Beispiel #1
0
     // Switch to list mode:
     // $action = 'list';
     //init_list_mode();
     break;
 case 'update_edit':
 case 'update':
 case 'update_publish':
     // Check that this action request is not a CSRF hacked request:
     $Session->assert_received_crumb('item');
     // Check edit permission:
     $current_User->check_perm('item_post!CURSTATUS', 'edit', true, $edited_Item);
     // We need early decoding of these in order to check permissions:
     param('post_status', 'string', 'published');
     if ($action == 'update_publish') {
         // load publish status from param, because a post can be published to many status
         $post_status = load_publish_status();
     }
     // Check if new category was started to create.  If yes check if it is valid.
     $isset_category = check_categories($post_category, $post_extracats);
     // Check permission on statuses:
     $current_User->check_perm('cats_post!' . $post_status, 'edit', true, $post_extracats);
     // Check permission on post type:
     check_perm_posttype($post_extracats);
     // Is this post already published?
     $was_published = $edited_Item->status == 'published';
     // UPDATE POST:
     // Set the params we already got:
     $edited_Item->set('status', $post_status);
     if ($isset_category) {
         // we change the categories only if the check was succesfull
         $edited_Item->set('main_cat_ID', $post_category);
Beispiel #2
0
 * Basic security checks:
 */
if (!is_logged_in()) {
    // must be logged in!
    bad_request_die(T_('You are not logged in.'));
}
// check if user can edit this post
check_item_perm_edit($post_ID);
$action = param_action();
if (!empty($action) && $action != 'new') {
    // Check that this action request is not a CSRF hacked request:
    $Session->assert_received_crumb('item');
}
//$post_status = NULL;
if ($action == 'create_publish' || $action == 'update_publish') {
    $post_status = load_publish_status($action == 'create_publish');
    $action = substr($action, 0, 6);
} else {
    $post_status = param('post_status', 'string', 'published');
}
switch ($action) {
    case 'update':
    case 'edit_switchtab':
        // this gets set as action by JS, when we switch tabs
        // Load post to edit:
        $post_ID = param('post_ID', 'integer', true, true);
        $ItemCache =& get_ItemCache();
        $edited_Item =& $ItemCache->get_by_ID($post_ID);
        // Load the blog we're in:
        $Blog =& $edited_Item->get_Blog();
        set_working_blog($Blog->ID);