[pLog-svn] r6551 - plog/branches/lifetype-1.2/class/action/admin
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Sat Jun 14 15:29:12 EDT 2008
Author: jondaley
Date: 2008-06-14 15:29:12 -0400 (Sat, 14 Jun 2008)
New Revision: 6551
Modified:
plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleajaxaction.class.php
Log:
initial validation during save drafts. removed old disable_javascript_calendar - this isn't used anywhere else, so I don't think it should only be here. noted probably permission bypass using the save draft feature. moved parent to be adminpostmanagementcommon, that helps out for a bunch of the validation. this class previously didn't do any validation on most of the inputs, nor checked permissions. There is more to do here before this can be called done.
Modified: plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleajaxaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleajaxaction.class.php 2008-06-14 19:26:24 UTC (rev 6550)
+++ plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleajaxaction.class.php 2008-06-14 19:29:12 UTC (rev 6551)
@@ -1,6 +1,6 @@
<?php
- lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/action/admin/adminpostmanagementcommonaction.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/adminxmlview.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/timestamp.class.php");
lt_include( PLOG_CLASS_PATH."class/dao/articles.class.php" );
@@ -9,86 +9,30 @@
* \ingroup Action
* @private
*/
- class AdminSaveDraftArticleAjaxAction extends AdminAction
+ class AdminSaveDraftArticleAjaxAction extends AdminPostManagementCommonAction
{
-
- var $_postText;
- var $_postTopic;
-
function AdminSaveDraftArticleAjaxAction( $actionInfo, $request )
{
- $this->AdminAction( $actionInfo, $request );
- }
+ $this->AdminPostManagementCommonAction( $actionInfo, $request );
- // TODO: using old validate method. And, it doesn't actually do any validation??
- function validate()
- {
- $this->_postText = $this->_request->getValue( "postText" );
- $this->_postTopic = $this->_request->getValue( "postTopic" );
+ $view = new AdminXmlView( $this->_blogInfo, "response" );
+ $view->setValue( "method", "saveDraftArticleAjax" );
+ $view->setValue( "success", "0" );
+ $view->setValue( "message", $this->_locale->tr( "error_saving_draft" ) );
+ $this->setValidationErrorView( $view );
- // if there is no text, extended text or topic there is no point in saving anything
- if( $this->_postText == "" && $this->_postTopic == "" ) {
- // nothing to do yet, so let's quit
- $this->_view = new AdminXmlView( $this->_blogInfo, "response" );
- $this->_view->setValue( "method", "saveDraftArticleAjax" );
- $this->_view->setValue( "success", "0" );
- $this->_view->setValue( "message", $this->_locale->tr( "error_saving_draft" ) );
+ $this->requirePermission( "add_post" );
+ }
- return false;
- }
-
- $this->_postCategories = $this->_request->getValue( "postCategories" );
- $this->_postStatus = $this->_request->getValue( "postStatus" );
- $this->_postSlug = $this->_request->getValue( "postSlug" );
- $this->_sendNotification = $this->_request->getValue( "sendNotification" );
- $this->_sendTrackbacks = $this->_request->getValue( "sendTrackbacks" );
- $this->_sendPings = $this->_request->getValue( "sendPings" );
- $this->_postId = $this->_request->getValue( "postId" );
- $this->_commentsEnabled = $this->_request->getValue( "commentsEnabled" );
- if( $this->_commentsEnabled != 1 )
- $this->_commentsEnabled = false;
- else
- $this->_commentsEnabled = true;
-
- // fetch the custom fields
- $this->_customFields = $this->_request->getValue( "customField" );
-
- // fetch the timestamp that the post will have
- if( $this->_config->getValue( "disable_javascript_calendar")) {
- $this->_postDay = $this->_request->getValue( "postDay" );
- $this->_postMonth = $this->_request->getValue( "postMonth" );
- $this->_postHour = $this->_request->getValue( "postHour" );
- $this->_postMinutes = $this->_request->getValue( "postMinutes" );
- $this->_postYear = $this->_request->getValue( "postYear" );
- }
- else {
- $postDateTime = $this->_request->getValue( "postDateTime" );
- $dateTimeParts = explode(" ", $postDateTime);
- $dateParts = explode("/", $dateTimeParts[0] );
- $timeParts = explode(":",$dateTimeParts[1] );
- $this->_postDay = $dateParts[0];
- $this->_postMonth = $dateParts[1];
- $this->_postYear = $dateParts[2];
- $this->_postHour = $timeParts[0];
- $this->_postMinutes = $timeParts[1];
- }
-
- $this->_postTimestamp = new Timestamp();
- $this->_postTimestamp->setMinutes( $this->_postMinutes );
- $this->_postTimestamp->setHour( $this->_postHour );
- $this->_postTimestamp->setDay( $this->_postDay );
- $this->_postTimestamp->setMonth( $this->_postMonth );
- $this->_postTimestamp->setYear( $this->_postYear );
- return true;
- }
-
function perform()
{
+ $this->_fetchCommonData();
+
$status = POST_STATUS_DRAFT;
$articles = new Articles();
- $postText = Textfilter::xhtmlize($this->_postText);
- $article = new Article( $this->_postTopic, $postText, $this->_postCategories, $this->_userInfo->getId(),
+ $article = new Article( $this->_postTopic, $this->_postText,
+ $this->_postCategories, $this->_userInfo->getId(),
$this->_blogInfo->getId(), $status, 0, Array(), $this->_postSlug );
// set also the date before it's too late
$article->setDateObject( $this->_postTimestamp );
@@ -109,6 +53,8 @@
// in case the post is already in the db
if( $this->_postId != "" ) {
$article->setId( $this->_postId );
+ // TODO: can a user without the update_post permission
+ // update using the savedraft method?
$postSavedOk = $articles->updateArticle( $article );
if( $postSavedOk )
More information about the pLog-svn
mailing list