redirect_header($picturesObj->getItemLink(true), 3, _NOPERM); } if (isset($_POST['confirm'])) { if (!icms::$security->check()) { redirect_header(icms_getPreviousPage('index.php'), 3, _MD_PROFILE_SECURITY_CHECK_FAILED . implode('<br />', icms::$security->getErrors())); } } $controller = new icms_ipf_Controller($profile_pictures_handler); $controller->handleObjectDeletionFromUserSide(); $icmsTpl->assign('profile_category_path', $picturesObj->getVar('title') . ' > ' . _DELETE); break; default: $clean_start = isset($_GET['start']) ? (int) $_GET['start'] : 0; if ($real_uid && $real_uid == $uid) { $picturesObj = $profile_pictures_handler->get($clean_pictures_id); editpictures($picturesObj, true); } if ($clean_uid > 0 || $real_uid > 0) { $uid = $clean_uid > 0 ? $clean_uid : $real_uid; $picturesArray = $profile_pictures_handler->getPictures($clean_start, icms::$module->config['picturesperpage'], $uid); if (count($picturesArray) == 0) { $icmsTpl->assign('lang_nocontent', _MD_PROFILE_PICTURES_NOCONTENT); } else { $total_pictures_count = $profile_pictures_handler->getCount(new icms_db_criteria_Compo(new icms_db_criteria_Item('uid_owner', $uid))); $pagenav = new icms_view_PageNav($total_pictures_count, icms::$module->config['picturesperpage'], $clean_start, 'start', 'uid=' . $uid); icms_makeSmarty(array('profile_pictures_pagenav' => $pagenav->renderNav(), 'profile_pictures' => $picturesArray, 'rowitems' => icms::$module->config['rowitems'], 'itemwidth' => round(100 / icms::$module->config['rowitems'], 0))); unset($total_pictures_count, $pagenav); } } else { redirect_header(PROFILE_URL); }
/** Create a whitelist of valid values, be sure to use appropriate types for each value * Be sure to include a value for no parameter, if you have a default condition */ $valid_op = array('mod', 'changedField', 'addpictures', 'del', ''); /** * in_array() is a native PHP function that will determine if the value of the * first argument is found in the array listed in the second argument. Strings * are case sensitive and the 3rd argument determines whether type matching is * required */ if (in_array($clean_op, $valid_op, true)) { switch ($clean_op) { case "mod": case "changedField": icms_cp_header(); editpictures($clean_pictures_id); break; case "addpictures": $controller = new icms_ipf_Controller($profile_pictures_handler); $controller->storeFromDefaultForm(_AM_PROFILE_PICTURES_CREATED, _AM_PROFILE_PICTURES_MODIFIED); break; case "del": $controller = new icms_ipf_Controller($profile_pictures_handler); $controller->handleObjectDeletion(); break; default: icms_cp_header(); icms::$module->displayAdminMenu(6, _AM_PROFILE_PICTURES); $objectTable = new icms_ipf_view_Table($profile_pictures_handler); $objectTable->addColumn(new icms_ipf_view_Column('pictures_id')); $objectTable->addColumn(new icms_ipf_view_Column('uid_owner', false, false, 'getPictureSender'));