Index: openacs-4/packages/news/www/preview.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/news/www/preview.tcl,v diff -u -r1.11 -r1.12 --- openacs-4/packages/news/www/preview.tcl 13 Jan 2005 13:58:27 -0000 1.11 +++ openacs-4/packages/news/www/preview.tcl 24 Feb 2005 18:03:05 -0000 1.12 @@ -1,5 +1,4 @@ # /packages/news/www/preview.tcl - ad_page_contract { This page previews the input from item-create or admin/revision-add @@ -11,6 +10,7 @@ {item_id:integer ""} action:notnull,trim publish_title:notnull,trim + {publish_lead {}} {publish_body:allhtml,trim ""} {revision_log: ""} html_p:notnull,trim @@ -19,11 +19,15 @@ {publish_date:array ""} {archive_date:array ""} {permanent_p: "f"} - + publish_date_ansi:optional + archive_date_ansi:optional + imgfile:optional + } -errors { publish_title:notnull "[_ news.lt_Please_supply_the_tit]" publish_body:notnull "[_ news.lt_Please_supply_the_bod]" + img_file_valid "[_ news.image_file_is_invalid]" } -validate { @@ -36,7 +40,7 @@ } } } - + check_revision_log -requires {action revision_log} { if { ![string match $action "News Item"] && [empty_string_p $revision_log]} { ad_complain "[_ news.lt_You_must_supply_a_rev]" @@ -51,34 +55,40 @@ ad_complain "[_ news.lt_Publish_body_is_missi]" return } elseif { ![empty_string_p $publish_body] && $file_size > 0 } { - ad_complain "[_ news.lt_Cant_upload_a_publica]" + ad_complain "You can either upload a news item or enter text in the box provided, but not both." return - } + } } max_size -requires {text_file.tmpfile text_file} { set b [file size ${text_file.tmpfile}] - + set b_max [expr 1000*[ad_parameter MaxFileSizeKb "news" 1024]] if { $b > $b_max } { ad_complain "[_ news.lt_Your_document_is_larg] ([util_commify_number $b_max] [_ news.bytes])" return } } + img_file_valid -requires {imgfile} { + if {![ImageMagick::validate_tmp_file $imgfile]} { ad_complain } + } } -properties { - + title:onevalue context:onevalue publish_title:onevalue + publish_lead:onevalue publish_body:onevalue publish_location:onevalue hidden_vars:onevalue permanent_p:onevalue html_p:onevalue news_admin_p:onevalue form_action:onevalue + image_url:onevalue + edit_action:onevalue } set user_id [ad_maybe_redirect_for_registration] @@ -96,12 +106,59 @@ } set context [list $title] +# create a new revision of the image if we've come back from the image-choose +# page and we are revising +if {[exists_and_not_null item_id] && [info exists imgfile]} { + # check user has admin privileges (we can only get here from + # admin/revision-add, so all legit users will have admin on package) + permission::require_permission \ + -object_id [ad_conn package_id] -privilege news_admin + + if {[db_0or1row img_item_id {}]} { + # add a revision to the existing image item + ImageMagick::util::revise_image -file $imgfile -item_id $img_item_id + } else { + # create a new image item + ImageMagick::util::create_image_item -file $imgfile -parent_id $item_id + } + # delete the tmpfile + ImageMagick::delete_tmp_file $imgfile +} + + +# set up image path +if {[exists_and_not_null item_id]} { + set image_id [news_get_image_id $item_id] + if { ![empty_string_p $image_id] } { + set publish_image "image/$image_id" + } else { + set publish_image {} + } + set img_file {} +} elseif {[info exists imgfile]} { + set publish_image "image-view-tmpfile/$imgfile" +} else { + set publish_image {} + set imgfile {} +} + +# if we've come back from the image page, set up dates again +if {[info exists publish_date_ansi] && [info exists archive_date_ansi]} { + set exp {([0-9]{4})-([0-9]{1,2})-([0-9]{1,2})} + if { ![regexp $exp $publish_date_ansi match \ + publish_date(year) publish_date(month) publish_date(day)] + || ![regexp $exp $archive_date_ansi match \ + archive_date(year) archive_date(month) archive_date(day)] } { + ad_return_complaint 1 {
  • Publish/archive dates incorrect
    • } + } +} + # deal with Dates, granularity is 'day' # with news_admin privilege fill in publish and archive dates if { $news_admin_p == 1 } { - + if { [info exists publish_date(year)] && [info exists publish_date(month)] && [info exists publish_date(day)] } { set publish_date_ansi "$publish_date(year)-$publish_date(month)-$publish_date(day)" } else { @@ -122,11 +179,12 @@ if { [dt_interval_check $archive_date_ansi $publish_date_ansi] >= 0 } { ad_return_error "[_ news.Scheduling_Error]" \ - "[_ news.lt_The_archive_date_must]" - return - } -} + "[_ news.lt_The_archive_date_must]" + return + } +} + # if uploaded file, read it into publish_body and massage it if {[info exists file_size]} { if { $file_size > 0 } { @@ -135,23 +193,36 @@ # close any open HTML tags in any case set publish_body [util_close_html_tags $publish_body] + + set errors [ad_html_security_check $publish_body] + ns_log Notice "errors: $errors" + if { ![empty_string_p $errors] } { + ad_return_complaint 1 $errors + } } if { [string match $action "News Item"] } { # form variables for confirmation step - set hidden_vars [export_form_vars publish_title publish_body \ - publish_date_ansi archive_date_ansi html_p permanent_p] + set hidden_vars [export_form_vars publish_title publish_lead publish_body \ + publish_date_ansi archive_date_ansi html_p permanent_p imgfile] + set image_vars [export_form_vars publish_title publish_lead publish_body \ + publish_date_ansi archive_date_ansi html_p \ + permanent_p action] set form_action "
    " - + set edit_action "" + } else { - - # Form vars to carry through Confirmation Page - set hidden_vars [export_form_vars item_id revision_log publish_title publish_body\ - publish_date_ansi archive_date_ansi permanent_p html_p] - set form_action "" + # Form vars to carry through Confirmation Page + set hidden_vars [export_form_vars item_id revision_log publish_title publish_lead publish_body \ + publish_date_ansi archive_date_ansi permanent_p html_p imgfile] + set image_vars [export_form_vars publish_title publish_lead publish_body \ + publish_date_ansi archive_date_ansi html_p \ + permanent_p action item_id revision_log] + set form_action "" + set edit_action "" } # creator link