} else {
switch ($_GET["arg"]) {
case "ajax-save":
$id = $connection->real_escape_string($_POST["id"]);
$container = $connection->real_escape_string($_POST["container"]);
$type = $connection->real_escape_string($_POST["type"]);
$title = $connection->real_escape_string($_POST["title"]);
$json = $connection->real_escape_string($_POST["json"]);
if ($id == "") {
$id = uniqid();
}
saveMenu($id, $container, $type, $title, $json);
break;
case "ajax-manual-editor":
$id = $connection->real_escape_string($_POST["id"]);
GetEditorContent($id);
break;
case "ajax-delete":
$id = $connection->real_escape_string($_POST["id"]);
DeleteMenu($id);
break;
case "ajax-load-cscope-pages-datalist":
LoadScopeDatalist($connection->real_escape_string($_POST["container"]));
break;
default:
$arg = $connection->real_escape_string($_GET["arg"]);
DrawEditGUI($arg);
}
}
function DrawMenulist()
{
//prevent direct activation
if (!isset($module)) {
die("403: Not authorized to call this page directly");
}
$GLOBALS["addjs_modules"] = ",permissions.js";
if (!isset($_GET["arg"])) {
DrawPermissionsEditor();
} else {
switch ($_GET["arg"]) {
case "ajax-save":
SaveACL($connection->real_escape_string($_POST["name"]), $_POST["json"]);
break;
case "ajax-manual-editor":
$name = $connection->real_escape_string($_POST["name"]);
GetEditorContent($name);
break;
case "ajax-delete":
$name = $connection->real_escape_string($_POST["name"]);
DeleteACL($name);
break;
case "ajax-toggle":
$name = $connection->real_escape_string($_POST["name"]);
ToggleACL($name, $connection->real_escape_string($_POST["active"]));
break;
case "ajax-new":
$name = $connection->real_escape_string($_POST["name"]);
NewACL($name);
break;
default:
DrawEditACL($_GET["arg"]);