ajax.autosave.php | searchcode

/phpmyfaq/admin/ajax.autosave.php

https://github.com/cyrke/phpMyFAQ
PHP | 163 lines | 116 code | 29 blank | 18 comment | 30 complexity | b3a148a293da0b06f124f6320353062e MD5 | raw file
Possible License(s): LGPL-2.1, LGPL-3.0, MPL-2.0-no-copyleft-exception

<?php
/**
 * Autosave handler.
 *
 * PHP Version 5.3
 *
 * This Source Code Form is subject to the terms of the Mozilla Public License,
 * v. 2.0. If a copy of the MPL was not distributed with this file, You can
 * obtain one at http://mozilla.org/MPL/2.0/.
 *
 * @category  phpMyFAQ
 * @package   Administration
 * @author    Anatoliy Belsky <ab@php.net>
 * @copyright 2003-2012 phpMyFAQ Team
 * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
 * @link      http://www.phpmyfaq.de
 * @since     2012-07-07
 */

if (!defined('IS_VALID_PHPMYFAQ')) {
    header('Location: http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME']));
    exit();
}

$do = PMF_Filter::filterInput(INPUT_GET, 'do', FILTER_SANITIZE_STRING);

if ('insertentry' == $do && ($permission['editbt']|| $permission['addbt']) ||
    'saveentry' == $do && $permission['editbt']) {

    $user     = PMF_User_CurrentUser::getFromSession($faqConfig);

    $dateStart     = PMF_Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING);
    $dateEnd       = PMF_Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING);
    $question      = PMF_Filter::filterInput(INPUT_POST, 'question', FILTER_SANITIZE_STRING);
    $categories    = PMF_Filter::filterInputArray(INPUT_POST, array('rubrik' => array('filter' => FILTER_VALIDATE_INT,
                                                                                      'flags'  => FILTER_REQUIRE_ARRAY)));
    $record_lang   = PMF_Filter::filterInput(INPUT_POST, 'lang', FILTER_SANITIZE_STRING);
    $tags          = PMF_Filter::filterInput(INPUT_POST, 'tags', FILTER_SANITIZE_STRING);
    $active        = PMF_Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING);
    $sticky        = PMF_Filter::filterInput(INPUT_POST, 'sticky', FILTER_SANITIZE_STRING);
    $content       = PMF_Filter::filterInput(INPUT_POST, 'answer', FILTER_SANITIZE_SPECIAL_CHARS);
    $keywords      = PMF_Filter::filterInput(INPUT_POST, 'keywords', FILTER_SANITIZE_STRING);
    $author        = PMF_Filter::filterInput(INPUT_POST, 'author', FILTER_SANITIZE_STRING);
    $email         = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
    $comment       = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING);
    $record_id     = PMF_Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT);
    $solution_id   = PMF_Filter::filterInput(INPUT_POST, 'solution_id', FILTER_VALIDATE_INT);
    $revision_id   = PMF_Filter::filterInput(INPUT_POST, 'revision_id', FILTER_VALIDATE_INT);
    $changed       = PMF_Filter::filterInput(INPUT_POST, 'changed', FILTER_SANITIZE_STRING);

    $user_permission   = PMF_Filter::filterInput(INPUT_POST, 'userpermission', FILTER_SANITIZE_STRING);
    $restricted_users  = ('all' == $user_permission) ? -1 : PMF_Filter::filterInput(INPUT_POST, 'restricted_users', FILTER_VALIDATE_INT);
    $group_permission  = PMF_Filter::filterInput(INPUT_POST, 'grouppermission', FILTER_SANITIZE_STRING);
    $restricted_groups = ('all' == $group_permission) ? -1 : PMF_Filter::filterInput(INPUT_POST, 'restricted_groups', FILTER_VALIDATE_INT);



    if (!is_null($question) && !is_null($categories)) {

        $tagging  = new PMF_Tags($faqConfig);

        $category = new PMF_Category($faqConfig, false);
        $category->setUser($currentAdminUser);
        $category->setGroups($currentAdminGroups);

        if (!isset($categories['rubrik'])) {
            $categories['rubrik'] = array();
        }

        $recordData = array(
            'id'            => $record_id,
            'lang'          => $record_lang,
            'revision_id'   => $revision_id,
            'active'        => $active,
            'sticky'        => (!is_null($sticky) ? 1 : 0),
            'thema'         => html_entity_decode($question),
            'content'       => html_entity_decode($content),
            'keywords'      => $keywords,
            'author'        => $author,
            'email'         => $email,
            'comment'       => (!is_null($comment) ? 'y' : 'n'),
            'date'          => empty($date) ? date('YmdHis') : str_replace(array('-', ':', ' '), '', $date),
            'dateStart'     => (empty($dateStart) ? '00000000000000' : str_replace('-', '', $dateStart) . '000000'),
            'dateEnd'       => (empty($dateEnd) ? '99991231235959' : str_replace('-', '', $dateEnd) . '235959'),
            'linkState'     => '',
            'linkDateCheck' => 0
        );

        if ('saveentry' == $do || $record_id) {
            /* Create a revision anyway, it's autosaving */
            $faq->addNewRevision($record_id, $record_lang);
            $revision_id++;

            $faq->createChangeEntry($record_id, $user->getUserId(), nl2br($changed), $record_lang, $revision_id);

            $visits = new PMF_Visits($faqConfig);
            $visits->add($record_id);

            if ($faq->isAlreadyTranslated($record_id, $record_lang)) {
                $faq->updateRecord($recordData);
            } else {
                $record_id = $faq->addRecord($recordData, false);
            }

            $faq->deleteCategoryRelations($record_id, $record_lang);
            $faq->addCategoryRelations($categories['rubrik'], $record_id, $record_lang);


            if ($tags != '') {
                $tagging->saveTags($record_id, explode(',', $tags));
            } else {
                $tagging->deleteTagsFromRecordId($record_id);
            }

            $faq->deletePermission('user', $record_id);
            $faq->addPermission('user', $record_id, $restricted_users);
            $category->deletePermission('user', $categories['rubrik']);
            $category->addPermission('user', $categories['rubrik'], $restricted_users);
            if ($faqConfig->get('security.permLevel') != 'basic') {
                $faq->deletePermission('group', $record_id);
                $faq->addPermission('group', $record_id, $restricted_groups);
                $category->deletePermission('group', $categories['rubrik']);
                $category->addPermission('group', $categories['rubrik'], $restricted_groups);
            }
        } else if ('insertentry' == $do) {
            unset($recordData['id']);
            unset($recordData['revision_id']);
            $revision_id = 1;
            $record_id = $faq->addRecord($recordData);
            if ($record_id) {
                $faq->createChangeEntry($record_id, $user->getUserId(), nl2br($changed), $recordData['lang']);
                $visits = new PMF_Visits($faqConfig);
                $visits->add($record_id);

                $faq->addCategoryRelations($categories['rubrik'], $record_id, $recordData['lang']);

                if ($tags != '') {
                    $tagging->saveTags($record_id, explode(',',$tags));
                }

                $faq->addPermission('user', $record_id, $restricted_users);
                $category->addPermission('user', $categories['rubrik'], $restricted_users);

                if ($faqConfig->get('security.permLevel') != 'basic') {
                    $faq->addPermission('group', $record_id, $restricted_groups);
                    $category->addPermission('group', $categories['rubrik'], $restricted_groups);
                }
            }
        }

        $out = array(
            'msg' => sprintf("Item autosaved at revision %d", $revision_id),
            'revision_id' => $revision_id,
            'record_id' => $record_id,
        );

        print json_encode($out);
    }

} else {
    print json_encode(array("msg" => "Unsuficcient article rights"));
}