} } else { $action = htmlspecialchars($_REQUEST['action']); } /* Do the action that is set in $action variable */ if ($action == 'login') { checkpassword(); $_SESSION['logged'] = 'Y'; pj_session_regenerate_id(); mainpage(); } elseif ($action == 'save') { checklogin(); savelink(); } elseif ($action == 'edit') { checklogin(); editlink(); } elseif ($action == 'backup') { checklogin(); sendbackup(); } elseif ($action == 'remove') { checklogin(); removelink(); } elseif ($action == 'reset') { checklogin(); resetlink(); } elseif ($action == 'add') { checklogin(); add(); } elseif ($action == 'restore') { checklogin(); restore();
/** * Saves link to the database * * @param string $lid ID for link * @param string $old_lid old ID for link * @param string $cid cid of category link belongs to * @param string $categorydd Category links belong to * @param string $url URL of link to save * @param string $description Description of link * @param string $title Title of link * @param int $hits Number of hits for link * @param int $owner_id ID of owner * @param int $group_id ID of group link belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array links plugin lang admin vars * */ function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit')); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $cid = DB_escapeString($cid); if (empty($owner_id)) { // this is new link from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } $lid = COM_sanitizeID($lid); $old_lid = COM_sanitizeID($old_lid); if (empty($lid)) { if (empty($old_lid)) { $lid = COM_makeSid(); } else { $lid = $old_lid; } } // check for link id change if (!empty($old_lid) && $lid != $old_lid) { // check if new lid is already in use if (DB_count($_TABLES['links'], 'lid', $lid) > 0) { // TBD: abort, display editor with all content intact again $lid = $old_lid; // for now ... } } $access = 0; $old_lid = DB_escapeString($old_lid); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { $cid = DB_escapeString($categorydd); } else { if ($categorydd != $LANG_LINKS_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } } DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); DB_delete($_TABLES['links'], 'lid', $old_lid); DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (empty($old_lid) || $old_lid == $lid) { PLG_itemSaved($lid, 'links'); } else { PLG_itemSaved($lid, 'links', $old_lid); } // Get category for rdf check $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('links', $category, $lid); return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2); } else { // missing fields $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $retval .= editlink('edit', $old_lid); } else { $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); return $retval; } }
cancelcats_move($cat_id[0], $option); break; /*** * Links */ /*** * Links */ case "newlink": editlink(0, $cat_parent, false, $option); break; case "editlink": editlink($link_id[0], $cat_parent, false, $option); break; case "editlink_for_approval": editlink($link_id[0], $cat_parent, true, $option); break; /* case "editlink_browse_cat": editlink_browse_cat( $option, 0 ); break; case "editlink_add_cat": editlink_browse_cat( $option, 1 ); break; case "editlink_remove_cat": editlink_browse_cat( $option, -1 ); */ /* case "editlink_browse_cat": editlink_browse_cat( $option, 0 ); break;