case 'editedtag': $tag_ID = (int) $_POST['tag_ID']; check_admin_referer('update-tag_' . $tag_ID); if (!current_user_can($tax->cap->edit_terms)) { nxt_die(__('Cheatin’ uh?')); } $tag = get_term($tag_ID, $taxonomy); if (!$tag) { nxt_die(__('You attempted to edit an item that doesn’t exist. Perhaps it was deleted?')); } $ret = nxt_update_term($tag_ID, $taxonomy, $_POST); $location = 'edit-tags.php?taxonomy=' . $taxonomy; if ('post' != $post_type) { $location .= '&post_type=' . $post_type; } if ($referer = nxt_get_original_referer()) { if (false !== strpos($referer, 'edit-tags.php')) { $location = $referer; } } if ($ret && !is_nxt_error($ret)) { $location = add_query_arg('message', 3, $location); } else { $location = add_query_arg('message', 5, $location); } nxt_redirect($location); exit; break; default: if (!empty($_REQUEST['_nxt_http_referer'])) { $location = remove_query_arg(array('_nxt_http_referer', '_nxtnonce'), stripslashes($_SERVER['REQUEST_URI']));
if (in_array($action, array('approvecomment', 'unapprovecomment'))) { check_admin_referer('approve-comment_' . $comment_id); } else { check_admin_referer('delete-comment_' . $comment_id); } $noredir = isset($_REQUEST['noredir']); if (!($comment = get_comment($comment_id))) { comment_footer_die(__('Oops, no comment with this ID.') . sprintf(' <a href="%s">' . __('Go back') . '</a>!', 'edit-comments.php')); } if (!current_user_can('edit_comment', $comment->comment_ID)) { comment_footer_die(__('You are not allowed to edit comments on this post.')); } if ('' != nxt_get_referer() && !$noredir && false === strpos(nxt_get_referer(), 'comment.php')) { $redir = nxt_get_referer(); } elseif ('' != nxt_get_original_referer() && !$noredir) { $redir = nxt_get_original_referer(); } elseif (in_array($action, array('approvecomment', 'unapprovecomment'))) { $redir = admin_url('edit-comments.php?p=' . absint($comment->comment_post_ID)); } else { $redir = admin_url('edit-comments.php'); } $redir = remove_query_arg(array('spammed', 'unspammed', 'trashed', 'untrashed', 'deleted', 'ids', 'approved', 'unapproved'), $redir); switch ($action) { case 'deletecomment': nxt_delete_comment($comment_id); $redir = add_query_arg(array('deleted' => '1'), $redir); break; case 'trashcomment': nxt_trash_comment($comment_id); $redir = add_query_arg(array('trashed' => '1', 'ids' => $comment_id), $redir); break;
/** * Retrieve or display original referer hidden field for forms. * * The input name is '_nxt_original_http_referer' and will be either the same * value of {@link nxt_referer_field()}, if that was posted already or it will * be the current page, if it doesn't exist. * * @package NXTClass * @subpackage Security * @since 2.0.4 * * @param bool $echo Whether to echo the original http referer * @param string $jump_back_to Optional, default is 'current'. Can be 'previous' or page you want to jump back to. * @return string Original referer field. */ function nxt_original_referer_field($echo = true, $jump_back_to = 'current') { $jump_back_to = 'previous' == $jump_back_to ? nxt_get_referer() : $_SERVER['REQUEST_URI']; $ref = nxt_get_original_referer() ? nxt_get_original_referer() : $jump_back_to; $orig_referer_field = '<input type="hidden" name="_nxt_original_http_referer" value="' . esc_attr(stripslashes($ref)) . '" />'; if ($echo) { echo $orig_referer_field; } return $orig_referer_field; }
function handle_members_updates() { global $action, $page; nxt_reset_vars(array('action', 'page')); if (isset($_GET['doaction']) || isset($_GET['doaction2'])) { if (addslashes($_GET['action']) == 'toggle' || addslashes($_GET['action2']) == 'toggle') { $action = 'bulk-toggle'; } } switch (addslashes($action)) { case 'toggle': if (isset($_GET['member_id'])) { $user_id = (int) $_GET['member_id']; check_admin_referer('toggle-member_' . $user_id); $member = new M_Membership($user_id); if ($member->toggle_activation()) { nxt_safe_redirect(add_query_arg('msg', 7, nxt_get_referer())); } else { nxt_safe_redirect(add_query_arg('msg', 8, nxt_get_referer())); } } break; case 'bulk-toggle': check_admin_referer('bulk-members'); foreach ($_GET['users'] as $value) { if (is_numeric($value)) { $user_id = (int) $value; $member = new M_Membership($user_id); $member->toggle_activation(); } } nxt_safe_redirect(add_query_arg('msg', 7, nxt_get_referer())); break; case 'bulkaddlevel-level-complete': case 'addlevel-level-complete': check_admin_referer($action); $members_id = $_POST['member_id']; $members = explode(',', $members_id); if ($members) { foreach ($members as $member_id) { $member = new M_Membership($member_id); $tolevel_id = (int) $_POST['tolevel_id']; if ($tolevel_id) { $member->add_level($tolevel_id); } } } $this->update_levelcounts(); nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer())); break; case 'bulkdroplevel-level-complete': case 'droplevel-level-complete': check_admin_referer($action); $members_id = $_POST['member_id']; $members = explode(',', $members_id); if ($members) { foreach ($members as $member_id) { $member = new M_Membership($member_id); $fromlevel_id = (int) $_POST['fromlevel_id']; if ($fromlevel_id) { $member->drop_level($fromlevel_id); } } } $this->update_levelcounts(); nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer())); break; case 'bulkmovelevel-level-complete': case 'movelevel-level-complete': check_admin_referer($action); $members_id = $_POST['member_id']; $members = explode(',', $members_id); if ($members) { foreach ($members as $member_id) { $member = new M_Membership($member_id); $fromlevel_id = (int) $_POST['fromlevel_id']; $tolevel_id = (int) $_POST['tolevel_id']; if ($fromlevel_id && $tolevel_id) { $member->move_level($fromlevel_id, $tolevel_id); } } } $this->update_levelcounts(); nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer())); break; case 'bulkaddsub-sub-complete': case 'addsub-sub-complete': check_admin_referer($action); $members_id = $_POST['member_id']; $members = explode(',', $members_id); if ($members) { foreach ($members as $member_id) { $member = new M_Membership($member_id); $tosub_id = $_POST['tosub_id']; if ($tosub_id) { $subs = explode('-', $tosub_id); if (count($subs) == 3) { $member->add_subscription($subs[0], $subs[1], $subs[2]); } } } } $this->update_levelcounts(); $this->update_subcounts(); nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer())); break; case 'bulkdropsub-sub-complete': case 'dropsub-sub-complete': check_admin_referer($action); $members_id = $_POST['member_id']; $members = explode(',', $members_id); if ($members) { foreach ($members as $member_id) { $member = new M_Membership($member_id); $fromsub_id = (int) $_POST['fromsub_id']; if ($fromsub_id) { $member->drop_subscription($fromsub_id); } } } $this->update_levelcounts(); $this->update_subcounts(); nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer())); break; case 'bulkmovesub-sub-complete': case 'movesub-sub-complete': check_admin_referer($action); $members_id = $_POST['member_id']; $members = explode(',', $members_id); if ($members) { foreach ($members as $member_id) { $member = new M_Membership($member_id); $fromsub_id = (int) $_POST['fromsub_id']; $tosub_id = $_POST['tosub_id']; if ($fromsub_id && $tosub_id) { $subs = explode('-', $tosub_id); if (count($subs) == 3) { $member->move_subscription($fromsub_id, $subs[0], $subs[1], $subs[2]); } } } } $this->update_levelcounts(); $this->update_subcounts(); nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer())); break; case 'bulkmovegateway-gateway-complete': case 'movegateway-gateway-complete': check_admin_referer($action); $members_id = $_POST['member_id']; $members = explode(',', $members_id); if ($members) { foreach ($members as $member_id) { $member = new M_Membership($member_id); $fromgateway = $_POST['fromgateway']; $togateway = $_POST['togateway']; if (!empty($fromgateway) && !empty($togateway)) { $relationships = $member->get_relationships(); foreach ($relationships as $rel) { if ($rel->usinggateway == $fromgateway) { $member->update_relationship_gateway($rel->rel_id, $fromgateway, $togateway); } } } } } nxt_safe_redirect(add_query_arg('msg', 3, nxt_get_original_referer())); break; } }