global $itemid, $manager, $CONF;
//modify start+++++++++
- if(eregi('limit', $tb_id)){
+ if(preg_match('/limit/i', $tb_id)){
$amount = $tb_id;
$tb_id = '';
}
- $amount = eregi_replace("limit", "", $amount);
- $amount = intval($amount);
+ $amount = intval(str_replace('limit', '', $amount));
//modify end+++++++++
if ($tb_id == '') $tb_id = intval($itemid);
'required' => $this->getRequiredURL(intval($tb_id)),
);
- if ($member->isLoggedIn() && $member->isAdmin()){
+ if ( $member->isLoggedIn() ){
$adminurl = htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'] . 'trackback/index.php?action=list&id=' . intval($tb_id)), ENT_QUOTES);
$pingformurl = htmlspecialchars($manager->addTicketToUrl($CONF['PluginURL'] . 'trackback/index.php?action=ping&id=' . intval($tb_id)), ENT_QUOTES);
$gVars['admin'] = '<a href="' . $adminurl . '" target="_blank">[admin]</a>';
*/
$uri = $this->_createItemLink($item['itemid'],$blog);
- $timestamp = time();
- $sourceaddr = ip2long(serverVar('REMOTE_ADDR'));
- $key = md5( sprintf("%u %u %u %s", $timestamp, $sourceaddr, $itemid, __FILE__));
+ $title = strip_tags($item['title']);
+ $desc = strip_tags($item['body']);
+ $desc = $this->_cut_string($desc, 200);
+ $desc = htmlspecialchars($desc, ENT_QUOTES);
+
?>
<!--
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
{
for ($i = 0; $i < count($array); $i++)
{
- if( preg_match('/s?https?:\/\/[-_.!~*\'()a-zA-Z0-9;\/?:@&=+$,%#]+/', $array[$i][1], $matches) )
+ if( preg_match('/s?https?:\/\/[-_.!~*\'()a-zA-Z0-9;\/?:@&=+$,%]+/', $array[$i][1], $matches) )
$links[$matches[0]] = 1;
}
}
curl_close($ch);
}
- elseif ($fp = @fopen ($url, "r"))
+ elseif ($fp = @fopen ($url, "rb"))
{
//mod by cles
// $contents = fread($fp, 8192);
function getName() { return 'TrackBack'; }
function getAuthor() { return 'rakaz + nakahara21 + hsur'; }
function getURL() { return 'http://blog.cles.jp/np_cles/category/31/subcatid/3'; }
- function getVersion() { return '2.0.3 jp10.5'; }
- function getDescription() { return '[$Revision: 1.20 $]<br />' . _TB_DESCRIPTION; }
+ function getVersion() { return '2.0.3 jp11'; }
+ function getDescription() { return '[$Revision: 1.21 $]<br />' . _TB_DESCRIPTION; }
//modify start+++++++++
/*
global $member, $nucleus, $blogid;
// only show to admins
- if (!$member->isLoggedIn() || !$member->isAdmin()) return;
+ if (!$member->isLoggedIn()) return;
array_push(
$data['options'],
$oPluginAdmin = new PluginAdmin('TrackBack');
- if (!($member->isLoggedIn() && $member->isAdmin()))
+ if ( ! $member->isLoggedIn() )
{
$oPluginAdmin->start();
echo '<p>' . _ERROR_DISALLOWED . '</p>';
$oTemplate->set ('CONF', $CONF);
$oTemplate->set ('plugindirurl', $oPluginAdmin->plugin->getAdminURL());
$oTemplate->set ('ticket', $manager->_generateTicket());
+
+ $whereClause = '';
+ if( ! $member->isAdmin() ){
+ // where clause
+ $res = sql_query('SELECT tblog FROM '.sql_table('team').' WHERE tadmin = 1 AND tmember = '.$member->getID() );
+ $adminBlog = array();
+ while ($row = mysql_fetch_array($res)){
+ $adminBlog[] = $row[0];
+ }
+ if($adminBlog)
+ $whereClause = ' i.iblog in (' . implode(', ', $adminBlog) . ') ';
+
+ if( $whereClause )
+ $whereClause = ' AND ( i.iauthor = '.$member->getID().' OR ' . $whereClause . ' )';
+ else
+ $whereClause = ' AND i.iauthor = '.$member->getID();
+ }
+
+ $requiredItemEditRights = array(
+ 'dodelete',
+ 'doblock',
+ 'dounblock',
+ );
+ $safeids = array();
+ if (in_array($action, $requiredItemEditRights)) {
+ $ids = explode(',', requestVar('ids'));
+ $safeids = array();
+ foreach( $ids as $id ){
+ $id = trim($id);
+ if( is_numeric($id) )
+ $safeids[] = $id;
+ }
+ if( ! $member->isAdmin() ){
+ $query = 'SELECT t.id FROM ' . sql_table('plugin_tb') . ' t, ' . sql_table('item') . ' i WHERE t.tb_id = i.inumber AND t.id in ( '. implode(',', $safeids) . ' ) '. $whereClause ;
+ $res = sql_query($query);
+ $safeids = array();
+ while ($row = mysql_fetch_array($res)){
+ $safeids[] = $row[0];
+ }
+ }
+ }
// Pages
switch($action) {
case 'ajax':
$type = requestVar('type') == 'all' ? 'all' : 'blocked' ;
- $filter['all'] = 't.block = 0';
- $filter['blocked'] = 't.block = 1';
+ $filter['all'] = ' t.block = 0 ';
+ $filter['blocked'] = ' t.block = 1 ';
$start = intRequestVar('offset') ? intRequestVar('offset') : 0;
$amount = intRequestVar('page_size') ? intRequestVar('page_size') : 25;
".sql_table('item')." AS i
WHERE
t.tb_id = i.inumber AND
- ".$filter[$type]);
+ ".$filter[$type].$whereClause);
$rrow = mysql_fetch_array($rres);
$count = $rrow['count'];
".sql_table('item')." AS i
WHERE
t.tb_id = i.inumber AND
- ".$filter[$type]."
+ ".$filter[$type].$whereClause."
ORDER BY
".$sort_col." ".$sort_dir."
LIMIT
break;
case 'dodelete':
- $ids = explode(',', requestVar('ids'));
-
- $safeids = array();
- foreach( $ids as $id ){
- $id = trim($id);
- if( is_numeric($id) )
- $safeids[] = $id;
- }
-
if( count($safeids) > 0 ){
$safeids = implode(',',$safeids);
break;
case 'doblock':
- $ids = explode(',', requestVar('ids'));
-
- $safeids = array();
- foreach( $ids as $id ){
- $id = trim($id);
- if( is_numeric($id) )
- $safeids[] = $id;
- }
-
if( count($safeids) > 0 ){
$safeids = implode(',',$safeids);
break;
case 'dounblock':
- $ids = explode(',', requestVar('ids'));
-
- $safeids = array();
- foreach( $ids as $id ){
- $id = trim($id);
- if( is_numeric($id) )
- $safeids[] = $id;
- }
-
if( count($safeids) > 0 ){
$safeids = implode(',',$safeids);
include('template.php');
- // Send out Content-type
- //sendContentType('application/xhtml+xml', 'admin-trackback', _CHARSET);
-
$oPluginAdmin = new PluginAdmin('TrackBack');
- if (!($member->isLoggedIn() && $member->isAdmin()))
+ if ( !$member->isLoggedIn() )
{
$oPluginAdmin->start();
echo '<p>' . _ERROR_DISALLOWED . '</p>';
}
$oPluginAdmin->start();
- //$oPluginAdmin->admin->pagehead();
//modify start+++++++++
$plug =& $oPluginAdmin->plugin;
$oTemplate->set ('ticket', $manager->_generateTicket());
$ajaxEnabled = ($oPluginAdmin->plugin->getOption('ajaxEnabled') == 'yes') ? true : false;
$oTemplate->set ('ajaxEnabled', $ajaxEnabled);
+
+ $whereClause = '';
+ if( ! $member->isAdmin() ){
+ // where clause
+ $res = sql_query('SELECT tblog FROM '.sql_table('team').' WHERE tadmin = 1 AND tmember = '.$member->getID() );
+ $adminBlog = array();
+ while ($row = mysql_fetch_array($res)){
+ $adminBlog[] = $row[0];
+ }
+ if($adminBlog)
+ $whereClause = ' i.iblog in (' . implode(', ', $adminBlog) . ') ';
+
+ if( $whereClause )
+ $whereClause = ' AND ( i.iauthor = '.$member->getID().' OR ' . $whereClause . ' )';
+ else
+ $whereClause = ' AND i.iauthor = '.$member->getID();
+ }
+ //echo "<p>Debug: $whereClause<p>";
+
+ $requiredAdminRights = array(
+ 'tableUpgrade',
+ 'blocked_clear',
+ 'blocked_spamclear',
+ );
+ if (in_array($action, $requiredAdminRights)) {
+ if( ! $member->isAdmin() ){
+ echo '<p>' . _ERROR_DISALLOWED . '</p>';
+ echo '<p>Reason: ' . __LINE__ . '</p>';
+ $oPluginAdmin->end();
+ exit;
+ }
+ }
+
+ $requiredItemEditRights = array(
+ 'block',
+ 'unblock',
+ 'delete',
+ );
+ if (in_array($action, $requiredItemEditRights)) {
+ if( ! $member->isAdmin() ){
+ $tb = intRequestVar('tb');
+ $query = 'SELECT i.inumber FROM ' . sql_table('plugin_tb') . ' t, ' . sql_table('item') . ' i WHERE t.tb_id = i.inumber AND t.id = '. $tb . $whereClause ;
+ $res = sql_query($query);
+ if( ! @mysql_num_rows($res) ){
+ echo '<p>' . _ERROR_DISALLOWED . '</p>';
+ echo '<p>Reason: ' . __LINE__ . '</p>';
+ $oPluginAdmin->end();
+ exit;
+ }
+ }
+ }
switch($action) {
$action = requestVar('next');
break;
+
case 'blocked_clear':
$res = sql_query ("DELETE FROM ".sql_table('plugin_tb')." WHERE block = 1");
$action = requestVar('next');
$action = requestVar('next');
break;
+
case 'ping':
$id = intRequestVar('id');
".sql_table('item')." AS i
WHERE
t.tb_id = i.inumber AND
- t.block = " . (( $action == 'all') ? 0 : 1) );
+ t.block = " . (( $action == 'all') ? 0 : 1) . $whereClause );
if ($row = mysql_fetch_array($rres))
$count = $row['count'];
".sql_table('item')." AS i
WHERE
t.tb_id = i.inumber AND
- t.block = " . (( $action == 'all') ? 0 : 1) ."
+ t.block = " . (( $action == 'all') ? 0 : 1) . $whereClause ."
ORDER BY
timestamp DESC
LIMIT
$ires = sql_query ("
SELECT
- ititle,
- inumber
+ i.ititle,
+ i.inumber
FROM
- ".sql_table('item')."
+ ".sql_table('item')." i
WHERE
- inumber = '".$id."'
- ");
+ i.inumber = '".$id."'
+ ". $whereClause );
if ($irow = mysql_fetch_array($ires))
{
while ($brow = mysql_fetch_array($bres))
{
+ if( !$member->isTeamMember($brow['bnumber']) ) continue;
$ires = sql_query ("
SELECT
i.inumber AS inumber,
WHERE
i.iblog = ".$brow['bnumber']." AND
t.tb_id = i.inumber AND
- t.block = 0
+ t.block = 0 ".$whereClause."
GROUP BY
i.inumber
ORDER BY
<h3>ÆüËܸìÈǹ¹¿·ÍúÎò</h3>
<ul>
+ <li>Version 2.0.3jp11 : (2007/09/30)</li>
+ <li>¡¡[Added] SuperAdmin°Ê³°¤Ç¤âTrackback¤¬´ÉÍý¤Ç¤¤ë¤è¤¦¤Ë¤·¤¿</li>
+
<li>Version 2.0.3jp10 : (2007/06/30)</li>
<li>¡¡[Fixed] mysql_query()¤òsql_query()¤ËÊѹ¹</li>
<li>¡¡[Changed] ¼ÂÂλ²¾È¥Æ¡¼¥Ö¥ë¤Ë¤Ä¤¤¤ÆNucleusɸ½à¤â¤Î¤ò»È¤¦¤è¤¦¤Ë¤·¤¿</li>
<?php echo date("Y-m-d H:i:s",$item['timestamp']);?>
</td>
<td>
- <!--
+ <![CDATA[
<a href="<?php echo $item['story_url']; ?>"><?php echo $item['story'];?></a>
- -->
+ ]]>
</td>
<td>
- <!--
+ <![CDATA[
<a href="<?php echo $item['url'];?>">
<img alt="Visit" border="0" src="<?php echo $plugindirurl?>silk/house_go.png" />
</a>
<strong><?php echo $item['title'];?></strong>
<?php echo $item['excerpt'];?>
<em>(<?php echo $item['blog_name'];?>)</em>
- -->
+ ]]>
</td>
<td></td>
</tr>
<?php echo date("Y-m-d H:i:s",$item['timestamp']);?>
</td>
<td>
- <!--
+ <![CDATA[
<a href="<?php echo $item['story_url']; ?>"><?php echo $item['story'];?></a>
- -->
+ ]]>
</td>
<td>
- <!--
+ <![CDATA[
<a href="<?php echo $item['url'];?>">
<img alt="Visit" border="0" src="<?php echo $plugindirurl?>silk/house_go.png" />
</a>
'<img alt="NOT Linked" border="0" src="' . $plugindirurl . 'silk/link_break.png" />';?>
<?php echo $item['excerpt'];?>
<em>(<?php echo $item['blog_name'];?>)</em>
- -->
+ ]]>
</td>
<td></td>
</tr>
<h3>日本語版更新履歴</h3>
<ul>
+ <li>Version 2.0.3jp11 : (2007/09/30)</li>
+ <li> [Added] SuperAdmin以外でもTrackbackが管理できるようにした</li>
+
<li>Version 2.0.3jp10 : (2007/06/30)</li>
<li> [Fixed] mysql_query()をsql_query()に変更</li>
<li> [Changed] 実体参照テーブルについてNucleus標準ものを使うようにした</li>
<?php echo date("Y-m-d H:i:s",$item['timestamp']);?>
</td>
<td>
- <!--
+ <![CDATA[
<a href="<?php echo $item['story_url']; ?>"><?php echo $item['story'];?></a>
- -->
+ ]]>
</td>
<td>
- <!--
+ <![CDATA[
<a href="<?php echo $item['url'];?>">
<img alt="Visit" border="0" src="<?php echo $plugindirurl?>silk/house_go.png" />
</a>
<strong><?php echo $item['title'];?></strong>
<?php echo $item['excerpt'];?>
<em>(<?php echo $item['blog_name'];?>)</em>
- -->
+ ]]>
</td>
<td></td>
</tr>
<?php echo date("Y-m-d H:i:s",$item['timestamp']);?>
</td>
<td>
- <!--
+ <![CDATA[
<a href="<?php echo $item['story_url']; ?>"><?php echo $item['story'];?></a>
- -->
+ ]]>
</td>
<td>
- <!--
+ <![CDATA[
<a href="<?php echo $item['url'];?>">
<img alt="Visit" border="0" src="<?php echo $plugindirurl?>silk/house_go.png" />
</a>
'<img alt="NOT Linked" border="0" src="' . $plugindirurl . 'silk/link_break.png" />';?>
<?php echo $item['excerpt'];?>
<em>(<?php echo $item['blog_name'];?>)</em>
- -->
+ ]]>
</td>
<td></td>
</tr>