-
-
Save Tim-Machine/5775897 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public function submit_entry() | |
| { | |
| $this->initialize(); | |
| // Get hidden meta vars | |
| if ( ! isset($_POST['meta'])) | |
| { | |
| // This should never be valid | |
| return; | |
| } | |
| $this->_get_meta_vars(); | |
| $this->fetch_site(FALSE, $this->_meta['site_id']); | |
| $this->fetch_channel($this->_meta['channel_id']); | |
| ee()->load->helper(array('url', 'form')); | |
| ee()->load->library('api'); | |
| ee()->api->instantiate('channel_fields'); | |
| ee()->load->library('filemanager'); | |
| ee()->load->library('form_validation'); | |
| ee()->load->library('localize'); | |
| ee()->load->model(array('field_model', 'tools_model')); | |
| ee()->filemanager->_initialize(array()); | |
| ee()->lang->loadfile('content'); | |
| ee()->lang->loadfile('form_validation'); | |
| ee()->lang->loadfile('safecracker'); | |
| ee()->router->set_class('cp'); | |
| ee()->load->library('cp'); | |
| ee()->router->set_class('ee'); | |
| $rules = $this->_meta['rules']; | |
| //just to prevent any errors | |
| if ( ! defined('BASE')) | |
| { | |
| $s = (ee()->config->item('admin_session_type') != 'c') ? ee()->session->userdata('session_id') : 0; | |
| define('BASE', SELF.'?S='.$s.'&D=cp'); | |
| } | |
| $this->json = $this->_meta['json']; | |
| $this->error_handling = $this->_meta['error_handling']; | |
| // ------------------------------------------- | |
| // 'safecracker_submit_entry_start' hook. | |
| // - Developers, if you want to modify the $this object remember | |
| // to use a reference on func call. | |
| // | |
| if (ee()->extensions->active_hook('safecracker_submit_entry_start') === TRUE) | |
| { | |
| ee()->extensions->call('safecracker_submit_entry_start', $this); | |
| if (ee()->extensions->end_script === TRUE) return; | |
| } | |
| $logged_out_member_id = FALSE; | |
| if ( ! ee()->session->userdata('member_id') && $this->_meta['logged_out_member_id']) | |
| { | |
| if ($logged_out_member_id = $this->_meta['logged_out_member_id']) | |
| { | |
| $this->fetch_logged_out_member($logged_out_member_id); | |
| } | |
| } | |
| else if ($this->channel('channel_id') && ! ee()->session->userdata('member_id') && ! empty($this->settings['logged_out_member_id'][ee()->config->item('site_id')][$this->channel('channel_id')])) | |
| { | |
| $this->fetch_logged_out_member($this->settings['logged_out_member_id'][ee()->config->item('site_id')][$this->channel('channel_id')]); | |
| } | |
| //captcha check | |
| if ($this->channel('channel_id') && ! empty($this->logged_out_member_id) && ! empty($this->settings['require_captcha'][ee()->config->item('site_id')][$this->_meta['channel_id']])) | |
| { | |
| if ( ! ee()->input->post('captcha')) | |
| { | |
| $this->errors[] = lang('captcha_required'); | |
| } | |
| ee()->db->where('word', ee()->input->post('captcha', TRUE)); | |
| ee()->db->where('ip_address', ee()->input->ip_address()); | |
| ee()->db->where('date > ', '(UNIX_TIMESTAMP()-7200)', FALSE); | |
| if ( ! ee()->db->count_all_results('captcha')) | |
| { | |
| $this->errors[] = lang('captcha_incorrect'); | |
| } | |
| ee()->db->where('word', ee()->input->post('captcha', TRUE)); | |
| ee()->db->where('ip_address', ee()->input->ip_address()); | |
| ee()->db->where('date < ', '(UNIX_TIMESTAMP()-7200)', FALSE); | |
| ee()->db->delete('captcha'); | |
| } | |
| // Status Check to prevent post overrides | |
| $status = ee()->input->post('status'); | |
| if ($status) | |
| { | |
| $valid_status = FALSE; | |
| $this->fetch_statuses(); | |
| foreach ($this->statuses as $status) | |
| { | |
| if ($status == $status['status']) | |
| { | |
| $valid_status = TRUE; | |
| break; | |
| } | |
| } | |
| if ( ! $valid_status) | |
| { | |
| unset($_POST['status']); | |
| } | |
| } | |
| if ($this->_meta['entry_id']) | |
| { | |
| $this->edit = TRUE; | |
| $this->fetch_entry($this->_meta['entry_id']); | |
| if (ee()->input->post('category') === FALSE && $this->entry('categories')) | |
| { | |
| $_POST['category'] = $this->entry('categories'); | |
| } | |
| } | |
| else | |
| { | |
| if (ee()->input->post('unique_url_title', TRUE)) | |
| { | |
| $_POST['url_title'] = uniqid($this->_meta['url_title'] ? $this->_meta['url_title'] : url_title(ee()->input->post('title', TRUE)), TRUE); | |
| $this->_meta['url_title'] = uniqid($this->_meta['url_title'] ? $this->_meta['url_title'] : url_title(ee()->input->post('title', TRUE)), TRUE); | |
| } | |
| } | |
| // If any checkbox fields are missing from the POST array, | |
| // add them in as blank values for form validation to catch | |
| if (isset($_POST['checkbox_fields'])) | |
| { | |
| foreach (explode('|', $_POST['checkbox_fields']) as $checkbox) | |
| { | |
| if ( ! isset($_POST[$checkbox])) | |
| { | |
| $_POST[$checkbox] = ''; | |
| } | |
| } | |
| } | |
| foreach ($this->custom_fields as $i => $field) | |
| { | |
| $isset = (isset($_POST['field_id_'.$field['field_id']]) || isset($_POST[$field['field_name']]) || (((isset($_FILES['field_id_'.$field['field_id']]) && $_FILES['field_id_'.$field['field_id']]['error'] != 4) || (isset($_FILES[$field['field_name']]) && $_FILES[$field['field_name']]['error'] != 4)) && in_array($field['field_type'], $this->file_fields))); | |
| // If file exists, add it to the POST array for validation | |
| if (isset($_FILES[$field['field_name']]['name'])) | |
| { | |
| // Allow multi-dimensional arrays that contain files | |
| if (is_array($_FILES[$field['field_name']]['name']) | |
| && isset($_POST[$field['field_name']]) | |
| && is_array($_POST[$field['field_name']])) | |
| { | |
| $_POST[$field['field_name']] = array_merge_recursive( | |
| $_POST[$field['field_name']], | |
| $_FILES[$field['field_name']]['name'] | |
| ); | |
| } | |
| else | |
| { | |
| $_POST[$field['field_name']] = $_FILES[$field['field_name']]['name']; | |
| } | |
| } | |
| $this->custom_fields[$i]['isset'] = $isset; | |
| if ( ! $this->edit || $isset) | |
| { | |
| $field_rules = array(); | |
| if (isset($rules[$field['field_name']])) | |
| { | |
| $field_rules = explode('|', $rules[$field['field_name']]); | |
| } | |
| if ( ! in_array('call_field_validation['.$field['field_id'].']', $field_rules)) | |
| { | |
| array_unshift($field_rules, 'call_field_validation['.$field['field_id'].']'); | |
| } | |
| if ($field['field_required'] == 'y' && ! in_array('required', $field_rules)) | |
| { | |
| array_unshift($field_rules, 'required'); | |
| } | |
| ee()->form_validation->set_rules($field['field_name'], $field['field_label'], implode('|', $field_rules)); | |
| } | |
| else | |
| { | |
| if ($field['field_type'] == 'date') | |
| { | |
| $_POST['field_id_'.$field['field_id']] = $_POST[$field['field_name']] = ee()->localize->human_time($this->entry($field['field_name'])); | |
| } | |
| else if ($field['field_required'] == 'y') | |
| { | |
| //add a dummy value to be removed later | |
| //to get around _check_data_for_errors, a redundant check | |
| $_POST['field_id_'.$field['field_id']] = '1'; | |
| } | |
| } | |
| //ee()->form_validation->set_rules($field['field_name'], $field['field_label'], implode('|', $field_rules)); | |
| foreach ($_POST as $key => $value) | |
| { | |
| //change field_name'd POSTed keys to field_id's | |
| if ($key == $field['field_name']) | |
| { | |
| //@TODO what to do about xss_clean and "naughty" html | |
| //for now you can crack open this file and manually add fields_ids and/or field types to the respective arrays | |
| //to prevent xss_clean | |
| //i had some people complain about not being able to submit <object>'s | |
| $xss_clean = ( ! in_array($field['field_id'], $this->skip_xss_field_ids) && ! in_array($field['field_type'], $this->skip_xss_fieldtypes)); | |
| $_POST['field_id_'.$field['field_id']] = ee()->input->post($key, $xss_clean); | |
| //auto set format if not POSTed | |
| $fmt = $field['field_fmt']; | |
| if (ee()->input->post('field_ft_'.$field['field_id']) !== FALSE) | |
| { | |
| $fmt = ee()->input->post('field_ft_'.$field['field_id'], TRUE); | |
| } | |
| elseif (ee()->input->post($field['field_name'].'_ft') !== FALSE) | |
| { | |
| $fmt = ee()->input->post($field['field_name'].'_ft', TRUE); | |
| } | |
| $_POST['field_ft_'.$field['field_id']] = $fmt; | |
| } | |
| else if (preg_match('/^'.$field['field_name'].'_(.+)/', $key, $match)) | |
| { | |
| //also change utility POST fields, ie my_field_field_directory to field_id_X_directory | |
| $_POST['field_id_'.$field['field_id'].'_'.$match[1]] = ee()->input->post($key, TRUE); | |
| } | |
| } | |
| if (in_array($field['field_type'], $this->file_fields) || $field['field_type'] == 'matrix') | |
| { | |
| //change field_name'd POSTed files to field_id's | |
| foreach ($_FILES as $key => $value) | |
| { | |
| if ($key == $field['field_name']) | |
| { | |
| $_FILES['field_id_'.$field['field_id']] = $value; | |
| unset($_FILES[$key]); | |
| // Check to see if a file was actually selected | |
| if ($_POST[$field['field_name']] === 'NULL') | |
| { | |
| if ( ! empty($_POST[$field['field_name'].'_existing'])) | |
| { | |
| $_POST[$field['field_name']] = $_POST[$field['field_name'].'_existing']; | |
| } | |
| else if ( ! empty($_POST[$field['field_name'].'_hidden'])) | |
| { | |
| $_POST[$field['field_name']] = $_POST[$field['field_name'].'_hidden']; | |
| } | |
| else | |
| { | |
| $_POST[$field['field_name']] = ''; | |
| } | |
| } | |
| } | |
| else if (preg_match('/^'.$field['field_name'].'_(.+)/', $key, $match)) | |
| { | |
| $_FILES['field_id_'.$field['field_id'].'_'.$match[1]] = $value; | |
| unset($_FILES[$key]); | |
| } | |
| } | |
| } | |
| } | |
| foreach ($this->title_fields as $field) | |
| { | |
| if (isset($this->default_fields[$field])) | |
| { | |
| ee()->api_channel_fields->set_settings($field, $this->default_fields[$field]); | |
| ee()->form_validation->set_rules($field, $this->default_fields[$field]['field_label'], $this->default_fields[$field]['rules']); | |
| } | |
| if (ee()->input->post($field) !== FALSE) | |
| { | |
| $_POST[$field] = ee()->input->post($field, TRUE); | |
| } | |
| else | |
| { | |
| if ($field == 'entry_date') | |
| { | |
| if ($this->entry($field)) | |
| { | |
| $_POST[$field] = ee()->localize->human_time($this->entry($field)); | |
| } | |
| else | |
| { | |
| $_POST[$field] = ee()->localize->human_time(); | |
| } | |
| } | |
| elseif ($field == 'versioning_enabled' AND $this->channel['enable_versioning'] == 'y') | |
| { | |
| $_POST[$field] = 'y'; | |
| } | |
| elseif ($field == 'allow_comments') | |
| { | |
| $_POST[$field] = $this->_meta['allow_comments']; | |
| } | |
| else | |
| { | |
| if ($this->entry($field) !== FALSE) | |
| { | |
| if ( ! in_array($field, $this->checkboxes) || $this->_meta['preserve_checkboxes']) | |
| { | |
| $_POST[$field] = $this->entry($field); | |
| } | |
| } | |
| } | |
| } | |
| } | |
| //don't override status on edit, only on publish | |
| if ( ! $this->edit && ! empty($this->settings['override_status'][ee()->config->item('site_id')][ee()->input->post('channel_id')])) | |
| { | |
| $_POST['status'] = $this->settings['override_status'][ee()->config->item('site_id')][$this->_meta['channel_id']]; | |
| } | |
| $_POST['ping_servers'] = (is_array(ee()->input->post('ping'))) ? ee()->input->post('ping', TRUE) : array(); | |
| $_POST['ping_errors'] = FALSE; | |
| $_POST['revision_post'] = $_POST; | |
| $this->load_session_override(); | |
| //added for EE2.1.2 | |
| ee()->api->instantiate(array('channel_categories')); | |
| ee()->load->library('api/api_sc_channel_entries'); | |
| foreach ($this->form_validation_methods as $method) | |
| { | |
| ee()->form_validation->set_message($method, lang('safecracker_'.$method)); | |
| } | |
| if ($this->_meta['dynamic_title']) | |
| { | |
| $dynamic_title = base64_decode($this->_meta['dynamic_title']); | |
| foreach ($_POST as $key => $value) | |
| { | |
| if (is_string($value) && strstr($dynamic_title, '['.$key.']') !== FALSE) | |
| { | |
| $dynamic_title = str_replace('['.$key.']', $value, $dynamic_title); | |
| } | |
| } | |
| $_POST['title'] = $dynamic_title; | |
| } | |
| foreach (ee()->api_channel_fields->settings as $field_id => $settings) | |
| { | |
| $settings['field_name'] = 'field_id_'.$field_id; | |
| if (isset($settings['field_settings'])) | |
| { | |
| $settings = array_merge($settings, $this->unserialize($settings['field_settings'], TRUE)); | |
| } | |
| ee()->api_channel_fields->settings[$field_id] = ee()->session->cache['safecracker']['field_settings'][$field_id] = $settings; | |
| } | |
| //moved to before custom field processing, | |
| //since we are now using the call_field_validation rule | |
| if ( ! ee()->form_validation->run()) | |
| { | |
| $this->field_errors = ee()->form_validation->_error_array; | |
| } | |
| if ( ! ee()->security->check_xid(ee()->input->post('XID'))) | |
| { | |
| ee()->functions->redirect(stripslashes(ee()->input->post('RET'))); | |
| } | |
| if (empty($this->field_errors) && empty($this->errors)) | |
| { | |
| //temporarily change site_id for cross-site forms | |
| //channel_entries api doesn't allow you to specifically set site_id | |
| $current_site_id = ee()->config->item('site_id'); | |
| ee()->config->set_item('site_id', $this->site_id); | |
| if (in_array($this->channel('channel_id'), ee()->functions->fetch_assigned_channels())) | |
| { | |
| if ($this->entry('entry_id')) | |
| { | |
| $submit = ee()->api_sc_channel_entries->save_entry($_POST, NULL, $this->entry('entry_id')); | |
| } | |
| else | |
| { | |
| $submit = ee()->api_sc_channel_entries->save_entry($_POST, $this->channel('channel_id')); | |
| } | |
| if ( ! $submit) | |
| { | |
| $this->errors = ee()->api_sc_channel_entries->errors; | |
| } | |
| } | |
| else | |
| { | |
| $this->errors[] = lang('unauthorized_for_this_channel'); | |
| } | |
| ee()->config->set_item('site_id', $current_site_id); | |
| $this->clear_entry(); | |
| //load the just created entry into memory | |
| $this->fetch_entry(ee()->api_sc_channel_entries->entry_id); | |
| } | |
| $this->unload_session_override(); | |
| // ------------------------------------------- | |
| // 'safecracker_submit_entry_end' hook. | |
| // - Developers, if you want to modify the $this object remember | |
| // to use a reference on func call. | |
| // | |
| if (ee()->extensions->active_hook('safecracker_submit_entry_end') === TRUE) | |
| { | |
| ee()->extensions->call('safecracker_submit_entry_end', $this); | |
| if (ee()->extensions->end_script === TRUE) return; | |
| } | |
| if (is_array($this->errors)) | |
| { | |
| //add the field name to custom_field_empty errors | |
| foreach ($this->errors as $field_name => $error) | |
| { | |
| if ($error == lang('custom_field_empty')) | |
| { | |
| $this->errors[$field_name] = $error.' '.$field_name; | |
| } | |
| } | |
| } | |
| if ( ! $this->json && ($this->errors || $this->field_errors) && $this->error_handling == 'inline') | |
| { | |
| $this->entry = $_POST; | |
| $this->form_error = TRUE; | |
| foreach($this->post_error_callbacks as $field_type => $callbacks) | |
| { | |
| $callbacks = explode('|', $callbacks); | |
| foreach ($this->custom_fields as $field) | |
| { | |
| if ($field['field_type'] == $field_type) | |
| { | |
| foreach ($callbacks as $callback) | |
| { | |
| if (in_array($callback, $this->valid_callbacks)) | |
| { | |
| $this->entry[$field['field_name']] = $this->entry['field_id_'.$field['field_id']] = call_user_func($callback, $this->entry($field['field_name'])); | |
| } | |
| } | |
| } | |
| } | |
| } | |
| foreach ($this->date_fields as $field) | |
| { | |
| if ($this->entry($field) && ! is_numeric($this->entry($field))) | |
| { | |
| $this->entry[$field] = ee()->localize->string_to_timestamp($this->entry($field)); | |
| } | |
| } | |
| if (version_compare(APP_VER, '2.1.3', '>')) | |
| { | |
| ee()->core->generate_page(); | |
| } | |
| else | |
| { | |
| ee()->core->_generate_page(); | |
| } | |
| return; | |
| } | |
| if ($this->json) | |
| { | |
| return $this->send_ajax_response( | |
| array( | |
| 'success' => (empty($this->errors) && empty($this->field_errors)) ? 1 : 0, | |
| 'errors' => (empty($this->errors)) ? array() : $this->errors, | |
| 'field_errors' => (empty($this->field_errors)) ? array() : $this->field_errors, | |
| 'entry_id' => $this->entry('entry_id'), | |
| 'url_title' => $this->entry('url_title'), | |
| 'channel_id' => $this->entry('channel_id'), | |
| ) | |
| ); | |
| } | |
| if ($this->errors OR $this->field_errors) | |
| { | |
| return ee()->output->show_user_error(FALSE, array_merge($this->errors, $this->field_errors)); | |
| } | |
| if ( ! AJAX_REQUEST) | |
| { | |
| ee()->security->delete_xid(ee()->input->post('XID')); | |
| } | |
| $return = ($this->_meta['return']) ? ee()->functions->create_url($this->_meta['return']) : ee()->functions->fetch_site_index(); | |
| if (strpos($return, 'ENTRY_ID') !== FALSE) | |
| { | |
| $return = str_replace('ENTRY_ID', $this->entry('entry_id'), $return); | |
| } | |
| if (strpos($return, 'URL_TITLE') !== FALSE) | |
| { | |
| $return = str_replace('URL_TITLE', $this->entry('url_title'), $return); | |
| } | |
| if ($hook_return = ee()->api_sc_channel_entries->trigger_hook('entry_submission_redirect', $return)) | |
| { | |
| $return = $hook_return; | |
| } | |
| if ($this->_meta['secure_return']) | |
| { | |
| $return = preg_replace('/^http:/', 'https:', $return); | |
| } | |
| ee()->functions->redirect($return); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment