<?php
/*
* @package ContentCMS
* @author Dan Goldsmith
* @copyright Dan Goldsmith 2012
* @link http://contentcms.d2g.org.uk/
* @version {SUBVERSION_BUILD_NUMBER}
*
* @licence MPL 2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
*
* This page handles all the users submitted data.
* This can be for either, setContentAdmin or setContent
* It stores the users data and then redirects them back to the referer_url or the url in the posted varible return_url.
* This keeps it loosely coupled to the admin interface meaning the plugin don't need to know where on the admin interface to submit.
*/
//Load the global Settings
require_once('global.inc.php');
session_start();
//Stupid Magic Quotes is on on My shared Hosting lets undo all it's hard work
if (get_magic_quotes_gpc())
{
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
$isAdmin = false; //Is this Admin COntent or User Content
$content_id = null; //The content_id being saved etc.
content::setRedirectURL('../'); //Where to send the user after compleation (defulted to one directory down)
//We defult back to the page that sent the user here (Although this can't really be trusted) although it's better than just dumping the user down a directory.
if(isset($_SERVER) && is_array($_SERVER) && array_key_exists('HTTP_REFERER',$_SERVER))
{
content::setRedirectURL($_SERVER['HTTP_REFERER']);
}
$static_data = content::getDataForContentUID();
if(array_key_exists('RETURN_URL', $static_data))
{
content::setRedirectURL($static_data['RETURN_URL']);
}
if(array_key_exists('ADMIN', $static_data))
{
$isAdmin = $static_data['ADMIN'];
}
if(array_key_exists('CONTENT_ID', $static_data))
{
$content_id = $static_data['CONTENT_ID'];
}
if($content_id == null)
{
//Lets get the content_id we're setting
if(isset($_GET) && is_array($_GET) && array_key_exists('CONTENT_ID',$_GET))
{
$content_id = $_GET['CONTENT_ID'];
}
if((isset($_POST) && is_array($_POST) && array_key_exists('CONTENT_ID',$_POST)))
{
$content_id = $_POST['CONTENT_ID'];
}
}
if(!is_array($_POST))
{
$_POST = array();
}
//Content_type
if($content_id !== null)
{
//If we have a content id to edit.
if(content::isContent($content_id))
{
//We have valid content to update
$content = new content($content_id);
//If the plugin is not interactive then it has to post to admin
if($isAdmin == false && $content->getPlugin() !== null)
{
$global_settings = content::getPluginGlobalConfig($content->getPlugin());
if(array_key_exists('Class_File', $global_settings))
{
if(is_file(CONTENT_PLUGIN_DIRECTORY . $content->getPlugin() . "/" . $global_settings['Class_File']))
{
require_once(CONTENT_PLUGIN_DIRECTORY . $content->getPlugin() . "/" . $global_settings['Class_File']);
}
}
$plugin_name = content::getPluginClassName($content->getPlugin());
if(!in_array('interactive', class_implements($plugin_name,true)))
{
//If the plugin doesn't implement setContent it must be admin.
$isAdmin = true;
}
}
//Does the user have access to update this content??
if($isAdmin)
{
//Admin Mode Update
if(defined('CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION'))
{
//This has to be defined to allow updates
//If the user has specifically decided to disbale security (They Need shooting but thats upto them)
// Setting SECURITY_ADMIN_CONTENT_FUNCTION to True allows everyone to update.
if(CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION === true)
{
//Warn the user they are doing somthing silly
trigger_error("Security Warning: Config.ini Insecurly Configured", E_USER_WARNING);
//Update Content
$content->setContentAdmin();
}
else
{
//If the content of SECURITY_ADMIN_CONTENT_FUNCTION is a function
if(is_file(CONTENT_SECURITY_INCLUDE))
{
require_once(CONTENT_SECURITY_INCLUDE);
}
if(is_callable(CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION))
{
$tmp_function_name = CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION;
if($tmp_function_name($content_id) === true)
{
$content->setContentAdmin();
}
}
else
{
throw new Exception("Security Function:" . CONTENT_SECURITY_ADMIN_CONTENT_FUNCTION . " is not callable");
}
}
}
else
{
throw new Exception("SECURITY_ADMIN_CONTENT_FUNCTION Missing in config.ini");
}
}
else
{
//User Mode Update
//Admin Mode Update
if(defined('CONTENT_SECURITY_CONTENT_FUNCTION'))
{
//This has to be defined to allow updates
//If the user has specifically decided to disbale security (They Need shooting but thats upto them)
// Setting SECURITY_ADMIN_CONTENT_FUNCTION to True allows everyone to update.
if(CONTENT_SECURITY_CONTENT_FUNCTION === true)
{
//You Might set this to true so anon users can update content i.e. post comments.
$content->setContent();
}
else
{
//If the content of SECURITY_ADMIN_CONTENT_FUNCTION is a function
if(is_file(CONTENT_SECURITY_INCLUDE))
{
require_once(CONTENT_SECURITY_INCLUDE);
}
if(is_callable(CONTENT_SECURITY_CONTENT_FUNCTION))
{
if(CONTENT_SECURITY_CONTENT_FUNCTION($content_id) === true)
{
$content->setContent();
}
}
else
{
throw new Exception("Security Function:" . CONTENT_SECURITY_CONTENT_FUNCTION . " is not callable");
}
}
}
else
{
throw new Exception("SECURITY_CONTENT_FUNCTION Missing in config.ini");
}
}
}
}
//Redirect the user
header('Location: ' . content::getRedirectURL()->getURL());
?>