Changeset 1030:ad4942bddbdb for inc/core
- Timestamp:
- 11/19/12 12:34:31 (13 years ago)
- Branch:
- default
- Location:
- inc/core
- Files:
-
- 2 edited
-
class.dc.blog.php (modified) (8 diffs)
-
class.dc.utils.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
inc/core/class.dc.blog.php
r1018 r1030 1223 1223 public function updPostStatus($id,$status) 1224 1224 { 1225 $this->updPostsStatus($id,$status); 1226 } 1227 1228 /** 1229 Updates posts status. 1230 1231 @param ids <b>mixed</b> Post(s) ID(s) 1232 @param status <b>integer</b> Post status 1233 */ 1234 public function updPostsStatus($ids,$status) 1235 { 1225 1236 if (!$this->core->auth->check('publish,contentadmin',$this->id)) { 1226 1237 throw new Exception(__('You are not allowed to change this entry status')); 1227 1238 } 1228 1239 1229 $ id = (integer) $id;1240 $posts_ids = dcUtils::cleanIds($ids); 1230 1241 $status = (integer) $status; 1242 1243 $strReq = "WHERE blog_id = '".$this->con->escape($this->id)."' ". 1244 "AND post_id ".$this->con->in($posts_ids); 1231 1245 1232 1246 #If user can only publish, we need to check the post's owner 1233 1247 if (!$this->core->auth->check('contentadmin',$this->id)) 1234 1248 { 1235 $strReq = 'SELECT post_id '. 1236 'FROM '.$this->prefix.'post '. 1237 'WHERE post_id = '.$id.' '. 1238 "AND blog_id = '".$this->con->escape($this->id)."' ". 1239 "AND user_id = '".$this->con->escape($this->core->auth->userID())."' "; 1240 1241 $rs = $this->con->select($strReq); 1242 1243 if ($rs->isEmpty()) { 1244 throw new Exception(__('You are not allowed to change this entry status')); 1245 } 1249 $strReq .= "AND user_id = '".$this->con->escape($this->core->auth->userID())."' "; 1246 1250 } 1247 1251 … … 1251 1255 $cur->post_upddt = date('Y-m-d H:i:s'); 1252 1256 1253 $cur->update( 1254 'WHERE post_id = '.$id.' '. 1255 "AND blog_id = '".$this->con->escape($this->id)."' " 1256 ); 1257 $cur->update($strReq); 1257 1258 $this->triggerBlog(); 1258 1259 } 1259 1260 1261 /** 1262 Updates post selection. 1263 1264 @param id <b>integer</b> Post ID 1265 @param selected <b>integer</b> Is selected post 1266 */ 1260 1267 public function updPostSelected($id,$selected) 1268 { 1269 $this->updPostsSelected($id,$selected); 1270 } 1271 1272 /** 1273 Updates posts selection. 1274 1275 @param ids <b>mixed</b> Post(s) ID(s) 1276 @param selected <b>integer</b> Is selected post(s) 1277 */ 1278 public function updPostsSelected($ids,$selected) 1261 1279 { 1262 1280 if (!$this->core->auth->check('usage,contentadmin',$this->id)) { … … 1264 1282 } 1265 1283 1266 $ id = (integer) $id;1284 $posts_ids = dcUtils::cleanIds($ids); 1267 1285 $selected = (boolean) $selected; 1286 1287 $strReq = "WHERE blog_id = '".$this->con->escape($this->id)."' ". 1288 "AND post_id ".$this->con->in($posts_ids); 1268 1289 1269 1290 # If user is only usage, we need to check the post's owner 1270 1291 if (!$this->core->auth->check('contentadmin',$this->id)) 1271 1292 { 1272 $strReq = 'SELECT post_id '. 1273 'FROM '.$this->prefix.'post '. 1274 'WHERE post_id = '.$id.' '. 1275 "AND blog_id = '".$this->con->escape($this->id)."' ". 1276 "AND user_id = '".$this->con->escape($this->core->auth->userID())."' "; 1277 1278 $rs = $this->con->select($strReq); 1279 1280 if ($rs->isEmpty()) { 1281 throw new Exception(__('You are not allowed to mark this entry as selected')); 1282 } 1293 $strReq .= "AND user_id = '".$this->con->escape($this->core->auth->userID())."' "; 1283 1294 } 1284 1295 … … 1288 1299 $cur->post_upddt = date('Y-m-d H:i:s'); 1289 1300 1290 $cur->update( 1291 'WHERE post_id = '.$id.' '. 1292 "AND blog_id = '".$this->con->escape($this->id)."' " 1293 ); 1301 $cur->update($strReq); 1294 1302 $this->triggerBlog(); 1295 1303 } … … 1303 1311 public function updPostCategory($id,$cat_id) 1304 1312 { 1313 $this->updPostsCategory($id,$cat_id); 1314 } 1315 1316 /** 1317 Updates posts category. <var>$cat_id</var> can be null. 1318 1319 @param ids <b>mixed</b> Post(s) ID(s) 1320 @param cat_id <b>integer</b> Category ID 1321 */ 1322 public function updPostsCategory($ids,$cat_id) 1323 { 1305 1324 if (!$this->core->auth->check('usage,contentadmin',$this->id)) { 1306 1325 throw new Exception(__('You are not allowed to change this entry category')); 1307 1326 } 1308 1327 1309 $ id = (integer) $id;1328 $posts_ids = dcUtils::cleanIds($ids); 1310 1329 $cat_id = (integer) $cat_id; 1330 1331 $strReq = "WHERE blog_id = '".$this->con->escape($this->id)."' ". 1332 "AND post_id ".$this->con->in($posts_ids); 1311 1333 1312 1334 # If user is only usage, we need to check the post's owner 1313 1335 if (!$this->core->auth->check('contentadmin',$this->id)) 1314 1336 { 1315 $strReq = 'SELECT post_id '. 1316 'FROM '.$this->prefix.'post '. 1317 'WHERE post_id = '.$id.' '. 1318 "AND blog_id = '".$this->con->escape($this->id)."' ". 1319 "AND user_id = '".$this->con->escape($this->core->auth->userID())."' "; 1320 1321 $rs = $this->con->select($strReq); 1322 1323 if ($rs->isEmpty()) { 1324 throw new Exception(__('You are not allowed to change this entry category')); 1325 } 1337 $strReq .= "AND user_id = '".$this->con->escape($this->core->auth->userID())."' "; 1326 1338 } 1327 1339 … … 1331 1343 $cur->post_upddt = date('Y-m-d H:i:s'); 1332 1344 1333 $cur->update( 1334 'WHERE post_id = '.$id.' '. 1335 "AND blog_id = '".$this->con->escape($this->id)."' " 1336 ); 1345 $cur->update($strReq); 1337 1346 $this->triggerBlog(); 1338 1347 } … … 1344 1353 @param new_cat_id <b>integer</b> New category ID 1345 1354 */ 1346 public function updPostsCategory($old_cat_id,$new_cat_id)1355 public function changePostsCategory($old_cat_id,$new_cat_id) 1347 1356 { 1348 1357 if (!$this->core->auth->check('contentadmin,categories',$this->id)) { … … 1372 1381 public function delPost($id) 1373 1382 { 1383 $this->delPosts($id); 1384 } 1385 1386 /** 1387 Deletes multiple posts. 1388 1389 @param ids <b>mixed</b> Post(s) ID(s) 1390 */ 1391 public function delPosts($ids) 1392 { 1374 1393 if (!$this->core->auth->check('delete,contentadmin',$this->id)) { 1375 1394 throw new Exception(__('You are not allowed to delete entries')); 1376 1395 } 1377 1396 1378 $ id = (integer) $id;1379 1380 if (empty($ id)) {1397 $posts_ids = dcUtils::cleanIds($ids); 1398 1399 if (empty($posts_ids)) { 1381 1400 throw new Exception(__('No such entry ID')); 1382 1401 } 1402 1403 $strReq = 'DELETE FROM '.$this->prefix.'post '. 1404 "WHERE blog_id = '".$this->con->escape($this->id)."' ". 1405 "AND post_id ".$this->con->in($posts_ids); 1383 1406 1384 1407 #If user can only delete, we need to check the post's owner 1385 1408 if (!$this->core->auth->check('contentadmin',$this->id)) 1386 1409 { 1387 $strReq = 'SELECT post_id '. 1388 'FROM '.$this->prefix.'post '. 1389 'WHERE post_id = '.$id.' '. 1390 "AND blog_id = '".$this->con->escape($this->id)."' ". 1391 "AND user_id = '".$this->con->escape($this->core->auth->userID())."' "; 1392 1393 $rs = $this->con->select($strReq); 1394 1395 if ($rs->isEmpty()) { 1396 throw new Exception(__('You are not allowed to delete this entry')); 1397 } 1398 } 1399 1400 1401 $strReq = 'DELETE FROM '.$this->prefix.'post '. 1402 'WHERE post_id = '.$id.' '. 1403 "AND blog_id = '".$this->con->escape($this->id)."' "; 1410 $strReq .= "AND user_id = '".$this->con->escape($this->core->auth->userID())."' "; 1411 } 1404 1412 1405 1413 $this->con->execute($strReq); -
inc/core/class.dc.utils.php
r270 r1030 49 49 return $user_id; 50 50 } 51 52 /** 53 Cleanup a list of IDs 54 55 @param ids <b>mixed</b> ID(s) 56 @return <b>array</b> 57 */ 58 public static function cleanIds($ids) 59 { 60 $clean_ids = array(); 61 62 if (!is_array($ids)) { 63 $ids = array($ids); 64 } 65 66 foreach($ids as $id) 67 { 68 $id = abs((integer) $id); 69 70 if (!empty($id)) { 71 $clean_ids[] = $id; 72 } 73 } 74 return $clean_ids; 75 } 51 76 } 52 77
Note: See TracChangeset
for help on using the changeset viewer.