*/
if (!defined('IS_VALID_PHPMYFAQ')) {
$protocol = 'http';
if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') {
$protocol = 'https';
}
header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
if ($user->perm->checkRight($user->getUserId(), 'editconfig')) {
// actions defined by url: user_action=
$userAction = PMF_Filter::filterInput(INPUT_GET, 'config_action', FILTER_SANITIZE_STRING, 'listConfig');
// Save the configuration
if ('saveConfig' === $userAction) {
$checks = array('filter' => FILTER_SANITIZE_STRING, 'flags' => FILTER_REQUIRE_ARRAY);
$editData = PMF_Filter::filterInputArray(INPUT_POST, array('edit' => $checks));
$userAction = 'listConfig';
$oldConfigValues = $faqConfig->config;
/* XXX the cache concept is designed to be able to activate only one cache engine per time
so if there are more cache services implemented, respect it here*/
if (isset($editData['edit']['cache.varnishEnable']) && 'true' == $editData['edit']['cache.varnishEnable']) {
if (!extension_loaded('varnish')) {
throw new Exception('Varnish extension is not loaded');
}
}
// Set the new values
$forbiddenValues = array('{', '}', '$');
$newConfigValues = [];
foreach ($editData['edit'] as $key => $value) {
$newConfigValues[$key] = str_replace($forbiddenValues, '', $value);
$keyArray = array_values(explode('.', $key));
if (!defined('IS_VALID_PHPMYFAQ')) {
$protocol = 'http';
if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') {
$protocol = 'https';
}
header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
$response = new JsonResponse();
$do = PMF_Filter::filterInput(INPUT_GET, 'do', FILTER_SANITIZE_STRING);
if ('insertentry' === $do && ($user->perm->checkRight($user->getUserId(), 'editbt') || $user->perm->checkRight($user->getUserId(), 'addbt')) || 'saveentry' === $do && $user->perm->checkRight($user->getUserId(), 'editbt')) {
$user = PMF_User_CurrentUser::getFromSession($faqConfig);
$dateStart = PMF_Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING);
$dateEnd = PMF_Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING);
$question = PMF_Filter::filterInput(INPUT_POST, 'question', FILTER_SANITIZE_STRING);
$categories = PMF_Filter::filterInputArray(INPUT_POST, array('rubrik' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY)));
$record_lang = PMF_Filter::filterInput(INPUT_POST, 'lang', FILTER_SANITIZE_STRING);
$tags = PMF_Filter::filterInput(INPUT_POST, 'tags', FILTER_SANITIZE_STRING);
$active = PMF_Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING);
$sticky = PMF_Filter::filterInput(INPUT_POST, 'sticky', FILTER_SANITIZE_STRING);
$content = PMF_Filter::filterInput(INPUT_POST, 'answer', FILTER_SANITIZE_SPECIAL_CHARS);
$keywords = PMF_Filter::filterInput(INPUT_POST, 'keywords', FILTER_SANITIZE_STRING);
$author = PMF_Filter::filterInput(INPUT_POST, 'author', FILTER_SANITIZE_STRING);
$email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$comment = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING);
$record_id = PMF_Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT);
$solution_id = PMF_Filter::filterInput(INPUT_POST, 'solution_id', FILTER_VALIDATE_INT);
$revision_id = PMF_Filter::filterInput(INPUT_POST, 'revision_id', FILTER_VALIDATE_INT);
$changed = PMF_Filter::filterInput(INPUT_POST, 'changed', FILTER_SANITIZE_STRING);
$user_permission = PMF_Filter::filterInput(INPUT_POST, 'userpermission', FILTER_SANITIZE_STRING);
$restricted_users = 'all' == $user_permission ? -1 : PMF_Filter::filterInput(INPUT_POST, 'restricted_users', FILTER_VALIDATE_INT);
$mail->message = $question;
$result = $mail->send();
unset($mail);
$message = array('success' => $PMF_LANG['msgMailContact']);
} else {
$message = array('error' => $PMF_LANG['err_sendMail']);
}
break;
// Send mails to friends
// Send mails to friends
case 'sendtofriends':
$name = PMF_Filter::filterInput(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
$email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$link = PMF_Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL);
$attached = PMF_Filter::filterInput(INPUT_POST, 'message', FILTER_SANITIZE_STRIPPED);
$mailto = PMF_Filter::filterInputArray(INPUT_POST, array('mailto' => array('filter' => FILTER_VALIDATE_EMAIL, 'flags' => FILTER_REQUIRE_ARRAY | FILTER_NULL_ON_FAILURE)));
if (!is_null($name) && !empty($name) && !is_null($email) && !empty($email) && is_array($mailto) && !empty($mailto['mailto'][0]) && checkBannedWord(PMF_String::htmlspecialchars($attached))) {
foreach ($mailto['mailto'] as $recipient) {
$recipient = trim(strip_tags($recipient));
if (!empty($recipient)) {
$mail = new PMF_Mail();
$mail->setReplyTo($email, $name);
$mail->addTo($recipient);
$mail->subject = $PMF_LANG["msgS2FMailSubject"] . $name;
$mail->message = sprintf("%s\r\n\r\n%s\r\n%s\r\n\r\n%s", $faqconfig->get('main.send2friendText'), $PMF_LANG['msgS2FText2'], $link, $attached);
// Send the email
$result = $mail->send();
unset($mail);
usleep(250);
}
}
$comment = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING);
$recordId = PMF_Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT);
$solutionId = PMF_Filter::filterInput(INPUT_POST, 'solution_id', FILTER_VALIDATE_INT);
$revisionId = PMF_Filter::filterInput(INPUT_POST, 'revision_id', FILTER_VALIDATE_INT);
$changed = PMF_Filter::filterInput(INPUT_POST, 'changed', FILTER_SANITIZE_STRING);
// Permissions
$permissions = array();
if ('all' === PMF_Filter::filterInput(INPUT_POST, 'userpermission', FILTER_SANITIZE_STRING)) {
$permissions += array('restricted_user' => array(-1));
} else {
$permissions += array('restricted_user' => array(PMF_Filter::filterInput(INPUT_POST, 'restricted_users', FILTER_VALIDATE_INT)));
}
if ('all' === PMF_Filter::filterInput(INPUT_POST, 'grouppermission', FILTER_SANITIZE_STRING)) {
$permissions += array('restricted_groups' => array(-1));
} else {
$permissions += PMF_Filter::filterInputArray(INPUT_POST, array('restricted_groups' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY)));
}
if (!isset($categories['rubrik'])) {
$categories['rubrik'] = array();
}
if (!is_null($question) && !is_null($categories['rubrik'])) {
// new entry
$logging = new PMF_Logging($faqConfig);
$logging->logAdmin($user, 'Beitragcreatesave');
printf("<h2>%s</h2>\n", $PMF_LANG['ad_entry_aor']);
$category = new PMF_Category($faqConfig, array(), false);
$category->setUser($currentAdminUser);
$category->setGroups($currentAdminGroups);
$tagging = new PMF_Tags($faqConfig);
$recordData = array('lang' => $recordLang, 'active' => $active, 'sticky' => !is_null($sticky) ? 1 : 0, 'thema' => html_entity_decode($question), 'content' => html_entity_decode($content), 'keywords' => $keywords, 'author' => $author, 'email' => $email, 'comment' => !is_null($comment) ? 'y' : 'n', 'date' => date('YmdHis'), 'dateStart' => empty($dateStart) ? '00000000000000' : str_replace('-', '', $dateStart) . '000000', 'dateEnd' => empty($dateEnd) ? '99991231235959' : str_replace('-', '', $dateEnd) . '235959', 'linkState' => '', 'linkDateCheck' => 0);
// Add new record and get that ID
* @copyright 2009-2011 phpMyFAQ Team
* @license http://www.mozilla.org/MPL/MPL-1.1.html Mozilla Public License Version 1.1
* @link http://www.phpmyfaq.de
* @since 2009-03-20
*/
if (!defined('IS_VALID_PHPMYFAQ')) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
$ajax_action = PMF_Filter::filterInput(INPUT_POST, 'ajaxaction', FILTER_SANITIZE_STRING);
if ('delete' == $ajax_action && $permission['delcomment']) {
$comment = new PMF_Comment();
$checkFaqs = array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY);
$checkNews = array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY);
$ret = false;
$faqComments = PMF_Filter::filterInputArray(INPUT_POST, array('faq_comments' => $checkFaqs));
$newsComments = PMF_Filter::filterInputArray(INPUT_POST, array('news_comments' => $checkNews));
if (!is_null($faqComments['faq_comments'])) {
foreach ($faqComments['faq_comments'] as $commentId => $recordId) {
$ret = $comment->deleteComment($recordId, $commentId);
}
}
if (!is_null($newsComments['news_comments'])) {
foreach ($newsComments['news_comments'] as $commentId => $recordId) {
$ret = $comment->deleteComment($recordId, $commentId);
}
}
print $ret;
} else {
print 0;
}
// delete FAQs
// delete FAQs
case 'delete_record':
if ($permission['delbt']) {
$recordId = PMF_Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT);
$recordLang = PMF_Filter::filterInput(INPUT_POST, 'record_lang', FILTER_SANITIZE_STRING);
$logging = new PMF_Logging($faqConfig);
$logging->logAdmin($user, 'Deleted FAQ ID ' . $recordId);
$faq->deleteRecord($recordId, $recordLang);
echo $PMF_LANG['ad_entry_delsuc'];
} else {
echo $PMF_LANG['err_NotAuth'];
}
break;
// delete open questions
// delete open questions
case 'delete_question':
if ($permission['delquestion']) {
$checks = array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY);
$questionIds = PMF_Filter::filterInputArray(INPUT_POST, array('questions' => $checks));
if (!is_null($questionIds['questions'])) {
foreach ($questionIds['questions'] as $questionId) {
$faq->deleteQuestion((int) $questionId);
}
}
echo $PMF_LANG['ad_entry_delsuc'];
} else {
echo $PMF_LANG['err_NotAuth'];
}
break;
}
* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
* @link http://www.phpmyfaq.de
* @since 2012-12-26
*/
use Symfony\Component\HttpFoundation\JsonResponse;
if (!defined('IS_VALID_PHPMYFAQ')) {
$protocol = 'http';
if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') {
$protocol = 'https';
}
header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
$response = new JsonResponse();
$ajaxAction = PMF_Filter::filterInput(INPUT_GET, 'ajaxaction', FILTER_SANITIZE_STRING);
switch ($ajaxAction) {
case 'getpermissions':
$category = new PMF_Category($faqConfig, [], false);
$category->setUser($currentAdminUser);
$category->setGroups($currentAdminGroups);
$ajaxData = PMF_Filter::filterInputArray(INPUT_POST, array('categories' => array('filter' => FILTER_SANITIZE_STRING, 'flags' => FILTER_REQUIRE_SCALAR)));
if (empty($ajaxData['categories'])) {
$categories = array(-1);
// Access for all users and groups
} else {
$categories = explode(',', (int) $ajaxData['categories']);
}
$response->setData(array('user' => $category->getPermissions('user', $categories), 'group' => $category->getPermissions('group', $categories)), JSON_NUMERIC_CHECK);
break;
}
$response->send();
