diff options
Diffstat (limited to 'modules/node.module')
| -rw-r--r-- | modules/node.module | 132 |
1 files changed, 69 insertions, 63 deletions
diff --git a/modules/node.module b/modules/node.module index b0e587a8b..e7d3ed1c1 100644 --- a/modules/node.module +++ b/modules/node.module @@ -49,11 +49,11 @@ function node_perm() { } function node_search($keys) { - global $user; + global $PHP_SELF; $result = db_query("SELECT n.nid, n.title, n.created, u.uid, u.name FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.status = 1 AND (n.title LIKE '%$keys%' OR n.teaser LIKE '%$keys%' OR n.body LIKE '%$keys%') ORDER BY n.created DESC LIMIT 20"); while ($node = db_fetch_object($result)) { - $find[$i++] = array("title" => check_output($node->title), "link" => (user_access("administer nodes") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created); + $find[$i++] = array("title" => check_output($node->title), "link" => (strstr($PHP_SELF, "admin.php") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created); } return $find; @@ -134,7 +134,7 @@ function node_link($type, $node = 0, $main = 0) { $links[] = "<a href=\"admin.php?mod=node\">content management</a>"; } - if ($type == "page") { + if ($type == "page" && user_access("post content")) { $links[] = "<a href=\"module.php?mod=node&op=add\">submit</a>"; } @@ -743,96 +743,102 @@ function node_preview($edit) { function node_submit($node) { global $user; - /* - ** Verify a user's submission rate and avoid duplicate nodes being - ** inserted: - */ - - throttle("node", variable_get("max_node_rate", 900)); - - /* - ** Fixup the node when required: - */ + if (user_access("post content")) { - $node = node_validate($node); + /* + ** Verify a user's submission rate and avoid duplicate nodes being + ** inserted: + */ - /* - ** Apply the filters: - */ + throttle("node", variable_get("max_node_rate", 900)); - $node->teaser = filter($node->teaser); - $node->title = filter($node->title); - $node->body = filter($node->body); + /* + ** Fixup the node when required: + */ - /* - ** Create a new revision when required: - */ + $node = node_validate($node); - $node = node_revision_create($node); + /* + ** Apply the filters: + */ - if ($node->nid) { + $node->teaser = filter($node->teaser); + $node->title = filter($node->title); + $node->body = filter($node->body); /* - ** Check whether the current user has the proper access rights to - ** perform this operation: + ** Create a new revision when required: */ - if (node_access("update", $node)) { + $node = node_revision_create($node); + + if ($node->nid) { /* - ** Compile a list of the node fields and their default values that users - ** and administrators are allowed to save when updating a node. + ** Check whether the current user has the proper access rights to + ** perform this operation: */ - if (user_access("administer nodes")) { - $fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type); + if (node_access("update", $node)) { + + /* + ** Compile a list of the node fields and their default values that users + ** and administrators are allowed to save when updating a node. + */ + + if (user_access("administer nodes")) { + $fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type); + } + else { + $fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type); + } + + node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node))); + + watchdog("special", "$node->type: updated '$node->title'"); + $output = t("The node has been updated."); } else { - $fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type); + watchdog("warning", "$node->type: not authorized to update node"); + $output = t("You are not authorized to update this node."); } - node_save($node, array_merge($fields, module_invoke($node->type, "save", "update", $node))); - - watchdog("special", "$node->type: updated '$node->title'"); - $output = t("The node has been updated."); } else { - watchdog("warning", "$node->type: not authorized to update node"); - $output = t("You are not authorized to update this node."); - } - } - else { + /* + ** Check whether the current user has the proper access rights to + ** perform this operation: + */ - /* - ** Check whether the current user has the proper access rights to - ** perform this operation: - */ + if (node_access("create", $node)) { - if (node_access("create", $node)) { + /* + ** Compile a list of the node fields and their default values that users + ** and administrators are allowed to save when inserting a new node. + */ - /* - ** Compile a list of the node fields and their default values that users - ** and administrators are allowed to save when inserting a new node. - */ + if (user_access("administer nodes")) { + $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type); + } + else { + $fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type); + } + + node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node))); - if (user_access("administer nodes")) { - $fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type); + watchdog("special", "$node->type: added '$node->title'"); + $output = t("Thanks for your submission."); } else { - $fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type); + watchdog("warning", "$node->type: not authorized to create node"); + $output = t("You are not authorized to create this node."); } - - node_save($node, array_merge($fields, module_invoke($node->type, "save", "create", $node))); - - watchdog("special", "$node->type: added '$node->title'"); - $output = t("Thanks for your submission."); - } - else { - watchdog("warning", "$node->type: not authorized to create node"); - $output = t("You are not authorized to create this node."); } } + else { + $output = message_access(); + } return $output; } |