function STORY_global_save()
{
global $_CONF, $_TABLES, $LANG09;
if (!SEC_inGroup('Root')) {
COM_refresh($_CONF['site_url']);
}
$sql = '';
if (!SEC_checkToken()) {
COM_refresh($_CONF['site_url']);
}
$filter_topic = COM_applyFilter($_POST['tid']);
$on_frontpage = COM_applyFilter($_POST['frontpage'], true);
$comment = COM_applyFilter($_POST['comment'], true);
$trackback = COM_applyFilter($_POST['trackback'], true);
$owner_id = COM_applyFilter($_POST['owner_id'], true);
$group_id = COM_applyFilter($_POST['group_id'], true);
$show_topic_icon = isset($_POST['show_topic_icon']) ? 1 : 0;
if (!isset($_POST['cb'])) {
return STORY_list();
}
$active = $_POST['cb'];
$comma = 0;
if (isset($active['frontpage'])) {
if ($comma == 1) {
$sql .= ",";
} else {
$sql .= " SET ";
}
$sql .= "frontpage=" . (int) $on_frontpage;
$comma = 1;
}
if (isset($active['comment'])) {
if ($comma == 1) {
$sql .= ",";
} else {
$sql .= " SET ";
}
$sql .= "commentcode=" . (int) $comment;
$comma = 1;
}
if (isset($active['trackback'])) {
if ($comma == 1) {
$sql .= ",";
} else {
$sql .= " SET ";
}
$sql .= "trackbackcode=" . (int) $trackback;
$comma = 1;
}
if (isset($active['owner'])) {
if ($comma == 1) {
$sql .= ",";
} else {
$sql .= " SET ";
}
$sql .= "owner_id=" . (int) $owner_id;
$comma = 1;
}
if (isset($active['group'])) {
if ($comma == 1) {
$sql .= ",";
} else {
$sql .= " SET ";
}
$sql .= "group_id=" . (int) $group_id;
$comma = 1;
}
if (isset($active['show_topic_icon'])) {
if ($comma == 1) {
$sql .= ",";
} else {
$sql .= " SET ";
}
$sql .= "show_topic_icon=" . (int) $show_topic_icon;
$comma = 1;
}
if ($filter_topic != $LANG09[9]) {
$sql .= " WHERE tid='" . DB_escapeString($filter_topic) . "'";
}
$global_sql = "UPDATE {$_TABLES['stories']} " . $sql;
DB_query($global_sql);
$_POST['tid'] = '';
return STORY_list();
}
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete a story submission, sid={$sid} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
} else {
if (SEC_checkToken()) {
$display .= STORY_deleteStory($sid);
} else {
COM_accessLog("User {$_USER['username']} tried to a delete a story, sid={$sid} and failed CSRF checks");
$display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
}
break;
default:
// purge any tokens we created for the advanced editor
DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='advancededitor'", 1);
if ($action == 'cancel' && $type == 'submission') {
echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
$pageTitle = $LANG24[22];
$pageBody .= STORY_list();
}
break;
}
$display = COM_siteHeader('menu', $pageTitle);
if (isset($msg)) {
$display .= is_numeric($msg) ? COM_showMessage($msg) : COM_showMessageText($msg);
}
$display .= $pageBody;
$display .= COM_siteFooter();
echo $display;
