//Send the headers to control the download
header('Content-Type: text/comma-separated-values');
header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Content-Disposition: inline; filename="blacklist.txt"');
echo $exportfile;
exit;
case 'import':
wp_refcheck("/wp-admin/wpblacklist.php");
$title = 'Manage WPBlacklist - Import';
break;
case 'add':
wp_refcheck("/wp-admin/wpblacklist.php");
$title = 'Manage WPBlacklist - Add';
break;
case 'delete':
wp_refcheck("/wp-admin/wpblacklist.php");
case 'search':
$title = 'Manage WPBlacklist - Delete';
break;
default:
$title = 'Manage WPBlacklist';
break;
}
// load options from DB
$sql = "SELECT * FROM {$tableblacklist} WHERE regex_type = 'option'";
$results = $wpdb->get_results($sql);
if ($results) {
foreach ($results as $result) {
$options[] = $result->regex;
}
}
}
init_param(array('POST', 'GET'), 'action', 'string', '');
init_param(array('POST', 'GET'), 'option_group_id', 'integer', '');
require_once "optionhandler.php";
$non_was_selected = 0;
if ($option_group_id == '') {
$option_group_id = 1;
$non_was_selected = 1;
} else {
$option_group_id = intval($option_group_id);
}
$message = "";
switch (get_param('action')) {
case "update":
$standalone = 0;
wp_refcheck("/wp-admin");
$any_changed = 0;
// iterate through the list of options in this group
// pull the vars from the post
// validate ranges etc.
// update the values
$options = $wpdb->get_results("SELECT " . wp_table('options') . ".option_id, option_name, option_type, option_value, option_admin_level " . "FROM " . wp_table('options') . " " . "LEFT JOIN " . wp_table('optiongroup_options') . " ON " . wp_table('options') . ".option_id = " . wp_table('optiongroup_options') . ".option_id " . "WHERE group_id = {$option_group_id} " . "ORDER BY seq");
if ($options) {
foreach ($options as $option) {
// should we even bother checking?
if ($user_level >= $option->option_admin_level) {
$this_name = $option->option_name;
$old_val = stripslashes($option->option_value);
$new_val = $_POST[$this_name];
if ($new_val != $old_val) {
// get type and validate
<?php
require_once 'admin.php';
$title = 'Moderate comments';
$this_file = 'moderation.php';
$parent_file = 'edit.php';
param('action', 'string', '');
switch ($action) {
case 'update':
wp_refcheck("/wp-admin/moderation.php");
if ($user_level < 3) {
redirect_header($siteurl . '/wp-admin/', 5, _LANG_P_CHEATING_ERROR);
exit;
}
param('comment', 'array', array());
$item_ignored = 0;
$item_deleted = 0;
$item_approved = 0;
foreach ($comment as $key => $value) {
switch ($value) {
case 'later':
// do nothing with that comment
// wp_set_comment_status($key, "hold");
++$item_ignored;
break;
case 'delete':
wp_set_comment_status($key, 'delete');
++$item_deleted;
break;
case 'approve':
wp_set_comment_status($key, 'approve');
case 'edit':
$standalone = 0;
require_once 'admin-header.php';
param('cat_ID', 'integer', true);
$myts =& MyTextSanitizer::getInstance();
$category = $wpdb->get_row("SELECT * FROM {$wpdb->categories[$wp_id]} WHERE cat_ID = '{$cat_ID}'");
$form_id = "editcat";
$form_title = _LANG_C_EDIT_TITLECAT;
$cat_ID = $category->cat_ID;
$cat_name = $myts->makeTboxData4Edit($category->cat_name);
$category_parent = $category->category_parent;
$category_description = $myts->makeTareaData4Edit($category->category_description);
include 'include/categories-form.php';
break;
case 'editedcat':
wp_refcheck("/wp-admin/categories.php");
if ($user_level < 3) {
redirect_header($siteurl . '/wp-admin/', 5, _LANG_P_CHEATING_ERROR);
exit;
}
param('cat_ID', 'integer', true);
param('cat_name', 'string', true);
param('category_description', 'string');
param('cat', 'integer');
$cat_name = $wpdb->escape($cat_name);
$category_nicename = sanitize_title($cat_name);
if ($category_nicename == "") {
$category_nicename = "category-" . $cat_ID;
}
$category_description = $wpdb->escape($category_description);
$query = "UPDATE {$wpdb->categories[$wp_id]} SET cat_name = '{$cat_name}', category_nicename = '{$category_nicename}', category_description = '{$category_description}', category_parent = '{$cat}' WHERE cat_ID = '{$cat_ID}'";
<?php
require_once 'admin.php';
$title = "Profile";
$this_file = 'profile.php';
$parent_file = 'profile.php';
param('action', 'string', '');
switch ($action) {
case 'update':
wp_refcheck("/wp-admin/profile.php");
param('newuser_firstname', 'string');
param('newuser_lastname', 'string');
param('newuser_nickname', 'string', true);
param('newuser_icq', 'string');
param('newuser_aim', 'string');
param('newuser_msn', 'string');
param('newuser_yim', 'string');
param('newuser_email', 'string', true);
param('newuser_url', 'string');
param('newuser_idmode', 'string');
param('user_description', 'string');
/* if the ICQ UIN has been entered, check to see if it has only numbers */
if ($newuser_icq) {
if (ereg("^[0-9]+\$", $newuser_icq) == false) {
redirect_header($siteurl . '/wp-admin/profile.php', 5, _LANG_WLC_RIGHT_PROM);
exit;
}
}
/* checking e-mail address */
if (!is_email($newuser_email)) {
redirect_header($siteurl . '/wp-admin/profile.php', 5, _LANG_WPF_ERR_CORRECT);
$link_rating = param('rating', 'integer', 0);
$link_rel = $wpdb->escape(param('rel', 'string', ''));
$link_notes = $wpdb->escape(param('notes', 'html', ''));
$link_rss_uri = $wpdb->escape(param('rss_uri', 'string', ''));
$auto_toggle = get_autotoggle($link_category);
// if we are in an auto toggle category and this one is visible then we
// need to make the others invisible before we update this one.
if ($auto_toggle == 'Y' && $link_visible == 'Y') {
$wpdb->query("UPDATE {$wpdb->links[$wp_id]} set link_visible = 'N' WHERE link_category = {$link_category}");
}
$wpdb->query("UPDATE {$wpdb->links[$wp_id]} \n\t\t\tSET link_url='{$link_url}',\n\t\t\t\tlink_name='{$link_name}',\n\t\t\t\tlink_image='{$link_image}',\n\t\t\t\tlink_target='{$link_target}',\n\t\t\t\tlink_category={$link_category},\n\t\t\t\tlink_visible='{$link_visible}',\n\t\t\t\tlink_description='{$link_description}',\n\t\t\t\tlink_rating={$link_rating},\n\t\t\t\tlink_rel='{$link_rel}',\n\t\t\t\tlink_notes='{$link_notes}',\n\t\t\t\tlink_rss = '{$link_rss_uri}'\n\t\t\tWHERE link_id={$link_id}");
}
header('Location: ' . $this_file);
break;
case 'Delete':
wp_refcheck("/wp-admin/link-manager.php");
if ($user_level < get_settings('links_minadminlevel')) {
redirect_header($siteurl . '/wp-admin/', 5, _LANG_P_CHEATING_ERROR);
exit;
}
param('link_id', 'integer', true);
$wpdb->query("DELETE FROM {$wpdb->links[$wp_id]} WHERE link_id = {$link_id}");
header('Location: ' . $this_file);
break;
case 'linkedit':
$standalone = 0;
$xfn = true;
include_once 'admin-header.php';
if ($user_level < get_settings('links_minadminlevel')) {
redirect_header($siteurl . '/wp-admin/', 5, _LANG_WLC_RIGHT_PROM);
exit;
<tr><td>URL:</td><td><?php
echo $commentdata['comment_author_url'];
?>
</td></tr>
<tr><td>Comment:</td><td><?php
echo apply_filters('comment_text', $commentdata['comment_content']);
?>
</td></tr>
</table>
</div>
<?php
include 'admin-footer.php';
break;
case 'approvecomment':
$standalone = 1;
wp_refcheck('/wp-admin');
if ($user_level <= 0) {
redirect_header(wp_siteurl() . '/wp-admin/', 5, _LANG_P_CHEATING_ERROR);
exit;
}
init_param(array('GET', 'POST'), 'comment', 'integer', NO_DEFAULT_PARAM, true);
init_param(array('GET', 'POST'), 'p', 'integer', NO_DEFAULT_PARAM, true);
init_param(array('GET', 'POST'), 'noredir', 'string', '');
if (!empty($noredir)) {
$noredir = true;
} else {
$noredir = false;
}
if ($_SERVER['HTTP_REFERER'] != '' && false == $noredir) {
$location = $_SERVER['HTTP_REFERER'];
} else {
redirect_header($siteurl . '/wp-admin/user.php', 5, 'Can’t change the level of a user whose level is higher than yours.');
exit;
}
if ('up' == $prom) {
$new_level = $usertopromote_level + 1;
$sql = "UPDATE {$wpdb->users[$wp_id]} SET user_level={$new_level} WHERE ID = {$id}";
} elseif ('down' == $prom) {
$new_level = $usertopromote_level - 1;
$sql = "UPDATE {$wpdb->users[$wp_id]} SET user_level={$new_level} WHERE ID = {$id}";
}
$result = $wpdb->query($sql);
header('Location: users.php');
break;
case 'delete':
$standalone = 1;
wp_refcheck("/wp-admin/users.php");
param('id', 'integer', true);
$user_data = get_userdata($id);
$usertodelete_level = $user_data->user_level;
if (0 != $usertodelete_level) {
redirect_header($siteurl . '/wp-admin/user.php', 5, 'Can’t delete a user whose level is higher than yours.');
exit;
}
$post_ids = $wpdb->get_col("SELECT ID FROM {$wpdb->posts[$wp_id]} WHERE post_author = {$id}");
if ($post_ids) {
$post_ids = implode(',', $post_ids);
// Delete comments, *backs
$wpdb->query("DELETE FROM {$wpdb->comments[$wp_id]} WHERE comment_post_ID IN ({$post_ids})");
// Clean cats
$wpdb->query("DELETE FROM {$wpdb->post2cat[$wp_id]} WHERE post_id IN ({$post_ids})");
// Clean links
wp_refcheck("/wp-admin/plugins.php");
$current = "\n" . get_settings('active_plugins') . "\n";
$current = preg_replace("|(\n)+\\s*|", "\n", $current);
$current = trim($current) . "\n " . trim($plugin);
$current = trim($current);
$current = preg_replace("|\n\\s*|", "\n", $current);
// I don't know where this is coming from
update_option('active_plugins', $current);
header('Location: plugins.php?activate=true');
break;
case 'deactivate':
param('plugin', 'string', true);
if (!$xoopsWPTicket->check(false)) {
redirect_header($siteurl . '/wp-admin/plugins.php', 3, $xoopsWPTicket->getErrors());
}
wp_refcheck("/wp-admin/plugins.php");
$current = "\n" . get_settings('active_plugins') . "\n";
$current = str_replace("\n" . $plugin, '', $current);
$current = preg_replace("|(\n)+\\s*|", "\n", $current);
update_option('active_plugins', trim($current));
header('Location: plugins.php?deactivate=true');
break;
default:
$standalone = 0;
require_once 'admin-header.php';
param('activate', 'string', '');
param('deactivate', 'string', '');
// Clean up options
// if any files are in the option that don't exist, axe 'em
if (!get_settings('active_plugins')) {
add_option('active_plugins', '');
