/** * Show main plugin screen: installed and uninstalled plugins, upload form * * @param string $message (optional) message to display * @param string $token an optional csrf token * @return string HTML for the plugin screen * */ function plugin_main($message = '', $token = '') { global $LANG32; $retval = ''; $retval .= COM_siteHeader('menu', $LANG32[5]); if (!empty($message)) { $retval .= COM_showMessageText($message); } else { $retval .= COM_showMessageFromParameter(); } if (empty($token)) { $token = SEC_createToken(); } $retval .= listplugins($token); if (SEC_hasRights('plugin.install')) { $retval .= show_newplugins($token); } // Show the upload form or an error message $retval .= plugin_show_uploadform($token); $retval .= COM_siteFooter(); return $retval; }
if (isset($_POST['hidden'])) { $hidden = COM_applyFilter($_POST['hidden'], true); } $parent_id = ''; if (isset($_POST['parent_id'])) { $parent_id = COM_applyFilter($_POST['parent_id']); } $sortnum = 0; if (isset($_POST['sortnum'])) { $sortnum = COM_applyFilter($_POST['sortnum'], true); } $display .= savetopic(COM_applyFilter($_POST['tid']), $_POST['topic_name'], $inherit, $hidden, $parent_id, $imageurl, $_POST['meta_description'], $_POST['meta_keywords'], $sortnum, COM_applyFilter($_POST['limitnews'], true), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon'], $is_default, $is_archive); } elseif ($mode == 'edit') { $tid = ''; if (isset($_GET['tid'])) { $tid = COM_applyFilter($_GET['tid']); } $display .= edittopic($tid); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[1])); } elseif ($mode == 'change_sortnum' && SEC_checkToken()) { $display .= COM_showMessageFromParameter(); moveTopics(COM_applyFilter($_GET['tid']), COM_applyFilter($_GET['where'])); $display .= listTopics(SEC_createToken()); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[8])); } else { // 'cancel' or no mode at all $display .= COM_showMessageFromParameter(); $display .= listTopics(SEC_createToken()); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[8])); } COM_output($display);
die; break; case $LANG_ADMIN['save']: if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to illegally save route {$rid} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); die; } $method = \Geeklog\Input::fPost('method', ''); $rule = \Geeklog\Input::post('rule', ''); $route = \Geeklog\Input::post('route', ''); $priority = \Geeklog\Input::fPost('priority', Router::DEFAULT_PRIORITY); $display = saveRoute($rid, $method, $rule, $route, $priority); break; case 'edit': $content = getRouteEditor($rid); $display = COM_createHTMLDocument($content, array('pagetitle' => $LANG_ROUTER[2])); break; case 'move': if (SEC_checkToken()) { moveRoute($rid); } $content = listRoutes(); $display = COM_createHTMLDocument($content, array('pagetitle' => $LANG_ROUTER[2])); break; default: // 'cancel' or no mode at all $content = COM_showMessageFromParameter() . listRoutes(); $display = COM_createHTMLDocument($content, array('pagetitle' => $LANG_ROUTER[2])); } COM_output($display);
*/ require_once '../lib-common.php'; /** * Security check to ensure user even belongs on this page */ require_once 'auth.inc.php'; // MAIN if (isset($_GET['mode']) && $_GET['mode'] == 'logout') { print COM_refresh($_CONF['site_url'] . '/users.php?mode=logout'); } /** * Display a reminder to execute the security check script * * @return string HTML for security reminder (or empty string) */ function security_check_reminder() { global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE; $retval = ''; if (!SEC_inGroup('Root')) { return $retval; } $done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'"); if ($done != 1) { $retval .= COM_showMessage(92); } return $retval; } $display = COM_showMessageFromParameter() . security_check_reminder() . COM_commandControl(); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG29[34])); COM_output($display);
/** * Handles a comment view request * * @copyright Vincent Furia 2005 * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net * @param boolean $view View or display (true for view) * @return string HTML (possibly a refresh) */ function handleView($view = true) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS; $display = ''; if ($view) { $cid = COM_applyFilter($_REQUEST['cid'], true); } else { $cid = COM_applyFilter($_REQUEST['pid'], true); } if ($cid <= 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = {$cid}"; $A = DB_fetchArray(DB_query($sql)); $sid = $A['sid']; $title = $A['title']; $type = $A['type']; $format = $_CONF['comment_mode']; if (isset($_REQUEST['format'])) { $format = COM_applyFilter($_REQUEST['format']); } if ($format != 'threaded' && $format != 'nested' && $format != 'flat') { if (COM_isAnonUser()) { $format = $_CONF['comment_mode']; } else { $format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}"); } } switch ($type) { case 'article': $sql = 'SELECT COUNT(*) AS count, commentcode, owner_id, group_id, perm_owner, perm_group, ' . "perm_members, perm_anon FROM {$_TABLES['stories']} WHERE (sid = '{$sid}') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW())' . COM_getPermSQL('AND') . COM_getTopicSQL('AND') . ' GROUP BY sid,owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon '; $result = DB_query($sql); $B = DB_fetchArray($result); $allowed = $B['count']; if ($allowed == 1) { $delete_option = SEC_hasRights('story.edit') && SEC_hasAccess($B['owner_id'], $B['group_id'], $B['perm_owner'], $B['perm_group'], $B['perm_members'], $B['perm_anon']) == 3; $order = ''; if (isset($_REQUEST['order'])) { $order = COM_applyFilter($_REQUEST['order']); } $page = 0; if (isset($_REQUEST['page'])) { $page = COM_applyFilter($_REQUEST['page'], true); } $display .= CMT_userComments($sid, $title, $type, $order, $format, $cid, $page, $view, $delete_option, $B['commentcode']); } else { $display .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_ACCESS['storydenialmsg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); } break; default: // assume plugin $order = ''; if (isset($_REQUEST['order'])) { $order = COM_applyFilter($_REQUEST['order']); } $page = 0; if (isset($_REQUEST['page'])) { $page = COM_applyFilter($_REQUEST['page'], true); } if (!($display = PLG_displayComment($type, $sid, $cid, $title, $order, $format, $page, $view))) { return COM_refresh($_CONF['site_url'] . '/index.php'); } break; } return COM_siteHeader('menu', $title) . COM_showMessageFromParameter() . $display . COM_siteFooter(); }
public function testShowMessageFromParameter() { // Line 4527 $_GET['msg'] = 6; $msg = COM_showMessageFromParameter(); $this->assertTrue(!empty($msg)); }
function security_check_reminder() { global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE; $retval = ''; if (!SEC_inGroup('Root')) { return $retval; } $done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'"); if ($done != 1) { $retval .= COM_showMessage(92); } return $retval; } // MAIN $display = ''; if (isset($_POST['mode']) && $_POST['mode'] == 'moderation' && SEC_checkToken()) { $action = array(); if (isset($_POST['action'])) { $action = $_POST['action']; } if ($_POST['type'] == 'user') { $mod_result = moderateusers($_POST['id'], $action, COM_applyFilter($_POST['count'], true)); } else { $mod_result = moderation($_POST['id'], $action, $_POST['type'], COM_applyFilter($_POST['count'], true)); } $display .= COM_siteHeader('menu', $LANG29[34]) . COM_showMessageFromParameter() . $mod_result; } else { $display .= COM_siteHeader('menu', $LANG29[34]) . COM_showMessageFromParameter() . security_check_reminder() . commandcontrol(SEC_createToken()); } $display .= COM_siteFooter(); COM_output($display);
/** * Handles a comment view request * * @copyright Vincent Furia 2005 * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net * @param string $format 'threaded', 'nested', or 'flat' * @param string $order 'ASC' or 'DESC' or blank * @param int $page Page number of comments to display * @param boolean $view View or display (true for view) * @return string HTML (possibly a refresh) */ function CMT_handleView($format, $order, $page, $view = true) { global $_CONF, $_TABLES, $_USER; $display = ''; $cid = 0; if ($view) { if (isset($_REQUEST[CMT_CID])) { $cid = COM_applyFilter($_REQUEST[CMT_CID], true); } } else { if (isset($_REQUEST[CMT_PID])) { $cid = COM_applyFilter($_REQUEST[CMT_PID], true); } } if ($cid <= 0) { COM_handle404(); } $sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = {$cid}"; $A = DB_fetchArray(DB_query($sql)); $sid = $A['sid']; $title = $A['title']; $type = $A['type']; $display = PLG_displayComment($type, $sid, $cid, $title, $order, $format, $page, $view); if (!$display) { COM_handle404(); } $display = COM_showMessageFromParameter() . $display; $display = COM_createHTMLDocument($display, array('pagetitle' => $title)); return $display; }
/** * Handles a comment view request * * @copyright Vincent Furia 2005 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> * @param boolean $view View or display (true for view) * @return string HTML (possibly a refresh) */ function handleView($view = true) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS; $display = ''; if ($view) { $cid = COM_applyFilter($_REQUEST['cid'], true); } else { $cid = COM_applyFilter($_REQUEST['pid']); } if ($cid == 0 || $cid == '') { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } $sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = " . (int) $cid; $A = DB_fetchArray(DB_query($sql)); $sid = $A['sid']; $title = $A['title']; $type = $A['type']; $format = $_CONF['comment_mode']; if (isset($_REQUEST['format'])) { $format = COM_applyFilter($_REQUEST['format']); } if ($format != 'threaded' && $format != 'nested' && $format != 'flat') { if ($_USER['uid'] > 1) { $format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}"); } else { $format = $_CONF['comment_mode']; } } $order = ''; if (isset($_REQUEST['order'])) { $order = COM_applyFilter($_REQUEST['order']); } $page = 0; if (isset($_REQUEST['page'])) { $page = COM_applyFilter($_REQUEST['page'], true); } if (!($display = PLG_displayComment($type, $sid, $cid, $title, $order, $format, $page, $view))) { return COM_refresh($_CONF['site_url'] . '/index.php'); } return COM_showMessageFromParameter() . $display; }
// Check if there was no direct action used on the form // and if the delete_all submit action was used if (!$formaction and isset($_POST['delitem'])) { foreach ($_POST['delitem'] as $del_uid) { $del_uid = COM_applyFilter($del_uid, true); if ($del_uid > 1) { USER_deleteAccount($del_uid); } } } $retval .= usersubmissions(SEC_createToken()); return $retval; } // MAIN $display = ''; if (isset($_POST['mode']) && $_POST['mode'] == 'moderation' && SEC_checkToken()) { $action = array(); if (isset($_POST['action'])) { $action = $_POST['action']; } if ($_POST['type'] == 'user') { $mod_result = moderateusers($_POST['id'], $action, COM_applyFilter($_POST['count'], true)); } else { $mod_result = moderation($_POST['id'], $action, $_POST['type'], COM_applyFilter($_POST['count'], true)); } $display .= COM_showMessageFromParameter() . $mod_result; } else { $display .= COM_showMessageFromParameter() . usersubmissions(SEC_createToken()); } $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG29[34])); COM_output($display);
} // MAIN $list = $_FINPUT->post('list', ''); if ($list === SUFFIX_COMMENTS) { $suffix = SUFFIX_COMMENTS; } elseif ($list === SUFFIX_COMMENT_SUBMISSIONS) { $suffix = SUFFIX_COMMENT_SUBMISSIONS; } else { $suffix = ''; } $action = $_FINPUT->post('bulk_action' . $suffix, ''); switch ($action) { case 'bulk_approve': approveComments($suffix); break; case 'bulk_delete': deleteComments($suffix); break; case 'bulk_ban_user': banUsers($suffix); break; case 'bulk_ban_ip_address': banIpAddresses($suffix); break; default: // Do nothing here break; } $content = COM_showMessageFromParameter() . listComments(); $display = COM_createHTMLDocument($content, array('pagetitle' => $LANG03[100])); COM_output($display);
/** * Show a list of language items */ public static function adminShowList() { global $_CONF, $_IMAGE_TYPE, $LANG_ACCESS, $LANG_ADMIN, $LANG_LANG, $_TABLES; self::checkAccessRights(); $menuArray = array(array('url' => $_CONF['site_admin_url'] . '/language.php?mode=edit&id=0', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $content = COM_startBlock($LANG_LANG['language_manager'], '', COM_getBlockTemplate('_admin_block', 'header')); $content .= ADMIN_createMenu($menuArray, $LANG_LANG['new_language_msg'], $_CONF['layout_url'] . '/images/icons/language.' . $_IMAGE_TYPE); $content .= COM_showMessageFromParameter(); $headerArray = array(array('text' => $LANG_ADMIN['edit'], 'sort' => true, 'field' => 'id'), array('text' => $LANG_LANG['var_name'], 'sort' => true, 'field' => 'var_name'), array('text' => $LANG_LANG['language'], 'sort' => true, 'field' => 'language'), array('text' => $LANG_LANG['name'], 'sort' => true, 'field' => 'name'), array('text' => $LANG_LANG['value'], 'sort' => true, 'field' => 'value')); $textArray = array('has_extras' => true, 'title' => $LANG_LANG['language_editor']); $queryArray = array('sql' => "SELECT * FROM {$_TABLES['language_items']} ", 'query_group' => 'id, var_name, language, name, value '); $defaultSortArray = array('direction' => 'ASC', 'field' => 'id'); $filter = ''; $extra = ''; $options = array('chkdelete' => true, 'chkfield' => 'id'); $formArray = array('bottom' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . SEC_createToken(self::SEC_TOKEN_LIFESPAN) . '"' . XHTML . '>'); $pageNavUrl = ''; $content .= ADMIN_list('language_items', __CLASS__ . '::fieldFunction', $headerArray, $textArray, $queryArray, $defaultSortArray, $filter, $extra, $options, $formArray, true, $pageNavUrl); $display = COM_createHTMLDocument($content, array('pagetitle' => $LANG_LANG['language_editor'])); COM_output($display); }
/** * Show main plugin screen: installed and uninstalled plugins, upload form * * @param string $message (optional) message to display * @return string HTML for the plugin screen * */ function plugin_main($message = '') { global $LANG32; $retval = ''; $retval .= COM_siteHeader('menu', $LANG32[5]); if (!empty($message)) { $retval .= COM_showMessageText($message); } else { $retval .= COM_showMessageFromParameter(); } $token = SEC_createToken(); $retval .= listplugins($token); if (SEC_hasRights('plugin.install')) { $retval .= show_newplugins($token); } // If the web server will allow the user to upload a plugin if (plugin_upload_enabled() && SEC_hasRights('plugin.install,plugin.upload')) { $retval .= plugin_show_uploadform($token); } $retval .= COM_siteFooter(); return $retval; }