node.pages.inc 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678
  1. <?php
  2. /**
  3. * @file
  4. * Page callbacks for adding, editing, deleting, and revisions management for content.
  5. */
  6. /**
  7. * Menu callback; presents the node editing form.
  8. */
  9. function node_page_edit($node) {
  10. $type_name = node_type_get_name($node);
  11. drupal_set_title(t('<em>Edit @type</em> @title', array('@type' => $type_name, '@title' => $node->title)), PASS_THROUGH);
  12. return drupal_get_form($node->type . '_node_form', $node);
  13. }
  14. /**
  15. * Page callback: Displays add content links for available content types.
  16. *
  17. * Redirects to node/add/[type] if only one content type is available.
  18. *
  19. * @see node_menu()
  20. */
  21. function node_add_page() {
  22. $item = menu_get_item();
  23. $content = system_admin_menu_block($item);
  24. // Bypass the node/add listing if only one content type is available.
  25. if (count($content) == 1) {
  26. $item = array_shift($content);
  27. drupal_goto($item['href']);
  28. }
  29. return theme('node_add_list', array('content' => $content));
  30. }
  31. /**
  32. * Returns HTML for a list of available node types for node creation.
  33. *
  34. * @param $variables
  35. * An associative array containing:
  36. * - content: An array of content types.
  37. *
  38. * @ingroup themeable
  39. */
  40. function theme_node_add_list($variables) {
  41. $content = $variables['content'];
  42. $output = '';
  43. if ($content) {
  44. $output = '<dl class="node-type-list">';
  45. foreach ($content as $item) {
  46. $output .= '<dt>' . l($item['title'], $item['href'], $item['localized_options']) . '</dt>';
  47. $output .= '<dd>' . filter_xss_admin($item['description']) . '</dd>';
  48. }
  49. $output .= '</dl>';
  50. }
  51. else {
  52. $output = '<p>' . t('You have not created any content types yet. Go to the <a href="@create-content">content type creation page</a> to add a new content type.', array('@create-content' => url('admin/structure/types/add'))) . '</p>';
  53. }
  54. return $output;
  55. }
  56. /**
  57. * Returns a node submission form.
  58. *
  59. * @param $type
  60. * The node type for the submitted node.
  61. *
  62. * @return
  63. * The themed form.
  64. */
  65. function node_add($type) {
  66. global $user;
  67. $types = node_type_get_types();
  68. $node = (object) array('uid' => $user->uid, 'name' => (isset($user->name) ? $user->name : ''), 'type' => $type, 'language' => LANGUAGE_NONE);
  69. drupal_set_title(t('Create @name', array('@name' => $types[$type]->name)), PASS_THROUGH);
  70. $output = drupal_get_form($type . '_node_form', $node);
  71. return $output;
  72. }
  73. /**
  74. * Form validation handler for node_form().
  75. *
  76. * @see node_form()
  77. * @see node_form_submit()
  78. */
  79. function node_form_validate($form, &$form_state) {
  80. // $form_state['node'] contains the actual entity being edited, but we must
  81. // not update it with form values that have not yet been validated, so we
  82. // create a pseudo-entity to use during validation.
  83. $node = (object) $form_state['values'];
  84. node_validate($node, $form, $form_state);
  85. entity_form_field_validate('node', $form, $form_state);
  86. }
  87. /**
  88. * Form constructor for the node add/edit form.
  89. *
  90. * @see node_form_validate()
  91. * @see node_form_submit()
  92. * @see node_form_build_preview()
  93. * @see node_form_delete_submit()
  94. * @ingroup forms
  95. */
  96. function node_form($form, &$form_state, $node) {
  97. global $user;
  98. // During initial form build, add the node entity to the form state for use
  99. // during form building and processing. During a rebuild, use what is in the
  100. // form state.
  101. if (!isset($form_state['node'])) {
  102. if (!isset($node->title)) {
  103. $node->title = NULL;
  104. }
  105. node_object_prepare($node);
  106. $form_state['node'] = $node;
  107. }
  108. else {
  109. $node = $form_state['node'];
  110. }
  111. // Some special stuff when previewing a node.
  112. if (isset($form_state['node_preview'])) {
  113. $form['#prefix'] = $form_state['node_preview'];
  114. $node->in_preview = TRUE;
  115. }
  116. else {
  117. unset($node->in_preview);
  118. }
  119. // Identify this as a node edit form.
  120. // @todo D8: Remove. Modules can implement hook_form_BASE_FORM_ID_alter() now.
  121. $form['#node_edit_form'] = TRUE;
  122. $form['#attributes']['class'][] = 'node-form';
  123. if (!empty($node->type)) {
  124. $form['#attributes']['class'][] = 'node-' . $node->type . '-form';
  125. }
  126. // Basic node information.
  127. // These elements are just values so they are not even sent to the client.
  128. foreach (array('nid', 'vid', 'uid', 'created', 'type', 'language') as $key) {
  129. $form[$key] = array(
  130. '#type' => 'value',
  131. '#value' => isset($node->$key) ? $node->$key : NULL,
  132. );
  133. }
  134. // Changed must be sent to the client, for later overwrite error checking.
  135. $form['changed'] = array(
  136. '#type' => 'hidden',
  137. '#default_value' => isset($node->changed) ? $node->changed : NULL,
  138. );
  139. // Invoke hook_form() to get the node-specific bits. Can't use node_invoke(),
  140. // because hook_form() needs to be able to receive $form_state by reference.
  141. // @todo hook_form() implementations are unable to add #validate or #submit
  142. // handlers to the form buttons below. Remove hook_form() entirely.
  143. $function = node_type_get_base($node) . '_form';
  144. if (function_exists($function) && ($extra = $function($node, $form_state))) {
  145. $form = array_merge_recursive($form, $extra);
  146. }
  147. // If the node type has a title, and the node type form defined no special
  148. // weight for it, we default to a weight of -5 for consistency.
  149. if (isset($form['title']) && !isset($form['title']['#weight'])) {
  150. $form['title']['#weight'] = -5;
  151. }
  152. // @todo D8: Remove. Modules should access the node using $form_state['node'].
  153. $form['#node'] = $node;
  154. $form['additional_settings'] = array(
  155. '#type' => 'vertical_tabs',
  156. '#weight' => 99,
  157. );
  158. // Add a log field if the "Create new revision" option is checked, or if the
  159. // current user has the ability to check that option.
  160. $form['revision_information'] = array(
  161. '#type' => 'fieldset',
  162. '#title' => t('Revision information'),
  163. '#collapsible' => TRUE,
  164. // Collapsed by default when "Create new revision" is unchecked
  165. '#collapsed' => !$node->revision,
  166. '#group' => 'additional_settings',
  167. '#attributes' => array(
  168. 'class' => array('node-form-revision-information'),
  169. ),
  170. '#attached' => array(
  171. 'js' => array(drupal_get_path('module', 'node') . '/node.js'),
  172. ),
  173. '#weight' => 20,
  174. '#access' => $node->revision || user_access('administer nodes'),
  175. );
  176. $form['revision_information']['revision'] = array(
  177. '#type' => 'checkbox',
  178. '#title' => t('Create new revision'),
  179. '#default_value' => $node->revision,
  180. '#access' => user_access('administer nodes'),
  181. );
  182. // Check the revision log checkbox when the log textarea is filled in.
  183. // This must not happen if "Create new revision" is enabled by default, since
  184. // the state would auto-disable the checkbox otherwise.
  185. if (!$node->revision) {
  186. $form['revision_information']['revision']['#states'] = array(
  187. 'checked' => array(
  188. 'textarea[name="log"]' => array('empty' => FALSE),
  189. ),
  190. );
  191. }
  192. $form['revision_information']['log'] = array(
  193. '#type' => 'textarea',
  194. '#title' => t('Revision log message'),
  195. '#rows' => 4,
  196. '#default_value' => !empty($node->log) ? $node->log : '',
  197. '#description' => t('Provide an explanation of the changes you are making. This will help other authors understand your motivations.'),
  198. );
  199. // Node author information for administrators
  200. $form['author'] = array(
  201. '#type' => 'fieldset',
  202. '#access' => user_access('administer nodes'),
  203. '#title' => t('Authoring information'),
  204. '#collapsible' => TRUE,
  205. '#collapsed' => TRUE,
  206. '#group' => 'additional_settings',
  207. '#attributes' => array(
  208. 'class' => array('node-form-author'),
  209. ),
  210. '#attached' => array(
  211. 'js' => array(
  212. drupal_get_path('module', 'node') . '/node.js',
  213. array(
  214. 'type' => 'setting',
  215. 'data' => array('anonymous' => variable_get('anonymous', t('Anonymous'))),
  216. ),
  217. ),
  218. ),
  219. '#weight' => 90,
  220. );
  221. $form['author']['name'] = array(
  222. '#type' => 'textfield',
  223. '#title' => t('Authored by'),
  224. '#maxlength' => 60,
  225. '#autocomplete_path' => 'user/autocomplete',
  226. '#default_value' => !empty($node->name) ? $node->name : '',
  227. '#weight' => -1,
  228. '#description' => t('Leave blank for %anonymous.', array('%anonymous' => variable_get('anonymous', t('Anonymous')))),
  229. );
  230. $form['author']['date'] = array(
  231. '#type' => 'textfield',
  232. '#title' => t('Authored on'),
  233. '#maxlength' => 25,
  234. '#description' => t('Format: %time. The date format is YYYY-MM-DD and %timezone is the time zone offset from UTC. Leave blank to use the time of form submission.', array('%time' => !empty($node->date) ? date_format(date_create($node->date), 'Y-m-d H:i:s O') : format_date($node->created, 'custom', 'Y-m-d H:i:s O'), '%timezone' => !empty($node->date) ? date_format(date_create($node->date), 'O') : format_date($node->created, 'custom', 'O'))),
  235. '#default_value' => !empty($node->date) ? $node->date : '',
  236. );
  237. // Node options for administrators
  238. $form['options'] = array(
  239. '#type' => 'fieldset',
  240. '#access' => user_access('administer nodes'),
  241. '#title' => t('Publishing options'),
  242. '#collapsible' => TRUE,
  243. '#collapsed' => TRUE,
  244. '#group' => 'additional_settings',
  245. '#attributes' => array(
  246. 'class' => array('node-form-options'),
  247. ),
  248. '#attached' => array(
  249. 'js' => array(drupal_get_path('module', 'node') . '/node.js'),
  250. ),
  251. '#weight' => 95,
  252. );
  253. $form['options']['status'] = array(
  254. '#type' => 'checkbox',
  255. '#title' => t('Published'),
  256. '#default_value' => $node->status,
  257. );
  258. $form['options']['promote'] = array(
  259. '#type' => 'checkbox',
  260. '#title' => t('Promoted to front page'),
  261. '#default_value' => $node->promote,
  262. );
  263. $form['options']['sticky'] = array(
  264. '#type' => 'checkbox',
  265. '#title' => t('Sticky at top of lists'),
  266. '#default_value' => $node->sticky,
  267. );
  268. // Add the buttons.
  269. $form['actions'] = array('#type' => 'actions');
  270. $form['actions']['submit'] = array(
  271. '#type' => 'submit',
  272. '#access' => variable_get('node_preview_' . $node->type, DRUPAL_OPTIONAL) != DRUPAL_REQUIRED || (!form_get_errors() && isset($form_state['node_preview'])),
  273. '#value' => t('Save'),
  274. '#weight' => 5,
  275. '#submit' => array('node_form_submit'),
  276. );
  277. $form['actions']['preview'] = array(
  278. '#access' => variable_get('node_preview_' . $node->type, DRUPAL_OPTIONAL) != DRUPAL_DISABLED,
  279. '#type' => 'submit',
  280. '#value' => t('Preview'),
  281. '#weight' => 10,
  282. '#submit' => array('node_form_build_preview'),
  283. );
  284. if (!empty($node->nid) && node_access('delete', $node)) {
  285. $form['actions']['delete'] = array(
  286. '#type' => 'submit',
  287. '#value' => t('Delete'),
  288. '#weight' => 15,
  289. '#submit' => array('node_form_delete_submit'),
  290. );
  291. }
  292. // This form uses a button-level #submit handler for the form's main submit
  293. // action. node_form_submit() manually invokes all form-level #submit handlers
  294. // of the form. Without explicitly setting #submit, Form API would auto-detect
  295. // node_form_submit() as submit handler, but that is the button-level #submit
  296. // handler for the 'Save' action. To maintain backwards compatibility, a
  297. // #submit handler is auto-suggested for custom node type modules.
  298. $form['#validate'][] = 'node_form_validate';
  299. if (!isset($form['#submit']) && function_exists($node->type . '_node_form_submit')) {
  300. $form['#submit'][] = $node->type . '_node_form_submit';
  301. }
  302. $form += array('#submit' => array());
  303. field_attach_form('node', $node, $form, $form_state, entity_language('node', $node));
  304. return $form;
  305. }
  306. /**
  307. * Form submission handler for node_form().
  308. *
  309. * Handles the 'Delete' button on the node form.
  310. *
  311. * @see node_form()
  312. * @see node_form_validate()
  313. */
  314. function node_form_delete_submit($form, &$form_state) {
  315. $destination = array();
  316. if (isset($_GET['destination'])) {
  317. $destination = drupal_get_destination();
  318. unset($_GET['destination']);
  319. }
  320. $node = $form['#node'];
  321. $form_state['redirect'] = array('node/' . $node->nid . '/delete', array('query' => $destination));
  322. }
  323. /**
  324. * Form submission handler for node_form().
  325. *
  326. * Handles the 'Preview' button on the node form.
  327. *
  328. * @see node_form()
  329. * @see node_form_validate()
  330. */
  331. function node_form_build_preview($form, &$form_state) {
  332. $node = node_form_submit_build_node($form, $form_state);
  333. $form_state['node_preview'] = node_preview($node);
  334. $form_state['rebuild'] = TRUE;
  335. }
  336. /**
  337. * Generates a node preview.
  338. *
  339. * @param $node
  340. * The node to preview.
  341. *
  342. * @return
  343. * An HTML-formatted string of a node preview.
  344. *
  345. * @see node_form_build_preview()
  346. */
  347. function node_preview($node) {
  348. if (node_access('create', $node) || node_access('update', $node)) {
  349. _field_invoke_multiple('load', 'node', array($node->nid => $node));
  350. // Load the user's name when needed.
  351. if (isset($node->name)) {
  352. // The use of isset() is mandatory in the context of user IDs, because
  353. // user ID 0 denotes the anonymous user.
  354. if ($user = user_load_by_name($node->name)) {
  355. $node->uid = $user->uid;
  356. $node->picture = $user->picture;
  357. }
  358. else {
  359. $node->uid = 0; // anonymous user
  360. }
  361. }
  362. elseif ($node->uid) {
  363. $user = user_load($node->uid);
  364. $node->name = $user->name;
  365. $node->picture = $user->picture;
  366. }
  367. $node->changed = REQUEST_TIME;
  368. $nodes = array($node->nid => $node);
  369. field_attach_prepare_view('node', $nodes, 'full');
  370. // Display a preview of the node.
  371. if (!form_get_errors()) {
  372. $node->in_preview = TRUE;
  373. $output = theme('node_preview', array('node' => $node));
  374. unset($node->in_preview);
  375. }
  376. drupal_set_title(t('Preview'), PASS_THROUGH);
  377. return $output;
  378. }
  379. }
  380. /**
  381. * Returns HTML for a node preview for display during node creation and editing.
  382. *
  383. * @param $variables
  384. * An associative array containing:
  385. * - node: The node object which is being previewed.
  386. *
  387. * @see node_preview()
  388. * @ingroup themeable
  389. */
  390. function theme_node_preview($variables) {
  391. $node = $variables['node'];
  392. $output = '<div class="preview">';
  393. $preview_trimmed_version = FALSE;
  394. $elements = node_view(clone $node, 'teaser');
  395. $trimmed = drupal_render($elements);
  396. $elements = node_view($node, 'full');
  397. $full = drupal_render($elements);
  398. // Do we need to preview trimmed version of post as well as full version?
  399. if ($trimmed != $full) {
  400. drupal_set_message(t('The trimmed version of your post shows what your post looks like when promoted to the main page or when exported for syndication.<span class="no-js"> You can insert the delimiter "&lt;!--break--&gt;" (without the quotes) to fine-tune where your post gets split.</span>'));
  401. $output .= '<h3>' . t('Preview trimmed version') . '</h3>';
  402. $output .= $trimmed;
  403. $output .= '<h3>' . t('Preview full version') . '</h3>';
  404. $output .= $full;
  405. }
  406. else {
  407. $output .= $full;
  408. }
  409. $output .= "</div>\n";
  410. return $output;
  411. }
  412. /**
  413. * Form submission handler for node_form().
  414. *
  415. * @see node_form()
  416. * @see node_form_validate()
  417. */
  418. function node_form_submit($form, &$form_state) {
  419. $node = node_form_submit_build_node($form, $form_state);
  420. $insert = empty($node->nid);
  421. node_save($node);
  422. $node_link = l(t('view'), 'node/' . $node->nid);
  423. $watchdog_args = array('@type' => $node->type, '%title' => $node->title);
  424. $t_args = array('@type' => node_type_get_name($node), '%title' => $node->title);
  425. if ($insert) {
  426. watchdog('content', '@type: added %title.', $watchdog_args, WATCHDOG_NOTICE, $node_link);
  427. drupal_set_message(t('@type %title has been created.', $t_args));
  428. }
  429. else {
  430. watchdog('content', '@type: updated %title.', $watchdog_args, WATCHDOG_NOTICE, $node_link);
  431. drupal_set_message(t('@type %title has been updated.', $t_args));
  432. }
  433. if ($node->nid) {
  434. $form_state['values']['nid'] = $node->nid;
  435. $form_state['nid'] = $node->nid;
  436. $form_state['redirect'] = node_access('view', $node) ? 'node/' . $node->nid : '<front>';
  437. }
  438. else {
  439. // In the unlikely case something went wrong on save, the node will be
  440. // rebuilt and node form redisplayed the same way as in preview.
  441. drupal_set_message(t('The post could not be saved.'), 'error');
  442. $form_state['rebuild'] = TRUE;
  443. }
  444. // Clear the page and block caches.
  445. cache_clear_all();
  446. }
  447. /**
  448. * Updates the form state's node entity by processing this submission's values.
  449. *
  450. * This is the default builder function for the node form. It is called
  451. * during the "Save" and "Preview" submit handlers to retrieve the entity to
  452. * save or preview. This function can also be called by a "Next" button of a
  453. * wizard to update the form state's entity with the current step's values
  454. * before proceeding to the next step.
  455. *
  456. * @see node_form()
  457. */
  458. function node_form_submit_build_node($form, &$form_state) {
  459. // @todo Legacy support for modules that extend the node form with form-level
  460. // submit handlers that adjust $form_state['values'] prior to those values
  461. // being used to update the entity. Module authors are encouraged to instead
  462. // adjust the node directly within a hook_node_submit() implementation. For
  463. // Drupal 8, evaluate whether the pattern of triggering form-level submit
  464. // handlers during button-level submit processing is worth supporting
  465. // properly, and if so, add a Form API function for doing so.
  466. unset($form_state['submit_handlers']);
  467. form_execute_handlers('submit', $form, $form_state);
  468. $node = $form_state['node'];
  469. entity_form_submit_build_entity('node', $node, $form, $form_state);
  470. node_submit($node);
  471. foreach (module_implements('node_submit') as $module) {
  472. $function = $module . '_node_submit';
  473. $function($node, $form, $form_state);
  474. }
  475. return $node;
  476. }
  477. /**
  478. * Form constructor for the node deletion confirmation form.
  479. *
  480. * @see node_delete_confirm_submit()
  481. */
  482. function node_delete_confirm($form, &$form_state, $node) {
  483. $form['#node'] = $node;
  484. // Always provide entity id in the same form key as in the entity edit form.
  485. $form['nid'] = array('#type' => 'value', '#value' => $node->nid);
  486. return confirm_form($form,
  487. t('Are you sure you want to delete %title?', array('%title' => $node->title)),
  488. 'node/' . $node->nid,
  489. t('This action cannot be undone.'),
  490. t('Delete'),
  491. t('Cancel')
  492. );
  493. }
  494. /**
  495. * Executes node deletion.
  496. *
  497. * @see node_delete_confirm()
  498. */
  499. function node_delete_confirm_submit($form, &$form_state) {
  500. if ($form_state['values']['confirm']) {
  501. $node = node_load($form_state['values']['nid']);
  502. node_delete($form_state['values']['nid']);
  503. cache_clear_all();
  504. watchdog('content', '@type: deleted %title.', array('@type' => $node->type, '%title' => $node->title));
  505. drupal_set_message(t('@type %title has been deleted.', array('@type' => node_type_get_name($node), '%title' => $node->title)));
  506. }
  507. $form_state['redirect'] = '<front>';
  508. }
  509. /**
  510. * Generates an overview table of older revisions of a node.
  511. *
  512. * @param $node
  513. * A node object.
  514. *
  515. * @return array
  516. * An array as expected by drupal_render().
  517. *
  518. * @see node_menu()
  519. */
  520. function node_revision_overview($node) {
  521. drupal_set_title(t('Revisions for %title', array('%title' => $node->title)), PASS_THROUGH);
  522. $header = array(t('Revision'), array('data' => t('Operations'), 'colspan' => 2));
  523. $revisions = node_revision_list($node);
  524. $rows = array();
  525. $revert_permission = FALSE;
  526. if ((user_access('revert revisions') || user_access('administer nodes')) && node_access('update', $node)) {
  527. $revert_permission = TRUE;
  528. }
  529. $delete_permission = FALSE;
  530. if ((user_access('delete revisions') || user_access('administer nodes')) && node_access('delete', $node)) {
  531. $delete_permission = TRUE;
  532. }
  533. foreach ($revisions as $revision) {
  534. $row = array();
  535. $operations = array();
  536. if ($revision->current_vid > 0) {
  537. $row[] = array('data' => t('!date by !username', array('!date' => l(format_date($revision->timestamp, 'short'), "node/$node->nid"), '!username' => theme('username', array('account' => $revision))))
  538. . (($revision->log != '') ? '<p class="revision-log">' . filter_xss($revision->log) . '</p>' : ''),
  539. 'class' => array('revision-current'));
  540. $operations[] = array('data' => drupal_placeholder(t('current revision')), 'class' => array('revision-current'), 'colspan' => 2);
  541. }
  542. else {
  543. $row[] = t('!date by !username', array('!date' => l(format_date($revision->timestamp, 'short'), "node/$node->nid/revisions/$revision->vid/view"), '!username' => theme('username', array('account' => $revision))))
  544. . (($revision->log != '') ? '<p class="revision-log">' . filter_xss($revision->log) . '</p>' : '');
  545. if ($revert_permission) {
  546. $operations[] = l(t('revert'), "node/$node->nid/revisions/$revision->vid/revert");
  547. }
  548. if ($delete_permission) {
  549. $operations[] = l(t('delete'), "node/$node->nid/revisions/$revision->vid/delete");
  550. }
  551. }
  552. $rows[] = array_merge($row, $operations);
  553. }
  554. $build['node_revisions_table'] = array(
  555. '#theme' => 'table',
  556. '#rows' => $rows,
  557. '#header' => $header,
  558. );
  559. return $build;
  560. }
  561. /**
  562. * Asks for confirmation of the reversion to prevent against CSRF attacks.
  563. *
  564. * @param int $node_revision
  565. * The node revision ID.
  566. *
  567. * @return array
  568. * An array as expected by drupal_render().
  569. *
  570. * @see node_menu()
  571. * @see node_revision_revert_confirm_submit()
  572. * @ingroup forms
  573. */
  574. function node_revision_revert_confirm($form, $form_state, $node_revision) {
  575. $form['#node_revision'] = $node_revision;
  576. return confirm_form($form, t('Are you sure you want to revert to the revision from %revision-date?', array('%revision-date' => format_date($node_revision->revision_timestamp))), 'node/' . $node_revision->nid . '/revisions', '', t('Revert'), t('Cancel'));
  577. }
  578. /**
  579. * Form submission handler for node_revision_revert_confirm().
  580. */
  581. function node_revision_revert_confirm_submit($form, &$form_state) {
  582. $node_revision = $form['#node_revision'];
  583. $node_revision->revision = 1;
  584. $node_revision->log = t('Copy of the revision from %date.', array('%date' => format_date($node_revision->revision_timestamp)));
  585. node_save($node_revision);
  586. watchdog('content', '@type: reverted %title revision %revision.', array('@type' => $node_revision->type, '%title' => $node_revision->title, '%revision' => $node_revision->vid));
  587. drupal_set_message(t('@type %title has been reverted back to the revision from %revision-date.', array('@type' => node_type_get_name($node_revision), '%title' => $node_revision->title, '%revision-date' => format_date($node_revision->revision_timestamp))));
  588. $form_state['redirect'] = 'node/' . $node_revision->nid . '/revisions';
  589. }
  590. /**
  591. * Form constructor for the revision deletion confirmation form.
  592. *
  593. * This form prevents against CSRF attacks.
  594. *
  595. * @param $node_revision
  596. * The node revision ID.
  597. *
  598. * @return
  599. * An array as expected by drupal_render().
  600. *
  601. * @see node_menu()
  602. * @see node_revision_delete_confirm_submit()
  603. * @ingroup forms
  604. */
  605. function node_revision_delete_confirm($form, $form_state, $node_revision) {
  606. $form['#node_revision'] = $node_revision;
  607. return confirm_form($form, t('Are you sure you want to delete the revision from %revision-date?', array('%revision-date' => format_date($node_revision->revision_timestamp))), 'node/' . $node_revision->nid . '/revisions', t('This action cannot be undone.'), t('Delete'), t('Cancel'));
  608. }
  609. /**
  610. * Form submission handler for node_revision_delete_confirm().
  611. */
  612. function node_revision_delete_confirm_submit($form, &$form_state) {
  613. $node_revision = $form['#node_revision'];
  614. node_revision_delete($node_revision->vid);
  615. watchdog('content', '@type: deleted %title revision %revision.', array('@type' => $node_revision->type, '%title' => $node_revision->title, '%revision' => $node_revision->vid));
  616. drupal_set_message(t('Revision from %revision-date of @type %title has been deleted.', array('%revision-date' => format_date($node_revision->revision_timestamp), '@type' => node_type_get_name($node_revision), '%title' => $node_revision->title)));
  617. $form_state['redirect'] = 'node/' . $node_revision->nid;
  618. if (db_query('SELECT COUNT(vid) FROM {node_revision} WHERE nid = :nid', array(':nid' => $node_revision->nid))->fetchField() > 1) {
  619. $form_state['redirect'] .= '/revisions';
  620. }
  621. }