//Send the headers to control the download header('Content-Type: text/comma-separated-values'); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Content-Disposition: inline; filename="blacklist.txt"'); echo $exportfile; exit; case 'import': wp_refcheck("/wp-admin/wpblacklist.php"); $title = 'Manage WPBlacklist - Import'; break; case 'add': wp_refcheck("/wp-admin/wpblacklist.php"); $title = 'Manage WPBlacklist - Add'; break; case 'delete': wp_refcheck("/wp-admin/wpblacklist.php"); case 'search': $title = 'Manage WPBlacklist - Delete'; break; default: $title = 'Manage WPBlacklist'; break; } // load options from DB $sql = "SELECT * FROM {$tableblacklist} WHERE regex_type = 'option'"; $results = $wpdb->get_results($sql); if ($results) { foreach ($results as $result) { $options[] = $result->regex; } }
} init_param(array('POST', 'GET'), 'action', 'string', ''); init_param(array('POST', 'GET'), 'option_group_id', 'integer', ''); require_once "optionhandler.php"; $non_was_selected = 0; if ($option_group_id == '') { $option_group_id = 1; $non_was_selected = 1; } else { $option_group_id = intval($option_group_id); } $message = ""; switch (get_param('action')) { case "update": $standalone = 0; wp_refcheck("/wp-admin"); $any_changed = 0; // iterate through the list of options in this group // pull the vars from the post // validate ranges etc. // update the values $options = $wpdb->get_results("SELECT " . wp_table('options') . ".option_id, option_name, option_type, option_value, option_admin_level " . "FROM " . wp_table('options') . " " . "LEFT JOIN " . wp_table('optiongroup_options') . " ON " . wp_table('options') . ".option_id = " . wp_table('optiongroup_options') . ".option_id " . "WHERE group_id = {$option_group_id} " . "ORDER BY seq"); if ($options) { foreach ($options as $option) { // should we even bother checking? if ($user_level >= $option->option_admin_level) { $this_name = $option->option_name; $old_val = stripslashes($option->option_value); $new_val = $_POST[$this_name]; if ($new_val != $old_val) { // get type and validate
<?php require_once 'admin.php'; $title = 'Moderate comments'; $this_file = 'moderation.php'; $parent_file = 'edit.php'; param('action', 'string', ''); switch ($action) { case 'update': wp_refcheck("/wp-admin/moderation.php"); if ($user_level < 3) { redirect_header($siteurl . '/wp-admin/', 5, _LANG_P_CHEATING_ERROR); exit; } param('comment', 'array', array()); $item_ignored = 0; $item_deleted = 0; $item_approved = 0; foreach ($comment as $key => $value) { switch ($value) { case 'later': // do nothing with that comment // wp_set_comment_status($key, "hold"); ++$item_ignored; break; case 'delete': wp_set_comment_status($key, 'delete'); ++$item_deleted; break; case 'approve': wp_set_comment_status($key, 'approve');
case 'edit': $standalone = 0; require_once 'admin-header.php'; param('cat_ID', 'integer', true); $myts =& MyTextSanitizer::getInstance(); $category = $wpdb->get_row("SELECT * FROM {$wpdb->categories[$wp_id]} WHERE cat_ID = '{$cat_ID}'"); $form_id = "editcat"; $form_title = _LANG_C_EDIT_TITLECAT; $cat_ID = $category->cat_ID; $cat_name = $myts->makeTboxData4Edit($category->cat_name); $category_parent = $category->category_parent; $category_description = $myts->makeTareaData4Edit($category->category_description); include 'include/categories-form.php'; break; case 'editedcat': wp_refcheck("/wp-admin/categories.php"); if ($user_level < 3) { redirect_header($siteurl . '/wp-admin/', 5, _LANG_P_CHEATING_ERROR); exit; } param('cat_ID', 'integer', true); param('cat_name', 'string', true); param('category_description', 'string'); param('cat', 'integer'); $cat_name = $wpdb->escape($cat_name); $category_nicename = sanitize_title($cat_name); if ($category_nicename == "") { $category_nicename = "category-" . $cat_ID; } $category_description = $wpdb->escape($category_description); $query = "UPDATE {$wpdb->categories[$wp_id]} SET cat_name = '{$cat_name}', category_nicename = '{$category_nicename}', category_description = '{$category_description}', category_parent = '{$cat}' WHERE cat_ID = '{$cat_ID}'";
<?php require_once 'admin.php'; $title = "Profile"; $this_file = 'profile.php'; $parent_file = 'profile.php'; param('action', 'string', ''); switch ($action) { case 'update': wp_refcheck("/wp-admin/profile.php"); param('newuser_firstname', 'string'); param('newuser_lastname', 'string'); param('newuser_nickname', 'string', true); param('newuser_icq', 'string'); param('newuser_aim', 'string'); param('newuser_msn', 'string'); param('newuser_yim', 'string'); param('newuser_email', 'string', true); param('newuser_url', 'string'); param('newuser_idmode', 'string'); param('user_description', 'string'); /* if the ICQ UIN has been entered, check to see if it has only numbers */ if ($newuser_icq) { if (ereg("^[0-9]+\$", $newuser_icq) == false) { redirect_header($siteurl . '/wp-admin/profile.php', 5, _LANG_WLC_RIGHT_PROM); exit; } } /* checking e-mail address */ if (!is_email($newuser_email)) { redirect_header($siteurl . '/wp-admin/profile.php', 5, _LANG_WPF_ERR_CORRECT);
$link_rating = param('rating', 'integer', 0); $link_rel = $wpdb->escape(param('rel', 'string', '')); $link_notes = $wpdb->escape(param('notes', 'html', '')); $link_rss_uri = $wpdb->escape(param('rss_uri', 'string', '')); $auto_toggle = get_autotoggle($link_category); // if we are in an auto toggle category and this one is visible then we // need to make the others invisible before we update this one. if ($auto_toggle == 'Y' && $link_visible == 'Y') { $wpdb->query("UPDATE {$wpdb->links[$wp_id]} set link_visible = 'N' WHERE link_category = {$link_category}"); } $wpdb->query("UPDATE {$wpdb->links[$wp_id]} \n\t\t\tSET link_url='{$link_url}',\n\t\t\t\tlink_name='{$link_name}',\n\t\t\t\tlink_image='{$link_image}',\n\t\t\t\tlink_target='{$link_target}',\n\t\t\t\tlink_category={$link_category},\n\t\t\t\tlink_visible='{$link_visible}',\n\t\t\t\tlink_description='{$link_description}',\n\t\t\t\tlink_rating={$link_rating},\n\t\t\t\tlink_rel='{$link_rel}',\n\t\t\t\tlink_notes='{$link_notes}',\n\t\t\t\tlink_rss = '{$link_rss_uri}'\n\t\t\tWHERE link_id={$link_id}"); } header('Location: ' . $this_file); break; case 'Delete': wp_refcheck("/wp-admin/link-manager.php"); if ($user_level < get_settings('links_minadminlevel')) { redirect_header($siteurl . '/wp-admin/', 5, _LANG_P_CHEATING_ERROR); exit; } param('link_id', 'integer', true); $wpdb->query("DELETE FROM {$wpdb->links[$wp_id]} WHERE link_id = {$link_id}"); header('Location: ' . $this_file); break; case 'linkedit': $standalone = 0; $xfn = true; include_once 'admin-header.php'; if ($user_level < get_settings('links_minadminlevel')) { redirect_header($siteurl . '/wp-admin/', 5, _LANG_WLC_RIGHT_PROM); exit;
<tr><td>URL:</td><td><?php echo $commentdata['comment_author_url']; ?> </td></tr> <tr><td>Comment:</td><td><?php echo apply_filters('comment_text', $commentdata['comment_content']); ?> </td></tr> </table> </div> <?php include 'admin-footer.php'; break; case 'approvecomment': $standalone = 1; wp_refcheck('/wp-admin'); if ($user_level <= 0) { redirect_header(wp_siteurl() . '/wp-admin/', 5, _LANG_P_CHEATING_ERROR); exit; } init_param(array('GET', 'POST'), 'comment', 'integer', NO_DEFAULT_PARAM, true); init_param(array('GET', 'POST'), 'p', 'integer', NO_DEFAULT_PARAM, true); init_param(array('GET', 'POST'), 'noredir', 'string', ''); if (!empty($noredir)) { $noredir = true; } else { $noredir = false; } if ($_SERVER['HTTP_REFERER'] != '' && false == $noredir) { $location = $_SERVER['HTTP_REFERER']; } else {
redirect_header($siteurl . '/wp-admin/user.php', 5, 'Can’t change the level of a user whose level is higher than yours.'); exit; } if ('up' == $prom) { $new_level = $usertopromote_level + 1; $sql = "UPDATE {$wpdb->users[$wp_id]} SET user_level={$new_level} WHERE ID = {$id}"; } elseif ('down' == $prom) { $new_level = $usertopromote_level - 1; $sql = "UPDATE {$wpdb->users[$wp_id]} SET user_level={$new_level} WHERE ID = {$id}"; } $result = $wpdb->query($sql); header('Location: users.php'); break; case 'delete': $standalone = 1; wp_refcheck("/wp-admin/users.php"); param('id', 'integer', true); $user_data = get_userdata($id); $usertodelete_level = $user_data->user_level; if (0 != $usertodelete_level) { redirect_header($siteurl . '/wp-admin/user.php', 5, 'Can’t delete a user whose level is higher than yours.'); exit; } $post_ids = $wpdb->get_col("SELECT ID FROM {$wpdb->posts[$wp_id]} WHERE post_author = {$id}"); if ($post_ids) { $post_ids = implode(',', $post_ids); // Delete comments, *backs $wpdb->query("DELETE FROM {$wpdb->comments[$wp_id]} WHERE comment_post_ID IN ({$post_ids})"); // Clean cats $wpdb->query("DELETE FROM {$wpdb->post2cat[$wp_id]} WHERE post_id IN ({$post_ids})"); // Clean links
wp_refcheck("/wp-admin/plugins.php"); $current = "\n" . get_settings('active_plugins') . "\n"; $current = preg_replace("|(\n)+\\s*|", "\n", $current); $current = trim($current) . "\n " . trim($plugin); $current = trim($current); $current = preg_replace("|\n\\s*|", "\n", $current); // I don't know where this is coming from update_option('active_plugins', $current); header('Location: plugins.php?activate=true'); break; case 'deactivate': param('plugin', 'string', true); if (!$xoopsWPTicket->check(false)) { redirect_header($siteurl . '/wp-admin/plugins.php', 3, $xoopsWPTicket->getErrors()); } wp_refcheck("/wp-admin/plugins.php"); $current = "\n" . get_settings('active_plugins') . "\n"; $current = str_replace("\n" . $plugin, '', $current); $current = preg_replace("|(\n)+\\s*|", "\n", $current); update_option('active_plugins', trim($current)); header('Location: plugins.php?deactivate=true'); break; default: $standalone = 0; require_once 'admin-header.php'; param('activate', 'string', ''); param('deactivate', 'string', ''); // Clean up options // if any files are in the option that don't exist, axe 'em if (!get_settings('active_plugins')) { add_option('active_plugins', '');