if (user_ismember($GLOBALS['sys_news_group'], 'A')) { /* News uber-user admin pages Show all waiting news items except those already rejected. Admin members of project #$sys_news_group (news project) can edit/change/approve news items */ if ($request->get('post_changes') && $request->get('approve')) { $validStatus = new Valid_WhiteList('status', array(0, 1, 2)); if ($request->valid($validStatus)) { $status = $request->get('status'); } else { $status = 0; } $validSummary = new Valid_String('summary'); $validSummary->setErrorMessage('Summary is required'); $validSummary->required(); $validDetails = new Valid_Text('details'); if ($request->valid($validSummary) && $request->valid($validDetails)) { if ($status == 1) { /* Update the db so the item shows on the home page */ $sql = "UPDATE news_bytes SET is_approved='1', date='" . time() . "', " . "summary='" . db_es(htmlspecialchars($request->get('summary'))) . "', details='" . db_es(htmlspecialchars($request->get('details'))) . "' WHERE id=" . db_ei($id); $result = db_query($sql); if (!$result || db_affected_rows($result) < 1) { $GLOBALS['Response']->addFeedback('error', $Language->getText('news_admin_index', 'update_err')); } else { $GLOBALS['Response']->addFeedback('info', $Language->getText('news_admin_index', 'newsbyte_updated')); } } else {
require_once 'bookmarks.php'; require_once 'my_utils.php'; $request = HTTPRequest::instance(); $vId = new Valid_UInt('bookmark_id'); $vId->setErrorMessage('bookmark_id is required'); $vId->required(); if (!$request->valid($vId)) { $GLOBALS['Response']->redirect('/my'); } else { $bookmark_id = (int) $request->get('bookmark_id'); } $vUrl = new Valid_String('bookmark_url'); $vUrl->setErrorMessage('Url is required'); $vUrl->required(); $vTitle = new Valid_String('bookmark_title'); $vTitle->setErrorMessage('Title is required'); $vTitle->required(); $bookmark_url_id = '/my/bookmark_edit.php?bookmark_id=' . $bookmark_id; $csrf_token = new CSRFSynchronizerToken($bookmark_url_id); if ($request->isPost() && $request->valid($vUrl) && $request->valid($vTitle)) { $csrf_token->check(); $bookmark_url = $request->get('bookmark_url'); $bookmark_title = $request->get('bookmark_title'); my_check_bookmark_URL($bookmark_url, $bookmark_url_id); bookmark_edit($bookmark_id, $bookmark_url, $bookmark_title); $GLOBALS['Response']->redirect('/my'); } $purifier = Codendi_HTMLPurifier::instance(); $HTML->header(array("title" => $Language->getText('bookmark_edit', 'title'))); print "<H3>" . $Language->getText('bookmark_edit', 'title') . "</H3>\n"; $result = db_query("SELECT * from user_bookmarks where " . "bookmark_id=" . db_ei($bookmark_id) . " and user_id=" . db_ei(user_getid()));
$vPostChanges = new Valid_WhiteList('post_changes', array('y')); $vPostChanges->required(); if ($request->isPost() && $request->valid($vPostChanges)) { /* Update the DB to reflect the changes */ // // Prepare validators // // Forum Name $vForumName = new Valid_String('forum_name'); $vForumName->setErrorMessage($Language->getText('forum_admin_index', 'params_missing')); $vForumName->required(); // Description $vDescription = new Valid_String('description'); $vDescription->setErrorMessage($Language->getText('forum_admin_index', 'params_missing')); $vDescription->required(); // Is public $vIsPublic = new Valid_WhiteList('is_public', array(0, 1, 9)); $vIsPublic->required(); if ($request->existAndNonEmpty('delete')) { $vMsg = new Valid_Uint('msg_id'); $vMsg->required(); if ($request->valid($vMsg)) { /* Deleting messages or threads */ // First, check if the message exists $sql = "SELECT forum_group_list.group_id, forum.group_forum_id FROM forum,forum_group_list " . "WHERE forum.group_forum_id=forum_group_list.group_forum_id AND forum.msg_id=" . db_ei($msg_id); $result = db_query($sql); if (db_numrows($result) > 0) {
function create($request) { $content_id = false; $vUrl = new Valid_String('url'); $vUrl->setErrorMessage("Can't add empty rss url"); $vUrl->required(); if ($request->validInArray('rss', $vUrl)) { $rss = $request->get('rss'); $vTitle = new Valid_String('title'); $vTitle->required(); if (!$request->validInArray('rss', $vTitle)) { require_once 'common/rss/libs/SimplePie/simplepie.inc'; if (!is_dir($GLOBALS['codendi_cache_dir'] . '/rss')) { mkdir($GLOBALS['codendi_cache_dir'] . '/rss'); } $rss_reader = new SimplePie($rss['url'], $GLOBALS['codendi_cache_dir'] . '/rss', null, $GLOBALS['sys_proxy']); $rss['title'] = $rss_reader->get_title(); } $sql = 'INSERT INTO widget_rss (owner_id, owner_type, title, url) VALUES (' . $this->owner_id . ", '" . $this->owner_type . "', '" . db_escape_string($rss['title']) . "', '" . db_escape_string($rss['url']) . "')"; $res = db_query($sql); $content_id = db_insertid($res); } return $content_id; }
/** * Create a new content for this widget * @param Codendi_Request $request * @return int the id of the new content */ public function create($request) { $content_id = false; $vItem_id = new Valid_String('item_id'); $vItem_id->setErrorMessage("Unable to add the widget. Please give an item id."); $vItem_id->required(); if ($request->validInArray('plugin_docman_widget_embedded', $vItem_id)) { $plugin_docman_widget_embedded = $request->get('plugin_docman_widget_embedded'); $vTitle = new Valid_String('title'); $vTitle->required(); if (!$request->validInArray('plugin_docman_widget_embedded', $vTitle)) { if ($item = $this->getItem($plugin_docman_widget_embedded['item_id'])) { $plugin_docman_widget_embedded['title'] = $item->getTitle(); } } $sql = 'INSERT INTO plugin_docman_widget_embedded (owner_id, owner_type, title, item_id) VALUES (' . $this->owner_id . ", '" . $this->owner_type . "', '" . db_escape_string($plugin_docman_widget_embedded['title']) . "', '" . db_escape_string($plugin_docman_widget_embedded['item_id']) . "')"; $res = db_query($sql); $content_id = db_insertid($res); } return $content_id; }
function create(&$request) { $content_id = false; $vUrl = new Valid_String('url'); $vUrl->setErrorMessage("Can't add empty image url"); $vUrl->required(); if ($request->validInArray('image', $vUrl)) { $image = $request->get('image'); $vTitle = new Valid_String('title'); $vTitle->required(); if (!$request->validInArray('image', $vTitle)) { $image['title'] = 'Image'; } $sql = 'INSERT INTO widget_image (owner_id, owner_type, title, url) VALUES (' . $this->owner_id . ", '" . $this->owner_type . "', '" . db_escape_string($image['title']) . "', '" . db_escape_string($image['url']) . "')"; $res = db_query($sql); $content_id = db_insertid($res); } return $content_id; }
$vThreadId->required(); if ($request->valid($vMonitor) && $request->valid($vThreadId)) { if (user_isloggedin()) { if (!user_monitor_forum($forum_id, user_getid())) { if (!forum_thread_add_monitor($forum_id, $request->get('thread_id'), user_getid())) { $feedback .= $Language->getText('forum_forum_utils', 'insert_err'); } } } } // Note: there is a 'msg_id' send but not used here. $vFollowUp = new Valid_UInt('is_followup_to'); $vFollowUp->required(); $vSubject = new Valid_String('subject'); $vSubject->required(); $vSubject->setErrorMessage($GLOBALS['Language']->getText('forum_forum_utils', 'include_body_and_subject')); $vBody = new Valid_Text('body'); $vBody->required(); $vBody->setErrorMessage($GLOBALS['Language']->getText('forum_forum_utils', 'include_body_and_subject')); if ($request->valid($vThreadId) && $request->valid($vFollowUp) && $request->valid($vSubject) && $request->valid($vBody)) { post_message($request->get('thread_id'), $request->get('is_followup_to'), $request->get('subject'), $request->get('body'), $forum_id); } } /* set up some defaults if they aren't provided */ // Offset if ($request->valid(new Valid_UInt('offset'))) { $offset = $request->get('offset'); } else { $offset = 0;
function create($request) { $content_id = false; $vGroup_id = new Valid_String('group_id'); $vGroup_id->setErrorMessage("Can't add empty WikiPage group_id"); $vGroup_id->required(); if ($request->validInArray('WikiPage', $vGroup_id)) { $WikiPage = $request->get('WikiPage'); $vTitle = new Valid_String('title'); $vTitle->required(); if (!$request->validInArray('WikiPage', $vTitle)) { require_once 'common/rss/libs/SimplePie/simplepie.inc'; if (!is_dir($GLOBALS['codendi_cache_dir'] . '/WikiPage')) { mkdir($GLOBALS['codendi_cache_dir'] . '/WikiPage'); } $WikiPage_reader = new SimplePie($this->getFeedUrl($WikiPage['group_id']), $GLOBALS['codendi_cache_dir'] . '/WikiPage', null, $GLOBALS['sys_proxy']); $WikiPage['title'] = $WikiPage_reader->get_title(); } $sql = 'INSERT INTO widget_wikipage (owner_id, owner_type, title, group_id, wiki_page) VALUES (' . $this->owner_id . ", '" . $this->owner_type . "', '" . db_escape_string($WikiPage['title']) . "', '" . db_escape_string($WikiPage['group_id']) . "', '" . db_escape_string($WikiPage['wiki_page']) . "')"; $res = db_query($sql); $content_id = db_insertid($res); } return $content_id; }