}
}
// Make sure people are allowed to access this page
if (MANAGE_SECTIONS != 'enabled') {
header('Location: ' . CAT_ADMIN_URL);
exit(0);
}
$backend = CAT_Backend::getInstance('Pages', 'pages_modify');
$addons = CAT_Helper_Addons::getInstance();
$val = CAT_Helper_Validate::getInstance();
$page_id = $val->get('_REQUEST', 'page_id', 'numeric');
if (!$page_id) {
header("Location: index.php");
exit(0);
}
if (!CAT_Helper_Page::getPagePermission($page_id, 'admin')) {
$backend->print_error('You do not have permissions to modify this page');
}
$page_details = CAT_Helper_Page::properties($page_id);
if (!count($page_details)) {
$backend->print_error('Page not found');
}
// ==========================
// ! Set module permissions
// ==========================
$module_permissions = $_SESSION['MODULE_PERMISSIONS'];
// =========================
// ! Get delete_section_id
// =========================
$delete_section_id = $val->sanitizeGet('delete_section_id', 'numeric');
$update_section_id = $val->sanitizeGet('update_section_id', 'numeric');
$val = CAT_Helper_Validate::getInstance();
$user = CAT_Users::getInstance();
$backend = CAT_Backend::getInstance('Pages', 'pages_modify');
// ===============
// ! Get page id
// ===============
$page_id = $val->get('_REQUEST', 'page_id', 'numeric');
$section_id = $val->get('_REQUEST', 'section_id', 'numeric');
if (!$page_id) {
header("Location: index.php");
exit(0);
}
// =============
// ! Get perms
// =============
if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) {
$backend->print_error('You do not have permissions to modify this page!');
}
// =================
// ! Get new content
// =================
$content = $val->sanitizePost('content' . $section_id);
// for non-admins only
if (!CAT_Users::getInstance()->ami_group_member(1)) {
// if HTMLPurifier is enabled...
$r = $backend->db()->get_one('SELECT * FROM `' . CAT_TABLE_PREFIX . 'mod_wysiwyg_admin_v2` WHERE set_name="enable_htmlpurifier" AND set_value="1"');
if ($r) {
// use HTMLPurifier to clean up the output
$content = CAT_Helper_Protect::getInstance()->purify($content, array('Core.CollectErrors' => true));
}
} else {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
header('Content-type: application/json');
include 'functions.php';
// check perms and page dir
backend_pages_prechecks('pages_add');
// get form data
$options = backend_pages_getoptions();
// =============================================================
// ! Check if user has permission to add a page at this position
// =============================================================
if ($options['parent'] != 0) {
if (!CAT_Helper_Page::getPagePermission($options['parent'], 'admin')) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission add a page here.'), 'success' => false);
print json_encode($ajax);
exit;
}
} elseif (!$users->checkPermission('pages', 'pages_add_l0', false) == true) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission add a page here.'), 'success' => false);
print json_encode($ajax);
exit;
}
// ===================
// ! Check group perms
// ===================
if (!in_array(1, $users->get_groups_id())) {
$admin_perm_ok = false;
foreach ($options['admin_groups'] as $adm_group) {