diff options
| -rw-r--r-- | modules/blog.module | 5 | ||||
| -rw-r--r-- | modules/blog/blog.module | 5 | ||||
| -rw-r--r-- | modules/book.module | 9 | ||||
| -rw-r--r-- | modules/book/book.module | 9 | ||||
| -rw-r--r-- | modules/node.module | 65 | ||||
| -rw-r--r-- | modules/node/node.module | 65 | ||||
| -rw-r--r-- | modules/page.module | 21 | ||||
| -rw-r--r-- | modules/page/page.module | 21 | ||||
| -rw-r--r-- | modules/story.module | 7 | ||||
| -rw-r--r-- | modules/story/story.module | 7 |
10 files changed, 122 insertions, 92 deletions
diff --git a/modules/blog.module b/modules/blog.module index 7e7662a4f..850a268fe 100644 --- a/modules/blog.module +++ b/modules/blog.module @@ -9,6 +9,7 @@ function blog_conf_options() { } + function blog_node($field) { global $user; @@ -47,7 +48,7 @@ function blog_save($op, $node) { } if ($op == "create") { - return array("promote" => 0, "moderate" => 1, "status" => 1); + return array("body" => filter($node->body), "promote" => 0, "moderate" => 1, "status" => 1); } if ($op == "decline") { @@ -67,7 +68,7 @@ function blog_save($op, $node) { ** entries through the admin pages. */ - return array("promote" => 0, "moderate" => 1, "score" => 0, "votes" => 0, "users" => 0); + return array("body" => filter($node->body), "promote" => 0, "moderate" => 1, "score" => 0, "votes" => 0, "users" => 0); } else if (user_access("adminster nodes")) { /* diff --git a/modules/blog/blog.module b/modules/blog/blog.module index 7e7662a4f..850a268fe 100644 --- a/modules/blog/blog.module +++ b/modules/blog/blog.module @@ -9,6 +9,7 @@ function blog_conf_options() { } + function blog_node($field) { global $user; @@ -47,7 +48,7 @@ function blog_save($op, $node) { } if ($op == "create") { - return array("promote" => 0, "moderate" => 1, "status" => 1); + return array("body" => filter($node->body), "promote" => 0, "moderate" => 1, "status" => 1); } if ($op == "decline") { @@ -67,7 +68,7 @@ function blog_save($op, $node) { ** entries through the admin pages. */ - return array("promote" => 0, "moderate" => 1, "score" => 0, "votes" => 0, "users" => 0); + return array("body" => filter($node->body), "promote" => 0, "moderate" => 1, "score" => 0, "votes" => 0, "users" => 0); } else if (user_access("adminster nodes")) { /* diff --git a/modules/book.module b/modules/book.module index 80f9fa50c..30d50d8d7 100644 --- a/modules/book.module +++ b/modules/book.module @@ -310,8 +310,13 @@ function book_body($node) { ** Make sure only authorized users can preview PHP pages. */ - if ($op == t("Preview") && !user_access("adminster nodes")) { - return; + if ($op == t("Preview")) { + if (user_access("adminster nodes")) { + $node->body = stripslashes($node->body); // see also book_form() + } + else { + return; + } } ob_start(); diff --git a/modules/book/book.module b/modules/book/book.module index 80f9fa50c..30d50d8d7 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -310,8 +310,13 @@ function book_body($node) { ** Make sure only authorized users can preview PHP pages. */ - if ($op == t("Preview") && !user_access("adminster nodes")) { - return; + if ($op == t("Preview")) { + if (user_access("adminster nodes")) { + $node->body = stripslashes($node->body); // see also book_form() + } + else { + return; + } } ob_start(); diff --git a/modules/node.module b/modules/node.module index d03f8fa36..ea4dd0a35 100644 --- a/modules/node.module +++ b/modules/node.module @@ -178,11 +178,12 @@ function node_save($node, $filter) { ** Insert a new node: */ - // set some required fields: + // Set some required fields: $node->created = time(); + $node->changed = time(); $node->nid = db_result(db_query("SELECT MAX(nid) + 1 FROM node")); - // prepare the query: + // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { $k[] = check_query($key); @@ -190,10 +191,10 @@ function node_save($node, $filter) { } } - // insert the node into the database: + // Insert the node into the database: db_query("INSERT INTO node (". implode(", ", $k) .") VALUES (". implode(", ", $v) .")"); - // call the node specific callback (if any): + // Call the node specific callback (if any): module_invoke($node->type, "insert", $node); } else { @@ -202,20 +203,20 @@ function node_save($node, $filter) { ** Update an existing node: */ - // set some required fields: + // Set some required fields: $node->changed = time(); - // prepare the query: + // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { $q[] = check_query($key) ." = '". check_query($value) ."'"; } } - // update the node in the database: + // Update the node in the database: db_query("UPDATE node SET ". implode(", ", $q) ." WHERE nid = '$node->nid'"); - // call the node specific callback (if any): + // Call the node specific callback (if any): module_invoke($node->type, "update", $node); } @@ -484,7 +485,7 @@ function node_admin_nodes() { $queries = array(array("ORDER BY n.created DESC", "new nodes"), array("ORDER BY n.changed DESC", "updated nodes"), array("WHERE n.status = 1 AND n.moderate = 0 ORDER BY n.nid DESC", "published nodes"), array("WHERE n.status = 0 AND n.moderate = 0 ORDER BY n.nid DESC", "non-published nodes"), array("WHERE n.status = 1 AND n.moderate = 1 ORDER BY n.nid DESC", "pending nodes"), array("WHERE n.status = 1 AND n.promote = 1 ORDER BY n.nid DESC", "promoted nodes")); - $result = db_query("SELECT n.*, u.name, u.uid FROM node n LEFT JOIN users u ON n.uid = u.uid ". $queries[$query ? $query : 0][0] ." LIMIT 50"); + $result = db_query("SELECT n.*, u.name, u.uid FROM node n LEFT JOIN users u ON n.uid = u.uid ". $queries[$query ? $query : 1][0] ." LIMIT 50"); foreach ($queries as $key => $value) { $links[] = "<a href=\"admin.php?mod=node&op=nodes&query=$key\">$value[1]</a>"; @@ -929,47 +930,53 @@ function node_edit($id) { return $output; } -function node_preview($edit) { +function node_preview($node) { + + /* + ** Convert the array to an object: + */ + + $node = node_object($node); /* ** Load the user's name when needed: */ - if (isset($edit["name"])) { - /* - ** The use of isset() is mandatory in the context of user IDs as uid - ** 0 denotes the anonymous user. - */ - if ($user = user_load(array("name" => $edit["name"]))) { - $edit["uid"] = $user->uid; + if (isset($node->name)) { + /* + ** The use of isset() is mandatory in the context of user IDs as uid + ** 0 denotes the anonymous user. + */ + + if ($user = user_load(array("name" => $node->name))) { + $node->uid = $user->uid; } else { - $edit["uid"] = 0; // anonymous user + $node->uid = 0; // anonymous user } } else if ($edit["uid"]) { - $user = user_load(array("uid" => $edit["uid"])); - $edit["name"] = $user->name; + $user = user_load(array("uid" => $node->uid)); + $node->name = $user->name; } /* ** Set the created time when needed: */ - if (empty($edit["nid"])) { - $edit["created"] = time(); + if (empty($node->nid)) { + $node->created = time(); } /* ** Apply the required filters: */ - foreach ($edit as $key => $value) { - $node->$key = check_output($value); - /* - ** NOTE: we can't do a check_query() or check_input() here as they - ** add slashes which results in breakage. - */ + if ($node->nid) { + $node = array_merge($node, module_invoke($node->type, "save", "update", $node)); + } + else { + $node = array_merge($node, module_invoke($node->type, "save", "create", $node)); } /* @@ -978,7 +985,7 @@ function node_preview($edit) { node_view($node); - return node_form($edit); + return node_form($node); } function node_submit($node) { diff --git a/modules/node/node.module b/modules/node/node.module index d03f8fa36..ea4dd0a35 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -178,11 +178,12 @@ function node_save($node, $filter) { ** Insert a new node: */ - // set some required fields: + // Set some required fields: $node->created = time(); + $node->changed = time(); $node->nid = db_result(db_query("SELECT MAX(nid) + 1 FROM node")); - // prepare the query: + // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { $k[] = check_query($key); @@ -190,10 +191,10 @@ function node_save($node, $filter) { } } - // insert the node into the database: + // Insert the node into the database: db_query("INSERT INTO node (". implode(", ", $k) .") VALUES (". implode(", ", $v) .")"); - // call the node specific callback (if any): + // Call the node specific callback (if any): module_invoke($node->type, "insert", $node); } else { @@ -202,20 +203,20 @@ function node_save($node, $filter) { ** Update an existing node: */ - // set some required fields: + // Set some required fields: $node->changed = time(); - // prepare the query: + // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { $q[] = check_query($key) ." = '". check_query($value) ."'"; } } - // update the node in the database: + // Update the node in the database: db_query("UPDATE node SET ". implode(", ", $q) ." WHERE nid = '$node->nid'"); - // call the node specific callback (if any): + // Call the node specific callback (if any): module_invoke($node->type, "update", $node); } @@ -484,7 +485,7 @@ function node_admin_nodes() { $queries = array(array("ORDER BY n.created DESC", "new nodes"), array("ORDER BY n.changed DESC", "updated nodes"), array("WHERE n.status = 1 AND n.moderate = 0 ORDER BY n.nid DESC", "published nodes"), array("WHERE n.status = 0 AND n.moderate = 0 ORDER BY n.nid DESC", "non-published nodes"), array("WHERE n.status = 1 AND n.moderate = 1 ORDER BY n.nid DESC", "pending nodes"), array("WHERE n.status = 1 AND n.promote = 1 ORDER BY n.nid DESC", "promoted nodes")); - $result = db_query("SELECT n.*, u.name, u.uid FROM node n LEFT JOIN users u ON n.uid = u.uid ". $queries[$query ? $query : 0][0] ." LIMIT 50"); + $result = db_query("SELECT n.*, u.name, u.uid FROM node n LEFT JOIN users u ON n.uid = u.uid ". $queries[$query ? $query : 1][0] ." LIMIT 50"); foreach ($queries as $key => $value) { $links[] = "<a href=\"admin.php?mod=node&op=nodes&query=$key\">$value[1]</a>"; @@ -929,47 +930,53 @@ function node_edit($id) { return $output; } -function node_preview($edit) { +function node_preview($node) { + + /* + ** Convert the array to an object: + */ + + $node = node_object($node); /* ** Load the user's name when needed: */ - if (isset($edit["name"])) { - /* - ** The use of isset() is mandatory in the context of user IDs as uid - ** 0 denotes the anonymous user. - */ - if ($user = user_load(array("name" => $edit["name"]))) { - $edit["uid"] = $user->uid; + if (isset($node->name)) { + /* + ** The use of isset() is mandatory in the context of user IDs as uid + ** 0 denotes the anonymous user. + */ + + if ($user = user_load(array("name" => $node->name))) { + $node->uid = $user->uid; } else { - $edit["uid"] = 0; // anonymous user + $node->uid = 0; // anonymous user } } else if ($edit["uid"]) { - $user = user_load(array("uid" => $edit["uid"])); - $edit["name"] = $user->name; + $user = user_load(array("uid" => $node->uid)); + $node->name = $user->name; } /* ** Set the created time when needed: */ - if (empty($edit["nid"])) { - $edit["created"] = time(); + if (empty($node->nid)) { + $node->created = time(); } /* ** Apply the required filters: */ - foreach ($edit as $key => $value) { - $node->$key = check_output($value); - /* - ** NOTE: we can't do a check_query() or check_input() here as they - ** add slashes which results in breakage. - */ + if ($node->nid) { + $node = array_merge($node, module_invoke($node->type, "save", "update", $node)); + } + else { + $node = array_merge($node, module_invoke($node->type, "save", "create", $node)); } /* @@ -978,7 +985,7 @@ function node_preview($edit) { node_view($node); - return node_form($edit); + return node_form($node); } function node_submit($node) { diff --git a/modules/page.module b/modules/page.module index 61d15c9b8..31803526e 100644 --- a/modules/page.module +++ b/modules/page.module @@ -65,16 +65,23 @@ function page_link($type) { function page_body($node) { global $theme, $op; - /* - ** Make sure only authorized users can preview static (PHP) - ** pages. - */ - if ($op == t("Preview") && !user_access("adminster nodes")) { - return; - } if ($node->format) { + /* + ** Make sure only authorized users can preview static (PHP) + ** pages. + */ + + if ($op == t("Preview")) { + if (user_access("adminster nodes")) { + $node->body = stripslashes($node->body); // see also page_form() + } + else { + return; + } + } + ob_start(); eval($node->body); $output = ob_get_contents(); diff --git a/modules/page/page.module b/modules/page/page.module index 61d15c9b8..31803526e 100644 --- a/modules/page/page.module +++ b/modules/page/page.module @@ -65,16 +65,23 @@ function page_link($type) { function page_body($node) { global $theme, $op; - /* - ** Make sure only authorized users can preview static (PHP) - ** pages. - */ - if ($op == t("Preview") && !user_access("adminster nodes")) { - return; - } if ($node->format) { + /* + ** Make sure only authorized users can preview static (PHP) + ** pages. + */ + + if ($op == t("Preview")) { + if (user_access("adminster nodes")) { + $node->body = stripslashes($node->body); // see also page_form() + } + else { + return; + } + } + ob_start(); eval($node->body); $output = ob_get_contents(); diff --git a/modules/story.module b/modules/story.module index 747259463..89b57cd67 100644 --- a/modules/story.module +++ b/modules/story.module @@ -32,17 +32,12 @@ function story_save($op, $node) { } if ($op == "create") { - return array("moderate" => 1); + return array("body" => filter($node->body), "moderate" => 1); } if ($op == "decline") { return array("status" => 0, "promote" => 0); } - - if ($op == "update") { - return array("status"); - } - } function story_help() { diff --git a/modules/story/story.module b/modules/story/story.module index 747259463..89b57cd67 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -32,17 +32,12 @@ function story_save($op, $node) { } if ($op == "create") { - return array("moderate" => 1); + return array("body" => filter($node->body), "moderate" => 1); } if ($op == "decline") { return array("status" => 0, "promote" => 0); } - - if ($op == "update") { - return array("status"); - } - } function story_help() { |