$twig->loadTemplate('news/save.twig')->display(array('PMF_LANG' => $PMF_LANG, 'success' => $success)); } elseif ('updatenews' == $action && $user->perm->checkRight($user->getUserId(), "editnews")) { $dateStart = PMF_Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING); $dateEnd = PMF_Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING); $header = PMF_Filter::filterInput(INPUT_POST, 'newsheader', FILTER_SANITIZE_STRIPPED); $content = PMF_Filter::filterInput(INPUT_POST, 'news', FILTER_SANITIZE_SPECIAL_CHARS); $author = PMF_Filter::filterInput(INPUT_POST, 'authorName', FILTER_SANITIZE_STRIPPED); $email = PMF_Filter::filterInput(INPUT_POST, 'authorEmail', FILTER_VALIDATE_EMAIL); $active = PMF_Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING); $comment = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING); $link = PMF_Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL); $linktitle = PMF_Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_SANITIZE_STRIPPED); $newslang = PMF_Filter::filterInput(INPUT_POST, 'langTo', FILTER_SANITIZE_STRING); $target = PMF_Filter::filterInput(INPUT_POST, 'target', FILTER_SANITIZE_STRIPPED); $newsData = array('lang' => $newslang, 'header' => $header, 'content' => html_entity_decode($content), 'authorName' => $author, 'authorEmail' => $email, 'active' => is_null($active) ? 'n' : 'y', 'comment' => is_null($comment) ? 'n' : 'y', 'dateStart' => empty($dateStart) ? '00000000000000' : str_replace('-', '', $dateStart) . '000000', 'dateEnd' => empty($dateEnd) ? '99991231235959' : str_replace('-', '', $dateEnd) . '235959', 'link' => $link, 'linkTitle' => $linktitle, 'date' => date('YmdHis'), 'target' => is_null($target) ? '' : $target); $newsId = PMF_Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT); $success = $news->updateNewsEntry($newsId, $newsData); $twig->loadTemplate('news/update.twig')->display(array('PMF_LANG' => $PMF_LANG, 'success' => $success)); } elseif ('deletenews' == $action && $user->perm->checkRight($user->getUserId(), "delnews")) { $precheck = PMF_Filter::filterInput(INPUT_POST, 'really', FILTER_SANITIZE_STRING, 'no'); $delete_id = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT); if ('no' == $precheck) { $twig->loadTemplate('news/delete_check.twig')->display(array('PMF_LANG' => $PMF_LANG, 'deleteId' => $delete_id)); } else { $delete_id = PMF_Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT); $news->deleteNews($delete_id); $twig->loadTemplate('news/delete_success.twig')->display(array('PMF_LANG' => $PMF_LANG)); } } else { require 'noperm.php'; }
} } elseif ('updatenews' == $action && $permission["editnews"]) { $dateStart = PMF_Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING, '00000000000000'); $dateEnd = PMF_Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING, '99991231235959'); $header = PMF_Filter::filterInput(INPUT_POST, 'header', FILTER_SANITIZE_STRIPPED); $content = PMF_Filter::filterInput(INPUT_POST, 'content', FILTER_SANITIZE_SPECIAL_CHARS); $author = PMF_Filter::filterInput(INPUT_POST, 'authorName', FILTER_SANITIZE_STRIPPED); $email = PMF_Filter::filterInput(INPUT_POST, 'authorEmail', FILTER_VALIDATE_EMAIL); $active = PMF_Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING); $comment = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING); $link = PMF_Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL); $linktitle = PMF_Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_SANITIZE_STRIPPED); $target = PMF_Filter::filterInput(INPUT_POST, 'target', FILTER_SANITIZE_STRIPPED); $newsData = array('lang' => $LANGCODE, 'header' => $header, 'content' => html_entity_decode($content), 'authorName' => $author, 'authorEmail' => $email, 'active' => is_null($active) ? 'n' : 'y', 'comment' => is_null($comment) ? 'n' : 'y', 'dateStart' => '' == $dateStart ? '00000000000000' : str_replace('-', '', $dateStart) . '000000', 'dateEnd' => '' == $dateEnd ? '99991231235959' : str_replace('-', '', $dateEnd) . '235959', 'link' => $link, 'linkTitle' => $linktitle, 'date' => date('YmdHis'), 'target' => is_null($target) ? '' : $target); $newsId = PMF_Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT); if ($news->updateNewsEntry($newsId, $newsData)) { printf("<p>%s</p>", $PMF_LANG['ad_news_updatesuc']); } else { printf("<p>%s</p>", $PMF_LANG['ad_news_updatefail']); } } elseif ('deletenews' == $action && $permission["delnews"]) { $precheck = PMF_Filter::filterInput(INPUT_POST, 'really', FILTER_SANITIZE_STRING, 'no'); $delete_id = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT); if ('no' == $precheck) { ?> <p><?php print $PMF_LANG["ad_news_del"]; ?> </p> <div align="center"> <form action="?action=deletenews" method="post">