post.php

在综合英文版XOOPS 2.09, 2.091, 2.092 的基础上正式发布XOOPS 2.09中文版 XOOPS 2.09x 版主要是PHP5升级、bug修正和安全补正： 1 全面兼容PHP 5.

<?php
/* <Edit> */
$parent_file = 'post.php';

function add_magic_quotes($array) {
    foreach ($array as $k => $v) {
        if (is_array($v)) {
            $array[$k] = add_magic_quotes($v);
        } else {
            $array[$k] = addslashes($v);
        }
    }
    return $array;
}

if (!get_magic_quotes_gpc()) {
    $_GET    = add_magic_quotes($_GET);
    $_POST   = add_magic_quotes($_POST);
    $_COOKIE = add_magic_quotes($_COOKIE);
}

$wpvarstoreset = array('action', 'safe_mode', 'withcomments', 'c', 'posts', 'poststart', 'postend', 'wp_content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder', 'target_charset', 'use-utf8');

for ($i=0; $i<count($wpvarstoreset); $i += 1) {
    $wpvar = $wpvarstoreset[$i];
    if (!isset($$wpvar)) {
        if (empty($_POST["$wpvar"])) {
            if (empty($_GET["$wpvar"])) {
                $$wpvar = '';
            } else {
                $$wpvar = $_GET["$wpvar"];
            }
        } else {
            $$wpvar = $_POST["$wpvar"];
        }
    }
}

$bookmarklet_tbpb = empty($bookmarklet_tbpb)?false:$bookmarklet_tbpb;

switch($action) {

    case 'post':
		$standalone = 1;
		require_once('admin-header.php');
		wp_refcheck("/wp-admin");
		$post_pingback = intval($_POST['post_pingback']);
		$content = balanceTags($_POST['wp_content']);
		$content = format_to_post($content);
		$excerpt = balanceTags($_POST['excerpt']);
		$excerpt = format_to_post($excerpt);
		$post_title = addslashes($_POST['post_title']);
		$post_categories = $_POST['post_category'];
		if(get_settings('use_geo_positions')) {
			$latstr = $_POST['post_latf'];
			$lonstr = $_POST['post_lonf'];
			if((strlen($latstr) > 2) && (strlen($lonstr) > 2 ) ) {
				$post_latf = floatval($_POST['post_latf']);
				$post_lonf = floatval($_POST['post_lonf']);
			}
		}
		$post_status = $_POST['post_status'];
		if (empty($post_status)) $post_status = get_settings('default_post_status');
		$comment_status = $_POST['comment_status'];
		if (empty($comment_status)) $comment_status = get_settings('default_comment_status');
		$ping_status = $_POST['ping_status'];
		if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
		$post_password = addslashes(stripslashes($_POST['post_password']));
		$post_name = sanitize_title($post_title);
		$trackback = $_POST['trackback_url'];
		$target_charset = $_POST['target_charset'];
		$useutf8 = $_POST['useutf8'];
		// Format trackbacks
		$trackback = preg_replace('|\s+|', '\n', $trackback);

        if ($user_level == 0)
            die (_LANG_P_CHEATING_ERROR);

        if (($user_level > 4) && (!empty($_POST['edit_date']))) {
            $aa = $_POST['aa'];
            $mm = $_POST['mm'];
            $jj = $_POST['jj'];
            $hh = $_POST['hh'];
            $mn = $_POST['mn'];
            $ss = $_POST['ss'];
            $jj = ($jj > 31) ? 31 : $jj;
            $hh = ($hh > 23) ? $hh - 24 : $hh;
            $mn = ($mn > 59) ? $mn - 60 : $mn;
            $ss = ($ss > 59) ? $ss - 60 : $ss;
            $now = "$aa-$mm-$jj $hh:$mn:$ss";
        } else {
            $now = date('Y-m-d H:i:s', (time() + ($time_difference * 3600)));
        }

		if (!empty($_POST['mode'])) {
		switch($_POST['mode']) {
			case 'bookmarklet':
				$location = 'bookmarklet.php?a=b';
				break;
			case 'sidebar':
				$location = 'sidebar.php?a=b';
				break;
			default:
				$location = 'post.php';
				break;
			}
		} else {
			$location = 'post.php';
		}

		/*
		if(empty($post_status)){
			// What to do based on which button they pressed
			if ('' != $_POST['saveasdraft']) $post_status = 'draft';
			if ('' != $_POST['saveasprivate']) $post_status = 'private';
			if ('' != $_POST['publish']) $post_status = 'publish';
			if ('' != $_POST['advanced']) $post_status = 'draft';
		}
		*/

        if((get_settings('use_geo_positions')) && (strlen($latstr) > 2) && (strlen($lonstr) > 2) ) {
		$postquery ="INSERT INTO {$wpdb->posts}
                (ID, post_author, post_date, post_content, post_title, post_lat, post_lon, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping)
                VALUES
                ('0', '$user_ID', '$now', '$content', '$post_title', $post_latf, $post_lonf,'$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$trackback')
                ";
        } else {
		$postquery ="INSERT INTO {$wpdb->posts}
                (ID, post_author, post_date, post_content, post_title, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping)
                VALUES
                ('0', '$user_ID', '$now', '$content', '$post_title', '$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$trackback')
                ";
        }
        $postquery =
        $result = $wpdb->query($postquery);

        $post_ID = $wpdb->get_var("SELECT ID FROM {$wpdb->posts} ORDER BY ID DESC LIMIT 1");
// update blank postname
		if ($post_name == "") {
			$post_name = "post-".$post_ID;
			$wpdb->query("UPDATE {$wpdb->posts} SET post_name='$post_name' WHERE ID = $post_ID");
		}

		if (!empty($_POST['saveandedit'])){
			$location = "post.php?action=edit&post=$post_ID";
		}


		// Insert categories
		// Check to make sure there is a category, if not just set it to some default
		if (!$post_categories) $post_categories[] = 1;
		foreach ($post_categories as $post_category) {
			// Double check it's not there already
			$exists = $wpdb->get_row("SELECT * FROM {$wpdb->post2cat} WHERE post_id = $post_ID AND category_id = $post_category");

			 if (!$exists && $result) {
			 	$wpdb->query("
				INSERT INTO {$wpdb->post2cat}
				(post_id, category_id)
				VALUES
				($post_ID, $post_category)
				");
			}
		}

        if (isset($sleep_after_edit) && $sleep_after_edit > 0) {
                sleep($sleep_after_edit);
        }


		header("Location: $location");

        if ($post_status == 'publish') {
            if((get_settings('use_geo_positions')) && ($post_latf != null) && ($post_lonf != null)) {
                pingGeoUrl($post_ID);
            }
            pingWeblogs($blog_ID);
            pingBlogs($blog_ID);

            if ($post_pingback) {
                pingback($content, $post_ID);
            }

			do_action('publish_post', $post_ID);

			// Time for trackbacks
			$to_ping = $wpdb->get_var("SELECT to_ping FROM {$wpdb->posts} WHERE ID = $post_ID");
			$pinged = $wpdb->get_var("SELECT pinged FROM {$wpdb->posts} WHERE ID = $post_ID");
			$pinged = explode("\n", $pinged);
			if ('' != $to_ping) {
				if (strlen($excerpt) > 0) {
					$the_excerpt = apply_filters('the_excerpt', $excerpt);
				} else {
					$the_excerpt = apply_filters('the_content', $content);
				}
				$the_excerpt = (strlen(strip_tags($the_excerpt)) > 255) ? substr(strip_tags($the_excerpt), 0, 252) . '...' : strip_tags($the_excerpt);
				$excerpt = stripslashes($the_excerpt);
				$to_pings = explode("\n", $to_ping);
				if ($useutf8=="1") $target_charset = 'UTF-8';
				$ping_charset = $target_charset;
				foreach ($to_pings as $tb_ping) {
					$tb_ping = trim($tb_ping);
					if (!in_array($tb_ping, $pinged)) {
					 trackback($tb_ping, stripslashes($post_title), $excerpt, $post_ID, $ping_charset);
					}
				}
			}

        } // end if publish

        exit();
        break;

    case 'edit':
		$parent_file = 'edit.php';
        $title = '编辑文章';
        $standalone = 0;
        require_once('admin-header.php');

        $post = $post_ID = $p = $_GET['post'];
        if ($user_level > 0) {
			$postdata = get_postdata($post);
			$authordata = get_userdata($postdata['Author_ID']);
			if ($user_level < $authordata->user_level)
				die (_LANG_P_DATARIGHT_EDIT);

			$content = $postdata['Content'];
			$content = format_to_edit($content);
			$edited_lat = $postdata["Lat"];
			$edited_lon = $postdata["Lon"];
			$excerpt = $postdata['Excerpt'];
			$excerpt = format_to_edit($excerpt);
			$edited_post_title = format_to_edit($postdata['Title']);
			$post_status = $postdata['post_status'];
			$comment_status = $postdata['comment_status'];
			$ping_status = $postdata['ping_status'];
			$post_password = $postdata['post_password'];
			$to_ping = $postdata['to_ping'];
			$pinged = $postdata['pinged'];
			$default_post_cat = get_settings('default_post_category');
			$form_action = 'editpost';
            include('edit-form.php');
        } else {
?>
            <p><?php echo _LANG_P_NEWCOMER_MESS." : <a href=\"mailto:".get_settings('admin_email')."?subject=Promotion\">E-Mail</a>"; ?></p>
<?php
        }
        break;

    case 'editpost':
        $standalone = 1;
        require_once('./admin-header.php');
		wp_refcheck("/wp-admin");

        if ($user_level == 0)
            die (_LANG_P_CHEATING_ERROR);

        if (!isset($blog_ID)) {
            $blog_ID = 1;
        }
			$post_ID = $_POST['post_ID'];
			$post_ID = intval($post_ID);
			$post_categories = $_POST['post_category'];
			if (!$post_categories) $post_categories[] = 1;
			$post_autobr = intval($_POST['post_autobr']);
			$content = balanceTags($_POST['wp_content']);
			$content = format_to_post($content);
			$excerpt = balanceTags($_POST['excerpt']);
			$excerpt = format_to_post($excerpt);
			$post_title = addslashes($_POST['post_title']);
			if(get_settings('use_geo_positions')) {
				$latf = floatval($_POST["post_latf"]);
        			$lonf = floatval($_POST["post_lonf"]);
        			$latlonaddition = "";
        			if( ($latf != null) && ($latf <= 90 ) && ($latf >= -90) && ($lonf != null) && ($lonf <= 360) && ($lonf >= -360) ) {
                			pingGeoUrl($post_ID);
					$latlonaddition = " post_lat=".$latf.", post_lon =".$lonf.", ";
        			} else {
					$latlonaddition = " post_lat=null, post_lon=null, ";
				}
			}
			$post_status = $_POST['post_status'];
			$prev_status = $_POST['prev_status'];

			//$post_status = $_POST['post_status'];
			$comment_status = $_POST['comment_status'];
			if (empty($comment_status)) $comment_status = get_settings('default_comment_status');
			$ping_status = $_POST['ping_status'];
			if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
			$post_password = addslashes($_POST['post_password']);
			$post_name = sanitize_title($post_title);
			if ($post_name == "") {
				$post_name = "post-".$post_ID;
			}
			$trackback = $_POST['trackback_url'];
			$useutf8 = $_POST['useutf8'];
		// Format trackbacks
		$trackback = preg_replace('|\s+|', '\n', $trackback);

		if(empty($post_status))
		if ('' != $_POST['publish']) $post_status = 'publish';

        if (($user_level > 4) && (!empty($_POST['edit_date']))) {
            $aa = $_POST['aa'];
            $mm = $_POST['mm'];
            $jj = $_POST['jj'];
            $hh = $_POST['hh'];
            $mn = $_POST['mn'];
            $ss = $_POST['ss'];
            $jj = ($jj > 31) ? 31 : $jj;
            $hh = ($hh > 23) ? $hh - 24 : $hh;
            $mn = ($mn > 59) ? $mn - 60 : $mn;
            $ss = ($ss > 59) ? $ss - 60 : $ss;
            $datemodif = ", post_date=\"$aa-$mm-$jj $hh:$mn:$ss\"";
        } else {
            $datemodif = '';
        }

        $result = $wpdb->query("
			UPDATE {$wpdb->posts} SET
				post_content = '$content',
				post_excerpt = '$excerpt',
				post_title = '$post_title'"
				.$datemodif.","
				.$latlonaddition."
				post_status = '$post_status',
				comment_status = '$comment_status',
				ping_status = '$ping_status',
				post_password = '$post_password',
				post_name = '$post_name',
				to_ping = '$trackback'
			WHERE ID = $post_ID ");


		// Now it's category time!
		// First the old categories
		$old_categories = $wpdb->get_col("SELECT category_id FROM {$wpdb->post2cat} WHERE post_id = $post_ID");

		// Delete any?
		foreach ($old_categories as $old_cat) {
			if (!in_array($old_cat, $post_categories)) // If a category was there before but isn't now
				$wpdb->query("DELETE FROM {$wpdb->post2cat} WHERE category_id = $old_cat AND post_id = $post_ID LIMIT 1");
		}

		// Add any?
		foreach ($post_categories as $new_cat) {
			if (!in_array($new_cat, $old_categories))
				$wpdb->query("INSERT INTO {$wpdb->post2cat} (post_id, category_id) VALUES ($post_ID, $new_cat)");
		}

        if (isset($sleep_after_edit) && $sleep_after_edit > 0) {
            sleep($sleep_after_edit);
        }

        // are we going from draft/private to published?
        if ((($prev_status == 'draft') || ($prev_status == 'private')) && ($post_status == 'publish')) {
            pingWeblogs($blog_ID);
            pingBlogs($blog_ID);
		} // end if moving from draft/private to published
        if ($post_status == 'publish') {
			do_action('publish_post', $post_ID);
			// Trackback time.
			$to_ping = trim($wpdb->get_var("SELECT to_ping FROM {$wpdb->posts} WHERE ID = $post_ID"));
			$pinged = trim($wpdb->get_var("SELECT pinged FROM {$wpdb->posts} WHERE ID = $post_ID"));
			$pinged = explode("\n", $pinged);
			if ('' != $to_ping) {
				if (strlen($excerpt) > 0) {
					$the_excerpt = apply_filters('the_excerpt', $excerpt);
				} else {
					$the_excerpt = apply_filters('the_content', $content);
				}
				$the_excerpt = (strlen(strip_tags($the_excerpt)) > 255) ? substr(strip_tags($the_excerpt), 0, 252) . '...' : strip_tags($the_excerpt);				$excerpt = stripslashes($the_excerpt);
				$to_pings = explode("\n", $to_ping);
				if ($useutf8=="1") {
					$ping_charset = 'UTF-8';
				} else {
					$ping_charset = '';
				}
				foreach ($to_pings as $tb_ping) {
					$tb_ping = trim($tb_ping);
					if (!in_array($tb_ping, $pinged)) {
					 trackback($tb_ping, stripslashes($post_title), $excerpt, $post_ID, $ping_charset);
					}
				}
			}
        } // end if publish
       	do_action('edit_post', $post_ID);

		if (!empty($_POST['save'])) {
			$location = $_SERVER['HTTP_REFERER'];
		}elseif(!empty($_POST['saveandedit'])){
			$location = "post.php?action=edit&post=$post_ID";
		}else {
        	$location = 'post.php';
		}