Explorar el Código

Added support for basic HTML (+ Textile) formating and a WYSIWYG editor.

pecesama hace 17 años
padre
commit
47c7bfca99

+ 5 - 5
admin/bm.php Ver fichero

@@ -55,14 +55,14 @@ if ($user->isAdmin()) {
55 55
 		if (!get_magic_quotes_gpc()) {	
56 56
 			$_POST["title"] = addslashes($_POST["title"]);
57 57
 			$_POST["description"] = addslashes($_POST["description"]);
58
-		}	
58
+		}
59
+		
60
+		$textile = new Textile();
59 61
 		
60
-		$_POST["title"] = strip_tags($_POST["title"]);
61
-		$_POST["description"] = strip_tags($_POST["description"]);
62
+		$_POST["title"] = $textile->TextileThis(removeBadTags($_POST["title"]));
63
+		$_POST["description"] = $textile->TextileThis(removeBadTags($_POST["description"]));
62 64
 		
63 65
 		if ($tumble->addPost($_POST)) {
64
-			//header("Location: ".$conf->urlGelato."/admin/index.php?added=true");
65
-			//die();
66 66
 			$input = array("{type}");
67 67
 			$output = array("1");
68 68
 			

+ 6 - 3
admin/comments.php Ver fichero

@@ -22,9 +22,12 @@ $commentId = ($isEdition) ? $_GET["edit"] : NULL;
22 22
 	
23 23
 if(isset($_POST["btnAdd"]))	{		
24 24
 	unset($_POST["btnAdd"]);
25
-	$_POST["username"] = strip_tags($_POST["username"]);
26
-	$_POST["email"] = strip_tags($_POST["email"]);	
27
-	$_POST["web"] = strip_tags($_POST["web"]);
25
+	
26
+	$textile = new Textile();
27
+	
28
+	$_POST["username"] = $textile->TextileThis(removeBadTags($_POST["username"]));
29
+	$_POST["email"] = $textile->TextileThis(removeBadTags($_POST["email"]));
30
+	$_POST["web"] = $textile->TextileThis(removeBadTags($_POST["web"]));
28 31
 		
29 32
 	if (isset($_POST["id_comment"])) {
30 33
 		if ($isAdmin) {

+ 15 - 7
admin/index.php Ver fichero

@@ -66,11 +66,12 @@ if ($user->isAdmin()) {
66 66
 		if (!get_magic_quotes_gpc()) {	
67 67
 			$_POST["title"] = addslashes($_POST["title"]);
68 68
 			$_POST["description"] = addslashes($_POST["description"]);
69
-		}	
69
+		}		
70 70
 		
71
-		$_POST["title"] = strip_tags($_POST["title"]);
72
-		$_POST["description"] = strip_tags($_POST["description"]);
71
+		$textile = new Textile();
73 72
 		
73
+		$_POST["title"] = $textile->TextileThis(removeBadTags($_POST["title"]));
74
+		$_POST["description"] = $textile->TextileThis(removeBadTags($_POST["description"]));
74 75
 		
75 76
 		if (isset($_POST["id_post"])) {
76 77
 			$tumble->modifyPost($_POST, $_POST["id_post"]);
@@ -109,6 +110,16 @@ if ($user->isAdmin()) {
109 110
 		Lightbox.fileLoadingImage = "css/images/loading.gif";
110 111
 		Lightbox.fileBottomNavCloseImage = "css/images/closelabel.gif";		
111 112
 		</script>
113
+<?php
114
+		if($conf->richText) {
115
+?>
116
+        	<script src="<?php echo $conf->urlGelato;?>/admin/scripts/nicEdit.js" type="text/javascript"></script>
117
+			<script type="text/javascript">
118
+                 bkLib.onDomLoaded(nicEditors.allTextAreas);
119
+            </script>
120
+<?php
121
+		}
122
+?>
112 123
 		<style type="text/css" media="screen">	
113 124
 			@import "<?php echo $conf->urlGelato;?>/admin/css/style.css";
114 125
 			@import "<?php echo $conf->urlGelato;?>/admin/css/lightbox.css";
@@ -328,10 +339,7 @@ if ($user->isAdmin()) {
328 339
 					if ($tumble->contarRegistros()>0) {				
329 340
 						while($register = mysql_fetch_array($rs)) {			
330 341
 							$formatedDate = gmdate("M d", strtotime($register["date"])+transform_offset($conf->offsetTime));
331
-							$permalink = $conf->urlGelato."/index.php/post/".$register["id_post"]."/";							
332
-							
333
-							$textile = new Textile();				
334
-							$register["description"] = $textile->TextileThis($register["description"]);
342
+							$permalink = $conf->urlGelato."/index.php/post/".$register["id_post"]."/";
335 343
 							
336 344
 							$register["title"] = stripslashes($register["title"]);
337 345
 							$register["description"] = stripslashes($register["description"]);

La diferencia del archivo ha sido suprimido porque es demasiado grande
+ 55 - 0
admin/scripts/nicEdit.js


BIN
admin/scripts/nicEditorIcons.gif Ver fichero


+ 56 - 39
api.php Ver fichero

@@ -14,10 +14,6 @@ if(!defined('entry')) define('entry',true);
14 14
 <?php
15 15
 	header("Content-type: text/xml; charset=utf-8");	
16 16
 	
17
-	require(dirname(__FILE__)."/config.php");
18
-	include("classes/configuration.class.php");
19
-	include("classes/gelato.class.php");
20
-	include("classes/textile.class.php");
21 17
 	$isFeed = true;
22 18
 	$tumble = new gelato();
23 19
 	$conf = new configuration();
@@ -29,14 +25,14 @@ if(!defined('entry')) define('entry',true);
29 25
 	
30 26
 	if (isset($_GET["action"]) && $_GET["action"] == "read") {
31 27
 		if (isset($_GET["start"])) { $start = $_GET["start"]; } else { $start = 0; }
32
-		if (isset($_GET["num"])) { $num = $_GET["num"]; } else { $num = 20; }
33
-		if (isset($_GET["type"])) { $type = $_GET["type"]; } else { $type = null; }
34
-		if ($num > 50) { $num = 50; }		
28
+		if (isset($_GET["total"])) { $total = $_GET["total"]; } else { $total = 20; }
29
+		if (isset($_GET["type"])) { $hasType = true; } else { $hasType = false; }
30
+		if ($total > 50) { $total = 50; }		
35 31
 ?>		
36 32
 		<tumblelog name="<?php echo $_SESSION["user_login"];?>" timezone="<?php echo $conf->offsetCity;?>" title="<?php echo $conf->title;?>"><?php echo $conf->description;?></tumblelog>	
37 33
 
38 34
 <?php
39
-		switch ($type) {
35
+		switch ($hasType) {
40 36
 			case "post":
41 37
 				$_GET["type"] = "1";
42 38
 				break;
@@ -59,65 +55,86 @@ if(!defined('entry')) define('entry',true);
59 55
 				$_GET["type"] = "7";
60 56
 				break;								
61 57
 		}
62
-		$rs = $tumble->getPosts($num, $start);
58
+		$rs = $tumble->getPosts($total, $start);
63 59
 		if ($tumble->contarRegistros()>0) {
64 60
 ?>
65
-			<posts start="<?php echo $start; ?>" total="<?php echo $num; ?>">
66
-<?php/*
61
+			<posts start="<?php echo $start; ?>" total="<?php echo $total; ?>">
62
+<?php 
67 63
 			while($register = mysql_fetch_array($rs)) {
68
-				
69
-				$textile = new Textile();				
70
-				$register["description"] = $textile->TextileThis($register["description"]);
64
+				$desc = $register["description"];
65
+				$url = $conf->urlGelato."/index.php?post=".$register["id_post"];
66
+				$formatedDate = gmdate("D, d M Y H:i:s", strtotime($register["date"])+transform_offset($conf->offsetTime));
71 67
 				
72 68
 				switch ($register["type"]) {
73 69
 					case "1":
74
-						$tit = ($register["title"]=="") ? strip_tags($register["description"]) : $register["title"];
75
-						$desc = $register["description"];
70
+
71
+						$tit = ($register["title"]=="") ? $register["description"] : $register["title"];
72
+?>
73
+						
74
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="regular" date="<?php echo $formatedDate;?>">
75
+							<regular-title><?php echo $tit;?></regular-title>
76
+							<regular-body><?php echo $desc;?></regular-body>
77
+						</post>
78
+<?php						
76 79
 						break;
77 80
 					case "2":
78
-						$tit = ($register["description"]=="") ? "Photo" : strip_tags($register["description"]);
79
-						$desc = "<img src=\"".$register["url"]."\"/>";
81
+						$tit = ($register["description"]=="") ? "Photo" : $register["description"];
82
+?>
83
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="photo" date="<?php echo $formatedDate;?>">
84
+<?php
85
+							$photoPath = str_replace("../", $conf->urlGelato."/", $register["url"]);
86
+?>
87
+                            <photo-caption><?php echo $tit;?></photo-caption>
88
+                            <photo-url><?php echo $photoPath;?></photo-url>                            
89
+                        </post>
90
+<?php
80 91
 						break;
81
-					case "3":
82
-						$tit = "\"".strip_tags($register["description"])."\"";
83
-						$tmpStr = ($register["title"]!="") ? "<br /><br /> - <em>".$register["title"]."</em>" : "";
84
-						$desc = "\"".$register["description"]."\"".$tmpStr;
92
+					case "3":						
93
+?>
94
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="quote" date="<?php echo $formatedDate;?>">
95
+							<quote-text><?php echo $desc; ?></quote-text>
96
+							<quote-source><?php echo $register["title"]; ?></quote-source>
97
+						</post>
98
+<?php
85 99
 						break;
86 100
 					case "4":
87 101
 						$tit = ($register["title"]=="") ? $register["url"] : $register["title"];
88
-						$tmpStr = ($register["description"]!="") ? "<br /><br /> - <em>".$register["description"]."</em>" : "";
89
-						$desc = "<a href=\"".$register["url"]."\">".$tit."</a>".$tmpStr;
102
+?>
103
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="link" date="<?php echo $formatedDate;?>">
104
+                            <link-text><?php echo $tit; ?></link-text>
105
+                            <link-url><?php echo $register["url"]; ?></link-url>
106
+                        </post>
107
+<?php
90 108
 						break;
91 109
 					case "5":
92 110
 						$lines = explode("\n", $register["description"]);
93 111
 						$line = $lines[0];
94 112
 						$tit = ($register["title"]=="") ? $line : $register["title"];
95 113
 						$desc = $tumble->formatConversation($register["description"]);
114
+?>
115
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="conversation" date="<?php echo $formatedDate;?>">
116
+                            <conversation-title><?php echo $tit; ?></conversation-title>
117
+                            <conversation-text><?php echo $register["description"]; ?></conversation-text>
118
+                            <?php echo $tumble->formatApiConversation($register["description"]); ?>
119
+                        </post>
120
+<?php
96 121
 						break;
122
+/*
97 123
 					case "6":
98
-						$tit = ($register["description"]=="") ? "Video" : strip_tags($register["description"]);
124
+						$tit = ($register["description"]=="") ? "Video" : $register["description"];
99 125
 						$desc = $tumble->getVideoPlayer($register["url"]);
100 126
 						break;
101 127
 					case "7":
102
-						$tit = ($register["description"]=="") ? "MP3" : strip_tags($register["description"]);
128
+						$tit = ($register["description"]=="") ? "MP3" : $register["description"];
103 129
 						$desc = $tumble->getMp3Player($register["url"]);
104 130
 						break;
131
+*/
105 132
 				}
106 133
 				$url = $conf->urlGelato."/index.php/post/".$register["id_post"]."/";
107
-				$formatedDate = gmdate("D, d M Y H:i:s \G\M\T", strtotime($register["date"])+transform_offset($conf->offsetTime));
108
-?>
109
-
110
-				<item>
111
-					<title><?php echo $tit;?></title>
112
-					<description><![CDATA[<?php echo $desc;?>]]></description>
113
-					<link><?php echo $url;?></link>
114
-					<guid isPermaLink="true"><?php echo $conf->urlGelato."/index.php/post/".$register["id_post"]."/";?></guid>				
115
-					<pubDate><?php echo $formatedDate;?></pubDate>				
116
-				</item>
117
-
118
-<?php	
134
+				$formatedDate = gmdate("D, d M Y H:i:s", strtotime($register["date"])+transform_offset($conf->offsetTime));
119 135
 			}		
120
-*/?>
136
+ 
137
+?>
121 138
 				</posts>
122 139
 <?php	
123 140
 		}

+ 15 - 1
classes/functions.php Ver fichero

@@ -17,7 +17,7 @@ if(!defined('entry') || !entry) die('Not a valid page');
17 17
 	}
18 18
 	
19 19
 	function codeName() {
20
-		return "cioccolato RC1";
20
+		return "vaniglia RC1";
21 21
 	}
22 22
 	
23 23
 	function beginsWith($str, $sub) {
@@ -347,4 +347,18 @@ if(!defined('entry') || !entry) die('Not a valid page');
347 347
 	    }
348 348
 	    return $value;
349 349
 	}
350
+	
351
+	function removeBadTags($source) {
352
+		$validTags ='<p><ul><li><a><abbr><acronym><blockquote><code><pre><em><i><strike><s><strong><b><br><span><div><img>';
353
+		$source = strip_tags($source, $validTags);
354
+		return preg_replace('/<(.*?)>/ie', "'<'.removeBadAtributes('\\1').'>'", $source);
355
+	}
356
+	
357
+	function removeBadAtributes($sourceTag)
358
+	{
359
+		$badAtributes = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|class';
360
+		$sourceTag = stripslashes($sourceTag);
361
+		$sourceTag = preg_replace("/$badAtributes/i", "niceTry", $sourceTag);
362
+		return $sourceTag;
363
+	}
350 364
 ?>

+ 18 - 0
classes/gelato.class.php Ver fichero

@@ -123,6 +123,24 @@ class gelato extends Conexion_Mysql {
123 123
 		return $formatedText;
124 124
 	}
125 125
 	
126
+	function formatApiConversation($text) {
127
+		$formatedText = "";
128
+		
129
+		$lines = explode("\n", $text);
130
+		
131
+		foreach ($lines as $line) {
132
+			$pos = strpos($line, ":") + 1;
133
+			
134
+			$name = substr($line, 0, $pos-1);
135
+			$label = substr($line, 0, $pos);
136
+			$desc = substr($line, $pos, strlen($line));
137
+			
138
+			$formatedText .= "<conversation-line name=\"".$name."\" label=\"".$label."\">".$desc."</conversation-line>\n";
139
+		}
140
+		
141
+		return $formatedText;
142
+	}
143
+	
126 144
 	function saveMP3($remoteFileName) {
127 145
 		if (getMP3File($remoteFileName)) {
128 146
 			return true;

+ 0 - 4
classes/mysql_connection.class.php Ver fichero

@@ -103,8 +103,6 @@ class Conexion_Mysql {
103 103
 		  
104 104
 		 $cols .= "$llave,"; 
105 105
 		 
106
-		 $valor = htmlspecialchars($valor,ENT_QUOTES);
107
-		 
108 106
 		 $tipo_col = $this->obtenerTipoCampo($tabla, $llave);  // obtiene el tipo de campo
109 107
 		 if (!$tipo_col) return false;  // error!
110 108
 		 
@@ -158,8 +156,6 @@ class Conexion_Mysql {
158 156
 		foreach ($datos as $llave=>$valor) {
159 157
 			$sql .= " $llave=";
160 158
 			
161
-			$valor = htmlspecialchars($valor,ENT_QUOTES);
162
-			
163 159
 			$tipo_col = $this->obtenerTipoCampo($tabla, $llave);  // obtiene el tipo de campo
164 160
 			if (!$tipo_col) return false;  // error!
165 161
 			

+ 2 - 7
index.php Ver fichero

@@ -112,8 +112,7 @@ $template = new plantillas($conf->template);
112 112
                                 
113 113
 								$conversation = $register["description"];
114 114
 								
115
-								$textile = new Textile();				
116
-								$register["description"] = $textile->TextileThis($register["description"]);
115
+								$register["description"] = $register["description"];
117 116
 
118 117
                                 $register["title"] = stripslashes($register["title"]);
119 118
                                 $register["description"] = stripslashes($register["description"]);
@@ -212,8 +211,7 @@ $template = new plantillas($conf->template);
212 211
                 
213 212
 				$conversation = $register["description"];
214 213
 				
215
-				$textile = new Textile();				
216
-				$register["description"] = $textile->TextileThis($register["description"]);
214
+				$register["description"] = $register["description"];
217 215
 				
218 216
 				$register["title"] = stripslashes($register["title"]);
219 217
                 $register["description"] = stripslashes($register["description"]);
@@ -306,9 +304,6 @@ $template = new plantillas($conf->template);
306 304
 					$template->precargarPlantillaConBloque($input, $output, "template_comments", "comments");
307 305
 
308 306
 					while($rowComment = mysql_fetch_assoc($rsComments)) {
309
-						/*echo "<pre>";
310
-						print_r($rowComment);
311
-						echo "</pre>";*/
312 307
 						$commentAuthor = ($rowComment["web"]=="") ? $rowComment["username"] : "<a href=\"".$rowComment["web"]."\" rel=\"external\">".$rowComment["username"]."</a>";
313 308
 						$input = array("{Id_Comment}", "{Comment_Author}", "{Date}", "{Comment}");
314 309
 						$output = array($rowComment["id_comment"], $commentAuthor, gmdate("d.m.y", strtotime($rowComment["comment_date"])+transform_offset($conf->offsetTime)), $rowComment["content"]);

+ 5 - 1
notice.txt Ver fichero

@@ -1,5 +1,5 @@
1 1
 == CREDITS==
2
-Gelato developers and designers (in chronological order):
2
+gelato CMS developers and designers (in chronological order):
3 3
 
4 4
 Pedro Santana [ http://www.pecesama.net/weblog/ ]
5 5
 Jorge Condomi [ http://www.raven.com.ar/ ]
@@ -11,6 +11,10 @@ Juan del Rio [ http://elcaminante.net/ ]
11 11
 = COPYRIGHT NOTICES =
12 12
 This product includes code and libraries developed by third parties, which are governed by different licenses.  These components, and their licenses, are listed below.
13 13
 
14
+= NicEdit - Micro Inline WYSIWYG =
15
+Copyright 2007 Brian Kirchoff, http://nicedit.com/
16
+NicEdit available under MIT license.
17
+
14 18
 = jQuery =
15 19
 Copyright (c) 2007 John Resig, http://jquery.com
16 20
 jQuery is available under a dual licensed the MIT and GPL licenses.

+ 8 - 10
rss.php Ver fichero

@@ -37,27 +37,25 @@ if(!defined('entry')) define('entry',true);
37 37
 
38 38
 <?php
39 39
 	include("classes/gelato.class.php");
40
-	include("classes/textile.class.php");
41 40
 	$tumble = new gelato();
42 41
 	$rs = $tumble->getPosts("20");
43 42
 	if ($tumble->contarRegistros()>0) {		
44 43
 
45 44
 		while($register = mysql_fetch_array($rs)) {
46
-			$textile = new Textile();				
47
-			$register["description"] = $textile->TextileThis($register["description"]);
45
+			$register["description"] = $register["description"];
48 46
 			
49 47
 			switch ($register["type"]) {
50 48
 				case "1":
51
-					$tit = ($register["title"]=="") ? strip_tags($register["description"]) : $register["title"];
49
+					$tit = ($register["title"]=="") ? $register["description"] : $register["title"];
52 50
 					$desc = $register["description"];
53 51
 					break;
54 52
 				case "2":
55 53
 					$photoPath = str_replace("../", $conf->urlGelato."/", $register["url"]);
56
-					$tit = ($register["description"]=="") ? "Photo" : strip_tags($register["description"]);
54
+					$tit = ($register["description"]=="") ? "Photo" : $register["description"];
57 55
 					$desc = "<img src=\"".$photoPath."\"/>";
58 56
 					break;
59 57
 				case "3":
60
-					$tit = "\"".strip_tags($register["description"])."\"";
58
+					$tit = "\"".$register["description"]."\"";
61 59
 					$tmpStr = ($register["title"]!="") ? "<br /><br /> - <em>".$register["title"]."</em>" : "";
62 60
 					$desc = "\"".$register["description"]."\"".$tmpStr;
63 61
 					break;
@@ -73,16 +71,16 @@ if(!defined('entry')) define('entry',true);
73 71
 					$desc = $tumble->formatConversation($register["description"]);
74 72
 					break;
75 73
 				case "6":
76
-					$tit = ($register["description"]=="") ? "Video" : strip_tags($register["description"]);
74
+					$tit = ($register["description"]=="") ? "Video" : $register["description"];
77 75
 					$desc = $tumble->getVideoPlayer($register["url"]);
78 76
 					break;
79 77
 				case "7":
80
-					$tit = ($register["description"]=="") ? "MP3" : strip_tags($register["description"]);
78
+					$tit = ($register["description"]=="") ? "MP3" : $register["description"];
81 79
 					$desc = $tumble->getMp3Player($register["url"]);
82 80
 					break;
83 81
 			}
84
-			$tit = htmlspecialchars($tit);
85
-			$url = htmlspecialchars($url);
82
+			$tit = strip_tags($tit);
83
+			//$url = htmlspecialchars($url);
86 84
 			$strEnd=($conf->urlFriendly) ? "/" : "";
87 85
 			$url = $conf->urlGelato.($conf->urlFriendly?"/post/":"/index.php?post=").$register["id_post"].$strEnd;
88 86
 			$formatedDate = gmdate("r", strtotime($register["date"])+transform_offset($conf->offsetTime));