示例#1
0
function STORY_global_save()
{
    global $_CONF, $_TABLES, $LANG09;
    if (!SEC_inGroup('Root')) {
        COM_refresh($_CONF['site_url']);
    }
    $sql = '';
    if (!SEC_checkToken()) {
        COM_refresh($_CONF['site_url']);
    }
    $filter_topic = COM_applyFilter($_POST['tid']);
    $on_frontpage = COM_applyFilter($_POST['frontpage'], true);
    $comment = COM_applyFilter($_POST['comment'], true);
    $trackback = COM_applyFilter($_POST['trackback'], true);
    $owner_id = COM_applyFilter($_POST['owner_id'], true);
    $group_id = COM_applyFilter($_POST['group_id'], true);
    $show_topic_icon = isset($_POST['show_topic_icon']) ? 1 : 0;
    if (!isset($_POST['cb'])) {
        return STORY_list();
    }
    $active = $_POST['cb'];
    $comma = 0;
    if (isset($active['frontpage'])) {
        if ($comma == 1) {
            $sql .= ",";
        } else {
            $sql .= " SET ";
        }
        $sql .= "frontpage=" . (int) $on_frontpage;
        $comma = 1;
    }
    if (isset($active['comment'])) {
        if ($comma == 1) {
            $sql .= ",";
        } else {
            $sql .= " SET ";
        }
        $sql .= "commentcode=" . (int) $comment;
        $comma = 1;
    }
    if (isset($active['trackback'])) {
        if ($comma == 1) {
            $sql .= ",";
        } else {
            $sql .= " SET ";
        }
        $sql .= "trackbackcode=" . (int) $trackback;
        $comma = 1;
    }
    if (isset($active['owner'])) {
        if ($comma == 1) {
            $sql .= ",";
        } else {
            $sql .= " SET ";
        }
        $sql .= "owner_id=" . (int) $owner_id;
        $comma = 1;
    }
    if (isset($active['group'])) {
        if ($comma == 1) {
            $sql .= ",";
        } else {
            $sql .= " SET ";
        }
        $sql .= "group_id=" . (int) $group_id;
        $comma = 1;
    }
    if (isset($active['show_topic_icon'])) {
        if ($comma == 1) {
            $sql .= ",";
        } else {
            $sql .= " SET ";
        }
        $sql .= "show_topic_icon=" . (int) $show_topic_icon;
        $comma = 1;
    }
    if ($filter_topic != $LANG09[9]) {
        $sql .= " WHERE tid='" . DB_escapeString($filter_topic) . "'";
    }
    $global_sql = "UPDATE {$_TABLES['stories']} " . $sql;
    DB_query($global_sql);
    $_POST['tid'] = '';
    return STORY_list();
}
示例#2
0
            } else {
                COM_accessLog("User {$_USER['username']} tried to illegally delete a story submission, sid={$sid} and failed CSRF checks.");
                echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
            }
        } else {
            if (SEC_checkToken()) {
                $display .= STORY_deleteStory($sid);
            } else {
                COM_accessLog("User {$_USER['username']} tried to a delete a story, sid={$sid} and failed CSRF checks");
                $display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
            }
        }
        break;
    default:
        // purge any tokens we created for the advanced editor
        DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='advancededitor'", 1);
        if ($action == 'cancel' && $type == 'submission') {
            echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
        } else {
            $pageTitle = $LANG24[22];
            $pageBody .= STORY_list();
        }
        break;
}
$display = COM_siteHeader('menu', $pageTitle);
if (isset($msg)) {
    $display .= is_numeric($msg) ? COM_showMessage($msg) : COM_showMessageText($msg);
}
$display .= $pageBody;
$display .= COM_siteFooter();
echo $display;