header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $ajax_action = PMF_Filter::filterInput(INPUT_GET, 'ajaxaction', FILTER_SANITIZE_STRING); if ('save_sticky_records' == $ajax_action && $permission['editbt']) { /** * Expected is an array of the structure: * array( 0 => array((int)id, (string)langugage, (int) checked)), * 1 => ..... * ) */ $items = isset($_GET['items']) && is_array($_GET['items']) ? $_GET['items'] : array(); $faq = new PMF_Faq(); foreach ($items as $item) { if (is_array($item) && count($item) == 3 && PMF_Language::isASupportedLanguage($item[1])) { print $faq->updateRecordSticky((int) $item[0], addslashes($item[1]), (int) $item[2]); } } } if ('delete_record' == $ajax_action && $permission['delbt']) { $record_id = PMF_Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT); $record_lang = PMF_Filter::filterInput(INPUT_POST, 'record_lang', FILTER_SANITIZE_STRING); adminlog('Beitragdel, ' . $record_id); $path = PMF_ROOT_DIR . '/attachments/' . $record_id . '/'; if (@is_dir($path)) { $do = dir($path); while ($dat = $do->read()) { if ($dat != "." && $dat != "..") { unlink($path . $dat); } }