/** * Request confirmation to perform some action * * @param string $message Message to show on request * @param mixed $vars array of parameters to re-send needed to continue action * @return bool true if sucessful confirmed */ function require_confirm($message, $vars = null) { global $CFG; $form_key = optional_param('form_key'); // check if pass key verification if (elggform_key_check($form_key, 'confirm')) { // pass form key verification return true; } else { // build form key and show form $form_key = elggform_key_get('confirm'); $title = __gettext('Please confirm your action'); $sContinue = __gettext('Continue'); $or = __gettext('or'); $sBack = __gettext('Back'); // add form key $vars['form_key'] = $form_key; // add parameters $inputs = ''; foreach ($vars as $name => $value) { $value = htmlspecialchars($value, ENT_COMPAT, 'utf-8'); // prevent messing code $inputs .= "<input type=\"hidden\" id=\"{$name}\" name=\"{$name}\" value=\"{$value}\" />\n"; } // add buttons //$inputs .= "<input type=\"button\" value=\"{$sBack}\" onclick=\"history.back()\" />\n"; $inputs .= "<a href=\"#\" onclick=\"history.back(); return false;\">{$sBack}</a> {$or} "; $inputs .= "<input type=\"submit\" name=\"submit\" value=\"{$sContinue}\" />\n"; $body = "<div id=\"confirm-form\">\n"; $body .= "<form name=\"confirm-form\" action=\"\" method=\"post\">\n"; $body .= templates_draw(array('context' => 'databox', 'name' => $message, 'column1' => $inputs)); $body .= "</form>\n"; $body .= "</div>\n"; // show form templates_page_output($title, $body); } return false; }
function pages_html_form($name, $body, $attrs = null) { if (!isset($attrs)) { $attrs = array(); } if (!isset($attrs['id'])) { $attrs['id'] = $name; } if (!isset($attrs['name'])) { $attrs['name'] = $name; } if (!isset($attrs['method'])) { $attrs['method'] = 'post'; } if (!isset($attrs['action'])) { $attrs['action'] = ''; } if (isset($attrs['buttons'])) { $buttons = $attrs['buttons']; } else { $buttons = pages_html_input('submit', array('value' => __gettext('Submit'))); } // add form key $buttons .= pages_html_input('hidden', array('name' => 'form_key', 'value' => elggform_key_get($name))); $body .= pages_html_wrap('div', $buttons, array('class' => 'form-buttons')); return pages_html_wrap('form', $body, $attrs); }
} $directories = "<li><a href=\"" . $CFG->wwwroot . "mod/file/file_include_wizard.php?owner={$owner}&input_field={$field}\" >" . __gettext("Root") . "</a><ul>\n" . $directories . "</ul>\n</li>"; // Files $folder_name = is_object($folder_object) ? $folder_object->name : __gettext("Root"); // I don't know why when I pass the owner param the query returns a bad object // $user_files = get_records('files','folder',$folder_id,"files_owner",$owner); $user_files = get_records_sql("select * from {$CFG->prefix}files where folder = {$folder_id} and files_owner = {$owner}"); if (!empty($user_files)) { $files = "<ul>"; foreach ($user_files as $file) { $file_name = !empty($file->title) ? $file->title : $file->originalname; $extension = strtolower(substr($file->originalname, strpos($file->originalname, ".") + 1)); $type = array_key_exists($extension, get_mimetype_array()) ? " {$extension}" : ""; if (ALLOW_WIZARD_FILE_DELETE) { //FIXME: set form key to pass require_confirm $form_key = elggform_key_get('confirm'); $redirect_url = "{$CFG->wwwroot}mod/file/file_include_wizard.php?owner={$owner}&folder={$folder_id}"; $delete_msg = __gettext("Are you sure you want to permanently delete this file?"); $delete = " "; $delete .= "<a onclick=\"return confirm('{$delete_msg}')\" href=\"{$CFG->wwwroot}mod/file/action_redirection.php?action=delete_file&delete_file_id={$file->ident}&redirection=" . rawurlencode($redirect_url) . "&form_key={$form_key}\">"; $delete .= "<img src=\"{$CFG->wwwroot}mod/file/fileicons/del.png\" border=\"0\"></a>"; } $files .= "<li><a class=\"mediafile{$type}\" href=\"#\" onclick=\"{$function_name}('{$field}','{$file->ident}')\">{$file_name}</a>{$delete}</li>"; } $files .= "</ul>"; } else { $files = "<p>" . __gettext("Empty directory!") . "</p>"; } if (ALLOW_WIZARD_UPLOAD) { $folder = $folder_id; $files .= run("files:wizard:add:file");