$mode = $_REQUEST['mode']; } $bid = ''; if (!empty($_REQUEST['bid'])) { $bid = COM_applyFilter($_REQUEST['bid']); } if (isset($_POST['blockenabler']) && SEC_checkToken()) { $enabledblocks = array(); if (isset($_POST['enabledblocks'])) { $enabledblocks = $_POST['enabledblocks']; } $visibleblocks = array(); if (isset($_POST['visibleblocks'])) { $visibleblocks = $_POST['visibleblocks']; } changeBlockStatus($enabledblocks, $visibleblocks); } if ($mode == $LANG_ADMIN['delete'] && !empty($LANG_ADMIN['delete'])) { if (!isset($bid) || empty($bid) || $bid == 0) { COM_errorLog('Attempted to delete block, bid empty or null, value =' . $bid); $display .= COM_refresh($_CONF['site_admin_url'] . '/block.php'); } elseif (SEC_checkToken()) { $display .= deleteBlock($bid); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } } elseif ($mode == $LANG_ADMIN['save'] && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { $name = ''; if (isset($_POST['name'])) { $name = COM_sanitizeID($_POST['name']);
} // MAIN $mode = ''; if (!empty($_REQUEST['mode'])) { $mode = $_REQUEST['mode']; } $bid = ''; if (!empty($_REQUEST['bid'])) { $bid = COM_applyFilter($_REQUEST['bid']); } if (isset($_POST['blockenabler']) && SEC_checkToken()) { $enabledblocks = array(); if (isset($_POST['enabledblocks'])) { $enabledblocks = $_POST['enabledblocks']; } changeBlockStatus($_POST['blockenabler'], $enabledblocks); } if ($mode == $LANG_ADMIN['delete'] && !empty($LANG_ADMIN['delete'])) { if (!isset($bid) || empty($bid) || $bid == 0) { COM_errorLog('Attempted to delete block, bid empty or null, value =' . $bid); $display .= COM_refresh($_CONF['site_admin_url'] . '/block.php'); } elseif (SEC_checkToken()) { $display .= deleteBlock($bid); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } } elseif ($mode == $LANG_ADMIN['save'] && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { $help = ''; if (isset($_POST['help'])) { $help = COM_sanitizeUrl($_POST['help'], array('http', 'https'));