Skip to content

Commit

Permalink
Add Post Param at Hooks
Browse files Browse the repository at this point in the history 
Filter Categories for Tags
Change $url position to correct location at Comments.class.php
Add Author Pages
#60 Security Fix Issue
Change Ajax URL Router format
Change Ajax, Mods router scrapper
  • Loading branch information
Puguh Wijayanto committed Jan 8, 2017
1 parent 0496452 commit 6e21c01
Show file tree
Hide file tree
Showing 37 changed files with 710 additions and 387 deletions.
2 changes: 1 addition & 1 deletion assets/js/plugins/summernote-ext-genixcms.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
contents: '<i class="fa fa-list-alt"/> File Manager',
tooltip: 'elfinder',
click: function () {
elfinderDialog();
elfinderDialog($(this).closest('.note-editor').parent().children('.summernote'));
}
});

Expand Down
34 changes: 2 additions & 32 deletions gxadmin/inc/media.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,32 +15,7 @@
* @copyright 2014-2016 Puguh Wijayanto
* @license http://www.opensource.org/licenses/mit-license.php MIT
*/
if (isset($data['alertSuccess'])) {

echo '<div class="alert alert-success" >
<button type="button" class="close" data-dismiss="alert">
<span aria-hidden="true">&times;</span>
<span class="sr-only">'.CLOSE.'</span>
</button>';
foreach ($data['alertSuccess'] as $alert) {

echo "$alert\n";
}
echo '</div>';
}
if (isset($data['alertDanger'])) {

echo '<div class="alert alert-danger" >
<button type="button" class="close" data-dismiss="alert">
<span aria-hidden="true">&times;</span>
<span class="sr-only">'.CLOSE.'</span>
</button>';
foreach ($data['alertDanger'] as $alert) {

echo "$alert\n";
}
echo '</div>';
}

?>
<div class="row">
<div class="col-md-12">
Expand All @@ -54,11 +29,6 @@
</div>

<div class="col-sm-12">
<div class="row">
<div id="elfinder"></div>
</div>



<div id="elfinder"></div>
</div>
</div>
2 changes: 2 additions & 0 deletions gxadmin/inc/pages_form.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,9 @@
<div id="myGrid"><?=$content; ?></div>
</div>
<?php

}
Hooks::run('page_param_form', $data);
?>
</div>
<div class="col-sm-4">
Expand Down
2 changes: 2 additions & 0 deletions gxadmin/inc/posts_form.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,9 @@
<textarea name="content" class="form-control hidden content editor" id="content" rows="" ><?=$content; ?></textarea>
</div>
<?php

}
Hooks::run('post_param_form', $data);
?>
</div>
<div class="col-md-4">
Expand Down
23 changes: 18 additions & 5 deletions inc/lib/Categories.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,13 +67,19 @@ public static function dropdown($vars)
if (isset($vars['parent'])) {
$where .= " `parent` = '".$vars['parent']."' ";
} else {
$where .= '1 ';
$where .= '';
}
if (isset($vars['type'])) {
$where .= " AND `type` = '".$vars['type']."' ";
if ($vars['type'] == 'tag') {
$where .= " `type` = '{$vars['type']}' AND ";
} else {
$where .= " `type` = '{$vars['type']}' AND `type` != 'tag' AND ";
}

} else {
$where .= '';
$where .= " `type` != 'tag' AND ";
}
$where .= '1 ';
$order_by = 'ORDER BY ';
if (isset($vars['order_by'])) {
$order_by .= ' '.$vars['order_by'].' ';
Expand Down Expand Up @@ -129,7 +135,14 @@ public static function lists($vars)
$where .= " `parent` = '{$vars['parent']}' AND ";
}
if (isset($vars['type'])) {
$where .= " `type` = '{$vars['type']}' AND ";
if ($vars['type'] == 'tag') {
$where .= " `type` = '{$vars['type']}' AND ";
} else {
$where .= " `type` = '{$vars['type']}' AND `type` != 'tag' AND ";
}

} else {
$where .= " `type` != 'tag' AND ";
}
$where .= '1 ';
$order_by = 'ORDER BY ';
Expand Down Expand Up @@ -330,7 +343,7 @@ public static function id($name)
public static function exist($cat)
{
$cat = Typo::int($cat);
$sql = "SELECT `id` FROM `cat` WHERE `id` = '{$cat}' AND `type` = 'post'";
$sql = "SELECT `id` FROM `cat` WHERE `id` = '{$cat}'";
$q = Db::result($sql);
// echo Db::$num_rows;
if (Db::$num_rows > 0) {
Expand Down
3 changes: 2 additions & 1 deletion inc/lib/Comments.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,11 +178,12 @@ public static function listC($vars)
$order = ($parent > 0) ? 'ASC' : 'DESC';
$sql = sprintf('SELECT * FROM `comments` WHERE 1 %s ORDER BY `date` %s LIMIT %d, %d', $where, $order, $offset, $max);
$cmn = Db::result($sql);
$url = isset($v->url) ? $v->url : '#';

$html = '<div class="col-md-12">
<ul class="media-list">';
if (DB::$num_rows > 0) {
foreach ($cmn as $c => $v) {
$url = isset($v->url) ? $v->url : '#';
$avatar = Image::getGravatar($v->email, 60);
$html .= '
<li class="media">
Expand Down
4 changes: 2 additions & 2 deletions inc/lib/Control.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,8 +104,8 @@ public static function incBack($vars)
*/
public static function frontend()
{
$arr = ['ajax', 'post', 'page', 'cat', 'mod', 'sitemap', 'rss',
'account', 'search', 'author', 'tag', 'thumb', 'default'];
$arr = array('ajax', 'post', 'page', 'cat', 'mod', 'sitemap', 'rss',
'account', 'search', 'author', 'tag', 'thumb', 'default');
if (SMART_URL) {
if (isset($_REQUEST) && $_REQUEST != '' && count($_REQUEST) > 0) {
(SMART_URL && isset($_GET)) ? self::route($arr) : self::get($arr);
Expand Down
5 changes: 3 additions & 2 deletions inc/lib/Control/Ajax/saveimage-ajax.control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,9 @@
* @copyright 2014-2016 Puguh Wijayanto
* @license http://www.opensource.org/licenses/mit-license.php MIT
*/

if (isset($_GET['token']) && Token::isExist($_GET['token'])) {
$data = Router::scrap($param);
$token = (SMART_URL) ? $data['token'] : Typo::cleanX($_GET['token']);
if (isset($token) && Token::isExist($token) ) {
if (User::access(2)) {
// A list of permitted file extensions
$allowed = array('png', 'jpg', 'jpeg', 'gif');
Expand Down
8 changes: 5 additions & 3 deletions inc/lib/Control/Ajax/tags-ajax.control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,13 @@
* @copyright 2014-2016 Puguh Wijayanto
* @license http://www.opensource.org/licenses/mit-license.php MIT
*/

if (isset($_GET['token']) && Token::isExist($_GET['token'])) {
$data = Router::scrap($param);
$token = (SMART_URL) ? $data['token'] : Typo::cleanX($_GET['token']);
if (isset($token) && Token::isExist($token) ) {
if (User::access(2)) {
$term = Typo::cleanX($_GET['term']);
$tags = Db::result(
"SELECT * FROM `cat` WHERE `type` = 'tag' AND `name` LIKE '".$_GET['term']."%' ORDER BY `name` ASC"
"SELECT * FROM `cat` WHERE `type` = 'tag' AND `name` LIKE '".$term."%' ORDER BY `name` ASC"
);
$tag = array();
foreach ($tags as $t) {
Expand Down
4 changes: 3 additions & 1 deletion inc/lib/Control/Ajax/version-ajax.control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@
* @license http://www.opensource.org/licenses/mit-license.php MIT
*/

if (isset($_GET['token']) && Token::isExist($_GET['token'])) {
$data = Router::scrap($param);
$token = (SMART_URL) ? $data['token'] : Typo::cleanX($_GET['token']);
if (isset($token) && Token::isExist($token) ) {
if (User::access(2)) {
$v = trim(System::latestVersion());

Expand Down
5 changes: 3 additions & 2 deletions inc/lib/Control/Backend/mods.control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,10 @@
* @license http://www.opensource.org/licenses/mit-license.php MIT
*/

$data['sitetitle'] = MODULES;
$mod = Typo::cleanX($_GET['mod']);
$data['sitetitle'] = Mod::title($mod);
Theme::admin('header', $data);
Mod::options($_GET['mod']);
Mod::options($mod);
Theme::admin('footer');

/* End of file mods.control.php */
Expand Down
17 changes: 16 additions & 1 deletion inc/lib/Control/Backend/posts.control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,12 @@
$tags = Typo::cleanX($_POST['tags']);
Posts::addParam('tags', $tags, $post_id);
Tags::add($tags);
if (isset($_POST['param'])){
foreach ($_POST['param'] as $k => $v) {
Posts::addParam($k, $v, $post_id);
}
}


$data['alertSuccess'][] = POST." {$title} ".MSG_POST_ADDED;
Hooks::run('post_submit_add_action', $_POST);
Expand Down Expand Up @@ -205,9 +211,18 @@
} else {
Posts::editParam('tags', $tags, $_GET['id']);
}

Tags::add($tags);

if (isset($_POST['param'])){
foreach ($_POST['param'] as $k => $v) {
if (!Posts::existParam($k, $_GET['id'])) {
Posts::addParam($k, $v, $_GET['id']);
} else {
Posts::editParam($k, $v, $_GET['id']);
}
}
}

$data['alertSuccess'][] = POST." {$title} ".MSG_POST_UPDATED;
Hooks::run('post_submit_edit_action', $_POST);
Token::remove($_POST['token']);
Expand Down
5 changes: 3 additions & 2 deletions inc/lib/Control/Backend/themes.control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,10 @@

if (User::access(0)) {
if (isset($_GET['view']) && $_GET['view'] == 'options') {
$data['sitetitle'] = THEMES;
$theme = Options::v('themes');
$data['sitetitle'] = Theme::title($theme);
Theme::admin('header', $data);
Theme::options(Options::v('themes'));
Theme::options($theme);
Theme::admin('footer');
} else {
if (isset($_POST['upload'])) {
Expand Down
4 changes: 2 additions & 2 deletions inc/lib/Control/Backend/users.control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@
}

// VALIDATE ALL
if (!User::isExist($_POST['userid'])) {
if (User::isExist($_POST['userid'])) {
$alertDanger[] = MSG_USER_EXIST;
}

Expand Down Expand Up @@ -252,7 +252,7 @@
$alertDanger[] = PASS2_CANNOT_EMPTY;
}

if (!User::isExist($_POST['userid'])) {
if (User::isExist($_POST['userid'])) {
$alertDanger[] = MSG_USER_EXIST;
}
if (!User::isSame($_POST['pass1'], $_POST['pass2'])) {
Expand Down
99 changes: 99 additions & 0 deletions inc/lib/Control/Frontend/author.control.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
<?php

defined('GX_LIB') or die('Direct Access Not Allowed!');
/*
* GeniXCMS - Content Management System
*
* PHP Based Content Management System and Framework
*
* @since 0.0.1 build date 20141006
*
* @version 1.0.0
*
* @link https://github.com/semplon/GeniXCMS
* @link http://genixcms.org
*
* @author Puguh Wijayanto <psw@metalgenix.com>
* @copyright 2014-2016 Puguh Wijayanto
* @license http://www.opensource.org/licenses/mit-license.php MIT
*/

$post = '';
$data = Router::scrap($param);
$data['p_type'] = 'author';

//$cat = Db::escape(Typo::Xclean($_GET['cat']));
$author = (SMART_URL) ? $data['author'] : Typo::cleanX(Typo::strip($_GET['author']));
$data['max'] = Options::v('post_perpage');
//echo User::isExist($author);
if (User::isExist($author)) {
if (SMART_URL) {
if (isset($data['paging'])) {
$paging = $data['paging'];
}
$type = isset($data['type']) ? $data['type']: '';
} else {
if (isset($_GET['paging'])) {
$paging = Typo::int($_GET['paging']);
}
$type = isset($_GET['type']) ? $_GET['type']: '';
}

if ($type != '') {
$where = " AND `type` = '{$type}' ";
} else {
$where = '';
}
//$paging = (SMART_URL) ? $data['paging'] : Typo::int(is_int($_GET['paging']));
if (isset($paging) && $paging != '') {
if ($paging > 0) {
$offset = ($paging - 1) * $data['max'];
} else {
$offset = 0;
}
// echo $offset;
$pagingtitle = " - Page {$paging}";
} else {
$offset = 0;
$paging = 1;
$pagingtitle = '';
}
// echo $paging;
$data['sitetitle'] = 'Post by : '.$author.$pagingtitle;
$data['posts'] = Db::result(
sprintf(
"SELECT * FROM `posts`
WHERE `author` = '%s' %s
AND `status` = '1'
ORDER BY `date`
DESC LIMIT %d, %d",
$author,
$where,
$offset,
$data['max']
)
);
$data['num'] = Db::$num_rows;
// echo $data['num'];
$data['posts'] = Posts::prepare($data['posts']);
// print_r($data['posts']);
$url = Url::author($author, $type);
$paging = array(
'paging' => $paging,
'table' => 'posts',
'where' => '`author` = \''.$author.'\' AND `status` = \'1\' '.$where,
'max' => $data['max'],
'url' => $url,
'type' => Options::v('pagination'),
);
$data['paging'] = Paging::create($paging, SMART_URL);
Theme::theme('header', $data);
Theme::theme('author', $data);
Theme::footer($data);
exit;
} else {
Control::error('404');
exit;
}
/* End of file cat.control.php */
/* Location: ./inc/lib/Control/Frontend/cat.control.php */
2 changes: 1 addition & 1 deletion inc/lib/Control/Frontend/cat.control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@
$paging = array(
'paging' => $paging,
'table' => 'posts',
'where' => '`type` = \''.$type.'\' AND `cat` = \''.$cat.'\'',
'where' => '`type` = \''.$type.'\' AND `cat` = \''.$cat.'\' AND `status` = \'1\' ',
'max' => $data['max'],
'url' => $url,
'type' => Options::v('pagination'),
Expand Down
4 changes: 2 additions & 2 deletions inc/lib/Control/Frontend/post.control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,10 @@
$data['posts'] = Posts::prepare($data['posts']);
// print_r($data['posts']);
if ($num_rows > 0) {
$theme = ($data['p_type'] == 'post') ? 'single' : $data['p_type'];
$theme = Theme::exist($data['p_type']) ? $data['p_type']: 'single';
Theme::theme('header', $data);
Theme::theme($theme, $data);
Theme::footer();
Theme::footer($data);
Stats::addViews($post_id);

} else {
Expand Down
Loading

0 comments on commit 6e21c01

Please sign in to comment.