/** * Edit a unit of content, or create a new one. */ public function editcontent($contenttypeslug, $id, Silex\Application $app, Request $request) { // Make sure the user is allowed to see this page, based on 'allowed contenttypes' // for Editors. if (empty($id)) { $perm = "contenttype:{$contenttypeslug}:create"; } else { $perm = "contenttype:{$contenttypeslug}:edit:{$id}"; } if (!$app['users']->isAllowed($perm)) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.')); return redirect('dashboard'); } // set the editreferrer in twig if it was not set yet. $tmpreferrer = getReferrer($app['request']); if (strpos($tmpreferrer, '/overview/') !== false || $tmpreferrer == $app['paths']['bolt']) { $app['twig']->addGlobal('editreferrer', $tmpreferrer); } $contenttype = $app['storage']->getContentType($contenttypeslug); if ($request->getMethod() == "POST") { if (!$app['users']->checkAntiCSRFToken()) { $app->abort(400, __("Something went wrong")); } if (!empty($id)) { // Check if we're allowed to edit this content.. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$id}")) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.')); return redirect('dashboard'); } } else { // Check if we're allowed to create content.. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to create a new record.')); return redirect('dashboard'); } } if ($id) { $content = $app['storage']->getContent($contenttype['slug'], array('id' => $id)); $oldStatus = $content['status']; $newStatus = $content['status']; } else { $content = $app['storage']->getContentObject($contenttypeslug); $oldStatus = ''; } // Add non successfull control values to request values // http://www.w3.org/TR/html401/interact/forms.html#h-17.13.2 $request_all = $request->request->all(); foreach ($contenttype['fields'] as $key => $values) { if (!isset($request_all[$key])) { switch ($values['type']) { case 'select': if (isset($values['multiple']) and $values['multiple'] == true) { $request_all[$key] = array(); } break; case 'checkbox': $request_all[$key] = 0; break; } } } // To check whether the status is allowed, we act as if a status // *transition* were requested. $content->setFromPost($request_all, $contenttype); $newStatus = $content['status']; $statusOK = $app['users']->isContentStatusTransitionAllowed($oldStatus, $newStatus, $contenttype['slug'], $id); // Don't try to spoof the $id.. if (!empty($content['id']) && $id != $content['id']) { $app['session']->getFlashBag()->set('error', "Don't try to spoof the id!"); return redirect('dashboard'); } // Save the record, and return to the overview screen, or to the record (if we clicked 'save and continue') if ($statusOK && $app['storage']->saveContent($content, $contenttype['slug'])) { if (!empty($id)) { $app['session']->getFlashBag()->set('success', __('The changes to this %contenttype% have been saved.', array('%contenttype%' => $contenttype['singular_name']))); } else { $app['session']->getFlashBag()->set('success', __('The new %contenttype% has been saved.', array('%contenttype%' => $contenttype['singular_name']))); } $app['log']->add($content->getTitle(), 3, $content, 'save content'); // If 'returnto is set', we return to the edit page, with the correct anchor. if ($app['request']->get('returnto')) { // We must 'return to' the edit page. In which case we must know the Id, so let's fetch it. $id = $app['storage']->getLatestId($contenttype['slug']); return redirect('editcontent', array('contenttypeslug' => $contenttype['slug'], 'id' => $id), "#" . $app['request']->get('returnto')); } // No returnto, so we go back to the 'overview' for this contenttype. // check if a pager was set in the referrer - if yes go back there $editreferrer = $app['request']->get('editreferrer'); if ($editreferrer) { return simpleredirect($editreferrer); } else { return redirect('overview', array('contenttypeslug' => $contenttype['slug'])); } } else { $app['session']->getFlashBag()->set('error', __('There was an error saving this %contenttype%.', array('%contenttype%' => $contenttype['singular_name']))); $app['log']->add("Save content error", 3, $content, 'error'); } } if (!empty($id)) { $content = $app['storage']->getContent($contenttype['slug'], array('id' => $id)); if (empty($content)) { $app->abort(404, __('The %contenttype% you were looking for does not exist. It was probably deleted, or it never existed.', array('%contenttype%' => $contenttype['singular_name']))); } // Check if we're allowed to edit this content.. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$content['id']}")) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.')); return redirect('dashboard'); } $title = sprintf("<strong>%s</strong> » %s", __('Edit %contenttype%', array('%contenttype%' => $contenttype['singular_name'])), htmlencode($content->getTitle())); $app['log']->add("Edit content", 1, $content, 'edit'); } else { // Check if we're allowed to create content.. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to create a new record.')); return redirect('dashboard'); } $content = $app['storage']->getEmptyContent($contenttype['slug']); $title = sprintf("<strong>%s</strong>", __('New %contenttype%', array('%contenttype%' => $contenttype['singular_name']))); $app['log']->add("New content", 1, $content, 'edit'); } $oldStatus = $content['status']; $allStatuses = array('published', 'held', 'draft', 'timed'); $allowedStatuses = array(); foreach ($allStatuses as $status) { if ($app['users']->isContentStatusTransitionAllowed($oldStatus, $status, $contenttype['slug'], $id)) { $allowedStatuses[] = $status; } } $app['twig']->addGlobal('title', $title); $duplicate = $app['request']->query->get('duplicate'); if (!empty($duplicate)) { $content->setValue('id', ""); $content->setValue('slug', ""); $content->setValue('datecreated', ""); $content->setValue('datepublish', ""); $content->setValue('datedepublish', "1900-01-01 00:00:00"); // Not all DB-engines can handle a date like '0000-00-00' $content->setValue('datechanged', ""); $content->setValue('username', ""); $content->setValue('ownerid', ""); $app['session']->getFlashBag()->set('info', __("Content was duplicated. Click 'Save %contenttype%' to finalize.", array('%contenttype%' => $contenttype['singular_name']))); } // Set the users and the current owner of this content. // For brand-new items, the creator becomes the owner. // For existing items, we'll just keep the current owner. if (empty($id)) { // A new one! $contentowner = $app['users']->getCurrentUser(); } else { $contentowner = $app['users']->getUser($content['ownerid']); } return $app['render']->render('editcontent.twig', array('contenttype' => $contenttype, 'content' => $content, 'allowedStatuses' => $allowedStatuses, 'contentowner' => $contentowner)); }
/** * Delete help topic action */ public function actionDelete() { // Check Access checkAccessThrowException('op_personalmessages_delete'); if (isset($_GET['id']) && ($model = PersonalMessageTopic::model()->findByPk($_GET['id']))) { alog(at("Deleted Personal Message '{name}'.", array('{name}' => $model->title))); // Make sure we are allowed to delete this if ($model->author_id != Yii::app()->user->id) { ferror(at('Sorry, You are not the author of this personal message so you can not delete it.')); alog(at("Tried Deleting a Personal Message '{name}' When he is not the author.", array('{name}' => $model->title))); $this->redirect(getReferrer('personalmessages/index')); } $model->delete(); fok(at('Personal Message Deleted.')); $this->redirect(array('personalmessages/index')); } else { $this->redirect(array('personalmessages/index')); } }
<?php require 'vendor/autoload.php'; include_once 'functions.php'; // Set the default referrer here $referrer = getReferrer() ?: ''; // Set variables to render website $excludedFiles = ['.', '..', '_layout.html']; // Initialize templates and render website $twig = new Twig_Environment(new Twig_Loader_Filesystem('templates')); echo $twig->render('index.html', ['modals' => array_diff(scandir(__DIR__ . '/templates/landing/modals'), $excludedFiles), 'notifications' => array_diff(scandir(__DIR__ . '/templates/landing/notifications'), $excludedFiles), 'referrer' => trim($referrer, '/'), 'campaign' => date('W'), 'key' => $_REQUEST['key'], 'tag' => $_REQUEST['tag']]);
/** * Edit a unit of content, or create a new one. */ public function editContent($contenttypeslug, $id, Silex\Application $app, Request $request) { // Make sure the user is allowed to see this page, based on 'allowed contenttypes' // for Editors. if (empty($id)) { $perm = "contenttype:{$contenttypeslug}:create"; $new = true; } else { $perm = "contenttype:{$contenttypeslug}:edit:{$id}"; $new = false; } if (!$app['users']->isAllowed($perm)) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.')); return redirect('dashboard'); } // set the editreferrer in twig if it was not set yet. $tmpreferrer = getReferrer($app['request']); if (strpos($tmpreferrer, '/overview/') !== false || $tmpreferrer == $app['paths']['bolt']) { $app['twig']->addGlobal('editreferrer', $tmpreferrer); } $contenttype = $app['storage']->getContentType($contenttypeslug); if ($request->getMethod() == "POST") { if (!$app['users']->checkAntiCSRFToken()) { $app->abort(400, __("Something went wrong")); } if (!empty($id)) { // Check if we're allowed to edit this content.. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$id}")) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.')); return redirect('dashboard'); } } else { // Check if we're allowed to create content.. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to create a new record.')); return redirect('dashboard'); } } // If we have an ID now, this is an existing record if ($id) { $content = $app['storage']->getContent($contenttype['slug'], array('id' => $id)); $oldStatus = $content['status']; $newStatus = $content['status']; } else { $content = $app['storage']->getContentObject($contenttypeslug); $oldStatus = ''; } // Add non successfull control values to request values // http://www.w3.org/TR/html401/interact/forms.html#h-17.13.2 $request_all = $request->request->all(); foreach ($contenttype['fields'] as $key => $values) { if (!isset($request_all[$key])) { switch ($values['type']) { case 'select': if (isset($values['multiple']) and $values['multiple'] == true) { $request_all[$key] = array(); } break; case 'checkbox': $request_all[$key] = 0; break; } } } // To check whether the status is allowed, we act as if a status // *transition* were requested. $content->setFromPost($request_all, $contenttype); $newStatus = $content['status']; // Don't try to spoof the $id.. if (!empty($content['id']) && $id != $content['id']) { $app['session']->getFlashBag()->set('error', "Don't try to spoof the id!"); return redirect('dashboard'); } // Save the record, and return to the overview screen, or to the record (if we clicked 'save and continue') $statusOK = $app['users']->isContentStatusTransitionAllowed($oldStatus, $newStatus, $contenttype['slug'], $id); if ($statusOK) { // Get the associate record change comment $comment = $request->request->get('changelog-comment'); // Save the record $id = $app['storage']->saveContent($content, $comment); // Log the change $app['log']->add($content->getTitle(), 3, $content, 'save content'); if ($new) { $app['session']->getFlashBag()->set('success', __('The new %contenttype% has been saved.', array('%contenttype%' => $contenttype['singular_name']))); } else { $app['session']->getFlashBag()->set('success', __('The changes to this %contenttype% have been saved.', array('%contenttype%' => $contenttype['singular_name']))); } /* * Bolt 2: * We now only get a returnto parameter if we are saving a new * record and staying on the same page, i.e. "Save {contenttype}" */ if ($app['request']->get('returnto')) { if ($app['request']->get('returnto') == "new") { return redirect('editcontent', array('contenttypeslug' => $contenttype['slug'], 'id' => $id), "#" . $app['request']->get('returnto')); } elseif ($app['request']->get('returnto') == "ajax") { /* * Flush any buffers from saveConent() dispatcher hooks * and make sure our JSON output is clean. * * Currently occurs due to a 404 exception being generated * in \Bolt\Storage::saveContent() dispatchers: * $this->app['dispatcher']->dispatch(StorageEvents::PRE_SAVE, $event); * $this->app['dispatcher']->dispatch(StorageEvents::POST_SAVE, $event); */ if (ob_get_length()) { ob_end_clean(); } // Get our record after POST_SAVE hooks are dealt with and return the JSON $content = $app['storage']->getContent($contenttype['slug'], array('id' => $id, 'returnsingle' => true)); return new JsonResponse($content->values); } } // No returnto, so we go back to the 'overview' for this contenttype. // check if a pager was set in the referrer - if yes go back there $editreferrer = $app['request']->get('editreferrer'); if ($editreferrer) { simpleredirect($editreferrer); } else { return redirect('overview', array('contenttypeslug' => $contenttype['slug'])); } } else { $app['session']->getFlashBag()->set('error', __('There was an error saving this %contenttype%.', array('%contenttype%' => $contenttype['singular_name']))); $app['log']->add("Save content error", 3, $content, 'error'); } } // We're doing a GET if (!empty($id)) { $content = $app['storage']->getContent($contenttype['slug'], array('id' => $id)); if (empty($content)) { $app->abort(404, __('The %contenttype% you were looking for does not exist. It was probably deleted, or it never existed.', array('%contenttype%' => $contenttype['singular_name']))); } // Check if we're allowed to edit this content.. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$content['id']}")) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.')); return redirect('dashboard'); } $app['log']->add("Edit content", 1, $content, 'edit'); } else { // Check if we're allowed to create content.. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) { $app['session']->getFlashBag()->set('error', __('You do not have the right privileges to create a new record.')); return redirect('dashboard'); } $content = $app['storage']->getEmptyContent($contenttype['slug']); $app['log']->add("New content", 1, $content, 'edit'); } $oldStatus = $content['status']; $allStatuses = array('published', 'held', 'draft', 'timed'); $allowedStatuses = array(); foreach ($allStatuses as $status) { if ($app['users']->isContentStatusTransitionAllowed($oldStatus, $status, $contenttype['slug'], $id)) { $allowedStatuses[] = $status; } } $duplicate = $app['request']->query->get('duplicate'); if (!empty($duplicate)) { $content->setValue('id', ""); $content->setValue('slug', ""); $content->setValue('datecreated', ""); $content->setValue('datepublish', ""); $content->setValue('datedepublish', "1900-01-01 00:00:00"); // Not all DB-engines can handle a date like '0000-00-00' $content->setValue('datechanged', ""); $content->setValue('username', ""); $content->setValue('ownerid', ""); $app['session']->getFlashBag()->set('info', __("Content was duplicated. Click 'Save %contenttype%' to finalize.", array('%contenttype%' => $contenttype['singular_name']))); } // Set the users and the current owner of this content. if (empty($id)) { // For brand-new items, the creator becomes the owner. $contentowner = $app['users']->getCurrentUser(); } else { // For existing items, we'll just keep the current owner. $contentowner = $app['users']->getUser($content['ownerid']); } $context = array('contenttype' => $contenttype, 'content' => $content, 'allowed_status' => $allowedStatuses, 'contentowner' => $contentowner, 'fields' => $app['config']->fields->fields()); return $app['render']->render('editcontent/editcontent.twig', array('context' => $context)); }
/** * Delete setting action */ public function actiondeletesetting() { // Check Access checkAccessThrowException('op_settings_delete_settings'); if (isset($_GET['id'])) { $model = Setting::model()->findByPk($_GET['id']); // Make sure the setting is not protected as we can't edit protected settings if (!YII_DEBUG && $model->is_protected) { // Log Message alog(at("Tried Deleting Protected Setting '{name}'", array('{name}' => $model->title))); ferror(at("Can't delete that setting as it's a protected setting.")); $this->redirect(getReferrer('setting/index')); } // Log Message alog(at("Deleted Setting '{name}'", array('{name}' => $model->title))); Setting::model()->deleteByPk($_GET['id']); // Clear cache Yii::app()->settings->clearCache(); fok(at('Setting deleted.')); if ($model) { $this->redirect(array('setting/viewgroup', 'id' => $model->category)); } $this->redirect(array('setting/index')); } else { $this->redirect(array('setting/index')); } }
// Agent ID $agent_id = 0; if (isset($_REQUEST['AGENTID'])) { $agent_id = (int) $_REQUEST['AGENTID']; } if (isset($_REQUEST['LANGUAGE'])) { $language = htmlspecialchars((string) $_REQUEST['LANGUAGE'], ENT_QUOTES); } if (isset($_REQUEST['oUSERID'])) { $_REQUEST['oUSERID'] = (int) $_REQUEST['oUSERID']; $query = "SELECT id_domain FROM " . $table_prefix . "domain_user WHERE id_user = "******" Limit 1"; $rows = $SQL->selectquery($query); $row = mysql_fetch_array($rows); $domain_id = $rows["id_domain"]; } $refDomain = getReferrer(); //$refDomain = $_REQUEST['URL'] == "" ? $_SERVER['HTTP_REFERER'] : $_REQUEST['URL']; $cookieName = str_replace(".", "", $refDomain); // new condition and refresh value from 5 to 30 in order to support safari third-party cookies restriction if (!isset($_COOKIE[$cookieName])) { $domainIsValid = false; if (isset($domain_id) && $domain_id != '') { $query = "SELECT name FROM " . $table_prefix . "domains WHERE id_domain = '" . $domain_id . "'"; $row = $SQL->selectquery($query); $domainName = $row['name']; if (!(strripos($domainName, $refDomain) === false)) { $domainIsValid = true; } } if (isset($domain_id) && !(strripos($domainName, $refDomain) === false)) { if (!isset($_REQUEST['WIDTH'])) {