$from = check_date($_REQUEST['from']); } else { $from = ''; } if (isset($_REQUEST['to']) && !empty($_REQUEST['to'])) { $to = check_date($_REQUEST['to']); } else { $to = ''; } if (isset($_REQUEST['tags']) && !empty($_REQUEST['tags'])) { $tags = filter_var($_REQUEST['tags'], FILTER_SANITIZE_STRING); } else { $tags = ''; } if (isset($_REQUEST['body']) && !empty($_REQUEST['body'])) { $body = check_body($_REQUEST['body']); } else { $body = ''; } if (isset($_REQUEST['status']) && !empty($_REQUEST['status'])) { $status = check_status($_REQUEST['status']); } else { $status = ''; } if (isset($_REQUEST['rating']) && !empty($_REQUEST['rating'])) { if ($_REQUEST['rating'] === 'no') { $rating = '0'; } else { $rating = intval($_REQUEST['rating']); } } else {
$title_arr = explode(' ', trim($_GET['title'])); $title = ''; } else { $title = filter_var(trim($_GET['title']), FILTER_SANITIZE_STRING); } } else { // no title input $title = ''; } // BODY if (isset($_GET['body']) && !empty($_GET['body'])) { if (strrpos(trim($_GET['body']), " ") !== false) { $body_arr = explode(' ', trim($_GET['body'])); $body = ''; } else { $body = filter_var(check_body(trim($_GET['body'])), FILTER_SANITIZE_STRING); } } else { // no body input $body = ''; } // FROM if (isset($_GET['from']) && !empty($_GET['from'])) { $from = check_date($_GET['from']); } else { $from = ''; } // TO if (isset($_GET['to']) && !empty($_GET['to'])) { $to = check_date($_GET['to']); } else {
$errflag = false; // CHECKS // ID if (is_pos_int($_POST['item_id'])) { $id = $_POST['item_id']; if (!item_is_in_team($id, $_SESSION['team_id'])) { die(_('This section is out of your reach.')); } } else { $id = ''; $msg_arr[] = _("The id parameter is not valid!"); $errflag = true; } $title = check_title($_POST['title']); $date = check_date($_POST['date']); $body = check_body($_POST['body']); if (!$errflag) { // SQL for editDB $sql = "UPDATE items \n SET title = :title, \n date = :date, \n body = :body, \n userid = :userid \n WHERE id = :id"; $req = $pdo->prepare($sql); $result1 = $req->execute(array('title' => $title, 'date' => $date, 'body' => $body, 'userid' => $_SESSION['userid'], 'id' => $id)); // we add a revision to the revision table $sql = "INSERT INTO items_revisions (item_id, body, userid) VALUES(:item_id, :body, :userid)"; $req = $pdo->prepare($sql); $result2 = $req->execute(array('item_id' => $id, 'body' => $body, 'userid' => $_SESSION['userid'])); // Check if insertion is successful if ($result1 && $result2) { header("location: ../database.php?mode=view&id=" . $id); } else { $errflag = true; $msg_arr[] = "Error in the database!";
$req->bindParam(':userid', $userid, PDO::PARAM_INT); $result[] = $req->execute(); if (in_array(0, $result)) { $errflag = true; $error = '17'; } else { $msg_arr[] = _('Everything was purged successfully.'); $_SESSION['infos'] = $msg_arr; header('Location: ../admin.php?tab=' . $tab); exit; } } // DEFAULT EXPERIMENT TEMPLATE if (isset($_POST['default_exp_tpl'])) { $tab = '5'; $default_exp_tpl = check_body($_POST['default_exp_tpl']); $sql = "UPDATE experiments_templates SET\n name = 'default',\n team = :team,\n body = :body\n WHERE userid = 0 AND team = :team"; $req = $pdo->prepare($sql); $req->bindParam(':team', $_SESSION['team_id']); $req->bindParam(':body', $default_exp_tpl); if (!$req->execute()) { $errflag = true; $error = '16'; } } // REDIRECT USER if ($errflag) { $msg_arr[] = sprintf(_("There was an unexpected problem! Please %sopen an issue on GitHub%s if you think this is a bug.") . "<br>E#" . $error, "<a href='https://github.com/elabftw/elabftw/issues/'>", "</a>"); $_SESSION['errors'] = $msg_arr; header('Location: ../admin.php?tab=' . $tab); } else {
$errflag = true; } } else { $msg_arr[] = 'The parent registration ID for the salt is not valid!'; $errflag = true; } } } $mol = check_rxn($_POST['mol']); $cas_number = isset($_POST['cas_number']) && $_POST['cas_number'] !== '' ? $_POST['cas_number'] : null; $pubchem_id = isset($_POST['pubchem_id']) && $_POST['pubchem_id'] !== '' ? $_POST['pubchem_id'] : null; $chemspider_id = isset($_POST['chemspider_id']) && $_POST['chemspider_id'] !== '' ? $_POST['chemspider_id'] : null; $mwt = isset($_POST['mwt']) ? floatval($_POST['mwt']) ? floatval($_POST['mwt']) : null : null; $exact_mass = isset($_POST['exact_mass']) ? floatval($_POST['exact_mass']) ? floatval($_POST['exact_mass']) : null : null; $density = isset($_POST['density']) ? floatval($_POST['density']) ? floatval($_POST['density']) : null : null; $notes = check_body($_POST['notes']); $formula = isset($_POST['formula']) ? $_POST['formula'] : null; // If input errors, redirect back to the experiment form if ($errflag) { $_SESSION['errors'] = $msg_arr; session_write_close(); header("location: compounds.php?mode=view®id={$regid}"); exit; } // // if nothing is changed, we can just return. // if(!$rxnChanged && !$gridChanged && !$prodGridChanged && !$bodyChanged && !$titleChanged && !$gridColumnsChanged && !$prodGridColumnsChanged) { // unset($_SESSION['new_title']); // unset($_SESSION['new_date']); // unset($_SESSION['status']); // unset($_SESSION['errors']); // header("location: experiments.php?mode=view&id=$id");
$infoflag = true; } // _('Experiment')S TEMPLATES // add new tpl if (isset($_POST['new_tpl_form'])) { // do nothing if the template name is empty if (empty($_POST['new_tpl_name'])) { $msg_arr[] = _('You must specify a name for the template!'); $errflag = true; // template name must be 3 chars at least } elseif (strlen($_POST['new_tpl_name']) < 3) { $msg_arr[] = _('The template name must be 3 characters long.'); $errflag = true; } else { $tpl_name = filter_var($_POST['new_tpl_name'], FILTER_SANITIZE_STRING); $tpl_body = check_body($_POST['new_tpl_body']); $sql = "INSERT INTO experiments_templates(team, name, body, userid) VALUES(:team, :name, :body, :userid)"; $req = $pdo->prepare($sql); $result = $req->execute(array('team' => $_SESSION['team_id'], 'name' => $tpl_name, 'body' => $tpl_body, 'userid' => $_SESSION['userid'])); $msg_arr[] = _('Experiment template successfully added.'); $infoflag = true; } } // edit templates if (isset($_POST['tpl_form'])) { $tpl_id = array(); foreach ($_POST['tpl_id'] as $id) { $tpl_id[] = $id; } $new_tpl_body = array(); foreach ($_POST['tpl_body'] as $body) {
/** * This is really just a controller function that calls a bunch of other functions. This function is called by ob_start(). * @uses check_head() * @uses check_meta() * @uses check_body() * @uses check_sidebar() * @uses check_breadcrumb() * @param string $buffer * @return string buffer */ function on_checkout($buffer) { $buffer = check_ie($buffer); $buffer = check_head($buffer); $buffer = check_jquery($buffer); $buffer = check_meta($buffer); $buffer = check_body($buffer); $buffer = check_sidebar($buffer); $buffer = check_breadcrumb($buffer); $buffer = check_script($buffer); return $buffer; }
header('Location: admin.php#items_types'); exit; } else { //sql fail $infos_arr[] = 'There was a problem in the SQL request. Report a bug !'; $_SESSION['errors'] = $infos_arr; header('Location: admin.php'); exit; } } // add new item type if (isset($_POST['new_item_type']) && is_pos_int($_POST['new_item_type'])) { $item_type_name = filter_var($_POST['new_item_type_name'], FILTER_SANITIZE_STRING); // we remove the # of the hexacode and sanitize string $item_type_bgcolor = filter_var(substr($_POST['new_item_type_bgcolor'], 1, 6), FILTER_SANITIZE_STRING); $item_type_template = check_body($_POST['new_item_type_template']); //TODO $item_type_tags = ''; $sql = "INSERT INTO items_types(name, bgcolor, template, tags) VALUES(:name, :bgcolor, :template, :tags)"; $req = $bdd->prepare($sql); $result = $req->execute(array('name' => $item_type_name, 'bgcolor' => $item_type_bgcolor, 'template' => $item_type_template, 'tags' => $item_type_tags)); if ($result) { $infos_arr[] = 'New item category added successfully.'; $_SESSION['infos'] = $infos_arr; header('Location: admin.php#items_types'); exit; } else { //sql fail $infos_arr[] = 'There was a problem in the SQL request. Report a bug !'; $_SESSION['errors'] = $infos_arr; header('Location: admin.php');