$_SESSION['select_groupusers'] = "hide"; } $origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : null; /* Action handling */ // display the form if (!empty($_GET['action']) && $_GET['action'] == 'add' && $_GET['origin'] == "" || !empty($_GET['action']) && $_GET['action'] == 'edit' || !empty($_POST['To'])) { if (api_get_session_id() != 0 && api_is_allowed_to_session_edit(false, true) == false) { api_not_allowed(true); } $display_form = true; } // clear all resources if (empty($originalresource) || $originalresource !== 'no' and !empty($action) && $action == 'add') { $_SESSION['formelements'] = null; } $htmlHeadXtra[] = AnnouncementManager::to_javascript(); /* Filter user/group */ if (!empty($_GET['toolgroup'])) { if ($_GET['toolgroup'] == strval(intval($_GET['toolgroup']))) { //check is integer $toolgroup = intval($_GET['toolgroup']); $_SESSION['select_groupusers'] = 'hide'; } else { $toolgroup = 0; } Session::write("toolgroup", $toolgroup); } /* Sessions */ $ctok = $_SESSION['sec_token']; $stok = Security::get_token(); $to = null;