Esempio n. 1
0
 * @license MIT; https://www.oscommerce.com/license/mit.txt
 */
use OSC\OM\DateTime;
use OSC\OM\HTML;
use OSC\OM\OSCOM;
require 'includes/application_top.php';
if (!isset($_GET['page']) || !is_numeric($_GET['page'])) {
    $_GET['page'] = 1;
}
$action = isset($_GET['action']) ? $_GET['action'] : '';
if (tep_not_null($action)) {
    switch ($action) {
        case 'setflag':
            if ($_GET['flag'] == '0' || $_GET['flag'] == '1') {
                if (isset($_GET['rID'])) {
                    tep_set_review_status($_GET['rID'], $_GET['flag']);
                }
            }
            OSCOM::redirect(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $_GET['rID']);
            break;
        case 'update':
            $reviews_id = HTML::sanitize($_GET['rID']);
            $reviews_rating = HTML::sanitize($_POST['reviews_rating']);
            $reviews_text = HTML::sanitize($_POST['reviews_text']);
            $reviews_status = HTML::sanitize($_POST['reviews_status']);
            $OSCOM_Db->save('reviews', ['reviews_rating' => $reviews_rating, 'reviews_status' => $reviews_status, 'last_modified' => 'now()'], ['reviews_id' => (int) $reviews_id]);
            $OSCOM_Db->save('reviews_description', ['reviews_text' => $reviews_text], ['reviews_id' => (int) $reviews_id]);
            OSCOM::redirect(FILENAME_REVIEWS, 'page=' . $_GET['page'] . '&rID=' . $reviews_id);
            break;
        case 'deleteconfirm':
            $reviews_id = HTML::sanitize($_GET['rID']);
Esempio n. 2
0
  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2010 osCommerce

  Released under the GNU General Public License
*/
require 'includes/application_top.php';
$action = isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '';
if (tep_not_null($action)) {
    switch ($action) {
        case 'setflag':
            if ($HTTP_GET_VARS['flag'] == '0' || $HTTP_GET_VARS['flag'] == '1') {
                if (isset($HTTP_GET_VARS['rID'])) {
                    tep_set_review_status($HTTP_GET_VARS['rID'], $HTTP_GET_VARS['flag']);
                }
            }
            tep_redirect(tep_href_link(FILENAME_REVIEWS, 'page=' . $HTTP_GET_VARS['page'] . '&rID=' . $HTTP_GET_VARS['rID']));
            break;
        case 'update':
            $reviews_id = tep_db_prepare_input($HTTP_GET_VARS['rID']);
            $reviews_rating = tep_db_prepare_input($HTTP_POST_VARS['reviews_rating']);
            $reviews_text = tep_db_prepare_input($HTTP_POST_VARS['reviews_text']);
            $reviews_status = tep_db_prepare_input($HTTP_POST_VARS['reviews_status']);
            tep_db_query("update " . TABLE_REVIEWS . " set reviews_rating = '" . tep_db_input($reviews_rating) . "', reviews_status = '" . tep_db_input($reviews_status) . "', last_modified = now() where reviews_id = '" . (int) $reviews_id . "'");
            tep_db_query("update " . TABLE_REVIEWS_DESCRIPTION . " set reviews_text = '" . tep_db_input($reviews_text) . "' where reviews_id = '" . (int) $reviews_id . "'");
            tep_redirect(tep_href_link(FILENAME_REVIEWS, 'page=' . $HTTP_GET_VARS['page'] . '&rID=' . $reviews_id));
            break;
        case 'deleteconfirm':
            $reviews_id = tep_db_prepare_input($HTTP_GET_VARS['rID']);