tpl_redirect('login.php?target=' . $target); } else { $cache_rs = XDb::xSql("SELECT `user_id`, `name` FROM `caches` WHERE `cache_id`= ? LIMIT 1", $cache_id); if ($cache_record = XDb::xFetchArray($cache_rs)) { if ($cache_record['user_id'] == $usr['userid'] || $usr['admin']) { $desc_rs = XDb::xSql("SELECT `id`, `uuid` FROM `cache_desc` WHERE `cache_id`= ? AND `language`= ? LIMIT 1", $cache_id, $desclang); if ($desc_record = XDb::xFetchArray($desc_rs)) { XDb::xFreeResults($desc_rs); require $stylepath . '/removedesc.inc.php'; if ($remove_commit == 1) { //add to removed_objects XDb::xSql("INSERT INTO `removed_objects` (`id`, `localID`, `uuid`, `type`, `removed_date`, `node`)\n VALUES ('', ?, ?, '3', NOW(), ?)", $desc_record['id'], $desc_record['uuid'], $oc_nodeid); //remove it from cache_desc XDb::xSql("DELETE FROM `cache_desc` WHERE `cache_id`= ? AND `language`= ? LIMIT 1", $cache_id, $desclang); // update cache-record, including last modification date GeoCache::setCacheDefaultDescLang($cache_id); tpl_redirect('editcache.php?cacheid=' . urlencode($cache_id)); exit; } else { //commit the removement $tplname = 'removedesc'; tpl_set_var('desclang_name', db_LanguageFromShort($desclang)); tpl_set_var('cachename', htmlspecialchars($cache_record['name'], ENT_COMPAT, 'UTF-8')); tpl_set_var('cacheid_urlencode', htmlspecialchars(urlencode($cache_id), ENT_COMPAT, 'UTF-8')); tpl_set_var('desclang_urlencode', htmlspecialchars(urlencode($desclang), ENT_COMPAT, 'UTF-8')); } } else { //TODO: desc not exist } } else { //TODO: not the owner
$desc = userInputFilter::purifyHtmlString($desc); $hints = htmlspecialchars($hints, ENT_COMPAT, 'UTF-8'); if (isset($_POST['submitform'])) { // consider whether language does not already exist $cacheLang = XDb::xMultiVariableQueryValue("SELECT COUNT(*) `count` FROM `cache_desc`\n WHERE `cache_id`= :1 AND `id` != :2 AND `language`= :3 ", 0, $desc_record['cache_id'], $descid, $desclang); if ($cacheLang > 0) { tpl_errorMsg('editdesc', $error_desc_exists); } /* Prevent binary data in cache descriptions, e.g. <img src='data:...'> tags. */ if (strlen($desc) > 300000) { tpl_errorMsg('editdesc', tr('error3KCharsExcedeed')); } XDb::xSql("UPDATE `cache_desc` SET\n `last_modified`=NOW(), `desc_html`= '2', `desc_htmledit`= '1',\n `desc`= ?, `short_desc`= ?, `hint`= ?, `language`= ?\n WHERE `id`= ? ", $desc, $short_desc, nl2br($hints), $desclang, $descid); // update description languages in the cache record; // this also updates the modification date GeoCache::setCacheDefaultDescLang($desc_record['cache_id']); // redirect to cachepage tpl_redirect('editcache.php?cacheid=' . urlencode($desc_record['cache_id'])); exit; } else { if (isset($_POST['show_all_langs'])) { $show_all_langs = true; } } } else { //here we read all used information from the DB $short_desc = strip_tags($desc_record['short_desc']); $hints = strip_tags($desc_record['hint']); $desc_lang = $desc_record['language']; $desc = $desc_record['desc']; }