*/ if (!defined('IS_VALID_PHPMYFAQ')) { $protocol = 'http'; if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') { $protocol = 'https'; } header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } if ($user->perm->checkRight($user->getUserId(), 'editconfig')) { // actions defined by url: user_action= $userAction = PMF_Filter::filterInput(INPUT_GET, 'config_action', FILTER_SANITIZE_STRING, 'listConfig'); // Save the configuration if ('saveConfig' === $userAction) { $checks = array('filter' => FILTER_SANITIZE_STRING, 'flags' => FILTER_REQUIRE_ARRAY); $editData = PMF_Filter::filterInputArray(INPUT_POST, array('edit' => $checks)); $userAction = 'listConfig'; $oldConfigValues = $faqConfig->config; /* XXX the cache concept is designed to be able to activate only one cache engine per time so if there are more cache services implemented, respect it here*/ if (isset($editData['edit']['cache.varnishEnable']) && 'true' == $editData['edit']['cache.varnishEnable']) { if (!extension_loaded('varnish')) { throw new Exception('Varnish extension is not loaded'); } } // Set the new values $forbiddenValues = array('{', '}', '$'); $newConfigValues = []; foreach ($editData['edit'] as $key => $value) { $newConfigValues[$key] = str_replace($forbiddenValues, '', $value); $keyArray = array_values(explode('.', $key));
if (!defined('IS_VALID_PHPMYFAQ')) { $protocol = 'http'; if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') { $protocol = 'https'; } header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $response = new JsonResponse(); $do = PMF_Filter::filterInput(INPUT_GET, 'do', FILTER_SANITIZE_STRING); if ('insertentry' === $do && ($user->perm->checkRight($user->getUserId(), 'editbt') || $user->perm->checkRight($user->getUserId(), 'addbt')) || 'saveentry' === $do && $user->perm->checkRight($user->getUserId(), 'editbt')) { $user = PMF_User_CurrentUser::getFromSession($faqConfig); $dateStart = PMF_Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING); $dateEnd = PMF_Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING); $question = PMF_Filter::filterInput(INPUT_POST, 'question', FILTER_SANITIZE_STRING); $categories = PMF_Filter::filterInputArray(INPUT_POST, array('rubrik' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY))); $record_lang = PMF_Filter::filterInput(INPUT_POST, 'lang', FILTER_SANITIZE_STRING); $tags = PMF_Filter::filterInput(INPUT_POST, 'tags', FILTER_SANITIZE_STRING); $active = PMF_Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING); $sticky = PMF_Filter::filterInput(INPUT_POST, 'sticky', FILTER_SANITIZE_STRING); $content = PMF_Filter::filterInput(INPUT_POST, 'answer', FILTER_SANITIZE_SPECIAL_CHARS); $keywords = PMF_Filter::filterInput(INPUT_POST, 'keywords', FILTER_SANITIZE_STRING); $author = PMF_Filter::filterInput(INPUT_POST, 'author', FILTER_SANITIZE_STRING); $email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $comment = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING); $record_id = PMF_Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT); $solution_id = PMF_Filter::filterInput(INPUT_POST, 'solution_id', FILTER_VALIDATE_INT); $revision_id = PMF_Filter::filterInput(INPUT_POST, 'revision_id', FILTER_VALIDATE_INT); $changed = PMF_Filter::filterInput(INPUT_POST, 'changed', FILTER_SANITIZE_STRING); $user_permission = PMF_Filter::filterInput(INPUT_POST, 'userpermission', FILTER_SANITIZE_STRING); $restricted_users = 'all' == $user_permission ? -1 : PMF_Filter::filterInput(INPUT_POST, 'restricted_users', FILTER_VALIDATE_INT);
$mail->message = $question; $result = $mail->send(); unset($mail); $message = array('success' => $PMF_LANG['msgMailContact']); } else { $message = array('error' => $PMF_LANG['err_sendMail']); } break; // Send mails to friends // Send mails to friends case 'sendtofriends': $name = PMF_Filter::filterInput(INPUT_POST, 'name', FILTER_SANITIZE_STRING); $email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $link = PMF_Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL); $attached = PMF_Filter::filterInput(INPUT_POST, 'message', FILTER_SANITIZE_STRIPPED); $mailto = PMF_Filter::filterInputArray(INPUT_POST, array('mailto' => array('filter' => FILTER_VALIDATE_EMAIL, 'flags' => FILTER_REQUIRE_ARRAY | FILTER_NULL_ON_FAILURE))); if (!is_null($name) && !empty($name) && !is_null($email) && !empty($email) && is_array($mailto) && !empty($mailto['mailto'][0]) && checkBannedWord(PMF_String::htmlspecialchars($attached))) { foreach ($mailto['mailto'] as $recipient) { $recipient = trim(strip_tags($recipient)); if (!empty($recipient)) { $mail = new PMF_Mail(); $mail->setReplyTo($email, $name); $mail->addTo($recipient); $mail->subject = $PMF_LANG["msgS2FMailSubject"] . $name; $mail->message = sprintf("%s\r\n\r\n%s\r\n%s\r\n\r\n%s", $faqconfig->get('main.send2friendText'), $PMF_LANG['msgS2FText2'], $link, $attached); // Send the email $result = $mail->send(); unset($mail); usleep(250); } }
$comment = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING); $recordId = PMF_Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT); $solutionId = PMF_Filter::filterInput(INPUT_POST, 'solution_id', FILTER_VALIDATE_INT); $revisionId = PMF_Filter::filterInput(INPUT_POST, 'revision_id', FILTER_VALIDATE_INT); $changed = PMF_Filter::filterInput(INPUT_POST, 'changed', FILTER_SANITIZE_STRING); // Permissions $permissions = array(); if ('all' === PMF_Filter::filterInput(INPUT_POST, 'userpermission', FILTER_SANITIZE_STRING)) { $permissions += array('restricted_user' => array(-1)); } else { $permissions += array('restricted_user' => array(PMF_Filter::filterInput(INPUT_POST, 'restricted_users', FILTER_VALIDATE_INT))); } if ('all' === PMF_Filter::filterInput(INPUT_POST, 'grouppermission', FILTER_SANITIZE_STRING)) { $permissions += array('restricted_groups' => array(-1)); } else { $permissions += PMF_Filter::filterInputArray(INPUT_POST, array('restricted_groups' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY))); } if (!isset($categories['rubrik'])) { $categories['rubrik'] = array(); } if (!is_null($question) && !is_null($categories['rubrik'])) { // new entry $logging = new PMF_Logging($faqConfig); $logging->logAdmin($user, 'Beitragcreatesave'); printf("<h2>%s</h2>\n", $PMF_LANG['ad_entry_aor']); $category = new PMF_Category($faqConfig, array(), false); $category->setUser($currentAdminUser); $category->setGroups($currentAdminGroups); $tagging = new PMF_Tags($faqConfig); $recordData = array('lang' => $recordLang, 'active' => $active, 'sticky' => !is_null($sticky) ? 1 : 0, 'thema' => html_entity_decode($question), 'content' => html_entity_decode($content), 'keywords' => $keywords, 'author' => $author, 'email' => $email, 'comment' => !is_null($comment) ? 'y' : 'n', 'date' => date('YmdHis'), 'dateStart' => empty($dateStart) ? '00000000000000' : str_replace('-', '', $dateStart) . '000000', 'dateEnd' => empty($dateEnd) ? '99991231235959' : str_replace('-', '', $dateEnd) . '235959', 'linkState' => '', 'linkDateCheck' => 0); // Add new record and get that ID
* @copyright 2009-2011 phpMyFAQ Team * @license http://www.mozilla.org/MPL/MPL-1.1.html Mozilla Public License Version 1.1 * @link http://www.phpmyfaq.de * @since 2009-03-20 */ if (!defined('IS_VALID_PHPMYFAQ')) { header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $ajax_action = PMF_Filter::filterInput(INPUT_POST, 'ajaxaction', FILTER_SANITIZE_STRING); if ('delete' == $ajax_action && $permission['delcomment']) { $comment = new PMF_Comment(); $checkFaqs = array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY); $checkNews = array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY); $ret = false; $faqComments = PMF_Filter::filterInputArray(INPUT_POST, array('faq_comments' => $checkFaqs)); $newsComments = PMF_Filter::filterInputArray(INPUT_POST, array('news_comments' => $checkNews)); if (!is_null($faqComments['faq_comments'])) { foreach ($faqComments['faq_comments'] as $commentId => $recordId) { $ret = $comment->deleteComment($recordId, $commentId); } } if (!is_null($newsComments['news_comments'])) { foreach ($newsComments['news_comments'] as $commentId => $recordId) { $ret = $comment->deleteComment($recordId, $commentId); } } print $ret; } else { print 0; }
// delete FAQs // delete FAQs case 'delete_record': if ($permission['delbt']) { $recordId = PMF_Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT); $recordLang = PMF_Filter::filterInput(INPUT_POST, 'record_lang', FILTER_SANITIZE_STRING); $logging = new PMF_Logging($faqConfig); $logging->logAdmin($user, 'Deleted FAQ ID ' . $recordId); $faq->deleteRecord($recordId, $recordLang); echo $PMF_LANG['ad_entry_delsuc']; } else { echo $PMF_LANG['err_NotAuth']; } break; // delete open questions // delete open questions case 'delete_question': if ($permission['delquestion']) { $checks = array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY); $questionIds = PMF_Filter::filterInputArray(INPUT_POST, array('questions' => $checks)); if (!is_null($questionIds['questions'])) { foreach ($questionIds['questions'] as $questionId) { $faq->deleteQuestion((int) $questionId); } } echo $PMF_LANG['ad_entry_delsuc']; } else { echo $PMF_LANG['err_NotAuth']; } break; }
* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0 * @link http://www.phpmyfaq.de * @since 2012-12-26 */ use Symfony\Component\HttpFoundation\JsonResponse; if (!defined('IS_VALID_PHPMYFAQ')) { $protocol = 'http'; if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') { $protocol = 'https'; } header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $response = new JsonResponse(); $ajaxAction = PMF_Filter::filterInput(INPUT_GET, 'ajaxaction', FILTER_SANITIZE_STRING); switch ($ajaxAction) { case 'getpermissions': $category = new PMF_Category($faqConfig, [], false); $category->setUser($currentAdminUser); $category->setGroups($currentAdminGroups); $ajaxData = PMF_Filter::filterInputArray(INPUT_POST, array('categories' => array('filter' => FILTER_SANITIZE_STRING, 'flags' => FILTER_REQUIRE_SCALAR))); if (empty($ajaxData['categories'])) { $categories = array(-1); // Access for all users and groups } else { $categories = explode(',', (int) $ajaxData['categories']); } $response->setData(array('user' => $category->getPermissions('user', $categories), 'group' => $category->getPermissions('group', $categories)), JSON_NUMERIC_CHECK); break; } $response->send();