From ef7d6c1db7d2d0441852f8b8a7d4a046e7bc36c2 Mon Sep 17 00:00:00 2001 From: Daniel Hromada Date: Tue, 11 Oct 2011 00:03:12 +0200 Subject: [PATCH] Added possibility to upload_data_file directly in add event (& to refer to node_id just being added by @@@ token) Fixed empty link bug in get_linked_nodes Smarty database handler now support template names, so no need for Qaballah with numeric template ids anymore, You can do directly {include file=node_name} for any node whatsoever (some may consider it a security bug but I don't give a fuck :) --- wwwroot/inc/eventz/add.inc | 35 +++++++++--------- .../function.get_linked_nodes.php | 2 +- wwwroot/inc/smarty/resource.kyberia.php | 37 ++++++++----------- 3 files changed, 33 insertions(+), 41 deletions(-) diff --git a/wwwroot/inc/eventz/add.inc b/wwwroot/inc/eventz/add.inc index 36986a7..f77499d 100644 --- a/wwwroot/inc/eventz/add.inc +++ b/wwwroot/inc/eventz/add.inc @@ -92,23 +92,6 @@ function add() { $node_content=nodes::processContent($node_content); - if ($node_system_access=='crypto') { - - require(INCLUDE_DIR.'crypto.inc'); - - if ($_SESSION['crypto'][$node_parent]) { - $key=$_SESSION['crypto'][$node_parent]; - } - else { - $key = substr(md5(uniqid(rand(), true)),0,8); - } - - $node_content=crypto::crypto($node_content,$key); - - - - } - $params['node_name']=$node_name; $params['template_id']=$template_id; $params['node_parent']=$node_parent; @@ -116,7 +99,23 @@ function add() { $params['node_creator']=$_SESSION['user_id']; $params['node_content']=db_escape_string($node_content); $params['external_link']=$external_link; - nodes::addNode($params); + $node_id=nodes::addNode($params); + + if (!$node_id) { + return false; + } + + if ($_FILES['data_file']['tmp_name']) { + copy($_FILES['data_file']['tmp_name'], FILE_DIR.$_SESSION['user_id'].'/'.$node_id.".$suffix"); + symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node_id.".$suffix",FILE_DIR.'/'.$node_id); + } + + //substitute @@@ token by a node_id of a newly created node + $nc=preg_replace('/@@@/',$node_id,$params['node_content']); + if ($nc!=$params['node_content']) { + $db->update("update nodes set node_content='$nc' where node_id=$node_id"); + } + return true; } diff --git a/wwwroot/inc/smarty/node_methodz/function.get_linked_nodes.php b/wwwroot/inc/smarty/node_methodz/function.get_linked_nodes.php index 7e19ef7..22fde37 100644 --- a/wwwroot/inc/smarty/node_methodz/function.get_linked_nodes.php +++ b/wwwroot/inc/smarty/node_methodz/function.get_linked_nodes.php @@ -28,7 +28,7 @@ function smarty_function_get_linked_nodes($params,&$smarty) { } $get_linked_nodes=nodes::getLinkedNodes($node_id,$orderby,$offset,$listing_amount); - $smarty->assign('get_linked_nodes',$get_linked_nodes); + if ($get_linked_nodes) $smarty->assign('get_linked_nodes',$get_linked_nodes); } ?> diff --git a/wwwroot/inc/smarty/resource.kyberia.php b/wwwroot/inc/smarty/resource.kyberia.php index bf28a33..c25e0f6 100644 --- a/wwwroot/inc/smarty/resource.kyberia.php +++ b/wwwroot/inc/smarty/resource.kyberia.php @@ -3,31 +3,24 @@ function db_get_template ($tpl_name, &$tpl_source, &$smarty_obj) { global $db,$error,$node, $error_messages; - $add_template_id = preg_replace('/\.tpl$/', '', $tpl_name); - - if (!is_numeric($add_template_id)) { - $error = $error_messages['NOT_NUMERIC']; - return false; + $template_id = preg_replace('/\.tpl$/', '', $tpl_name); + + //from now on module names need not to be numeric! + if (!is_numeric($template_id)) { + $template_id=nodes::getNodeIdByName($tpl_name); + if (!is_numeric($template_id)) { + $error = $error_messages['NOT_NUMERIC']; + return false; + } } - /* - //logging of every template for security reasons FIXME!!! TODO!!! - $params['node_creator'] = UBIK_ID; - $params['node_parent'] = 2029360; - $params['node_name'] = "addTemplate execute: node $add_template_id"; - $params['node_content'] = db_escape_string("addTemplate execute: node $add_template_id by user ".$_SESSION['user_name']); - nodes::addNode($params); - */ - /* - if(!($set=$db->query("select node_content from nodes where node_id='$add_template_id'"))) return false; - $set->next(); - */ - // populating $tpl_source with actual template contents - //$tpl_source = stripslashes($set->getString('node_content')); - $tpl_source = nodes::getNodeById($add_template_id,empty($_SESSION['user_id']) ? "" : $_SESSION['user_id']); - $tpl_source = $tpl_source['node_content']; + if (is_numeric($template_id)) { + $tpl_source = nodes::getNodeById($template_id,empty($_SESSION['user_id']) ? "" : $_SESSION['user_id']); + } + $tpl_source = $tpl_source['node_content']; + // return true on success, false to generate failure notification - return true; + return (bool)$tpl_source; } -- 2.30.2