- $new_catid = intval($new_catid);
266		-
267		- $new_blogid = getBlogIDFromCatID($new_catid);
268		-
269		- $manager->notify(
270		- 'PreMoveItem',
271		- array(
272		- 'itemid' => $itemid,
273		- 'destblogid' => $new_blogid,
274		- 'destcatid' => $new_catid
275		- )
276		- );
277		-
278		-
279		- // update item table
280		- $query = 'UPDATE '.sql_table('item')." SET iblog=$new_blogid, icat=$new_catid WHERE inumber=$itemid";
281		- sql_query($query);
282		-
283		- // update comments
284		- $query = 'UPDATE '.sql_table('comment')." SET cblog=" . $new_blogid." WHERE citem=" . $itemid;
285		- sql_query($query);
286		-
287		- $manager->notify(
288		- 'PostMoveItem',
289		- array(
290		- 'itemid' => $itemid,
291		- 'destblogid' => $new_blogid,
292		- 'destcatid' => $new_catid
293		- )
294		- );
295		- }
296		-
297		- /**
298		- * Deletes an item
299		- */
300		- function delete($itemid) {
301		- global $manager;
302		-
303		- $itemid = intval($itemid);
304		-
305		- $manager->notify('PreDeleteItem', array('itemid' => $itemid));
306		-
307		- // delete item
308		- $query = 'DELETE FROM '.sql_table('item').' WHERE inumber=' . $itemid;
309		- sql_query($query);
310		-
311		- // delete the comments associated with the item
312		- $query = 'DELETE FROM '.sql_table('comment').' WHERE citem=' . $itemid;
313		- sql_query($query);
314		-
315		- // delete all associated plugin options
316		- NucleusPlugin::_deleteOptionValues('item', $itemid);
317		-
318		- $manager->notify('PostDeleteItem', array('itemid' => $itemid));
319		- }
320		-
321		- // returns true if there is an item with the given ID (static)
322		- function exists($id,$future,$draft) {
323		- global $manager;
324		-
325		- $id = intval($id);
326		-
327		- $r = 'select * FROM '.sql_table('item').' WHERE inumber='.$id;
328		- if (!$future) {
329		- $bid = getBlogIDFromItemID($id);
330		- if (!$bid) return 0;
331		- $b =& $manager->getBlog($bid);
332		- $r .= ' and itime<='.mysqldate($b->getCorrectTime());
333		- }
334		- if (!$draft) {
335		- $r .= ' and idraft=0';
336		- }
337		- $r = sql_query($r);
338		-
339		- return (mysql_num_rows($r) != 0);
340		- }
341		-
342		- /**
343		- * Tries to create an draft from the data in the current request (comes from
344		- * bookmarklet or admin area
345		- *
346		- * Returns an array with status info (status = 'added', 'error', 'newcategory')
347		- *
348		- * (static)
349		- *
350		- * Used by xmlHTTPRequest AutoDraft
351		- */
352		- function createDraftFromRequest() {
353		- global $member, $manager;
354		-
355		- $i_author = $member->getID();
356		- $i_body = postVar('body');
357		- $i_title = postVar('title');
358		- $i_more = postVar('more');
359		-
360		- if(_CHARSET != 'UTF-8'){
361		- $i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8");
362		- $i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8");
363		- $i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8");
364		- }
365		- //$i_actiontype = postVar('actiontype');
366		- $i_closed = intPostVar('closed');
367		- //$i_hour = intPostVar('hour');
368		- //$i_minutes = intPostVar('minutes');
369		- //$i_month = intPostVar('month');
370		- //$i_day = intPostVar('day');
371		- //$i_year = intPostVar('year');
372		- $i_catid = postVar('catid');
373		- $i_draft = 1;
374		- $type = postVar('type');
375		- if ($type == 'edit') {
376		- $i_blogid = getBlogIDFromItemID(intPostVar('itemid'));
377		- }
378		- else {
379		- $i_blogid = intPostVar('blogid');
380		- }
381		- $i_draftid = intPostVar('draftid');
382		-
383		- if (!$member->canAddItem($i_catid)) {
384		- return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
385		- }
386		-
387		- if (!trim($i_body)) {
388		- return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
389		- }
390		-
391		- // create new category if needed
392		- if (strstr($i_catid, 'newcat')) {
393		- // Set in default category
394		- $blog =& $manager->getBlog($i_blogid);
395		- $i_catid = $blog->getDefaultCategory();
396		- }
397		- else {
398		- // force blogid (must be same as category id)
399		- $i_blogid = getBlogIDFromCatID($i_catid);
400		- $blog =& $manager->getBlog($i_blogid);
401		- }
402		-
403		- $posttime = 0;
404		-
405		- if ($i_draftid > 0) {
406		- ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0);
407		- $itemid = $i_draftid;
408		- }
409		- else {
410		- $itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft);
411		- }
412		-
413		- // No plugin support in AutoSaveDraft yet
414		- //Setting the itemOptions
415		- //$aOptions = requestArray('plugoption');
416		- //NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
417		- //$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
418		-
419		- // success
420		- return array('status' => 'added', 'draftid' => $itemid);
421		- }
422		-
423		-}
424		-
425		-?>
	1	+<?php
	2	+
	3	+/*
	4	+ * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
	5	+ * Copyright (C) 2002-2007 The Nucleus Group
	6	+ *
	7	+ * This program is free software; you can redistribute it and/or
	8	+ * modify it under the terms of the GNU General Public License
	9	+ * as published by the Free Software Foundation; either version 2
	10	+ * of the License, or (at your option) any later version.
	11	+ * (see nucleus/documentation/index.html#license for more info)
	12	+ */
	13	+/**
	14	+ * A class representing an item
	15	+ *
	16	+ * @license http://nucleuscms.org/license.txt GNU General Public License
	17	+ * @copyright Copyright (C) 2002-2007 The Nucleus Group
	18	+ * @version $Id: ITEM.php,v 1.4.2.3 2008-02-07 06:13:45 kimitake Exp $
	19	+ * $NucleusJP: ITEM.php,v 1.4.2.2 2008/02/05 08:31:16 kimitake Exp $
	20	+ */
	21	+class ITEM {
	22	+
	23	+ var $itemid;
	24	+
	25	+ function ITEM($itemid) {
	26	+ $this->itemid = $itemid;
	27	+ }
	28	+
	29	+ /**
	30	+ * Returns one item with the specific itemid
	31	+ * (static)
	32	+ */
	33	+ function getitem($itemid, $allowdraft, $allowfuture) {
	34	+ global $manager;
	35	+
	36	+ $itemid = intval($itemid);
	37	+
	38	+ $query = 'SELECT i.idraft as draft, i.inumber as itemid, i.iclosed as closed, '
	39	+ . ' i.ititle as title, i.ibody as body, m.mname as author, '
	40	+ . ' i.iauthor as authorid, i.itime, i.imore as more, i.ikarmapos as karmapos, '
	41	+ . ' i.ikarmaneg as karmaneg, i.icat as catid, i.iblog as blogid '
	42	+ . ' FROM '.sql_table('item').' as i, '.sql_table('member').' as m, ' . sql_table('blog') . ' as b '
	43	+ . ' WHERE i.inumber=' . $itemid
	44	+ . ' and i.iauthor=m.mnumber '
	45	+ . ' and i.iblog=b.bnumber';
	46	+
	47	+ if (!$allowdraft)
	48	+ $query .= ' and i.idraft=0';
	49	+
	50	+ if (!$allowfuture) {
	51	+ $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
	52	+ $query .= ' and i.itime <=' . mysqldate($blog->getCorrectTime());
	53	+ }
	54	+
	55	+ $query .= ' LIMIT 1';
	56	+
	57	+ $res = sql_query($query);
	58	+
	59	+ if (mysql_num_rows($res) == 1)
	60	+ {
	61	+ $aItemInfo = mysql_fetch_assoc($res);
	62	+ $aItemInfo['timestamp'] = strtotime($aItemInfo['itime']);
	63	+ return $aItemInfo;
	64	+ } else {
	65	+ return 0;
	66	+ }
	67	+
	68	+ }
	69	+
	70	+ /**
	71	+ * Tries to create an item from the data in the current request (comes from
	72	+ * bookmarklet or admin area
	73	+ *
	74	+ * Returns an array with status info (status = 'added', 'error', 'newcategory')
	75	+ *
	76	+ * (static)
	77	+ */
	78	+ function createFromRequest() {
	79	+ global $member, $manager;
	80	+
	81	+ $i_author = $member->getID();
	82	+ $i_body = postVar('body');
	83	+ $i_title = postVar('title');
	84	+ $i_more = postVar('more');
	85	+ $i_actiontype = postVar('actiontype');
	86	+ $i_closed = intPostVar('closed');
	87	+ $i_hour = intPostVar('hour');
	88	+ $i_minutes = intPostVar('minutes');
	89	+ $i_month = intPostVar('month');
	90	+ $i_day = intPostVar('day');
	91	+ $i_year = intPostVar('year');
	92	+
	93	+ $i_catid = postVar('catid');
	94	+
	95	+ $i_draftid = intPostVar('draftid');
	96	+
	97	+ if (!$member->canAddItem($i_catid))
	98	+ return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
	99	+
	100	+ if (!$i_actiontype) $i_actiontype = 'addnow';
	101	+
	102	+ switch ($i_actiontype) {
	103	+ case 'adddraft':
	104	+ $i_draft = 1;
	105	+ break;
	106	+ case 'addfuture':
	107	+ case 'addnow':
	108	+ default:
	109	+ $i_draft = 0;
	110	+ }
	111	+
	112	+ if (!trim($i_body))
	113	+ return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
	114	+
	115	+ // create new category if needed
	116	+ if (strstr($i_catid,'newcat')) {
	117	+ // get blogid
	118	+ list($i_blogid) = sscanf($i_catid,"newcat-%d");
	119	+
	120	+ // create
	121	+ $blog =& $manager->getBlog($i_blogid);
	122	+ $i_catid = $blog->createNewCategory();
	123	+
	124	+ // show error when sth goes wrong
	125	+ if (!$i_catid)
	126	+ return array('status' => 'error','message' => 'Could not create new category');
	127	+ } else {
	128	+ // force blogid (must be same as category id)
	129	+ $i_blogid = getBlogIDFromCatID($i_catid);
	130	+ $blog =& $manager->getBlog($i_blogid);
	131	+ }
	132	+
	133	+ if ($i_actiontype == 'addfuture') {
	134	+ $posttime = mktime($i_hour, $i_minutes, 0, $i_month, $i_day, $i_year);
	135	+
	136	+ // make sure the date is in the future, unless we allow past dates
	137	+ if ((!$blog->allowPastPosting()) && ($posttime < $blog->getCorrectTime()))
	138	+ $posttime = $blog->getCorrectTime();
	139	+ } else {
	140	+ // time with offset, or 0 for drafts
	141	+ $posttime = $i_draft ? 0 : $blog->getCorrectTime();
	142	+ }
	143	+
	144	+ if ($posttime > $blog->getCorrectTime()) {
	145	+ $posted = 0;
	146	+ $blog->setFuturePost();
	147	+ }
	148	+ else {
	149	+ $posted = 1;
	150	+ }
	151	+
	152	+ $itemid = $blog->additem($i_catid, $i_title,$i_body,$i_more,$i_blogid,$i_author,$posttime,$i_closed,$i_draft,$posted);
	153	+
	154	+ //Setting the itemOptions
	155	+ $aOptions = requestArray('plugoption');
	156	+ NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
	157	+ $manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
	158	+
	159	+ if ($i_draftid > 0 && $member->canAlterItem($i_draftid) ) {
	160	+ ITEM::delete($i_draftid);
	161	+ }
	162	+
	163	+ // success
	164	+ if ($i_catid != intRequestVar('catid'))
	165	+ return array('status' => 'newcategory', 'itemid' => $itemid, 'catid' => $i_catid);
	166	+ else
	167	+ return array('status' => 'added', 'itemid' => $itemid);
	168	+ }
	169	+
	170	+
	171	+ /**
	172	+ * Updates an item (static)
	173	+ */
	174	+ function update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp = 0) {
	175	+ global $manager;
	176	+
	177	+ $itemid = intval($itemid);
	178	+
	179	+ // make sure value is 1 or 0
	180	+ if ($closed != 1) $closed = 0;
	181	+
	182	+ // get destination blogid
	183	+ $new_blogid = getBlogIDFromCatID($catid);
	184	+ $old_blogid = getBlogIDFromItemID($itemid);
	185	+
	186	+ // move will be done on end of method
	187	+ if ($new_blogid != $old_blogid)
	188	+ $moveNeeded = 1;
	189	+
	190	+ // add <br /> before newlines
	191	+ $blog =& $manager->getBlog($new_blogid);
	192	+ if ($blog->convertBreaks()) {
	193	+ $body = addBreaks($body);
	194	+ $more = addBreaks($more);
	195	+ }
	196	+
	197	+ // call plugins
	198	+ $manager->notify('PreUpdateItem',array('itemid' => $itemid, 'title' => &$title, 'body' => &$body, 'more' => &$more, 'blog' => &$blog, 'closed' => &$closed, 'catid' => &$catid));
	199	+
	200	+ // update item itsself
	201	+ $query = 'UPDATE '.sql_table('item')
	202	+ . ' SET'
	203	+ . " ibody='". addslashes($body) ."',"
	204	+ . " ititle='" . addslashes($title) . "',"
	205	+ . " imore='" . addslashes($more) . "',"
	206	+ . " iclosed=" . intval($closed) . ","
	207	+ . " icat=" . intval($catid);
	208	+
	209	+ // if we received an updated timestamp in the past, but past posting is not allowed,
	210	+ // reject that date change (timestamp = 0 will make sure the current date is kept)
	211	+ if ( (!$blog->allowPastPosting()) && ($timestamp < $blog->getCorrectTime()))
	212	+ $timestamp = 0;
	213	+
	214	+ if ($timestamp > $blog->getCorrectTime(time())) {
	215	+ $isFuture = 1;
	216	+ $query .= ', iposted=0';
	217	+ }
	218	+ else {
	219	+ $isFuture = 0;
	220	+ $query .= ', iposted=1';
	221	+ }
	222	+
	223	+ if ($wasdraft && $publish) {
	224	+ // set timestamp to current date only if it's not a future item
	225	+ // draft items have timestamp == 0
	226	+ // don't allow timestamps in the past (unless otherwise defined in blogsettings)
	227	+ $query .= ', idraft=0';
	228	+
	229	+ if ($timestamp == 0)
	230	+ $timestamp = $blog->getCorrectTime();
	231	+
	232	+ // send new item notification
	233	+ if (!$isFuture && $blog->getNotifyAddress() && $blog->notifyOnNewItem())
	234	+ $blog->sendNewItemNotification($itemid, $title, $body);
	235	+ }
	236	+
	237	+ // update timestamp when needed
	238	+ if ($timestamp != 0)
	239	+ $query .= ", itime=" . mysqldate($timestamp);
	240	+
	241	+ // make sure the correct item is updated
	242	+ $query .= ' WHERE inumber=' . $itemid;
	243	+
	244	+ // off we go!
	245	+ sql_query($query);
	246	+
	247	+ $manager->notify('PostUpdateItem',array('itemid' => $itemid));
	248	+
	249	+ // when needed, move item and comments to new blog
	250	+ if ($moveNeeded)
	251	+ ITEM::move($itemid, $catid);
	252	+
	253	+ //update the itemOptions
	254	+ $aOptions = requestArray('plugoption');
	255	+ NucleusPlugin::_applyPluginOptions($aOptions);
	256	+ $manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $title, 'body' => $body, 'more' => $more, 'closed' => $closed, 'catid' => $catid)));
	257	+
	258	+ }
	259	+
	260	+ // move an item to another blog (no checks, static)
	261	+ function move($itemid, $new_catid) {
	262	+ global $manager;
	263	+
	264	+ $itemid = intval($itemid);
	265	+ $new_catid = intval($new_catid);
	266	+
	267	+ $new_blogid = getBlogIDFromCatID($new_catid);
	268	+
	269	+ $manager->notify(
	270	+ 'PreMoveItem',
	271	+ array(
	272	+ 'itemid' => $itemid,
	273	+ 'destblogid' => $new_blogid,
	274	+ 'destcatid' => $new_catid
	275	+ )
	276	+ );
	277	+
	278	+
	279	+ // update item table
	280	+ $query = 'UPDATE '.sql_table('item')." SET iblog=$new_blogid, icat=$new_catid WHERE inumber=$itemid";
	281	+ sql_query($query);
	282	+
	283	+ // update comments
	284	+ $query = 'UPDATE '.sql_table('comment')." SET cblog=" . $new_blogid." WHERE citem=" . $itemid;
	285	+ sql_query($query);
	286	+
	287	+ $manager->notify(
	288	+ 'PostMoveItem',
	289	+ array(
	290	+ 'itemid' => $itemid,
	291	+ 'destblogid' => $new_blogid,
	292	+ 'destcatid' => $new_catid
	293	+ )
	294	+ );
	295	+ }
	296	+
	297	+ /**
	298	+ * Deletes an item
	299	+ */
	300	+ function delete($itemid) {
	301	+ global $manager, $member;
	302	+
	303	+ $itemid = intval($itemid);
	304	+ if (!$member->canAlterItem($itemid)) return;
	305	+
	306	+ $manager->notify('PreDeleteItem', array('itemid' => $itemid));
	307	+
	308	+ // delete item
	309	+ $query = 'DELETE FROM '.sql_table('item').' WHERE inumber=' . $itemid;
	310	+ sql_query($query);
	311	+
	312	+ // delete the comments associated with the item
	313	+ $query = 'DELETE FROM '.sql_table('comment').' WHERE citem=' . $itemid;
	314	+ sql_query($query);
	315	+
	316	+ // delete all associated plugin options
	317	+ NucleusPlugin::_deleteOptionValues('item', $itemid);
	318	+
	319	+ $manager->notify('PostDeleteItem', array('itemid' => $itemid));
	320	+ }
	321	+
	322	+ // returns true if there is an item with the given ID (static)
	323	+ function exists($id,$future,$draft) {
	324	+ global $manager;
	325	+
	326	+ $id = intval($id);
	327	+
	328	+ $r = 'select * FROM '.sql_table('item').' WHERE inumber='.$id;
	329	+ if (!$future) {
	330	+ $bid = getBlogIDFromItemID($id);
	331	+ if (!$bid) return 0;
	332	+ $b =& $manager->getBlog($bid);
	333	+ $r .= ' and itime<='.mysqldate($b->getCorrectTime());
	334	+ }
	335	+ if (!$draft) {
	336	+ $r .= ' and idraft=0';
	337	+ }
	338	+ $r = sql_query($r);
	339	+
	340	+ return (mysql_num_rows($r) != 0);
	341	+ }
	342	+
	343	+ /**
	344	+ * Tries to create an draft from the data in the current request (comes from
	345	+ * bookmarklet or admin area
	346	+ *
	347	+ * Returns an array with status info (status = 'added', 'error', 'newcategory')
	348	+ *
	349	+ * (static)
	350	+ *
	351	+ * Used by xmlHTTPRequest AutoDraft
	352	+ */
	353	+ function createDraftFromRequest() {
	354	+ global $member, $manager;
	355	+
	356	+ $i_author = $member->getID();
	357	+ $i_body = postVar('body');
	358	+ $i_title = postVar('title');
	359	+ $i_more = postVar('more');
	360	+
	361	+ if(_CHARSET != 'UTF-8'){
	362	+ $i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8");
	363	+ $i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8");
	364	+ $i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8");
	365	+ }
	366	+ //$i_actiontype = postVar('actiontype');
	367	+ $i_closed = intPostVar('closed');
	368	+ //$i_hour = intPostVar('hour');
	369	+ //$i_minutes = intPostVar('minutes');
	370	+ //$i_month = intPostVar('month');
	371	+ //$i_day = intPostVar('day');
	372	+ //$i_year = intPostVar('year');
	373	+ $i_catid = postVar('catid');
	374	+ $i_draft = 1;
	375	+ $type = postVar('type');
	376	+ if ($type == 'edit') {
	377	+ $i_blogid = getBlogIDFromItemID(intPostVar('itemid'));
	378	+ }
	379	+ else {
	380	+ $i_blogid = intPostVar('blogid');
	381	+ }
	382	+ $i_draftid = intPostVar('draftid');
	383	+
	384	+ if (!$member->canAddItem($i_catid)) {
	385	+ return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
	386	+ }
	387	+
	388	+ if (!trim($i_body)) {
	389	+ return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
	390	+ }
	391	+
	392	+ // create new category if needed
	393	+ if (strstr($i_catid, 'newcat')) {
	394	+ // Set in default category
	395	+ $blog =& $manager->getBlog($i_blogid);
	396	+ $i_catid = $blog->getDefaultCategory();
	397	+ }
	398	+ else {
	399	+ // force blogid (must be same as category id)
	400	+ $i_blogid = getBlogIDFromCatID($i_catid);
	401	+ $blog =& $manager->getBlog($i_blogid);
	402	+ }
	403	+
	404	+ $posttime = 0;
	405	+
	406	+ if ($i_draftid > 0) {
	407	+ ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0);
	408	+ $itemid = $i_draftid;
	409	+ }
	410	+ else {
	411	+ $itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft);
	412	+ }
	413	+
	414	+ // No plugin support in AutoSaveDraft yet
	415	+ //Setting the itemOptions
	416	+ //$aOptions = requestArray('plugoption');
	417	+ //NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
	418	+ //$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
	419	+
	420	+ // success
	421	+ return array('status' => 'added', 'draftid' => $itemid);
	422	+ }
	423	+
	424	+}
	425	+
	426	+?>

--- a/utf8/nucleus/libs/ITEM.php

+++ b/utf8/nucleus/libs/ITEM.php

		@@ -1,425 +1,426 @@
1		-<?php
2		-
3		-/*
4		- * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5		- * Copyright (C) 2002-2007 The Nucleus Group
6		- *
7		- * This program is free software; you can redistribute it and/or
8		- * modify it under the terms of the GNU General Public License
9		- * as published by the Free Software Foundation; either version 2
10		- * of the License, or (at your option) any later version.
11		- * (see nucleus/documentation/index.html#license for more info)
12		- */
13		-/**
14		- * A class representing an item
15		- *
16		- * @license http://nucleuscms.org/license.txt GNU General Public License
17		- * @copyright Copyright (C) 2002-2007 The Nucleus Group
18		- * @version $Id: ITEM.php,v 1.7.2.3 2008-02-07 06:13:30 kimitake Exp $
19		- * $NucleusJP: ITEM.php,v 1.7.2.2 2008/02/05 08:31:44 kimitake Exp $
20		- */
21		-class ITEM {
22		-
23		- var $itemid;
24		-
25		- function ITEM($itemid) {
26		- $this->itemid = $itemid;
27		- }
28		-
29		- /**
30		- * Returns one item with the specific itemid
31		- * (static)
32		- */
33		- function getitem($itemid, $allowdraft, $allowfuture) {
34		- global $manager;
35		-
36		- $itemid = intval($itemid);
37		-
38		- $query = 'SELECT i.idraft as draft, i.inumber as itemid, i.iclosed as closed, '
39		- . ' i.ititle as title, i.ibody as body, m.mname as author, '
40		- . ' i.iauthor as authorid, i.itime, i.imore as more, i.ikarmapos as karmapos, '
41		- . ' i.ikarmaneg as karmaneg, i.icat as catid, i.iblog as blogid '
42		- . ' FROM '.sql_table('item').' as i, '.sql_table('member').' as m, ' . sql_table('blog') . ' as b '
43		- . ' WHERE i.inumber=' . $itemid
44		- . ' and i.iauthor=m.mnumber '
45		- . ' and i.iblog=b.bnumber';
46		-
47		- if (!$allowdraft)
48		- $query .= ' and i.idraft=0';
49		-
50		- if (!$allowfuture) {
51		- $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
52		- $query .= ' and i.itime <=' . mysqldate($blog->getCorrectTime());
53		- }
54		-
55		- $query .= ' LIMIT 1';
56		-
57		- $res = sql_query($query);
58		-
59		- if (mysql_num_rows($res) == 1)
60		- {
61		- $aItemInfo = mysql_fetch_assoc($res);
62		- $aItemInfo['timestamp'] = strtotime($aItemInfo['itime']);
63		- return $aItemInfo;
64		- } else {
65		- return 0;
66		- }
67		-
68		- }
69		-
70		- /**
71		- * Tries to create an item from the data in the current request (comes from
72		- * bookmarklet or admin area
73		- *
74		- * Returns an array with status info (status = 'added', 'error', 'newcategory')
75		- *
76		- * (static)
77		- */
78		- function createFromRequest() {
79		- global $member, $manager;
80		-
81		- $i_author = $member->getID();
82		- $i_body = postVar('body');
83		- $i_title = postVar('title');
84		- $i_more = postVar('more');
85		- $i_actiontype = postVar('actiontype');
86		- $i_closed = intPostVar('closed');
87		- $i_hour = intPostVar('hour');
88		- $i_minutes = intPostVar('minutes');
89		- $i_month = intPostVar('month');
90		- $i_day = intPostVar('day');
91		- $i_year = intPostVar('year');
92		-
93		- $i_catid = postVar('catid');
94		-
95		- $i_draftid = intPostVar('draftid');
96		-
97		- if (!$member->canAddItem($i_catid))
98		- return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
99		-
100		- if (!$i_actiontype) $i_actiontype = 'addnow';
101		-
102		- switch ($i_actiontype) {
103		- case 'adddraft':
104		- $i_draft = 1;
105		- break;
106		- case 'addfuture':
107		- case 'addnow':
108		- default:
109		- $i_draft = 0;
110		- }
111		-
112		- if (!trim($i_body))
113		- return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
114		-
115		- // create new category if needed
116		- if (strstr($i_catid,'newcat')) {
117		- // get blogid
118		- list($i_blogid) = sscanf($i_catid,"newcat-%d");
119		-
120		- // create
121		- $blog =& $manager->getBlog($i_blogid);
122		- $i_catid = $blog->createNewCategory();
123		-
124		- // show error when sth goes wrong
125		- if (!$i_catid)
126		- return array('status' => 'error','message' => 'Could not create new category');
127		- } else {
128		- // force blogid (must be same as category id)
129		- $i_blogid = getBlogIDFromCatID($i_catid);
130		- $blog =& $manager->getBlog($i_blogid);
131		- }
132		-
133		- if ($i_actiontype == 'addfuture') {
134		- $posttime = mktime($i_hour, $i_minutes, 0, $i_month, $i_day, $i_year);
135		-
136		- // make sure the date is in the future, unless we allow past dates
137		- if ((!$blog->allowPastPosting()) && ($posttime < $blog->getCorrectTime()))
138		- $posttime = $blog->getCorrectTime();
139		- } else {
140		- // time with offset, or 0 for drafts
141		- $posttime = $i_draft ? 0 : $blog->getCorrectTime();
142		- }
143		-
144		- if ($posttime > $blog->getCorrectTime()) {
145		- $posted = 0;
146		- $blog->setFuturePost();
147		- }
148		- else {
149		- $posted = 1;
150		- }
151		-
152		- $itemid = $blog->additem($i_catid, $i_title,$i_body,$i_more,$i_blogid,$i_author,$posttime,$i_closed,$i_draft,$posted);
153		-
154		- //Setting the itemOptions
155		- $aOptions = requestArray('plugoption');
156		- NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
157		- $manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
158		-
159		- if ($i_draftid > 0) {
160		- ITEM::delete($i_draftid);
161		- }
162		-
163		- // success
164		- if ($i_catid != intRequestVar('catid'))
165		- return array('status' => 'newcategory', 'itemid' => $itemid, 'catid' => $i_catid);
166		- else
167		- return array('status' => 'added', 'itemid' => $itemid);
168		- }
169		-
170		-
171		- /**
172		- * Updates an item (static)
173		- */
174		- function update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp = 0) {
175		- global $manager;
176		-
177		- $itemid = intval($itemid);
178		-
179		- // make sure value is 1 or 0
180		- if ($closed != 1) $closed = 0;
181		-
182		- // get destination blogid
183		- $new_blogid = getBlogIDFromCatID($catid);
184		- $old_blogid = getBlogIDFromItemID($itemid);
185		-
186		- // move will be done on end of method
187		- if ($new_blogid != $old_blogid)
188		- $moveNeeded = 1;
189		-
190		- // add <br /> before newlines
191		- $blog =& $manager->getBlog($new_blogid);
192		- if ($blog->convertBreaks()) {
193		- $body = addBreaks($body);
194		- $more = addBreaks($more);
195		- }
196		-
197		- // call plugins
198		- $manager->notify('PreUpdateItem',array('itemid' => $itemid, 'title' => &$title, 'body' => &$body, 'more' => &$more, 'blog' => &$blog, 'closed' => &$closed, 'catid' => &$catid));
199		-
200		- // update item itsself
201		- $query = 'UPDATE '.sql_table('item')
202		- . ' SET'
203		- . " ibody='". addslashes($body) ."',"
204		- . " ititle='" . addslashes($title) . "',"
205		- . " imore='" . addslashes($more) . "',"
206		- . " iclosed=" . intval($closed) . ","
207		- . " icat=" . intval($catid);
208		-
209		- // if we received an updated timestamp in the past, but past posting is not allowed,
210		- // reject that date change (timestamp = 0 will make sure the current date is kept)
211		- if ( (!$blog->allowPastPosting()) && ($timestamp < $blog->getCorrectTime()))
212		- $timestamp = 0;
213		-
214		- if ($timestamp > $blog->getCorrectTime(time())) {
215		- $isFuture = 1;
216		- $query .= ', iposted=0';
217		- }
218		- else {
219		- $isFuture = 0;
220		- $query .= ', iposted=1';
221		- }
222		-
223		- if ($wasdraft && $publish) {
224		- // set timestamp to current date only if it's not a future item
225		- // draft items have timestamp == 0
226		- // don't allow timestamps in the past (unless otherwise defined in blogsettings)
227		- $query .= ', idraft=0';
228		-
229		- if ($timestamp == 0)
230		- $timestamp = $blog->getCorrectTime();
231		-
232		- // send new item notification
233		- if (!$isFuture && $blog->getNotifyAddress() && $blog->notifyOnNewItem())
234		- $blog->sendNewItemNotification($itemid, $title, $body);
235		- }
236		-
237		- // update timestamp when needed
238		- if ($timestamp != 0)
239		- $query .= ", itime=" . mysqldate($timestamp);
240		-
241		- // make sure the correct item is updated
242		- $query .= ' WHERE inumber=' . $itemid;
243		-
244		- // off we go!
245		- sql_query($query);
246		-
247		- $manager->notify('PostUpdateItem',array('itemid' => $itemid));
248		-
249		- // when needed, move item and comments to new blog
250		- if ($moveNeeded)
251		- ITEM::move($itemid, $catid);
252		-
253		- //update the itemOptions
254		- $aOptions = requestArray('plugoption');
255		- NucleusPlugin::_applyPluginOptions($aOptions);
256		- $manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $title, 'body' => $body, 'more' => $more, 'closed' => $closed, 'catid' => $catid)));
257		-
258		- }
259		-
260		- // move an item to another blog (no checks, static)
261		- function move($itemid, $new_catid) {
262		- global $manager;
263		-
264		- $itemid = intval($itemid);
265		- $new_catid = intval($new_catid);
266		-
267		- $new_blogid = getBlogIDFromCatID($new_catid);
268		-
269		- $manager->notify(
270		- 'PreMoveItem',
271		- array(
272		- 'itemid' => $itemid,
273		- 'destblogid' => $new_blogid,
274		- 'destcatid' => $new_catid
275		- )
276		- );
277		-
278		-
279		- // update item table
280		- $query = 'UPDATE '.sql_table('item')." SET iblog=$new_blogid, icat=$new_catid WHERE inumber=$itemid";
281		- sql_query($query);
282		-
283		- // update comments
284		- $query = 'UPDATE '.sql_table('comment')." SET cblog=" . $new_blogid." WHERE citem=" . $itemid;
285		- sql_query($query);
286		-
287		- $manager->notify(
288		- 'PostMoveItem',
289		- array(
290		- 'itemid' => $itemid,
291		- 'destblogid' => $new_blogid,
292		- 'destcatid' => $new_catid
293		- )
294		- );
295		- }
296		-
297		- /**
298		- * Deletes an item
299		- */
300		- function delete($itemid) {
301		- global $manager;
302		-
303		- $itemid = intval($itemid);
304		-
305		- $manager->notify('PreDeleteItem', array('itemid' => $itemid));
306		-
307		- // delete item
308		- $query = 'DELETE FROM '.sql_table('item').' WHERE inumber=' . $itemid;
309		- sql_query($query);
310		-
311		- // delete the comments associated with the item
312		- $query = 'DELETE FROM '.sql_table('comment').' WHERE citem=' . $itemid;
313		- sql_query($query);
314		-
315		- // delete all associated plugin options
316		- NucleusPlugin::_deleteOptionValues('item', $itemid);
317		-
318		- $manager->notify('PostDeleteItem', array('itemid' => $itemid));
319		- }
320		-
321		- // returns true if there is an item with the given ID (static)
322		- function exists($id,$future,$draft) {
323		- global $manager;
324		-
325		- $id = intval($id);
326		-
327		- $r = 'select * FROM '.sql_table('item').' WHERE inumber='.$id;
328		- if (!$future) {
329		- $bid = getBlogIDFromItemID($id);
330		- if (!$bid) return 0;
331		- $b =& $manager->getBlog($bid);
332		- $r .= ' and itime<='.mysqldate($b->getCorrectTime());
333		- }
334		- if (!$draft) {
335		- $r .= ' and idraft=0';
336		- }
337		- $r = sql_query($r);
338		-
339		- return (mysql_num_rows($r) != 0);
340		- }
341		-
342		- /**
343		- * Tries to create an draft from the data in the current request (comes from
344		- * bookmarklet or admin area
345		- *
346		- * Returns an array with status info (status = 'added', 'error', 'newcategory')
347		- *
348		- * (static)
349		- *
350		- * Used by xmlHTTPRequest AutoDraft
351		- */
352		- function createDraftFromRequest() {
353		- global $member, $manager;
354		-
355		- $i_author = $member->getID();
356		- $i_body = postVar('body');
357		- $i_title = postVar('title');
358		- $i_more = postVar('more');
359		-
360		- if(_CHARSET != 'UTF-8'){
361		- $i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8");
362		- $i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8");
363		- $i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8");
364		- }
365		- //$i_actiontype = postVar('actiontype');
366		- $i_closed = intPostVar('closed');
367		- //$i_hour = intPostVar('hour');
368		- //$i_minutes = intPostVar('minutes');
369		- //$i_month = intPostVar('month');
370		- //$i_day = intPostVar('day');
371		- //$i_year = intPostVar('year');
372		- $i_catid = postVar('catid');
373		- $i_draft = 1;
374		- $type = postVar('type');
375		- if ($type == 'edit') {
376		- $i_blogid = getBlogIDFromItemID(intPostVar('itemid'));
377		- }
378		- else {
379		- $i_blogid = intPostVar('blogid');
380		- }
381		- $i_draftid = intPostVar('draftid');
382		-
383		- if (!$member->canAddItem($i_catid)) {
384		- return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
385		- }
386		-
387		- if (!trim($i_body)) {
388		- return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
389		- }
390		-
391		- // create new category if needed
392		- if (strstr($i_catid, 'newcat')) {
393		- // Set in default category
394		- $blog =& $manager->getBlog($i_blogid);
395		- $i_catid = $blog->getDefaultCategory();
396		- }
397		- else {
398		- // force blogid (must be same as category id)
399		- $i_blogid = getBlogIDFromCatID($i_catid);
400		- $blog =& $manager->getBlog($i_blogid);
401		- }
402		-
403		- $posttime = 0;
404		-
405		- if ($i_draftid > 0) {
406		- ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0);
407		- $itemid = $i_draftid;
408		- }
409		- else {
410		- $itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft);
411		- }
412		-
413		- // No plugin support in AutoSaveDraft yet
414		- //Setting the itemOptions
415		- //$aOptions = requestArray('plugoption');
416		- //NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
417		- //$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
418		-
419		- // success
420		- return array('status' => 'added', 'draftid' => $itemid);
421		- }
422		-
423		-}
424		-
425		-?>
	1	+<?php
	2	+
	3	+/*
	4	+ * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
	5	+ * Copyright (C) 2002-2007 The Nucleus Group
	6	+ *
	7	+ * This program is free software; you can redistribute it and/or
	8	+ * modify it under the terms of the GNU General Public License
	9	+ * as published by the Free Software Foundation; either version 2
	10	+ * of the License, or (at your option) any later version.
	11	+ * (see nucleus/documentation/index.html#license for more info)
	12	+ */
	13	+/**
	14	+ * A class representing an item
	15	+ *
	16	+ * @license http://nucleuscms.org/license.txt GNU General Public License
	17	+ * @copyright Copyright (C) 2002-2007 The Nucleus Group
	18	+ * @version $Id: ITEM.php,v 1.7.2.3 2008-02-07 06:13:30 kimitake Exp $
	19	+ * $NucleusJP: ITEM.php,v 1.7.2.2 2008/02/05 08:31:44 kimitake Exp $
	20	+ */
	21	+class ITEM {
	22	+
	23	+ var $itemid;
	24	+
	25	+ function ITEM($itemid) {
	26	+ $this->itemid = $itemid;
	27	+ }
	28	+
	29	+ /**
	30	+ * Returns one item with the specific itemid
	31	+ * (static)
	32	+ */
	33	+ function getitem($itemid, $allowdraft, $allowfuture) {
	34	+ global $manager;
	35	+
	36	+ $itemid = intval($itemid);
	37	+
	38	+ $query = 'SELECT i.idraft as draft, i.inumber as itemid, i.iclosed as closed, '
	39	+ . ' i.ititle as title, i.ibody as body, m.mname as author, '
	40	+ . ' i.iauthor as authorid, i.itime, i.imore as more, i.ikarmapos as karmapos, '
	41	+ . ' i.ikarmaneg as karmaneg, i.icat as catid, i.iblog as blogid '
	42	+ . ' FROM '.sql_table('item').' as i, '.sql_table('member').' as m, ' . sql_table('blog') . ' as b '
	43	+ . ' WHERE i.inumber=' . $itemid
	44	+ . ' and i.iauthor=m.mnumber '
	45	+ . ' and i.iblog=b.bnumber';
	46	+
	47	+ if (!$allowdraft)
	48	+ $query .= ' and i.idraft=0';
	49	+
	50	+ if (!$allowfuture) {
	51	+ $blog =& $manager->getBlog(getBlogIDFromItemID($itemid));
	52	+ $query .= ' and i.itime <=' . mysqldate($blog->getCorrectTime());
	53	+ }
	54	+
	55	+ $query .= ' LIMIT 1';
	56	+
	57	+ $res = sql_query($query);
	58	+
	59	+ if (mysql_num_rows($res) == 1)
	60	+ {
	61	+ $aItemInfo = mysql_fetch_assoc($res);
	62	+ $aItemInfo['timestamp'] = strtotime($aItemInfo['itime']);
	63	+ return $aItemInfo;
	64	+ } else {
	65	+ return 0;
	66	+ }
	67	+
	68	+ }
	69	+
	70	+ /**
	71	+ * Tries to create an item from the data in the current request (comes from
	72	+ * bookmarklet or admin area
	73	+ *
	74	+ * Returns an array with status info (status = 'added', 'error', 'newcategory')
	75	+ *
	76	+ * (static)
	77	+ */
	78	+ function createFromRequest() {
	79	+ global $member, $manager;
	80	+
	81	+ $i_author = $member->getID();
	82	+ $i_body = postVar('body');
	83	+ $i_title = postVar('title');
	84	+ $i_more = postVar('more');
	85	+ $i_actiontype = postVar('actiontype');
	86	+ $i_closed = intPostVar('closed');
	87	+ $i_hour = intPostVar('hour');
	88	+ $i_minutes = intPostVar('minutes');
	89	+ $i_month = intPostVar('month');
	90	+ $i_day = intPostVar('day');
	91	+ $i_year = intPostVar('year');
	92	+
	93	+ $i_catid = postVar('catid');
	94	+
	95	+ $i_draftid = intPostVar('draftid');
	96	+
	97	+ if (!$member->canAddItem($i_catid))
	98	+ return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
	99	+
	100	+ if (!$i_actiontype) $i_actiontype = 'addnow';
	101	+
	102	+ switch ($i_actiontype) {
	103	+ case 'adddraft':
	104	+ $i_draft = 1;
	105	+ break;
	106	+ case 'addfuture':
	107	+ case 'addnow':
	108	+ default:
	109	+ $i_draft = 0;
	110	+ }
	111	+
	112	+ if (!trim($i_body))
	113	+ return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
	114	+
	115	+ // create new category if needed
	116	+ if (strstr($i_catid,'newcat')) {
	117	+ // get blogid
	118	+ list($i_blogid) = sscanf($i_catid,"newcat-%d");
	119	+
	120	+ // create
	121	+ $blog =& $manager->getBlog($i_blogid);
	122	+ $i_catid = $blog->createNewCategory();
	123	+
	124	+ // show error when sth goes wrong
	125	+ if (!$i_catid)
	126	+ return array('status' => 'error','message' => 'Could not create new category');
	127	+ } else {
	128	+ // force blogid (must be same as category id)
	129	+ $i_blogid = getBlogIDFromCatID($i_catid);
	130	+ $blog =& $manager->getBlog($i_blogid);
	131	+ }
	132	+
	133	+ if ($i_actiontype == 'addfuture') {
	134	+ $posttime = mktime($i_hour, $i_minutes, 0, $i_month, $i_day, $i_year);
	135	+
	136	+ // make sure the date is in the future, unless we allow past dates
	137	+ if ((!$blog->allowPastPosting()) && ($posttime < $blog->getCorrectTime()))
	138	+ $posttime = $blog->getCorrectTime();
	139	+ } else {
	140	+ // time with offset, or 0 for drafts
	141	+ $posttime = $i_draft ? 0 : $blog->getCorrectTime();
	142	+ }
	143	+
	144	+ if ($posttime > $blog->getCorrectTime()) {
	145	+ $posted = 0;
	146	+ $blog->setFuturePost();
	147	+ }
	148	+ else {
	149	+ $posted = 1;
	150	+ }
	151	+
	152	+ $itemid = $blog->additem($i_catid, $i_title,$i_body,$i_more,$i_blogid,$i_author,$posttime,$i_closed,$i_draft,$posted);
	153	+
	154	+ //Setting the itemOptions
	155	+ $aOptions = requestArray('plugoption');
	156	+ NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
	157	+ $manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
	158	+
	159	+ if ($i_draftid > 0 && $member->canAlterItem($i_draftid) ) {
	160	+ ITEM::delete($i_draftid);
	161	+ }
	162	+
	163	+ // success
	164	+ if ($i_catid != intRequestVar('catid'))
	165	+ return array('status' => 'newcategory', 'itemid' => $itemid, 'catid' => $i_catid);
	166	+ else
	167	+ return array('status' => 'added', 'itemid' => $itemid);
	168	+ }
	169	+
	170	+
	171	+ /**
	172	+ * Updates an item (static)
	173	+ */
	174	+ function update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp = 0) {
	175	+ global $manager;
	176	+
	177	+ $itemid = intval($itemid);
	178	+
	179	+ // make sure value is 1 or 0
	180	+ if ($closed != 1) $closed = 0;
	181	+
	182	+ // get destination blogid
	183	+ $new_blogid = getBlogIDFromCatID($catid);
	184	+ $old_blogid = getBlogIDFromItemID($itemid);
	185	+
	186	+ // move will be done on end of method
	187	+ if ($new_blogid != $old_blogid)
	188	+ $moveNeeded = 1;
	189	+
	190	+ // add <br /> before newlines
	191	+ $blog =& $manager->getBlog($new_blogid);
	192	+ if ($blog->convertBreaks()) {
	193	+ $body = addBreaks($body);
	194	+ $more = addBreaks($more);
	195	+ }
	196	+
	197	+ // call plugins
	198	+ $manager->notify('PreUpdateItem',array('itemid' => $itemid, 'title' => &$title, 'body' => &$body, 'more' => &$more, 'blog' => &$blog, 'closed' => &$closed, 'catid' => &$catid));
	199	+
	200	+ // update item itsself
	201	+ $query = 'UPDATE '.sql_table('item')
	202	+ . ' SET'
	203	+ . " ibody='". addslashes($body) ."',"
	204	+ . " ititle='" . addslashes($title) . "',"
	205	+ . " imore='" . addslashes($more) . "',"
	206	+ . " iclosed=" . intval($closed) . ","
	207	+ . " icat=" . intval($catid);
	208	+
	209	+ // if we received an updated timestamp in the past, but past posting is not allowed,
	210	+ // reject that date change (timestamp = 0 will make sure the current date is kept)
	211	+ if ( (!$blog->allowPastPosting()) && ($timestamp < $blog->getCorrectTime()))
	212	+ $timestamp = 0;
	213	+
	214	+ if ($timestamp > $blog->getCorrectTime(time())) {
	215	+ $isFuture = 1;
	216	+ $query .= ', iposted=0';
	217	+ }
	218	+ else {
	219	+ $isFuture = 0;
	220	+ $query .= ', iposted=1';
	221	+ }
	222	+
	223	+ if ($wasdraft && $publish) {
	224	+ // set timestamp to current date only if it's not a future item
	225	+ // draft items have timestamp == 0
	226	+ // don't allow timestamps in the past (unless otherwise defined in blogsettings)
	227	+ $query .= ', idraft=0';
	228	+
	229	+ if ($timestamp == 0)
	230	+ $timestamp = $blog->getCorrectTime();
	231	+
	232	+ // send new item notification
	233	+ if (!$isFuture && $blog->getNotifyAddress() && $blog->notifyOnNewItem())
	234	+ $blog->sendNewItemNotification($itemid, $title, $body);
	235	+ }
	236	+
	237	+ // update timestamp when needed
	238	+ if ($timestamp != 0)
	239	+ $query .= ", itime=" . mysqldate($timestamp);
	240	+
	241	+ // make sure the correct item is updated
	242	+ $query .= ' WHERE inumber=' . $itemid;
	243	+
	244	+ // off we go!
	245	+ sql_query($query);
	246	+
	247	+ $manager->notify('PostUpdateItem',array('itemid' => $itemid));
	248	+
	249	+ // when needed, move item and comments to new blog
	250	+ if ($moveNeeded)
	251	+ ITEM::move($itemid, $catid);
	252	+
	253	+ //update the itemOptions
	254	+ $aOptions = requestArray('plugoption');
	255	+ NucleusPlugin::_applyPluginOptions($aOptions);
	256	+ $manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $title, 'body' => $body, 'more' => $more, 'closed' => $closed, 'catid' => $catid)));
	257	+
	258	+ }
	259	+
	260	+ // move an item to another blog (no checks, static)
	261	+ function move($itemid, $new_catid) {
	262	+ global $manager;
	263	+
	264	+ $itemid = intval($itemid);
	265	+ $new_catid = intval($new_catid);
	266	+
	267	+ $new_blogid = getBlogIDFromCatID($new_catid);
	268	+
	269	+ $manager->notify(
	270	+ 'PreMoveItem',
	271	+ array(
	272	+ 'itemid' => $itemid,
	273	+ 'destblogid' => $new_blogid,
	274	+ 'destcatid' => $new_catid
	275	+ )
	276	+ );
	277	+
	278	+
	279	+ // update item table
	280	+ $query = 'UPDATE '.sql_table('item')." SET iblog=$new_blogid, icat=$new_catid WHERE inumber=$itemid";
	281	+ sql_query($query);
	282	+
	283	+ // update comments
	284	+ $query = 'UPDATE '.sql_table('comment')." SET cblog=" . $new_blogid." WHERE citem=" . $itemid;
	285	+ sql_query($query);
	286	+
	287	+ $manager->notify(
	288	+ 'PostMoveItem',
	289	+ array(
	290	+ 'itemid' => $itemid,
	291	+ 'destblogid' => $new_blogid,
	292	+ 'destcatid' => $new_catid
	293	+ )
	294	+ );
	295	+ }
	296	+
	297	+ /**
	298	+ * Deletes an item
	299	+ */
	300	+ function delete($itemid) {
	301	+ global $manager, $member;
	302	+
	303	+ $itemid = intval($itemid);
	304	+ if (!$member->canAlterItem($itemid)) return;
	305	+
	306	+ $manager->notify('PreDeleteItem', array('itemid' => $itemid));
	307	+
	308	+ // delete item
	309	+ $query = 'DELETE FROM '.sql_table('item').' WHERE inumber=' . $itemid;
	310	+ sql_query($query);
	311	+
	312	+ // delete the comments associated with the item
	313	+ $query = 'DELETE FROM '.sql_table('comment').' WHERE citem=' . $itemid;
	314	+ sql_query($query);
	315	+
	316	+ // delete all associated plugin options
	317	+ NucleusPlugin::_deleteOptionValues('item', $itemid);
	318	+
	319	+ $manager->notify('PostDeleteItem', array('itemid' => $itemid));
	320	+ }
	321	+
	322	+ // returns true if there is an item with the given ID (static)
	323	+ function exists($id,$future,$draft) {
	324	+ global $manager;
	325	+
	326	+ $id = intval($id);
	327	+
	328	+ $r = 'select * FROM '.sql_table('item').' WHERE inumber='.$id;
	329	+ if (!$future) {
	330	+ $bid = getBlogIDFromItemID($id);
	331	+ if (!$bid) return 0;
	332	+ $b =& $manager->getBlog($bid);
	333	+ $r .= ' and itime<='.mysqldate($b->getCorrectTime());
	334	+ }
	335	+ if (!$draft) {
	336	+ $r .= ' and idraft=0';
	337	+ }
	338	+ $r = sql_query($r);
	339	+
	340	+ return (mysql_num_rows($r) != 0);
	341	+ }
	342	+
	343	+ /**
	344	+ * Tries to create an draft from the data in the current request (comes from
	345	+ * bookmarklet or admin area
	346	+ *
	347	+ * Returns an array with status info (status = 'added', 'error', 'newcategory')
	348	+ *
	349	+ * (static)
	350	+ *
	351	+ * Used by xmlHTTPRequest AutoDraft
	352	+ */
	353	+ function createDraftFromRequest() {
	354	+ global $member, $manager;
	355	+
	356	+ $i_author = $member->getID();
	357	+ $i_body = postVar('body');
	358	+ $i_title = postVar('title');
	359	+ $i_more = postVar('more');
	360	+
	361	+ if(_CHARSET != 'UTF-8'){
	362	+ $i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8");
	363	+ $i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8");
	364	+ $i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8");
	365	+ }
	366	+ //$i_actiontype = postVar('actiontype');
	367	+ $i_closed = intPostVar('closed');
	368	+ //$i_hour = intPostVar('hour');
	369	+ //$i_minutes = intPostVar('minutes');
	370	+ //$i_month = intPostVar('month');
	371	+ //$i_day = intPostVar('day');
	372	+ //$i_year = intPostVar('year');
	373	+ $i_catid = postVar('catid');
	374	+ $i_draft = 1;
	375	+ $type = postVar('type');
	376	+ if ($type == 'edit') {
	377	+ $i_blogid = getBlogIDFromItemID(intPostVar('itemid'));
	378	+ }
	379	+ else {
	380	+ $i_blogid = intPostVar('blogid');
	381	+ }
	382	+ $i_draftid = intPostVar('draftid');
	383	+
	384	+ if (!$member->canAddItem($i_catid)) {
	385	+ return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
	386	+ }
	387	+
	388	+ if (!trim($i_body)) {
	389	+ return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
	390	+ }
	391	+
	392	+ // create new category if needed
	393	+ if (strstr($i_catid, 'newcat')) {
	394	+ // Set in default category
	395	+ $blog =& $manager->getBlog($i_blogid);
	396	+ $i_catid = $blog->getDefaultCategory();
	397	+ }
	398	+ else {
	399	+ // force blogid (must be same as category id)
	400	+ $i_blogid = getBlogIDFromCatID($i_catid);
	401	+ $blog =& $manager->getBlog($i_blogid);
	402	+ }
	403	+
	404	+ $posttime = 0;
	405	+
	406	+ if ($i_draftid > 0) {
	407	+ ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0);
	408	+ $itemid = $i_draftid;
	409	+ }
	410	+ else {
	411	+ $itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft);
	412	+ }
	413	+
	414	+ // No plugin support in AutoSaveDraft yet
	415	+ //Setting the itemOptions
	416	+ //$aOptions = requestArray('plugoption');
	417	+ //NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
	418	+ //$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
	419	+
	420	+ // success
	421	+ return array('status' => 'added', 'draftid' => $itemid);
	422	+ }
	423	+
	424	+}
	425	+
	426	+?>

Show on old repository browser

Nucleus日本語版 Forknucleus-nextnucleus-jp-ancientnucleus-plugins

nucleus-jp-ancient: Commit

Commit MetaInfo

Mensagem de Log

Mudança Sumário

Diff

Nucleus日本語版
Fork
nucleus-next
nucleus-jp-ancient
nucleus-plugins