// Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('item'); // Check edit permission: $current_User->check_perm('item_post!CURSTATUS', 'edit', true, $edited_Item); // We need early decoding of these in order to check permissions: param('post_status', 'string', 'published'); if ($action == 'update_publish') { // load publish status from param, because a post can be published to many status $post_status = load_publish_status(); } // Check if new category was started to create. If yes check if it is valid. $isset_category = check_categories($post_category, $post_extracats); // Check permission on statuses: $current_User->check_perm('cats_post!' . $post_status, 'edit', true, $post_extracats); // Check permission on post type: check_perm_posttype($post_extracats); // Is this post already published? $was_published = $edited_Item->status == 'published'; // UPDATE POST: // Set the params we already got: $edited_Item->set('status', $post_status); if ($isset_category) { // we change the categories only if the check was succesfull $edited_Item->set('main_cat_ID', $post_category); $edited_Item->set('extra_cat_IDs', $post_extracats); } // Set object params: $edited_Item->load_from_Request(false); $Plugins->trigger_event('AdminBeforeItemEditUpdate', array('Item' => &$edited_Item)); // Params we need for tab switching (in case of error or if we save&edit) $tab_switch_params = 'p=' . $edited_Item->ID;
} // REDIRECT / EXIT header_redirect($edited_Item->get_tinyurl()); break; case 'update': // Update an existing post // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('item'); // Check edit permission: $current_User->check_perm('item_post!CURSTATUS', 'edit', true, $edited_Item); // Check if new category was started to create. If yes check if it is valid. $isset_category = check_categories($post_category, $post_extracats); // Get requested Post Type: $item_typ_ID = param('item_typ_ID', 'integer', true); // Check permission on post type: (also verifies that post type is enabled and NOT reserved) check_perm_posttype($item_typ_ID, $post_extracats); // UPDATE POST: // Set the params we already got: $edited_Item->set('status', $post_status); if ($isset_category) { // we change the categories only if the check was succesfull $edited_Item->set('main_cat_ID', $post_category); $edited_Item->set('extra_cat_IDs', $post_extracats); } // Set object params: $edited_Item->load_from_Request(false); $Plugins->trigger_event('AdminBeforeItemEditUpdate', array('Item' => &$edited_Item)); // Params we need for tab switching (in case of error or if we save&edit) $tab_switch_params = 'p=' . $edited_Item->ID; if ($Messages->has_errors()) { // There have been some validation errors: