/**
* Return HTML widget
*
* @return string
*/
public function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = $this->getAction();
$entry = $this->getEntry();
if (!empty($action) && SEC_checkToken()) {
switch ($action) {
case 'delete':
$this->deleteEntry($entry);
break;
case $LANG_SX00['addentry']:
$this->addEntry($entry, true);
break;
case $LANG_SX00['addcen']:
foreach ($_CONF['censorlist'] as $entry) {
$this->addEntry($entry, true);
}
break;
case 'mass_delete':
if (isset($_POST['delitem'])) {
$this->deleteSelectedEntries($_POST['delitem']);
}
break;
}
}
return $this->getWidget();
}
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = $_GET['entry'];
if (!empty($entry)) {
$dbentry = addslashes($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('HTTPHeader', $dbentry));
}
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
$entry = '';
$name = COM_applyFilter($_REQUEST['header-name']);
$n = explode(':', $name);
$name = $n[0];
$value = $_REQUEST['header-value'];
if (!empty($name) && !empty($value)) {
$entry = $name . ': ' . $value;
}
$dbentry = addslashes($entry);
if (!empty($entry)) {
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','{$dbentry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['headerblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
list($e) = DB_fetchArray($result);
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">' . LB;
$display .= '<table border="0" width="100%">' . LB;
$display .= '<tr><td align="right"><b>Header:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;
$display .= '<tr><td align="right"><b>Content:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;
$display .= '</table>' . LB;
$display .= '<p><input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>';
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '></p>' . LB;
$display .= '</form>' . LB;
return $display;
}
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
if (isset($_GET['entry'])) {
$entry = COM_stripslashes($_GET['entry']);
} elseif (isset($_POST['pentry'])) {
$entry = COM_stripslashes($_POST['pentry']);
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry));
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
if (!empty($entry)) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
} elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) {
foreach ($_CONF['censorlist'] as $entry) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['pblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$e = $A['value'];
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
$display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '<p>' . $LANG_SX00['e3'] . '</p> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
return $display;
}
/**
* Return HTML widget
*
* @return string
*/
public function display()
{
global $LANG_SX00;
$action = $this->getAction();
$entry = $this->getEntry();
if ($action === 'delete' && SEC_checkToken()) {
$this->deleteEntry($entry);
} elseif ($action === $LANG_SX00['addentry'] && SEC_checkToken()) {
$entry = '';
$name = COM_applyFilter($_REQUEST['header-name']);
$n = explode(':', $name);
$name = $n[0];
$value = $_REQUEST['header-value'];
if (!empty($name) && !empty($value)) {
$entry = $name . ': ' . $value;
}
$this->addEntry($entry);
}
return $this->getWidget();
}
function security_check_reminder()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE;
$retval = '';
if (!SEC_inGroup('Root')) {
return $retval;
}
$done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
if ($done != 1) {
$retval .= COM_showMessage(92);
}
return $retval;
}
// MAIN
$display = '';
if (isset($_POST['mode']) && $_POST['mode'] == 'moderation' && SEC_checkToken()) {
$action = array();
if (isset($_POST['action'])) {
$action = $_POST['action'];
}
if ($_POST['type'] == 'user') {
$mod_result = moderateusers($_POST['id'], $action, COM_applyFilter($_POST['count'], true));
} else {
$mod_result = moderation($_POST['id'], $action, $_POST['type'], COM_applyFilter($_POST['count'], true));
}
$display .= COM_siteHeader('menu', $LANG29[34]) . COM_showMessageFromParameter() . $mod_result;
} else {
$display .= COM_siteHeader('menu', $LANG29[34]) . COM_showMessageFromParameter() . security_check_reminder() . commandcontrol(SEC_createToken());
}
$display .= COM_siteFooter();
COM_output($display);
}
/**
* Main
*/
$display = '';
$mode = '';
if (isset($_POST['save'])) {
$mode = 'save';
}
if (isset($_POST['cancel'])) {
$mode = 'cancel';
}
$T = new Template($_MG_CONF['template_path'] . '/admin');
$T->set_file('admin', 'administration.thtml');
$T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_MG_CONF['site_url'], 'mg_navigation' => MG_navigation(), 'lang_admin' => $LANG_MG00['admin'], 'version' => $_MG_CONF['pi_version']));
if ($mode == 'save' && SEC_checkToken()) {
$T->set_var(array('admin_body' => MG_saveConfig(), 'mg_navigation' => MG_navigation()));
} elseif ($mode == 'cancel') {
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php');
exit;
} elseif ($mode == $LANG_MG01['continue']) {
COM_setMessage(2);
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php');
exit;
} else {
$T->set_var(array('admin_body' => MG_editConfig(), 'title' => $LANG_MG01['system_options'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" style="border:none;" alt="?" />', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#System_Options'));
}
$T->parse('output', 'admin');
$display = COM_siteHeader('menu', '');
$display .= $T->finish($T->get_var('output'));
$display .= COM_siteFooter();
$old = trim($_GET['prevorder']);
$sorting = "?order={$ord}&direction={$dir}&prevorder={$old}";
}
$display = COM_refresh($_CONF['site_admin_url'] . '/plugins.php' . $sorting);
} elseif ($mode == 'change_load_order' && SEC_checkToken()) {
change_load_order(COM_applyFilter($_GET['pi_name']), COM_applyFilter($_GET['where']));
$display = COM_refresh($_CONF['site_admin_url'] . '/plugins.php');
} elseif ($mode == 'autoinstall' && SEC_checkToken()) {
if (SEC_hasRights('plugin.install')) {
$plugin = '';
if (isset($_GET['plugin'])) {
$plugin = COM_applyFilter($_GET['plugin']);
}
if (plugin_autoinstall($plugin)) {
PLG_pluginStateChange($plugin, 'installed');
$display .= COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=44');
} else {
$display .= COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=72');
}
} else {
$display = COM_refresh($_CONF['site_admin_url'] . '/plugins.php');
}
} elseif ($mode == 'continue_upgrade') {
$display .= continue_upgrade(COM_sanitizeFilename($_GET['plugin']), $_GET['piversion'], $_GET['codeversion']);
} elseif (isset($_FILES['plugin']) && SEC_checkToken() && SEC_hasRights('plugin.install,plugin.upload')) {
$display .= plugin_upload();
} else {
// 'cancel' or no mode at all
$display .= plugin_main();
}
COM_output($display);
case 'download':
$file = '';
if (isset($_GET['file'])) {
$file = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', COM_applyFilter($_GET['file']));
$file = str_replace('..', '', $file);
if (!file_exists($_CONF['backup_path'] . $file)) {
$file = '';
}
}
if (!empty($file)) {
DBADMIN_download($file);
exit;
}
break;
case 'delete':
if (isset($_POST['delitem']) && SEC_checkToken()) {
foreach ($_POST['delitem'] as $delfile) {
$file = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', COM_applyFilter($delfile));
$file = str_replace('..', '', $file);
if (!@unlink($_CONF['backup_path'] . $file)) {
COM_errorLog('Unable to remove backup file "' . $file . '"');
}
}
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete database backup(s) and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
case 'config':
$view = 'config';
break;
}
} else {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
case $LANG_CALJP_1[45]:
// save edited personal event
if (!empty($LANG_CALJP_1[45]) && $_CAJP_CONF['personalcalendars'] == 1 && !COM_isAnonUser() && (isset($_POST['calendar_type']) && $_POST['calendar_type'] == 'personal') && SEC_checkToken()) {
$display = plugin_savesubmission_calendarjp($_POST);
} else {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
case 'deleteevent':
case $LANG_CALJP_1[51]:
if ($_CAJP_CONF['personalcalendars'] == 1 && SEC_checkToken()) {
$eid = COM_applyFilter($_REQUEST['eid']);
if (!empty($eid) && !COM_isAnonUser()) {
DB_query("DELETE FROM {$_TABLES['personal_eventsjp']} WHERE uid={$_USER['uid']} AND eid='{$eid}'");
$display .= COM_refresh($_CONF['site_url'] . '/calendarjp/index.php?mode=personal&msg=26');
} else {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
case 'edit':
if ($_CAJP_CONF['personalcalendars'] == 1) {
$eid = COM_applyFilter($_GET['eid']);
if (!empty($eid) && !COM_isAnonUser()) {
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainpage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statuscode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideresults Checkbox: hide results until closed
* @param int $commentcode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_grup Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @return string HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
$retval .= COM_siteHeader('menu', $LANG25[5]);
$retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG25[2];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
$access = 0;
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if (empty($voters)) {
$voters = 0;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = addslashes($topic);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
$v = 0;
// re-count votes sine they might have been changed
// first dimension of array are the questions
$num_questions = count($Q);
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$Q[$i] = addslashes($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = addslashes($A[$i][$j]);
$R[$i][$j] = addslashes($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$v = $v + $V[$i][$j];
}
}
$k++;
}
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s');
if ($mainpage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideresults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls'));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
}
$myts = new MyTextSanitizer();
// MyTextSanitizer object
$eh = new ErrorHandler();
//ErrorHandler object
$mytree = new XoopsTree($_DB_name, $_TABLES['filemgmt_cat'], "cid", "pid");
$mytree->setGroupAccessFilter($_GROUPS);
$groupsql = filemgmt_buildAccessSql();
$sql = "SELECT COUNT(*) FROM {$_TABLES['filemgmt_cat']} WHERE pid=0 ";
$sql .= $groupsql;
list($catAccessCnt) = DB_fetchArray(DB_query($sql));
if ($catAccessCnt < 1) {
COM_errorLOG("Submit.php => FileMgmt Plugin Access denied. Attempted user upload of a file, Remote address is:{$_SERVER['REMOTE_ADDR']}");
redirect_header($_CONF['site_url'] . "/index.php", 1, _GL_ERRORNOUPLOAD);
exit;
}
if (isset($_POST['submit']) && SEC_checkToken()) {
if (!COM_isAnonUser()) {
$submitter = (int) $_USER['uid'];
} else {
$submitter = 1;
}
// Check if Title entered
if (!isset($_POST['title']) || $_POST["title"] == '') {
$eh->show("1001");
}
// Check if filename entered
if ($_FILES['newfile']['name'] != '') {
$name = $_FILES['newfile']['name'];
$url = rawurlencode($name);
$name = $myts->makeTboxData4Save($name);
$url = $myts->makeTboxData4Save($url);
$boards_delforum->set_var('gltoken_name', CSRF_TOKEN);
$boards_delforum->set_var('gltoken', SEC_createToken());
$boards_delforum->parse('output', 'boards_delforum');
$display .= $boards_delforum->finish($boards_delforum->get_var('output'));
$display .= COM_endBlock();
$display = COM_createHTMLDocument($display);
COM_output($display);
exit;
}
} elseif ($mode == $LANG_GF01['EDIT'] && isset($_POST['what']) && COM_applyFilter($_POST['what']) == 'order' && SEC_checkToken()) {
$order = COM_applyFilter($_POST['order'], true);
DB_query("UPDATE {$_TABLES['forum_forums']} SET forum_order='{$order}' WHERE forum_id='{$id}'");
$display = COM_refresh($_CONF['site_admin_url'] . '/plugins/forum/boards.php?msg=7');
COM_output($display);
exit;
} elseif ($mode == 'save' && SEC_checkToken() && $submit != $LANG_GF01['CANCEL']) {
$category = isset($_REQUEST['category']) ? COM_applyFilter($_POST['category'], true) : 0;
$order = isset($_POST['order']) ? COM_applyFilter($_POST['order'], true) : 0;
$name = gf_preparefordb($_POST['name'], 'text');
$dscp = gf_preparefordb($_POST['dscp'], 'text');
$is_hidden = isset($_POST['is_hidden']) ? COM_applyFilter($_POST['is_hidden'], true) : 0;
$is_readonly = isset($_POST['is_readonly']) ? COM_applyFilter($_POST['is_readonly'], true) : 0;
$no_newposts = isset($_POST['no_newposts']) ? COM_applyFilter($_POST['no_newposts'], true) : 0;
$privgroup = isset($_POST['privgroup']) ? COM_applyFilter($_POST['privgroup'], true) : 0;
if ($privgroup == 0) {
$privgroup = 2;
}
DB_query("UPDATE {$_TABLES['forum_forums']} SET forum_cat={$category},forum_name='{$name}', forum_order={$order},forum_dscp='{$dscp}', grp_id={$privgroup},\n is_hidden='{$is_hidden}', is_readonly='{$is_readonly}', no_newposts='{$no_newposts}' WHERE forum_id='{$id}'");
$display = COM_refresh($_CONF['site_admin_url'] . '/plugins/forum/boards.php?msg=8');
COM_output($display);
exit;
exit;
}
}
$conf_group = array_key_exists('conf_group', $_POST) ? COM_applyFilter($_POST['conf_group']) : $default_conf_group;
if (array_key_exists('set_action', $_POST) && SEC_checkToken()) {
if ($_POST['set_action'] == 'restore') {
$config->restore_param($_POST['name'], $conf_group, $_POST['subgroup'], $_POST['tab']);
} elseif ($_POST['set_action'] == 'unset') {
$config->unset_param($_POST['name'], $conf_group, $_POST['subgroup'], $_POST['tab']);
}
// notify plugins when config item enabled or disabled
$config_item[] = $_POST['name'];
PLG_configChange($conf_group, $config_item);
$subgroup = array_key_exists('subgroup', $_POST) ? COM_applyFilter($_POST['subgroup']) : null;
$display = $config->get_ui($conf_group, $subgroup);
} elseif (array_key_exists('form_submit', $_POST) && SEC_checkToken()) {
$result = null;
if (!array_key_exists('form_reset', $_POST)) {
if ($conf_group == 'Core') {
require_once 'configuration_validation.php';
} else {
// Retrieve plugin config validation if found
$filename = $_CONF['path'] . 'plugins/' . $conf_group . '/configuration_validation.php';
if (file_exists($filename)) {
require_once $filename;
}
}
$result = $config->updateConfig($_POST, $conf_group);
// notify plugins
if (is_array($result) && count($result) > 0) {
PLG_configChange($conf_group, array_keys($result));
$mailresult = str_replace('<successcount>', $successcount, $LANG31[20]);
$retval .= str_replace('<failcount>', $failcount, $mailresult);
$retval .= '<h2>' . $LANG31[21] . '</h2>';
for ($i = 0; $i < count($failures); $i++) {
$retval .= current($failures) . '<br' . XHTML . '>';
next($failures);
}
if (count($failures) == 0) {
$retval .= $LANG31[23];
}
$retval .= '<h2>' . $LANG31[22] . '</h2>';
for ($i = 0; $i < count($successes); $i++) {
$retval .= current($successes) . '<br' . XHTML . '>';
next($successes);
}
if (count($successes) == 0) {
$retval .= $LANG31[24];
}
$retval .= COM_endBlock();
return $retval;
}
// MAIN
$display .= COM_siteHeader('menu', $LANG31[1]);
if (isset($_POST['mail']) && $_POST['mail'] == 'mail' && SEC_checkToken()) {
$display .= send_messages($_POST);
} else {
$display .= COM_showMessageFromParameter();
$display .= display_mailform();
}
$display .= COM_siteFooter();
COM_output($display);
/**
* Saves an event to the database
*
* (parameters should be obvious - old list was incomplete anyway)
* @return string HTML redirect or error message
*
*/
function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode)
{
global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if (DB_count($_TABLES['events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
if ($hour_mode == 24) {
// to avoid having to mess with the tried and tested code below, map
// the 24-hour values onto their 12-hour counterparts and use those
if ($start_hour >= 12) {
$start_ampm = 'pm';
$start_hour = $start_hour - 12;
} else {
$start_ampm = 'am';
$start_hour = $start_hour;
}
if ($start_hour == 0) {
$start_hour = 12;
}
if ($end_hour >= 12) {
$end_ampm = 'pm';
$end_hour = $end_hour - 12;
} else {
$end_ampm = 'am';
$end_hour = $end_hour;
}
if ($end_hour == 0) {
$end_hour = 12;
}
}
if ($allday == 'on') {
$allday = 1;
} else {
$allday = 0;
}
// Make sure start date is before end date
if (checkdate($start_month, $start_day, $start_year)) {
$datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
$timestart = $start_hour . ':' . $start_minute . ':00';
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
if (checkdate($end_month, $end_day, $end_year)) {
$dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
$timeend = $end_hour . ':' . $end_minute . ':00';
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
if ($allday == 0) {
if ($dateend < $datestart) {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
} else {
if ($dateend < $datestart) {
// Force end date to be same as start date
$dateend = $datestart;
}
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
if ($postmode == 'html') {
$description = COM_checkHTML(COM_checkWords($description), 'calendar.edit');
} else {
$postmode = 'plaintext';
$description = htmlspecialchars(COM_checkWords($description));
}
$description = DB_escapeString($description);
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit'));
$address1 = DB_escapeString(strip_tags(COM_checkWords($address1)));
$address2 = DB_escapeString(strip_tags(COM_checkWords($address2)));
$city = DB_escapeString(strip_tags(COM_checkWords($city)));
$zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode)));
$event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
$url = DB_escapeString(strip_tags($url));
if ($allday == 0) {
// Add 12 to make time on 24 hour clock if needed
if ($start_ampm == 'pm' and $start_hour != 12) {
$start_hour = $start_hour + 12;
}
// If 12AM set hour to 00
if ($start_ampm == 'am' and $start_hour == 12) {
$start_hour = '00';
}
// Add 12 to make time on 24 hour clock if needed
if ($end_ampm == 'pm' and $end_hour != 12) {
$end_hour = $end_hour + 12;
}
// If 12AM set hour to 00
if ($end_ampm == 'am' and $end_hour == 12) {
$end_hour = '00';
}
$timestart = $start_hour . ':' . $start_minute . ':00';
$timeend = $end_hour . ':' . $end_minute . ':00';
}
if (!empty($eid) and !empty($description) and !empty($title)) {
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php');
}
$hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'");
if (empty($hits)) {
$hits = 0;
}
DB_delete($_TABLES['eventsubmission'], 'eid', $eid);
DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}");
if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'");
$numrows = DB_numRows($result);
for ($i = 1; $i <= $numrows; $i++) {
$P = DB_fetchArray($result);
DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'");
}
}
PLG_itemSaved($eid, 'calendar');
COM_rdfUpToDateCheck('calendar', $event_type, $eid);
return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17);
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
}
/**
* Handles comment processing
*
* @param string $mode Mode of comment processing
* @param string $type Type of item (article, polls, etc.)
* @param string $title Title of item
* @param string $sid ID for item to show comments for
* @param string $format 'threaded', 'nested', or 'flat'
* @return string HTML formated
*/
function CMT_handleComment($mode = '', $type = '', $title = '', $sid = '', $format = '')
{
global $_CONF, $_TABLES, $_USER, $LANG03, $LANG_ADMIN, $topic, $_PLUGINS;
$commentmode = '';
if (!empty($_REQUEST[CMT_MODE])) {
$commentmode = COM_applyFilter($_REQUEST[CMT_MODE]);
}
if (empty($mode)) {
$mode = COM_applyFilter(COM_getArgument(CMT_MODE));
}
if (empty($commentmode) && !empty($mode)) {
$commentmode = $mode;
}
if (empty($sid) && !empty($_REQUEST[CMT_SID])) {
$sid = COM_applyFilter($_REQUEST[CMT_SID]);
}
$pid = 0;
if (!empty($_REQUEST[CMT_PID])) {
$pid = COM_applyFilter($_REQUEST[CMT_PID], true);
}
if (empty($type) && !empty($_REQUEST[CMT_TYPE])) {
$type = COM_applyFilter($_REQUEST[CMT_TYPE]);
}
if (!empty($_REQUEST['title'])) {
$title = $_REQUEST['title'];
// apply filters later in CMT_commentForm or CMT_saveComment
}
if (!empty($_REQUEST[CMT_UID])) {
$uid = COM_applyFilter($_REQUEST[CMT_UID]);
} else {
$uid = 1;
if (!empty($_USER['uid'])) {
$uid = $_USER['uid'];
}
}
$postmode = $_CONF['postmode'];
if (isset($_REQUEST['postmode'])) {
$postmode = COM_applyFilter($_REQUEST['postmode']);
}
$formtype = '';
if (!empty($_REQUEST['formtype'])) {
$formtype = COM_applyFilter($_REQUEST['formtype']);
}
// Get comment id, may not be there...will handle in function
$cid = 0;
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
TOPIC_getTopic('comment', $cid);
if (empty($format) && isset($_REQUEST['format'])) {
$format = COM_applyFilter($_REQUEST['format']);
}
if (!in_array($format, array('threaded', 'nested', 'flat', 'nocomment'))) {
if (COM_isAnonUser()) {
$format = $_CONF['comment_mode'];
} else {
$format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}");
}
}
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$cpage = 1;
if (!empty($_REQUEST['cpage'])) {
$cpage = COM_applyFilter($_REQUEST['cpage'], true);
if (empty($cpage)) {
$cpage = 1;
}
}
$is_comment_page = CMT_isCommentPage();
$retval = '';
if ($_CONF['show_comments_at_replying'] && $is_comment_page && !empty($sid) && !empty($type) && in_array($commentmode, array('', $LANG03[28], $LANG03[34], $LANG03[14], 'edit'))) {
if ($commentmode == 'edit') {
$cid = 0;
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
if ($cid <= 0) {
COM_errorLog("CMT_handleComment(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$pid = $cid;
}
if ($pid > 0 && empty($title)) {
$atype = DB_escapeString($type);
$title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
}
if (empty($title)) {
$title = PLG_getItemInfo($type, $sid, 'title');
$title = str_replace('$', '$', $title);
// CMT_userComments expects non-htmlspecial chars for title...
$title = str_replace('&', '&', $title);
$title = str_replace('"', '"', $title);
$title = str_replace('<', '<', $title);
$title = str_replace('>', '>', $title);
}
$retval .= CMT_userComments($sid, $title, $type, $order, $format, $pid, $cpage, $pid > 0, false, 0);
}
switch ($commentmode) {
case $LANG03[28]:
// Preview Changes (for edit)
// Preview Changes (for edit)
case $LANG03[34]:
// Preview Submission changes (for edit)
// Preview Submission changes (for edit)
case $LANG03[14]:
// Preview
$retval .= CMT_commentForm($title, $_POST['comment'], $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
if ($is_comment_page) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[14]));
}
break;
case $LANG03[35]:
// Submit Changes to Moderation table
// Submit Changes to Moderation table
case $LANG03[29]:
// Submit Changes
if (SEC_checkToken()) {
$retval .= CMT_handleEditSubmit($commentmode);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
break;
case $LANG03[11]:
// Submit comment
$retval .= CMT_handleSubmit($title, $sid, $pid, $type, $postmode, $uid);
break;
case $LANG_ADMIN['delete']:
case 'delete':
// Delete comment
if (SEC_checkToken()) {
$retval .= CMT_handleDelete($sid, $type, $formtype);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
break;
case 'view':
// View comment by $cid
$retval .= CMT_handleView($format, $order, $cpage, true);
break;
case 'display':
// View comment by $pid
$retval .= CMT_handleView($format, $order, $cpage, false);
break;
case 'report':
if ($is_comment_page) {
$cid = 0;
if (isset($_GET[CMT_CID])) {
$cid = COM_applyFilter($_GET[CMT_CID], true);
}
$type = '';
if (isset($_GET[CMT_TYPE])) {
$type = COM_applyFilter($_GET[CMT_TYPE]);
}
if ($cid <= 0 || empty($type)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$retval .= CMT_reportAbusiveComment($cid, $type);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27]));
}
break;
case 'sendreport':
if (SEC_checkToken()) {
$cid = 0;
if (isset($_POST[CMT_CID])) {
$cid = COM_applyFilter($_POST[CMT_CID], true);
}
$type = '';
if (isset($_POST[CMT_TYPE])) {
$type = COM_applyFilter($_POST[CMT_TYPE]);
}
if ($cid <= 0 || empty($type)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$retval .= CMT_sendReport($cid, $type);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
break;
case 'editsubmission':
if (!SEC_hasRights('comment.moderate')) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
// deliberate fall-through
// deliberate fall-through
case 'edit':
$retval .= CMT_handleEdit($commentmode, $postmode, $format, $order, $cpage);
if ($is_comment_page) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1]));
}
break;
case 'unsubscribe':
$cid = 0;
$key = COM_applyFilter($_GET['key']);
if (!empty($key)) {
$key = DB_escapeString($key);
$cid = DB_getItem($_TABLES['commentnotifications'], 'cid', "deletehash = '{$key}'");
if (!empty($cid)) {
$redirecturl = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . '&format=nested&msg=16';
DB_delete($_TABLES['commentnotifications'], 'deletehash', $key, $redirecturl);
exit;
}
}
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
break;
case $LANG_ADMIN['cancel']:
if ($formtype == 'editsubmission') {
echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
exit;
} else {
$retval .= CMT_handleCancel();
// moved to function for readibility
}
break;
default:
// New Comment or Reply Comment
$abort = false;
// Check to make sure comment type exists
if ($type != 'article' && !in_array($type, $_PLUGINS)) {
$abort = true;
}
// Check article permissions
if (!$abort && $type == 'article' && !empty($sid)) {
$dbTitle = DB_getItem($_TABLES['stories'], 'title', "(sid = '{$sid}') AND (draft_flag = 0) AND (date <= NOW()) AND (commentcode = 0)" . COM_getPermSQL('AND'));
// if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid) < 2) { // Make sure have at least read access to topics to post comment
if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid, $topic) < 2) {
// Make sure have at least read access to current topic of article to post comment
// no permissions, or no story of that title
$abort = true;
}
}
if (!$abort && !empty($sid) && !empty($type)) {
if ($pid > 0 && empty($title)) {
$atype = DB_escapeString($type);
$title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
}
if (empty($title)) {
$title = PLG_getItemInfo($type, $sid, 'title');
// Check title, if for some reason blank assume no access allowed to plugin item (therefore cannot add comment) so return to homepage
if (is_array($title) || empty($title) || $title == false) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$title = str_replace('$', '$', $title);
// CMT_commentForm expects non-htmlspecial chars for title...
$title = str_replace('&', '&', $title);
$title = str_replace('"', '"', $title);
$title = str_replace('<', '<', $title);
$title = str_replace('>', '>', $title);
}
$retval .= CMT_commentForm($title, '', $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
} else {
if (COMMENT_ON_SAME_PAGE) {
// Do nothing and do not show comment form (happens most likely when admin viewing draft article)
} else {
// For comments not displayed on same page (probably owner pushed the post comment button on a draft article)
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
}
if ($is_comment_page) {
$noindex = '<meta name="robots" content="noindex"' . XHTML . '>';
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1], 'headercode' => $noindex));
}
break;
}
return $retval;
}
} else {
$_POST['sp_centerblock'] = 0;
}
if ($sp_inblock == 'on') {
$_POST['sp_inblock'] = 1;
} else {
$_POST['sp_inblock'] = 0;
}
$display .= PAGE_edit($sp_id, '', $editor);
$display .= COM_siteFooter();
}
break;
case 'delete':
if (empty($sp_id) || is_numeric($sp_id) && $sp_id == 0) {
COM_errorLog('Attempted to delete staticpage, sp_id empty or null, value =' . $sp_id);
$display .= COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php');
} elseif (SEC_checkToken()) {
$args = array('sp_id' => $sp_id);
PLG_invokeService('staticpages', 'delete', $args, $display, $svc_msg);
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete staticpage {$sp_id} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
default:
$display .= COM_siteHeader('menu', $LANG_STATIC['staticpagelist']);
$display .= PAGE_list();
$display .= COM_siteFooter();
break;
}
echo $display;
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// +---------------------------------------------------------------------------+
require_once 'gf_functions.php';
require_once $_CONF['path_system'] . 'lib-story.php';
$page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : '';
$show = isset($_GET['show']) ? COM_applyFilter($_GET['show'], true) : '';
$migrate = isset($_POST['migrate']) ? COM_applyFilter($_POST['migrate']) : '';
$selforum = isset($_POST['selforum']) ? COM_applyFilter($_POST['selforum']) : '';
$curtopic = isset($_POST['seltopic']) ? COM_applyFilter($_POST['seltopic']) : '';
$dpm = isset($_POST['delPostMigrate']) ? COM_applyFilter($_POST['delPostMigrate'], true) : '';
if ($migrate == $LANG_GF01['MIGRATE_NOW'] && $selforum != "select" && !empty($_POST['chk_record_delete']) && SEC_checkToken()) {
$num_stories = 0;
$num_posts = 0;
foreach ($_POST['chk_record_delete'] as $sid) {
if ($curtopic == 'submissions') {
$sql = "SELECT sid,date,uid,title,introtext " . "FROM {$_TABLES['storysubmission']} WHERE sid='{$sid}'";
$result = DB_query($sql);
list($sid, $storydate, $uid, $subject, $introtext) = DB_fetchArray($result);
$num_posts = migratetopic($selforum, $sid, $storydate, $uid, $subject, $introtext, '', '0') + $num_posts;
$num_stories++;
if ($dpm == 1) {
PLG_deleteSubmission('story', $sid);
}
} else {
$sql = "SELECT sid,date,uid,title,introtext,bodytext,hits " . "FROM {$_TABLES['stories']} WHERE sid='{$sid}'";
$result = DB_query($sql);
}
} else {
$page .= COM_showMessageText($LANG_DB_BACKUP['no_innodb'], '', true, 'error');
}
break;
case 'optimize':
$pagetitle = $LANG_DB_BACKUP['optimize_title'];
$page .= DBADMIN_optimize();
break;
case 'dooptimize':
$startwith = '';
if (isset($_GET['startwith'])) {
$startwith = COM_applyFilter($_GET['startwith']);
}
$pagetitle = $LANG_DB_BACKUP['optimize_title'];
if (!empty($startwith) || SEC_checkToken()) {
$failures = 0;
if (isset($_GET['failures'])) {
$failures = COM_applyFilter($_GET['failures'], true);
}
$num_errors = DBADMIN_dooptimize($startwith, $failures);
if ($num_errors == 0) {
$page .= COM_showMessageText($LANG_DB_BACKUP['optimize_success']);
} else {
$page .= COM_showMessageText($LANG_DB_BACKUP['optimize_success'] . ' ' . $LANG_DB_BACKUP['table_issues'], '', true, 'error');
}
$page .= DBADMIN_list();
}
break;
case 'saveconfig':
$items = array();
public function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$display = $LANG_SX00['masshead'];
$act = '';
if (isset($_POST['action'])) {
$act = COM_applyFilter($_POST['action']);
}
$lmt = 0;
if (isset($_POST['limit'])) {
$lmt = COM_applyFilter($_POST['limit'], true);
}
if ($act === $LANG_SX00['deletespam'] && $lmt > 0 && SEC_checkToken()) {
$numc = 0;
$spamx_path = $_CONF['path'] . 'plugins/spamx/';
if ($dir = @opendir($spamx_path)) {
while (($file = readdir($dir)) !== false) {
if (is_file($spamx_path . $file)) {
if (substr($file, -18) == '.Examine.class.php') {
$tmp = str_replace('.Examine.class.php', '', $file);
$Spamx_Examine[] = $tmp;
require_once $spamx_path . $file;
}
}
}
closedir($dir);
}
$result = DB_query("SELECT comment,cid,sid,type,UNIX_TIMESTAMP(date) as date,ipaddress FROM {$_TABLES['comments']} ORDER BY date DESC LIMIT {$lmt}");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
foreach ($Spamx_Examine as $Examine) {
$EX = new $Examine();
if (method_exists($EX, 'reexecute')) {
$res = $EX->reexecute($A['comment'], $A['date'], $A['ipaddress'], $A['type']);
} else {
$res = $EX->execute($A['comment']);
}
if ($res == PLG_SPAM_FOUND) {
break;
}
}
if ($res == PLG_SPAM_FOUND) {
$this->delcomment($A['cid'], $A['sid'], $A['type']);
$numc++;
}
}
$display .= '<p>' . $numc . $LANG_SX00['comdel'] . '</p>' . LB;
} else {
$token = SEC_createToken();
$display .= '<form class="uk-form" method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=MassDelete"><div>';
$display .= $LANG_SX00['numtocheck'] . ' ' . ' <select name="limit">' . LB;
$display .= '<option value="10">10</option>' . LB . '<option value="50">50</option>' . LB . '<option value="100" selected="selected">100</option>' . LB . '<option value="200">200</option>' . LB . '<option value="300">300</option>' . LB . '<option value="400">400</option>' . LB;
$display .= '</select>' . LB;
$display .= $LANG_SX00['note1'];
$display .= $LANG_SX00['note2'];
$display .= $LANG_SX00['note3'];
$display .= $LANG_SX00['note4'];
$display .= $LANG_SX00['note5'];
$display .= $LANG_SX00['note6'] . LB;
$display .= '<button type="submit" name="action" value="' . $LANG_SX00['deletespam'] . '" class="uk-button">' . $LANG_SX00['deletespam'] . '</button>' . LB;
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
}
return $display;
}
}
if (empty($cid)) {
COM_errorLog('Attempted to delete empty category');
$display .= COM_refresh($_CONF['site_admin_url'] . '/plugins/links/category.php');
} elseif (SEC_checkToken()) {
$msg = links_delete_category($cid);
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]);
$display .= COM_showMessage($msg, 'links');
$display .= links_list_categories($root);
$display .= COM_siteFooter();
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete link category {$cid} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
// save category
} elseif ($mode == $LANG_ADMIN['save'] && !empty($LANG_ADMIN['save']) && SEC_checkToken()) {
$msg = links_save_category($_POST['cid'], $_POST['old_cid'], $_POST['pid'], $_POST['category'], $_POST['description'], COM_applyFilter($_POST['tid']), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]);
$display .= COM_showMessage($msg, 'links');
$display .= links_list_categories($root);
$display .= COM_siteFooter();
// edit category
} else {
if ($mode == 'edit') {
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[56]);
$pid = '';
if (isset($_GET['pid'])) {
$pid = strip_tags(COM_stripslashes($_GET['pid']));
}
$cid = '';
if (isset($_GET['cid'])) {
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// +---------------------------------------------------------------------------+
require_once 'gf_functions.php';
require_once $_CONF['path_system'] . 'lib-story.php';
$page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : '';
$show = isset($_GET['show']) ? COM_applyFilter($_GET['show'], true) : '';
$migrate = isset($_POST['migrate']) ? COM_applyFilter($_POST['migrate']) : '';
$selforum = isset($_POST['selforum']) ? COM_applyFilter($_POST['selforum']) : '';
$curtopic = isset($_POST['seltopic']) ? COM_applyFilter($_POST['seltopic']) : '';
$dpm = isset($_POST['delPostMigrate']) ? COM_applyFilter($_POST['delPostMigrate'], true) : '';
if ($migrate == $LANG_GF01['MIGRATE_NOW'] && $selforum != "select" && !empty($_POST['cb_chkentry']) && SEC_checkToken()) {
$num_stories = 0;
$num_posts = 0;
foreach ($_POST['cb_chkentry'] as $sid) {
if ($curtopic == 'submissions') {
$sql = "SELECT sid,date,uid,title,introtext " . "FROM {$_TABLES['storysubmission']} WHERE sid='{$sid}'";
$result = DB_query($sql);
list($sid, $storydate, $uid, $subject, $introtext) = DB_fetchArray($result);
$num_posts = migratetopic($selforum, $sid, $storydate, $uid, $subject, $introtext, '', '0') + $num_posts;
$num_stories++;
if ($dpm == 1) {
PLG_deleteSubmission('story', $sid);
}
} else {
$sql = "SELECT sid,date,uid,title,introtext,bodytext,hits " . "FROM {$_TABLES['stories']} WHERE sid='{$sid}'";
$result = DB_query($sql);
if (isset($_GET['uid'])) {
$uid = COM_applyFilter($_GET['uid'], true);
}
if ($uid == 1) {
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
$display .= edituser($uid, $msg);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[1]));
} elseif ($mode == 'import' && SEC_checkToken()) {
$display .= importusers();
} elseif ($mode == 'importform') {
$display .= display_batchAddform();
} elseif ($mode == 'batchdelete') {
$display .= batchdelete();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[54]));
} elseif ($mode == $LANG28[78] && !empty($LANG28[78]) && SEC_checkToken()) {
$msg = batchreminders();
$display .= COM_showMessage($msg) . batchdelete();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[11]));
} elseif ($mode == 'batchdeleteexec' && SEC_checkToken()) {
$msg = batchdeleteexec();
$display .= COM_showMessage($msg) . batchdelete();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[11]));
} else {
// 'cancel' or no mode at all
$display .= COM_showMessageFromParameter();
$display .= listusers();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG28[11]));
}
COM_output($display);
break;
}
}
}
}
//===================================================================
// Main
//===================================================================
$cl = new Nmoxtopicown();
if (isset($_POST['mode'])) {
$mode = COM_applyFilter($_POST['mode']);
} else {
$mode = '';
}
if ($mode === 'dbset') {
if (is_callable('SEC_checkToken') and !SEC_checkToken()) {
exit($LANG_NMOXTOPICOWN['invalid_token']);
} else {
$html = $cl->dbset();
header('Location: ' . $_CONF['site_admin_url'] . '/plugins/nmoxtopicown/index.php?msg=done');
exit;
}
} else {
$html = $cl->listup();
}
if (is_callable('COM_createHTMLDocument')) {
$display = COM_createHTMLDocument($html);
} else {
$display = COM_siteHeader() . $html . COM_siteFooter();
}
if (is_callable('COM_output')) {
if (isset($_POST['hidden'])) {
$hidden = COM_applyFilter($_POST['hidden'], true);
}
$parent_id = '';
if (isset($_POST['parent_id'])) {
$parent_id = COM_applyFilter($_POST['parent_id']);
}
$sortnum = 0;
if (isset($_POST['sortnum'])) {
$sortnum = COM_applyFilter($_POST['sortnum'], true);
}
$display .= savetopic(COM_applyFilter($_POST['tid']), $_POST['topic_name'], $inherit, $hidden, $parent_id, $imageurl, $_POST['meta_description'], $_POST['meta_keywords'], $sortnum, COM_applyFilter($_POST['limitnews'], true), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon'], $is_default, $is_archive);
} elseif ($mode == 'edit') {
$tid = '';
if (isset($_GET['tid'])) {
$tid = COM_applyFilter($_GET['tid']);
}
$display .= edittopic($tid);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[1]));
} elseif ($mode == 'change_sortnum' && SEC_checkToken()) {
$display .= COM_showMessageFromParameter();
moveTopics(COM_applyFilter($_GET['tid']), COM_applyFilter($_GET['where']));
$display .= listTopics(SEC_createToken());
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[8]));
} else {
// 'cancel' or no mode at all
$display .= COM_showMessageFromParameter();
$display .= listTopics(SEC_createToken());
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[8]));
}
COM_output($display);
$grp_applydefault = 1;
}
$chk_grpadmin = '';
if (isset($_POST['chk_grpadmin'])) {
$chk_grpadmin = COM_applyFilter($_POST['chk_grpadmin']);
}
$features = array();
if (isset($_POST['features'])) {
$features = $_POST['features'];
}
$groups = array();
if (isset($_POST['groups'])) {
$groups = $_POST['groups'];
}
$display .= savegroup(COM_applyFilter($_POST['grp_id'], true), COM_applyFilter($_POST['grp_name']), $_POST['grp_descr'], $chk_grpadmin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups);
} elseif ($mode == 'savegroupusers' && SEC_checkToken()) {
$grp_id = COM_applyFilter($_REQUEST['grp_id'], true);
$display .= savegroupusers($grp_id, $_POST['groupmembers']);
} elseif ($mode == 'edit') {
$grp_id = 0;
if (isset($_REQUEST['grp_id'])) {
$grp_id = COM_applyFilter($_REQUEST['grp_id'], true);
}
$display .= editgroup($grp_id);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_ACCESS['groupeditor']));
} elseif ($mode == 'listusers') {
$grp_id = COM_applyFilter($_REQUEST['grp_id'], true);
$display .= listusers($grp_id);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_ACCESS['groupmembers']));
} elseif ($mode == 'editusers') {
$grp_id = COM_applyFilter($_REQUEST['grp_id'], true);
// | |
// +--------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once $_CONF['path'] . '/plugins/calendar/autoinstall.php';
USES_lib_install();
if (!SEC_inGroup('Root')) {
// Someone is trying to illegally access this page
COM_errorLog("Someone has tried to illegally access the Calendar install/uninstall page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
$display = COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_startBlock($LANG_ACCESS['accessdenied']) . $LANG_ACCESS['plugin_access_denied_msg'] . COM_endBlock() . COM_siteFooter();
echo $display;
exit;
}
/**
* Main Function
*/
if (SEC_checkToken()) {
$action = COM_applyFilter($_GET['action']);
if ($action == 'install') {
if (plugin_install_calendar()) {
// Redirects to the plugin editor
echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=44');
exit;
} else {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=72');
exit;
}
} else {
if ($action == 'uninstall') {
if (plugin_uninstall_calendar('installed')) {
/**
* Redirects to the plugin editor
if (isset($_POST['execute']) && $_POST['execute'] === JAPANIZE_str('execute') && isset($_POST['A']) && is_array($_POST['A'])) {
$A = 0;
$needChange = true;
foreach ($_POST['A'] as $value) {
$A += (int) COM_applyFilter($value, true);
}
} else {
$A = $current;
}
}
}
$checked = array(1 => ($A & 1) === 1, 2 => ($A & 2) === 2, 3 => ($A & 4) === 4, 4 => ($A & 8) === 8, 5 => ($A & 16) === 16, 6 => ($A & 32) === 32);
$japanized = array(1 => ($current & 1) === 1, 2 => ($current & 2) === 2, 3 => ($current & 4) === 4, 4 => ($current & 8) === 8, 5 => ($current & 16) === 16, 6 => ($current & 32) === 32);
$new = 0;
$msgs = array();
if ($needChange && SEC_checkToken()) {
for ($type = 1; $type <= 6; $type++) {
if ($checked[$type]) {
$new += pow(2, $type - 1);
}
if ($checked[$type] !== $japanized[$type]) {
$lang = $checked[$type] ? 'ja' : 'en';
JAPANIZE_execute($type, $lang);
$msgs[] = JAPANIZE_str('msg_' . $lang . '_' . $type);
}
}
} else {
$new = $current;
}
if (count($msgs) > 0) {
$li_style = ' style="margin: 0 0 0 2em; padding: 0;"';
if ($mode == $LANG_ADMIN['save'] && !empty($LANG_ADMIN['save'])) {
// save
$mode = "save";
} else {
if ($mode == $LANG_ADMIN['delete'] && !empty($LANG_ADMIN['delete'])) {
$mode = "delete";
}
}
if ($action == $LANG_ADMIN['cancel']) {
// cancel
$mode = "";
}
//echo "mode=".$mode."<br>";
if ($mode == "" or $mode == "edit" or $mode == "new" or $mode == "export" or $mode == "sampleimport" or $mode == "copy") {
} else {
if (!SEC_checkToken()) {
// if (SEC_checkToken()){//テスト用
COM_accessLog("User {$_USER['username']} tried to illegally and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
if ($mode == "exportexec") {
LIB_export($pi_name);
exit;
}
if ($mode == "sampleimportexec") {
LIB_sampleimport($pi_name);
}
//
$menuno = 51;
return $selectHTML;
}
/* Check to see if user has checked multiple records to delete */
if (strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') === 0 and $op == 'delchecked' and SEC_checkToken()) {
$chk_record_delete = array();
if (isset($_POST['chk_record_delete'])) {
$chk_record_delete = $_POST['chk_record_delete'];
}
foreach ($chk_record_delete as $id) {
$id = COM_applyFilter($id, true);
DB_query("DELETE FROM {$_TABLES['forum_topic']} WHERE id='{$id}'");
PLG_itemDeleted($id, 'forum');
}
COM_rdfUpToDateCheck('forum');
// forum rss feeds update
} elseif ($op == 'delrecord' and SEC_checkToken()) {
DB_query("DELETE FROM {$_TABLES['forum_topic']} WHERE id='{$id}'");
PLG_itemDeleted($id, 'forum');
COM_rdfUpToDateCheck('forum');
// forum rss feeds update
}
// Page Navigation Logic
if (empty($show)) {
$show = $CONF_FORUM['show_messages_perpage'];
}
// Check if this is the first page.
if (empty($page)) {
$page = 1;
}
$whereSQL = '';
$forumname = '';
