} } /** * * Apply album to page * */ if ($_SERVER['REQUEST_METHOD'] == 'POST' && $do_action == 'apply-album') { FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id); try { if (!empty($album_name)) { FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id . '&album=' . $album_name); // Only if current user has the rights if ($perm->is_level_okay('manageModLightbox', $_SESSION['ccms_userLevel'])) { // Posted variables $topage = getPOSTparam4Filename('albumtopage'); $description = getPOSTparam4DisplayHTML('description'); $infofile = BASE_PATH . '/media/albums/' . $album_name . '/info.txt'; if ($handle = fopen($infofile, 'w+')) { if (fwrite($handle, $topage . "\r\n" . $description)) { header('Location: ' . makeAbsoluteURI('lightbox.Manage.php?page_id=' . $page_id . '&album=' . $album_name . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved']))); exit; } else { throw new FbX($ccms['lang']['system']['error_write']); } } else { throw new FbX($ccms['lang']['system']['error_write']); } } else { throw new FbX($ccms['lang']['auth']['featnotallowed']); }
header('Content-type: text/html; charset=UTF-8'); // Define default location if (!defined('BASE_PATH')) { $base = str_replace('\\', '/', dirname(dirname(dirname(dirname(__FILE__))))); define('BASE_PATH', $base); } // Include general configuration /*MARKER*/ require_once BASE_PATH . '/lib/sitemap.php'; class FbX extends CcmsAjaxFbException { } // nasty way to do 'shorthand in PHP -- I do miss my #define macros! :'-| // Security functions // Set default variables $page_id = getPOSTparam4Filename('page_id'); $cfgID = getPOSTparam4Number('cfgID'); $do_action = getGETparam4IdOrNumber('action'); /** * * Show comments * */ if ($_SERVER['REQUEST_METHOD'] == 'GET' && $do_action == 'show-comments' && !empty($_SESSION['ccms_captcha'])) { // Pagination variables $page_id = getGETparam4IdOrNumber('page_id'); $rs = $db->SelectSingleRow($cfg['db_prefix'] . 'cfgcomment', array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)), array('showMessage', 'showLocale')); if (!$rs) { $db->Kill(); } $rsCfg = $rs->showMessage;
*/ if ($do_action == 'liverename' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) { $page_idcode = explode('-', getPOSTparam4IdOrNumber('id'), 2); $page_id = filterParam4Number(count($page_idcode) == 2 ? $page_idcode[1] : 0); if ($page_id > 0) { $row = $db->SelectSingleRow($cfg['db_prefix'] . 'pages', array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER))); if (!$row) { $db->Kill(); } $owner = explode('||', strval($row->user_ids)); $oldname = $row->urlpage; if (checkSpecialPageName($row->urlpage, SPG_IS_NONREMOVABLE) || in_array($row->urlpage, $cfg['restrict']) && !in_array($_SESSION['ccms_userID'], $owner) && !$perm->is_level_okay('managePages', $_SESSION['ccms_userLevel']) || !$perm->is_level_okay('managePages', $_SESSION['ccms_userLevel'])) { die($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')'); // feature not allowed, really... } else { $newname = getPOSTparam4Filename('newname'); if (empty($newname) || strlen($newname) < 3 || strlen($newname) > 240) { die($ccms['lang']['system']['error_value']); } $old_filepath = BASE_PATH . '/content/' . $oldname . '.php'; $new_filepath = BASE_PATH . '/content/' . $newname . '.php'; if ($old_filepath == $new_filepath) { // no actual rename happening... die($ccms['lang']['backend']['success']); } else { if (!file_exists($old_filepath)) { die($ccms['lang']['system']['error_deleted']); } else { if (file_exists($new_filepath)) { die($ccms['lang']['system']['error_rename_target_exists']); } else {