[pLog-svn] SQL injection and LT 1.0.2
Jon Daley
plogworld at jon.limedaley.com
Sat Jun 24 12:47:36 GMT 2006
Attached to this email is a file with all of the changes between 1.0.4 and
1.0.5. There are a couple other bug fixes not associated with the SQL
injection that you can ignore or fix as you want.
The *action.class.php files are the ones you care about the most.
On Sat, 24 Jun 2006, ma'moon wrote:
> Dear all,
> i have a server that contains a blogging service based on LT 1.0.2, and i
> really need to fix the SQL injection issue, is there anyway to fix it or how
> can i get the files that contains the issue's fix to integrate it in my LT
> 1.0.2 version !!!
> its really important, any help will be really appreciated.
>
> Thank you.
> Ma'moun
>
--
Jon Daley
http://jon.limedaley.com/
The only real failure in life is one not learned from.
-- Anthony D'Angelo
-------------- next part --------------
Index: version.php
===================================================================
--- version.php (.../lifetype-1.0.4) (revision 3422)
+++ version.php (.../lifetype-1.0.5) (working copy)
@@ -1,3 +1,3 @@
<?php
-$version = 'PLOG_1_0_3';
+$version = 'PLOG_1_0_5';
?>
Index: templates/rss/rss10.template
===================================================================
--- templates/rss/rss10.template (.../lifetype-1.0.4) (revision 3422)
+++ templates/rss/rss10.template (.../lifetype-1.0.5) (working copy)
@@ -11,7 +11,7 @@
<title>{$blog->getBlog()|escape}</title>
<link>{$url->blogLink()}</link>
<description>{$blog->getAbout()|escape}</description>
- {assign var="blogOwner" value=$posts[0]->getUserInfo()}
+ {assign var="blogOwner" value=$blog->getOwnerInfo()}
<dc:creator>{$blogOwner->getUsername()}</dc:creator>
<dc:date>{$smarty.now|date_format:"%Y-%m-%dT%H:%M:%S"}Z</dc:date>
<admin:generatorAgent rdf:resource="http://www.lifetype.net" />
Index: templates/rss/atom.template
===================================================================
--- templates/rss/atom.template (.../lifetype-1.0.4) (revision 3422)
+++ templates/rss/atom.template (.../lifetype-1.0.5) (working copy)
@@ -2,11 +2,13 @@
<feed version="0.3" xmlns="http://purl.org/atom/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xml:lang="{$locale->getLanguageId()|lower}">
<title>{$blog->getBlog()|escape}</title>
<link rel="alternate" type="text/html" href="{$url->blogLink()}" />
-{assign var="newestDate" value=$posts[0]->getDateObject()}
-<modified>{$locale->formatDate($newestDate, "%Y-%m-%dT%H:%M:%S%O", $blog)}</modified>
+{if $posts}
+ {assign var="newestDate" value=$posts[0]->getDateObject()}
+ <modified>{$locale->formatDate($newestDate, "%Y-%m-%dT%H:%M:%S%O", $blog)}</modified>
+{/if}
<tagline>{$blog->getAbout()|escape}</tagline>
<generator url="http://www.lifetype.net/" version="1.0.2">LifeType</generator>
-{assign var="blogOwner" value=$posts[0]->getUserInfo()}
+{assign var="blogOwner" value=$blog->getOwnerInfo()}
<copyright>Copyright (c) {$blogOwner->getUsername()|escape}</copyright>
{foreach from=$posts item=post}
<entry>
Index: templates/admin/blogsettings.template
===================================================================
--- templates/admin/blogsettings.template (.../lifetype-1.0.4) (revision 3567)
+++ templates/admin/blogsettings.template (.../lifetype-1.0.5) (working copy)
@@ -6,12 +6,6 @@
<legend>{$locale->tr("blogSettings")}</legend>
{include file="$admintemplatepath/successmessage.template"}
{include file="$admintemplatepath/errormessage.template"}
- <div class="field">
- <label for="blogLink">{$locale->tr("blog_link")}</label>
- <span class="required"></span>
- <div class="formHelp">{$locale->tr("blog_link_help")}</div>
- <input class="readOnly" type="text" readonly="readonly" id="blogLink" name="blogLink" value="{$url->blogLink()}" />
- </div>
<div class="field">
<label for="blogName">{$locale->tr("name")}</label>
@@ -21,7 +15,30 @@
{include file="$admintemplatepath/validate.template" field=blogName message=$locale->tr("error_empty_name")}
</div>
+ {if $blogDomainsEnabled}
<div class="field">
+ <label for="blogSubDomain">{$locale->tr("domain")}</label>
+ <div class="formHelp">{$locale->tr("register_blog_domain_help")}</div>
+ <input type="text" name="blogSubDomain" id="blogSubDomain"
+ style="width:150px" value="{$blogSubDomain}" />
+ <select name="blogMainDomain" id="blogMainDomain">
+ {foreach from=$blogAvailableDomains item=domain}
+ <option value="{$domain}"
+ {if $domain == $blogMainDomain}selected{/if}>
+ {if $domain == "?"}
+ {$locale->tr("subdomains_any_domain")}
+ {else}
+ .{$domain}
+ {/if}
+ </option>
+ {/foreach}
+ </select>
+ {include file="$admintemplatepath/validate.template" field=blogSubDomain message=$locale->tr("error_invalid_subdomain")}
+ {include file="$admintemplatepath/validate.template" field=blogMainDomain message=$locale->tr("error_invalid_domain")}
+ </div>
+ {/if}
+
+ <div class="field">
<label for="blogAbout">{$locale->tr("description")}</label>
<span class="required"></span>
<div class="formHelp">{$locale->tr("blog_description_help")}</div>
@@ -189,7 +206,7 @@
</select>
{** include file="$admintemplatepath/validate.template" field=blogTimeOffset message=$locale->tr("error_incorrect_time_offset") **}
</div>
-
+
</fieldset>
<div class="buttons" id="buttons">
<input type="reset" name="reset" value="{$locale->tr("reset")}" />
Index: templates/admin/header.template
===================================================================
--- templates/admin/header.template (.../lifetype-1.0.4) (revision 3567)
+++ templates/admin/header.template (.../lifetype-1.0.5) (working copy)
@@ -35,8 +35,6 @@
<div id="header" >
<h1><span>LifeType Admin</span></h1>
- <!-- link to the blog, opens in new window -->
- <a href="{$url->blogLink()}" id="blogLink" target="_blank" title="{$blog->getBlog()}"></a>
</div>
<hr class="hide" />
@@ -57,6 +55,9 @@
</div>
<div style="text-align: right;">
+ <!-- link to the blog, opens in new window -->
+ <a href="{$url->blogLink()}" id="blogLink" target="_blank"
+ title="{$blog->getBlog()}">{$url->blogLink()}</a>
<img style="vertical-align: middle;" src="imgs/admin/icon_home-24.png" alt="Blog" />
<select name="userBlog" id="userBlog" onChange="MM_jumpMenu('parent',this,0)">
{foreach from=$userBlogs item=userBlog}
Index: templates/admin/globalsettings_general.template
===================================================================
--- templates/admin/globalsettings_general.template (.../lifetype-1.0.4) (revision 3567)
+++ templates/admin/globalsettings_general.template (.../lifetype-1.0.5) (working copy)
@@ -38,6 +38,12 @@
<div class="formHelp">{$locale->tr("help_subdomains_base_url")}</div>
<input style="width:100%" type="text" name="config[subdomains_base_url]" value="{$subdomains_base_url}"/>
</div>
+ <!-- subdomains_available_domains -->
+ <div class="field">
+ <label for="config[subdomains_available_domains]">subdomains_available_domains</label>
+ <div class="formHelp">{$locale->tr("help_subdomains_available_domains")}</div>
+ <input style="width:100%" type="text" name="config[subdomains_available_domains]" value="{$subdomains_available_domains}"/>
+ </div>
<!-- include_blog_id_in_url -->
<div class="field">
<label for="config[include_blog_id_in_url]">include_blog_id_in_url</label>
@@ -244,4 +250,4 @@
<div class="formHelp">{$locale->tr("help_session_save_path")}</div>
<input style="width:100%" type="text" name="config[session_save_path]" value="{$session_save_path}"/>
</div>
-</div>
\ No newline at end of file
+</div>
Index: templates/summary/registerstep2.template
===================================================================
--- templates/summary/registerstep2.template (.../lifetype-1.0.4) (revision 3567)
+++ templates/summary/registerstep2.template (.../lifetype-1.0.5) (working copy)
@@ -10,6 +10,31 @@
<input type="text" name="blogName" value="{$blogName}" id="blogName" />
{include file="summary/validate.template" field=blogName message=$locale->tr("error_empty_name")}
</div>
+
+ {if $blogDomainsEnabled}
+ <div class="field">
+ <label for="blogSubDomain">{$locale->tr("domain")}</label>
+ <div class="formHelp">{$locale->tr("register_blog_domain_help")}</div>
+ <input type="text" name="blogSubDomain" id="blogSubDomain"
+ style="width:150px" value="{$blogSubDomain}" />
+ <select name="blogMainDomain" id="blogMainDomain">
+ {foreach from=$blogAvailableDomains item=domain}
+ <option value="{$domain}"
+ {if $domain == $blogMainDomain}selected{/if}>
+ {if $domain == "?"}
+ {$locale->tr("subdomains_any_domain")}
+ {else}
+ .{$domain}
+ {/if}
+ </option>
+ {/foreach}
+ </select>
+ {include file="summary/validate.template" field=blogSubDomain message=$locale->tr("error_invalid_subdomain")}
+ {include file="summary/validate.template" field=blogMainDomain message=$locale->tr("error_invalid_domain")}
+ </div>
+ {/if}
+
+
<div class="field">
<label for="blogLocale">{$locale->tr("language")}</label>
<span class="required">*</span>
Index: templates/summary/index.template
===================================================================
--- templates/summary/index.template (.../lifetype-1.0.4) (revision 3567)
+++ templates/summary/index.template (.../lifetype-1.0.5) (working copy)
@@ -37,10 +37,10 @@
<div id="maincolumn">
<div id="intro">
<h4>{$locale->tr("summary_welcome")}</h4>
- You should place here whatever welcome message you would like your users to see. Or remove
- this one completely and rearrange the whole page. Or something :) Take a look at
- templates/summary, that is where all template files that make up this page are stored. You are
- free to change them in any way you like.
+ You can sign up for a blog by clicking the "Register" button above.
+ However, I am not offering a free blog service, so unless you are
+ already a customer of <a href="http://limedaley.com/">Lime Daley</a>,
+ or intend to become one, you shouldn't bother.
</div>
{include file="summary/recent.template"}
</div>
Index: templates/summary/registerstep3.template
===================================================================
--- templates/summary/registerstep3.template (.../lifetype-1.0.4) (revision 3567)
+++ templates/summary/registerstep3.template (.../lifetype-1.0.5) (working copy)
@@ -31,6 +31,7 @@
<!-- <input type="button" onClick="javascript:window.location='summary.php?op=RegisterStep3'" value="« {$locale->tr("register_back")}" name="Register"/> -->
<input type="submit" name="{$locale->tr("register_next")}" value="{$locale->tr("register_next")} »"/>
<input type="hidden" name="userName" value="{$userName}"/>
+ <input type="hidden" name="blogDomain" value="{$blogDomain}"/>
<input type="hidden" name="userFullName" value="{$userFullName}"/>
<input type="hidden" name="userPassword" value="{$userPassword}"/>
<input type="hidden" name="userEmail" value="{$userEmail}"/>
Index: class/data/validator/rules/uintrule.class.php
===================================================================
--- class/data/validator/rules/uintrule.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/data/validator/rules/uintrule.class.php (.../lifetype-1.0.5) (working copy)
@@ -2,7 +2,7 @@
include_once(PLOG_CLASS_PATH."class/data/validator/rules/regexprule.class.php");
- define( "UINT_RULE_REG_EXP", "^([1-9][0-9]*)|0$");
+ define( "UINT_RULE_REG_EXP", "^([0-9]+)$");
define( "ERROR_RULE_UINT_FORMAT_WRONG", "error_rule_uint_format_wrong");
/**
Index: class/data/textfilter.class.php
===================================================================
--- class/data/textfilter.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/data/textfilter.class.php (.../lifetype-1.0.5) (working copy)
@@ -405,7 +405,41 @@
return $string;
}
-
+
+ /**
+ * Given a string, convert it into something that can be used in the domain part of a URL
+ * (it probably doesn't work very
+ * well with non iso-8859-X strings) It will remove the following characters:
+ *
+ * ; / ? : @ & = + $ ,
+ *
+ * It will convert accented characters such as ?, ?, ?, etc to
+ * their non-accented counterparts (a, e, i) And
+ * any other non-alphanumeric character that hasn't been removed
+ * or replaced will be thrown away.
+ *
+ * @param string The string that we wish to convert into something that can be used as a URL
+ */
+ function domainize( $string )
+ {
+ // remove unnecessary spaces and make everything lower case
+ $string = preg_replace( "/ +/", " ", strtolower($string) );
+
+ // removing a set of reserved characters (rfc2396: ; / ? : @ & = + $ ,)
+ $string = str_replace(array(';','/','?',':','@','&','=','+','$',','), '', $string);
+
+ // replace some characters to similar ones
+ $search = array('_',' ','?','?','?','?','?','?','?','?','?','?','?','?','?','?','?','?','?','?','?');
+ $replace = array('-','-','a','o','u','e','e','a','c','a','e','i','o','u','a','e','i','o','u','e','i');
+ $string = str_replace($search, $replace, $string);
+
+ // and everything that is still left that hasn't been replaced/encoded, throw it away
+ $string = preg_replace( '/[^a-z0-9.-]/', '', $string );
+ $string = trim($string, "-.");
+
+ return $string;
+ }
+
/**
* xhtml-izes a string. It uses the KSes filter for the task as long as the configuration parameter
* xhtml_converter_enabled is enabled. If xhtml_converter_aggreesive_mode_enabled is also enabled,
Index: class/data/captcha/captcha.class.php
===================================================================
--- class/data/captcha/captcha.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/data/captcha/captcha.class.php (.../lifetype-1.0.5) (working copy)
@@ -106,7 +106,7 @@
}
// Now chmod it so it can be deleted later by the user
- chmod($tempFile, 0666);
+ chmod($tempFile, 0644);
return( $tempFile );
}
Index: class/action/viewarticletrackbacksaction.class.php
===================================================================
--- class/action/viewarticletrackbacksaction.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/action/viewarticletrackbacksaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -7,6 +7,7 @@
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/articlecategories.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
define( "VIEW_TRACKBACKS_TEMPLATE", "posttrackbacks" );
@@ -30,11 +31,22 @@
function ViewArticleTrackbacksAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "articleId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "articleName", new StringValidator(), true );
+ $this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+ $this->registerFieldValidator( "userId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "userName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_article" ));
}
-
function validate()
{
+ if( !parent::validate())
+ return false;
+
$this->_articleId = $this->_request->getValue( "articleId" );
$this->_articleName = $this->_request->getValue( "articleName" );
$this->_categoryId = $this->_request->getValue( "postCategoryId", -1 );
Index: class/action/rssaction.class.php
===================================================================
--- class/action/rssaction.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/action/rssaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -6,6 +6,8 @@
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/locale/locale.class.php" );
include_once( PLOG_CLASS_PATH."class/locale/locales.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
/**
* \ingroup Action
@@ -23,6 +25,14 @@
function RssAction( $blogInfo, $request )
{
$this->BlogAction( $blogInfo, $request );
+
+ $this->registerFieldValidator( "categoryId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "profile", new StringValidator(), true );
+
+ // generate a dummy view with nothing in it to signal an error
+ $view = new RssView( $this->_blogInfo, DEFAULT_PROFILE );
+ $view->setValue( "articles", Array());
+ $this->setValidationErrorView( $view );
}
/**
Index: class/action/viewalbumaction.class.php
===================================================================
--- class/action/viewalbumaction.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/action/viewalbumaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -7,6 +7,7 @@
include_once( PLOG_CLASS_PATH."class/gallery/dao/galleryresources.class.php" );
include_once( PLOG_CLASS_PATH."class/gallery/dao/galleryalbums.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
define( "VIEW_ALBUMS_TEMPLATE", "albums" );
define( "VIEW_ALBUM_TEMPLATE", "album" );
@@ -25,13 +26,21 @@
function ViewAlbumAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "albumId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "albumName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_album" ));
}
// checks that the articleId is valid
function validate()
{
+ if( !parent::validate())
+ return false;
+
$this->_albumId = $this->_request->getValue( "albumId", 0 );
- $this->_albumName = $this->_request->getValue( "albumName" );
+ $this->_albumName = $this->_request->getValue( "albumName" );
return true;
}
@@ -41,7 +50,7 @@
$galleryResources = new GalleryResources();
$galleryAlbums = new GalleryAlbums();
- $browseRootAlbum = ( $this->_albumId == 0 && $this->_albumName == "" );
+ $browseRootAlbum = ( $this->_albumId == 0 && $this->_albumName == "" );
// check which template we should use
if( $browseRootAlbum )
Index: class/action/viewarticleaction.class.php
===================================================================
--- class/action/viewarticleaction.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/action/viewarticleaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -10,6 +10,8 @@
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/view/viewarticleview.class.php" );
include_once( PLOG_CLASS_PATH.'class/data/timestamp.class.php' );
+ include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
/**
* \ingroup Action
@@ -33,14 +35,25 @@
function ViewArticleAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "articleId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "articleName", new StringValidator(), true );
+ $this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+ $this->registerFieldValidator( "userId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "userName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_article" ));
}
// checks that the articleId is valid
function validate()
{
+ if( !parent::validate())
+ return( false );
+
$this->_articleId = $this->_request->getValue( "articleId" );
$this->_articleName = $this->_request->getValue( "articleName" );
-
// find some other additional parameters and use some 'null' values
// in casuse they're empty
$this->_categoryId = $this->_request->getValue( "postCategoryId", -1 );
@@ -49,7 +62,7 @@
$this->_userName = $this->_request->getValue( "userName" );
$this->_date = $this->_request->getValue( "Date", -1 );
$this->_isCommentAdded = ($this->_request->getValue( "op" ) == "AddComment" );
-
+
// Caculate the correct article date period
$adjustedDates = $this->_getCorrectedDatePeriod( $this->_date );
$this->_date = $adjustedDates["adjustedDate"];
Index: class/action/resourceserveraction.class.php
===================================================================
--- class/action/resourceserveraction.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/action/resourceserveraction.class.php (.../lifetype-1.0.5) (working copy)
@@ -9,6 +9,8 @@
include_once( PLOG_CLASS_PATH."class/net/url.class.php" );
include_once( PLOG_CLASS_PATH."class/security/pipeline.class.php" );
include_once( PLOG_CLASS_PATH."class/plugin/pluginmanager.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
/**
* \ingroup Action
@@ -32,6 +34,23 @@
$this->_session = $session['SessionInfo'];
$this->_config =& Config::getConfig();
+
+ $this->registerFieldValidator( "resource", new StringValidator(), true );
+ $this->registerFieldValidator( "resId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "albumId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "albumName", new StringValidator(), true );
+ $this->registerFieldValidator( "blogId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "blogName", new StringValidator(), true );
+ $this->registerFieldValidator( "userId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "blogUserName", new StringValidator(), true );
+
+ // since this class does not return HTML code but files, we cannot
+ // return HTML so let's return 404 status code with a custom error message
+ $view = new ResourceServerView();
+ $view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
+ $view->addHeaderResponse( "Status: 404 Not Found" );
+ $view->addHeaderResponse( "X-LifeType-Error: Invalid parameters" );
+ $this->setValidationErrorView( $view );
}
/**
@@ -100,6 +119,9 @@
function validate()
{
+ if( !parent::validate())
+ return false;
+
// before we do anything, let's find out the blogId and if there isn't any, quit
$this->_getBlogInfo();
if( $this->_blogInfo == false ) {
@@ -107,7 +129,7 @@
$this->_view = new ResourceServerView();
$this->_view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
$this->_view->addHeaderResponse( "Status: 404 Not Found" );
- $this->_view->addHeaderResponse( "X-pLog-Error: Blog $resId is not correct" );
+ $this->_view->addHeaderResponse( "X-LifeType-Error: Blog $resId is not correct" );
return false;
}
@@ -129,7 +151,7 @@
$this->_view = new ResourceServerView();
$this->_view->addHeaderResponse( "HTTP/1.1 403 Forbidden" );
$this->_view->addHeaderResponse( "Status: 403 Forbidden" );
- $this->_view->addHeaderResponse( "X-pLog-Error: Access is blocked" );
+ $this->_view->addHeaderResponse( "X-LifeType-Error: Access is blocked" );
return false;
}
@@ -151,7 +173,7 @@
$this->_view = new ResourceServerView();
$this->_view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
$this->_view->addHeaderResponse( "Status: 404 Not Found" );
- $this->_view->addHeaderResponse( "X-pLog-Error: Album $albumId not found" );
+ $this->_view->addHeaderResponse( "X-LifeType-Error: Album $albumId not found" );
return false;
}
$this->_albumId = $album->getId();
@@ -198,7 +220,7 @@
$this->_view = new ResourceServerView();
$this->_view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
$this->_view->addHeaderResponse( "Status: 404 Not Found" );
- $this->_view->addHeaderResponse( "X-pLog-Error: Resource $this->_resId not found" );
+ $this->_view->addHeaderResponse( "X-LifeType-Error: Resource $this->_resId not found" );
return false;
}
Index: class/action/admin/adminaddblogaction.class.php
===================================================================
--- class/action/admin/adminaddblogaction.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/action/admin/adminaddblogaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -63,12 +63,14 @@
return false;
}
+ // Get the defaul locale object
+ $config =& Config::getConfig();
+ $locale =& Locales::getLocale( $config->getValue( "default_locale" ));
+
// add a default category and a default post
$articleCategories = new ArticleCategories();
- $articleCategory = new ArticleCategory( "General", "", $newBlogId, true );
+ $articleCategory = new ArticleCategory( $locale->tr( "register_default_category" ), "", $newBlogId, true );
$catId = $articleCategories->addArticleCategory( $articleCategory );
- $config =& Config::getConfig();
- $locale =& Locales::getLocale( $config->getValue( "default_locale" ));
$articleTopic = $locale->tr( "register_default_article_topic" );
$articleText = $locale->tr( "register_default_article_text" );
$article = new Article( $articleTopic,
Index: class/action/admin/adminupdateblogsettingsaction.class.php
===================================================================
--- class/action/admin/adminupdateblogsettingsaction.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/action/admin/adminupdateblogsettingsaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -2,6 +2,7 @@
include_once( PLOG_CLASS_PATH."class/action/admin/blogowneradminaction.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/blogs.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/domainvalidator.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
include_once( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
@@ -31,6 +32,8 @@
$this->registerFieldValidator( "blogName", new StringValidator());
$this->registerFieldValidator( "blogLocale", new StringValidator());
$this->registerFieldValidator( "blogTemplate", new StringValidator());
+ $this->registerFieldValidator( "blogSubDomain", new DomainValidator());
+ $this->registerFieldValidator( "blogMainDomain", new DomainValidator());
$this->registerField( "blogAbout" );
$this->registerField( "blogShowMoreEnabled" );
$this->registerField( "blogEnableHtmlarea" );
@@ -53,6 +56,7 @@
*/
function perform()
{
+ $config =& Config::getConfig();
// fetch the settings from the db and update them accordingly
$blogs = new Blogs();
$blogSettings = $blogs->getBlogSettings( $this->_blogInfo->getId());
@@ -69,6 +73,66 @@
$blogSettings->setValue( "show_future_posts_in_calendar", Textfilter::checkboxToBoolean($this->_request->getValue( "blogShowFuturePosts" )));
$blogSettings->setValue( "new_drafts_autosave_enabled", Textfilter::checkboxToBoolean($this->_request->getValue( "blogEnableAutosaveDrafts" )));
$blogSettings->setValue( "comments_order", $this->_request->getValue( "blogCommentsOrder" ));
+
+ // check to see whether we are going to save subdomain information
+ $blog_domains_enabled =
+ ($config->getValue("subdomains_enabled", 0) &&
+ (strpos($config->getValue("subdomains_base_url", ""),
+ "{blogdomain}") !== FALSE));
+
+ if($blog_domains_enabled){
+ // Translate a few characters to valid names, and remove the rest
+ $mainDomain = Textfilter::domainize($this->_request->getValue( "blogMainDomain" ));
+ if(!$mainDomain)
+ $mainDomain = "?";
+ $subDomain = Textfilter::domainize($this->_request->getValue( "blogSubDomain" ));
+
+ // get list of allowed domains
+ $available_domains = $config->getValue("subdomains_available_domains", "");
+ if($available_domains){
+ $available_domains = explode(" ", $available_domains);
+ }
+
+ // make sure the mainDomain parameter is one of the blogAvailableDomains
+ $found = FALSE;
+ foreach($available_domains as $avdomain){
+ // search to see if domain suffix is on
+ // the available_domain list.
+ if(strcmp($mainDomain, $avdomain) == 0){
+ $found = TRUE;
+ break;
+ }
+ }
+ if(!$found){
+ $this->_view = new AdminBlogSettingsView( $this->_blogInfo );
+ $this->_view->setErrorMessage( $this->_locale->tr("error_updating_blog_domain"));
+ $this->setCommonData();
+ return false;
+ }
+
+ // Use forbidden_usernames for domains as well, since they are related
+ // in that we don't want people to register www.xyz or forums.xyz
+ // through these subdomains either
+ $forbiddenSubdomainNames = $config->getValue( "forbidden_usernames", "" );
+ $forbiddenSubdomainNamesArray = explode( " ", $forbiddenSubdomainNames );
+ foreach( $forbiddenSubdomainNamesArray as $filteredWord ) {
+ if( strcasecmp( $subDomain, $filteredWord ) == 0 ){
+ $this->_view = new AdminBlogSettingsView( $this->_blogInfo );
+ $this->_view->setErrorMessage( $this->_locale->tr("error_updating_blog_subdomain"));
+ $this->setCommonData();
+ return false;
+ }
+ }
+
+ if($mainDomain == "?"){
+ $blogSettings->setValue( "blog_domain", $subDomain);
+ }
+ else{
+ $blogSettings->setValue( "blog_domain", $subDomain . "." . $mainDomain);
+ }
+ }
+
+
$this->_blogInfo->setAbout( Textfilter::filterAllHTML($this->_request->getValue( "blogAbout" )));
$this->_blogInfo->setBlog( Textfilter::filterAllHTML($this->_request->getValue( "blogName" )));
$this->_blogInfo->setSettings( $blogSettings );
@@ -83,7 +147,7 @@
$this->notifyEvent( EVENT_PRE_BLOG_UPDATE, Array( "blog" => &$this->_blogInfo ));
if( !$blogs->updateBlog( $this->_blogInfo->getId(), $this->_blogInfo )) {
$this->_view = new AdminBlogSettingsView( $this->_blogInfo );
- $this->_view->setErrorMessage( $this->_locale->tr("error_updating_settings"));
+ $this->_view->setErrorMessage( $this->_locale->tr("error_updating_settingss"));
$this->setCommonData();
return false;
Index: class/action/viewresourceaction.class.php
===================================================================
--- class/action/viewresourceaction.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/action/viewresourceaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -4,6 +4,7 @@
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/gallery/dao/galleryresources.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
define( "VIEW_RESOURCE_TEMPLATE", "resource" );
@@ -24,11 +25,21 @@
function ViewResourceAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "resId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "resouce", new StringValidator(), true );
+ $this->registerFieldValidator( "albumId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "albumName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_resource" ));
}
// checks that the articleId is valid
function validate()
{
+ if( !parent::validate())
+ return false;
+
$this->_resourceId = $this->_request->getValue( "resId" );
$this->_resourceName = $this->_request->getValue( "resource" );
$this->_albumId = $this->_request->getValue( "albumId" );
Index: class/action/commentaction.class.php
===================================================================
--- class/action/commentaction.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/action/commentaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -27,6 +27,7 @@
// data validation
$this->registerFieldValidator( "articleId", new IntegerValidator());
+ $this->registerFieldValidator( "parentId", new IntegerValidator());
$this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_incorrect_article_id" ));
}
Index: class/action/defaultaction.class.php
===================================================================
--- class/action/defaultaction.class.php (.../lifetype-1.0.4) (revision 3422)
+++ class/action/defaultaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -6,6 +6,8 @@
include_once( PLOG_CLASS_PATH."class/dao/blogs.class.php" );
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/plugin/pluginmanager.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
/**
* \ingroup Action
@@ -27,14 +29,24 @@
function DefaultAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+ $this->registerFieldValidator( "userId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "userName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_articles" ));
}
function validate()
{
+ if( !parent::validate())
+ return false;
+
// value of the Date parameter from the request
$this->_date = $this->_request->getValue( "Date", -1 );
- $this->_categoryName = $this->_request->getValue( 'postCategoryName' );
+ $this->_categoryName = $this->_request->getValue( 'postCategoryName' );
$this->_categoryId = $this->_request->getValue( 'postCategoryId' );
if( $this->_categoryId == '' )
if( $this->_date == -1 )
Index: class/action/blogaction.class.php
===================================================================
--- class/action/blogaction.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/action/blogaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -138,7 +138,11 @@
$config =& Config::getConfig();
if( $config->getValue( "subdomains_enabled" )) {
$subdomainInfo = Subdomains::getSubdomainInfoFromRequest();
-
+ if( $subdomainInfo["blogdomain"] != ""
+ && $this->_request->getValue( 'blogDomain' ) == "" )
+ {
+ $this->_request->setValue( 'blogDomain', $subdomainInfo["blogdomain"] );
+ }
if( $subdomainInfo["username"] != "" && $this->_request->getValue( 'blogUserName' ) == "" )
$this->_request->setValue( 'blogUserName', $subdomainInfo["username"] );
if( $subdomainInfo["blogname"] != "" && $this->_request->getValue( 'blogName' ) == "" )
@@ -149,10 +153,11 @@
$blogName = $this->_request->getValue( 'blogName' );
$userId = $this->_request->getValue( 'userId' );
$userName = $this->_request->getValue( 'blogUserName' );
-
+ $blogDomain = $this->_request->getValue( 'blogDomain' );
+
// if there is a "blogId" parameter, it takes precedence over the
// "user" parameter.
- if( !$blogId && !$blogName ) {
+ if( !$blogId && !$blogName && !blogDomain) {
// check if there was a user parameter
if( !empty($userName) ) {
// if so, check to which blogs the user belongs
@@ -173,7 +178,7 @@
}
}
else {
- // if there is no user parameter, we take the blogId from the session
+ // if there is no user parameter, we take the blogId from the session
if( $this->_session->getValue('blogId') != '' ) {
$blogId = $this->_session->getValue('blogId');
}
@@ -188,8 +193,10 @@
$blogs = new Blogs();
if( $blogId )
$this->_blogInfo = $blogs->getBlogInfo( $blogId );
+ else if($blogName)
+ $this->_blogInfo = $blogs->getBlogInfoByName( $blogName );
else
- $this->_blogInfo = $blogs->getBlogInfoByName( $blogName );
+ $this->_blogInfo = $blogs->getBlogInfoByDomain( $blogDomain );
// security checks...
if( $this->_blogInfo == false ) {
@@ -197,7 +204,7 @@
die;
}
- // non-active blogs shoulnd't be shown either!
+ // non-active blogs shouldn't be shown either!
if( $this->_blogInfo->getStatus() != BLOG_STATUS_ACTIVE ) {
print( 'ERROR: The blog does not exist.' );
die;
Index: class/net/baserequestgenerator.class.php
===================================================================
--- class/net/baserequestgenerator.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/net/baserequestgenerator.class.php (.../lifetype-1.0.5) (working copy)
@@ -81,6 +81,7 @@
$this->_subdomainsBaseUrl = str_replace( "{blogname}", $blogInfo->getMangledBlog(), $this->_subdomainsBaseUrl );
$ownerInfo = $blogInfo->getOwnerInfo();
$this->_subdomainsBaseUrl = str_replace( "{username}", Textfilter::urlize($ownerInfo->getUsername()), $this->_subdomainsBaseUrl );
+ $this->_subdomainsBaseUrl = str_replace( "{blogdomain}", $blogInfo->getValue("blog_domain"), $this->_subdomainsBaseUrl );
}
$this->_scriptName = $config->getValue( "script_name", DEFAULT_SCRIPT_NAME );
Index: class/net/rawrequestgenerator.class.php
===================================================================
--- class/net/rawrequestgenerator.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/net/rawrequestgenerator.class.php (.../lifetype-1.0.5) (working copy)
@@ -243,7 +243,7 @@
if( $profile != "" )
$this->addParameter( "profile", $profile );
- $rssLink = $this->getRssUrl().$this->getRequest();
+ $rssLink = $this->getRssUrl().$this->getRequest(false);
return $rssLink;
}
Index: class/net/linkparser.class.php
===================================================================
--- class/net/linkparser.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/net/linkparser.class.php (.../lifetype-1.0.5) (working copy)
@@ -11,6 +11,7 @@
'{blogname}' => '([_0-9a-zA-Z-]+)?',
'{blogid}' => '([0-9]+)?',
'{blogowner}' => '([_0-9a-zA-Z-]+)?',
+ '{blogdomain}' => '([0-9a-zA-Z-.]+)?',
'{op}' => '([_0-9a-z-]+)?',
'{year}' => '([0-9]{4})?',
'{month}' => '([0-9]{2})?',
Index: class/summary/dao/summarystats.class.php
===================================================================
--- class/summary/dao/summarystats.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/summary/dao/summarystats.class.php (.../lifetype-1.0.5) (working copy)
@@ -115,7 +115,7 @@
FROM {$prefix}articles a, {$prefix}blogs b
WHERE a.status = ".POST_STATUS_PUBLISHED."
AND a.blog_id = b.id AND b.status = ".BLOG_STATUS_ACTIVE."
- AND a.date <= ".$this->_now." AND a.date > ".$this->_sevenDaysAgo;
+ AND a.date <= ".$this->_now;
$query .= " ORDER BY a.num_reads DESC ";
@@ -271,7 +271,7 @@
a.num_reads, a.slug
FROM {$prefix}articles a,
{$prefix}blogs b
- WHERE a.date >= ".$this->_sevenDaysAgo." AND a.date <= ".$this->_now."
+ WHERE a.date <= ".$this->_now."
AND a.blog_id = b.id
AND b.status = ".BLOG_STATUS_ACTIVE."
AND a.status = ".POST_STATUS_PUBLISHED;
Index: class/summary/view/doblogregistrationview.class.php
===================================================================
--- class/summary/view/doblogregistrationview.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/summary/view/doblogregistrationview.class.php (.../lifetype-1.0.5) (working copy)
@@ -16,11 +16,24 @@
function render()
{
- // get the list of languages available, so that users can choose
+ $config =& Config::getConfig();
+ $blog_domains_enabled =
+ ($config->getValue("subdomains_enabled", 0) &&
+ (strpos($config->getValue("subdomains_base_url", ""),
+ "{blogdomain}") !== FALSE));
+ if($blog_domains_enabled){
+ $available_domains = $config->getValue("subdomains_available_domains", "");
+ if($available_domains){
+ $available_domains = explode(" ", $available_domains);
+ }
+ $this->setValue( "blogAvailableDomains", $available_domains);
+ $this->setValue( "blogDomainsEnabled", 1);
+ }
+
+ // get the list of languages available, so that users can choose
$locales = Locales::getLocales();
$this->setValue( "locales", $locales );
- $config =& Config::getConfig();
// assign default Local to template
$this->setValue( "defaultLocale", $config->getValue("default_locale" ) );
Index: class/summary/action/doblogregistration.class.php
===================================================================
--- class/summary/action/doblogregistration.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/summary/action/doblogregistration.class.php (.../lifetype-1.0.5) (working copy)
@@ -3,6 +3,7 @@
include_once( PLOG_CLASS_PATH."class/summary/action/registeraction.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/domainvalidator.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/articlecategories.class.php" );
include_once( PLOG_CLASS_PATH."class/summary/view/doblogregistrationview.class.php" );
include_once( PLOG_CLASS_PATH."class/summary/view/blogtemplatechooserview.class.php" );
@@ -21,6 +22,8 @@
// data validation
//$this->registerFieldValidator( "userId", new IntegerValidator());
$this->registerFieldValidator( "blogName", new StringValidator());
+ $this->registerFieldValidator( "blogSubDomain", new DomainValidator());
+ $this->registerFieldValidator( "blogMainDomain", new DomainValidator());
$this->registerFieldValidator( "blogLocale", new StringValidator());
$view = new doBlogRegistrationView();
$view->setErrorMessage( $this->_locale->tr("register_error_creating_blog"));
@@ -29,10 +32,67 @@
function perform()
{
- // validated values
- $tf = new Textfilter();
-
- // create the new view and clean the cache
+ $config =& Config::getConfig();
+
+ // check to see whether we are going to save subdomain information
+ $blog_domains_enabled =
+ ($config->getValue("subdomains_enabled", 0) &&
+ (strpos($config->getValue("subdomains_base_url", ""),
+ "{blogdomain}") !== FALSE));
+
+ if($blog_domains_enabled){
+ // Translate a few characters to valid names, and remove the rest
+ $mainDomain = Textfilter::domainize($this->_request->getValue( "blogMainDomain" ));
+ if(!$mainDomain)
+ $mainDomain = "?";
+ $subDomain = Textfilter::domainize($this->_request->getValue( "blogSubDomain" ));
+
+ // get list of allowed domains
+ $available_domains = $config->getValue("subdomains_available_domains", "");
+ if($available_domains){
+ $available_domains = explode(" ", $available_domains);
+ }
+
+ // make sure the mainDomain parameter is one of the blogAvailableDomains
+ $found = FALSE;
+ foreach($available_domains as $avdomain){
+ // search to see if domain suffix is on
+ // the available_domain list.
+ if(strcmp($mainDomain, $avdomain) == 0){
+ $found = TRUE;
+ break;
+ }
+ }
+ if(!$found){
+ $this->_view = new doBlogRegistrationView();
+ $this->_view->setErrorMessage( $this->_locale->tr("error_updating_blog_domain"));
+ $this->setCommonData();
+ return false;
+ }
+
+ // Use forbidden_usernames for domains as well, since they are related
+ // in that we don't want people to register www.xyz or forums.xyz
+ // through these subdomains either
+ $forbiddenSubdomainNames = $config->getValue( "forbidden_usernames", "" );
+ $forbiddenSubdomainNamesArray = explode( " ", $forbiddenSubdomainNames );
+ foreach( $forbiddenSubdomainNamesArray as $filteredWord ) {
+ if( strcasecmp( $subDomain, $filteredWord ) == 0 ){
+ $this->_view = new doBlogRegistrationView();
+ $this->_view->setErrorMessage( $this->_locale->tr("error_updating_blog_subdomain"));
+ $this->setCommonData();
+ return false;
+ }
+ }
+
+ if($mainDomain == "?"){
+ $this->blogDomain = $subDomain;
+ }
+ else{
+ $this->blogDomain = $subDomain . "." . $mainDomain;
+ }
+ }
+
+ // create the new view and clean the cache
$this->_view = new BlogTemplateChooserView();
$this->setValues();
$this->setCommonData();
Index: class/summary/action/dofinishregister.class.php
===================================================================
--- class/summary/action/dofinishregister.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/summary/action/dofinishregister.class.php (.../lifetype-1.0.5) (working copy)
@@ -93,6 +93,7 @@
*/
function createBlog($userId){
$this->blogName = stripslashes($this->_request->getValue("blogName"));
+ $this->blogDomain = stripslashes($this->_request->getValue("blogDomain"));
$this->blogLocale = $this->_request->getValue("blogLocale");
$this->templateId = $this->_request->getValue("templateId");
@@ -109,6 +110,7 @@
$locale = Locales::getLocale( $this->blogLocale );
$blogInfo->setLocale( $locale );
$blogInfo->setTemplate( $this->templateId );
+ $blogInfo->setValue( "blog_domain", $this->blogDomain );
$newblogId = $blogs->addBlog( $blogInfo );
if( !$newblogId ) {
Index: class/summary/action/chooseblogtemplateaction.class.php
===================================================================
--- class/summary/action/chooseblogtemplateaction.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/summary/action/chooseblogtemplateaction.class.php (.../lifetype-1.0.5) (working copy)
@@ -28,7 +28,7 @@
function perform()
{
- // get the data from the request, as it's already been validated
+ // get the data from the request, as it's already been validated
$this->templateId = $this->_request->getValue( "templateId" );
$this->blogName = $this->_request->getValue( "blogName" );
$this->blogLocale = $this->_request->getValue( "blogLocale" );
Index: class/summary/action/registeraction.class.php
===================================================================
--- class/summary/action/registeraction.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/summary/action/registeraction.class.php (.../lifetype-1.0.5) (working copy)
@@ -17,6 +17,7 @@
var $userFullName;
var $userEmail;
var $blogName;
+ var $blogDomain;
var $blogLocale;
var $templateId;
//}}}
@@ -28,6 +29,7 @@
$tf = new Textfilter();
$this->blogName = $tf->filterAllHTML( $this->_request->getValue( "blogName" ));
+ $this->blogDomain = $tf->filterAllHTML( $this->_request->getValue( "blogDomain" ));
$this->blogLocale = $this->_request->getValue( "blogLocale" );
$this->userName = $tf->filterAllHTML($this->_request->getValue( "userName" ));
$this->userPassword = $tf->filterAllHTML($this->_request->getValue( "userPassword" ));
@@ -52,6 +54,7 @@
$this->_view->setValue( "userPassword", $this->userPassword );
$this->_view->setValue( "userEmail", $this->userEmail );
$this->_view->setValue( "blogName", $this->blogName );
+ $this->_view->setValue( "blogDomain", $this->blogDomain );
$this->_view->setValue( "blogLocale", $this->blogLocale );
$this->_view->setValue( "templateId", $this->templateId );
}
Index: class/gallery/dao/galleryresources.class.php
===================================================================
--- class/gallery/dao/galleryresources.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/gallery/dao/galleryresources.class.php (.../lifetype-1.0.5) (working copy)
@@ -92,7 +92,10 @@
*/
function getResource( $resourceId, $ownerId = -1, $albumId = -1 )
{
- $query = "SELECT id, owner_id, album_id, description,
+ if(!$resourceId)
+ return false;
+
+ $query = "SELECT id, owner_id, album_id, description,
date, flags, resource_type, file_path, file_name,
metadata, thumbnail_format
FROM ".$this->getPrefix()."gallery_resources
Index: class/locale/locale.class.php
===================================================================
--- class/locale/locale.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/locale/locale.class.php (.../lifetype-1.0.5) (working copy)
@@ -336,15 +336,27 @@
*/
function firstDayOfWeek()
{
- switch($this->getCountryId()) {
- case "US":
- case "AU":
- case "IE":
- case "UK": $day = 0; break;
- default: $day = 1; break;
+ // load the file if it hadn't been loaded yet
+ if( !is_array($this->_messages))
+ $this->_loadLocaleFile();
+
+ switch($this->_messages['days'][0]){
+ case $this->_messages['Saturday']:
+ return 6;
+ case $this->_messages['Friday']:
+ return 5;
+ case $this->_messages['Thursday']:
+ return 4;
+ case $this->_messages['Wednesday']:
+ return 3;
+ case $this->_messages['Tuesday']:
+ return 2;
+ case $this->_messages['Sunday']:
+ return 0;
+ case $this->_messages['Monday']:
+ default:
+ return 1;
}
-
- return $day;
}
/**
Index: class/dao/blogs.class.php
===================================================================
--- class/dao/blogs.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/dao/blogs.class.php (.../lifetype-1.0.5) (working copy)
@@ -43,11 +43,31 @@
*/
function getBlogInfoByName( $blogName, $extendedInfo = false )
{
- $query = "SELECT * FROM ".$this->getPrefix()."blogs WHERE mangled_blog = '".Db::qstr($blogName)."';";
+ $query = "SELECT * FROM ".$this->getPrefix()."blogs WHERE mangled_blog = '".Db::qstr($blogName)."'";
+ return $this->_getBlogInfoFromQuery( $query, $extendedInfo );
+ }
- //$this->_db->debug=true;
+ function getBlogInfoByDomain( $blogDomain, $extendedInfo = false )
+ {
+ $query = "SELECT id, settings FROM ".$this->getPrefix()."blogs";
+ $result = $this->Execute( $query );
+ if( !$result )
+ return false;
+ if( $result->RecordCount() == 0 )
+ return false;
- return $this->_getBlogInfoFromQuery( $query, $extendedInfo );
+ while($row = $result->FetchRow( $result )){
+ $blogSettings = $this->getBlogSettingsFromField( $row["settings"] );
+ if($blogSettings && $blogSettings->getValue("blog_domain") == $blogDomain){
+ $blogId = $row["id"];
+ break;
+ }
+ }
+ $result->Close();
+ if(!isset($blogId))
+ return false;
+
+ return $this->getBlogInfo( $blogId, $extendedInfo );
}
/**
Index: class/view/admin/adminblogsettingsview.class.php
===================================================================
--- class/view/admin/adminblogsettingsview.class.php (.../lifetype-1.0.4) (revision 3567)
+++ class/view/admin/adminblogsettingsview.class.php (.../lifetype-1.0.5) (working copy)
@@ -16,6 +16,7 @@
function AdminBlogSettingsView( $blogInfo )
{
$this->AdminTemplatedView( $blogInfo, "blogsettings" );
+ $config =& Config::getConfig();
$blogs = new Blogs();
$blogSettings = $blogs->getBlogSettings( $this->_blogInfo->getId());
@@ -34,8 +35,45 @@
$this->setValue( "blogShowFuturePosts", $blogSettings->getValue( "show_future_posts_in_calendar" ));
$this->setValue( "blogEnableAutosaveDrafts", $blogSettings->getValue( "new_drafts_autosave_enabled" ));
$this->setValue( "blogCommentsOrder", $blogSettings->getValue( "comments_order" ));
- }
-
+
+ // only do blog_domain stuff if subdomains are enabled
+ // Don't waste time here, as well as be less confusing by
+ // not showing the option to users who can't use it
+ $blog_domains_enabled =
+ ($config->getValue("subdomains_enabled", 0) &&
+ (strpos($config->getValue("subdomains_base_url", ""),
+ "{blogdomain}") !== FALSE));
+ if($blog_domains_enabled){
+ $domain = $blogSettings->getValue( "blog_domain" );
+
+ $available_domains = $config->getValue("subdomains_available_domains", "");
+ if($available_domains){
+ $available_domains = explode(" ", $available_domains);
+ }
+
+ // default to any domain, this will be overwritten
+ // if the domain is found in the available_domains array
+ $subdomain = $domain;
+ $maindomain = "?";
+
+ foreach($available_domains as $avdomain){
+ // search to see if domain suffix is on
+ // the available_domain list.
+ $found = strpos($domain, $avdomain);
+ if($found !== FALSE && $found == (strlen($domain) - strlen($avdomain))){
+ $subdomain = substr($domain, 0, $found-1);
+ $maindomain = $avdomain;
+ break;
+ }
+ }
+
+ $this->setValue( "blogSubDomain", $subdomain );
+ $this->setValue( "blogMainDomain", $maindomain );
+ $this->setValue( "blogAvailableDomains", $available_domains);
+ $this->setValue( "blogDomainsEnabled", 1);
+ }
+ }
+
function render()
{
$this->setValue( "blogsettings", $this->_blogInfo->getSettings());
Index: locale/locale_en_UK.php
===================================================================
--- locale/locale_en_UK.php (.../lifetype-1.0.4) (revision 3567)
+++ locale/locale_en_UK.php (.../lifetype-1.0.5) (working copy)
@@ -689,7 +689,7 @@
$messages['help_temp_folder'] = 'Folder that LifeType can use to write its temporary data such as compiled templates, etc. Use a folder outside the web server tree for increased security [Default = ./tmp]';
$messages['help_base_url'] = 'Base URL where this blog is installed';
$messages['help_subdomains_enabled'] = 'Enable or disable subdomains. Please see the documentation for more information regarding subdomains [Default = No]';
-$messages['help_subdomains_base_url'] = 'When subdomains are enabled, this base URL is used instead of base_url. Use {blogname} to get the blog name and {username} to get the name of the user owner of the blog in order to generate a link to a blog. (i.e. http://{blogname}.yourdomain.com)';
+$messages['help_subdomains_base_url'] = 'When subdomains are enabled, this base URL is used instead of base_url. Use {blogname} to get the blog name, {username} to get the name of the user owner of the blog and {blogdomain} to allow the user to specify any subdomain in order to generate a link to a blog. (e.g.. http://{blogname}.yourdomain.com)';
$messages['help_include_blog_id_in_url'] = 'Meaningful only when subdomains are enabled and "normal" URLs are enabled, forces internally-generated URLs not to have the "blogId" parameter. Do not change unless you know what you are doing [Default = Yes]';
$messages['help_script_name'] = 'Set this if you need to rename index.php to something else [Default = index.php]';
$messages['help_show_posts_max'] = 'Maximum number of posts shown in the main page. Only meaningful for new blogs [Default = 15]';
@@ -910,4 +910,14 @@
$messages['xmlrpc_ping_ok'] = 'XMLRPC Ping sent successfully: ';
$messages['error_sending_xmlrpc_ping'] = 'There was an error sending the XMLRPC ping to: ';
$messages['error_sending_xmlrpc_ping_message'] = 'There was an error sending the XMLRPC ping: ';
+
+$messages['domain'] = 'Blog Domain';
+$messages['register_blog_domain_help'] = 'Pick a domain from the list and enter the desired subdomain for your blog.';
+$messages['help_subdomains_available_domains'] = 'Enter a space delimited set of main domains allowed. The user will be presented with a dropdown list of these values, and can add any subdomain he wants. This is only used if you enabled subdomains and used {blogdomain} in the subdomain_base_url above. Use a \'?\' if you want to allow any domain.';
+$messages['subdomains_any_domain'] = '<- Multi-domain enabled. Type in the full domain.';
+
+$messages['error_invalid_auth_code'] = 'You mistyped or misread the numbers in the image. Please try again.';
+$messages['error_incorrect_auth_img'] = 'You mistyped or misread the numbers in the image. Please try again.';
+$messages['auth_img'] = 'Spam Blocker Image';
+$messages['auth_img_help'] = 'Please copy the numbers from the image into the box below. This helps to ensure that you are a human and not a spammer.';
?>
Index: .htaccess
===================================================================
--- .htaccess (.../lifetype-1.0.4) (revision 3567)
+++ .htaccess (.../lifetype-1.0.5) (working copy)
@@ -6,62 +6,6 @@
deny from all
</Files>
-Options -Indexes
-Options +FollowSymLinks
-
-<IfModule mod_rewrite.c>
-RewriteEngine On
-RewriteBase /plog/
-
-# Permalink to the blog entry (i.e. /plog/1_userfoo/archive/3_title-foo-bar.html)
-RewriteRule ^([0-9]+)_[^/]+/archive/([0-9]+)_[^.]+\.html$ index.php?op=ViewArticle&blogId=$1&articleId=$2 [L,NC]
-
-# Monthly archive (i.e. /plog/1_userfoo/archive/200401.html)
-RewriteRule ^([0-9]+)_[^/]+/archive/([0-9]{6})\.html$ index.php?blogId=$1&Date=$2 [L,NC]
-
-# Daily archive (i.e. /plog/1_blogfoo/archive/20040101.html)
-RewriteRule ^([0-9]+)_[^/]+/archive/([0-9]{8})\.html$ index.php?blogId=$1&Date=$2 [L,NC]
-
-# Album (i.e. /plog/88_userfoo/albums/34_title-foo-bar.html)
-RewriteRule ^([0-9]+)_[^/]+/albums/([0-9]+)_[^.]+\.html$ index.php?op=ViewAlbum&blogId=$1&albumId=$2 [L,NC]
-
-# Albums (i.e. /plog/88_userfoo/albums/)
-RewriteRule ^([0-9]+)_[^/]+/albums/$ index.php?op=ViewAlbum&blogId=$1&albumId=0 [L,NC]
-
-# Category view (i.e. /plog/88_userfoo/categories/4_cat-foobar.html)
-RewriteRule ^([0-9]+)_[^/]+/categories/([0-9]+)_[^.]+\.html$ index.php?blogId=$1&postCategoryId=$2 [L,NC]
-
-# Category-Feeds (i.e. /plog/3_userfoo/feeds/categories/2_category/atom)
-RewriteRule ^([0-9]+)_[^/]+/feeds/categories/([0-9]+)_[^.]+/(.*)$ rss.php?blogId=$1&categoryId=$2&profile=$3 [L,NC]
-
-# Feeds (i.e. /plog/3_userfoo/feeds/atom)
-RewriteRule ^([0-9]+)_[^/]+/feeds/(.*)$ rss.php?blogId=$1&profile=$2 [L,NC]
-
-# Trackbacks (i.e. /plog/3_userfoo/trackbacks/34_title-foo-bar.html)
-RewriteRule ^([0-9]+)_[^/]+/trackbacks/([0-9]+)_[^.]+\.html$ index.php?op=Trackbacks&blogId=$1&articleId=$2 [L,NC]
-
-# Comment form (i.e. /plog/88_userfoo/comment/34_title-foo-bar.html)
-RewriteRule ^([0-9]+)_[^/]+/comment/([0-9]+)_[^.]+\.html$ index.php?op=Comment&blogId=$1&articleId=$2 [L,NC]
-
-# Resources (i.e. /plog/88_userfoo/resources/this-is-a-resource-name.pdf.html)
-RewriteRule ^([0-9]+)_[^/]+/resources/([^.]+)\.([^.]+)\.html$ index.php?op=ViewResource&blogId=$1&resource=$2.$3 [L,NC]
-
-# Download a resource (i.e. /plog/88_userfoo/get/this-is-a-resource-name.pdf)
-RewriteRule ^([0-9]+)_[^/]+/get/(.+)$ resserver.php?blogId=$1&resource=$2 [L,NC]
-
-# Static Pages (i.e /plog/3_userfoo/demosites)
-RewriteRule ^([0-9]+)_[^/]+/(.+)$ index.php?op=Template&blogId=$1&show=$2 [NC]
-
-# A non-default blog (i.e. /plog/88_userfoo)
-RewriteRule ^([0-9]+)(_[^/]+)?$ index.php?blogId=$1 [L,NC]
-
-# Daily archive (i.e. /plog/1_userfoo/archive/20040101.html)
-RewriteRule ^([0-9]+)_[^/]+/archive/([0-9]{8})\.html$ index.php?blogId=$1&Date=$2 [L,NC]
-
-</IfModule>
-
-
-
<Files post>
ForceType application/x-httpd-php
</Files>
@@ -110,9 +54,9 @@
ForceType application/x-httpd-php
</Files>
-ErrorDocument 401 /plog/error.php
-ErrorDocument 403 /plog/error.php
-ErrorDocument 404 /plog/error.php
+ErrorDocument 401 /error.php
+ErrorDocument 403 /error.php
+ErrorDocument 404 /error.php
Index: tmp/.htaccess
===================================================================
--- tmp/.htaccess (.../lifetype-1.0.4) (revision 3567)
+++ tmp/.htaccess (.../lifetype-1.0.5) (working copy)
@@ -3,3 +3,6 @@
Deny from all
</Files>
+<Files "*.gif">
+ Allow from all
+</Files>
Index: config/config.properties.php
===================================================================
--- config/config.properties.php (.../lifetype-1.0.4) (revision 3567)
+++ config/config.properties.php (.../lifetype-1.0.5) (working copy)
@@ -2,33 +2,16 @@
#
# database settings
#
-# Installation instructions:
-# NEW INSTALL
-# Leave these values blank,
-# and go to the URL where you installed pLog
-# and look at /wizard.php and type the appropriate
-# values in there.
+$config["db_host"] = "localhost";
+$config["db_username"] = "lifetype";
+$config["db_password"] = "RucAug6ovom";
+$config["db_database"] = "lifetype";
#
-# This file needs to be writable
-# by whatever user your php scripts run as.
-# The easiest thing to do is to make this file
-# writable by everyone, and then after the wizard
-# completes, remove write privileges from everyone
-# except yourself.
+# the database prefix will be appended to the name of each database tables in case you want
+# to have more than one version of plog running at the same time, such as the stable and
+# unstable one for testing. Each one could use a different prefix and therefore they could
+# coexist in the same unique database. If you change this after the initial configuration done
+# with the installation wizard, please make sure that you also rename the tables.
#
-# UPGRADE
-# remove all files from your old plog directory
-# (back them up somewhere, also backup your current
-# database)
-# Upload new pLog files into the same directory,
-# and then copy your old config.properties.php
-# over this file, and then run the wizard.
-# (note, if upgrading between minor releases:
-# 1.0 to 1.0.1, etc. you shouldn't run the wizard)
-
-$config["db_host"] = "";
-$config["db_username"] = "";
-$config["db_password"] = "";
-$config["db_database"] = "";
$config["db_prefix"] = "";
?>
\ No newline at end of file
More information about the pLog-svn
mailing list