function getElements()
{
global $_TABLES, $_GROUPS;
$mbadmin = SEC_hasRights('menu.admin');
$root = SEC_inGroup('Root');
$sql = "SELECT * FROM {$_TABLES['menu_elements']} WHERE menu_id=" . (int) $this->id . " ORDER BY element_order ASC";
$elementResult = DB_query($sql, 1);
while ($A = DB_fetchArray($elementResult)) {
$element = new menuElement();
$element->constructor($A, $mbadmin, $root, $_GROUPS, 1);
if ($element->access > 0) {
$this->menu_elements[$element->id] = $element;
}
}
foreach ($this->menu_elements as $id => $element) {
if ($id != 0 && $element->pid != 0 && isset($this->menu_elements[$element->pid]->id)) {
$this->menu_elements[$element->pid]->setChild($element);
}
}
}
function MB_saveNewMenuElement()
{
global $_CONF, $_TABLES, $_GROUPS, $MenuElementAllowedHTML;
$filter = sanitizer::getInstance();
$allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
$filter->setAllowedElements($allowedElements);
$filter->setPostmode('html');
// build post vars
$E['menu_id'] = COM_applyFilter($_POST['menu'], true);
$E['pid'] = COM_applyFilter($_POST['pid'], true);
$E['element_label'] = $filter->filterHTML($_POST['menulabel']);
$E['element_type'] = COM_applyFilter($_POST['menutype'], true);
$E['element_target'] = isset($_POST['urltarget']) ? COM_applyFilter($_POST['urltarget']) : '';
$afterElementID = COM_applyFilter($_POST['menuorder'], true);
$E['element_active'] = COM_applyFilter($_POST['menuactive'], true);
$E['element_url'] = isset($_POST['menuurl']) ? trim(COM_applyFilter($_POST['menuurl'])) : '';
$E['group_id'] = COM_applyFilter($_POST['group'], true);
$menu = menu::getInstance($E['menu_id']);
switch ($E['element_type']) {
case 2:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['glfunction']));
break;
case 3:
$E['element_subtype'] = COM_applyFilter($_POST['gltype'], true);
break;
case 4:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['pluginname']));
break;
case 5:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['spname']));
break;
case 6:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['menuurl']));
/*
* check URL if it needs http:// appended...
*/
if (trim($E['element_subtype']) != '') {
if (strpos($E['element_subtype'], "http") !== 0 && strpos($E['element_subtype'], "%site") === false && rtrim($E['element_subtype']) != '') {
$E['element_subtype'] = 'http://' . $E['element_subtype'];
}
}
break;
case 7:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['phpfunction']));
break;
case 9:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['topicname']));
break;
default:
$E['element_subtype'] = '';
break;
}
// check if URL needs the http:// added
if (trim($E['element_url']) != '') {
if (strpos($E['element_url'], "http") !== 0 && strpos($E['element_url'], "%site") === false && $E['element_url'][0] != '#' && rtrim($E['element_url']) != '') {
$E['element_url'] = 'http://' . $E['element_url'];
}
}
/*
* Pull some constants..
*/
$meadmin = SEC_hasRights('menu.admin');
$root = SEC_inGroup('Root');
$groups = $_GROUPS;
/* set element order */
if ($afterElementID == 0) {
$aorder = 0;
} else {
$aorder = DB_getItem($_TABLES['menu_elements'], 'element_order', 'id=' . $afterElementID);
}
$E['element_order'] = $aorder + 1;
/*
* build our class
*/
$element = new menuElement();
$element->constructor($E, $meadmin, $root, $groups, 1);
$element->id = $element->createElementID($E['menu_id']);
$element->saveElement();
$pid = $E['pid'];
$menu_id = $E['menu_id'];
$menu->reorderMenu($pid);
CACHE_remove_instance('menu');
}