okapi r646

This commit is contained in:
following
2013-03-31 21:29:37 +02:00
parent ca78e4fb97
commit 0f562bf42e
4 changed files with 104 additions and 35 deletions

View File

@ -778,7 +778,7 @@ class Okapi
{
public static $data_store;
public static $server;
public static $revision = 641; # This gets replaced in automatically deployed packages
public static $revision = 646; # This gets replaced in automatically deployed packages
private static $okapi_vars = null;
/** Get a variable stored in okapi_vars. If variable not found, return $default. */

View File

@ -810,13 +810,17 @@ class WebService
# Country and/or state.
if (Settings::get('OC_BRANCH') == 'oc.de')
$cache_location_state = 'adm2';
else
$cache_location_state = 'adm3';
if (in_array('country', $fields) || in_array('state', $fields))
{
$rs = Db::query("
select
c.wp_oc as cache_code,
cl.adm1 as country,
cl.adm3 as state
cl.".$cache_location_state." as state
from
caches c,
cache_location cl

View File

@ -56,11 +56,9 @@ class WebService
if (!$comment) $comment = "";
$comment_format = $request->get_parameter('comment_format');
if ($comment_format)
{
if (!in_array($comment_format, array('html', 'plaintext')))
throw new InvalidParam('comment_format', $comment_format);
}
if (!$comment_format) $comment_format = "auto";
if (!in_array($comment_format, array('auto', 'html', 'plaintext')))
throw new InvalidParam('comment_format', $comment_format);
$tmp = $request->get_parameter('when');
if ($tmp)
@ -150,19 +148,73 @@ class WebService
throw new CannotPublishException(_("Invalid password!"));
}
# Very weird part (as usual). OC stores HTML-lized comments in the database
# (it doesn't really matter if 'text_html' field is set to FALSE). OKAPI must
# save it in HTML either way. However, escaping plain-text doesn't work.
# If we put "&lt;b&gt;" in, it still gets converted to "<b>" before display!
# NONE of this process is documented. There doesn't seem to be ANY way to force
# OCPL to treat a string as either plain-text nor HTML. It's always something
# in between! In other words, we cannot guarantee how it gets displayed in
# the end. Since text_html=0 doesn't add <br/>s on its own, we can only add
# proper <br/>s and hope it's okay. We will remove the original $comment
# variable from our namespace and act on the "pseudoencoded" one.
# Prepare our comment to be inserted into the database. This may require
# some reformatting which depends on the current OC installation.
$PSEUDOENCODED_comment = htmlspecialchars($comment, ENT_QUOTES);
$PSEUDOENCODED_comment = nl2br($PSEUDOENCODED_comment);
if (Settings::get('OC_BRANCH') == 'oc.de')
{
# OCDE stores all comments in HTML format, while the 'text_html' field
# indicates their *original* format as delivered by the user. This
# allows processing the 'text' field contents without caring about the
# original format, while still being able to re-create the comment in
# its original form. It requires us to HTML-encode plaintext comments
# and to indicate this by setting 'html_text' to FALSE.
#
# For user-supplied HTML comments, OCDE requires us to do additional
# HTML purification prior to the insertion into the database.
if ($comment_format == 'plaintext')
{
$formatted_comment = htmlspecialchars($comment, ENT_QUOTES);
$formatted_comment = nl2br($formatted_comment);
$value_for_text_html_field = 0;
}
else
{
# NOTICE: We are including EXTERNAL OCDE library here! This
# code does not belong to OKAPI!
require_once $GLOBALS['rootpath'] . '../lib/htmlpurifier-4.2.0/library/HTMLPurifier.auto.php';
$config = \HTMLPurifier_Config::createDefault();
if ($comment_format == 'auto')
$config->set('AutoFormat', 'AutoParagraph', true);
$purifier = new \HTMLPurifier($config);
$formatted_comment = $purifier->purify($comment);
$value_for_text_html_field = 1;
}
}
else
{
# OCPL is even weirder. It also stores HTML-lized comments in the database
# (it doesn't really matter if 'text_html' field is set to FALSE). OKAPI must
# save it in HTML either way. However, escaping plain-text doesn't work!
# If we put "&lt;b&gt;" in, it still gets converted to "<b>" before display!
# NONE of this process is documented within OCPL code. OKAPI uses a dirty
# "hack" to save PLAINTEXT comments (let us hope the hack will remain valid).
#
# OCPL doesn't require HTML purification prior to the database insertion.
# HTML seems to be purified dynamically, before it is displayed.
if ($comment_format == 'plaintext')
{
$formatted_comment = htmlspecialchars($comment, ENT_QUOTES);
$formatted_comment = nl2br($formatted_comment);
$formatted_comment = str_replace("&amp;", "&amp;#38;", $formatted_comment);
$formatted_comment = str_replace("&lt;", "&amp;#60;", $formatted_comment);
$formatted_comment = str_replace("&gt;", "&amp;#62;", $formatted_comment);
$value_for_text_html_field = 0; // WRTODO: get rid of
}
elseif ($comment_format == 'auto')
{
$formatted_comment = nl2br($comment);
$value_for_text_html_field = 1;
}
else
{
$formatted_comment = $comment;
$value_for_text_html_field = 1;
}
}
unset($comment);
# Duplicate detection.
@ -184,7 +236,7 @@ class WebService
and cache_id = '".mysql_real_escape_string($cache['internal_id'])."'
and type = '".mysql_real_escape_string(Okapi::logtypename2id($logtype))."'
and date = from_unixtime('".mysql_real_escape_string($when)."')
and text = '".mysql_real_escape_string($PSEUDOENCODED_comment)."'
and text = '".mysql_real_escape_string($formatted_comment)."'
".((Settings::get('OC_BRANCH') == 'oc.pl') ? "and deleted = 0" : "")."
limit 1
");
@ -278,7 +330,7 @@ class WebService
$logtype = 'Needs maintenance';
$second_logtype = null;
$second_PSEUDOENCODED_comment = null;
$second_formatted_comment = null;
}
elseif ($logtype == 'Found it')
{
@ -286,7 +338,7 @@ class WebService
# original comment, and second one "Needs maintenance" with empty comment.
$second_logtype = 'Needs maintenance';
$second_PSEUDOENCODED_comment = "";
$second_formatted_comment = "";
}
elseif ($logtype == "Didn't find it")
{
@ -297,8 +349,8 @@ class WebService
# in the future, but it seems natural to me.)
$second_logtype = 'Needs maintenance';
$second_PSEUDOENCODED_comment = $PSEUDOENCODED_comment;
$PSEUDOENCODED_comment = "";
$second_formatted_comment = $formatted_comment;
$formatted_comment = "";
}
else
throw new Exception();
@ -309,20 +361,24 @@ class WebService
# isn't supported by this server.
$second_logtype = null;
$second_PSEUDOENCODED_comment = null;
$second_formatted_comment = null;
}
# Finally! Insert the rows into the log entries table. Update
# cache stats and user stats.
$log_uuid = self::insert_log_row($request->consumer->key, $cache['internal_id'], $user['internal_id'], $logtype, $when, $PSEUDOENCODED_comment);
$log_uuid = self::insert_log_row(
$request->consumer->key, $cache['internal_id'], $user['internal_id'], $logtype,
$when, $formatted_comment, $value_for_text_html_field);
self::increment_cache_stats($cache['internal_id'], $when, $logtype);
self::increment_user_stats($user['internal_id'], $logtype);
if ($second_logtype != null)
{
# Reminder: This will never be called while SUPPORTS_LOGTYPE_NEEDS_MAINTENANCE is off.
self::insert_log_row($request->consumer->key, $cache['internal_id'], $user['internal_id'], $second_logtype, $when + 1, $second_PSEUDOENCODED_comment);
self::insert_log_row(
$request->consumer->key, $cache['internal_id'], $user['internal_id'], $second_logtype,
$when + 1, $second_formatted_comment, $value_for_text_html_field);
self::increment_cache_stats($cache['internal_id'], $when + 1, $second_logtype);
self::increment_user_stats($user['internal_id'], $second_logtype);
}
@ -529,18 +585,22 @@ class WebService
);
}
private static function insert_log_row($consumer_key, $cache_internal_id, $user_internal_id, $logtype, $when, $PSEUDOENCODED_comment)
private static function insert_log_row(
$consumer_key, $cache_internal_id, $user_internal_id, $logtype, $when,
$formatted_comment, $text_html
)
{
$log_uuid = self::create_uuid();
Db::execute("
insert into cache_logs (uuid, cache_id, user_id, type, date, text, last_modified, date_created, node)
insert into cache_logs (uuid, cache_id, user_id, type, date, text, text_html, last_modified, date_created, node)
values (
'".mysql_real_escape_string($log_uuid)."',
'".mysql_real_escape_string($cache_internal_id)."',
'".mysql_real_escape_string($user_internal_id)."',
'".mysql_real_escape_string(Okapi::logtypename2id($logtype))."',
from_unixtime('".mysql_real_escape_string($when)."'),
'".mysql_real_escape_string($PSEUDOENCODED_comment)."',
'".mysql_real_escape_string($formatted_comment)."',
'".mysql_real_escape_string($text_html)."',
now(),
now(),
'".mysql_real_escape_string(Settings::get('OC_NODE_ID'))."'

View File

@ -16,11 +16,16 @@
<opt name='comment'>
<p>Text to be submitted with the log entry.</p>
</opt>
<opt name='comment_format' default='(unspecified!)'>
<p>Indicates the format of your <b>comment</b>. Two values allowed: <b>html</b> or <b>plaintext</b>.</p>
<p><b>Important note:</b> Due to <a href='http://code.google.com/p/opencaching-api/issues/detail?id=124'>some issues</a>,
this switch is currently completelly ignored (!). However, we still advise you to use it,
for future-compatibility.</p>
<opt name='comment_format' default='auto'>
<p>Indicates the format of your <b>comment</b>. Three values allowed:
<b>auto</b>, <b>html</b> or <b>plaintext</b>. Usually, you should not
use the <b>auto</b> option, because its exact behavior is unspecified
and may depend on the installation
(<a href='https://code.google.com/p/opencaching-api/issues/detail?id=124'>more info</a>).</p>
<p><b>Important note:</b> The subset of allowed HTML elements is left undefined
and may change in the future. For future-compatibility, you should use only
basic formatting tags.</p>
</opt>
<opt name='when'>
<p>A date and time string. This should be in ISO 8601 format (currently any