function ajaxTags($id, $type) { echo json_encode(UpdateTags($id, $type, $_SERVER['REQUEST_METHOD'] == 'POST' ? $_POST : null, 1)); }
$delete = -1; } } if (isset($edit)) { if (isset($delete_att)) { DeleteAttachments($delete_att, $dbh); } /* if (isset($publish_att)) { PublishAttachments($m,$publish_att,$dbh); } else { PublishAttachments($m,"",$dbh); } */ ChangeMessageText($dbh, $m, $t); UpdateTags($dbh, $m, $tags); $date = $d; } ?> <html> <head> <title><?php echo $global_channel_name; ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript" src="./../includes/general.js" language="javascript" type="text/javascript"></script> <link rel="stylesheet" href="./themes/base/jquery.ui.all.css"> <script src="jquery-1.4.4.js"></script> <script src="./ui/jquery.ui.core.js"></script>
if (isset($_POST['x']) && count($_POST['x']) > 0) { try { $q = admit('+') ? '' : ' AND cat IN (SELECT CatID FROM ' . PRE . 'acl WHERE type="CAT" AND UID=' . UID . ')'; $ids = array(); $db->beginTransaction(); foreach ($_POST['x'] as $x => $n) { $ids[] = (int) $x; } $ids = join(',', $ids); if (isset($_POST['del'])) { $db->exec('DELETE FROM ' . PRE . $table . ' WHERE ID IN (' . $ids . ')' . $q); if ($table2) { $db->exec('DELETE FROM ' . PRE . $table2 . ' WHERE ID IN (' . $ids . ')' . $q); } foreach ($_POST['x'] as $x => $n) { UpdateTags((int) $x, $act, array()); } #Delete old comments $db->exec('DELETE FROM ' . PRE . 'comms WHERE TYPE=' . $act . ' AND CID NOT IN ( SELECT ID FROM ' . PRE . $table . ')'); } else { $ch = array(); if ($_POST['cat'] != 'N') { $ch[] = 'cat=' . (int) $_POST['cat']; } if ($_POST['pub'] != 'N') { $ch[] = 'access=' . (int) $_POST['pub']; } if ($ch = join(',', $ch)) { $db->exec('UPDATE ' . PRE . $table . ' SET ' . $ch . ' WHERE ID IN (' . $ids . ')' . $q); }
function OnUpdate() { if (!isset($_POST["hash"])) { return False; } if (isset($_REQUEST["user"]) && isset($_POST["favorite"])) { UpdateFavorite($_POST["hash"], $_REQUEST["user"], $_POST["favorite"] === "true"); } // This part is under permissions constraints. //================================================== if (isset($_POST["vendor"])) { if (!CanModifyFile($_POST["hash"])) { return False; } UpdateVendor($_POST["hash"], $_POST["vendor"]); } if (isset($_POST["comment"])) { if (!CanModifyFile($_POST["hash"])) { return False; } UpdateComment($_POST["hash"], $_POST["comment"]); } if (isset($_POST["tags"])) { if (!CanModifyFile($_POST["hash"])) { return False; } UpdateTags($_POST["hash"], $_POST["tags"]); } return True; }