$proper = is_csrf_proper(from($_REQUEST, 'csrf_token')); $title = from($_REQUEST, 'title'); $quote = from($_REQUEST, 'quote'); $tag = from($_REQUEST, 'tag'); $url = from($_REQUEST, 'url'); $content = from($_REQUEST, 'content'); $description = from($_REQUEST, 'description'); $user = $_SESSION[config("site.url")]['user']; $draft = from($_REQUEST, 'draft'); $category = from($_REQUEST, 'category'); if ($proper && !empty($title) && !empty($tag) && !empty($content) && !empty($quote)) { if (!empty($url)) { add_quote($title, $tag, $url, $content, $user, $description, $quote, $draft, $category); } else { $url = $title; add_quote($title, $tag, $url, $content, $user, $description, $quote, $draft, $category); } } else { $message['error'] = ''; if (empty($title)) { $message['error'] .= '<li>Title field is required.</li>'; } if (empty($tag)) { $message['error'] .= '<li>Tag field is required.</li>'; } if (empty($content)) { $message['error'] .= '<li>Content field is required.</li>'; } if (empty($quote)) { $message['error'] .= '<li>Quote field is required.</li>'; }
$page[1] = isset($page[1]) ? $page[1] : null; $page[2] = isset($page[2]) ? $page[2] : null; if (preg_match('/=/', $page[0])) { $tmppage = split("=", $page[0], 2); $page[0] = trim($tmppage[0]); $pageparam = trim($tmppage[1]); } else { $pageparam = null; } $limit = get_number_limit($pageparam, 1, $CONFIG['quote_list_limit']); switch ($page[0]) { case 'add': if (isset($CONFIG['login_required']) && $CONFIG['login_required'] == 1 && !isset($_SESSION['logged_in'])) { break; } add_quote($page[1]); break; case 'edit_news': if (isset($_SESSION['logged_in']) && $_SESSION['level'] <= USER_ADMIN) { edit_news($page[1], $page[2]); } break; case 'add_news': if (isset($_SESSION['logged_in']) && $_SESSION['level'] <= USER_ADMIN) { add_news($page[1]); } break; case 'add_user': if (isset($_SESSION['logged_in']) && $_SESSION['level'] <= USER_SUPERUSER) { add_user($page[1]); }