$msg = COM_applyFilter($_GET['msg'], true);
if ($msg <= 0) {
$msg = 0;
}
}
// Handle just template staticpage security here, rest done in services.
// Cannot view template staticpages directly. If template staticpage bail here
// if user doesn't have edit rights.
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$page}'") == 1) {
if (SEC_hasRights('staticpages.edit')) {
$perms = SP_getPerms('', '3');
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'sp_id', "sp_id = '{$page}'" . $perms) == '') {
COM_handle404();
exit;
}
} else {
COM_handle404();
exit;
}
}
$retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query);
if ($display_mode == 'print') {
header('Content-Type: text/html; charset=' . COM_getCharset());
if (!empty($_CONF['frame_options'])) {
header('X-FRAME-OPTIONS: ' . $_CONF['frame_options']);
}
}
COM_output($retval);
$page = COM_sanitizeID(COM_applyFilter($_POST['page']));
}
// from comments display refresh:
if (isset($_POST['order'])) {
$comment_order = $_POST['order'] == 'ASC' ? 'ASC' : 'DESC';
if (isset($_POST['mode'])) {
$comment_mode = COM_applyFilter($_POST['mode']);
}
if (isset($_POST['cmtpage'])) {
$cmt_page = COM_applyFilter($_POST['cmtpage']);
}
} else {
if (isset($_GET['order'])) {
$comment_order = $_GET['order'] == 'ASC' ? 'ASC' : 'DESC';
}
if (isset($_GET['mode'])) {
$comment_mode = COM_applyFilter($_GET['mode']);
}
if (isset($_GET['cmtpage'])) {
$cmt_page = COM_applyFilter($_GET['cmtpage'], true);
}
}
$valid_modes = array('threaded', 'nested', 'flat', 'nocomment');
if (in_array($mode, $valid_modes) === false) {
$mode = '';
}
if ($display_mode != 'print') {
$display_mode = '';
}
$retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode);
echo $retval;
