public function before_filter(&$action, &$args) { parent::before_filter($action, $args); // Lock context to user id $this->owner = $GLOBALS['user']; $this->context_id = $this->owner->id; $this->full_access = true; if (Config::get()->PERSONALDOCUMENT_OPEN_ACCESS) { $username = Request::username('username', $GLOBALS['user']->username); $user = User::findByUsername($username); if ($user && $user->id !== $GLOBALS['user']->id) { $this->owner = $user; $this->context_id = $user->id; $this->full_access = Config::get()->PERSONALDOCUMENT_OPEN_ACCESS_ROOT_PRIVILEDGED && $GLOBALS['user']->perms === 'root'; URLHelper::bindLinkParam('username', $username); } } $this->limit = $GLOBALS['user']->cfg->PERSONAL_FILES_ENTRIES_PER_PAGE ?: Config::get()->ENTRIES_PER_PAGE; $this->userConfig = DocUsergroupConfig::getUserConfig($GLOBALS['user']->id); if ($this->userConfig['area_close'] == 1) { $this->redirect('document/closed/index'); } if (Request::isPost()) { CSRFProtection::verifySecurityToken(); } if (($ticket = Request::get('studip-ticket')) && !check_ticket($ticket)) { $message = _('Bei der Verarbeitung Ihrer Anfrage ist ein Fehler aufgetreten.') . "\n" . _('Bitte versuchen Sie es erneut.'); PageLayout::postMessage(MessageBox::error($message)); $this->redirect('document/files/index'); } }
/** * @param $mod_reference * @param $module_params */ function module_user_tasks_public($mod_reference, $module_params) { global $user, $tiki_p_tasks, $prefs; $smarty = TikiLib::lib('smarty'); $tikilib = TikiLib::lib('tiki'); if ($user && isset($tiki_p_tasks) && $tiki_p_tasks == 'y') { global $tasklib; require_once 'lib/tasks/tasklib.php'; $smarty->assign('ownurl', $_SERVER['REQUEST_URI']); $user_groups = $tasklib->get_groups_to_user_with_permissions($user, 'tiki_p_tasks_receive'); if (isset($_REQUEST['modTasksSearch'])) { check_ticket('user-prefs'); $user_group = $_REQUEST['user_group']; $tikilib->set_user_preference($user, 'tasks_modLastSelectedGroup', $user_group); } else { $user_group = $tikilib->get_user_preference($user, 'tasks_modLastSelectedGroup', ''); } $smarty->assign('user_group', $user_group); if ($user_group == '') { $public_tasks = array('data' => ''); } else { $public_tasks = $tasklib->list_tasks($user, '0', '10', NULL, 'priority_asc', false, false, false, false, true, $user_group); } $smarty->assign('public_tasks', $public_tasks['data']); $smarty->assign('user_groups', $user_groups); $smarty->clear_assign('tpl_module_title'); } }
/** * Generic ticket check * * @throws AccessDeniedException if ticket is missing or invalid */ protected function check_ticket() { $ticket = Request::get('studipticket'); if (!$ticket || !check_ticket($ticket)) { throw new InvalidSecurityTokenException(); } }
<?php // (c) Copyright 2002-2013 by authors of the Tiki Wiki CMS Groupware Project // // All Rights Reserved. See copyright.txt for details and a complete list of authors. // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. // $Id: include_security.php 51166 2014-05-07 16:00:38Z arildb $ //this script may only be included - so its better to die if called directly. if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) { header("location: index.php"); exit; } if (isset($_REQUEST["security"])) { check_ticket('admin-inc-security'); } if (!extension_loaded('mcrypt')) { global $smarty; $smarty->assign('no_mcrypt', 'y'); } ask_ticket('admin-inc-security');
$smarty->assign('footerRow', $info["footerRow"]); $smarty->assign('parseValues', $info["parseValues"]); } else { $smarty->assign('className', 'default'); $smarty->assign('headerRow', '0'); $smarty->assign('footerRow', '0'); $smarty->assign('parseValues', 'n'); $smarty->assign('creator', $user); $smarty->assign('parentSheetId', 0); } } $cat_type = 'sheet'; // Process the insertion or modification of a sheet here if (isset($_REQUEST["edit"])) { $access->check_permission('tiki_p_edit_sheet'); check_ticket('sheet'); // Everything is ok so we proceed to edit the gallery $smarty->assign('edit_mode', 'y'); $smarty->assign_by_ref('title', $_REQUEST["title"]); $smarty->assign_by_ref('description', $_REQUEST["description"]); $smarty->assign_by_ref('className', $_REQUEST["className"]); $smarty->assign_by_ref('headerRow', $_REQUEST["headerRow"]); $smarty->assign_by_ref('footerRow', $_REQUEST["footerRow"]); if (isset($_REQUEST['parseValues'])) { $_REQUEST['parseValues'] = 'y'; } else { $_REQUEST['parseValues'] = 'n'; } $smarty->assign_by_ref('parseValues', $_REQUEST['parseValues']); $gid = $sheetlib->replace_sheet($_REQUEST["sheetId"], $_REQUEST["title"], $_REQUEST["description"], isset($_REQUEST['creator']) ? $_REQUEST['creator'] : $user, $_REQUEST['parentSheetId'], $_REQUEST); $cat_objid = $gid;
while (!feof($fp)) { $data .= fread($fp, 8192 * 16); } fclose($fp); if (strlen($data) > 1000000) { $smarty->assign('msg', tra("File is too big")); $smarty->display("error.tpl"); die; } $size = $_FILES['userfile1']['size']; $name = $_FILES['userfile1']['name']; $type = $_FILES['userfile1']['type']; $notepadlib->replace_note($user, 0, $name, $data); } if (isset($_REQUEST["merge"])) { check_ticket('notepad-list'); $merge = ''; $first = true; if (!isset($_REQUEST["note"])) { $smarty->assign('msg', tra("No item indicated")); $smarty->display("error.tpl"); die; } foreach (array_keys($_REQUEST["note"]) as $note) { $data_c = $notepadlib->get_note($user, $note); $data = $data_c['data']; if ($first) { $first = false; $merge .= "---------" . tra('merged note:') . $data_c['name'] . "----" . "\n"; $merge .= $data; } else {
if (!isset($_REQUEST["assign_user"]) || $tiki_p_admin != 'y' && $tiki_p_admin_users != 'y') { $_REQUEST['assign_user'] = $user; $userChoice = 'y'; $smarty->assign_by_ref('userChoice', $userChoice); } else { if (!$userlib->user_exists($_REQUEST['assign_user'])) { $smarty->assign('msg', tra("User doesn't exist")); $smarty->display("error.tpl"); die; } $userChoice = ''; $smarty->assign_by_ref('assign_user', $_REQUEST['assign_user']); } $assign_user = $_REQUEST["assign_user"]; if (isset($_REQUEST["action"])) { check_ticket('admin-assign-user'); if (!isset($_REQUEST["group"])) { $smarty->assign('msg', tra("You have to indicate a group")); $smarty->display("error.tpl"); die; } if ($userChoice == 'y') { $gps = $userlib->get_groups(0, -1, 'groupName_asc', '', '', '', '', $userChoice); $groups = array(); foreach ($gps['data'] as $g) { $groups[$g['groupName']] = $g; } } elseif ($tiki_p_admin != 'y') { $groups = $userlib->get_user_groups_inclusion($user); } if ($_REQUEST["action"] == 'assign') {
} } if (isset($_REQUEST['imagegallistprefs'])) { check_ticket('admin-inc-gal'); $pref_toggles = array('gal_list_name', 'gal_list_parent', 'gal_list_description', 'gal_list_created', 'gal_list_lastmodif', 'gal_list_user', 'gal_list_imgs', 'gal_list_visits'); foreach ($pref_toggles as $toggle) { simple_set_toggle($toggle); } } if (isset($_REQUEST['imagegalcomprefs'])) { check_ticket('admin-inc-gal'); simple_set_value('image_galleries_comments_per_page'); simple_set_value('image_galleries_comments_default_order'); } if (isset($_REQUEST['mvimg']) && isset($_REQUEST['move_gallery'])) { check_ticket('admin-inc-gal'); if ($_REQUEST['mvimg'] == 'to_fs' && $prefs['gal_use_db'] == 'n' || $_REQUEST['mvimg'] == 'to_db' && $prefs['gal_use_db'] == 'y') { $mvresult = $imagegallib->move_gallery_store($_REQUEST['move_gallery'], $_REQUEST['mvimg']); $mvmsg = sprintf(tra('moved %d images, %d errors occurred.'), $mvresult['moved_images'], $mvresult['errors']); if ($mvresult['timeout']) { $mvmsg .= ' ' . tra('a timeout occurred. Hit the reload button to move the rest'); } $tikifeedback[]['mes'] = $mvmsg; } } if (!isset($_REQUEST['maxRows'])) { $_REQUEST['maxRows'] = $prefs['maxRowsGalleries']; } if (!isset($_REQUEST['rowImages'])) { $_REQUEST['rowImages'] = $prefs['rowImagesGalleries']; }
if (!isset($_REQUEST['referer']) && isset($_SERVER['HTTP_REFERER'])) { $_REQUEST['referer'] = $_SERVER['HTTP_REFERER']; } if (isset($_REQUEST['referer'])) { $smarty->assign('referer', $_REQUEST['referer']); } if (isset($_REQUEST['assign'])) { $objectName = isset($_REQUEST['objectName']) ? $_REQUEST['objectName'] : NULL; $objectHref = isset($_REQUEST['objectHref']) ? $_REQUEST['objectHref'] : NULL; $addedGroups = array(); $deletedGroups = array(); if (!isset($_REQUEST['checked'])) { $_REQUEST['checked'] = array(); } $old_watches = $tikilib->get_groups_watching($_REQUEST['objectId'], $_REQUEST['watch_event'], $objectType); check_ticket('object_watches'); foreach ($all_groups as $g) { if (in_array($g, $_REQUEST['checked']) && !in_array($g, $old_watches)) { $tikilib->add_group_watch($g, $_REQUEST['watch_event'], $_REQUEST['objectId'], $objectType, $objectName, $objectHref); $addedGroups[] = $g; } elseif (!in_array($g, $_REQUEST['checked']) && in_array($g, $old_watches)) { $tikilib->remove_group_watch($g, $_REQUEST['watch_event'], $_REQUEST['objectId'], $objectType); $deletedGroups[] = $g; } $smarty->assign_by_ref('addedGroups', $addedGroups); $smarty->assign_by_ref('deletedGroups', $deletedGroups); $group_watches = $_REQUEST['checked']; } if ($objectType == 'Category') { $addedGroupsDesc = array(); $deletedGroupsDesc = array();
$smarty->assign('contentId', $_REQUEST["contentId"]); $smarty->assign('pId', 0); $info = $dcslib->get_content($_REQUEST["contentId"]); $smarty->assign('description', $info["description"]); if (isset($_REQUEST["remove"])) { $access->check_authenticity(); $dcslib->remove_programmed_content($_REQUEST["remove"]); } $smarty->assign('data', ''); $smarty->assign('publishDate', $tikilib->now); //Use 12- or 24-hour clock for $publishDate time selector based on admin and user preferences $userprefslib = TikiLib::lib('userprefs'); $smarty->assign('use_24hr_clock', $userprefslib->get_user_clock_pref($user)); $smarty->assign('actual', ''); if (isset($_REQUEST["save"])) { check_ticket('edit-programmed-content'); if ($_REQUEST['content_type'] == 'page') { $content = 'page:' . $_REQUEST['page_name']; } else { $content = $_REQUEST['data']; } if (!empty($_REQUEST['Time_Meridian'])) { $_REQUEST['Time_Hour'] = date('H', strtotime($_REQUEST['Time_Hour'] . ':00 ' . $_REQUEST['Time_Meridian'])); } $publishDate = TikiLib::make_time($_REQUEST["Time_Hour"], $_REQUEST["Time_Minute"], 0, $_REQUEST["Date_Month"], $_REQUEST["Date_Day"], $_REQUEST["Date_Year"]); $id = $dcslib->replace_programmed_content($_REQUEST["pId"], $_REQUEST["contentId"], $publishDate, $content, $_REQUEST['content_type']); $smarty->assign('data', $_REQUEST["data"]); $smarty->assign('publishDate', $publishDate); $smarty->assign('pId', $id); $_REQUEST['edit'] = $id; }
$usermoduleslib->assign_user_module($_REQUEST["module"], $_REQUEST["position"], $_REQUEST["order"], $user); } if (isset($_REQUEST["up"])) { check_ticket('user-modules'); $usermoduleslib->up_user_module($_REQUEST["up"], $user); } if (isset($_REQUEST["down"])) { check_ticket('user-modules'); $usermoduleslib->down_user_module($_REQUEST["down"], $user); } if (isset($_REQUEST["left"])) { check_ticket('user-modules'); $usermoduleslib->set_column_user_module($_REQUEST["left"], $user, 'l'); } if (isset($_REQUEST["right"])) { check_ticket('user-modules'); $usermoduleslib->set_column_user_module($_REQUEST["right"], $user, 'r'); } $orders = array(); for ($i = 1; $i < 50; $i++) { $orders[] = $i; } $smarty->assign_by_ref('orders', $orders); $assignables = $usermoduleslib->get_user_assignable_modules($user); if (count($assignables) > 0) { $smarty->assign('canassign', 'y'); } else { $smarty->assign('canassign', 'n'); } $modules = $usermoduleslib->get_user_assigned_modules($user); $smarty->assign('modules_l', $usermoduleslib->get_user_assigned_modules_pos($user, 'l'));
if (isset($_REQUEST['mapg'])) { check_ticket('g-admin-roles'); if ($_REQUEST['op'] == 'add') { $users = $userlib->get_group_users($_REQUEST['group']); foreach ($users as $a_user) { $roleManager->map_user_to_role($_REQUEST['pid'], $a_user, $_REQUEST['role']); } } else { $users = $userlib->get_group_users($_REQUEST['group']); foreach ($users as $a_user) { $roleManager->remove_mapping($a_user, $_REQUEST['role']); } } } if (isset($_REQUEST['save_map'])) { check_ticket('g-admin-roles'); if (isset($_REQUEST['user']) && isset($_REQUEST['role'])) { foreach ($_REQUEST['user'] as $a_user) { foreach ($_REQUEST['role'] as $role) { $roleManager->map_user_to_role($_REQUEST['pid'], $a_user, $role); } } } } // list mappings if (!isset($_REQUEST["sort_mode"])) { $sort_mode = 'name_asc'; } else { $sort_mode = $_REQUEST["sort_mode"]; } if (!isset($_REQUEST["offset"])) {
$smarty->assign('mail_site', $_SERVER['SERVER_NAME']); $subject = $smarty->fetch('mail/share_subject.tpl'); } } $smarty->assign('subject', $subject); if (isset($_REQUEST['send'])) { if (!empty($_REQUEST['comment'])) { $smarty->assign('comment', $_REQUEST['comment']); } if (!empty($_REQUEST['share_token_notification'])) { $smarty->assign('share_token_notification', $_REQUEST['share_token_notification']); } if (!empty($_REQUEST['how_much_time_access'])) { $smarty->assign('how_much_time_access', $_REQUEST['how_much_time_access']); } check_ticket('share'); if (empty($user) && $prefs['feature_antibot'] == 'y' && !$captchalib->validate()) { $errors[] = $captchalib->getErrors(); } else { if ($report == 'y') { $email = !empty($prefs['feature_site_report_email']) ? $prefs['feature_site_report_email'] : (!empty($prefs['sender_email']) ? $prefs['sender_email'] : ''); if (empty($email)) { $errors[] = tra("The mail can't be sent. Contact the administrator"); } $_REQUEST['addresses'] = $email; $_REQUEST['do_email'] = 1; } if (isset($_REQUEST['do_email']) and $_REQUEST['do_email'] == 1) { // send // Fix for multi adresses with autocomplete funtionnality if (substr($_REQUEST['addresses'], -2) == ', ') {
$menulib->remove_menu($_REQUEST['remove']); } if (isset($_REQUEST['save'])) { $access->check_ticket(); if (!isset($_REQUEST['icon'])) { $_REQUEST['icon'] = null; } $_REQUEST['use_items_icons'] = isset($_REQUEST['use_items_icons']) && $_REQUEST['use_items_icons'] == 'on' ? 'y' : 'n'; $_REQUEST['parse'] = isset($_REQUEST['parse']) && $_REQUEST['parse'] == 'on' ? 'y' : 'n'; $menulib->replace_menu($_REQUEST['menuId'], $_REQUEST['name'], $_REQUEST['description'], $_REQUEST['type'], $_REQUEST['icon'], $_REQUEST['use_items_icons'], $_REQUEST['parse']); $_REQUEST['menuId'] = 0; $smarty->assign('menuId', 0); $smarty->assign('info', array('name' => '', 'description' => '', 'type' => 'd', 'icon' => null, 'use_items_icons' => 'n', 'parse' => 'n')); } if (isset($_REQUEST['clone']) && $_REQUEST['menuId'] > 0) { check_ticket('admin-menus'); $menulib->clone_menu($_REQUEST['menuId']); } if (isset($_REQUEST['reset'])) { $access->check_authenticity(tra('Are you sure you want to reset the Application Menu to the current system default?')); $menulib->reset_app_menu(); } if (!isset($_REQUEST['sort_mode'])) { $sort_mode = 'name_desc'; } else { $sort_mode = $_REQUEST['sort_mode']; } $smarty->assign_by_ref('sort_mode', $sort_mode); if (!isset($_REQUEST['offset'])) { $offset = 0; } else {
$questions = TextToQuestions($_REQUEST['input_data']); foreach ($questions as $question) { $question_text = $question->getQuestion(); $id = $quizlib->replace_quiz_question(0, $question_text, 'o', $_REQUEST['quizId'], 0); $temp_max = $question->getChoiceCount(); for ($i = 0; $i < $temp_max; $i++) { $a = $question->GetChoice($i); $b = $question->GetCorrect($i); $quizlib->replace_question_option(0, $a, $b, $id); } } $smarty->assign('question', ''); $smarty->assign('questionId', 0); } if (isset($_REQUEST['useQuestion'])) { check_ticket('edit-quiz-question'); $info = $quizlib->get_quiz_question($_REQUEST['usequestionid']); $qid = $quizlib->replace_quiz_question(0, $info['question'], $info['type'], $_REQUEST['quizId'], $_REQUEST['position']); $options = $quizlib->list_quiz_question_options($info['questionId'], 0, -1, 'points_desc', ''); foreach ($options['data'] as $opt) { $quizlib->replace_question_option(0, $opt['optionText'], $opt['points'], $qid); } } if (!isset($_REQUEST['sort_mode'])) { $sort_mode = 'position_asc'; } else { $sort_mode = $_REQUEST['sort_mode']; } if (!isset($_REQUEST['offset'])) { $offset = 0; } else {
<?php // (c) Copyright 2002-2012 by authors of the Tiki Wiki CMS Groupware Project // // All Rights Reserved. See copyright.txt for details and a complete list of authors. // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. // $Id: include_metrics.php 39469 2012-01-12 21:13:48Z changi67 $ //this script may only be included - so its better to die if called directly. if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) { header("location: index.php"); exit; } check_ticket('admin-inc-metrics'); ask_ticket('admin-inc-metrics');
if ($prefs['change_password'] != 'y') { $smarty->assign('errortype', 401); $smarty->assign('msg', tra("Permission denied")); $smarty->display("error.tpl"); die; } if (!isset($_REQUEST["user"])) { $_REQUEST["user"] = ''; } if (!isset($_REQUEST["oldpass"])) { $_REQUEST["oldpass"] = ''; } $smarty->assign('userlogin', $_REQUEST["user"]); $smarty->assign('oldpass', $_REQUEST["oldpass"]); if (isset($_REQUEST["change"])) { check_ticket('change-password'); // Check that pass and pass2 match, otherwise display error and exit if ($_REQUEST["pass"] != $_REQUEST["pass2"]) { $smarty->assign('msg', tra("The passwords do not match")); $smarty->display("error.tpl"); die; } // Check that new password is different from old password, otherwise display error and exit if ($_REQUEST["pass"] == $_REQUEST["oldpass"]) { $smarty->assign('msg', tra("You can not use the same password again")); $smarty->display("error.tpl"); die; } $polerr = $userlib->check_password_policy($_REQUEST["pass"]); if (strlen($polerr) > 0) { $smarty->assign('msg', $polerr);
<?php // (c) Copyright 2002-2013 by authors of the Tiki Wiki CMS Groupware Project // // All Rights Reserved. See copyright.txt for details and a complete list of authors. // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. // $Id: tiki-search_stats.php 44444 2013-01-05 21:24:24Z changi67 $ require_once 'tiki-setup.php'; include_once 'lib/search/searchstatslib.php'; //get_strings tra('Search Stats') $access->check_feature('feature_search_stats'); $access->check_permission('tiki_p_admin'); if (isset($_REQUEST["clear"])) { check_ticket('search-stats'); $searchstatslib->clear_search_stats(); } if (!isset($_REQUEST["sort_mode"])) { $sort_mode = 'hits_desc'; } else { $sort_mode = $_REQUEST["sort_mode"]; } if (!isset($_REQUEST["offset"])) { $offset = 0; } else { $offset = $_REQUEST["offset"]; } $smarty->assign_by_ref('offset', $offset); if (isset($_REQUEST["find"])) { $find = $_REQUEST["find"]; } else { $find = '';
<?php // $Header: /cvsroot/tikiwiki/tiki/tiki-admin_include_community.php,v 1.1.2.7 2005/04/25 09:34:06 lfagundes Exp $ // Copyright (c) 2002-2005, Luis Argerich, Garland Foster, Eduardo Polidor, et. al. // All Rights Reserved. See copyright.txt for details and a complete list of authors. // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. //this script may only be included - so its better to die if called directly. if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) { header("location: index.php"); exit; } if (isset($_REQUEST["mouseoverfeatures"])) { check_ticket('admin-inc-community'); simple_set_toggle("feature_community_mouseover"); simple_set_toggle("feature_community_mouseover_name"); simple_set_toggle("feature_community_mouseover_picture"); simple_set_toggle("feature_community_mouseover_friends"); simple_set_toggle("feature_community_mouseover_score"); simple_set_toggle("feature_community_mouseover_country"); simple_set_toggle("feature_community_mouseover_email"); simple_set_toggle("feature_community_mouseover_lastlogin"); simple_set_toggle("feature_community_mouseover_distance"); } /* This is desired future feature if (isset($_REQUEST["friendshipfeatures"])) { check_ticket('admin-inc-community'); simple_set_toggle("feature_community_friends_permission"); simple_set_int("feature_community_friends_permission_dep"); } */
<?php // (c) Copyright 2002-2013 by authors of the Tiki Wiki CMS Groupware Project // // All Rights Reserved. See copyright.txt for details and a complete list of authors. // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. // $Id: include_blogs.php 44444 2013-01-05 21:24:24Z changi67 $ // This script may only be included - so its better to die if called directly. if (strpos($_SERVER['SCRIPT_NAME'], basename(__FILE__)) !== false) { header('location: index.php'); exit; } if (isset($_REQUEST['bloglistconf'])) { check_ticket('admin-inc-blogs'); } if (isset($_REQUEST['blogcomprefs'])) { check_ticket('admin-inc-blogs'); } ask_ticket('admin-inc-blogs'); $smarty->assign_by_ref('blogs', $blogs['data']);
$smarty->assign('hasImage', 'n'); $smarty->assign('imageName', ''); $smarty->assign('imageType', ''); } if (isset($_REQUEST["removeZone"])) { $area = 'delbannerzone'; if ($feature_ticketlib2 != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); $bannerlib->banner_remove_zone($_REQUEST["removeZone"]); } else { key_get($area); } } // Now assign if the set button was pressed if (isset($_REQUEST["save"]) || isset($_REQUEST["create_zone"])) { check_ticket('edit-banner'); $fromDate = mktime(0, 0, 0, $_REQUEST["fromDate_Month"], $_REQUEST["fromDate_Day"], $_REQUEST["fromDate_Year"]); $toDate = mktime(0, 0, 0, $_REQUEST["toDate_Month"], $_REQUEST["toDate_Day"], $_REQUEST["toDate_Year"]); $fromTime = '' . $_REQUEST["fromTimeHour"] . $_REQUEST["fromTimeMinute"] . ''; $toTime = '' . $_REQUEST["toTimeHour"] . $_REQUEST["toTimeMinute"] . ''; $smarty->assign('fromDate', $fromDate); $smarty->assign('toDate', $toDate); $smarty->assign('fromTime', $_REQUEST["fromTimeHour"] . ':' . $_REQUEST["fromTimeMinute"]); $smarty->assign('toTime', $_REQUEST["toTimeHour"] . ':' . $_REQUEST["toTimeMinute"]); $smarty->assign('client', $_REQUEST["client"]); $smarty->assign('maxImpressions', $_REQUEST["maxImpressions"]); $smarty->assign('HTMLData', $_REQUEST["HTMLData"]); $smarty->assign('fixedURLData', $_REQUEST["fixedURLData"]); $smarty->assign('textData', $_REQUEST["textData"]); if (isset($_REQUEST["zone"])) { $smarty->assign('zone', $_REQUEST["zone"]);
$menulib->remove_menu_option($id); } $maxPos = $menulib->get_max_option($_REQUEST['menuId']); $smarty->assign('position', $maxPos + 10); } if (isset($_REQUEST["save"])) { if (!isset($_REQUEST['groupname'])) { $_REQUEST['groupname'] = ''; } elseif (is_array($_REQUEST['groupname'])) { $_REQUEST['groupname'] = implode(',', $_REQUEST['groupname']); } if (!isset($_REQUEST['level'])) { $_REQUEST['level'] = 0; } include_once 'lib/modules/modlib.php'; check_ticket('admin-menu-options'); $menulib->replace_menu_option($_REQUEST["menuId"], $_REQUEST["optionId"], $_REQUEST["name"], $_REQUEST["url"], $_REQUEST["type"], $_REQUEST["position"], $_REQUEST["section"], $_REQUEST["perm"], $_REQUEST["groupname"], $_REQUEST['level'], $_REQUEST['icon']); $modlib->clear_cache(); $smarty->assign('position', $_REQUEST["position"] + 10); $smarty->assign('name', ''); $smarty->assign('optionId', 0); $smarty->assign('url', ''); $smarty->assign('section', ''); $smarty->assign('perm', ''); $smarty->assign('groupname', ''); $smarty->assign('userlevel', 0); $smarty->assign('type', 'o'); $smarty->assign('icon', ''); $cookietab = 1; } if (!isset($_REQUEST["sort_mode"])) {
$info = $minicallib->minical_get_event($user, $_REQUEST["eventId"]); $info['start'] += $tikilib->get_site_time_difference($user); $ev_pdate = $info['start']; $ev_pdate_h = $info['start']; } else { $info = array(); $info['title'] = ''; $info['topicId'] = 0; $info['description'] = ''; $info['start'] = mktime(date("H"), date("i"), date("s"), date("m", $pdate), date("d", $pdate), date("Y", $pdate)); $info['duration'] = 60 * 60; } $smarty->assign('ev_pdate', $ev_pdate); $smarty->assign('ev_pdate_h', $ev_pdate_h); if (isset($_REQUEST['save'])) { check_ticket('minical'); $start = mktime($_REQUEST['Time_Hour'], $_REQUEST['Time_Minute'], 0, $_REQUEST['Date_Month'], $_REQUEST['Date_Day'], $_REQUEST['Date_Year']); $start -= $tikilib->get_site_time_difference($user); $minicallib->minical_replace_event($user, $_REQUEST["eventId"], $_REQUEST["title"], $_REQUEST["description"], $start, $_REQUEST['duration_hours'] * 60 * 60 + $_REQUEST['duration_minutes'] * 60, $_REQUEST['topicId']); $info = array(); $info['title'] = ''; $info['topicId'] = 0; $info['description'] = ''; $info['start'] = mktime(date("h"), date("i"), date("s"), date("m", $pdate), date("d", $pdate), date("Y", $pdate)); $info['duration'] = 60 * 60; $_REQUEST["eventId"] = 0; } $smarty->assign('eventId', $_REQUEST["eventId"]); $smarty->assign('info', $info); //Check here the interval for the calendar if (!isset($_REQUEST['view'])) {
$smarty->assign('url_base', $foo["path"] . "?galleryId={$galleryId}&sort_mode={$sort_mode}" . ($popup ? '&popup=y' : '') . '&imageId='); $smarty->assign('url_show', $tikilib->httpPrefix() . $foo2); $imagegallib->add_image_hit($imageId); $info = $imagegallib->get_image_info($imageId); $maxgal = $gal_info['maxRows'] * $gal_info['rowImages']; $smarty->assign('offset', $maxgal ? $offset - $offset % $maxgal : 0); //$smarty->assign_by_ref('theme',$gal_info["theme"]); //$smarty->assign('use_theme','y'); if ($prefs['feature_gal_slideshow'] != 'n') { $headerlib->add_jsfile('lib/imagegals/imagegallib.js', 50); $listImgId = implode(',', $listImgId); $smarty->assign('listImgId', $listImgId); } // Everybody can browse images if (isset($_REQUEST["move_image"])) { check_ticket('browse-image'); if ($tiki_p_admin_galleries != 'y' && (!$user || $user != $gal_info["user"])) { $smarty->assign('errortype', 401); $smarty->assign('msg', tra("You do not have permission to move images from this gallery")); $smarty->display("error.tpl"); die; } if (isset($_REQUEST["newname"]) and $_REQUEST["newname"] != $info["name"]) { if ($imagegallib->edit_image($imageId, $_REQUEST['newname'], $info['description'], $info['lat'], $info['lon'])) { $info['name'] = $_REQUEST['newname']; } } $imagegallib->move_image($imageId, $_REQUEST["newgalleryId"]); $info['galleryId'] = $_REQUEST["newgalleryId"]; } $smarty->assign_by_ref('owner', $gal_info["user"]);
if (isset($_REQUEST["section_events"]) && $_REQUEST["section_events"] == 'on') { $info["section_events"] = 'y'; } else { $info["section_events"] = 'n'; } if (isset($_REQUEST["section_cms"]) && $_REQUEST["section_cms"] == 'on') { $info["section_cms"] = 'y'; } else { $info["section_cms"] = 'n'; } $info["content"] = $_REQUEST["content"]; $info["name"] = $_REQUEST["name"]; $smarty->assign('info', $info); } if (isset($_REQUEST["save"])) { check_ticket('admin-content-templates'); $tid = $templateslib->replace_template($_REQUEST["templateId"], $_REQUEST["name"], $_REQUEST["content"]); $smarty->assign("templateId", '0'); $info["name"] = ''; $info["content"] = ''; $info["section_cms"] = 'n'; $info["section_wiki"] = 'n'; $info["section_newsletters"] = 'n'; $info["section_events"] = 'n'; $info["section_html"] = 'n'; $smarty->assign('info', $info); if (isset($_REQUEST["section_html"]) && $_REQUEST["section_html"] == 'on') { $templateslib->add_template_to_section($tid, 'html'); } else { $templateslib->remove_template_from_section($tid, 'html'); }
if (isset($_REQUEST["comments_reply_threadId"]) && !empty($_REQUEST["comments_reply_threadId"])) { $reply_info = $commentslib->get_comment($_REQUEST["comments_reply_threadId"]); $in_reply_to = $reply_info["message_id"]; } else { $in_reply_to = ''; } // Remove HTML tags and empty lines at the end of the posted comment $_REQUEST["comments_data"] = rtrim(strip_tags($_REQUEST["comments_data"])); if ($tiki_p_forum_autoapp != 'y' && ($forum_info['approval_type'] == 'queue_all' || !$user && $forum_info['approval_type'] == 'queue_anon')) { $smarty->assign('was_queued', 'y'); $_REQUEST['was_queued'] = 'y'; $qId = $commentslib->replace_queue(0, $_REQUEST['forumId'], $comments_objectId, $parent_id, $user, $_REQUEST["comments_title"], $_REQUEST["comments_data"], 'n', '', '', $thread_info['title'], $in_reply_to); // PROCESS ATTACHMENT HERE if ($qId && isset($_FILES['userfile1']) && !empty($_FILES['userfile1']['name'])) { if (is_uploaded_file($_FILES['userfile1']['tmp_name'])) { check_ticket('view-forum'); $fp = fopen($_FILES['userfile1']['tmp_name'], "rb"); $commentslib->add_thread_attachment($forum_info, $qId, $fp, '', $_FILES['userfile1']['name'], $_FILES['userfile1']['type'], $_FILES['userfile1']['size']); } else { $smarty->assign('msg', $tikilib->uploaded_file_error($_FILES['userfile1']['error'])); $smarty->display("error.tpl"); die; } } //END ATTACHMENT PROCESSING } else { $smarty->assign('was_queued', 'n'); $_REQUEST['was_queued'] = 'n'; if ($_REQUEST["comments_threadId"] == 0) { $message_id = ''; if (isset($_REQUEST["anonymous_name"])) {
$smarty->assign('faq_info', $faq_info); if (!isset($_REQUEST["sort_mode"])) { $sort_mode = 'position_asc,questionId_asc'; } else { $sort_mode = $_REQUEST["sort_mode"]; } if (isset($_REQUEST["find"])) { $find = $_REQUEST["find"]; } else { $find = ''; } $smarty->assign('find', $find); $channels = $faqlib->list_faq_questions($_REQUEST["faqId"], 0, -1, 'position_asc,questionId_asc', $find); $smarty->assign_by_ref('channels', $channels["data"]); if (isset($_REQUEST["sugg"])) { check_ticket('view-faq'); if ($tiki_p_suggest_faq == 'y') { if (empty($user) && $prefs['feature_antibot'] == 'y' && !$captchalib->validate()) { $error = $captchalib->getErrors(); $smarty->assign('error', $error); // Save the pending question and answer if antibot code is wrong $smarty->assign('pendingquestion', $_REQUEST["suggested_question"]); $smarty->assign('pendinganswer', $_REQUEST["suggested_answer"]); } else { if (!empty($_REQUEST["suggested_question"])) { $faqlib->add_suggested_faq_question($_REQUEST["faqId"], $_REQUEST["suggested_question"], $_REQUEST["suggested_answer"], $user); } else { $error = tra('You must suggest a question; please try again.'); $smarty->assign('error', $error); // Save the pending answer if question is empty $smarty->assign('pendinganswer', $_REQUEST["suggested_answer"]);
if ($prefs['feature_wysiwyg'] == 'y' && ($prefs['wysiwyg_default'] == 'y' && !isset($_REQUEST['wysiwyg'])) || isset($_REQUEST['wysiwyg']) && $_REQUEST['wysiwyg'] == 'y') { $smarty->assign('wysiwyg', 'y'); $is_wysiwyg = true; } else { $smarty->assign('wysiwyg', 'n'); $is_wysiwyg = false; } if ($postId > 0) { if (empty($data["data"])) { $data["data"] = ''; } $smarty->assign('post_info', $data); $smarty->assign('data', $data['data']); $smarty->assign('parsed_data', $tikilib->parse_data($data['data'], array('is_html' => $is_wysiwyg))); $smarty->assign('blogpriv', $data['priv']); check_ticket('blog'); $post_images = $bloglib->get_post_images($postId); $smarty->assign_by_ref('post_images', $post_images); $cat_type = 'blog post'; $cat_objid = $postId; if (isset($_REQUEST['lang'])) { $cat_lang = $_REQUEST['lang']; } } include_once 'freetag_list.php'; $smarty->assign('preview', 'n'); if ($tiki_p_admin != 'y') { if ($tiki_p_use_HTML != 'y') { $_REQUEST["allowhtml"] = 'off'; } }
$info["publishDate"] = $tikilib->now; } $smarty->assign('title', $info["title"]); $smarty->assign('active', $info["active"]); $smarty->assign('publishDate', $info["publishDate"]); if (isset($_REQUEST["remove"])) { $area = 'delpoll'; if ($prefs['feature_ticketlib2'] != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); $polllib->remove_poll($_REQUEST["remove"]); } else { key_get($area); } } if (isset($_REQUEST["save"])) { check_ticket('admin-polls'); $publishDate = mktime($_REQUEST["Time_Hour"], $_REQUEST["Time_Minute"], 0, $_REQUEST["Date_Month"], $_REQUEST["Date_Day"], $_REQUEST["Date_Year"]); $pid = $polllib->replace_poll($_REQUEST["pollId"], $_REQUEST["title"], $_REQUEST["active"], $publishDate); $cat_type = 'poll'; $cat_objid = $pid; $cat_desc = substr($_REQUEST["title"], 0, 200); $cat_name = $_REQUEST["title"]; $cat_href = "tiki-poll_results.php?pollId=" . $cat_objid; include_once "categorize.php"; } if (isset($_REQUEST['addPoll']) && !empty($_REQUEST['poll_template']) && !empty($_REQUEST['pages'])) { global $wikilib; include_once 'lib/wiki/wikilib.php'; global $categlib; include_once 'lib/categories/categlib.php'; $cat_type = 'wiki page';
$_SESSION['show_submitted'] = true; } else { $_SESSION['show_submitted'] = false; } if (isset($_REQUEST['show_shared'])) { $_SESSION['show_shared'] = true; } else { $_SESSION['show_shared'] = false; } if (isset($_REQUEST['show_admin'])) { $_SESSION['show_admin'] = true; } else { $_SESSION['show_admin'] = false; } if (isset($_REQUEST['tasks_maxRecords'])) { check_ticket('user-prefs'); $tikilib->set_user_preference($user, 'tasks_maxRecords', $_REQUEST['tasks_maxRecords']); } } if ($task_admin and isset($_REQUEST["admin_mode"]) and $task_admin) { $admin_mode = true; $_SESSION['admin_mode'] = true; } if ($task_admin and isset($_REQUEST["admin_mode_off"])) { $admin_mode = false; $_SESSION['admin_mode'] = false; } if ($_SESSION['admin_mode'] and $task_admin) { $admin_mode = true; $smarty->assign('admin_mode', $admin_mode); } else {