if ($edited_Group->ID == 1) { $Messages->add(T_('You can\'t delete Group #1!'), 'error'); $action = 'view_group'; break; } if ($edited_Group->ID == $Settings->get('newusers_grp_ID')) { $Messages->add(T_('You can\'t delete the default group for new users!'), 'error'); $action = 'view_group'; break; } if (param('confirm', 'integer', 0)) { // confirmed, Delete from DB: $msg = sprintf(T_('Group «%s» deleted.'), $edited_Group->dget('name')); $edited_Group->dbdelete($Messages); unset($edited_Group); forget_param('grp_ID'); $Messages->add($msg, 'success'); $action = 'list'; } else { // not confirmed, Check for restrictions: memorize_param('grp_ID', 'integer', true); if (!$edited_Group->check_delete(sprintf(T_('Cannot delete Group «%s»'), $edited_Group->dget('name')))) { // There are restrictions: $action = 'view_group'; } } break; } } // We might delegate to this action from above: if ($action == 'edit_user') {
// Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions) $AdminUI->disp_body_top(); $AdminUI->disp_payload_begin(); /** * Display payload: */ switch ($action) { case 'nil': // Do nothing break; case 'delete': // We need to ask for confirmation: $edited_Thread->confirm_delete(sprintf(T_('Delete thread «%s»?'), $edited_Thread->dget('title')), 'messaging_threads', $action, get_memorized('action')); $AdminUI->disp_view('messaging/views/_thread_list.view.php'); break; case 'new': case 'create': $AdminUI->disp_view('messaging/views/_thread.form.php'); break; default: // No specific request, list all threads: // Cleanup context: forget_param('thrd_ID'); forget_param('msg_ID'); // Display threads list: $AdminUI->disp_view('messaging/views/_thread_list.view.php'); break; } $AdminUI->disp_payload_end(); // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
} else { $msg = sprintf(T_('User «%s» deleted.'), $edited_User->dget('login')); } $send_reportpm = param('send_reportpm', 'integer', 0); $increase_spam_score = param('increase_spam_score', 'integer', 0); if ($send_reportpm || $increase_spam_score) { // Get all user IDs who reported for the deleted user: $report_user_IDs = get_user_reported_user_IDs($edited_User->ID); } $deleted_user_ID = $edited_User->ID; $deleted_user_email = $edited_User->get('email'); $deleted_user_login = $edited_User->get('login'); if ($edited_User->dbdelete($Messages) !== false) { // User has been deleted successfully unset($edited_User); forget_param('user_ID'); $Messages->add($msg, 'success'); // Find other users with the same email address: $message_same_email_users = find_users_with_same_email($deleted_user_ID, $deleted_user_email, T_('Note: the same email address (%s) is still in use by: %s')); if ($message_same_email_users !== false) { $Messages->add($message_same_email_users, 'note'); } if ($send_reportpm) { // Send an info message to users who reported this deleted user: user_send_report_message($report_user_IDs, $deleted_user_login); } if ($increase_spam_score) { // Increase spam fighter score for the users who reported the deleted account: user_increase_spam_score($report_user_IDs); } }
$AdminUI->set_path('options', 'cron'); param('action', 'string', 'list'); // We want to remember these params from page to page: param('ctst_pending', 'integer', 0, true); param('ctst_started', 'integer', 0, true); param('ctst_timeout', 'integer', 0, true); param('ctst_error', 'integer', 0, true); param('ctst_finished', 'integer', 0, true); param('results_crontab_order', 'string', '-D', true); param('results_crontab_page', 'integer', 1, true); if (param('ctsk_ID', 'integer', '', true)) { // Load cronjob from cache: $CronjobCache =& get_CronjobCache(); if (($edited_Cronjob =& $CronjobCache->get_by_ID($ctsk_ID, false)) === false) { unset($edited_Cronjob); forget_param('ctsk_ID'); $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Scheduled job')), 'error'); $action = 'list'; } } // fp> The if below was the point where THE LINE WAS CROSSED! // This is bloated here. This has to go into the action handling block (and maybe a function) // THIS IS NO LONGER CONTROLLER INITIALIZATION. THIS IS ACTION EXECUTION! // dh> ok. Moved the other param inits above. Ok? I don't think it should be an extra function.. // Init names and params for "static" available jobs and ask Plugins about their jobs: if (in_array($action, array('new', 'create', 'edit', 'update', 'copy'))) { // NOTE: keys starting with "plugin_" are reserved for jobs provided by Plugins $cron_job_names = array('test' => T_('Basic test job'), 'error' => T_('Error test job'), 'anstispam_poll' => T_('Poll the antispam blacklist'), 'prune_hits_sessions' => T_('Prune old hits & sessions (includes OPTIMIZE)'), 'prune_page_cache' => T_('Prune old files from page cache'), 'post_by_email' => T_('Create posts by email'), 'process_hitlog' => T_('Extract info from hit log'), 'unread_message_reminder' => T_('Send reminders about unread messages'), 'activate_account_reminder' => T_('Send reminders about non-activated accounts'), 'comment_moderation_reminder' => T_('Send reminders about comments awaiting moderation'), 'return_path' => T_('Process the return path inbox'), 'light_db_maintenance' => T_('Light DB maintenance (ANALYZE)'), 'heavy_db_maintenance' => T_('Heavy DB maintenance (CHECK & OPTIMIZE)')); $cron_job_params = array('test' => array('ctrl' => 'cron/jobs/_test.job.php', 'params' => NULL), 'error' => array('ctrl' => 'cron/jobs/_error_test.job.php', 'params' => NULL), 'anstispam_poll' => array('ctrl' => 'cron/jobs/_antispam_poll.job.php', 'params' => NULL), 'prune_hits_sessions' => array('ctrl' => 'cron/jobs/_prune_hits_sessions.job.php', 'params' => NULL), 'prune_page_cache' => array('ctrl' => 'cron/jobs/_prune_page_cache.job.php', 'params' => NULL), 'post_by_email' => array('ctrl' => 'cron/jobs/_post_by_email.job.php', 'params' => NULL), 'process_hitlog' => array('ctrl' => 'cron/jobs/_process_hitlog.job.php', 'params' => NULL), 'unread_message_reminder' => array('ctrl' => 'cron/jobs/_unread_message_reminder.job.php', 'params' => NULL), 'activate_account_reminder' => array('ctrl' => 'cron/jobs/_activate_account_reminder.job.php', 'params' => NULL), 'comment_moderation_reminder' => array('ctrl' => 'cron/jobs/_comment_moderation_reminder.job.php', 'params' => NULL), 'return_path' => array('ctrl' => 'cron/jobs/_decode_returned_emails.job.php', 'params' => NULL), 'light_db_maintenance' => array('ctrl' => 'cron/jobs/_light_db_maintenance.job.php', 'params' => NULL), 'heavy_db_maintenance' => array('ctrl' => 'cron/jobs/_heavy_db_maintenance.job.php', 'params' => NULL)); // Get additional jobs from Plugins: foreach ($Plugins->trigger_collect('GetCronJobs') as $plug_ID => $jobs) {
} // ------------------ COMMENT FORM INCLUDED HERE ------------------ skin_include('_item_comment_form.inc.php', $params); // ---------------------- END OF COMMENT FORM --------------------- echo '</div></div>'; if ($params['disp_trackbacks']) { // We want to display trackbacks: echo '<div class="section clearfix" id="section-trackbacks"> <div id="trackbacks-wrap"><div class="clearfix">'; if ($params['disp_trackback_url']) { echo $params['before_section_title']; echo $Skin->T_('Trackback address for this post'); echo $params['after_section_title']; /* * Trigger plugin event, which could display a captcha form, before generating a whitelisted URL: */ if (!$Plugins->trigger_event_first_true('DisplayTrackbackAddr', array('Item' => &$Item, 'template' => '<code>%url%</code>'))) { // No plugin displayed a payload, so we just display the default: echo '<p class="trackback_url"><code>' . $Item->get_trackback_url() . '</code></p>'; } } $params['comment_list_start'] = '<ul id="trackbacks" class="comments">'; $Skin->disp_feedback_list('trackback', $params); echo '</div></div></div>'; } // Restore "redir" param forget_param('redir'); } // Related posts echo $Skin->get_related_posts($Skin->get_setting('display_related')); echo '</div><!-- /tab sections --></div><!-- /tabbed content -->';
} // Memorize this as the last "tab" used in the Blog Settings: $UserSettings->set('pref_coll_settings_tab', 'manage_skins'); $UserSettings->dbupdate(); load_funcs('skins/_skin.funcs.php'); // Check permission to display: $current_User->check_perm('options', 'view', true); param('action', 'string', 'list'); param('redirect_to', 'url', '?ctrl=skins'); if (param('skin_ID', 'integer', '', true)) { // Load file type: $SkinCache =& get_SkinCache(); if (($edited_Skin =& $SkinCache->get_by_ID($skin_ID, false)) === false) { // We could not find the skin to edit: unset($edited_Skin); forget_param('skin_ID'); $Messages->head = T_('Cannot edit skin!'); $Messages->add(T_('Requested skin is not installed any longer.'), 'error'); $action = 'nil'; } } /** * Perform action: */ switch ($action) { case 'create': param('skin_folder', 'string', true); // Check validity of requested skin name: if (preg_match('~([^-A-Za-z0-9._]|\\.\\.)~', $skin_folder)) { debug_die('The requested skin name is invalid.'); }
$AdminUI->disp_body_top(); $AdminUI->disp_payload_begin(); /** * Display payload: */ switch ($action) { case 'nil': // Do nothing break; case 'delete': // We need to ask for confirmation: $edited_Currency->confirm_delete(sprintf(T_('Delete currency «%s»?'), $edited_Currency->dget('name')), 'currency', $action, get_memorized('action')); case 'new': case 'create': case 'create_new': case 'create_copy': case 'edit': case 'update': $AdminUI->disp_view('regional/views/_currency.form.php'); break; default: // No specific request, list all currencies: // Cleanup context: forget_param('curr_ID'); // Display currency list: $AdminUI->disp_view('regional/views/_currency_list.view.php'); break; } $AdminUI->disp_payload_end(); // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
// Load thread from cache: $ThreadCache =& get_ThreadCache(); if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) { // Thread doesn't exists with this ID unset($edited_Thread); forget_param('thrd_ID'); if (!$error_messages_exist) { // Display this error only when no error above $Messages->add(T_('The requested thread does not exist any longer.'), 'error'); } $thread_is_missed = true; } else { if (!$edited_Thread->check_thread_recipient($current_User->ID)) { // Current user is not recipient of this thread unset($edited_Thread); forget_param('thrd_ID'); if (!$error_messages_exist) { // Display this error only when no error above $Messages->add(T_('You are not allowed to view this thread.'), 'error'); } } } } if (!$error_messages_exist && !$Messages->has_errors() && (empty($thrd_ID) || empty($edited_Thread))) { // Display this error only when no error above $Messages->add(T_('Can\'t show messages without thread!'), 'error'); $thread_is_missed = true; } else { // Preload users to show theirs avatars load_messaging_thread_recipients($thrd_ID); }
case 'delete': // ---------- Delete a blog from DB ---------- // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('collection'); // Check permissions: $current_User->check_perm('blog_properties', 'edit', true, $blog); if (param('confirm', 'integer', 0)) { // confirmed // Delete from DB: $msg = sprintf(T_('Blog «%s» deleted.'), $edited_Blog->dget('name')); $edited_Blog->dbdelete(); $Messages->add($msg, 'success'); $BlogCache->remove_by_ID($blog); unset($edited_Blog); unset($Blog); forget_param('blog'); set_working_blog(0); $UserSettings->delete('selected_blog'); // Needed or subsequent pages may try to access the delete blog $UserSettings->dbupdate(); $action = 'list'; // Redirect so that a reload doesn't write to the DB twice: $redirect_to = param('redirect_to', 'url', '?ctrl=collections'); header_redirect($redirect_to, 303); // Will EXIT // We have EXITed already at this point!! } break; case 'update_settings': // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('collectionsettings');
* Display payload: */ switch ($action) { case 'nil': // Do nothing break; case 'delete': // We need to ask for confirmation: $edited_Itemtype->confirm_delete(sprintf(T_('Delete Post Type «%s»?'), $edited_Itemtype->dget('name')), 'itemtype', $action, get_memorized('action')); /* no break */ /* no break */ case 'new': case 'create': case 'create_new': case 'create_copy': case 'edit': case 'update': // we return in this state after a validation error $AdminUI->disp_view('items/views/_itemtype.form.php'); break; default: // No specific request, list all post types: // Cleanup context: forget_param('ityp_ID'); // Display post types list: $AdminUI->disp_view('items/views/_itemtypes.view.php'); break; } $AdminUI->disp_payload_end(); // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
* Display payload: */ switch ($action) { case 'nil': // Do nothing break; case 'delete': // We need to ask for confirmation: $edited_Userfield->confirm_delete(sprintf(T_('Delete user field «%s»?'), $edited_Userfield->dget('name')), 'userfield', $action, get_memorized('action')); /* no break */ /* no break */ case 'new': case 'create': case 'create_new': case 'create_copy': case 'edit': case 'update': // we return in this state after a validation error $AdminUI->disp_view('users/views/_userfield.form.php'); break; default: // No specific request, list all user fields: // Cleanup context: forget_param('ufdf_ID'); // Display user fields list: $AdminUI->disp_view('users/views/_userfields.view.php'); break; } $AdminUI->disp_payload_end(); // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
break; case 'delete': // Delete entry: param($GenericElementCache->dbIDname, 'integer', true); if (isset($perm_name)) { // We need to Check permission: $current_User->check_perm($perm_name, $perm_level, true); } // Set restrictions for element $edited_GenericElement->delete_restrictions = $delete_restrictions; if (param('confirm', 'integer', 0)) { // confirmed, Delete from DB: $msg = sprintf(T_('Element «%s» deleted.'), $edited_GenericElement->dget('name')); $GenericElementCache->dbdelete_by_ID($edited_GenericElement->ID); unset($edited_GenericElement); forget_param($GenericElementCache->dbIDname); $Messages->add($msg, 'success'); $action = 'list'; } else { // not confirmed, Check for restrictions: // Get the page number we come from: $previous_page = param('results_' . $GenericElementCache->dbprefix . 'page', 'integer', 1, true); if (!$edited_GenericElement->check_delete(sprintf(T_('Cannot delete element «%s»'), $edited_GenericElement->dget('name')))) { // There are restrictions: $action = 'edit'; } } break; case 'sort_by_order': // The list is sorted by the order column now. $Results->order = '--A';
// we return in this state after a validation error // we return in this state after a validation error case 'create_copy': // we return in this state after a validation error // we return in this state after a validation error case 'edit': case 'update': // we return in this state after a validation error $AdminUI->disp_view('sessions/views/_internal_search.form.php'); break; default: // No specific request, list all file types: switch ($tab3) { case 'intsearches': // Cleanup context: forget_param('isrch_ID'); // Display goals list: $AdminUI->disp_view('sessions/views/_stats_internal_searches.view.php'); break; } } } else { switch ($AdminUI->get_path(1)) { case 'summary': // Display VIEW: switch ($tab3) { case 'browser': $AdminUI->disp_view('sessions/views/_stats_browserhits.view.php'); break; case 'robot': $AdminUI->disp_view('sessions/views/_stats_robots.view.php');
* Display payload: */ switch ($action) { case 'nil': // Do nothing break; case 'delete': // We need to ask for confirmation: $edited_Organization->confirm_delete(sprintf(T_('Delete organization «%s»?'), $edited_Organization->dget('name')), 'organization', $action, get_memorized('action')); /* no break */ /* no break */ case 'new': case 'create': case 'create_new': case 'create_copy': case 'edit': case 'update': // we return in this state after a validation error $AdminUI->disp_view('users/views/_organization.form.php'); break; default: // No specific request, list all organizations: // Cleanup context: forget_param('org_ID'); // Display organizations list: $AdminUI->disp_view('users/views/_organization.view.php'); break; } $AdminUI->disp_payload_end(); // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
$action = 'edit'; break; case 'delete': // Delete slug: // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('slug'); // Check that current user has permission to edit slugs: $current_User->check_perm('slugs', 'edit', true); // Make sure we got an slug_ID: param('slug_ID', 'integer', true); if (param('confirm', 'integer', 0)) { // confirmed, Delete from DB: $msg = sprintf(T_('Slug «%s» deleted.'), $edited_Slug->dget('title')); $edited_Slug->dbdelete(true); unset($edited_Slug); forget_param('slug_ID'); $Messages->add($msg, 'success'); // Redirect so that a reload doesn't write to the DB twice: header_redirect(regenerate_url('action', '', '', '&'), 303); // Will EXIT // We have EXITed already at this point!! } else { // not confirmed, Check for restrictions: if (!$edited_Slug->check_delete(sprintf(T_('Cannot delete slug «%s»'), $edited_Slug->dget('title')), array(), true)) { // There are restrictions: $action = 'list'; } } break; } $AdminUI->breadcrumbpath_init(false);
// Check permission: $current_User->check_perm('emails', 'view', true); load_funcs('tools/model/_email.funcs.php'); param_action(); $tab = param('tab', 'string', 'blocked', true); param('action', 'string'); if ($tab == 'blocked') { // Email addresses load_class('tools/model/_emailblocked.class.php', 'EmailBlocked'); if (param('emblk_ID', 'integer', '', true)) { // Load Email Blocked object $EmailBlockedCache =& get_EmailBlockedCache(); if (($edited_EmailBlocked =& $EmailBlockedCache->get_by_ID($emblk_ID, false)) === false) { // We could not find the goal to edit: unset($edited_EmailBlocked); forget_param('emblk_ID'); $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Email Blocked')), 'error'); } } } switch ($action) { case 'settings': // Update the email settings // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('emailsettings'); // Check permission: $current_User->check_perm('emails', 'edit', true); /** Email notifications **/ // Sender email address $sender_email = param('notification_sender_email', 'string', ''); param_check_email('notification_sender_email', true);
$tool = param('tool', 'string', '', true); if (isset($filter['off'])) { unset($filteron); forget_param('filteron'); } // Check permission: $current_User->check_perm('options', 'view', true); $current_User->check_perm('spamblacklist', 'view', true); if (param('iprange_ID', 'integer', '', true)) { // Load IP Range object load_class('antispam/model/_iprange.class.php', 'IPRange'); $IPRangeCache =& get_IPRangeCache(); if (($edited_IPRange =& $IPRangeCache->get_by_ID($iprange_ID, false)) === false) { // We could not find the goal to edit: unset($edited_IPRange); forget_param('iprange_ID'); $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('IP Range')), 'error'); } } switch ($action) { case 'ban': // only an action if further "actions" given // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('antispam'); // Check permission: $current_User->check_perm('spamblacklist', 'edit', true); // TODO: This should become different for 'edit'/'add' perm level - check for 'add' here. $keyword = utf8_substr($keyword, 0, 80); param('delhits', 'integer', 0); $all_statuses = get_visibility_statuses('keys', array('trash', 'redirected')); $delstatuses = array();
case 'nil': // Do nothing break; case 'delete': // We need to ask for confirmation: $edited_Filetype->confirm_delete(sprintf(T_('Delete file type «%s»?'), $edited_Filetype->dget('name')), 'filetype', $action, get_memorized('action')); /* no break */ /* no break */ case 'new': case 'copy': case 'create': // we return in this state after a validation error // we return in this state after a validation error case 'edit': case 'update': // we return in this state after a validation error $AdminUI->disp_payload_begin(); $AdminUI->disp_view('files/views/_filetype.form.php'); $AdminUI->disp_payload_end(); break; default: // No specific request, list all file types: // Cleanup context: forget_param('ftype_ID'); // Display file types list: $AdminUI->disp_payload_begin(); $AdminUI->disp_view('files/views/_filetype_list.view.php'); $AdminUI->disp_payload_end(); } // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
/** * Handle messaging module htsrv actions */ function handle_htsrv_action() { global $current_User, $Blog, $Session, $Messages, $samedomain_htsrv_url; // Init objects we want to work on. $action = param_action(true, true); $disp = param('disp', '/^[a-z0-9\\-_]+$/', 'threads'); // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_' . $disp); // Load classes load_class('messaging/model/_thread.class.php', 'Thread'); load_class('messaging/model/_message.class.php', 'Message'); if (!is_logged_in()) { // user must be logged in debug_die('User must be logged in to proceed with messaging updates!'); } // Check permission: $current_User->check_perm('perm_messaging', 'reply', true); // set where to redirect $redirect_to = param('redirect_to', 'url', NULL); if (empty($redirect_to)) { if (isset($Blog)) { $redirect_to = url_add_param($Blog->gen_baseurl(), 'disp=' . $disp); } else { $redirect_to = url_add_param($baseurl, 'disp=' . $disp); } } if ($disp != 'contacts' && ($thrd_ID = param('thrd_ID', 'integer', '', true))) { // Load thread from cache: $ThreadCache =& get_ThreadCache(); if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) { unset($edited_Thread); forget_param('thrd_ID'); $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Thread')), 'error'); $action = 'nil'; } } switch ($disp) { // threads action case 'threads': if ($action != 'create') { // Make sure we got a thrd_ID: param('thrd_ID', 'integer', true); } switch ($action) { case 'create': // create thread // check if create new thread is allowed if (check_create_thread_limit()) { // max new threads limit reached, don't allow to create new thread debug_die('Invalid request, new conversation limit already reached!'); } if (!create_new_thread()) { // unsuccessful new thread creation global $edited_Thread, $edited_Message, $thrd_recipients, $thrd_recipients_array; $redirect_to .= '&action=new'; // save new message and thread params into the Session to not lose the content $unsaved_message_params = array(); $unsaved_message_params['subject'] = $edited_Thread->title; $unsaved_message_params['message'] = $edited_Message->text; $unsaved_message_params['thrdtype'] = param('thrdtype', 'string', 'individual'); // alternative: discussion $unsaved_message_params['thrd_recipients'] = $thrd_recipients; $unsaved_message_params['thrd_recipients_array'] = $thrd_recipients_array; save_message_params_to_session($unsaved_message_params); } break; case 'delete': // delete thread // Check permission: $current_User->check_perm('perm_messaging', 'delete', true); $confirmed = param('confirmed', 'integer', 0); if ($confirmed) { $msg = sprintf(T_('Thread «%s» deleted.'), $edited_Thread->dget('title')); $edited_Thread->dbdelete(true); unset($edited_Thread); forget_param('thrd_ID'); $Messages->add($msg, 'success'); } else { $delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&thrd_ID=' . $edited_Thread->ID . '&action=delete&confirmed=1&redirect_to=' . $redirect_to . '&' . url_crumb('messaging_threads'); $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>'; $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>'; $msg = sprintf(T_('You are about to delete all messages in the conversation «%s».'), $edited_Thread->dget('title')); $msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button; $Messages->add($msg, 'error'); } break; case 'leave': // user wants to leave the thread leave_thread($edited_Thread->ID, $current_User->ID, false); $Messages->add(sprintf(T_('You have successfuly left the «%s» conversation!'), $edited_Thread->get('title')), 'success'); break; case 'close': // close the thread // close the thread case 'close_and_block': // close the thread and block contact leave_thread($edited_Thread->ID, $current_User->ID, true); // user has closed this conversation because there was only one other user involved $Messages->add(sprintf(T_('You have successfuly closed the «%s» conversation!'), $edited_Thread->get('title')), 'success'); if ($action == 'close_and_block') { // user also wants to block contact with the other user involved in this thread $block_user_ID = param('block_ID', 'integer', true); $UserCache =& get_UserCache(); $blocked_User = $UserCache->get_by_ID($block_user_ID); set_contact_blocked($block_user_ID, true); $Messages->add(sprintf(T_('«%s» was blocked.'), $blocked_User->get('login')), 'success'); } break; } break; // break from threads action switch // contacts action // break from threads action switch // contacts action case 'contacts': $user_ID = param('user_ID', 'string', true); if ($action != 'block' && $action != 'unblock') { // only block or unblock is valid debug_die("Invalid action param"); } set_contact_blocked($user_ID, $action == 'block' ? 1 : 0); $redirect_to = str_replace('&', '&', $redirect_to); break; // messages action // messages action case 'messages': if ($action == 'create') { // create new message create_new_message($thrd_ID); } elseif ($action == 'delete') { // Check permission: $current_User->check_perm('perm_messaging', 'delete', true); $msg_ID = param('msg_ID', 'integer', true); $MessageCache =& get_MessageCache(); if (($edited_Message =& $MessageCache->get_by_ID($msg_ID, false)) === false) { $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Message')), 'error'); break; } $confirmed = param('confirmed', 'integer', 0); if ($confirmed) { // delete message $edited_Message->dbdelete(); unset($edited_Message); $Messages->add(T_('Message deleted.'), 'success'); } else { $delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&disp=messages&thrd_ID=' . $thrd_ID . '&msg_ID=' . $msg_ID . '&action=delete&confirmed=1'; $delete_url = url_add_param($delete_url, 'redirect_to=' . rawurlencode($redirect_to), '&') . '&' . url_crumb('messaging_messages'); $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>'; $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>'; $msg = T_('You are about to delete this message. ') . '<br /> ' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . $cancel_button; $Messages->add($msg, 'error'); } } break; } header_redirect($redirect_to); // Will save $Messages into Session }
function disp_feedback_list($type = 'comment', $params = array()) { global $Blog, $Item, $app_version; $type_list = array($type); if (version_compare($app_version, '4.0') < 0) { // b2evo 3 //array_walk($type_list, function(&$v){ $v = "'$v'"; }); foreach ($type_list as $v) { $type_list_fixed[] = "'{$v}'"; } $CommentList = new CommentList(NULL, implode(',', $type_list_fixed), array('published'), $Item->ID, '', 'ASC'); } else { // b2evo 4 $type = substr($type, 0, 1); $CommentList = new CommentList2($Blog, $Blog->get_setting('comments_per_page'), 'CommentCache', $type . '_'); // Filter list: $CommentList->set_default_filters(array('types' => $type_list, 'statuses' => array('published'), 'post_ID' => $Item->ID, 'order' => $Blog->get_setting('comments_orderdir'))); $CommentList->load_from_Request(); // Get ready for display (runs the query): $CommentList->display_init(); } if ($CommentList->result_num_rows < 1) { return; } forget_param('c'); forget_param('tb'); forget_param('pb'); forget_param('disp'); forget_param('more'); forget_param('title'); if (method_exists($CommentList, 'page_links') && $Blog->get_setting('paged_comments')) { // Navigation $CommentList->page_links(array('page_url' => url_add_tail($Item->get_permanent_url(), '#post-tabs'), 'block_start' => '<div class="comment-navigation clearfix">', 'block_end' => '</div>', 'prev_text' => '«', 'next_text' => '»')); $nav_displayed = 1; } echo $params['comment_list_start']; while ($Comment =& $CommentList->get_next()) { // Loop through comments: // ------------------ COMMENT INCLUDED HERE ------------------ skin_include($params['comment_template'], array('Comment' => &$Comment, 'comment_start' => $params['comment_start'], 'comment_end' => $params['comment_end'], 'link_to' => $params['link_to'])); // ---------------------- END OF COMMENT --------------------- } // End of comment list loop. echo $params['comment_list_end']; if (!empty($nav_displayed)) { // Navigation $CommentList->page_links(array('page_url' => url_add_tail($Item->get_permanent_url(), '#post-tabs'), 'block_start' => '<div class="comment-navigation clearfix">', 'block_end' => '</div>', 'prev_text' => '«', 'next_text' => '»')); } }
if (empty($error_message) && !@rename($oldFile->get_full_path(), $dir . $new_filename)) { // rename original file to the new file name failed $error_message = sprintf(T_("The original file could not be renamed to %s. The new file is now named %s."), $new_filename, $temp_filename); } if (empty($error_message) && !@rename($dir . $temp_filename, $dir . $old_filename)) { // rename new file to the original file name failed $error_message = sprintf(T_("The new file could not be renamed to %s. It is now named %s."), $old_filename, $temp_filename); } if (empty($error_message)) { $Messages->add(sprintf(T_('%s has been replaced with the new version!'), $old_filename), 'success'); } else { $Messages->add($error_message, 'error'); } } } forget_param('renamedFiles'); unset($renamedFiles); if ($upload_quickmode) { header_redirect(regenerate_url('ctrl', 'ctrl=files', '', '&')); } } // Process uploaded files: if ($action != 'switchtab' && isset($_FILES) && count($_FILES)) { // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('file'); $upload_result = process_upload($fm_FileRoot->ID, $path, false, false, $upload_quickmode); if (isset($upload_result)) { $failedFiles = $upload_result['failedFiles']; $uploadedFiles = $upload_result['uploadedFiles']; $renamedFiles = $upload_result['renamedFiles']; $renamedMessages = $upload_result['renamedMessages'];
* Display payload: */ switch ($action) { case 'nil': // Do nothing break; case 'delete': // We need to ask for confirmation: $edited_Invitation->confirm_delete(sprintf(T_('Delete invitation code «%s»?'), $edited_Invitation->dget('code')), 'invitation', $action, get_memorized('action')); /* no break */ /* no break */ case 'new': case 'create': case 'create_new': case 'create_copy': case 'edit': case 'update': // we return in this state after a validation error $AdminUI->disp_view('users/views/_invitation.form.php'); break; default: // No specific request, list all invitation codes: // Cleanup context: forget_param('ivc_ID'); // Display invitation codes list: $AdminUI->disp_view('users/views/_invitation.view.php'); break; } $AdminUI->disp_payload_end(); // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
$action = 'edit'; break; case 'delete': // Delete tag: // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('tag'); // Check that current user has permission to edit tags: $current_User->check_perm('options', 'edit', true); // Make sure we got an tag_ID: param('tag_ID', 'integer', true); if (param('confirm', 'integer', 0)) { // confirmed, Delete from DB: $msg = sprintf(T_('Tag "%s" has been deleted.'), '<b>' . $edited_ItemTag->dget('name') . '</b>'); $edited_ItemTag->dbdelete(); unset($edited_ItemTag); forget_param('tag_ID'); $Messages->add($msg, 'success'); // Redirect so that a reload doesn't write to the DB twice: header_redirect(regenerate_url('action', '', '', '&'), 303); // Will EXIT // We have EXITed already at this point!! } else { // not confirmed, Check for restrictions: if (!$edited_ItemTag->check_delete(sprintf(T_('Cannot delete tag "%s"'), '<b>' . $edited_ItemTag->dget('name') . '</b>'), array(), true)) { // There are restrictions: $action = 'list'; } } break; case 'unlink': // Unlink tag from the post:
/* EXIT */ // In case we changed the redirect someday: unset($edited_Chapter); $cat_ID = NULL; $action = 'list'; break; case 'delete': // Delete entry: param($ChapterCache->dbIDname, 'integer', true); if (param('confirm', 'integer', 0)) { // confirmed, Delete from DB: $parent_ID = $edited_Chapter->parent_ID; $msg = sprintf(T_('Chapter «%s» deleted.'), $edited_Chapter->dget('name')); $ChapterCache->dbdelete_by_ID($edited_Chapter->ID); unset($edited_Chapter); forget_param($ChapterCache->dbIDname); $Messages->add($msg, 'success'); // Redirect so that a reload doesn't write to the DB twice: $redirect_to = get_chapter_redirect_url(param('redirect_page', 'string', ''), $parent_ID); header_redirect($redirect_to, 303); // Will EXIT // We have EXITed already at this point!! } else { // not confirmed, Check for restrictions: // TODO: dh> allow to delete a category which has links (and unbreak those after confirmation). // Get the page number we come from: $previous_page = param('results_' . $ChapterCache->dbprefix . 'page', 'integer', 1, true); if (!$edited_Chapter->check_delete(sprintf(T_('Cannot delete element «%s»'), $edited_Chapter->dget('name')))) { // There are restrictions: $action = 'edit'; }
$edited_ComponentWidget->set('order', 0); // Temporary $edited_ComponentWidget->dbupdate(); $next_ComponentWidget->set('order', $order); $next_ComponentWidget->dbupdate(); $edited_ComponentWidget->set('order', $next_order); $edited_ComponentWidget->dbupdate(); } $DB->commit(); break; case 'delete': // Remove a widget from container: $msg = sprintf(T_('Widget «%s» removed.'), $edited_ComponentWidget->get_name()); $edited_ComponentWidget->dbdelete(true); unset($edited_ComponentWidget); forget_param('wi_ID'); $Messages->add($msg, 'success'); // PREVENT RELOAD & Switch to list mode: header_redirect('?ctrl=widgets&blog=' . $blog); break; case 'list': break; default: debug_die('Action: unhandled action'); } /** * Display page header, menus & messages: */ $AdminUI->set_coll_list_params('blog_properties', 'edit', array('ctrl' => 'widgets'), T_('List'), '?ctrl=collections&blog=0'); $AdminUI->set_path('blogs', 'widgets'); // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
if (!defined('EVO_MAIN_INIT')) { die('Please, do not access this page directly.'); } // Check permission: $current_User->check_perm('emails', 'view', true); load_class('email_campaigns/model/_emailcampaign.class.php', 'EmailCampaign'); load_funcs('email_campaigns/model/_emailcampaign.funcs.php'); param_action(); param('tab', 'string', 'info'); if (param('ecmp_ID', 'integer', '', true)) { // Load Email Campaign object $EmailCampaignCache =& get_EmailCampaignCache(); if (($edited_EmailCampaign =& $EmailCampaignCache->get_by_ID($ecmp_ID, false)) === false) { // We could not find the goal to edit: unset($edited_EmailCampaign); forget_param('ecmp_ID'); $action = ''; $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Email Campaign')), 'error'); } } switch ($action) { case 'add': // Add Email Campaign... // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('campaign'); // Check permission: $current_User->check_perm('emails', 'edit', true); $new_EmailCampaign = new EmailCampaign(); if (!$new_EmailCampaign->load_from_Request()) { // We could not load data from form with errors: $action = 'new';
* Display payload: */ switch ($action) { case 'nil': // Do nothing break; case 'delete': // We need to ask for confirmation: $edited_UserfieldGroup->confirm_delete(sprintf(T_('Delete user field «%s»?'), $edited_UserfieldGroup->dget('name')), 'userfieldgroup', $action, get_memorized('action')); /* no break */ /* no break */ case 'new': case 'create': case 'create_new': case 'create_copy': case 'edit': case 'update': // we return in this state after a validation error $AdminUI->disp_view('users/views/_userfieldsgroup.form.php'); break; default: // No specific request, list all user fields: // Cleanup context: forget_param('ufgp_ID'); // Display user fields list: $AdminUI->disp_view('users/views/_userfields.view.php'); break; } $AdminUI->disp_payload_end(); // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
case 'delete': // Delete entry: param($GenericCategoryCache->dbIDname, 'integer', true); // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('element'); if (!$permission_to_edit) { debug_die('No permission to edit'); } // Set restrictions for element $edited_GenericCategory->delete_restrictions = $delete_restrictions; if (param('confirm', 'integer', 0)) { // confirmed, Delete from DB: $msg = sprintf(T_('Element «%s» deleted.'), $edited_GenericCategory->dget('name')); $GenericCategoryCache->dbdelete_by_ID($edited_GenericCategory->ID); unset($edited_GenericCategory); forget_param($GenericCategoryCache->dbIDname); $Messages->add($msg, 'success'); $action = 'list'; } else { // not confirmed, Check for restrictions: // Get the page number we come from: $previous_page = param('results_' . $GenericCategoryCache->dbprefix . 'page', 'integer', 1, true); if (!$edited_GenericCategory->check_delete(sprintf(T_('Cannot delete element «%s»'), $edited_GenericCategory->dget('name')))) { // There are restrictions: $action = 'edit'; } } break; } // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect) $AdminUI->disp_html_head();
$AdminUI->disp_body_top(); $AdminUI->disp_payload_begin(); /** * Display payload: */ switch ($action) { case 'nil': // Do nothing break; case 'delete': // We need to ask for confirmation: $edited_Country->confirm_delete(sprintf(T_('Delete country «%s»?'), $edited_Country->dget('name')), 'country', $action, get_memorized('action')); case 'new': case 'create': case 'create_new': case 'create_copy': case 'edit': case 'update': $AdminUI->disp_view('regional/views/_country.form.php'); break; default: // No specific request, list all countries: // Cleanup context: forget_param('ctry_ID'); // Display country list: $AdminUI->disp_view('regional/views/_country_list.view.php'); break; } $AdminUI->disp_payload_end(); // Display body bottom, debug info and close </html>: $AdminUI->disp_global_footer();
$current_User->check_perm('emails', 'view', true); load_class('tools/model/_emailaddress.class.php', 'EmailAddress'); load_funcs('tools/model/_email.funcs.php'); param_action(); $tab = param('tab', 'string', 'blocked', true); $tab3 = param('tab3', 'string', '', true); param('action', 'string'); if ($tab == 'blocked') { // Email addresses if (param('emadr_ID', 'integer', '', true)) { // Load Email Address object $EmailAddressCache =& get_EmailAddressCache(); if (($edited_EmailAddress =& $EmailAddressCache->get_by_ID($emadr_ID, false)) === false) { // We could not find the goal to edit: unset($edited_EmailAddress); forget_param('emadr_ID'); $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Email Address')), 'error'); } } } switch ($action) { case 'settings': // Update the email settings // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('emailsettings'); // Check permission: $current_User->check_perm('emails', 'edit', true); switch ($tab3) { case 'notifications': /* Email service preferences: */ if ($Settings->get('smtp_enabled')) {