case 'editedtag':
$tag_ID = (int) $_POST['tag_ID'];
check_admin_referer('update-tag_' . $tag_ID);
if (!current_user_can($tax->cap->edit_terms)) {
nxt_die(__('Cheatin’ uh?'));
}
$tag = get_term($tag_ID, $taxonomy);
if (!$tag) {
nxt_die(__('You attempted to edit an item that doesn’t exist. Perhaps it was deleted?'));
}
$ret = nxt_update_term($tag_ID, $taxonomy, $_POST);
$location = 'edit-tags.php?taxonomy=' . $taxonomy;
if ('post' != $post_type) {
$location .= '&post_type=' . $post_type;
}
if ($referer = nxt_get_original_referer()) {
if (false !== strpos($referer, 'edit-tags.php')) {
$location = $referer;
}
}
if ($ret && !is_nxt_error($ret)) {
$location = add_query_arg('message', 3, $location);
} else {
$location = add_query_arg('message', 5, $location);
}
nxt_redirect($location);
exit;
break;
default:
if (!empty($_REQUEST['_nxt_http_referer'])) {
$location = remove_query_arg(array('_nxt_http_referer', '_nxtnonce'), stripslashes($_SERVER['REQUEST_URI']));
if (in_array($action, array('approvecomment', 'unapprovecomment'))) {
check_admin_referer('approve-comment_' . $comment_id);
} else {
check_admin_referer('delete-comment_' . $comment_id);
}
$noredir = isset($_REQUEST['noredir']);
if (!($comment = get_comment($comment_id))) {
comment_footer_die(__('Oops, no comment with this ID.') . sprintf(' <a href="%s">' . __('Go back') . '</a>!', 'edit-comments.php'));
}
if (!current_user_can('edit_comment', $comment->comment_ID)) {
comment_footer_die(__('You are not allowed to edit comments on this post.'));
}
if ('' != nxt_get_referer() && !$noredir && false === strpos(nxt_get_referer(), 'comment.php')) {
$redir = nxt_get_referer();
} elseif ('' != nxt_get_original_referer() && !$noredir) {
$redir = nxt_get_original_referer();
} elseif (in_array($action, array('approvecomment', 'unapprovecomment'))) {
$redir = admin_url('edit-comments.php?p=' . absint($comment->comment_post_ID));
} else {
$redir = admin_url('edit-comments.php');
}
$redir = remove_query_arg(array('spammed', 'unspammed', 'trashed', 'untrashed', 'deleted', 'ids', 'approved', 'unapproved'), $redir);
switch ($action) {
case 'deletecomment':
nxt_delete_comment($comment_id);
$redir = add_query_arg(array('deleted' => '1'), $redir);
break;
case 'trashcomment':
nxt_trash_comment($comment_id);
$redir = add_query_arg(array('trashed' => '1', 'ids' => $comment_id), $redir);
break;
/**
* Retrieve or display original referer hidden field for forms.
*
* The input name is '_nxt_original_http_referer' and will be either the same
* value of {@link nxt_referer_field()}, if that was posted already or it will
* be the current page, if it doesn't exist.
*
* @package NXTClass
* @subpackage Security
* @since 2.0.4
*
* @param bool $echo Whether to echo the original http referer
* @param string $jump_back_to Optional, default is 'current'. Can be 'previous' or page you want to jump back to.
* @return string Original referer field.
*/
function nxt_original_referer_field($echo = true, $jump_back_to = 'current')
{
$jump_back_to = 'previous' == $jump_back_to ? nxt_get_referer() : $_SERVER['REQUEST_URI'];
$ref = nxt_get_original_referer() ? nxt_get_original_referer() : $jump_back_to;
$orig_referer_field = '<input type="hidden" name="_nxt_original_http_referer" value="' . esc_attr(stripslashes($ref)) . '" />';
if ($echo) {
echo $orig_referer_field;
}
return $orig_referer_field;
}
function handle_members_updates()
{
global $action, $page;
nxt_reset_vars(array('action', 'page'));
if (isset($_GET['doaction']) || isset($_GET['doaction2'])) {
if (addslashes($_GET['action']) == 'toggle' || addslashes($_GET['action2']) == 'toggle') {
$action = 'bulk-toggle';
}
}
switch (addslashes($action)) {
case 'toggle':
if (isset($_GET['member_id'])) {
$user_id = (int) $_GET['member_id'];
check_admin_referer('toggle-member_' . $user_id);
$member = new M_Membership($user_id);
if ($member->toggle_activation()) {
nxt_safe_redirect(add_query_arg('msg', 7, nxt_get_referer()));
} else {
nxt_safe_redirect(add_query_arg('msg', 8, nxt_get_referer()));
}
}
break;
case 'bulk-toggle':
check_admin_referer('bulk-members');
foreach ($_GET['users'] as $value) {
if (is_numeric($value)) {
$user_id = (int) $value;
$member = new M_Membership($user_id);
$member->toggle_activation();
}
}
nxt_safe_redirect(add_query_arg('msg', 7, nxt_get_referer()));
break;
case 'bulkaddlevel-level-complete':
case 'addlevel-level-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$tolevel_id = (int) $_POST['tolevel_id'];
if ($tolevel_id) {
$member->add_level($tolevel_id);
}
}
}
$this->update_levelcounts();
nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer()));
break;
case 'bulkdroplevel-level-complete':
case 'droplevel-level-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromlevel_id = (int) $_POST['fromlevel_id'];
if ($fromlevel_id) {
$member->drop_level($fromlevel_id);
}
}
}
$this->update_levelcounts();
nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer()));
break;
case 'bulkmovelevel-level-complete':
case 'movelevel-level-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromlevel_id = (int) $_POST['fromlevel_id'];
$tolevel_id = (int) $_POST['tolevel_id'];
if ($fromlevel_id && $tolevel_id) {
$member->move_level($fromlevel_id, $tolevel_id);
}
}
}
$this->update_levelcounts();
nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer()));
break;
case 'bulkaddsub-sub-complete':
case 'addsub-sub-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$tosub_id = $_POST['tosub_id'];
if ($tosub_id) {
$subs = explode('-', $tosub_id);
if (count($subs) == 3) {
$member->add_subscription($subs[0], $subs[1], $subs[2]);
}
}
}
}
$this->update_levelcounts();
$this->update_subcounts();
nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer()));
break;
case 'bulkdropsub-sub-complete':
case 'dropsub-sub-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromsub_id = (int) $_POST['fromsub_id'];
if ($fromsub_id) {
$member->drop_subscription($fromsub_id);
}
}
}
$this->update_levelcounts();
$this->update_subcounts();
nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer()));
break;
case 'bulkmovesub-sub-complete':
case 'movesub-sub-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromsub_id = (int) $_POST['fromsub_id'];
$tosub_id = $_POST['tosub_id'];
if ($fromsub_id && $tosub_id) {
$subs = explode('-', $tosub_id);
if (count($subs) == 3) {
$member->move_subscription($fromsub_id, $subs[0], $subs[1], $subs[2]);
}
}
}
}
$this->update_levelcounts();
$this->update_subcounts();
nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer()));
break;
case 'bulkmovegateway-gateway-complete':
case 'movegateway-gateway-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromgateway = $_POST['fromgateway'];
$togateway = $_POST['togateway'];
if (!empty($fromgateway) && !empty($togateway)) {
$relationships = $member->get_relationships();
foreach ($relationships as $rel) {
if ($rel->usinggateway == $fromgateway) {
$member->update_relationship_gateway($rel->rel_id, $fromgateway, $togateway);
}
}
}
}
}
nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer()));
break;
}
}
