--- mambo/branches/4.6/components/com_content/content.php 2006/09/05 22:22:41 680 +++ mambo/branches/4.6/components/com_content/content.php 2007/11/01 11:54:58 1368 @@ -1,13 +1,10 @@ call( 'frontpage', $gid, $access, $pop, $now ); + $cache->call( 'frontpage', $gid, $access, $pop); return; } @@ -51,20 +48,20 @@ break; case 'section': - $cache->call( 'showSection', $id, $gid, $access, $now ); + $cache->call( 'showSection', $id, $gid, $access ); break; case 'category': - $cache->call( 'showCategory', $id, $gid, $access, $sectionid, $limit, $limitstart, $now ); + $cache->call( 'showCategory', $id, $gid, $access, $sectionid, $limit, $limitstart ); break; case 'blogsection': - $cache->call('showBlogSection', $id, $gid, $access, $pop, $now ); + $cache->call('showBlogSection', $id, $gid, $access, $pop); break; case 'blogcategorymulti': case 'blogcategory': - $cache->call( 'showBlogCategory', $id, $gid, $access, $pop, $now ); + $cache->call( 'showBlogCategory', $id, $gid, $access, $pop ); break; case 'archivesection': @@ -105,7 +102,7 @@ break; default: - $cache->call('showBlogSection', 0, $gid, $access, $pop, $now ); + $cache->call('showBlogSection', 0, $gid, $access, $pop); break; } @@ -135,7 +132,7 @@ } } -function frontpage( $gid, &$access, $pop, $now ) { +function frontpage( $gid, &$access, $pop) { global $database, $mainframe, $my, $Itemid; global $mosConfig_offset; @@ -147,13 +144,16 @@ $params =& new mosParameters( $menu->params ); $orderby_sec = $params->def( 'orderby_sec', '' ); $orderby_pri = $params->def( 'orderby_pri', '' ); - + $header = $params->def( 'header', $menu->name ); + $page_title = $params->def( 'page_title', 0 ); // Ordering control $order_sec = _orderby_sec( $orderby_sec ); $order_pri = _orderby_pri( $orderby_pri ); $now = date( "Y-m-d H:i:s", time()+$mosConfig_offset*60*60 ); + global $acl; + $viewAccess = ($gid >= $acl->get_group_id( 'Registered', 'ARO' ) ? 1 : 0) + ($gid >= $acl->get_group_id( 'Author', 'ARO' ) ? 1 : 0); // query records $query = "SELECT a.*, ROUND( v.rating_sum / v.rating_count ) AS rating, v.rating_count, u.name AS author, u.usertype, s.name AS section, cc.name AS category, g.name AS groups" . "\n FROM #__content AS a" @@ -167,24 +167,23 @@ . ( $noauth ? "\n AND a.access <= '". $my->gid ."'" : '' ) . "\n AND ( publish_up = '0000-00-00 00:00:00' OR publish_up <= '$now' )" . "\n AND ( publish_down = '0000-00-00 00:00:00' OR publish_down >= '$now' )" + . "\n AND a.access <= ". $viewAccess . "\n ORDER BY ". $order_pri . $order_sec ; -// $database->setQuery( $query ); -// $rows = $database->loadObjectList(); $rows = $database->doSQLget($query, 'mosExtendedContent'); // Dynamic Page Title - $mainframe->SetPageTitle( $menu->name ); + $mainframe->SetPageTitle( $header ); BlogOutput( $rows, $params, $gid, $access, $pop, $menu ); } -function showSection( $id, $gid, &$access, $now ) { +function showSection( $id, $gid, &$access ) { global $database, $mainframe, $mosConfig_offset, $Itemid; $noauth = !$mainframe->getCfg( 'shownoauth' ); - + $now = date( 'Y-m-d H:i:s', time() + $mosConfig_offset * 60 * 60 ); // Paramters $params = new stdClass(); if ( $Itemid ) { @@ -269,12 +268,12 @@ * @param int The number of items to dislpay * @param int The offset for pagination */ -function showCategory( $id, $gid, &$access, $sectionid, $limit, $limitstart, $now ) { +function showCategory( $id, $gid, &$access, $sectionid, $limit, $limitstart ) { global $database, $mainframe, $Itemid, $mosConfig_offset, $mosConfig_list_limit; $noauth = !$mainframe->getCfg( 'shownoauth' ); $selected = mosGetParam( $_POST, 'order', '' ); - + $now = date( 'Y-m-d H:i:s', time() + $mosConfig_offset * 60 * 60 ); // Paramters $params = new stdClass(); if ( $Itemid ) { @@ -472,11 +471,11 @@ } // showCategory -function showBlogSection( $id=0, $gid, &$access, $pop, $now=NULL ) { +function showBlogSection( $id=0, $gid, &$access, $pop ) { global $database, $mainframe, $mosConfig_offset, $Itemid; $noauth = !$mainframe->getCfg( 'shownoauth' ); - + $now = date( 'Y-m-d H:i:s', time() + $mosConfig_offset * 60 * 60 ); // Parameters $params = new stdClass(); if ( $Itemid ) { @@ -525,11 +524,11 @@ BlogOutput( $rows, $params, $gid, $access, $pop, $menu ); } -function showBlogCategory( $id=0, $gid, &$access, $pop, $now ) { +function showBlogCategory( $id=0, $gid, &$access, $pop ) { global $database, $mainframe, $mosConfig_offset, $Itemid; $noauth = !$mainframe->getCfg( 'shownoauth' ); - + $now = date( 'Y-m-d H:i:s', time() + $mosConfig_offset * 60 * 60 ); // Paramters $params = new stdClass(); if ( $Itemid ) { @@ -582,7 +581,7 @@ $noauth = !$mainframe->getCfg( 'shownoauth' ); - // Paramters + // Parameters $year = mosGetParam( $_REQUEST, 'year', date( 'Y' ) ); $month = mosGetParam( $_REQUEST, 'month', date( 'm' ) ); @@ -846,7 +845,7 @@ if ( $descrip && $description->description ) { echo $description->description; } - echo '

'; + echo '

'; echo ''; echo ''; } @@ -990,6 +989,8 @@ ; } + global $acl; + $viewAccess = ($gid >= $acl->get_group_id( 'Registered', 'ARO' ) ? 1 : 0) + ($gid >= $acl->get_group_id( 'Author', 'ARO' ) ? 1 : 0); $query = "SELECT a.*, ROUND(v.rating_sum/v.rating_count) AS rating, v.rating_count, u.name AS author, u.usertype, cc.name AS category, s.name AS section, g.name AS groups" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" @@ -998,10 +999,9 @@ . "\n LEFT JOIN #__content_rating AS v ON a.id = v.content_id" . "\n LEFT JOIN #__groups AS g ON a.access = g.id" . "\n WHERE a.id='". $uid ."' ". $xwhere - . "\n AND a.access <= ". $gid + . "\n AND a.access <= ". $viewAccess ; $database->setQuery( $query ); -// $row = NULL; $row = new mosExtendedContent(); if ( $database->loadObject( $row ) ) { @@ -1023,6 +1023,8 @@ . "\n WHERE a.catid = ". $row->catid."" . "\n AND a.state = $row->state AND ordering < $row->ordering" . ($access->canEdit ? "" : "\n AND a.access <= '". $gid ."'" ) + . "\n AND ( a.publish_up = '0000-00-00 00:00:00' OR a.publish_up <= '". $now ."' )" + . "\n AND ( a.publish_down = '0000-00-00 00:00:00' OR a.publish_down >= '". $now ."' )" . "\n ORDER BY a.ordering DESC" . "\n LIMIT 1" ; @@ -1034,6 +1036,8 @@ . "\n WHERE a.catid = ". $row->catid."" . "\n AND a.state = $row->state AND ordering > $row->ordering" . ($access->canEdit ? "" : "\n AND a.access <= '". $gid ."'" ) + . "\n AND ( a.publish_up = '0000-00-00 00:00:00' OR a.publish_up <= '". $now ."' )" + . "\n AND ( a.publish_down = '0000-00-00 00:00:00' OR a.publish_down >= '". $now ."' )" . "\n ORDER BY a.ordering" . "\n LIMIT 1" ; @@ -1111,12 +1115,16 @@ // loads the link for Section name if ( $params->get( 'section_link' ) ) { - $query = "SELECT a.id" + $query = "SELECT a.id" . "\n FROM #__menu AS a" - . "\n WHERE a.componentid = ". $row->sectionid."" + . "\n WHERE a.componentid = '". $row->sectionid."'" + . "\n AND a.type = 'content_section'" + . "\n AND a.published = 1" ; $database->setQuery( $query ); $_Itemid = $database->loadResult(); + if (!intval($_Itemid)) + $_Itemid = intval($Itemid) ? intval($Itemid) : 1; $link = sefRelToAbs( 'index.php?option=com_content&task=section&id='. $row->sectionid .'&Itemid='.$_Itemid ); $row->section = ''. $row->section .''; } @@ -1126,9 +1134,14 @@ $query = "SELECT a.id" . "\n FROM #__menu AS a" . "\n WHERE a.componentid = ". $row->catid."" + . "\n AND a.type = 'content_category'" + . "\n AND a.published = 1" ; $database->setQuery( $query ); $_Itemid = $database->loadResult(); + if (!intval($_Itemid)) + $_Itemid = intval($Itemid) ? intval($Itemid) : 1; + $link = sefRelToAbs( 'index.php?option=com_content&task=section&id='. $row->sectionid .'&Itemid='.$_Itemid ); $link = sefRelToAbs( 'index.php?option=com_content&task=category&sectionid='. $row->sectionid .'&id='. $row->catid .'&Itemid='.$_Itemid ); $row->category = ''. $row->category .''; } @@ -1376,15 +1389,15 @@ if ( $isNew ) { // messaging for new items require_once( $mosConfig_absolute_path .'/components/com_messages/messages.class.php' ); - $database->setQuery( "SELECT id FROM #__users WHERE sendEmail = '1'" ); $users = $database->loadResultArray(); - foreach ($users as $user_id) { - $msg = new mosMessage( $database ); - $msg->send( $my->id, $user_id, T_("New Item"), sprintf( T_('A new content item has been submitted by [ %s ] titled [ %s ] from section [ %s ] and category [ %s ]'), $my->username, $row->title, $section, $category ) ); + if ($users) { + foreach ($users as $user_id) { + $msg = new mosMessage( $database ); + $msg->send( $my->id, $user_id, T_("New Item"), sprintf( T_('A new content item has been submitted by [ %s ] titled [ %s ] from section [ %s ] and category [ %s ]'), $my->username, $row->title, $section, $category ) ); + } } } - $Itemid = mosGetParam( $_POST, 'Returnid', '0' ); $msg = $isNew ? T_('Thanks for your submission; it will be reviewed before being posted to the site.') : T_('Item saved successfully.'); mosRedirect( 'index.php', $msg ); @@ -1400,6 +1413,8 @@ $row = new mosContent( $database ); $row->bind( $_POST ); + // sanitize + $row->id = intval($row->id); if ( $access->canEdit || ( $access->canEditOwn && $row->created_by == $my->id ) ) { $row->checkin(); @@ -1446,7 +1461,8 @@ $youremail = trim( mosGetParam( $_POST, 'youremail', '' ) ); $subject_default = sprintf(T_('Item sent by %s'), $yourname); $subject = trim( mosGetParam( $_POST, 'subject', $subject_default ) ); - + + session_start(); $form_check = mosGetParam( $_POST, 'form_check', '' ); if (empty($_SESSION['_form_check_']['com_content']) || $form_check != $_SESSION['_form_check_']['com_content']) { // the form hasn't been generated by the server on this session @@ -1464,10 +1480,7 @@ // link sent in email $link = sefRelToAbs( $mosConfig_live_site .'/index.php?option=com_content&task=view&id='. $uid .'&Itemid='. $_Itemid ); // message text - $msg = sprintf( T_(' The following page from the "%s" website has been sent to you by %s ( %s ). - -You can access it at the following url: -%s'), $mosConfig_sitename, $yourname, $youremail, $link ); + $msg = sprintf( T_(' The following page from the \"%s\" website has been sent to you by %s ( %s ).\n\nYou can access it at the following url:\n%s'), $mosConfig_sitename, $yourname, $youremail, $link ); // mail function mosMail( $mosConfig_mailfrom, $mosConfig_fromname, $email, $subject, $msg ); @@ -1485,14 +1498,15 @@ } function recordVote() { - global $database; + global $database, $mosConfig_live_site; $user_rating = mosGetParam( $_REQUEST, 'user_rating', 0 ); - $url = mosGetParam( $_REQUEST, 'url', '' ); $cid = mosGetParam( $_REQUEST, 'cid', 0 ); $cid = intval( $cid ); + $Itemid = mosGetParam( $_REQUEST, 'Itemid', 0 ); + $Itemid = intval( $Itemid ); $user_rating = intval( $user_rating ); - + $url = sefReltoAbs("index.php?option=com_content&task=view&id={$cid}&Itemid={$Itemid}"); if ( ( $user_rating >= 1 ) and ( $user_rating <= 5 ) ) { $currip = getenv( 'REMOTE_ADDR' );