/program/modules/althing/althing_common.php - code shared between admin and view
This file defines various constants and subroutines used from both and althing_view.php.
create a neat array with email-addresses from a (possibly messy) text
this routine converts a (messy) list of email addresses to an array with a single address per array element. If there are no addresses, an empty array is returned. The addresses are supposed to be comma-delimited and/or newline and/or space delimited. Note that we expect only plain email addresses, no readable names etc. (KISS)
send an alert message to every email address in $emails
this routine sends an individual message to each of the addresses in the array $emails notifying the receiver about the new post. Relevant information (headers) are taken from the $post-record. Note that we attempt to leak as less information as is possible, eg. we don't show email addresses of posters, or the contents, or other information like the name of the page (which could be in a private area) or the title of the althing.
There are several combinations flags that yield different mails to be sent. Here is a truth-table:
Note that most messages contain a warning about the need to login first (either for accessing the private area OR for accessing the admin interface for moderation). In total there are 5 different messages. These can be adapted via the Translate Tool.
Note that the messages 'public_published' and 'private_published' are to be sent once a moderator publishes an unpublished post (ie. makes the post visible for the first time). This means that in that case we are called from althing_admin.php at moderation time rather than from althing_view.php at submit-time.
Note: the URL in the mail now uses the new parameter 'post' to select a single message for display (see also althing_show_overview() in althing_view.php). By showing only a single post, the user is not distracted by other messages that were already there (July 2014).
convert valid BBCode to valid HTML
this routine more or less replaces BBCode tags with the HTML equivalent. We assume that the BBCode is validated before. If you are unsure, you can use bbcode_validate() to double check (at a cost of processing time).
Strategy here is to
Note 1: We do get rid of a single newline after [quote] or [quote=...] because that would otherwise ruin the display with an extra blank line in the quote div. If you really want to have a blank line, use two newlines in a row.
Note 2: We do take into consideration the friendly URL feature and also an option for fully qualified domain names.
handle advanced BBCode search/replace specifically for encoding filenames
we use this callback routine to perform the regex-based search/replace so we get a chance to encode the URLs and also deal with the procy-friendly style of servind files via file.php.
Note that we are transparent about 'hidden' URLs: if the user uses the format [url=path]anchor[/url] we show the path in plain text too, like so: <a href="path">anchor</a> (anchor) No surprises with deceiving links..
one-line wrapper to allow for fully qualified URLs
show a table illustrating the possible BBCode
this routine is a help function. If JS is enabled, the information is hidden and the user can make it visible by clicking on the title.
validate the BBCode in the dialogdef item
* Simple tags always should match in pairs, without overlap: [b] [/b] [u] [/u] [i] [/i] [s] [/s] [code] [/code]
The more complicated constructs with opening/closing tags are: [url=path]anchor[/url] [url]path[/url] [img]path[/img] [quote]text[/quote] [quote=author]text[/quote] [quote="author"]text[/quote]
There is one single tag, ie without closing tag:
[img=path]
Path should be a path relative to the data root, e.g. '/areas/exemplum/snapshots/cyanara.jpg'. This limits the URLs and the IMGs to files on this server.
Note that we also validate the specified path via which also checks permissions of the current user. The prevents leaking of files via pupils from the teachers private intranet.
validate a filename for existence and access
this routine checks to see if the current user is allowed to access the file $filename and also that it actually exists. We return FALSE if access is denied or the cleaned up path if all is well.
Documentation generated on Tue, 28 Jun 2016 19:08:16 +0200 by phpDocumentor 1.4.0