// Switch to list mode: // $action = 'list'; //init_list_mode(); break; case 'update_edit': case 'update': case 'update_publish': // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('item'); // Check edit permission: $current_User->check_perm('item_post!CURSTATUS', 'edit', true, $edited_Item); // We need early decoding of these in order to check permissions: param('post_status', 'string', 'published'); if ($action == 'update_publish') { // load publish status from param, because a post can be published to many status $post_status = load_publish_status(); } // Check if new category was started to create. If yes check if it is valid. $isset_category = check_categories($post_category, $post_extracats); // Check permission on statuses: $current_User->check_perm('cats_post!' . $post_status, 'edit', true, $post_extracats); // Check permission on post type: check_perm_posttype($post_extracats); // Is this post already published? $was_published = $edited_Item->status == 'published'; // UPDATE POST: // Set the params we already got: $edited_Item->set('status', $post_status); if ($isset_category) { // we change the categories only if the check was succesfull $edited_Item->set('main_cat_ID', $post_category);
* Basic security checks: */ if (!is_logged_in()) { // must be logged in! bad_request_die(T_('You are not logged in.')); } // check if user can edit this post check_item_perm_edit($post_ID); $action = param_action(); if (!empty($action) && $action != 'new') { // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('item'); } //$post_status = NULL; if ($action == 'create_publish' || $action == 'update_publish') { $post_status = load_publish_status($action == 'create_publish'); $action = substr($action, 0, 6); } else { $post_status = param('post_status', 'string', 'published'); } switch ($action) { case 'update': case 'edit_switchtab': // this gets set as action by JS, when we switch tabs // Load post to edit: $post_ID = param('post_ID', 'integer', true, true); $ItemCache =& get_ItemCache(); $edited_Item =& $ItemCache->get_by_ID($post_ID); // Load the blog we're in: $Blog =& $edited_Item->get_Blog(); set_working_blog($Blog->ID);