XSRFdefender('update_menu'); if ($_POST['update']) { $result = updateMenuItem($reports); } else { $result = addItem($reports); } } if (isset($_GET['del'])) { XSRFdefender('delete_menu'); deleteItem($reports); } printAdminHeader('menu', is_array($result) && $result['id'] ? gettext('edit') : gettext('add')); ?> <link rel="stylesheet" href="../zenpage/zenpage.css" type="text/css" /> <?php $menuset = checkChosenMenuset(); ?> </head> <body> <?php printLogoAndLinks(); ?> <div id="main"> <?php printTabs(); ?> <div id="content"> <script type="text/javascript"> // <!-- <![CDATA[ function handleSelectorChange(type) { $('#add,#titlelabel,#link_row,#link,#link_label,#visible_row,#show_visible,#span_row').show();
<?php define('OFFSET_PATH', 4); require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php'; require_once dirname(dirname(dirname(__FILE__))) . '/template-functions.php'; if (getOption('zp_plugin_zenpage')) { require_once dirname(dirname(dirname(__FILE__))) . '/' . PLUGIN_FOLDER . '/zenpage/zenpage-admin-functions.php'; } require_once dirname(dirname(dirname(__FILE__))) . '/' . PLUGIN_FOLDER . '/menu_manager/menu_manager-admin-functions.php'; admin_securityChecks(NULL, currentRelativeURL(__FILE__)); $page = 'edit'; $menuset = checkChosenMenuset(''); if (empty($menuset)) { // setup default menuset $result = query_full_array("SELECT DISTINCT menuset FROM " . prefix('menu')); if (is_array($result)) { // default to the first one $set = array_shift($result); $menuset = $set['menuset']; } else { $menuset = 'default'; } $_GET['menuset'] = $menuset; } $reports = array(); if (isset($_POST['update'])) { XSRFdefender('update_menu'); processMenuBulkActions($reports); updateItemsSortorder($reports); } if (isset($_GET['delete'])) {
/** * Gets a menu item by its id * * @param integer $id id of the item * @return array */ function getItem($id) { $menuset = checkChosenMenuset(); $result = query_single_row("SELECT * FROM " . prefix('menu') . " WHERE menuset = " . db_quote($menuset) . " AND id = " . $id); return $result; }
/** * Updates a menu item (custom link, custom page only) set via POST * */ function updateMenuItem(&$reports) { $menuset = checkChosenMenuset(); $result = array(); $result['id'] = sanitize($_POST['id']); $result['show'] = getCheckboxState('show'); $result['type'] = sanitize($_POST['type']); $result['title'] = process_language_string_save("title", 2); $result['include_li'] = getCheckboxState('include_li'); if (getCheckboxState('span')) { $result['span_id'] = sanitize($_POST['span_id']); $result['span_class'] = sanitize($_POST['span_class']); } else { $result['span_id'] = ''; $result['span_class'] = ''; } switch ($result['type']) { case 'album': $result['title'] = $result['link'] = sanitize($_POST['albumselect']); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to select an album.") . " </p>"; return $result; } break; case 'galleryindex': $result['title'] = process_language_string_save("title", 2); $result['link'] = NULL; if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } break; case 'zenpagepage': $result['title'] = NULL; $result['link'] = sanitize($_POST['pageselect']); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . " </p>"; return $result; } break; case 'zenpagenewsindex': $result['title'] = process_language_string_save("title", 2); $result['link'] = NULL; if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } break; case 'zenpagecategory': $result['title'] = NULL; $result['link'] = sanitize($_POST['categoryselect']); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . " </p>"; return $result; } break; case 'custompage': $result['title'] = process_language_string_save("title", 2); $result['link'] = sanitize($_POST['custompageselect']); if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } break; case 'customlink': $result['title'] = process_language_string_save("title", 2); if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } $result['link'] = sanitize($_POST['link']); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to provide a <strong>function</strong>!") . " </p>"; return $result; } break; case 'menulabel': $result['title'] = process_language_string_save("title", 2); $result['link'] = NULL; if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } break; case 'menufunction': $result['title'] = process_language_string_save("title", 2); if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } $result['link'] = sanitize($_POST['link'], 4); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to provide a <strong>function</strong>!") . " </p>"; return $result; } break; case 'html': $result['title'] = process_language_string_save("title", 2); if (empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; return $result; } $result['link'] = sanitize($_POST['link'], 4); if (empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to provide a <strong>function</strong>!") . " </p>"; return $result; } break; default: $result['link'] = sanitize($_POST['link'], 4); break; } // update the category in the category table $sql = "UPDATE " . prefix('menu') . " SET title = " . db_quote($result['title']) . ", link = " . db_quote($result['link']) . ", type = " . db_quote($result['type']) . ", `show` = " . db_quote($result['show']) . ", menuset = " . db_quote($menuset) . ", include_li = " . $result['include_li'] . ", span_id = " . db_quote($result['span_id']) . ", span_class = " . db_quote($result['span_class']) . " WHERE `id` = " . $result['id']; if (query($sql)) { if (isset($_POST['title']) && empty($result['title'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . " </p>"; } else { if (isset($_POST['link']) && empty($result['link'])) { $reports[] = "<p class = 'errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . " </p>"; } else { $reports[] = "<p class = 'messagebox fade-message'>" . gettext("Menu item updated!") . " </p>"; } } } return $result; }
/** * Updates a menu item (custom link, custom page only) set via POST * */ function updateMenuItem(&$reports) { $menuset = checkChosenMenuset(); $result['id'] = sanitize($_POST['id']); $result['show'] = getCheckboxState('show'); $result['type'] = sanitize($_POST['type']); $result['title'] = process_language_string_save("title", 2); $result['include_li'] = getCheckboxState('include_li'); if (isset($_POST['link'])) { $result['link'] = sanitize($_POST['link'], 0); } else { $result['link'] = ''; } if (getCheckboxState('span')) { $result['span_id'] = sanitize($_POST['span_id']); $result['span_class'] = sanitize($_POST['span_class']); } else { $result['span_id'] = ''; $result['span_class'] = ''; } // update the category in the category table $sql = "UPDATE " . prefix('menu') . " SET title = " . db_quote($result['title']) . ",link=" . db_quote($result['link']) . ",type=" . db_quote($result['type']) . ", `show`=" . db_quote($result['show']) . ",menuset=" . db_quote($menuset) . ",include_li=" . $result['include_li'] . ",span_id=" . db_quote($result['span_id']) . ",span_class=" . db_quote($result['span_class']) . " WHERE `id`=" . $result['id']; if (query($sql)) { if (isset($_POST['title']) && empty($result['title'])) { $reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>title</strong>!") . "</p>"; } else { if (isset($_POST['link']) && empty($result['link'])) { $reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your menu item a <strong>link</strong>!") . "</p>"; } else { $reports[] = "<p class='messagebox fade-message'>" . gettext("Menu item updated!") . "</p>"; } } } return $result; }