function performEdit($slabIn = '')
{
global $editErrMsg, $razorArray;
if ($slabIn == '') {
$slab = $_GET['slab'];
} else {
$slab = $slabIn;
}
if (!in_array($slab, $razorArray['slabs'])) {
MsgBox(lt('Invalid name'), 'redbox');
return;
}
$fileAsID = array_search($slab, $razorArray['slabs']);
$addtErrMsg = array();
$catlist = $razorArray['links_cats'];
// get form signature //
$random = false;
if (isset($_POST['random'])) {
$randomV = htmlspecialchars(stripslashes($_POST['random']), ENT_QUOTES);
$randomVC = htmlspecialchars(stripslashes($_SESSION['random']), ENT_QUOTES);
if ($randomV == $randomVC) {
$random = true;
}
}
// process form data //
if (isset($_POST['save']) && $slabIn == '' && $random) {
$newp = new SLAB();
$newp->loadSlab($slab);
$oldSlab = $slab;
$oldTitle = $newp->title;
$title = '';
if (isset($_POST['title'])) {
$title = stripslashes($_POST['title']);
}
if (isset($_POST['ptitle'])) {
$ptitle = stripslashes($_POST['ptitle']);
} else {
$ptitle = '';
}
$newSlab = cleanSlabTitle($_POST['title'], $newp->slabId);
if ($title == '') {
$addtErrMsg[] = lt('Title cannot be empty');
} else {
$fileName = findPageFile($slab);
$newFileName = $newName = findPageFile($newSlab);
$newp->catReset();
foreach ($catlist as $cat => $cc) {
if (isset($_POST['check_' . $cat])) {
$newp->addToCat($cat);
}
}
//edit theme//
if (isset($_POST['theme'])) {
$newp->editTheme($_POST['theme']);
}
$renameErr = false;
// Fix for slab title renaming error (thanks to sguy) //
if ($newSlab != $oldSlab || $title != $oldTitle) {
if ($title != $oldTitle && in_array($title, $razorArray['titles'])) {
$addtErrMsg[] = lt('Cannot Rename Title, Content with similar title already exists');
$renameErr = true;
} else {
if ($newSlab != $oldSlab && in_array($newSlab, $razorArray['slabs'])) {
$addtErrMsg[] = lt('Cannot Rename Title, content with similar title already exists');
$renameErr = true;
} else {
if ($razorArray['homepage'] == $slab) {
//if was homepage change to new name
$razorArray['homepage'] = $newSlab;
}
$slab = $newSlab;
}
}
if (!$renameErr) {
$newp->editTitle($title);
}
$fileName = $newName;
}
if (isset($ptitle)) {
$newp->editPTitle($ptitle);
}
// end fix //
// fix for XSS Attacks to strip script tags only //
$contentClean = '';
$contentClean = preg_replace('/<script\\b[^>]*>(.*?)<\\/script>/is', "", $_POST['content']);
// fix end, also need to swap post var for content cleaned as below //
if (!put2file(RAZOR_PAGES_DIR . findPageFile($fileAsID), stripslashes($contentClean))) {
$addtErrMsg[] = lt('Error writing to file');
}
}
}
// end //
// ouput error message if failed or save changes if passed //
if (count($addtErrMsg) != 0) {
$em = '';
foreach ($addtErrMsg as $msg) {
$em .= "<p>{$msg}</p>";
}
MsgBox(lt('Errors Occured') . $em, 'redbox');
} elseif (isset($newp) && count($addtErrMsg) == 0) {
BsocketB('admin-xpage-info-input', array($slab));
$newp->commitChanges();
saveRazorArray();
if ($_GET['action'] == 'editinfo') {
$m = lt('Info Edited Successfully') . '<br />';
} else {
$m = lt('Page Edited Successfully') . '<br />';
}
$m .= lt('Title') . " <b>" . $razorArray['titles'][$fileAsID] . '</b><br />';
$m .= lt('File Edited') . " <b>" . $fileAsID . "." . RAZOR_DEFAULT_FILE_EXT . "</b><br />";
MsgBox($m, 'greenbox');
}
// end //
// set up form data //
$ep = new SLAB();
$ep->loadSlab($slab);
$fileName = findPageFile($fileAsID, 'admin');
$fileContent = file_exists($fileName) ? file_get_contents($fileName) : lt('no content yet');
$submitButton = lt('Save Content');
$editLabel = lt('Edit Content');
$catLabel = lt('Categories');
$contentLabel = lt('Content');
$title = $ep->title;
$ptitle = $ep->ptitle;
$themeSelectLabel = lt('Select Theme');
$contentManager = lt('Content Manager');
$addnewpageLabel = lt('Details');
$menuTitleLabel = lt('Menu Title');
$pageTitleLabel = lt('Page Title') . ' (' . lt('optional') . ')';
// end //
// page and infobar filter to change form data //
$filteredCats = array();
if ($_GET['action'] == 'editinfo') {
$chkboxs = "<input type='hidden' name='check_" . $razorArray['settings']['info-bar-cat'] . "' value='" . $razorArray['settings']['info-bar-cat'] . "'><label for='check_" . $razorArray['settings']['info-bar-cat'] . "'>" . $razorArray['settings']['info-bar-cat'] . "</label>";
$addnewpageLabel = lt('Infobar Content Details');
$formAction = "?action=editinfo&slab={$slab}";
$chooseTheme = '';
} else {
foreach ($razorArray['links_cats'] as $linksCats => $contents) {
if ($linksCats != $razorArray['settings']['info-bar-cat']) {
$filteredCats[$linksCats] = $linksCats;
}
}
$addnewpageLabel = lt('Page Details');
$chkboxs = checkBoxList($filteredCats, $ep->cats);
$formAction = "?action=edit&slab={$slab}";
// create theme drop down for form
if (isset($razorArray['themes'][$slab]) && $razorArray['themes'][$slab] != '') {
$choice = $razorArray['themes'][$slab];
} else {
$choice = 'theme-default';
}
$theme_default = lt('Default');
$theme_one = lt('Theme One');
$theme_two = lt('Theme Two');
$theme_three = lt('Theme Three');
$themeList = array('theme-default' => $theme_default, 'theme-one' => $theme_one, 'theme-two' => $theme_two, 'theme-three' => $theme_three);
$themeSelect = pagesList('theme', $themeList, $choice);
$chooseTheme = <<<TET
<tr>
\t <td>{$themeSelectLabel}</td>
\t <td>{$themeSelect}</td>
</tr>
TET;
$longPageTitle = <<<TET
<tr>
\t \t\t <td>{$pageTitleLabel}</td>
\t \t\t <td><input class='w300' type='text' value='{$ptitle}' name='ptitle'></td>
</tr>
TET;
}
// end //
// sockets for extra output and add function //
$extraInfo;
$addFunction;
if ($_GET['action'] == 'editinfo') {
BsocketB('admin-xinfo-info-output-ed', array(&$extraInfo, $slab));
BsocketB('admin-add-info-function', array(&$addFunction, &$fileContent));
$newItem = lt('Edit Infobar Content');
} else {
BsocketB('admin-xpage-info-output-ed', array(&$extraInfo, $slab));
BsocketB('admin-add-page-function', array(&$addFunction, &$fileContent));
$newItem = lt('Edit Page');
}
// end //
// fix for & and text area bug //
$fileContent = str_replace("&", "&", $fileContent);
$fileContent = str_replace("</textarea>", "</textarea>", $fileContent);
// end fix //
// generate random signature for form //
$random = rand();
$_SESSION['random'] = $random;
// output form for data input //
$te[1] = <<<TET
<h1>{$newItem} {$ep->title}</h1>
<div class='contentwh'>
<form action='{$formAction}' method=post class='pagemod_form'>
<input type='hidden' name='random' value='{$random}'>
<h3>{$addnewpageLabel}</h3>
{$extraInfo}
<table class='tableEditItem'>
<tr class='tableFooter'><td class='twenty'></td><td class='auto'></td></tr>
<tr>
<td>{$menuTitleLabel}</td>
<td><input type='text' value='{$title}' name='title'></td>
</tr>
{$longPageTitle}
{$chooseTheme}
<tr>
<td>{$catLabel}</td>
<td>{$chkboxs}</td>
</tr>
<tr class='tableFooter'><td></td><td></td></tr>
</table>
<h3>{$contentLabel}</h3>
<table class='tableEditItem'>
\t {$addFunction}
<tr class='tableFooter'><td></td><td></td></tr>
<tr><td class='tableEditBox'>
TET;
$te[2] = "<textarea name='content' rows=20 cols=70 id='editbox' class='editbox'>{$fileContent}</textarea>";
$te[3] = <<<TET
</td>
</tr>
<tr class='tableFooter'><td></td><td></td></tr>
</table>
<input id='button' type='submit' value='{$submitButton}' name='save'>
</form>
</div>
TET;
$te[4] = $fileContent;
echo $te[1];
BsocketB('editor', array(&$te));
echo $te[2];
echo $te[3];
// end //
}