} /* --- priprava --- */ if (isset($_GET['c'])) { $c = _get('c'); $returntolist = true; } else { $c = '1'; $returntolist = false; } /* --- ulozeni --- */ if (isset($_POST['title'])) { // nacteni promennych $title = DB::esc(_htmlStr($_POST['title'])); $column = _post('column'); $ord = floatval($_POST['ord']); $content = DB::esc(_filtrateHCM($_POST['content'])); $visible = _checkboxLoad('visible'); $public = _checkboxLoad('public'); $class = trim($_POST['class']); if ($class === '') { $class = null; } else { $class = DB::esc(_htmlStr($class)); } // vlozeni DB::query("INSERT INTO `" . _mysql_prefix . "-boxes` (ord,title,content,visible,public,`column`,class) VALUES (" . $ord . ",'" . $title . "','" . $content . "'," . $visible . "," . $public . ",'" . DB::esc($column) . "'," . (isset($class) ? '\'' . $class . '\'' : 'NULL') . ")"); define('_redirect_to', 'index.php?p=content-boxes-edit&c=' . urlencode($column) . '&created'); return; } /* --- vystup --- */ $output .= "\n<a href='index.php?p=" . ($returntolist ? "content-boxes-edit&c=" . urlencode($c) : "content-boxes") . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.boxes.new.title'] . "</h1>\n<p class='bborder'></p>\n\n<form class='cform' action='index.php?p=content-boxes-new&c=" . urlencode($c) . "' method='post'>\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' class='inputmedium' maxlength='96' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.boxes.column'] . "</strong></td>\n<td><input type='text' maxlength='64' name='column' value='" . _htmlStr($c) . "' class='inputmedium' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n<td><input type='text' name='ord' value='1' class='inputmedium' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.class'] . "</strong></td>\n<td><input type='text' name='class' class='inputmedium' maxlength='24' /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.content'] . "</strong></td>\n<td><textarea name='content' class='areasmall_100pwidth codemirror' rows='9' cols='33'></textarea></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n<td>\n<label><input type='checkbox' name='visible' value='1' checked='checked' /> " . $_lang['admin.content.form.visible'] . "</label> \n<label><input type='checkbox' name='public' value='1' checked='checked' /> " . $_lang['admin.content.form.public'] . "</label>\n</td>\n</tr>\n\n<tr>\n<td></td>\n<td><input type='submit' value='" . $_lang['global.create'] . "' /></td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n\n";
switch ($var) { case "title": case "class": $val = _htmlStr(trim($val)); if ($var === 'class' && $val === '') { $val = null; } break; case "column": $val = strval($val); break; case "ord": $val = floatval($val); break; case "content": $val = _filtrateHCM($val); break; case "visible": case "public": $val = _checkboxLoad($id . '-' . $var . 'new'); break; default: continue 2; } // pridat do pole if (!isset($update[$id])) { $update[$id] = array(); } $update[$id][$var] = $val; } }
$_POST['title_seo'] = $_POST['title']; } $newdata['title_seo'] = _anchorStr($_POST['title_seo'], true); $newdata['keywords'] = DB::esc(_htmlStr(trim($_POST['keywords']))); $newdata['description'] = DB::esc(_htmlStr(trim($_POST['description']))); $newdata['home1'] = intval($_POST['home1']); $newdata['home2'] = intval($_POST['home2']); $newdata['home3'] = intval($_POST['home3']); if (_loginright_adminchangeartauthor) { $newdata['author'] = intval($_POST['author']); } else { $newdata['author'] = $query['author']; } $newdata['perex'] = DB::esc($_POST['perex']); $newdata['content'] = DB::esc(_filtrateHCM($_POST['content'])); $newdata['infobox'] = DB::esc(_filtrateHCM(trim($_POST['infobox']))); $newdata['public'] = _checkboxLoad('public'); $newdata['visible'] = _checkboxLoad('visible'); if (_loginright_adminconfirm || !_loginright_adminneedconfirm && $newdata['author'] == _loginid) { $newdata['confirmed'] = _checkboxLoad('confirmed'); } else { $newdata['confirmed'] = $query['confirmed']; } $newdata['comments'] = _checkboxLoad('comments'); $newdata['commentslocked'] = _checkboxLoad('commentslocked'); $newdata['rateon'] = _checkboxLoad('rateon'); $newdata['showinfo'] = _checkboxLoad('showinfo'); $newdata['resetrate'] = _checkboxLoad('resetrate'); $newdata['delcomments'] = _checkboxLoad('delcomments'); $newdata['resetread'] = _checkboxLoad('resetread'); $newdata['time'] = _loadTime('time', $query['time']);
case 2: $val = intval($_POST[$item[0]]); break; case 3: $val = floatval($_POST[$item[0]]); break; } } else { $val = _checkboxLoad($item[0]); } // individualni akce $skip = false; switch ($item[0]) { // content case "content": $val = _filtrateHCM(trim($val)); break; // intersection // intersection case "intersection": if (DB::result(DB::query("SELECT COUNT(id) FROM `" . _mysql_prefix . "-root` WHERE id=" . $val . " AND type=7"), 0) == 0 or $type == 7) { $val = -1; } break; // title // title case "title": $val = trim($val); if ($val == "") { $val = $_lang['global.novalue']; }