$c_note = $components->addChild('value');
$c_note->addCData(@$comp['value']);
$count++;
}
}
exec_action('component-save');
XMLsave($xml, $path . $file);
header('Location: components.php?upd=comp-success');
}
// if undo was invoked
if (isset($_GET['undo'])) {
$nonce = $_GET['nonce'];
if (!check_nonce($nonce, "undo")) {
die("CSRF detected!");
}
undo($file, $path, $bakpath);
header('Location: components.php?upd=comp-restored');
}
//create list of components for html
$data = getXML($path . $file);
$componentsec = $data->item;
$count = 0;
if (count($componentsec) != 0) {
foreach ($componentsec as $component) {
$table .= '<div class="compdiv" id="section-' . @$count . '"><table class="comptable" ><tr><td><b title="Double Click to Edit" class="editable">' . stripslashes(@$component->title) . '</b></td>';
$table .= '<td style="text-align:right;" ><code><?php get_component(<span class="compslugcode">\'' . @$component->slug . '\'</span>); ?></code></td><td class="delete" >';
$table .= '<a href="#" title="' . $i18n['DELETE_COMPONENT'] . ': ' . cl(@$component->title) . '?" id="del-' . $count . '" onClick="DeleteComp(\'' . $count . '\'); return false;" >X</a></td></tr></table>';
$table .= '<textarea name="val[]">' . stripslashes(@$component->value) . '</textarea>';
$table .= '<input type="hidden" class="compslug" name="slug[]" value="' . @$component->slug . '" />';
$table .= '<input type="hidden" class="comptitle" name="title[]" value="' . @stripslashes($component->title) . '" />';
$table .= '<input type="hidden" name="id[]" value="' . @$count . '" />';
if (isset($_GET['flushcache'])) {
delete_cache();
$update = 'flushcache-success';
}
# if the undo command was invoked
if (isset($_GET['undo'])) {
# first check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
$nonce = $_GET['nonce'];
if (!check_nonce($nonce, "undo")) {
die("CSRF detected!");
}
}
# perform undo
undo($file, GSUSERSPATH, GSBACKUSERSPATH);
undo($wfile, GSDATAOTHERPATH, GSBACKUPSPATH . 'other/');
generate_sitemap();
# redirect back to yourself to show the new restored data
redirect('settings.php?restored=true');
}
# was this page restored?
if (isset($_GET['restored'])) {
$restored = 'true';
} else {
$restored = 'false';
}
# was the form submitted?
if (isset($_POST['submitted'])) {
# first check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
$nonce = $_POST['nonce'];
$msg_client = htmlentities($msg['acquisition_recept_add_expl_err'], ENT_QUOTES, $charset);
} else {
$msg_client = htmlentities($msg['acquisition_recept_add_expl_ok'], ENT_QUOTES, $charset);
}
show_delivery_form($msg_client);
break;
case 'update':
if (!update()) {
$msg_client = htmlentities($msg['acquisition_recept_deliv_err'], ENT_QUOTES, $charset);
} else {
$msg_client = htmlentities($msg['acquisition_recept_deliv_ok'], ENT_QUOTES, $charset);
}
show_delivery_form($msg_client);
break;
case 'update_sug':
update_sug();
show_delivery_form();
break;
case 'undo':
if (!undo()) {
$msg_client = htmlentities($msg['acquisition_recept_undo_err'], ENT_QUOTES, $charset);
} else {
$msg_client = htmlentities($msg['acquisition_recept_undo_ok'], ENT_QUOTES, $charset);
}
show_delivery_form($msg_client);
break;
case 'show':
default:
show_delivery_form();
break;
}
$fullpath = suggest_site_path();
$lang_array = getFiles(GSLANGPATH);
# initialize these all as null
$error = $success = $prettychck = null;
# if the flush cache command was invoked
if (isset($_GET['flushcache'])) {
delete_cache();
$update = 'flushcache-success';
}
# if the undo command was invoked
if (isset($_GET['undo'])) {
check_for_csrf("undo");
# perform undo
$bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH);
// backups/other/
undo(GSWEBSITEFILE, GSDATAOTHERPATH, $bakpath);
generate_sitemap();
# redirect back to yourself to show the new restored data
redirect('settings.php?upd=settings-restored');
}
# was the form submitted?
if (isset($_POST['submitted'])) {
check_for_csrf("save_settings");
# website-specific fields
if (isset($_POST['sitename'])) {
$SITENAME = htmlentities($_POST['sitename'], ENT_QUOTES, 'UTF-8');
}
if (isset($_POST['siteurl'])) {
$SITEURL = tsl($_POST['siteurl']);
}
if (isset($_POST['permalink'])) {
if (!filepath_is_safe(GSUSERSPATH . $file, GSUSERSPATH)) {
die(i18n_r('ER_REQ_PROC_FAIL'));
}
// else populate data for user
$data = getXML(GSUSERSPATH . $file);
$password = $data->PWD;
}
# if the undo command was invoked
if (isset($_GET['undo'])) {
if ($_GET['userid'] !== $userid) {
die(i18n_r('ER_REQ_PROC_FAIL'));
}
// if not allowedtoedit then userid is $USR now, so stop undo actions
check_for_csrf("undo");
# perform undo
$success = undo($file, GSUSERSPATH, GSBACKUSERSPATH);
# redirect back to yourself to show the new restored data
redirect('profile.php?upd=profile-restored&userid=' . $userid);
}
# was the form submitted?
if (isset($_POST['submitted'])) {
check_for_csrf("save_profile");
// if adding a new user
if (isset($_POST['add']) && $_POST['add'] == 1 && $allowadd && isset($_POST['user'])) {
$adding = true;
$userid = strtolower($_POST['user']);
$file = _id($userid) . '.xml';
if (path_is_safe(GSUSERSPATH . $file, GSUSERSPATH)) {
die(i18n('INVALID_USER'));
}
if (!path_is_safe(dirname(GSUSERSPATH . $file), GSUSERSPATH, true)) {
