diff --git a/plugins/calendar/functions.inc b/plugins/calendar/functions.inc index ac8cb21d1..c29005418 100644 --- a/plugins/calendar/functions.inc +++ b/plugins/calendar/functions.inc @@ -419,11 +419,12 @@ function plugin_savesubmission_calendar($A) $retval = ''; $A['title'] = strip_tags(COM_checkWords($A['title'])); + $A['title'] = GLText::removeUtf8Icons($A['title']); $A['start_year'] = COM_applyFilter($A['start_year'], true); $A['start_month'] = COM_applyFilter($A['start_month'], true); $A['start_day'] = COM_applyFilter($A['start_day'], true); - // check for missing textfields + // check for missing text fields if (empty($A['title']) || empty($A['start_month']) || empty($A['start_day']) || empty($A['start_year'])) { $retval .= COM_showMessageText($LANG12[23], $LANG12[22]) . plugin_submit_calendar($A['calendar_type']); @@ -472,23 +473,23 @@ function plugin_savesubmission_calendar($A) $A['description'] = (isset($A['description']) ? $A['description'] : ''); $A['event_type'] = (isset($A['event_type']) ? $A['event_type'] : ''); - if ($A['url'] == 'http://') { + if ($A['url'] === 'http://' || $A['url'] === 'https://') { // remove default entry now to avoid false spam reports $A['url'] = ''; } // pseudo-formatted event description for the spam check - $spamcheck = ''; + $spamCheck = ''; if (empty($A['url'])) { - $spamcheck .= $A['title']; + $spamCheck .= $A['title']; } else { - $spamcheck .= COM_createLink($A['title'], $A['url']); + $spamCheck .= COM_createLink($A['title'], $A['url']); } - $spamcheck .= '' . $A['location'] . '' + $spamCheck .= '' . $A['location'] . '' . $A['address1'] . '' . $A['address2'] . '' . $A['city'] . ', ' . $A['zipcode'] . '' . $A['description'] . '

'; - $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); + $result = PLG_checkforSpam($spamCheck, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('submit'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); @@ -505,15 +506,15 @@ function plugin_savesubmission_calendar($A) // Remove any autotags the user doesn't have permission to use $A['description'] = PLG_replaceTags($A['description'], '', true); - $A['description'] = DB_escapeString(htmlspecialchars(COM_checkWords($A['description']))); - $A['address1'] = DB_escapeString(strip_tags(COM_checkWords($A['address1']))); - $A['address2'] = DB_escapeString(strip_tags(COM_checkWords($A['address2']))); - $A['city'] = DB_escapeString(strip_tags(COM_checkWords($A['city']))); - $A['zipcode'] = DB_escapeString(strip_tags(COM_checkWords($A['zipcode']))); - $A['state'] = DB_escapeString(strip_tags(COM_checkWords($A['state']))); - $A['location'] = DB_escapeString(strip_tags(COM_checkWords($A['location']))); - $A['event_type'] = DB_escapeString(strip_tags(COM_checkWords($A['event_type']))); - $A['title'] = DB_escapeString($A['title']); + $A['description'] = DB_escapeString(htmlspecialchars(GLText::removeUtf8Icons(COM_checkWords($A['description'])))); + $A['address1'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['address1'])))); + $A['address2'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['address2'])))); + $A['city'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['city'])))); + $A['zipcode'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['zipcode'])))); + $A['state'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['state'])))); + $A['location'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['location'])))); + $A['event_type'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['event_type'])))); + $A['title'] = DB_escapeString(GLText::removeUtf8Icons($A['title'])); $A['url'] = DB_escapeString(COM_sanitizeUrl($A['url'])); diff --git a/plugins/staticpages/services.inc.php b/plugins/staticpages/services.inc.php index a51f21691..340893165 100644 --- a/plugins/staticpages/services.inc.php +++ b/plugins/staticpages/services.inc.php @@ -52,9 +52,9 @@ /** * Submit static page. The page is updated if it exists, or a new one is created * - * @param array args Contains all the data provided by the client - * @param string &output OUTPUT parameter containing the returned text - * @param string &svc_msg OUTPUT parameter containing any service messages + * @param array $args Contains all the data provided by the client + * @param string $output OUTPUT parameter containing the returned text + * @param string $svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) @@ -203,7 +203,7 @@ function service_submit_staticpages($args, &$output, &$svc_msg) return PLG_RET_ERROR; } - + if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; @@ -356,7 +356,7 @@ function service_submit_staticpages($args, &$output, &$svc_msg) $sp_onlastupdate = 1; } else { $sp_onlastupdate = 0; - } + } if ($sp_nf == 'on') { $sp_nf = 1; } else { @@ -393,12 +393,20 @@ function service_submit_staticpages($args, &$output, &$svc_msg) if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } + $sp_content = GLText::removeUtf8Icons($sp_content); + $sp_title = strip_tags($sp_title); + $sp_title = GLText::removeUtf8Icons($sp_title); $sp_page_title = strip_tags($sp_page_title); + $sp_page_title = GLText::removeUtf8Icons($sp_page_title); $sp_label = strip_tags($sp_label); + $sp_label = GLText::removeUtf8Icons($sp_label); $meta_description = strip_tags($meta_description); + $meta_description = GLText::removeUtf8Icons($meta_description); $meta_keywords = strip_tags($meta_keywords); + $meta_keywords = GLText::removeUtf8Icons($meta_keywords); + $sp_help = GLText::removeUtf8Icons($sp_help); $sp_content = DB_escapeString($sp_content); $sp_title = DB_escapeString($sp_title); @@ -406,6 +414,7 @@ function service_submit_staticpages($args, &$output, &$svc_msg) $sp_label = DB_escapeString($sp_label); $meta_description = DB_escapeString($meta_description); $meta_keywords = DB_escapeString($meta_keywords); + $sp_help = DB_escapeString($sp_help); // If user does not have php edit perms, then set php flag to 0. if (($_SP_CONF['allow_php'] != 1) || !SEC_hasRights('staticpages.PHP')) { @@ -499,14 +508,14 @@ function service_submit_staticpages($args, &$output, &$svc_msg) } // Retrieve created date - $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '$sp_id'"); - if ($datecreated == '') { - $datecreated = date('Y-m-d H:i:s'); + $dateCreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '$sp_id'"); + if ($dateCreated == '') { + $dateCreated = date('Y-m-d H:i:s'); } DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_onhits,sp_onlastupdate,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,cache_time,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_where,sp_inblock,postmode', - "'$sp_id','$sp_title','$sp_page_title','$sp_content','$datecreated',NOW(),$sp_hits,'$sp_format',$sp_onmenu,$sp_onhits,$sp_onlastupdate,'$sp_label','$commentcode','$meta_description','$meta_keywords',$template_flag,'$template_id',$draft_flag,$cache_time,$owner_id,$group_id," + "'$sp_id','$sp_title','$sp_page_title','$sp_content','$dateCreated',NOW(),$sp_hits,'$sp_format',$sp_onmenu,$sp_onhits,$sp_onlastupdate,'$sp_label','$commentcode','$meta_description','$meta_keywords',$template_flag,'$template_id',$draft_flag,$cache_time,$owner_id,$group_id," . "$perm_owner,$perm_group,$perm_members,$perm_anon,'$sp_php','$sp_nf',$sp_centerblock,'$sp_help',$sp_where," . "'$sp_inblock','$postmode'"); diff --git a/public_html/admin/plugins/links/category.php b/public_html/admin/plugins/links/category.php index 853d0069d..9af386359 100644 --- a/public_html/admin/plugins/links/category.php +++ b/public_html/admin/plugins/links/category.php @@ -36,23 +36,23 @@ /** * Geeklog links categories administration page. * - * @package Links + * @package Links * @subpackage admin * @filesource - * @version 2.1 - * @since Geeklog 1.5.0 - * @copyright Copyright © 2000-2009 - * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 - * @author Tony Bibbs, tony AT tonybibbs DOT com - * @author Mark Limburg, mlimburg AT users.sourceforge DOT net - * @author Jason Whittenburg, jwhitten AT securitygeeks DOT com - * @author Dirk Haun, dirk AT haun-online DOT de - * @author Euan McKay, info AT heatherengineering DOT com + * @version 2.1 + * @since Geeklog 1.5.0 + * @copyright Copyright © 2000-2009 + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * @author Tony Bibbs, tony AT tonybibbs DOT com + * @author Mark Limburg, mlimburg AT users.sourceforge DOT net + * @author Jason Whittenburg, jwhitten AT securitygeeks DOT com + * @author Dirk Haun, dirk AT haun-online DOT de + * @author Euan McKay, info AT heatherengineering DOT com */ -/** -* Geeklog common function library and Admin authentication -*/ +global $_CONF, $_USER, $_LI_CONF, $LANG_LINKS_ADMIN, $LANG_ADMIN, $MESSAGE; + +// Geeklog common function library and Admin authentication require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; @@ -71,15 +71,12 @@ exit; } - // +--------------------------------------------------------------------------+ // | Category administration functions | // | Located here so that in the future, users can also have their own link | // | collections with categories over which they have edit access. | // +--------------------------------------------------------------------------+ - - // Returns a category tree of categories in the database to which // the user has edit access @@ -91,47 +88,56 @@ function links_list_categories($root) require_once $_CONF['path_system'] . 'lib-admin.php'; $retval = ''; - $header_arr = array( # display 'text' and use table field 'field' - array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), - array('text' => $LANG_LINKS_ADMIN[44], 'field' => 'addchild', 'sort' => false), - array('text' => $LANG_LINKS_ADMIN[30], 'field' => 'category', 'sort' => true), - array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), - array('text' => $LANG_LINKS_ADMIN[33], 'field' => 'tid', 'sort' => true)); + array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), + array('text' => $LANG_LINKS_ADMIN[44], 'field' => 'addchild', 'sort' => false), + array('text' => $LANG_LINKS_ADMIN[30], 'field' => 'category', 'sort' => true), + array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), + array('text' => $LANG_LINKS_ADMIN[33], 'field' => 'tid', 'sort' => true), + ); $defsort_arr = array('field' => 'category', 'direction' => 'asc'); $links_url = $_CONF['site_admin_url'] . '/plugins/links'; - $menu_arr = array ( - array('url' => $links_url . '/index.php', - 'text' => $LANG_LINKS_ADMIN[53]), - array('url' => $links_url . '/index.php?mode=edit', - 'text' => $LANG_LINKS_ADMIN[51]), - array('url' => $links_url . '/index.php?validate=enabled', - 'text' => $LANG_LINKS_ADMIN[26]), - array('url' => $links_url . '/category.php', - 'text' => $LANG_LINKS_ADMIN[50]), - array('url' => $links_url . '/category.php?mode=edit', - 'text' => $LANG_LINKS_ADMIN[52]), - array('url' => $_CONF['site_admin_url'], - 'text' => $LANG_ADMIN['admin_home']) + $menu_arr = array( + array( + 'url' => $links_url . '/index.php', + 'text' => $LANG_LINKS_ADMIN[53], + ), + array( + 'url' => $links_url . '/index.php?mode=edit', + 'text' => $LANG_LINKS_ADMIN[51], + ), + array( + 'url' => $links_url . '/index.php?validate=enabled', + 'text' => $LANG_LINKS_ADMIN[26], + ), + array( + 'url' => $links_url . '/category.php', + 'text' => $LANG_LINKS_ADMIN[50], + ), + array( + 'url' => $links_url . '/category.php?mode=edit', + 'text' => $LANG_LINKS_ADMIN[52], + ), + array( + 'url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home'], + ), ); - $retval .= COM_startBlock($LANG_LINKS_ADMIN[54], '', - COM_getBlockTemplate('_admin_block', 'header')); - + $retval .= COM_startBlock($LANG_LINKS_ADMIN[54], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG_LINKS_ADMIN[12], plugin_geticon_links()); $text_arr = array( 'has_extras' => true, - 'form_url' => $_CONF['site_admin_url'] . '/plugins/links/category.php' + 'form_url' => $_CONF['site_admin_url'] . '/plugins/links/category.php', ); $dummy = array(); - $data_arr = links_list_categories_recursive ($dummy, $_LI_CONF['root'], 0); + $data_arr = links_list_categories_recursive($dummy, $_LI_CONF['root'], 0); - $retval .= ADMIN_simpleList('plugin_getListField_categories', $header_arr, - $text_arr, $data_arr); + $retval .= ADMIN_simpleList('plugin_getListField_categories', $header_arr, $text_arr, $data_arr); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; @@ -168,9 +174,13 @@ function links_list_categories_recursive($data_arr, $cid, $indent) return $data_arr; } - -// Returns form to create a new category or edit an existing one - +/** + * Returns form to create a new category or edit an existing one + * + * @param int $cid + * @param int $pid + * @return string + */ function links_edit_category($cid, $pid) { global $_CONF, $_TABLES, $_USER, $MESSAGE, @@ -189,8 +199,7 @@ function links_edit_category($cid, $pid) $A['pid'] = $pid; } elseif (!empty($cid)) { // have category id, so editing a category - $sql = "SELECT * FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'" - . COM_getPermSQL('AND'); + $sql = "SELECT * FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'" . COM_getPermSQL('AND'); $result = DB_query($sql); $A = DB_fetchArray($result); } else { @@ -199,11 +208,14 @@ function links_edit_category($cid, $pid) $A['group_id'] = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Links Admin'"); SEC_setDefaultPermissions($A, $_LI_CONF['category_permissions']); $A['owner_id'] = $_USER['uid']; - $A['pid'] = $_LI_CONF['root']; + $A['pid'] = $_LI_CONF['root']; } - $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], - $A['perm_group'], $A['perm_members'], $A['perm_anon']); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); if ($access < 3) { return COM_showMessage(6, 'links'); @@ -211,8 +223,7 @@ function links_edit_category($cid, $pid) $token = SEC_createToken(); - $retval .= COM_startBlock($LANG_LINKS_ADMIN[56], '', - COM_getBlockTemplate('_admin_block', 'header')); + $retval .= COM_startBlock($LANG_LINKS_ADMIN[56], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= SEC_getTokenExpiryNotice($token); $T = COM_newTemplate(CTL_plugin_templatePath('links', 'admin')); @@ -235,7 +246,7 @@ function links_edit_category($cid, $pid) if (!empty($cid)) { $delbutton = ''; + . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $T->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $T->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); @@ -277,9 +288,10 @@ function links_edit_category($cid, $pid) $T->set_var('topic_selection', ''); */ - $T->set_var('topic_selection', ''); - + $T->set_var( + 'topic_selection', + '' + ); if (empty($cid)) { $num_links = $LANG_ADMIN['na']; @@ -302,7 +314,7 @@ function links_edit_category($cid, $pid) $T->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); $T->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $T->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], - $A['perm_group'], $A['perm_members'], $A['perm_anon'])); + $A['perm_group'], $A['perm_members'], $A['perm_anon'])); $T->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $T->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']); $T->set_var('gltoken_name', CSRF_TOKEN); @@ -315,40 +327,42 @@ function links_edit_category($cid, $pid) return $retval; } - /* * Save changes to category information * input array values from form (unvalidated, unsafe) * output string message giving outcome status of requested operation + * @return int */ - function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17; // Convert array values to numeric permission values - if (is_array($perm_owner) OR is_array($perm_group) OR is_array($perm_members) OR is_array($perm_anon)) { - list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); + if (is_array($perm_owner) || is_array($perm_group) || is_array($perm_members) || is_array($perm_anon)) { + list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); + // clean 'em up - $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), - 'links.edit')); - $category = DB_escapeString(COM_checkHTML(COM_checkWords($category), - 'links.edit')); - $pid = DB_escapeString(strip_tags($pid)); - $cid = DB_escapeString(strip_tags($cid)); - $old_cid = DB_escapeString(strip_tags($old_cid)); + $description = COM_checkHTML(COM_checkWords($description), 'links.edit'); + $description = GLText::removeUtf8Icons($description); + $description = DB_escapeString($description); + $category = COM_checkHTML(COM_checkWords($category), 'links.edit'); + $category = GLText::removeUtf8Icons($category); + $category = DB_escapeString($category); + $pid = DB_escapeString(strip_tags($pid)); + $cid = DB_escapeString(strip_tags($cid)); + $old_cid = DB_escapeString(strip_tags($old_cid)); if (empty($category) || empty($description)) { return 7; } // Check cid to make sure not illegal - if (($cid == DB_escapeString($_LI_CONF['root'])) || ($cid == 'user')) { + if (($cid == DB_escapeString($_LI_CONF['root'])) || ($cid === 'user')) { return 11; } @@ -372,31 +386,35 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid // Make sure they aren't making a parent category child of one of it's own // children. This would create orphans - if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid',"cid='{$pid}'")) { + if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) { return 12; } - $access = 0; - if (DB_count ($_TABLES['linkcategories'], 'cid', $old_cid) > 0) { + if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) { // update existing item, but new cid so get access from database with old cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'"); - $A = DB_fetchArray ($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'], - $A['perm_group'],$A['perm_members'],$A['perm_anon']); + $A = DB_fetchArray($result); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); // set flag $update = "existing"; - } else if (DB_count ($_TABLES['linkcategories'], 'cid', $cid) > 0) { + } elseif (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // update existing item, same cid, so get access from database with existing cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"); - $A = DB_fetchArray ($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'], - $A['perm_group'],$A['perm_members'],$A['perm_anon']); + $A = DB_fetchArray($result); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); // set flag - $update = "same"; + $update = 'same'; } else { // new item, so use passed values - $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, - $perm_members, $perm_anon); + $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); // set flag $update = 'new'; } @@ -404,10 +422,11 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid if ($access < 3) { // no access rights: user should not be here COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid)); + return 6; } else { // save item - if ($update == 'existing') { + if ($update === 'existing') { // update an existing item but new cid $sql = "UPDATE {$_TABLES['linkcategories']} SET cid='{$cid}', @@ -423,7 +442,7 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid // Also need to update links for this category $sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'"; $result = DB_query($sql); - } else if ($update == 'same') { + } elseif ($update === 'same') { // update an existing item $sql = "UPDATE {$_TABLES['linkcategories']} SET pid='{$pid}', @@ -454,7 +473,7 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid $result = DB_query($sql); } - if (($update == 'existing') && ($cid != $old_cid)) { + if (($update === 'existing') && ($cid != $old_cid)) { PLG_itemSaved($cid, 'links.category', $old_cid); } else { PLG_itemSaved($cid, 'links.category'); @@ -464,26 +483,24 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid return 10; // success message } - /* * Delete a category * input $cid string category id number * output string message about success of requested operation */ - function links_delete_category($cid) { - global $_TABLES, $LANG_LINKS_ADMIN; + global $_TABLES, $_USER, $LANG_LINKS_ADMIN; $cid = DB_escapeString($cid); - if (DB_count ($_TABLES['linkcategories'], 'cid', $cid) > 0) { + if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // item exists so check access rights $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"); - $A = DB_fetchArray ($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'], - $A['perm_group'],$A['perm_members'],$A['perm_anon']); + $A = DB_fetchArray($result); + $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], + $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access > 2) { // has edit rights // Check for subfolders and sublinks @@ -493,6 +510,7 @@ function links_delete_category($cid) // No subfolder/links so OK to delete DB_delete($_TABLES['linkcategories'], 'cid', $cid); PLG_itemDeleted($cid, 'links.category'); + return 13; } else { // Subfolders and/or sublinks exist so return a message @@ -500,8 +518,9 @@ function links_delete_category($cid) } } else { // no access - return 15; COM_accessLog(sprintf($LANG_LINKS_ADMIN[46], $_USER['username'])); + + return 15; } } else { // no such category @@ -509,9 +528,7 @@ function links_delete_category($cid) } } - // MAIN - $mode = ''; if (isset ($_REQUEST['mode'])) { $mode = $_REQUEST['mode']; @@ -520,7 +537,7 @@ function links_delete_category($cid) $root = $_LI_CONF['root']; // delete category -if ((($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) || ($mode=="delete")) { +if ((($mode == $LANG_ADMIN['delete']) && !empty($LANG_ADMIN['delete'])) || ($mode == "delete")) { $cid = ''; if (isset($_REQUEST['cid'])) { $cid = strip_tags($_REQUEST['cid']); @@ -538,23 +555,24 @@ function links_delete_category($cid) COM_accessLog("User {$_USER['username']} tried to illegally delete link category $cid and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/index.php'); } - -// save category + // save category } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { - $msg = links_save_category($_POST['cid'], $_POST['old_cid'], - $_POST['pid'], $_POST['category'], - $_POST['description'], COM_applyFilter($_POST['tid']), - COM_applyFilter($_POST['owner_id'], true), - COM_applyFilter($_POST['group_id'], true), - $_POST['perm_owner'], $_POST['perm_group'], - $_POST['perm_members'], $_POST['perm_anon']); - - $display .= COM_showMessage ($msg, 'links'); + $msg = links_save_category( + $_POST['cid'], $_POST['old_cid'], + $_POST['pid'], $_POST['category'], + $_POST['description'], COM_applyFilter($_POST['tid']), + COM_applyFilter($_POST['owner_id'], true), + COM_applyFilter($_POST['group_id'], true), + $_POST['perm_owner'], $_POST['perm_group'], + $_POST['perm_members'], $_POST['perm_anon'] + ); + + $display .= COM_showMessage($msg, 'links'); $display .= links_list_categories($root); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[11])); -// edit category -} else if ($mode == 'edit') { + // edit category +} elseif ($mode == 'edit') { $pid = ''; if (isset($_GET['pid'])) { $pid = strip_tags(COM_stripslashes($_GET['pid'])); @@ -566,12 +584,12 @@ function links_delete_category($cid) $display .= links_edit_category($cid, $pid); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[56])); -// nothing, so list categories + // nothing, so list categories } else { if (isset ($_REQUEST['msg'])) { - $msg = COM_applyFilter ($_REQUEST['msg'], true); + $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { - $display .= COM_showMessage ($msg, 'links'); + $display .= COM_showMessage($msg, 'links'); } } $display .= links_list_categories($root); @@ -579,5 +597,3 @@ function links_delete_category($cid) } COM_output($display); - -?> diff --git a/public_html/admin/plugins/links/index.php b/public_html/admin/plugins/links/index.php index c46a92351..c00582726 100644 --- a/public_html/admin/plugins/links/index.php +++ b/public_html/admin/plugins/links/index.php @@ -35,23 +35,23 @@ /** * Geeklog links administration page. * - * @package Links + * @package Links * @subpackage admin * @filesource - * @version 2.0 - * @since GL 1.4.0 - * @copyright Copyright © 2005-2007 - * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 - * @author Trinity Bays - * @author Tony Bibbs - * @author Tom Willett - * @author Blaine Lang - * @author Dirk Haun + * @version 2.0 + * @since GL 1.4.0 + * @copyright Copyright © 2005-2007 + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * @author Trinity Bays + * @author Tony Bibbs + * @author Tom Willett + * @author Blaine Lang + * @author Dirk Haun */ -/** -* Geeklog common function library and Admin authentication -*/ +global $_CONF, $_USER, $LANG_ADMIN; + +// Geeklog common function library and Admin authentication require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; @@ -72,21 +72,13 @@ } /** -* Shows the links editor -* -* @param string $mode Used to see if we are moderating a link or simply editing one -* @param string $lid ID of link to edit -* @global array core config vars -* @global array core group data -* @global array core table data -* @global array core user data -* @global array links plugin config vars -* @global array links plugin lang vars -* @global array core lang access vars -* @return string HTML for the link editor form -* -*/ -function editlink ($mode, $lid = '') + * Shows the links editor + * + * @param string $mode Used to see if we are moderating a link or simply editing one + * @param string $lid ID of link to edit + * @return string HTML for the link editor form + */ +function editlink($mode, $lid = '') { global $_CONF, $_GROUPS, $_TABLES, $_USER, $_LI_CONF, $LANG_LINKS_ADMIN, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE; @@ -94,7 +86,7 @@ function editlink ($mode, $lid = '') $retval = ''; $link_templates = COM_newTemplate(CTL_plugin_templatePath('links', 'admin')); - $link_templates->set_file('editor','linkeditor.thtml'); + $link_templates->set_file('editor', 'linkeditor.thtml'); $link_templates->set_var('lang_pagetitle', $LANG_LINKS_ADMIN[28]); $link_templates->set_var('lang_link_list', $LANG_LINKS_ADMIN[53]); @@ -105,56 +97,57 @@ function editlink ($mode, $lid = '') $link_templates->set_var('lang_admin_home', $LANG_ADMIN['admin_home']); $link_templates->set_var('instructions', $LANG_LINKS_ADMIN[29]); - if ($mode <> 'editsubmission' AND !empty($lid)) { + if ($mode !== 'editsubmission' && !empty($lid)) { $result = DB_query("SELECT * FROM {$_TABLES['links']} WHERE lid ='$lid'"); if (DB_numRows($result) !== 1) { $msg = COM_showMessageText($LANG_LINKS_ADMIN[25], $LANG_LINKS_ADMIN[24]); + return $msg; } $A = DB_fetchArray($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); - if ($access == 0 OR $access == 2) { + $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); + if ($access == 0 || $access == 2) { $retval .= COM_showMessageText($LANG_LINKS_ADMIN[17], $LANG_LINKS_ADMIN[16]); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link $lid."); + return $retval; } } else { - if ($mode == 'editsubmission') { - $result = DB_query ("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '$lid'"); + if ($mode === 'editsubmission') { + $result = DB_query("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '$lid'"); $A = DB_fetchArray($result); } else { - $A['lid'] = COM_makesid(); + $A['lid'] = COM_makeSid(); $A['cid'] = ''; $A['url'] = ''; $A['description'] = ''; - $A['title']= ''; + $A['title'] = ''; $A['owner_id'] = $_USER['uid']; } $A['hits'] = 0; if (isset ($_GROUPS['Links Admin'])) { $A['group_id'] = $_GROUPS['Links Admin']; } else { - $A['group_id'] = SEC_getFeatureGroup ('links.edit'); + $A['group_id'] = SEC_getFeatureGroup('links.edit'); } - SEC_setDefaultPermissions ($A, $_LI_CONF['default_permissions']); + SEC_setDefaultPermissions($A, $_LI_CONF['default_permissions']); $access = 3; } $token = SEC_createToken(); - $retval .= COM_startBlock($LANG_LINKS_ADMIN[1], '', - COM_getBlockTemplate('_admin_block', 'header')); + $retval .= COM_startBlock($LANG_LINKS_ADMIN[1], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= SEC_getTokenExpiryNotice($token); $link_templates->set_var('link_id', $A['lid']); if (!empty($lid) && SEC_hasRights('links.edit')) { - $delbutton = ''; - $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; - $link_templates->set_var ('delete_option', - sprintf ($delbutton, $jsconfirm)); - $link_templates->set_var ('delete_option_no_confirmation', - sprintf ($delbutton, '')); + $delButton = ''; + $jsConfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; + $link_templates->set_var('delete_option', + sprintf($delButton, $jsConfirm)); + $link_templates->set_var('delete_option_no_confirmation', + sprintf($delButton, '')); $link_templates->set_var('allow_delete', true); $link_templates->set_var('lang_delete', $LANG_ADMIN['delete']); @@ -168,14 +161,14 @@ function editlink ($mode, $lid = '') } $link_templates->set_var('lang_linktitle', $LANG_LINKS_ADMIN[3]); $link_templates->set_var('link_title', - htmlspecialchars (stripslashes ($A['title']))); + htmlspecialchars(stripslashes($A['title']))); $link_templates->set_var('lang_linkid', $LANG_LINKS_ADMIN[2]); $link_templates->set_var('lang_linkurl', $LANG_LINKS_ADMIN[4]); $link_templates->set_var('max_url_length', 255); $link_templates->set_var('link_url', $A['url']); $link_templates->set_var('lang_includehttp', $LANG_LINKS_ADMIN[6]); $link_templates->set_var('lang_category', $LANG_LINKS_ADMIN[5]); - $othercategory = links_select_box (3,$A['cid']); + $othercategory = links_select_box(3, $A['cid']); $link_templates->set_var('category_options', $othercategory); $link_templates->set_var('lang_ifotherspecify', $LANG_LINKS_ADMIN[20]); $link_templates->set_var('category', $othercategory); @@ -184,7 +177,7 @@ function editlink ($mode, $lid = '') $link_templates->set_var('lang_linkdescription', $LANG_LINKS_ADMIN[9]); $link_templates->set_var('link_description', stripslashes($A['description'])); $allowed = COM_allowedHTML('links.edit') - . COM_allowedAutotags(); + . COM_allowedAutotags(); $link_templates->set_var('lang_allowed_html', $allowed); $link_templates->set_var('lang_save', $LANG_ADMIN['save']); $link_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); @@ -192,19 +185,19 @@ function editlink ($mode, $lid = '') // user access info $link_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $link_templates->set_var('lang_owner', $LANG_ACCESS['owner']); - $ownername = COM_getDisplayName ($A['owner_id']); + $ownername = COM_getDisplayName($A['owner_id']); $link_templates->set_var('owner_username', DB_getItem($_TABLES['users'], - 'username', "uid = {$A['owner_id']}")); + 'username', "uid = {$A['owner_id']}")); $link_templates->set_var('owner_name', $ownername); $link_templates->set_var('owner', $ownername); $link_templates->set_var('link_ownerid', $A['owner_id']); $link_templates->set_var('lang_group', $LANG_ACCESS['group']); $link_templates->set_var('group_dropdown', - SEC_getGroupDropdown ($A['group_id'], $access)); + SEC_getGroupDropdown($A['group_id'], $access)); $link_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $link_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); $link_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); - $link_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon'])); + $link_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon'])); $link_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $link_templates->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']); $link_templates->set_var('gltoken_name', CSRF_TOKEN); @@ -212,56 +205,52 @@ function editlink ($mode, $lid = '') $link_templates->parse('output', 'editor'); $retval .= $link_templates->finish($link_templates->get_var('output')); - $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); + $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; } /** -* Saves link to the database -* -* @param string $lid ID for link -* @param string $old_lid old ID for link -* @param string $cid cid of category link belongs to -* @param string $categorydd Category links belong to -* @param string $url URL of link to save -* @param string $description Description of link -* @param string $title Title of link -* @param int $hits Number of hits for link -* @param int $owner_id ID of owner -* @param int $group_id ID of group link belongs to -* @param int $perm_owner Permissions the owner has -* @param int $perm_group Permissions the group has -* @param int $perm_members Permissions members have -* @param int $perm_anon Permissions anonymous users have -* @return string HTML redirect or error message -* @global array core config vars -* @global array core group data -* @global array core table data -* @global array core user data -* @global array core msg data -* @global array links plugin lang admin vars -* -*/ -function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) + * Saves link to the database + * + * @param string $lid ID for link + * @param string $old_lid old ID for link + * @param string $cid cid of category link belongs to + * @param string $categoryDd Category links belong to + * @param string $url URL of link to save + * @param string $description Description of link + * @param string $title Title of link + * @param int $hits Number of hits for link + * @param int $owner_id ID of owner + * @param int $group_id ID of group link belongs to + * @param int $perm_owner Permissions the owner has + * @param int $perm_group Permissions the group has + * @param int $perm_members Permissions members have + * @param int $perm_anon Permissions anonymous users have + * @return string HTML redirect or error message + */ +function savelink($lid, $old_lid, $cid, $categoryDd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values - if (is_array($perm_owner) OR is_array($perm_group) OR is_array($perm_members) OR is_array($perm_anon)) { - list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); + if (is_array($perm_owner) || is_array($perm_group) || is_array($perm_members) || is_array($perm_anon)) { + list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } - // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up - $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), - 'links.edit')); - $title = DB_escapeString(strip_tags(COM_checkWords($title))); + $description = COM_checkHTML(COM_checkWords($description), 'links.edit'); + $description = GLText::removeUtf8Icons($description); + $description = DB_escapeString($description); + $title = strip_tags(COM_checkWords($title)); + $title = GLText::removeUtf8Icons($title); + $title = DB_escapeString($title); + $cid = GLText::removeUtf8Icons($cid); $cid = DB_escapeString($cid); if (empty ($owner_id)) { @@ -270,7 +259,7 @@ function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title if (isset ($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { - $group_id = SEC_getFeatureGroup ('links.edit'); + $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; @@ -298,35 +287,39 @@ function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title } $access = 0; - $old_lid = DB_escapeString ($old_lid); - if (DB_count ($_TABLES['links'], 'lid', $old_lid) > 0) { - $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); - $A = DB_fetchArray ($result); - $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], - $A['perm_owner'], $A['perm_group'], $A['perm_members'], - $A['perm_anon']); + $old_lid = DB_escapeString($old_lid); + if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { + $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); + $A = DB_fetchArray($result); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); } else { - $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group, - $perm_members, $perm_anon); + $access = SEC_hasAccess( + $owner_id, $group_id, + $perm_owner, $perm_group, + $perm_members, $perm_anon + ); } if (($access < 3) || !SEC_inGroup($group_id)) { - $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); + $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link $lid."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { - - if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { - $cid = DB_escapeString($categorydd); - } else if ($categorydd != $LANG_LINKS_ADMIN[7]) { + if ($categoryDd != $LANG_LINKS_ADMIN[7] && !empty($categoryDd)) { + $cid = DB_escapeString($categoryDd); + } elseif ($categoryDd != $LANG_LINKS_ADMIN[7]) { COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php'); } - DB_delete ($_TABLES['linksubmission'], 'lid', $old_lid); - DB_delete ($_TABLES['links'], 'lid', $old_lid); + DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); + DB_delete($_TABLES['links'], 'lid', $old_lid); - DB_save ($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'$lid','$cid','$url','$description','$title',NOW(),'$hits',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon"); + DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'$lid','$cid','$url','$description','$title',NOW(),'$hits',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon"); if (empty($old_lid) || ($old_lid == $lid)) { PLG_itemSaved($lid, 'links'); @@ -335,22 +328,22 @@ function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title } // Get category for rdf check - $category = DB_getItem ($_TABLES['linkcategories'],"category","cid='{$cid}'"); - COM_rdfUpToDateCheck ('links', $category, $lid); + $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); + COM_rdfUpToDateCheck('links', $category, $lid); - return PLG_afterSaveSwitch ( + return PLG_afterSaveSwitch( $_LI_CONF['aftersave'], - COM_buildURL ("{$_CONF['site_url']}/links/portal.php?what=link&item=$lid"), + COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item=$lid"), 'links', 2 ); } else { // missing fields - $retval .= COM_errorLog($LANG_LINKS_ADMIN[10],2); - if (DB_count ($_TABLES['links'], 'lid', $old_lid) > 0) { - $retval .= editlink ('edit', $old_lid); + $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); + if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { + $retval .= editlink('edit', $old_lid); } else { - $retval .= editlink ('edit', ''); + $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); @@ -360,17 +353,10 @@ function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title /** * List links - * @global array core config vars - * @global array core table data - * @global array core user data - * @global array core lang admin vars - * @global array links plugin lang vars - * @global array core lang access vars */ -function listlinks () +function listlinks() { - global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_LINKS_ADMIN, $LANG_ACCESS, - $_IMAGE_TYPE; + global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_LINKS_ADMIN, $LANG_ACCESS, $_IMAGE_TYPE; require_once $_CONF['path_system'] . 'lib-admin.php'; @@ -381,80 +367,91 @@ function listlinks () array('text' => $LANG_LINKS_ADMIN[2], 'field' => 'lid', 'sort' => true), array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), - array('text' => $LANG_LINKS_ADMIN[14], 'field' => 'category', 'sort' => true) + array('text' => $LANG_LINKS_ADMIN[14], 'field' => 'category', 'sort' => true), ); - $menu_arr = array ( - array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?mode=edit', - 'text' => $LANG_LINKS_ADMIN[51]) + $menu_arr = array( + array( + 'url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?mode=edit', + 'text' => $LANG_LINKS_ADMIN[51] + ), ); $validate = ''; if (isset($_GET['validate'])) { $token = SEC_createToken(); - $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php', - 'text' => $LANG_LINKS_ADMIN[53]); - $dovalidate_url = $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=validate' . '&'.CSRF_TOKEN.'='.$token; - $dovalidate_text = $LANG_LINKS_ADMIN[58]; - $form_arr['top'] = COM_createLink($dovalidate_text, $dovalidate_url); - if ($_GET['validate'] == 'enabled') { + $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php', + 'text' => $LANG_LINKS_ADMIN[53]); + $doValidateUrl = $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=validate' . '&' . CSRF_TOKEN . '=' . $token; + $doValidateText = $LANG_LINKS_ADMIN[58]; + $form_arr['top'] = COM_createLink($doValidateText, $doValidateUrl); + if ($_GET['validate'] === 'enabled') { $header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'beforevalidate', 'sort' => false); $validate = '?validate=enabled'; - } else if ($_GET['validate'] == 'validate') { + } elseif ($_GET['validate'] === 'validate') { $header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'dovalidate', 'sort' => false); - $validate = '?validate=validate&'.CSRF_TOKEN.'='.$token; + $validate = '?validate=validate&' . CSRF_TOKEN . '=' . $token; } $validate_help = $LANG_LINKS_ADMIN[59]; } else { - $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=enabled', - 'text' => $LANG_LINKS_ADMIN[26]); + $menu_arr[] = array( + 'url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=enabled', + 'text' => $LANG_LINKS_ADMIN[26] + ); $form_arr = array(); $validate_help = ''; } $defsort_arr = array('field' => 'title', 'direction' => 'asc'); - $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/category.php', - 'text' => $LANG_LINKS_ADMIN[50]); - $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/category.php?mode=edit', - 'text' => $LANG_LINKS_ADMIN[52]); - $menu_arr[] = array('url' => $_CONF['site_admin_url'], - 'text' => $LANG_ADMIN['admin_home']); + $menu_arr[] = array( + 'url' => $_CONF['site_admin_url'] . '/plugins/links/category.php', + 'text' => $LANG_LINKS_ADMIN[50] + ); + $menu_arr[] = array( + 'url' => $_CONF['site_admin_url'] . '/plugins/links/category.php?mode=edit', + 'text' => $LANG_LINKS_ADMIN[52] + ); + $menu_arr[] = array( + 'url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home'] + ); $retval .= COM_startBlock($LANG_LINKS_ADMIN[11], '', - COM_getBlockTemplate('_admin_block', 'header')); + COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG_LINKS_ADMIN[12] . $validate_help, plugin_geticon_links()); $text_arr = array( 'has_extras' => true, - 'form_url' => $_CONF['site_admin_url'] . "/plugins/links/index.php$validate" + 'form_url' => $_CONF['site_admin_url'] . "/plugins/links/index.php$validate", ); - $query_arr = array('table' => 'links', - 'sql' => "SELECT l.lid AS lid, l.cid as cid, l.title AS title, " - . "c.category AS category, l.url AS url, l.description AS description, " - . "l.owner_id, l.group_id, l.perm_owner, l.perm_group, l.perm_members, l.perm_anon " - . "FROM {$_TABLES['links']} AS l " - . "LEFT JOIN {$_TABLES['linkcategories']} AS c " - . "ON l.cid=c.cid WHERE 1=1", - 'query_fields' => array('title', 'category', 'url', 'l.description'), - 'default_filter' => COM_getPermSql ('AND', 0, 3, 'l') + $query_arr = array( + 'table' => 'links', + 'sql' => "SELECT l.lid AS lid, l.cid as cid, l.title AS title, " + . "c.category AS category, l.url AS url, l.description AS description, " + . "l.owner_id, l.group_id, l.perm_owner, l.perm_group, l.perm_members, l.perm_anon " + . "FROM {$_TABLES['links']} AS l " + . "LEFT JOIN {$_TABLES['linkcategories']} AS c " + . "ON l.cid=c.cid WHERE 1=1", + 'query_fields' => array('title', 'category', 'url', 'l.description'), + 'default_filter' => COM_getPermSQL('AND', 0, 3, 'l'), ); $retval .= ADMIN_list('links', 'plugin_getListField_links', $header_arr, - $text_arr, $query_arr, $defsort_arr, '', '', '', $form_arr); + $text_arr, $query_arr, $defsort_arr, '', '', '', $form_arr); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; } /** -* Delete a link -* -* @param string $lid id of link to delete -* @param string $type 'submission' when attempting to delete a submission -*/ + * Delete a link + * + * @param string $lid id of link to delete + * @param string $type 'submission' when attempting to delete a submission + */ function deleteLink($lid, $type = '') { global $_CONF, $_TABLES, $_USER; @@ -462,9 +459,11 @@ function deleteLink($lid, $type = '') if (empty($type)) { // delete regular link $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid ='$lid'"); $A = DB_fetchArray($result); - $access = SEC_hasAccess($A['owner_id'], $A['group_id'], - $A['perm_owner'], $A['perm_group'], $A['perm_members'], - $A['perm_anon']); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete link $lid."); COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php'); @@ -473,7 +472,7 @@ function deleteLink($lid, $type = '') DB_delete($_TABLES['links'], 'lid', $lid); PLG_itemDeleted($lid, 'links'); COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3'); - } elseif ($type == 'submission') { + } elseif ($type === 'submission') { if (plugin_ismoderator_links()) { DB_delete($_TABLES['linksubmission'], 'lid', $lid); COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3'); @@ -493,10 +492,10 @@ function deleteLink($lid, $type = '') $mode = $_REQUEST['mode']; } -if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { - $lid = COM_applyFilter ($_POST['lid']); +if (($mode === $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { + $lid = COM_applyFilter($_POST['lid']); if (!isset ($lid) || empty ($lid)) { // || ($lid == 0) - COM_errorLog ('Attempted to delete link lid=' . $lid ); + COM_errorLog('Attempted to delete link lid=' . $lid); COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php'); } elseif (SEC_checkToken()) { $type = ''; @@ -508,28 +507,28 @@ function deleteLink($lid, $type = '') COM_accessLog("User {$_USER['username']} tried to illegally delete link $lid and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/index.php'); } -} elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { +} elseif (($mode === $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { $cid = ''; if (isset($_POST['cid'])) { $cid = $_POST['cid']; } - $display .= savelink (COM_applyFilter ($_POST['lid']), - COM_applyFilter ($_POST['old_lid']), - $cid, $_POST['categorydd'], - $_POST['url'], $_POST['description'], $_POST['title'], - COM_applyFilter ($_POST['hits'], true), - COM_applyFilter ($_POST['owner_id'], true), - COM_applyFilter ($_POST['group_id'], true), - $_POST['perm_owner'], $_POST['perm_group'], - $_POST['perm_members'], $_POST['perm_anon']); -} else if ($mode == 'editsubmission') { - $display .= editlink ($mode, COM_applyFilter ($_GET['id'])); + $display .= savelink(COM_applyFilter($_POST['lid']), + COM_applyFilter($_POST['old_lid']), + $cid, $_POST['categorydd'], + $_POST['url'], $_POST['description'], $_POST['title'], + COM_applyFilter($_POST['hits'], true), + COM_applyFilter($_POST['owner_id'], true), + COM_applyFilter($_POST['group_id'], true), + $_POST['perm_owner'], $_POST['perm_group'], + $_POST['perm_members'], $_POST['perm_anon']); +} elseif ($mode === 'editsubmission') { + $display .= editlink($mode, COM_applyFilter($_GET['id'])); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[1])); -} else if ($mode == 'edit') { +} elseif ($mode === 'edit') { if (empty ($_GET['lid'])) { - $display .= editlink ($mode); + $display .= editlink($mode); } else { - $display .= editlink ($mode, COM_applyFilter ($_GET['lid'])); + $display .= editlink($mode, COM_applyFilter($_GET['lid'])); } $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[1])); } else { // 'cancel' or no mode at all @@ -544,5 +543,3 @@ function deleteLink($lid, $type = '') } COM_output($display); - -?> diff --git a/public_html/admin/plugins/polls/index.php b/public_html/admin/plugins/polls/index.php index e8aa811f7..733b559b7 100644 --- a/public_html/admin/plugins/polls/index.php +++ b/public_html/admin/plugins/polls/index.php @@ -33,15 +33,15 @@ // +---------------------------------------------------------------------------+ /** -* Polls plugin administration page -* -* @package Polls -* @subpackage admin -*/ + * Polls plugin administration page + * + * @package Polls + * @subpackage admin + */ -/** -* Geeklog common function library and Admin authentication -*/ +global $_CONF, $_USER, $MESSAGE, $LANG_ADMIN, $LANG21; + +// Geeklog common function library and Admin authentication require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; @@ -71,14 +71,14 @@ function listpolls() $retval = ''; // writing the menu on top - $menu_arr = array ( - array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php?mode=edit', + $menu_arr = array( + array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php?mode=edit', 'text' => $LANG_ADMIN['create_new']), - array('url' => $_CONF['site_admin_url'], + array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $retval .= COM_startBlock($LANG25[18], '', - COM_getBlockTemplate('_admin_block', 'header')); + COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu( $menu_arr, @@ -93,7 +93,7 @@ function listpolls() array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), - array('text' => $LANG25[33], 'field' => 'is_open', 'sort' => true) + array('text' => $LANG25[33], 'field' => 'is_open', 'sort' => true), ); $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc'); @@ -101,18 +101,18 @@ function listpolls() $text_arr = array( 'has_extras' => true, 'instructions' => $LANG25[19], - 'form_url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php' + 'form_url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php', ); $query_arr = array( - 'table' => 'polltopics', - 'sql' => "SELECT *,UNIX_TIMESTAMP(created) AS unixdate " + 'table' => 'polltopics', + 'sql' => "SELECT *,UNIX_TIMESTAMP(created) AS unixdate " . "FROM {$_TABLES['polltopics']} WHERE 1=1", - 'query_fields' => array('topic'), - 'default_filter' => COM_getPermSql ('AND') + 'query_fields' => array('topic'), + 'default_filter' => COM_getPermSQL('AND'), ); - $retval .= ADMIN_list ( + $retval .= ADMIN_list( 'polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr ); @@ -122,36 +122,38 @@ function listpolls() } /** -* Saves a poll -* -* Saves a poll topic and potential answers to the database -* -* @param string $pid Poll topic ID -* @param string $old_pid Previous poll topic ID -* @param array $Q Array of poll questions -* @param string $mainpage Checkbox: poll appears on homepage -* @param string $topic The text for the topic -* @param string $meta_description -* @param string $meta_keywords -* @param int $statuscode (unused) -* @param string $open Checkbox: poll open for voting -* @param string $hideresults Checkbox: hide results until closed -* @param int $commentcode Indicates if users can comment on poll -* @param array $A Array of possible answers -* @param array $V Array of vote per each answer -* @param array $R Array of remark per each answer -* @param int $owner_id ID of poll owner -* @param int $group_id ID of group poll belongs to -* @param int $perm_owner Permissions the owner has on poll -* @param int $perm_grup Permissions the group has on poll -* @param int $perm_members Permissions logged in members have on poll -* @param int $perm_anon Permissions anonymous users have on poll -*/ -function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, - $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, + * Saves a poll + * Saves a poll topic and potential answers to the database + * + * @param string $pid Poll topic ID + * @param string $old_pid Previous poll topic ID + * @param array $Q Array of poll questions + * @param string $mainPage Checkbox: poll appears on homepage + * @param string $topic The text for the topic + * @param string $meta_description + * @param string $meta_keywords + * @param int $statusCode (unused) + * @param string $open Checkbox: poll open for voting + * @param string $hideResults Checkbox: hide results until closed + * @param int $commentCode Indicates if users can comment on poll + * @param array $A Array of possible answers + * @param array $V Array of vote per each answer + * @param array $R Array of remark per each answer + * @param int $owner_id ID of poll owner + * @param int $group_id ID of group poll belongs to + * @param int $perm_owner Permissions the owner has on poll + * @param int $perm_group Permissions the group has on poll + * @param int $perm_members Permissions logged in members have on poll + * @param int $perm_anon Permissions anonymous users have on poll + * @param bool $allow_multipleanswers + * @param string $topic_description + * @param string $description + * @return string|void + */ +function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, + $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description) - { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; @@ -159,7 +161,7 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met $retval = ''; // Convert array values to numeric permission values - list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); + list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $topic = COM_checkHTML($topic); @@ -177,10 +179,10 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met } // check if any question was entered - if (empty($topic) or (count($Q) == 0) or (strlen($Q[0]) == 0) or - (strlen($A[0][0]) == 0)) { + if (empty($topic) || (count($Q) === 0) || (strlen($Q[0]) === 0) || (strlen($A[0][0]) === 0)) { $retval .= COM_showMessageText($LANG25[2], $LANG21[32]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5])); + return $retval; } @@ -200,23 +202,27 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met // start processing the poll topic if ($_POLL_VERBOSE) { - COM_errorLog ('**** Inside savepoll() in ' - . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); + COM_errorLog('**** Inside savepoll() in ' + . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } - $access = 0; - if (DB_count ($_TABLES['polltopics'], 'pid', $pid) > 0) { - $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); - $P = DB_fetchArray ($result); - $access = SEC_hasAccess ($P['owner_id'], $P['group_id'], - $P['perm_owner'], $P['perm_group'], $P['perm_members'], - $P['perm_anon']); + if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { + $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); + $P = DB_fetchArray($result); + $access = SEC_hasAccess( + $P['owner_id'], $P['group_id'], + $P['perm_owner'], $P['perm_group'], + $P['perm_members'], $P['perm_anon'] + ); } else { - $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, - $perm_group, $perm_members, $perm_anon); + $access = SEC_hasAccess( + $owner_id, $group_id, + $perm_owner, $perm_group, + $perm_members, $perm_anon + ); } if (($access < 3) || !SEC_inGroup($group_id)) { - $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); + $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll $pid."); COM_output($display); @@ -238,16 +244,20 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met // Retrieve Created Date before delete $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'"); if ($created_date == '') { - $created_date = date ('Y-m-d H:i:s'); + $created_date = date('Y-m-d H:i:s'); } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); + $topic = GLText::removeUtf8Icons($topic); $topic = DB_escapeString($topic); + $topic_description = GLText::removeUtf8Icons($topic_description); $topic_description = DB_escapeString($topic_description); + $meta_description = GLText::removeUtf8Icons($meta_description); $meta_description = DB_escapeString($meta_description); + $meta_keywords = GLText::removeUtf8Icons($meta_keywords); $meta_keywords = DB_escapeString($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's @@ -258,29 +268,32 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); $Q[$i] = COM_checkHTML($Q[$i]); - $allow_multipleanswers[$i] = COM_stripslashes($allow_multipleanswers[$i]); - $description[$i] = COM_checkHTML(COM_stripslashes($description[$i])); + $Q[$i] = GLText::removeUtf8Icons($Q[$i]); + $allow_multipleanswers[$i] = GLText::removeUtf8Icons(COM_stripslashes($allow_multipleanswers[$i])); + $description[$i] = GLText::removeUtf8Icons(COM_checkHTML(COM_stripslashes($description[$i]))); if ($allow_multipleanswers[$i] == 'on') { $allow_multipleanswers[$i] = 1; } else { $allow_multipleanswers[$i] = 0; } - if (strlen($Q[$i]) > 0) { // only insert questions that exist $num_questions_exist++; $Q[$i] = DB_escapeString($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', - "'$k', '$pid', '$Q[$i]','$allow_multipleanswers[$i]','$description[$i]'"); + "'$k', '$pid', '$Q[$i]','$allow_multipleanswers[$i]','$description[$i]'"); + // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); $A[$i][$j] = COM_checkHTML($A[$i][$j]); + $A[$i][$j] = GLText::removeUtf8Icons($A[$i][$j]); $R[$i][$j] = COM_stripslashes($R[$i][$j]); $R[$i][$j] = COM_checkHTML($R[$i][$j]); + $R[$i][$j] = GLText::removeUtf8Icons($R[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { @@ -289,7 +302,7 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met $A[$i][$j] = DB_escapeString($A[$i][$j]); $R[$i][$j] = DB_escapeString($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " - . "('$pid', '$k', " . ($j+1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; + . "('$pid', '$k', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $num_total_votes = $num_total_votes + $V[$i][$j]; @@ -301,16 +314,16 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met // determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime']) if ($num_questions_exist > 0) { - $numvoters = $num_total_votes / $num_questions_exist; + $numVoters = $num_total_votes / $num_questions_exist; } else { // This shouldn't happen - $numvoters = $num_total_votes; + $numVoters = $num_total_votes; } // save topics after the questions so we can include question count into table - $sql = "'$pid','$topic','$meta_description','$meta_keywords',$numvoters, $k, '$created_date', '" . date ('Y-m-d H:i:s'); + $sql = "'$pid','$topic','$meta_description','$meta_keywords',$numVoters, $k, '$created_date', '" . date('Y-m-d H:i:s'); - if ($mainpage == 'on') { + if ($mainPage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; @@ -320,13 +333,13 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met } else { $sql .= ",0"; } - if ($hideresults == 'on') { + if ($hideResults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } - $sql .= ",'$statuscode','$commentcode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,'$topic_description'"; + $sql .= ",'$statusCode','$commentCode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,'$topic_description'"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql); @@ -335,7 +348,7 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), - array('sid', 'type'), array(DB_escapeString($old_pid), 'polls')); + array('sid', 'type'), array(DB_escapeString($old_pid), 'polls')); DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid)); @@ -343,30 +356,26 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met } if ($_POLL_VERBOSE) { - COM_errorLog ('**** Leaving savepoll() in ' - . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); + COM_errorLog('**** Leaving savepoll() in ' + . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } - return PLG_afterSaveSwitch ( + return PLG_afterSaveSwitch( $_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19 ); - - COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); } /** -* Shows poll editor -* -* Diplays the poll editor form -* -* @param string $pid ID of poll to edit -* @return string HTML for poll editor form -* -*/ -function editpoll ($pid = '') + * Shows poll editor + * Display the poll editor form + * + * @param string $pid ID of poll to edit + * @return string HTML for poll editor form + */ +function editpoll($pid = '') { global $_CONF, $_PO_CONF, $_GROUPS, $_TABLES, $_USER, $LANG25, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $LANG_POLLS, $_SCRIPTS; @@ -378,11 +387,12 @@ function editpoll ($pid = '') $T = DB_fetchArray($topic); // Get permissions for poll - $access = SEC_hasAccess($T['owner_id'],$T['group_id'],$T['perm_owner'],$T['perm_group'],$T['perm_members'],$T['perm_anon']); - if ($access == 0 OR $access == 2) { + $access = SEC_hasAccess($T['owner_id'], $T['group_id'], $T['perm_owner'], $T['perm_group'], $T['perm_members'], $T['perm_anon']); + if ($access == 0 || $access == 2) { // User doesn't have access...bail $retval .= COM_showMessageText($LANG25[22], $LANG25[21]); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll $pid."); + return $retval; } } @@ -390,16 +400,21 @@ function editpoll ($pid = '') // writing the menu on top require_once $_CONF['path_system'] . 'lib-admin.php'; - $menu_arr = array ( - array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php', - 'text' => $LANG_ADMIN['list_all']), - array('url' => $_CONF['site_admin_url'], - 'text' => $LANG_ADMIN['admin_home'])); + $menu_arr = array( + array( + 'url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php', + 'text' => $LANG_ADMIN['list_all'], + ), + array( + 'url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home'], + ), + ); $token = SEC_createToken(); $retval .= COM_startBlock($LANG25[5], '', - COM_getBlockTemplate('_admin_block', 'header')); + COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu( $menu_arr, @@ -409,24 +424,26 @@ function editpoll ($pid = '') $retval .= SEC_getTokenExpiryNotice($token); $poll_templates = COM_newTemplate(CTL_plugin_templatePath('polls', 'admin')); - $poll_templates->set_file (array ('editor' => 'polleditor.thtml', - 'question' => 'pollquestions.thtml', - 'answer' => 'pollansweroption.thtml')); + $poll_templates->set_file(array( + 'editor' => 'polleditor.thtml', + 'question' => 'pollquestions.thtml', + 'answer' => 'pollansweroption.thtml', + )); - if (!empty ($pid) AND ($access == 3) AND !empty ($T['owner_id'])) { + if (!empty($pid) && ($access == 3) && !empty($T['owner_id'])) { $delbutton = ''; + . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; - $poll_templates->set_var ('delete_option', - sprintf ($delbutton, $jsconfirm)); - $poll_templates->set_var ('delete_option_no_confirmation', - sprintf ($delbutton, '')); + $poll_templates->set_var('delete_option', + sprintf($delbutton, $jsconfirm)); + $poll_templates->set_var('delete_option_no_confirmation', + sprintf($delbutton, '')); $poll_templates->set_var('allow_delete', true); $poll_templates->set_var('lang_delete', $LANG_ADMIN['delete']); $poll_templates->set_var('confirm_message', $MESSAGE[76]); } else { - $T['pid'] = COM_makeSid (); + $T['pid'] = COM_makeSid(); $T['topic'] = ''; $T['description'] = ''; $T['meta_description'] = ''; @@ -436,12 +453,12 @@ function editpoll ($pid = '') $T['is_open'] = 1; $T['hideresults'] = 0; $T['owner_id'] = $_USER['uid']; - if (isset ($_GROUPS['Polls Admin'])) { + if (isset($_GROUPS['Polls Admin'])) { $T['group_id'] = $_GROUPS['Polls Admin']; } else { - $T['group_id'] = SEC_getFeatureGroup ('polls.edit'); + $T['group_id'] = SEC_getFeatureGroup('polls.edit'); } - SEC_setDefaultPermissions ($T, $_PO_CONF['default_permissions']); + SEC_setDefaultPermissions($T, $_PO_CONF['default_permissions']); $T['statuscode'] = 0; $T['commentcode'] = $_CONF['comment_code']; $access = 3; @@ -459,12 +476,12 @@ function editpoll ($pid = '') $poll_templates->set_var('poll_id', $T['pid']); $poll_templates->set_var('lang_donotusespaces', $LANG25[7]); $poll_templates->set_var('lang_topic', $LANG25[9]); - $poll_templates->set_var('poll_topic', htmlspecialchars ($T['topic'])); + $poll_templates->set_var('poll_topic', htmlspecialchars($T['topic'])); $poll_templates->set_var('lang_mode', $LANG25[1]); - $poll_templates->set_var('lang_topic_description',$LANG25[1003]); + $poll_templates->set_var('lang_topic_description', $LANG25[1003]); $poll_templates->set_var('topic_description', $T['description']); $poll_templates->set_var('lang_metadescription', - $LANG_ADMIN['meta_description']); + $LANG_ADMIN['meta_description']); $poll_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']); if (!empty($T['meta_description'])) { $poll_templates->set_var('meta_description', $T['meta_description']); @@ -478,8 +495,8 @@ function editpoll ($pid = '') $poll_templates->set_var('hide_meta', ' style="display:none;"'); } - $poll_templates->set_var('status_options', COM_optionList ($_TABLES['statuscodes'], 'code,name', $T['statuscode'])); - $poll_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'],'code,name',$T['commentcode'])); + $poll_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $T['statuscode'])); + $poll_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $T['commentcode'])); $poll_templates->set_var('lang_appearsonhomepage', $LANG25[8]); $poll_templates->set_var('lang_openforvoting', $LANG25[33]); @@ -500,33 +517,32 @@ function editpoll ($pid = '') // user access info $poll_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $poll_templates->set_var('lang_owner', $LANG_ACCESS['owner']); - $ownername = COM_getDisplayName ($T['owner_id']); + $ownername = COM_getDisplayName($T['owner_id']); $poll_templates->set_var('owner_username', DB_getItem($_TABLES['users'], - 'username', "uid = {$T['owner_id']}")); + 'username', "uid = {$T['owner_id']}")); $poll_templates->set_var('owner_name', $ownername); $poll_templates->set_var('owner', $ownername); $poll_templates->set_var('owner_id', $T['owner_id']); $poll_templates->set_var('lang_group', $LANG_ACCESS['group']); $poll_templates->set_var('group_dropdown', - SEC_getGroupDropdown ($T['group_id'], $access)); + SEC_getGroupDropdown($T['group_id'], $access)); $poll_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $poll_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); $poll_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); - $poll_templates->set_var('permissions_editor', SEC_getPermissionsHTML($T['perm_owner'],$T['perm_group'],$T['perm_members'],$T['perm_anon'])); + $poll_templates->set_var('permissions_editor', SEC_getPermissionsHTML($T['perm_owner'], $T['perm_group'], $T['perm_members'], $T['perm_anon'])); $poll_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $poll_templates->set_var('lang_answersvotes', $LANG25[10]); $poll_templates->set_var('lang_save', $LANG_ADMIN['save']); $poll_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); // repeat for several questions - $question_sql = "SELECT question,qid ,allow_multipleanswers ,description " . "FROM {$_TABLES['pollquestions']} WHERE pid='$pid' ORDER BY qid;"; $questions = DB_query($question_sql); - include ($_CONF['path_system'] . 'classes/navbar.class.php'); $navbar = new navbar; - for ($j=0; $j<$_PO_CONF['maxquestions']; $j++) { - $display_id = $j+1; + + for ($j = 0; $j < $_PO_CONF['maxquestions']; $j++) { + $display_id = $j + 1; if ($j > 0) { $poll_templates->set_var('style', 'style="display:none;"'); } else { @@ -537,20 +553,20 @@ function editpoll ($pid = '') "showhidePollsEditorDiv(\"$j\",$j,{$_PO_CONF['maxquestions']});return false;", true ); - $Q = DB_fetchArray ($questions); + $Q = DB_fetchArray($questions); $poll_templates->set_var('question_text', $Q['question']); $poll_templates->set_var('question_id', $j); $poll_templates->set_var('lang_question', $LANG25[31] . " $display_id"); - $poll_templates->set_var('lang_saveaddnew', $LANG25[32]); + $poll_templates->set_var('lang_saveaddnew', $LANG25[32]); $poll_templates->set_var('q_idx', $j); - $poll_templates->set_var('lang_allow_multipleanswers', $LANG25[1001]); + $poll_templates->set_var('lang_allow_multipleanswers', $LANG25[1001]); if ($Q['allow_multipleanswers'] == 1) { $poll_templates->set_var('poll_allow_multipleanswers', 'checked="checked"'); } else { $poll_templates->set_var('poll_allow_multipleanswers', ''); } - - $poll_templates->set_var('lang_questions_description', $LANG25[1002]); + + $poll_templates->set_var('lang_questions_description', $LANG25[1002]); $poll_templates->set_var('description', $Q['description']); // answers @@ -558,53 +574,53 @@ function editpoll ($pid = '') . "FROM {$_TABLES['pollanswers']} WHERE qid='$j' AND pid='$pid' ORDER BY aid"; $answers = DB_query($answer_sql); - for ($i=0; $i<$_PO_CONF['maxanswers']; $i++) { - if (isset ($answers)) { - $A = DB_fetchArray ($answers); - $poll_templates->set_var ('answer_text', - htmlspecialchars ($A['answer'])); - $poll_templates->set_var ('answer_votes', $A['votes']); - $poll_templates->set_var ('remark_text', $A['remark']); + for ($i = 0; $i < $_PO_CONF['maxanswers']; $i++) { + if (isset($answers)) { + $A = DB_fetchArray($answers); + $poll_templates->set_var('answer_text', + htmlspecialchars($A['answer'])); + $poll_templates->set_var('answer_votes', $A['votes']); + $poll_templates->set_var('remark_text', $A['remark']); } else { - $poll_templates->set_var ('answer_text', ''); - $poll_templates->set_var ('answer_votes', ''); - $poll_templates->set_var ('remark_text', ''); + $poll_templates->set_var('answer_text', ''); + $poll_templates->set_var('answer_votes', ''); + $poll_templates->set_var('remark_text', ''); } - $poll_templates->parse ('answer_option', 'answer', true); + $poll_templates->parse('answer_option', 'answer', true); } - $poll_templates->parse ('question_list', 'question', true); - $poll_templates->clear_var ('answer_option'); + $poll_templates->parse('question_list', 'question', true); + $poll_templates->clear_var('answer_option'); } $navbar->set_selected($LANG25[31] . " 1"); - $poll_templates->set_var ('navbar', $navbar->generate()); + $poll_templates->set_var('navbar', $navbar->generate()); $poll_templates->set_var('gltoken_name', CSRF_TOKEN); $poll_templates->set_var('gltoken', $token); - $poll_templates->parse('output','editor'); + $poll_templates->parse('output', 'editor'); $retval .= $poll_templates->finish($poll_templates->get_var('output')); - $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); + $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; } /** -* Delete a poll -* -* @param string $pid ID of poll to delete -*/ -function deletePoll ($pid) + * Delete a poll + * + * @param string $pid ID of poll to delete + */ +function deletePoll($pid) { global $_CONF, $_TABLES, $_USER; - $pid = DB_escapeString ($pid); - $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '$pid'"); - $Q = DB_fetchArray ($result); - $access = SEC_hasAccess ($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], - $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']); + $pid = DB_escapeString($pid); + $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '$pid'"); + $Q = DB_fetchArray($result); + $access = SEC_hasAccess($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], + $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']); if ($access < 3) { - COM_accessLog ("User {$_USER['username']} tried to illegally delete poll $pid."); + COM_accessLog("User {$_USER['username']} tried to illegally delete poll $pid."); COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } @@ -613,26 +629,25 @@ function deletePoll ($pid) DB_delete($_TABLES['pollquestions'], 'pid', $pid); DB_delete($_TABLES['pollvoters'], 'pid', $pid); DB_delete($_TABLES['comments'], array('sid', 'type'), - array($pid, 'polls')); + array($pid, 'polls')); PLG_itemDeleted($pid, 'polls'); COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20'); } // MAIN - $display = ''; $mode = ''; -if (isset ($_REQUEST['mode'])) { +if (isset($_REQUEST['mode'])) { $mode = COM_applyFilter($_REQUEST['mode']); } if ($mode == 'edit') { $pid = ''; - if (isset ($_GET['pid'])) { - $pid = COM_applyFilter ($_GET['pid']); + if (isset($_GET['pid'])) { + $pid = COM_applyFilter($_GET['pid']); } - $display .= editpoll ($pid); + $display .= editpoll($pid); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG25[5])); } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save'])) { $pid = COM_applyFilter($_POST['pid']); @@ -643,63 +658,63 @@ function deletePoll ($pid) if (empty($pid) && !empty($old_pid)) { $pid = $old_pid; } - if (empty($old_pid) && (! empty($pid))) { + if (empty($old_pid) && (!empty($pid))) { $old_pid = $pid; } if (!empty($pid)) { $statuscode = 0; - if (isset ($_POST['statuscode'])) { - $statuscode = COM_applyFilter ($_POST['statuscode'], true); + if (isset($_POST['statuscode'])) { + $statuscode = COM_applyFilter($_POST['statuscode'], true); } $mainpage = ''; - if (isset ($_POST['mainpage'])) { - $mainpage = COM_applyFilter ($_POST['mainpage']); + if (isset($_POST['mainpage'])) { + $mainpage = COM_applyFilter($_POST['mainpage']); } $open = ''; - if (isset ($_POST['open'])) { - $open = COM_applyFilter ($_POST['open']); + if (isset($_POST['open'])) { + $open = COM_applyFilter($_POST['open']); } $hideresults = ''; - if (isset ($_POST['hideresults'])) { - $hideresults = COM_applyFilter ($_POST['hideresults']); + if (isset($_POST['hideresults'])) { + $hideresults = COM_applyFilter($_POST['hideresults']); } - $display .= savepoll ($pid, $old_pid, $_POST['question'], $mainpage, - $_POST['topic'], $_POST['meta_description'], - $_POST['meta_keywords'], $statuscode, $open, - $hideresults, - COM_applyFilter ($_POST['commentcode'], true), - $_POST['answer'], $_POST['votes'], $_POST['remark'], - COM_applyFilter ($_POST['owner_id'], true), - COM_applyFilter ($_POST['group_id'], true), - $_POST['perm_owner'], $_POST['perm_group'], - $_POST['perm_members'], $_POST['perm_anon'], - $_POST['allow_multipleanswers'], - COM_applyFilter($_POST['topic_description']), - $_POST['description']); - } else { + $display .= savepoll($pid, $old_pid, $_POST['question'], $mainpage, + $_POST['topic'], $_POST['meta_description'], + $_POST['meta_keywords'], $statuscode, $open, + $hideresults, + COM_applyFilter($_POST['commentcode'], true), + $_POST['answer'], $_POST['votes'], $_POST['remark'], + COM_applyFilter($_POST['owner_id'], true), + COM_applyFilter($_POST['group_id'], true), + $_POST['perm_owner'], $_POST['perm_group'], + $_POST['perm_members'], $_POST['perm_anon'], + $_POST['allow_multipleanswers'], + COM_applyFilter($_POST['topic_description']), + $_POST['description']); + } else { $display .= COM_showMessageText($LANG25[17], $LANG21[32]) - . editpoll(); + . editpoll(); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG25[5])); } } elseif (($mode == $LANG_ADMIN['delete']) && !empty($LANG_ADMIN['delete'])) { $pid = ''; - if (isset ($_POST['pid'])) { - $pid = COM_applyFilter ($_POST['pid']); + if (isset($_POST['pid'])) { + $pid = COM_applyFilter($_POST['pid']); } - if (empty ($pid)) { - COM_errorLog ('Ignored possibly manipulated request to delete a poll.'); + if (empty($pid)) { + COM_errorLog('Ignored possibly manipulated request to delete a poll.'); COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } elseif (SEC_checkToken()) { - $display .= deletePoll ($pid); + $display .= deletePoll($pid); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete poll $pid and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/index.php'); } } else { // 'cancel' or no mode at all - if (isset ($_REQUEST['msg'])) { - $msg = COM_applyFilter ($_REQUEST['msg'], true); + if (isset($_REQUEST['msg'])) { + $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { - $display .= COM_showMessage ($msg, 'polls'); + $display .= COM_showMessage($msg, 'polls'); } } $display .= listpolls(); @@ -707,5 +722,3 @@ function deletePoll ($pid) } COM_output($display); - -?> diff --git a/public_html/admin/plugins/staticpages/index.php b/public_html/admin/plugins/staticpages/index.php index 6d1856c47..5726f8c67 100644 --- a/public_html/admin/plugins/staticpages/index.php +++ b/public_html/admin/plugins/staticpages/index.php @@ -33,15 +33,15 @@ // +---------------------------------------------------------------------------+ /** -* Static Pages plugin administration page -* -* @package StaticPages -* @subpackage admin -*/ + * Static Pages plugin administration page + * + * @package StaticPages + * @subpackage admin + */ -/** -* Geeklog common function library and Admin authentication -*/ +global $_CONF, $_USER, $_SP_CONF, $MESSAGE, $LANG_ADMIN, $sp_help; + +// Geeklog common function library and Admin authentication require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; @@ -57,22 +57,21 @@ /** -* Displays the static page editor form -* -* @param array $A Data to display -* @return string HTML for the static page editor -* -*/ + * Displays the static page editor form + * + * @param array $A Data to display + * @return string HTML for the static page editor + */ function staticpageeditor_form($A) { global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $mode, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG01, $LANG24, $LANG_postmodes, $MESSAGE, $_IMAGE_TYPE, $_SCRIPTS; - if (!empty($sp_id) && $mode=='edit') { - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); + if (!empty($sp_id) && $mode === 'edit') { + $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { - if ($mode != 'clone') { + if ($mode !== 'clone') { $A['sp_inblock'] = $_SP_CONF['in_block']; } $A['owner_id'] = $_USER['uid']; @@ -84,7 +83,7 @@ function staticpageeditor_form($A) SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']); $access = 3; if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { - $A['advanced_editor_mode'] = 1; + $A['advanced_editor_mode'] = 1; } } $retval = ''; @@ -122,17 +121,17 @@ function staticpageeditor_form($A) $sp_template->set_var('show_htmleditor', ''); } $post_options = ''; + . $LANG_postmodes['html'] . ''; if (isset($A['postmode']) && ($A['postmode'] == 'adveditor')) { $post_options .= ''; + . $LANG24[86] . ''; } else { $post_options .= ''; + . $LANG24[86] . ''; } - $sp_template->set_var('post_options', $post_options ); + $sp_template->set_var('post_options', $post_options); $sp_template->set_var('change_editormode', - 'onchange="change_editmode(this);"'); + 'onchange="change_editmode(this);"'); } else { $sp_template->set_file('form', 'editor.thtml'); } @@ -145,15 +144,15 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_mode', $LANG24[3]); $sp_template->set_var('comment_options', - COM_optionList($_TABLES['commentcodes'], 'code,name', - $A['commentcode'])); + COM_optionList($_TABLES['commentcodes'], 'code,name', + $A['commentcode'])); $sp_template->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $sp_template->set_var('lang_owner', $LANG_ACCESS['owner']); $owner_name = COM_getDisplayName($A['owner_id']); $owner_username = DB_getItem($_TABLES['users'], 'username', - "uid = {$A['owner_id']}"); + "uid = {$A['owner_id']}"); $sp_template->set_var('owner_id', $A['owner_id']); $sp_template->set_var('owner', $owner_name); $sp_template->set_var('owner_name', $owner_name); @@ -161,24 +160,24 @@ function staticpageeditor_form($A) if ($A['owner_id'] > 1) { $profile_link = $_CONF['site_url'] - . '/users.php?mode=profile&uid=' . $A['owner_id']; + . '/users.php?mode=profile&uid=' . $A['owner_id']; $sp_template->set_var('start_owner_anchortag', - '' ); + ''); $sp_template->set_var('end_owner_anchortag', ''); $sp_template->set_var('owner_link', - COM_createLink($owner_name, $profile_link)); + COM_createLink($owner_name, $profile_link)); $photo = ''; if ($_CONF['allow_user_photo']) { $photo = DB_getItem($_TABLES['users'], 'photo', - "uid = {$A['owner_id']}"); - if (! empty($photo)) { + "uid = {$A['owner_id']}"); + if (!empty($photo)) { $camera_icon = ''; + . '/images/smallcamera.' . $_IMAGE_TYPE + . '" alt=""' . XHTML . '>'; $sp_template->set_var('camera_icon', - COM_createLink($camera_icon, $profile_link)); + COM_createLink($camera_icon, $profile_link)); } } if (empty($photo)) { @@ -192,10 +191,10 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_group', $LANG_ACCESS['group']); $sp_template->set_var('group_dropdown', - SEC_getGroupDropdown($A['group_id'], $access)); + SEC_getGroupDropdown($A['group_id'], $access)); $sp_template->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], - $A['perm_members'], $A['perm_anon'])); + $A['perm_members'], $A['perm_anon'])); $sp_template->set_var('lang_permissions', $LANG_ACCESS['permissions']); $sp_template->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $sp_template->set_var('permissions_msg', $LANG_ACCESS['permmsg']); @@ -203,7 +202,7 @@ function staticpageeditor_form($A) $token = SEC_createToken(); $start_block = COM_startBlock($LANG_STATIC['staticpageeditor'], '', - COM_getBlockTemplate('_admin_block', 'header')); + COM_getBlockTemplate('_admin_block', 'header')); $start_block .= SEC_getTokenExpiryNotice($token); $sp_template->set_var('start_block_editor', $start_block); @@ -211,14 +210,15 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_cancel', $LANG_ADMIN['cancel']); $sp_template->set_var('lang_preview', $LANG_ADMIN['preview']); if (SEC_hasRights('staticpages.delete') && ($mode != 'clone') && - !empty($A['sp_old_id'])) { + !empty($A['sp_old_id']) + ) { $delbutton = ''; + . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $sp_template->set_var('delete_option', - sprintf($delbutton, $jsconfirm)); + sprintf($delbutton, $jsconfirm)); $sp_template->set_var('delete_option_no_confirmation', - sprintf($delbutton, '')); + sprintf($delbutton, '')); $sp_template->set_var('allow_delete', true); $sp_template->set_var('lang_delete', $LANG_ADMIN['delete']); @@ -228,7 +228,7 @@ function staticpageeditor_form($A) } $sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']); $sp_template->set_var('username', DB_getItem($_TABLES['users'], - 'username', "uid = {$A['owner_id']}")); + 'username', "uid = {$A['owner_id']}")); $authorname = COM_getDisplayName($A['owner_id']); $sp_template->set_var('name', $authorname); $sp_template->set_var('author', $authorname); @@ -238,7 +238,7 @@ function staticpageeditor_form($A) $sp_template->set_var('sp_id', $A['sp_id']); $sp_template->set_var('sp_old_id', $A['sp_old_id']); $sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] - . '/staticpages/index.php?page=' . $A['sp_id'])); + . '/staticpages/index.php?page=' . $A['sp_id'])); $sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']); $sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']); @@ -246,7 +246,7 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_centerblock_desc', $LANG21[52]); $sp_template->set_var('centerblock_help', $A['sp_help']); $sp_template->set_var('lang_centerblock_msg', - $LANG_STATIC['centerblock_msg']); + $LANG_STATIC['centerblock_msg']); if (isset($A['sp_centerblock']) && ($A['sp_centerblock'] == 1)) { $sp_template->set_var('centerblock_checked', 'checked="checked"'); } else { @@ -279,7 +279,7 @@ function staticpageeditor_form($A) $sp_template->set_var('pos_selection', $position); if (($_SP_CONF['allow_php'] == 1) && SEC_hasRights('staticpages.PHP')) { - if (! isset($A['sp_php'])) { + if (!isset($A['sp_php'])) { $A['sp_php'] = 0; } $selection = '' - . $template_none . $template_list . ''); + . $template_none . $template_list . ''); $sp_template->set_var('lang_use_template', $LANG_STATIC['use_template']); $sp_template->set_var('lang_use_template_msg', $LANG_STATIC['use_template_msg']); @@ -420,7 +420,7 @@ function staticpageeditor_form($A) } else { $sp_template->set_var('onlastupdate_checked', ''); } - + $sp_template->set_var('lang_label', $LANG_STATIC['label']); if (isset($A['sp_label'])) { $sp_template->set_var('sp_label', $A['sp_label']); @@ -432,7 +432,7 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']); $sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']); $sp_template->set_var('lang_leftrightblocks', - $LANG_STATIC['leftrightblocks']); + $LANG_STATIC['leftrightblocks']); if (!isset($A['sp_format'])) { $A['sp_format'] = ''; } @@ -462,11 +462,11 @@ function staticpageeditor_form($A) if (isset($A['sp_content'])) { $content = htmlspecialchars(stripslashes($A['sp_content'])); $content = str_replace(array('{', '}'), array('{', '}'), - $content); + $content); } $sp_template->set_var('sp_content', $content); $allowed = COM_allowedHTML('staticpages.edit', false, $_SP_CONF['filter_html']) - . COM_allowedAutotags(); + . COM_allowedAutotags(); $sp_template->set_var('lang_allowedhtml', $allowed); $sp_template->set_var('lang_allowed_html', $allowed); $sp_template->set_var('lang_show_on_page', $LANG_STATIC['show_on_page']); @@ -477,7 +477,7 @@ function staticpageeditor_form($A) } else { $sp_template->set_var('sp_hits', $A['sp_hits']); $sp_template->set_var('sp_hits_formatted', - COM_numberFormat($A['sp_hits'])); + COM_numberFormat($A['sp_hits'])); } $sp_template->set_var('lang_comments', $LANG_STATIC['comments']); if ($A['commentcode'] == -1) { @@ -488,7 +488,7 @@ function staticpageeditor_form($A) $sp_template->set_var('sp_comments', COM_numberFormat($num_comments)); } $sp_template->set_var('end_block', - COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); + COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); $sp_template->set_var('gltoken_name', CSRF_TOKEN); $sp_template->set_var('gltoken', $token); $sp_template->parse('output', 'form'); @@ -499,12 +499,12 @@ function staticpageeditor_form($A) } /** -* List all template static pages. For use with a dropdown. -* -* @retun string HTML for the list -* -*/ -function templatelist( $selected = '' ) + * List all template static pages. For use with a dropdown. + * + * @param string $selected + * @return string HTML for the list + */ +function templatelist($selected = '') { global $_TABLES; @@ -516,12 +516,12 @@ function templatelist( $selected = '' ) } $sql = "SELECT sp_id, sp_title FROM {$_TABLES['staticpage']} WHERE template_flag = 1 AND (draft_flag = 0)" . $perms . " ORDER BY sp_title"; - $result = DB_query ($sql); - $nrows = DB_numRows ($result); + $result = DB_query($sql); + $nrows = DB_numRows($result); if ($nrows > 0) { for ($i = 0; $i < $nrows; $i++) { - $A = DB_fetchArray ($result); + $A = DB_fetchArray($result); $retval .= '