$c_note = $components->addChild('value'); $c_note->addCData(@$comp['value']); $count++; } } exec_action('component-save'); XMLsave($xml, $path . $file); header('Location: components.php?upd=comp-success'); } // if undo was invoked if (isset($_GET['undo'])) { $nonce = $_GET['nonce']; if (!check_nonce($nonce, "undo")) { die("CSRF detected!"); } undo($file, $path, $bakpath); header('Location: components.php?upd=comp-restored'); } //create list of components for html $data = getXML($path . $file); $componentsec = $data->item; $count = 0; if (count($componentsec) != 0) { foreach ($componentsec as $component) { $table .= '<div class="compdiv" id="section-' . @$count . '"><table class="comptable" ><tr><td><b title="Double Click to Edit" class="editable">' . stripslashes(@$component->title) . '</b></td>'; $table .= '<td style="text-align:right;" ><code><?php get_component(<span class="compslugcode">\'' . @$component->slug . '\'</span>); ?></code></td><td class="delete" >'; $table .= '<a href="#" title="' . $i18n['DELETE_COMPONENT'] . ': ' . cl(@$component->title) . '?" id="del-' . $count . '" onClick="DeleteComp(\'' . $count . '\'); return false;" >X</a></td></tr></table>'; $table .= '<textarea name="val[]">' . stripslashes(@$component->value) . '</textarea>'; $table .= '<input type="hidden" class="compslug" name="slug[]" value="' . @$component->slug . '" />'; $table .= '<input type="hidden" class="comptitle" name="title[]" value="' . @stripslashes($component->title) . '" />'; $table .= '<input type="hidden" name="id[]" value="' . @$count . '" />';
if (isset($_GET['flushcache'])) { delete_cache(); $update = 'flushcache-success'; } # if the undo command was invoked if (isset($_GET['undo'])) { # first check for csrf if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) { $nonce = $_GET['nonce']; if (!check_nonce($nonce, "undo")) { die("CSRF detected!"); } } # perform undo undo($file, GSUSERSPATH, GSBACKUSERSPATH); undo($wfile, GSDATAOTHERPATH, GSBACKUPSPATH . 'other/'); generate_sitemap(); # redirect back to yourself to show the new restored data redirect('settings.php?restored=true'); } # was this page restored? if (isset($_GET['restored'])) { $restored = 'true'; } else { $restored = 'false'; } # was the form submitted? if (isset($_POST['submitted'])) { # first check for csrf if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) { $nonce = $_POST['nonce'];
$msg_client = htmlentities($msg['acquisition_recept_add_expl_err'], ENT_QUOTES, $charset); } else { $msg_client = htmlentities($msg['acquisition_recept_add_expl_ok'], ENT_QUOTES, $charset); } show_delivery_form($msg_client); break; case 'update': if (!update()) { $msg_client = htmlentities($msg['acquisition_recept_deliv_err'], ENT_QUOTES, $charset); } else { $msg_client = htmlentities($msg['acquisition_recept_deliv_ok'], ENT_QUOTES, $charset); } show_delivery_form($msg_client); break; case 'update_sug': update_sug(); show_delivery_form(); break; case 'undo': if (!undo()) { $msg_client = htmlentities($msg['acquisition_recept_undo_err'], ENT_QUOTES, $charset); } else { $msg_client = htmlentities($msg['acquisition_recept_undo_ok'], ENT_QUOTES, $charset); } show_delivery_form($msg_client); break; case 'show': default: show_delivery_form(); break; }
$fullpath = suggest_site_path(); $lang_array = getFiles(GSLANGPATH); # initialize these all as null $error = $success = $prettychck = null; # if the flush cache command was invoked if (isset($_GET['flushcache'])) { delete_cache(); $update = 'flushcache-success'; } # if the undo command was invoked if (isset($_GET['undo'])) { check_for_csrf("undo"); # perform undo $bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH); // backups/other/ undo(GSWEBSITEFILE, GSDATAOTHERPATH, $bakpath); generate_sitemap(); # redirect back to yourself to show the new restored data redirect('settings.php?upd=settings-restored'); } # was the form submitted? if (isset($_POST['submitted'])) { check_for_csrf("save_settings"); # website-specific fields if (isset($_POST['sitename'])) { $SITENAME = htmlentities($_POST['sitename'], ENT_QUOTES, 'UTF-8'); } if (isset($_POST['siteurl'])) { $SITEURL = tsl($_POST['siteurl']); } if (isset($_POST['permalink'])) {
if (!filepath_is_safe(GSUSERSPATH . $file, GSUSERSPATH)) { die(i18n_r('ER_REQ_PROC_FAIL')); } // else populate data for user $data = getXML(GSUSERSPATH . $file); $password = $data->PWD; } # if the undo command was invoked if (isset($_GET['undo'])) { if ($_GET['userid'] !== $userid) { die(i18n_r('ER_REQ_PROC_FAIL')); } // if not allowedtoedit then userid is $USR now, so stop undo actions check_for_csrf("undo"); # perform undo $success = undo($file, GSUSERSPATH, GSBACKUSERSPATH); # redirect back to yourself to show the new restored data redirect('profile.php?upd=profile-restored&userid=' . $userid); } # was the form submitted? if (isset($_POST['submitted'])) { check_for_csrf("save_profile"); // if adding a new user if (isset($_POST['add']) && $_POST['add'] == 1 && $allowadd && isset($_POST['user'])) { $adding = true; $userid = strtolower($_POST['user']); $file = _id($userid) . '.xml'; if (path_is_safe(GSUSERSPATH . $file, GSUSERSPATH)) { die(i18n('INVALID_USER')); } if (!path_is_safe(dirname(GSUSERSPATH . $file), GSUSERSPATH, true)) {