COM_accessLog("User {$_USER['username']} tried to illegally delete route {$rid} and failed CSRF checks.");
$display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
echo $display;
die;
break;
case $LANG_ADMIN['save']:
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to illegally save route {$rid} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
die;
}
$method = \Geeklog\Input::fPost('method', '');
$rule = \Geeklog\Input::post('rule', '');
$route = \Geeklog\Input::post('route', '');
$priority = \Geeklog\Input::fPost('priority', Router::DEFAULT_PRIORITY);
$display = saveRoute($rid, $method, $rule, $route, $priority);
break;
case 'edit':
$content = getRouteEditor($rid);
$display = COM_createHTMLDocument($content, array('pagetitle' => $LANG_ROUTER[2]));
break;
case 'move':
if (SEC_checkToken()) {
moveRoute($rid);
}
$content = listRoutes();
$display = COM_createHTMLDocument($content, array('pagetitle' => $LANG_ROUTER[2]));
break;
default:
// 'cancel' or no mode at all
/**
* Delete language items
*/
public static function adminMassDelete()
{
global $_CONF, $_TABLES;
self::checkAccessRights();
self::checkSecurityToken();
$ids = \Geeklog\Input::fPost('delitem', array());
if (!is_array($ids)) {
$ids = (array) $ids;
}
if (count($ids) === 0) {
self::adminShowList();
} else {
foreach ($ids as &$id) {
$id = intval($id, 10);
}
unset($id);
$sql = "DELETE FROM {$_TABLES['language_items']} " . " WHERE (id IN (" . implode(',', $ids) . ")) ";
DB_query($sql);
$redirect = $_CONF['site_admin_url'] . '/language.php?msg=130';
header('Location: ' . $redirect);
}
}
/**
* Build a comment list
*
* @param string $suffix
* @param string $tableName
* @param string $securityToken
* @return string
*/
function ADMIN_buildCommentList($suffix, $tableName, $securityToken)
{
global $_CONF, $_PLUGINS, $_TABLES, $LANG_ADMIN, $LANG01, $LANG03, $LANG28, $LANG29;
$headerArray = array(array('text' => '<input type="checkbox" name="select_all' . $suffix . '" id="select_all' . $suffix . '"' . XHTML . '>', 'field' => 'selector', 'sort' => false), array('text' => $LANG01[4], 'field' => 'edit', 'sort' => false), array('text' => $LANG_ADMIN['type'], 'field' => 'type', 'sort' => true), array('text' => $LANG29[36], 'field' => 'sid', 'sort' => true), array('text' => $LANG29[14], 'field' => 'date', 'sort' => true), array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), array('text' => $LANG03[9], 'field' => 'comment', 'sort' => true), array('text' => $LANG28[3], 'field' => 'uid', 'sort' => true), array('text' => $LANG03[105], 'field' => 'ipaddress', 'sort' => true));
$defaultSortArray = array('field' => 'date', 'direction' => 'desc');
$textArray = array('has_extras' => true, 'title' => $suffix === SUFFIX_COMMENTS ? $LANG03[101] : $LANG29[41], 'form_url' => $_CONF['site_admin_url'] . '/comment.php');
$itemType = \Geeklog\Input::fPost('item_type', '');
switch ($itemType) {
case 'article':
case 'all':
break;
case 'staticpages':
if (!in_array('staticpages', $_PLUGINS)) {
$itemType = '';
}
break;
case 'polls':
if (!in_array('polls', $_PLUGINS)) {
$itemType = '';
}
break;
default:
$itemType = '';
break;
}
if ($itemType === '' || $itemType === 'all') {
$sqlForType = '';
} else {
$sqlForType = " AND (type = '" . DB_escapeString($itemType) . "') ";
}
$queryArray = array('table' => $tableName, 'sql' => "SELECT * FROM " . $_TABLES[$tableName] . " WHERE (1 = 1) ", 'query_fields' => array('type', 'sid', 'date', 'title', 'comment', 'uid', 'ipaddress'), 'default_filter' => $sqlForType . COM_getPermSql('AND'));
$filter = getTypeSelector($itemType);
$options = array();
$actionSelector = '<select name="bulk_action' . $suffix . '" id="bulk_action' . $suffix . '">' . LB . '<option value="do_nothing">' . $LANG03[102] . '</option>' . LB;
if ($suffix === SUFFIX_COMMENT_SUBMISSIONS) {
$actionSelector .= '<option value="bulk_approve">' . $LANG29[1] . '</option>' . LB;
}
$actionSelector .= '<option value="bulk_delete">' . $LANG29[2] . '</option>' . LB . '<option value="bulk_ban_user">' . $LANG03[103] . '</option>' . LB;
if (in_array('spamx', $_PLUGINS)) {
$actionSelector .= '<option value="bulk_ban_ip_address">' . $LANG03[104] . '</option>' . LB;
}
$actionSelector .= '</select>' . LB . '<input type="submit" name="submit" id="bulk_action_submit' . $suffix . '" value="' . $LANG_ADMIN['submit'] . '"' . XHTML . '>' . LB . '<input type="hidden" name="list" value="' . $suffix . '"' . XHTML . '>' . LB;
$securityTokenTag = '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $securityToken . '"' . XHTML . '>' . LB;
$formArray = array('top' => '', 'bottom' => $actionSelector . $securityTokenTag);
$commentList = ADMIN_list('comments', 'ADMIN_getListField_comments', $headerArray, $textArray, $queryArray, $defaultSortArray, $filter, $suffix, $options, $formArray);
return $commentList;
}
* so it's safe to always use your own copy.
* This should hold all custom hacks to make upgrading easier.
*/
if (file_exists($_CONF['path_system'] . 'lib-custom.php')) {
require_once $_CONF['path_system'] . 'lib-custom.php';
}
// Session management library
require_once $_CONF['path_system'] . 'lib-sessions.php';
SESS_sessionCheck();
// Load user data
TimeZoneConfig::setUserTimeZone();
if (COM_isAnonUser()) {
$_USER['advanced_editor'] = $_CONF['advanced_editor'];
}
// Retrieve new topic if found
$topic = \Geeklog\Input::fGet('topic', \Geeklog\Input::fPost('topic', ''));
// See if user has access to view topic
if ($topic != '') {
$test_topic = DB_getItem($_TABLES['topics'], 'tid', "tid = '{$topic}' " . COM_getPermSQL('AND'));
if (strtolower($topic) !== strtolower($test_topic)) {
$topic = '';
} else {
// Make it equal to the db version since case maybe different
$topic = $test_topic;
}
}
// Set theme
$useTheme = '';
if (isset($_POST['usetheme'])) {
$useTheme = COM_sanitizeFilename($_POST['usetheme'], true);
}
