From 11c3fb6f4c25273902a819ae623577f3a3c16438 Mon Sep 17 00:00:00 2001 From: Tom Homer Date: Sat, 5 Nov 2016 09:58:29 -0400 Subject: [PATCH 1/3] Updated docs about mobile detection --- public_html/docs/english/changes.html | 5 ++++- public_html/docs/english/theme.html | 10 +++++----- public_html/docs/history | 1 + 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/public_html/docs/english/changes.html b/public_html/docs/english/changes.html index 33eceea69..6ab2565f3 100644 --- a/public_html/docs/english/changes.html +++ b/public_html/docs/english/changes.html @@ -36,7 +36,10 @@

Major New Features and Improvements

  • Added an ability to change article template file with the topic (feature request #275, code provided by @hostellerie)
  • Added the ability to search poll comments (feature request #394)
  • Added a new config option $_CONF['gravatar_identicon'] to specify a default gravatar icon type (bug #579)
    • -
  • +
  • Added ability for Geeklog to detect device type (mobile or computer) of visitor. This can be used by blocks to display only for a certain device type
    • +
  • Blocks can display based on visitor device type
    • +
  • Template variable {device_movile} added which returns true if viewing device is considered mobile (phone and tablet)
    • +
  • Numerous bug and security fixes.
    • diff --git a/public_html/docs/english/theme.html b/public_html/docs/english/theme.html index 9c1ad5f3c..76ebaf978 100644 --- a/public_html/docs/english/theme.html +++ b/public_html/docs/english/theme.html @@ -206,14 +206,14 @@

    Changes

    Theme changes in Geeklog 2.1.2

    Theme changes in Geeklog 2.1.1

    diff --git a/public_html/docs/history b/public_html/docs/history index 96d0f257a..17af0b943 100644 --- a/public_html/docs/history +++ b/public_html/docs/history @@ -10,6 +10,7 @@ Not Released (2.1.2) - [Feature] Reduced block lists in Block Manager [Tom] - [Feature] Added ability for Geeklog to detect device type (mobile or computer) of visitor [Tom] - [Feature] Blocks can display based on visitor device type [Tom] +- [Feature] Template variable {device_movile} added which returns true if viewing device is considered mobile (phone and tablet) [Tom] - [Feature] Geeklog Database Backup now works without using a external program to backup. [Tom] - [Feature] Individual static pages can now have hits and last update date not displayed. [Tom] - [Update] Dropped MSSQL support [Mystralkk] From 83a7858c251f8d9d8678649eee972036a03db60d Mon Sep 17 00:00:00 2001 From: Tom Homer Date: Sat, 5 Nov 2016 10:21:03 -0400 Subject: [PATCH 2/3] Updated Minimum Version Requirements in Docs Updated minimum verison requirements of: PHP 5.2.0 to PHP 5.3.3 MySQL 4.1.2 to MySQL 4.1.3 All added a note about selection the correct mySQL database collation. --- public_html/docs/english/install.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/public_html/docs/english/install.html b/public_html/docs/english/install.html index 6137e46b7..53c566620 100644 --- a/public_html/docs/english/install.html +++ b/public_html/docs/english/install.html @@ -40,9 +40,11 @@

    Installation Requirements

    Required Software

    -

    To install and use Geeklog you will need to have a server running Apache or Microsoft IIS with PHP 5.2.0 or higher installed. You will also need either MySQL 4.1.2 or later (MariaDB 5.1 or later will also work), or PostgreSQL 9.1.7 or greater.

    +

    To install and use Geeklog you will need to have a server running Apache or Microsoft IIS with PHP 5.3.3 or higher installed (PHP 7.X is supported). You will also need either MySQL 4.1.3 or later (MariaDB 5.1 or later will also work), or PostgreSQL 9.1.7 or greater.

    Note for PostgreSQL users: Geeklog currently requires that the Postgres option standard_conforming_strings is set to off (it is on by default as of PostgreSQL 9.1).

    + +

    Note for MySQL users: For multi language sites you generally want to use the database collation utf8_general_ci. This collation will be able to handle the character sets of different languages. As of version 5.5.3 MySQL supports 4-byte characters. In this case if you want to support for example emoji icons characters which are 4 bytes you will need to use a collation which supports it like utf8mb4_general_ci. For existing Geeklog databases which are using a different collation you can use a tool like phpMyAdmin to change your database default collation along with all the table collations. Be warned depending on what your initial collation is you may need to also update the data in your tables.

    Things You Should Know

    From 4f282df3f5753670aa00ee39b28a7bcb61f6e1a3 Mon Sep 17 00:00:00 2001 From: Kenji ITO Date: Sun, 6 Nov 2016 17:03:36 +0900 Subject: [PATCH 3/3] =?UTF-8?q?Fixed=20a=20bug=20where=20the=20?= =?UTF-8?q?=F0=9F=98=81=20from=20Phones=20cause=20errors=20when=20searchin?= =?UTF-8?q?g=20in=20Geeklog?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugins/calendar/functions.inc | 33 +- plugins/staticpages/services.inc.php | 27 +- public_html/admin/plugins/links/category.php | 244 +-- public_html/admin/plugins/links/index.php | 363 ++-- public_html/admin/plugins/polls/index.php | 403 ++-- .../admin/plugins/staticpages/index.php | 364 ++-- public_html/admin/topic.php | 517 +++-- public_html/calendar/index.php | 1243 ++++++------ public_html/comment.php | 11 +- public_html/lib-common.php | 2 +- public_html/links/index.php | 266 +-- public_html/links/portal.php | 14 +- public_html/search.php | 3 +- public_html/submit.php | 2 +- system/classes/gltext.class.php | 296 +-- system/classes/search.class.php | 20 +- system/classes/story.class.php | 467 ++--- system/lib-comment.php | 1741 ++++++++--------- system/lib-story.php | 18 +- system/lib-topic.php | 4 +- 20 files changed, 3034 insertions(+), 3004 deletions(-) diff --git a/plugins/calendar/functions.inc b/plugins/calendar/functions.inc index ac8cb21d1..c29005418 100644 --- a/plugins/calendar/functions.inc +++ b/plugins/calendar/functions.inc @@ -419,11 +419,12 @@ function plugin_savesubmission_calendar($A) $retval = ''; $A['title'] = strip_tags(COM_checkWords($A['title'])); + $A['title'] = GLText::removeUtf8Icons($A['title']); $A['start_year'] = COM_applyFilter($A['start_year'], true); $A['start_month'] = COM_applyFilter($A['start_month'], true); $A['start_day'] = COM_applyFilter($A['start_day'], true); - // check for missing textfields + // check for missing text fields if (empty($A['title']) || empty($A['start_month']) || empty($A['start_day']) || empty($A['start_year'])) { $retval .= COM_showMessageText($LANG12[23], $LANG12[22]) . plugin_submit_calendar($A['calendar_type']); @@ -472,23 +473,23 @@ function plugin_savesubmission_calendar($A) $A['description'] = (isset($A['description']) ? $A['description'] : ''); $A['event_type'] = (isset($A['event_type']) ? $A['event_type'] : ''); - if ($A['url'] == 'http://') { + if ($A['url'] === 'http://' || $A['url'] === 'https://') { // remove default entry now to avoid false spam reports $A['url'] = ''; } // pseudo-formatted event description for the spam check - $spamcheck = ''; + $spamCheck = ''; if (empty($A['url'])) { - $spamcheck .= $A['title']; + $spamCheck .= $A['title']; } else { - $spamcheck .= COM_createLink($A['title'], $A['url']); + $spamCheck .= COM_createLink($A['title'], $A['url']); } - $spamcheck .= '' . $A['location'] . '' + $spamCheck .= '' . $A['location'] . '' . $A['address1'] . '' . $A['address2'] . '' . $A['city'] . ', ' . $A['zipcode'] . '' . $A['description'] . '

    '; - $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); + $result = PLG_checkforSpam($spamCheck, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('submit'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); @@ -505,15 +506,15 @@ function plugin_savesubmission_calendar($A) // Remove any autotags the user doesn't have permission to use $A['description'] = PLG_replaceTags($A['description'], '', true); - $A['description'] = DB_escapeString(htmlspecialchars(COM_checkWords($A['description']))); - $A['address1'] = DB_escapeString(strip_tags(COM_checkWords($A['address1']))); - $A['address2'] = DB_escapeString(strip_tags(COM_checkWords($A['address2']))); - $A['city'] = DB_escapeString(strip_tags(COM_checkWords($A['city']))); - $A['zipcode'] = DB_escapeString(strip_tags(COM_checkWords($A['zipcode']))); - $A['state'] = DB_escapeString(strip_tags(COM_checkWords($A['state']))); - $A['location'] = DB_escapeString(strip_tags(COM_checkWords($A['location']))); - $A['event_type'] = DB_escapeString(strip_tags(COM_checkWords($A['event_type']))); - $A['title'] = DB_escapeString($A['title']); + $A['description'] = DB_escapeString(htmlspecialchars(GLText::removeUtf8Icons(COM_checkWords($A['description'])))); + $A['address1'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['address1'])))); + $A['address2'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['address2'])))); + $A['city'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['city'])))); + $A['zipcode'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['zipcode'])))); + $A['state'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['state'])))); + $A['location'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['location'])))); + $A['event_type'] = DB_escapeString(GLText::removeUtf8Icons(strip_tags(COM_checkWords($A['event_type'])))); + $A['title'] = DB_escapeString(GLText::removeUtf8Icons($A['title'])); $A['url'] = DB_escapeString(COM_sanitizeUrl($A['url'])); diff --git a/plugins/staticpages/services.inc.php b/plugins/staticpages/services.inc.php index a51f21691..340893165 100644 --- a/plugins/staticpages/services.inc.php +++ b/plugins/staticpages/services.inc.php @@ -52,9 +52,9 @@ /** * Submit static page. The page is updated if it exists, or a new one is created * - * @param array args Contains all the data provided by the client - * @param string &output OUTPUT parameter containing the returned text - * @param string &svc_msg OUTPUT parameter containing any service messages + * @param array $args Contains all the data provided by the client + * @param string $output OUTPUT parameter containing the returned text + * @param string $svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) @@ -203,7 +203,7 @@ function service_submit_staticpages($args, &$output, &$svc_msg) return PLG_RET_ERROR; } - + if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; @@ -356,7 +356,7 @@ function service_submit_staticpages($args, &$output, &$svc_msg) $sp_onlastupdate = 1; } else { $sp_onlastupdate = 0; - } + } if ($sp_nf == 'on') { $sp_nf = 1; } else { @@ -393,12 +393,20 @@ function service_submit_staticpages($args, &$output, &$svc_msg) if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } + $sp_content = GLText::removeUtf8Icons($sp_content); + $sp_title = strip_tags($sp_title); + $sp_title = GLText::removeUtf8Icons($sp_title); $sp_page_title = strip_tags($sp_page_title); + $sp_page_title = GLText::removeUtf8Icons($sp_page_title); $sp_label = strip_tags($sp_label); + $sp_label = GLText::removeUtf8Icons($sp_label); $meta_description = strip_tags($meta_description); + $meta_description = GLText::removeUtf8Icons($meta_description); $meta_keywords = strip_tags($meta_keywords); + $meta_keywords = GLText::removeUtf8Icons($meta_keywords); + $sp_help = GLText::removeUtf8Icons($sp_help); $sp_content = DB_escapeString($sp_content); $sp_title = DB_escapeString($sp_title); @@ -406,6 +414,7 @@ function service_submit_staticpages($args, &$output, &$svc_msg) $sp_label = DB_escapeString($sp_label); $meta_description = DB_escapeString($meta_description); $meta_keywords = DB_escapeString($meta_keywords); + $sp_help = DB_escapeString($sp_help); // If user does not have php edit perms, then set php flag to 0. if (($_SP_CONF['allow_php'] != 1) || !SEC_hasRights('staticpages.PHP')) { @@ -499,14 +508,14 @@ function service_submit_staticpages($args, &$output, &$svc_msg) } // Retrieve created date - $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '$sp_id'"); - if ($datecreated == '') { - $datecreated = date('Y-m-d H:i:s'); + $dateCreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '$sp_id'"); + if ($dateCreated == '') { + $dateCreated = date('Y-m-d H:i:s'); } DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_onhits,sp_onlastupdate,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,cache_time,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_where,sp_inblock,postmode', - "'$sp_id','$sp_title','$sp_page_title','$sp_content','$datecreated',NOW(),$sp_hits,'$sp_format',$sp_onmenu,$sp_onhits,$sp_onlastupdate,'$sp_label','$commentcode','$meta_description','$meta_keywords',$template_flag,'$template_id',$draft_flag,$cache_time,$owner_id,$group_id," + "'$sp_id','$sp_title','$sp_page_title','$sp_content','$dateCreated',NOW(),$sp_hits,'$sp_format',$sp_onmenu,$sp_onhits,$sp_onlastupdate,'$sp_label','$commentcode','$meta_description','$meta_keywords',$template_flag,'$template_id',$draft_flag,$cache_time,$owner_id,$group_id," . "$perm_owner,$perm_group,$perm_members,$perm_anon,'$sp_php','$sp_nf',$sp_centerblock,'$sp_help',$sp_where," . "'$sp_inblock','$postmode'"); diff --git a/public_html/admin/plugins/links/category.php b/public_html/admin/plugins/links/category.php index 853d0069d..9af386359 100644 --- a/public_html/admin/plugins/links/category.php +++ b/public_html/admin/plugins/links/category.php @@ -36,23 +36,23 @@ /** * Geeklog links categories administration page. * - * @package Links + * @package Links * @subpackage admin * @filesource - * @version 2.1 - * @since Geeklog 1.5.0 - * @copyright Copyright © 2000-2009 - * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 - * @author Tony Bibbs, tony AT tonybibbs DOT com - * @author Mark Limburg, mlimburg AT users.sourceforge DOT net - * @author Jason Whittenburg, jwhitten AT securitygeeks DOT com - * @author Dirk Haun, dirk AT haun-online DOT de - * @author Euan McKay, info AT heatherengineering DOT com + * @version 2.1 + * @since Geeklog 1.5.0 + * @copyright Copyright © 2000-2009 + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * @author Tony Bibbs, tony AT tonybibbs DOT com + * @author Mark Limburg, mlimburg AT users.sourceforge DOT net + * @author Jason Whittenburg, jwhitten AT securitygeeks DOT com + * @author Dirk Haun, dirk AT haun-online DOT de + * @author Euan McKay, info AT heatherengineering DOT com */ -/** -* Geeklog common function library and Admin authentication -*/ +global $_CONF, $_USER, $_LI_CONF, $LANG_LINKS_ADMIN, $LANG_ADMIN, $MESSAGE; + +// Geeklog common function library and Admin authentication require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; @@ -71,15 +71,12 @@ exit; } - // +--------------------------------------------------------------------------+ // | Category administration functions | // | Located here so that in the future, users can also have their own link | // | collections with categories over which they have edit access. | // +--------------------------------------------------------------------------+ - - // Returns a category tree of categories in the database to which // the user has edit access @@ -91,47 +88,56 @@ function links_list_categories($root) require_once $_CONF['path_system'] . 'lib-admin.php'; $retval = ''; - $header_arr = array( # display 'text' and use table field 'field' - array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), - array('text' => $LANG_LINKS_ADMIN[44], 'field' => 'addchild', 'sort' => false), - array('text' => $LANG_LINKS_ADMIN[30], 'field' => 'category', 'sort' => true), - array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), - array('text' => $LANG_LINKS_ADMIN[33], 'field' => 'tid', 'sort' => true)); + array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), + array('text' => $LANG_LINKS_ADMIN[44], 'field' => 'addchild', 'sort' => false), + array('text' => $LANG_LINKS_ADMIN[30], 'field' => 'category', 'sort' => true), + array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), + array('text' => $LANG_LINKS_ADMIN[33], 'field' => 'tid', 'sort' => true), + ); $defsort_arr = array('field' => 'category', 'direction' => 'asc'); $links_url = $_CONF['site_admin_url'] . '/plugins/links'; - $menu_arr = array ( - array('url' => $links_url . '/index.php', - 'text' => $LANG_LINKS_ADMIN[53]), - array('url' => $links_url . '/index.php?mode=edit', - 'text' => $LANG_LINKS_ADMIN[51]), - array('url' => $links_url . '/index.php?validate=enabled', - 'text' => $LANG_LINKS_ADMIN[26]), - array('url' => $links_url . '/category.php', - 'text' => $LANG_LINKS_ADMIN[50]), - array('url' => $links_url . '/category.php?mode=edit', - 'text' => $LANG_LINKS_ADMIN[52]), - array('url' => $_CONF['site_admin_url'], - 'text' => $LANG_ADMIN['admin_home']) + $menu_arr = array( + array( + 'url' => $links_url . '/index.php', + 'text' => $LANG_LINKS_ADMIN[53], + ), + array( + 'url' => $links_url . '/index.php?mode=edit', + 'text' => $LANG_LINKS_ADMIN[51], + ), + array( + 'url' => $links_url . '/index.php?validate=enabled', + 'text' => $LANG_LINKS_ADMIN[26], + ), + array( + 'url' => $links_url . '/category.php', + 'text' => $LANG_LINKS_ADMIN[50], + ), + array( + 'url' => $links_url . '/category.php?mode=edit', + 'text' => $LANG_LINKS_ADMIN[52], + ), + array( + 'url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home'], + ), ); - $retval .= COM_startBlock($LANG_LINKS_ADMIN[54], '', - COM_getBlockTemplate('_admin_block', 'header')); - + $retval .= COM_startBlock($LANG_LINKS_ADMIN[54], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG_LINKS_ADMIN[12], plugin_geticon_links()); $text_arr = array( 'has_extras' => true, - 'form_url' => $_CONF['site_admin_url'] . '/plugins/links/category.php' + 'form_url' => $_CONF['site_admin_url'] . '/plugins/links/category.php', ); $dummy = array(); - $data_arr = links_list_categories_recursive ($dummy, $_LI_CONF['root'], 0); + $data_arr = links_list_categories_recursive($dummy, $_LI_CONF['root'], 0); - $retval .= ADMIN_simpleList('plugin_getListField_categories', $header_arr, - $text_arr, $data_arr); + $retval .= ADMIN_simpleList('plugin_getListField_categories', $header_arr, $text_arr, $data_arr); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; @@ -168,9 +174,13 @@ function links_list_categories_recursive($data_arr, $cid, $indent) return $data_arr; } - -// Returns form to create a new category or edit an existing one - +/** + * Returns form to create a new category or edit an existing one + * + * @param int $cid + * @param int $pid + * @return string + */ function links_edit_category($cid, $pid) { global $_CONF, $_TABLES, $_USER, $MESSAGE, @@ -189,8 +199,7 @@ function links_edit_category($cid, $pid) $A['pid'] = $pid; } elseif (!empty($cid)) { // have category id, so editing a category - $sql = "SELECT * FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'" - . COM_getPermSQL('AND'); + $sql = "SELECT * FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'" . COM_getPermSQL('AND'); $result = DB_query($sql); $A = DB_fetchArray($result); } else { @@ -199,11 +208,14 @@ function links_edit_category($cid, $pid) $A['group_id'] = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Links Admin'"); SEC_setDefaultPermissions($A, $_LI_CONF['category_permissions']); $A['owner_id'] = $_USER['uid']; - $A['pid'] = $_LI_CONF['root']; + $A['pid'] = $_LI_CONF['root']; } - $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], - $A['perm_group'], $A['perm_members'], $A['perm_anon']); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); if ($access < 3) { return COM_showMessage(6, 'links'); @@ -211,8 +223,7 @@ function links_edit_category($cid, $pid) $token = SEC_createToken(); - $retval .= COM_startBlock($LANG_LINKS_ADMIN[56], '', - COM_getBlockTemplate('_admin_block', 'header')); + $retval .= COM_startBlock($LANG_LINKS_ADMIN[56], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= SEC_getTokenExpiryNotice($token); $T = COM_newTemplate(CTL_plugin_templatePath('links', 'admin')); @@ -235,7 +246,7 @@ function links_edit_category($cid, $pid) if (!empty($cid)) { $delbutton = ''; + . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $T->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $T->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); @@ -277,9 +288,10 @@ function links_edit_category($cid, $pid) $T->set_var('topic_selection', ''); */ - $T->set_var('topic_selection', ''); - + $T->set_var( + 'topic_selection', + '' + ); if (empty($cid)) { $num_links = $LANG_ADMIN['na']; @@ -302,7 +314,7 @@ function links_edit_category($cid, $pid) $T->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); $T->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $T->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], - $A['perm_group'], $A['perm_members'], $A['perm_anon'])); + $A['perm_group'], $A['perm_members'], $A['perm_anon'])); $T->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $T->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']); $T->set_var('gltoken_name', CSRF_TOKEN); @@ -315,40 +327,42 @@ function links_edit_category($cid, $pid) return $retval; } - /* * Save changes to category information * input array values from form (unvalidated, unsafe) * output string message giving outcome status of requested operation + * @return int */ - function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17; // Convert array values to numeric permission values - if (is_array($perm_owner) OR is_array($perm_group) OR is_array($perm_members) OR is_array($perm_anon)) { - list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); + if (is_array($perm_owner) || is_array($perm_group) || is_array($perm_members) || is_array($perm_anon)) { + list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); + // clean 'em up - $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), - 'links.edit')); - $category = DB_escapeString(COM_checkHTML(COM_checkWords($category), - 'links.edit')); - $pid = DB_escapeString(strip_tags($pid)); - $cid = DB_escapeString(strip_tags($cid)); - $old_cid = DB_escapeString(strip_tags($old_cid)); + $description = COM_checkHTML(COM_checkWords($description), 'links.edit'); + $description = GLText::removeUtf8Icons($description); + $description = DB_escapeString($description); + $category = COM_checkHTML(COM_checkWords($category), 'links.edit'); + $category = GLText::removeUtf8Icons($category); + $category = DB_escapeString($category); + $pid = DB_escapeString(strip_tags($pid)); + $cid = DB_escapeString(strip_tags($cid)); + $old_cid = DB_escapeString(strip_tags($old_cid)); if (empty($category) || empty($description)) { return 7; } // Check cid to make sure not illegal - if (($cid == DB_escapeString($_LI_CONF['root'])) || ($cid == 'user')) { + if (($cid == DB_escapeString($_LI_CONF['root'])) || ($cid === 'user')) { return 11; } @@ -372,31 +386,35 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid // Make sure they aren't making a parent category child of one of it's own // children. This would create orphans - if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid',"cid='{$pid}'")) { + if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) { return 12; } - $access = 0; - if (DB_count ($_TABLES['linkcategories'], 'cid', $old_cid) > 0) { + if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) { // update existing item, but new cid so get access from database with old cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'"); - $A = DB_fetchArray ($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'], - $A['perm_group'],$A['perm_members'],$A['perm_anon']); + $A = DB_fetchArray($result); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); // set flag $update = "existing"; - } else if (DB_count ($_TABLES['linkcategories'], 'cid', $cid) > 0) { + } elseif (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // update existing item, same cid, so get access from database with existing cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"); - $A = DB_fetchArray ($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'], - $A['perm_group'],$A['perm_members'],$A['perm_anon']); + $A = DB_fetchArray($result); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); // set flag - $update = "same"; + $update = 'same'; } else { // new item, so use passed values - $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, - $perm_members, $perm_anon); + $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); // set flag $update = 'new'; } @@ -404,10 +422,11 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid if ($access < 3) { // no access rights: user should not be here COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid)); + return 6; } else { // save item - if ($update == 'existing') { + if ($update === 'existing') { // update an existing item but new cid $sql = "UPDATE {$_TABLES['linkcategories']} SET cid='{$cid}', @@ -423,7 +442,7 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid // Also need to update links for this category $sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'"; $result = DB_query($sql); - } else if ($update == 'same') { + } elseif ($update === 'same') { // update an existing item $sql = "UPDATE {$_TABLES['linkcategories']} SET pid='{$pid}', @@ -454,7 +473,7 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid $result = DB_query($sql); } - if (($update == 'existing') && ($cid != $old_cid)) { + if (($update === 'existing') && ($cid != $old_cid)) { PLG_itemSaved($cid, 'links.category', $old_cid); } else { PLG_itemSaved($cid, 'links.category'); @@ -464,26 +483,24 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid return 10; // success message } - /* * Delete a category * input $cid string category id number * output string message about success of requested operation */ - function links_delete_category($cid) { - global $_TABLES, $LANG_LINKS_ADMIN; + global $_TABLES, $_USER, $LANG_LINKS_ADMIN; $cid = DB_escapeString($cid); - if (DB_count ($_TABLES['linkcategories'], 'cid', $cid) > 0) { + if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // item exists so check access rights $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"); - $A = DB_fetchArray ($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'], - $A['perm_group'],$A['perm_members'],$A['perm_anon']); + $A = DB_fetchArray($result); + $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], + $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access > 2) { // has edit rights // Check for subfolders and sublinks @@ -493,6 +510,7 @@ function links_delete_category($cid) // No subfolder/links so OK to delete DB_delete($_TABLES['linkcategories'], 'cid', $cid); PLG_itemDeleted($cid, 'links.category'); + return 13; } else { // Subfolders and/or sublinks exist so return a message @@ -500,8 +518,9 @@ function links_delete_category($cid) } } else { // no access - return 15; COM_accessLog(sprintf($LANG_LINKS_ADMIN[46], $_USER['username'])); + + return 15; } } else { // no such category @@ -509,9 +528,7 @@ function links_delete_category($cid) } } - // MAIN - $mode = ''; if (isset ($_REQUEST['mode'])) { $mode = $_REQUEST['mode']; @@ -520,7 +537,7 @@ function links_delete_category($cid) $root = $_LI_CONF['root']; // delete category -if ((($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) || ($mode=="delete")) { +if ((($mode == $LANG_ADMIN['delete']) && !empty($LANG_ADMIN['delete'])) || ($mode == "delete")) { $cid = ''; if (isset($_REQUEST['cid'])) { $cid = strip_tags($_REQUEST['cid']); @@ -538,23 +555,24 @@ function links_delete_category($cid) COM_accessLog("User {$_USER['username']} tried to illegally delete link category $cid and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/index.php'); } - -// save category + // save category } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { - $msg = links_save_category($_POST['cid'], $_POST['old_cid'], - $_POST['pid'], $_POST['category'], - $_POST['description'], COM_applyFilter($_POST['tid']), - COM_applyFilter($_POST['owner_id'], true), - COM_applyFilter($_POST['group_id'], true), - $_POST['perm_owner'], $_POST['perm_group'], - $_POST['perm_members'], $_POST['perm_anon']); - - $display .= COM_showMessage ($msg, 'links'); + $msg = links_save_category( + $_POST['cid'], $_POST['old_cid'], + $_POST['pid'], $_POST['category'], + $_POST['description'], COM_applyFilter($_POST['tid']), + COM_applyFilter($_POST['owner_id'], true), + COM_applyFilter($_POST['group_id'], true), + $_POST['perm_owner'], $_POST['perm_group'], + $_POST['perm_members'], $_POST['perm_anon'] + ); + + $display .= COM_showMessage($msg, 'links'); $display .= links_list_categories($root); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[11])); -// edit category -} else if ($mode == 'edit') { + // edit category +} elseif ($mode == 'edit') { $pid = ''; if (isset($_GET['pid'])) { $pid = strip_tags(COM_stripslashes($_GET['pid'])); @@ -566,12 +584,12 @@ function links_delete_category($cid) $display .= links_edit_category($cid, $pid); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[56])); -// nothing, so list categories + // nothing, so list categories } else { if (isset ($_REQUEST['msg'])) { - $msg = COM_applyFilter ($_REQUEST['msg'], true); + $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { - $display .= COM_showMessage ($msg, 'links'); + $display .= COM_showMessage($msg, 'links'); } } $display .= links_list_categories($root); @@ -579,5 +597,3 @@ function links_delete_category($cid) } COM_output($display); - -?> diff --git a/public_html/admin/plugins/links/index.php b/public_html/admin/plugins/links/index.php index c46a92351..c00582726 100644 --- a/public_html/admin/plugins/links/index.php +++ b/public_html/admin/plugins/links/index.php @@ -35,23 +35,23 @@ /** * Geeklog links administration page. * - * @package Links + * @package Links * @subpackage admin * @filesource - * @version 2.0 - * @since GL 1.4.0 - * @copyright Copyright © 2005-2007 - * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 - * @author Trinity Bays - * @author Tony Bibbs - * @author Tom Willett - * @author Blaine Lang - * @author Dirk Haun + * @version 2.0 + * @since GL 1.4.0 + * @copyright Copyright © 2005-2007 + * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 + * @author Trinity Bays + * @author Tony Bibbs + * @author Tom Willett + * @author Blaine Lang + * @author Dirk Haun */ -/** -* Geeklog common function library and Admin authentication -*/ +global $_CONF, $_USER, $LANG_ADMIN; + +// Geeklog common function library and Admin authentication require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; @@ -72,21 +72,13 @@ } /** -* Shows the links editor -* -* @param string $mode Used to see if we are moderating a link or simply editing one -* @param string $lid ID of link to edit -* @global array core config vars -* @global array core group data -* @global array core table data -* @global array core user data -* @global array links plugin config vars -* @global array links plugin lang vars -* @global array core lang access vars -* @return string HTML for the link editor form -* -*/ -function editlink ($mode, $lid = '') + * Shows the links editor + * + * @param string $mode Used to see if we are moderating a link or simply editing one + * @param string $lid ID of link to edit + * @return string HTML for the link editor form + */ +function editlink($mode, $lid = '') { global $_CONF, $_GROUPS, $_TABLES, $_USER, $_LI_CONF, $LANG_LINKS_ADMIN, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE; @@ -94,7 +86,7 @@ function editlink ($mode, $lid = '') $retval = ''; $link_templates = COM_newTemplate(CTL_plugin_templatePath('links', 'admin')); - $link_templates->set_file('editor','linkeditor.thtml'); + $link_templates->set_file('editor', 'linkeditor.thtml'); $link_templates->set_var('lang_pagetitle', $LANG_LINKS_ADMIN[28]); $link_templates->set_var('lang_link_list', $LANG_LINKS_ADMIN[53]); @@ -105,56 +97,57 @@ function editlink ($mode, $lid = '') $link_templates->set_var('lang_admin_home', $LANG_ADMIN['admin_home']); $link_templates->set_var('instructions', $LANG_LINKS_ADMIN[29]); - if ($mode <> 'editsubmission' AND !empty($lid)) { + if ($mode !== 'editsubmission' && !empty($lid)) { $result = DB_query("SELECT * FROM {$_TABLES['links']} WHERE lid ='$lid'"); if (DB_numRows($result) !== 1) { $msg = COM_showMessageText($LANG_LINKS_ADMIN[25], $LANG_LINKS_ADMIN[24]); + return $msg; } $A = DB_fetchArray($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); - if ($access == 0 OR $access == 2) { + $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); + if ($access == 0 || $access == 2) { $retval .= COM_showMessageText($LANG_LINKS_ADMIN[17], $LANG_LINKS_ADMIN[16]); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link $lid."); + return $retval; } } else { - if ($mode == 'editsubmission') { - $result = DB_query ("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '$lid'"); + if ($mode === 'editsubmission') { + $result = DB_query("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '$lid'"); $A = DB_fetchArray($result); } else { - $A['lid'] = COM_makesid(); + $A['lid'] = COM_makeSid(); $A['cid'] = ''; $A['url'] = ''; $A['description'] = ''; - $A['title']= ''; + $A['title'] = ''; $A['owner_id'] = $_USER['uid']; } $A['hits'] = 0; if (isset ($_GROUPS['Links Admin'])) { $A['group_id'] = $_GROUPS['Links Admin']; } else { - $A['group_id'] = SEC_getFeatureGroup ('links.edit'); + $A['group_id'] = SEC_getFeatureGroup('links.edit'); } - SEC_setDefaultPermissions ($A, $_LI_CONF['default_permissions']); + SEC_setDefaultPermissions($A, $_LI_CONF['default_permissions']); $access = 3; } $token = SEC_createToken(); - $retval .= COM_startBlock($LANG_LINKS_ADMIN[1], '', - COM_getBlockTemplate('_admin_block', 'header')); + $retval .= COM_startBlock($LANG_LINKS_ADMIN[1], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= SEC_getTokenExpiryNotice($token); $link_templates->set_var('link_id', $A['lid']); if (!empty($lid) && SEC_hasRights('links.edit')) { - $delbutton = ''; - $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; - $link_templates->set_var ('delete_option', - sprintf ($delbutton, $jsconfirm)); - $link_templates->set_var ('delete_option_no_confirmation', - sprintf ($delbutton, '')); + $delButton = ''; + $jsConfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; + $link_templates->set_var('delete_option', + sprintf($delButton, $jsConfirm)); + $link_templates->set_var('delete_option_no_confirmation', + sprintf($delButton, '')); $link_templates->set_var('allow_delete', true); $link_templates->set_var('lang_delete', $LANG_ADMIN['delete']); @@ -168,14 +161,14 @@ function editlink ($mode, $lid = '') } $link_templates->set_var('lang_linktitle', $LANG_LINKS_ADMIN[3]); $link_templates->set_var('link_title', - htmlspecialchars (stripslashes ($A['title']))); + htmlspecialchars(stripslashes($A['title']))); $link_templates->set_var('lang_linkid', $LANG_LINKS_ADMIN[2]); $link_templates->set_var('lang_linkurl', $LANG_LINKS_ADMIN[4]); $link_templates->set_var('max_url_length', 255); $link_templates->set_var('link_url', $A['url']); $link_templates->set_var('lang_includehttp', $LANG_LINKS_ADMIN[6]); $link_templates->set_var('lang_category', $LANG_LINKS_ADMIN[5]); - $othercategory = links_select_box (3,$A['cid']); + $othercategory = links_select_box(3, $A['cid']); $link_templates->set_var('category_options', $othercategory); $link_templates->set_var('lang_ifotherspecify', $LANG_LINKS_ADMIN[20]); $link_templates->set_var('category', $othercategory); @@ -184,7 +177,7 @@ function editlink ($mode, $lid = '') $link_templates->set_var('lang_linkdescription', $LANG_LINKS_ADMIN[9]); $link_templates->set_var('link_description', stripslashes($A['description'])); $allowed = COM_allowedHTML('links.edit') - . COM_allowedAutotags(); + . COM_allowedAutotags(); $link_templates->set_var('lang_allowed_html', $allowed); $link_templates->set_var('lang_save', $LANG_ADMIN['save']); $link_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); @@ -192,19 +185,19 @@ function editlink ($mode, $lid = '') // user access info $link_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $link_templates->set_var('lang_owner', $LANG_ACCESS['owner']); - $ownername = COM_getDisplayName ($A['owner_id']); + $ownername = COM_getDisplayName($A['owner_id']); $link_templates->set_var('owner_username', DB_getItem($_TABLES['users'], - 'username', "uid = {$A['owner_id']}")); + 'username', "uid = {$A['owner_id']}")); $link_templates->set_var('owner_name', $ownername); $link_templates->set_var('owner', $ownername); $link_templates->set_var('link_ownerid', $A['owner_id']); $link_templates->set_var('lang_group', $LANG_ACCESS['group']); $link_templates->set_var('group_dropdown', - SEC_getGroupDropdown ($A['group_id'], $access)); + SEC_getGroupDropdown($A['group_id'], $access)); $link_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $link_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); $link_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); - $link_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon'])); + $link_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon'])); $link_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $link_templates->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']); $link_templates->set_var('gltoken_name', CSRF_TOKEN); @@ -212,56 +205,52 @@ function editlink ($mode, $lid = '') $link_templates->parse('output', 'editor'); $retval .= $link_templates->finish($link_templates->get_var('output')); - $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); + $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; } /** -* Saves link to the database -* -* @param string $lid ID for link -* @param string $old_lid old ID for link -* @param string $cid cid of category link belongs to -* @param string $categorydd Category links belong to -* @param string $url URL of link to save -* @param string $description Description of link -* @param string $title Title of link -* @param int $hits Number of hits for link -* @param int $owner_id ID of owner -* @param int $group_id ID of group link belongs to -* @param int $perm_owner Permissions the owner has -* @param int $perm_group Permissions the group has -* @param int $perm_members Permissions members have -* @param int $perm_anon Permissions anonymous users have -* @return string HTML redirect or error message -* @global array core config vars -* @global array core group data -* @global array core table data -* @global array core user data -* @global array core msg data -* @global array links plugin lang admin vars -* -*/ -function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) + * Saves link to the database + * + * @param string $lid ID for link + * @param string $old_lid old ID for link + * @param string $cid cid of category link belongs to + * @param string $categoryDd Category links belong to + * @param string $url URL of link to save + * @param string $description Description of link + * @param string $title Title of link + * @param int $hits Number of hits for link + * @param int $owner_id ID of owner + * @param int $group_id ID of group link belongs to + * @param int $perm_owner Permissions the owner has + * @param int $perm_group Permissions the group has + * @param int $perm_members Permissions members have + * @param int $perm_anon Permissions anonymous users have + * @return string HTML redirect or error message + */ +function savelink($lid, $old_lid, $cid, $categoryDd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values - if (is_array($perm_owner) OR is_array($perm_group) OR is_array($perm_members) OR is_array($perm_anon)) { - list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); + if (is_array($perm_owner) || is_array($perm_group) || is_array($perm_members) || is_array($perm_anon)) { + list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } - // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up - $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), - 'links.edit')); - $title = DB_escapeString(strip_tags(COM_checkWords($title))); + $description = COM_checkHTML(COM_checkWords($description), 'links.edit'); + $description = GLText::removeUtf8Icons($description); + $description = DB_escapeString($description); + $title = strip_tags(COM_checkWords($title)); + $title = GLText::removeUtf8Icons($title); + $title = DB_escapeString($title); + $cid = GLText::removeUtf8Icons($cid); $cid = DB_escapeString($cid); if (empty ($owner_id)) { @@ -270,7 +259,7 @@ function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title if (isset ($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { - $group_id = SEC_getFeatureGroup ('links.edit'); + $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; @@ -298,35 +287,39 @@ function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title } $access = 0; - $old_lid = DB_escapeString ($old_lid); - if (DB_count ($_TABLES['links'], 'lid', $old_lid) > 0) { - $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); - $A = DB_fetchArray ($result); - $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], - $A['perm_owner'], $A['perm_group'], $A['perm_members'], - $A['perm_anon']); + $old_lid = DB_escapeString($old_lid); + if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { + $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); + $A = DB_fetchArray($result); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); } else { - $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group, - $perm_members, $perm_anon); + $access = SEC_hasAccess( + $owner_id, $group_id, + $perm_owner, $perm_group, + $perm_members, $perm_anon + ); } if (($access < 3) || !SEC_inGroup($group_id)) { - $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); + $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link $lid."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { - - if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { - $cid = DB_escapeString($categorydd); - } else if ($categorydd != $LANG_LINKS_ADMIN[7]) { + if ($categoryDd != $LANG_LINKS_ADMIN[7] && !empty($categoryDd)) { + $cid = DB_escapeString($categoryDd); + } elseif ($categoryDd != $LANG_LINKS_ADMIN[7]) { COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php'); } - DB_delete ($_TABLES['linksubmission'], 'lid', $old_lid); - DB_delete ($_TABLES['links'], 'lid', $old_lid); + DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); + DB_delete($_TABLES['links'], 'lid', $old_lid); - DB_save ($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'$lid','$cid','$url','$description','$title',NOW(),'$hits',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon"); + DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'$lid','$cid','$url','$description','$title',NOW(),'$hits',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon"); if (empty($old_lid) || ($old_lid == $lid)) { PLG_itemSaved($lid, 'links'); @@ -335,22 +328,22 @@ function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title } // Get category for rdf check - $category = DB_getItem ($_TABLES['linkcategories'],"category","cid='{$cid}'"); - COM_rdfUpToDateCheck ('links', $category, $lid); + $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); + COM_rdfUpToDateCheck('links', $category, $lid); - return PLG_afterSaveSwitch ( + return PLG_afterSaveSwitch( $_LI_CONF['aftersave'], - COM_buildURL ("{$_CONF['site_url']}/links/portal.php?what=link&item=$lid"), + COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item=$lid"), 'links', 2 ); } else { // missing fields - $retval .= COM_errorLog($LANG_LINKS_ADMIN[10],2); - if (DB_count ($_TABLES['links'], 'lid', $old_lid) > 0) { - $retval .= editlink ('edit', $old_lid); + $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); + if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { + $retval .= editlink('edit', $old_lid); } else { - $retval .= editlink ('edit', ''); + $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); @@ -360,17 +353,10 @@ function savelink ($lid, $old_lid, $cid, $categorydd, $url, $description, $title /** * List links - * @global array core config vars - * @global array core table data - * @global array core user data - * @global array core lang admin vars - * @global array links plugin lang vars - * @global array core lang access vars */ -function listlinks () +function listlinks() { - global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_LINKS_ADMIN, $LANG_ACCESS, - $_IMAGE_TYPE; + global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_LINKS_ADMIN, $LANG_ACCESS, $_IMAGE_TYPE; require_once $_CONF['path_system'] . 'lib-admin.php'; @@ -381,80 +367,91 @@ function listlinks () array('text' => $LANG_LINKS_ADMIN[2], 'field' => 'lid', 'sort' => true), array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), - array('text' => $LANG_LINKS_ADMIN[14], 'field' => 'category', 'sort' => true) + array('text' => $LANG_LINKS_ADMIN[14], 'field' => 'category', 'sort' => true), ); - $menu_arr = array ( - array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?mode=edit', - 'text' => $LANG_LINKS_ADMIN[51]) + $menu_arr = array( + array( + 'url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?mode=edit', + 'text' => $LANG_LINKS_ADMIN[51] + ), ); $validate = ''; if (isset($_GET['validate'])) { $token = SEC_createToken(); - $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php', - 'text' => $LANG_LINKS_ADMIN[53]); - $dovalidate_url = $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=validate' . '&'.CSRF_TOKEN.'='.$token; - $dovalidate_text = $LANG_LINKS_ADMIN[58]; - $form_arr['top'] = COM_createLink($dovalidate_text, $dovalidate_url); - if ($_GET['validate'] == 'enabled') { + $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php', + 'text' => $LANG_LINKS_ADMIN[53]); + $doValidateUrl = $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=validate' . '&' . CSRF_TOKEN . '=' . $token; + $doValidateText = $LANG_LINKS_ADMIN[58]; + $form_arr['top'] = COM_createLink($doValidateText, $doValidateUrl); + if ($_GET['validate'] === 'enabled') { $header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'beforevalidate', 'sort' => false); $validate = '?validate=enabled'; - } else if ($_GET['validate'] == 'validate') { + } elseif ($_GET['validate'] === 'validate') { $header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'dovalidate', 'sort' => false); - $validate = '?validate=validate&'.CSRF_TOKEN.'='.$token; + $validate = '?validate=validate&' . CSRF_TOKEN . '=' . $token; } $validate_help = $LANG_LINKS_ADMIN[59]; } else { - $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=enabled', - 'text' => $LANG_LINKS_ADMIN[26]); + $menu_arr[] = array( + 'url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=enabled', + 'text' => $LANG_LINKS_ADMIN[26] + ); $form_arr = array(); $validate_help = ''; } $defsort_arr = array('field' => 'title', 'direction' => 'asc'); - $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/category.php', - 'text' => $LANG_LINKS_ADMIN[50]); - $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/category.php?mode=edit', - 'text' => $LANG_LINKS_ADMIN[52]); - $menu_arr[] = array('url' => $_CONF['site_admin_url'], - 'text' => $LANG_ADMIN['admin_home']); + $menu_arr[] = array( + 'url' => $_CONF['site_admin_url'] . '/plugins/links/category.php', + 'text' => $LANG_LINKS_ADMIN[50] + ); + $menu_arr[] = array( + 'url' => $_CONF['site_admin_url'] . '/plugins/links/category.php?mode=edit', + 'text' => $LANG_LINKS_ADMIN[52] + ); + $menu_arr[] = array( + 'url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home'] + ); $retval .= COM_startBlock($LANG_LINKS_ADMIN[11], '', - COM_getBlockTemplate('_admin_block', 'header')); + COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG_LINKS_ADMIN[12] . $validate_help, plugin_geticon_links()); $text_arr = array( 'has_extras' => true, - 'form_url' => $_CONF['site_admin_url'] . "/plugins/links/index.php$validate" + 'form_url' => $_CONF['site_admin_url'] . "/plugins/links/index.php$validate", ); - $query_arr = array('table' => 'links', - 'sql' => "SELECT l.lid AS lid, l.cid as cid, l.title AS title, " - . "c.category AS category, l.url AS url, l.description AS description, " - . "l.owner_id, l.group_id, l.perm_owner, l.perm_group, l.perm_members, l.perm_anon " - . "FROM {$_TABLES['links']} AS l " - . "LEFT JOIN {$_TABLES['linkcategories']} AS c " - . "ON l.cid=c.cid WHERE 1=1", - 'query_fields' => array('title', 'category', 'url', 'l.description'), - 'default_filter' => COM_getPermSql ('AND', 0, 3, 'l') + $query_arr = array( + 'table' => 'links', + 'sql' => "SELECT l.lid AS lid, l.cid as cid, l.title AS title, " + . "c.category AS category, l.url AS url, l.description AS description, " + . "l.owner_id, l.group_id, l.perm_owner, l.perm_group, l.perm_members, l.perm_anon " + . "FROM {$_TABLES['links']} AS l " + . "LEFT JOIN {$_TABLES['linkcategories']} AS c " + . "ON l.cid=c.cid WHERE 1=1", + 'query_fields' => array('title', 'category', 'url', 'l.description'), + 'default_filter' => COM_getPermSQL('AND', 0, 3, 'l'), ); $retval .= ADMIN_list('links', 'plugin_getListField_links', $header_arr, - $text_arr, $query_arr, $defsort_arr, '', '', '', $form_arr); + $text_arr, $query_arr, $defsort_arr, '', '', '', $form_arr); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; } /** -* Delete a link -* -* @param string $lid id of link to delete -* @param string $type 'submission' when attempting to delete a submission -*/ + * Delete a link + * + * @param string $lid id of link to delete + * @param string $type 'submission' when attempting to delete a submission + */ function deleteLink($lid, $type = '') { global $_CONF, $_TABLES, $_USER; @@ -462,9 +459,11 @@ function deleteLink($lid, $type = '') if (empty($type)) { // delete regular link $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid ='$lid'"); $A = DB_fetchArray($result); - $access = SEC_hasAccess($A['owner_id'], $A['group_id'], - $A['perm_owner'], $A['perm_group'], $A['perm_members'], - $A['perm_anon']); + $access = SEC_hasAccess( + $A['owner_id'], $A['group_id'], + $A['perm_owner'], $A['perm_group'], + $A['perm_members'], $A['perm_anon'] + ); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete link $lid."); COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php'); @@ -473,7 +472,7 @@ function deleteLink($lid, $type = '') DB_delete($_TABLES['links'], 'lid', $lid); PLG_itemDeleted($lid, 'links'); COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3'); - } elseif ($type == 'submission') { + } elseif ($type === 'submission') { if (plugin_ismoderator_links()) { DB_delete($_TABLES['linksubmission'], 'lid', $lid); COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3'); @@ -493,10 +492,10 @@ function deleteLink($lid, $type = '') $mode = $_REQUEST['mode']; } -if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { - $lid = COM_applyFilter ($_POST['lid']); +if (($mode === $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { + $lid = COM_applyFilter($_POST['lid']); if (!isset ($lid) || empty ($lid)) { // || ($lid == 0) - COM_errorLog ('Attempted to delete link lid=' . $lid ); + COM_errorLog('Attempted to delete link lid=' . $lid); COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php'); } elseif (SEC_checkToken()) { $type = ''; @@ -508,28 +507,28 @@ function deleteLink($lid, $type = '') COM_accessLog("User {$_USER['username']} tried to illegally delete link $lid and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/index.php'); } -} elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { +} elseif (($mode === $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { $cid = ''; if (isset($_POST['cid'])) { $cid = $_POST['cid']; } - $display .= savelink (COM_applyFilter ($_POST['lid']), - COM_applyFilter ($_POST['old_lid']), - $cid, $_POST['categorydd'], - $_POST['url'], $_POST['description'], $_POST['title'], - COM_applyFilter ($_POST['hits'], true), - COM_applyFilter ($_POST['owner_id'], true), - COM_applyFilter ($_POST['group_id'], true), - $_POST['perm_owner'], $_POST['perm_group'], - $_POST['perm_members'], $_POST['perm_anon']); -} else if ($mode == 'editsubmission') { - $display .= editlink ($mode, COM_applyFilter ($_GET['id'])); + $display .= savelink(COM_applyFilter($_POST['lid']), + COM_applyFilter($_POST['old_lid']), + $cid, $_POST['categorydd'], + $_POST['url'], $_POST['description'], $_POST['title'], + COM_applyFilter($_POST['hits'], true), + COM_applyFilter($_POST['owner_id'], true), + COM_applyFilter($_POST['group_id'], true), + $_POST['perm_owner'], $_POST['perm_group'], + $_POST['perm_members'], $_POST['perm_anon']); +} elseif ($mode === 'editsubmission') { + $display .= editlink($mode, COM_applyFilter($_GET['id'])); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[1])); -} else if ($mode == 'edit') { +} elseif ($mode === 'edit') { if (empty ($_GET['lid'])) { - $display .= editlink ($mode); + $display .= editlink($mode); } else { - $display .= editlink ($mode, COM_applyFilter ($_GET['lid'])); + $display .= editlink($mode, COM_applyFilter($_GET['lid'])); } $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[1])); } else { // 'cancel' or no mode at all @@ -544,5 +543,3 @@ function deleteLink($lid, $type = '') } COM_output($display); - -?> diff --git a/public_html/admin/plugins/polls/index.php b/public_html/admin/plugins/polls/index.php index e8aa811f7..733b559b7 100644 --- a/public_html/admin/plugins/polls/index.php +++ b/public_html/admin/plugins/polls/index.php @@ -33,15 +33,15 @@ // +---------------------------------------------------------------------------+ /** -* Polls plugin administration page -* -* @package Polls -* @subpackage admin -*/ + * Polls plugin administration page + * + * @package Polls + * @subpackage admin + */ -/** -* Geeklog common function library and Admin authentication -*/ +global $_CONF, $_USER, $MESSAGE, $LANG_ADMIN, $LANG21; + +// Geeklog common function library and Admin authentication require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; @@ -71,14 +71,14 @@ function listpolls() $retval = ''; // writing the menu on top - $menu_arr = array ( - array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php?mode=edit', + $menu_arr = array( + array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php?mode=edit', 'text' => $LANG_ADMIN['create_new']), - array('url' => $_CONF['site_admin_url'], + array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $retval .= COM_startBlock($LANG25[18], '', - COM_getBlockTemplate('_admin_block', 'header')); + COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu( $menu_arr, @@ -93,7 +93,7 @@ function listpolls() array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), - array('text' => $LANG25[33], 'field' => 'is_open', 'sort' => true) + array('text' => $LANG25[33], 'field' => 'is_open', 'sort' => true), ); $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc'); @@ -101,18 +101,18 @@ function listpolls() $text_arr = array( 'has_extras' => true, 'instructions' => $LANG25[19], - 'form_url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php' + 'form_url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php', ); $query_arr = array( - 'table' => 'polltopics', - 'sql' => "SELECT *,UNIX_TIMESTAMP(created) AS unixdate " + 'table' => 'polltopics', + 'sql' => "SELECT *,UNIX_TIMESTAMP(created) AS unixdate " . "FROM {$_TABLES['polltopics']} WHERE 1=1", - 'query_fields' => array('topic'), - 'default_filter' => COM_getPermSql ('AND') + 'query_fields' => array('topic'), + 'default_filter' => COM_getPermSQL('AND'), ); - $retval .= ADMIN_list ( + $retval .= ADMIN_list( 'polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr ); @@ -122,36 +122,38 @@ function listpolls() } /** -* Saves a poll -* -* Saves a poll topic and potential answers to the database -* -* @param string $pid Poll topic ID -* @param string $old_pid Previous poll topic ID -* @param array $Q Array of poll questions -* @param string $mainpage Checkbox: poll appears on homepage -* @param string $topic The text for the topic -* @param string $meta_description -* @param string $meta_keywords -* @param int $statuscode (unused) -* @param string $open Checkbox: poll open for voting -* @param string $hideresults Checkbox: hide results until closed -* @param int $commentcode Indicates if users can comment on poll -* @param array $A Array of possible answers -* @param array $V Array of vote per each answer -* @param array $R Array of remark per each answer -* @param int $owner_id ID of poll owner -* @param int $group_id ID of group poll belongs to -* @param int $perm_owner Permissions the owner has on poll -* @param int $perm_grup Permissions the group has on poll -* @param int $perm_members Permissions logged in members have on poll -* @param int $perm_anon Permissions anonymous users have on poll -*/ -function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, - $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, + * Saves a poll + * Saves a poll topic and potential answers to the database + * + * @param string $pid Poll topic ID + * @param string $old_pid Previous poll topic ID + * @param array $Q Array of poll questions + * @param string $mainPage Checkbox: poll appears on homepage + * @param string $topic The text for the topic + * @param string $meta_description + * @param string $meta_keywords + * @param int $statusCode (unused) + * @param string $open Checkbox: poll open for voting + * @param string $hideResults Checkbox: hide results until closed + * @param int $commentCode Indicates if users can comment on poll + * @param array $A Array of possible answers + * @param array $V Array of vote per each answer + * @param array $R Array of remark per each answer + * @param int $owner_id ID of poll owner + * @param int $group_id ID of group poll belongs to + * @param int $perm_owner Permissions the owner has on poll + * @param int $perm_group Permissions the group has on poll + * @param int $perm_members Permissions logged in members have on poll + * @param int $perm_anon Permissions anonymous users have on poll + * @param bool $allow_multipleanswers + * @param string $topic_description + * @param string $description + * @return string|void + */ +function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, + $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description) - { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; @@ -159,7 +161,7 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met $retval = ''; // Convert array values to numeric permission values - list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); + list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $topic = COM_checkHTML($topic); @@ -177,10 +179,10 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met } // check if any question was entered - if (empty($topic) or (count($Q) == 0) or (strlen($Q[0]) == 0) or - (strlen($A[0][0]) == 0)) { + if (empty($topic) || (count($Q) === 0) || (strlen($Q[0]) === 0) || (strlen($A[0][0]) === 0)) { $retval .= COM_showMessageText($LANG25[2], $LANG21[32]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5])); + return $retval; } @@ -200,23 +202,27 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met // start processing the poll topic if ($_POLL_VERBOSE) { - COM_errorLog ('**** Inside savepoll() in ' - . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); + COM_errorLog('**** Inside savepoll() in ' + . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } - $access = 0; - if (DB_count ($_TABLES['polltopics'], 'pid', $pid) > 0) { - $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); - $P = DB_fetchArray ($result); - $access = SEC_hasAccess ($P['owner_id'], $P['group_id'], - $P['perm_owner'], $P['perm_group'], $P['perm_members'], - $P['perm_anon']); + if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { + $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); + $P = DB_fetchArray($result); + $access = SEC_hasAccess( + $P['owner_id'], $P['group_id'], + $P['perm_owner'], $P['perm_group'], + $P['perm_members'], $P['perm_anon'] + ); } else { - $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, - $perm_group, $perm_members, $perm_anon); + $access = SEC_hasAccess( + $owner_id, $group_id, + $perm_owner, $perm_group, + $perm_members, $perm_anon + ); } if (($access < 3) || !SEC_inGroup($group_id)) { - $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); + $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll $pid."); COM_output($display); @@ -238,16 +244,20 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met // Retrieve Created Date before delete $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'"); if ($created_date == '') { - $created_date = date ('Y-m-d H:i:s'); + $created_date = date('Y-m-d H:i:s'); } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); + $topic = GLText::removeUtf8Icons($topic); $topic = DB_escapeString($topic); + $topic_description = GLText::removeUtf8Icons($topic_description); $topic_description = DB_escapeString($topic_description); + $meta_description = GLText::removeUtf8Icons($meta_description); $meta_description = DB_escapeString($meta_description); + $meta_keywords = GLText::removeUtf8Icons($meta_keywords); $meta_keywords = DB_escapeString($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's @@ -258,29 +268,32 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); $Q[$i] = COM_checkHTML($Q[$i]); - $allow_multipleanswers[$i] = COM_stripslashes($allow_multipleanswers[$i]); - $description[$i] = COM_checkHTML(COM_stripslashes($description[$i])); + $Q[$i] = GLText::removeUtf8Icons($Q[$i]); + $allow_multipleanswers[$i] = GLText::removeUtf8Icons(COM_stripslashes($allow_multipleanswers[$i])); + $description[$i] = GLText::removeUtf8Icons(COM_checkHTML(COM_stripslashes($description[$i]))); if ($allow_multipleanswers[$i] == 'on') { $allow_multipleanswers[$i] = 1; } else { $allow_multipleanswers[$i] = 0; } - if (strlen($Q[$i]) > 0) { // only insert questions that exist $num_questions_exist++; $Q[$i] = DB_escapeString($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', - "'$k', '$pid', '$Q[$i]','$allow_multipleanswers[$i]','$description[$i]'"); + "'$k', '$pid', '$Q[$i]','$allow_multipleanswers[$i]','$description[$i]'"); + // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); $A[$i][$j] = COM_checkHTML($A[$i][$j]); + $A[$i][$j] = GLText::removeUtf8Icons($A[$i][$j]); $R[$i][$j] = COM_stripslashes($R[$i][$j]); $R[$i][$j] = COM_checkHTML($R[$i][$j]); + $R[$i][$j] = GLText::removeUtf8Icons($R[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { @@ -289,7 +302,7 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met $A[$i][$j] = DB_escapeString($A[$i][$j]); $R[$i][$j] = DB_escapeString($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " - . "('$pid', '$k', " . ($j+1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; + . "('$pid', '$k', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $num_total_votes = $num_total_votes + $V[$i][$j]; @@ -301,16 +314,16 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met // determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime']) if ($num_questions_exist > 0) { - $numvoters = $num_total_votes / $num_questions_exist; + $numVoters = $num_total_votes / $num_questions_exist; } else { // This shouldn't happen - $numvoters = $num_total_votes; + $numVoters = $num_total_votes; } // save topics after the questions so we can include question count into table - $sql = "'$pid','$topic','$meta_description','$meta_keywords',$numvoters, $k, '$created_date', '" . date ('Y-m-d H:i:s'); + $sql = "'$pid','$topic','$meta_description','$meta_keywords',$numVoters, $k, '$created_date', '" . date('Y-m-d H:i:s'); - if ($mainpage == 'on') { + if ($mainPage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; @@ -320,13 +333,13 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met } else { $sql .= ",0"; } - if ($hideresults == 'on') { + if ($hideResults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } - $sql .= ",'$statuscode','$commentcode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,'$topic_description'"; + $sql .= ",'$statusCode','$commentCode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,'$topic_description'"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql); @@ -335,7 +348,7 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), - array('sid', 'type'), array(DB_escapeString($old_pid), 'polls')); + array('sid', 'type'), array(DB_escapeString($old_pid), 'polls')); DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid)); @@ -343,30 +356,26 @@ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $met } if ($_POLL_VERBOSE) { - COM_errorLog ('**** Leaving savepoll() in ' - . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); + COM_errorLog('**** Leaving savepoll() in ' + . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } - return PLG_afterSaveSwitch ( + return PLG_afterSaveSwitch( $_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19 ); - - COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); } /** -* Shows poll editor -* -* Diplays the poll editor form -* -* @param string $pid ID of poll to edit -* @return string HTML for poll editor form -* -*/ -function editpoll ($pid = '') + * Shows poll editor + * Display the poll editor form + * + * @param string $pid ID of poll to edit + * @return string HTML for poll editor form + */ +function editpoll($pid = '') { global $_CONF, $_PO_CONF, $_GROUPS, $_TABLES, $_USER, $LANG25, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $LANG_POLLS, $_SCRIPTS; @@ -378,11 +387,12 @@ function editpoll ($pid = '') $T = DB_fetchArray($topic); // Get permissions for poll - $access = SEC_hasAccess($T['owner_id'],$T['group_id'],$T['perm_owner'],$T['perm_group'],$T['perm_members'],$T['perm_anon']); - if ($access == 0 OR $access == 2) { + $access = SEC_hasAccess($T['owner_id'], $T['group_id'], $T['perm_owner'], $T['perm_group'], $T['perm_members'], $T['perm_anon']); + if ($access == 0 || $access == 2) { // User doesn't have access...bail $retval .= COM_showMessageText($LANG25[22], $LANG25[21]); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll $pid."); + return $retval; } } @@ -390,16 +400,21 @@ function editpoll ($pid = '') // writing the menu on top require_once $_CONF['path_system'] . 'lib-admin.php'; - $menu_arr = array ( - array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php', - 'text' => $LANG_ADMIN['list_all']), - array('url' => $_CONF['site_admin_url'], - 'text' => $LANG_ADMIN['admin_home'])); + $menu_arr = array( + array( + 'url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php', + 'text' => $LANG_ADMIN['list_all'], + ), + array( + 'url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home'], + ), + ); $token = SEC_createToken(); $retval .= COM_startBlock($LANG25[5], '', - COM_getBlockTemplate('_admin_block', 'header')); + COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu( $menu_arr, @@ -409,24 +424,26 @@ function editpoll ($pid = '') $retval .= SEC_getTokenExpiryNotice($token); $poll_templates = COM_newTemplate(CTL_plugin_templatePath('polls', 'admin')); - $poll_templates->set_file (array ('editor' => 'polleditor.thtml', - 'question' => 'pollquestions.thtml', - 'answer' => 'pollansweroption.thtml')); + $poll_templates->set_file(array( + 'editor' => 'polleditor.thtml', + 'question' => 'pollquestions.thtml', + 'answer' => 'pollansweroption.thtml', + )); - if (!empty ($pid) AND ($access == 3) AND !empty ($T['owner_id'])) { + if (!empty($pid) && ($access == 3) && !empty($T['owner_id'])) { $delbutton = ''; + . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; - $poll_templates->set_var ('delete_option', - sprintf ($delbutton, $jsconfirm)); - $poll_templates->set_var ('delete_option_no_confirmation', - sprintf ($delbutton, '')); + $poll_templates->set_var('delete_option', + sprintf($delbutton, $jsconfirm)); + $poll_templates->set_var('delete_option_no_confirmation', + sprintf($delbutton, '')); $poll_templates->set_var('allow_delete', true); $poll_templates->set_var('lang_delete', $LANG_ADMIN['delete']); $poll_templates->set_var('confirm_message', $MESSAGE[76]); } else { - $T['pid'] = COM_makeSid (); + $T['pid'] = COM_makeSid(); $T['topic'] = ''; $T['description'] = ''; $T['meta_description'] = ''; @@ -436,12 +453,12 @@ function editpoll ($pid = '') $T['is_open'] = 1; $T['hideresults'] = 0; $T['owner_id'] = $_USER['uid']; - if (isset ($_GROUPS['Polls Admin'])) { + if (isset($_GROUPS['Polls Admin'])) { $T['group_id'] = $_GROUPS['Polls Admin']; } else { - $T['group_id'] = SEC_getFeatureGroup ('polls.edit'); + $T['group_id'] = SEC_getFeatureGroup('polls.edit'); } - SEC_setDefaultPermissions ($T, $_PO_CONF['default_permissions']); + SEC_setDefaultPermissions($T, $_PO_CONF['default_permissions']); $T['statuscode'] = 0; $T['commentcode'] = $_CONF['comment_code']; $access = 3; @@ -459,12 +476,12 @@ function editpoll ($pid = '') $poll_templates->set_var('poll_id', $T['pid']); $poll_templates->set_var('lang_donotusespaces', $LANG25[7]); $poll_templates->set_var('lang_topic', $LANG25[9]); - $poll_templates->set_var('poll_topic', htmlspecialchars ($T['topic'])); + $poll_templates->set_var('poll_topic', htmlspecialchars($T['topic'])); $poll_templates->set_var('lang_mode', $LANG25[1]); - $poll_templates->set_var('lang_topic_description',$LANG25[1003]); + $poll_templates->set_var('lang_topic_description', $LANG25[1003]); $poll_templates->set_var('topic_description', $T['description']); $poll_templates->set_var('lang_metadescription', - $LANG_ADMIN['meta_description']); + $LANG_ADMIN['meta_description']); $poll_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']); if (!empty($T['meta_description'])) { $poll_templates->set_var('meta_description', $T['meta_description']); @@ -478,8 +495,8 @@ function editpoll ($pid = '') $poll_templates->set_var('hide_meta', ' style="display:none;"'); } - $poll_templates->set_var('status_options', COM_optionList ($_TABLES['statuscodes'], 'code,name', $T['statuscode'])); - $poll_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'],'code,name',$T['commentcode'])); + $poll_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $T['statuscode'])); + $poll_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $T['commentcode'])); $poll_templates->set_var('lang_appearsonhomepage', $LANG25[8]); $poll_templates->set_var('lang_openforvoting', $LANG25[33]); @@ -500,33 +517,32 @@ function editpoll ($pid = '') // user access info $poll_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $poll_templates->set_var('lang_owner', $LANG_ACCESS['owner']); - $ownername = COM_getDisplayName ($T['owner_id']); + $ownername = COM_getDisplayName($T['owner_id']); $poll_templates->set_var('owner_username', DB_getItem($_TABLES['users'], - 'username', "uid = {$T['owner_id']}")); + 'username', "uid = {$T['owner_id']}")); $poll_templates->set_var('owner_name', $ownername); $poll_templates->set_var('owner', $ownername); $poll_templates->set_var('owner_id', $T['owner_id']); $poll_templates->set_var('lang_group', $LANG_ACCESS['group']); $poll_templates->set_var('group_dropdown', - SEC_getGroupDropdown ($T['group_id'], $access)); + SEC_getGroupDropdown($T['group_id'], $access)); $poll_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $poll_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); $poll_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); - $poll_templates->set_var('permissions_editor', SEC_getPermissionsHTML($T['perm_owner'],$T['perm_group'],$T['perm_members'],$T['perm_anon'])); + $poll_templates->set_var('permissions_editor', SEC_getPermissionsHTML($T['perm_owner'], $T['perm_group'], $T['perm_members'], $T['perm_anon'])); $poll_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $poll_templates->set_var('lang_answersvotes', $LANG25[10]); $poll_templates->set_var('lang_save', $LANG_ADMIN['save']); $poll_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); // repeat for several questions - $question_sql = "SELECT question,qid ,allow_multipleanswers ,description " . "FROM {$_TABLES['pollquestions']} WHERE pid='$pid' ORDER BY qid;"; $questions = DB_query($question_sql); - include ($_CONF['path_system'] . 'classes/navbar.class.php'); $navbar = new navbar; - for ($j=0; $j<$_PO_CONF['maxquestions']; $j++) { - $display_id = $j+1; + + for ($j = 0; $j < $_PO_CONF['maxquestions']; $j++) { + $display_id = $j + 1; if ($j > 0) { $poll_templates->set_var('style', 'style="display:none;"'); } else { @@ -537,20 +553,20 @@ function editpoll ($pid = '') "showhidePollsEditorDiv(\"$j\",$j,{$_PO_CONF['maxquestions']});return false;", true ); - $Q = DB_fetchArray ($questions); + $Q = DB_fetchArray($questions); $poll_templates->set_var('question_text', $Q['question']); $poll_templates->set_var('question_id', $j); $poll_templates->set_var('lang_question', $LANG25[31] . " $display_id"); - $poll_templates->set_var('lang_saveaddnew', $LANG25[32]); + $poll_templates->set_var('lang_saveaddnew', $LANG25[32]); $poll_templates->set_var('q_idx', $j); - $poll_templates->set_var('lang_allow_multipleanswers', $LANG25[1001]); + $poll_templates->set_var('lang_allow_multipleanswers', $LANG25[1001]); if ($Q['allow_multipleanswers'] == 1) { $poll_templates->set_var('poll_allow_multipleanswers', 'checked="checked"'); } else { $poll_templates->set_var('poll_allow_multipleanswers', ''); } - - $poll_templates->set_var('lang_questions_description', $LANG25[1002]); + + $poll_templates->set_var('lang_questions_description', $LANG25[1002]); $poll_templates->set_var('description', $Q['description']); // answers @@ -558,53 +574,53 @@ function editpoll ($pid = '') . "FROM {$_TABLES['pollanswers']} WHERE qid='$j' AND pid='$pid' ORDER BY aid"; $answers = DB_query($answer_sql); - for ($i=0; $i<$_PO_CONF['maxanswers']; $i++) { - if (isset ($answers)) { - $A = DB_fetchArray ($answers); - $poll_templates->set_var ('answer_text', - htmlspecialchars ($A['answer'])); - $poll_templates->set_var ('answer_votes', $A['votes']); - $poll_templates->set_var ('remark_text', $A['remark']); + for ($i = 0; $i < $_PO_CONF['maxanswers']; $i++) { + if (isset($answers)) { + $A = DB_fetchArray($answers); + $poll_templates->set_var('answer_text', + htmlspecialchars($A['answer'])); + $poll_templates->set_var('answer_votes', $A['votes']); + $poll_templates->set_var('remark_text', $A['remark']); } else { - $poll_templates->set_var ('answer_text', ''); - $poll_templates->set_var ('answer_votes', ''); - $poll_templates->set_var ('remark_text', ''); + $poll_templates->set_var('answer_text', ''); + $poll_templates->set_var('answer_votes', ''); + $poll_templates->set_var('remark_text', ''); } - $poll_templates->parse ('answer_option', 'answer', true); + $poll_templates->parse('answer_option', 'answer', true); } - $poll_templates->parse ('question_list', 'question', true); - $poll_templates->clear_var ('answer_option'); + $poll_templates->parse('question_list', 'question', true); + $poll_templates->clear_var('answer_option'); } $navbar->set_selected($LANG25[31] . " 1"); - $poll_templates->set_var ('navbar', $navbar->generate()); + $poll_templates->set_var('navbar', $navbar->generate()); $poll_templates->set_var('gltoken_name', CSRF_TOKEN); $poll_templates->set_var('gltoken', $token); - $poll_templates->parse('output','editor'); + $poll_templates->parse('output', 'editor'); $retval .= $poll_templates->finish($poll_templates->get_var('output')); - $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); + $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; } /** -* Delete a poll -* -* @param string $pid ID of poll to delete -*/ -function deletePoll ($pid) + * Delete a poll + * + * @param string $pid ID of poll to delete + */ +function deletePoll($pid) { global $_CONF, $_TABLES, $_USER; - $pid = DB_escapeString ($pid); - $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '$pid'"); - $Q = DB_fetchArray ($result); - $access = SEC_hasAccess ($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], - $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']); + $pid = DB_escapeString($pid); + $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '$pid'"); + $Q = DB_fetchArray($result); + $access = SEC_hasAccess($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], + $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']); if ($access < 3) { - COM_accessLog ("User {$_USER['username']} tried to illegally delete poll $pid."); + COM_accessLog("User {$_USER['username']} tried to illegally delete poll $pid."); COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } @@ -613,26 +629,25 @@ function deletePoll ($pid) DB_delete($_TABLES['pollquestions'], 'pid', $pid); DB_delete($_TABLES['pollvoters'], 'pid', $pid); DB_delete($_TABLES['comments'], array('sid', 'type'), - array($pid, 'polls')); + array($pid, 'polls')); PLG_itemDeleted($pid, 'polls'); COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20'); } // MAIN - $display = ''; $mode = ''; -if (isset ($_REQUEST['mode'])) { +if (isset($_REQUEST['mode'])) { $mode = COM_applyFilter($_REQUEST['mode']); } if ($mode == 'edit') { $pid = ''; - if (isset ($_GET['pid'])) { - $pid = COM_applyFilter ($_GET['pid']); + if (isset($_GET['pid'])) { + $pid = COM_applyFilter($_GET['pid']); } - $display .= editpoll ($pid); + $display .= editpoll($pid); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG25[5])); } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save'])) { $pid = COM_applyFilter($_POST['pid']); @@ -643,63 +658,63 @@ function deletePoll ($pid) if (empty($pid) && !empty($old_pid)) { $pid = $old_pid; } - if (empty($old_pid) && (! empty($pid))) { + if (empty($old_pid) && (!empty($pid))) { $old_pid = $pid; } if (!empty($pid)) { $statuscode = 0; - if (isset ($_POST['statuscode'])) { - $statuscode = COM_applyFilter ($_POST['statuscode'], true); + if (isset($_POST['statuscode'])) { + $statuscode = COM_applyFilter($_POST['statuscode'], true); } $mainpage = ''; - if (isset ($_POST['mainpage'])) { - $mainpage = COM_applyFilter ($_POST['mainpage']); + if (isset($_POST['mainpage'])) { + $mainpage = COM_applyFilter($_POST['mainpage']); } $open = ''; - if (isset ($_POST['open'])) { - $open = COM_applyFilter ($_POST['open']); + if (isset($_POST['open'])) { + $open = COM_applyFilter($_POST['open']); } $hideresults = ''; - if (isset ($_POST['hideresults'])) { - $hideresults = COM_applyFilter ($_POST['hideresults']); + if (isset($_POST['hideresults'])) { + $hideresults = COM_applyFilter($_POST['hideresults']); } - $display .= savepoll ($pid, $old_pid, $_POST['question'], $mainpage, - $_POST['topic'], $_POST['meta_description'], - $_POST['meta_keywords'], $statuscode, $open, - $hideresults, - COM_applyFilter ($_POST['commentcode'], true), - $_POST['answer'], $_POST['votes'], $_POST['remark'], - COM_applyFilter ($_POST['owner_id'], true), - COM_applyFilter ($_POST['group_id'], true), - $_POST['perm_owner'], $_POST['perm_group'], - $_POST['perm_members'], $_POST['perm_anon'], - $_POST['allow_multipleanswers'], - COM_applyFilter($_POST['topic_description']), - $_POST['description']); - } else { + $display .= savepoll($pid, $old_pid, $_POST['question'], $mainpage, + $_POST['topic'], $_POST['meta_description'], + $_POST['meta_keywords'], $statuscode, $open, + $hideresults, + COM_applyFilter($_POST['commentcode'], true), + $_POST['answer'], $_POST['votes'], $_POST['remark'], + COM_applyFilter($_POST['owner_id'], true), + COM_applyFilter($_POST['group_id'], true), + $_POST['perm_owner'], $_POST['perm_group'], + $_POST['perm_members'], $_POST['perm_anon'], + $_POST['allow_multipleanswers'], + COM_applyFilter($_POST['topic_description']), + $_POST['description']); + } else { $display .= COM_showMessageText($LANG25[17], $LANG21[32]) - . editpoll(); + . editpoll(); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG25[5])); } } elseif (($mode == $LANG_ADMIN['delete']) && !empty($LANG_ADMIN['delete'])) { $pid = ''; - if (isset ($_POST['pid'])) { - $pid = COM_applyFilter ($_POST['pid']); + if (isset($_POST['pid'])) { + $pid = COM_applyFilter($_POST['pid']); } - if (empty ($pid)) { - COM_errorLog ('Ignored possibly manipulated request to delete a poll.'); + if (empty($pid)) { + COM_errorLog('Ignored possibly manipulated request to delete a poll.'); COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } elseif (SEC_checkToken()) { - $display .= deletePoll ($pid); + $display .= deletePoll($pid); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete poll $pid and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/index.php'); } } else { // 'cancel' or no mode at all - if (isset ($_REQUEST['msg'])) { - $msg = COM_applyFilter ($_REQUEST['msg'], true); + if (isset($_REQUEST['msg'])) { + $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { - $display .= COM_showMessage ($msg, 'polls'); + $display .= COM_showMessage($msg, 'polls'); } } $display .= listpolls(); @@ -707,5 +722,3 @@ function deletePoll ($pid) } COM_output($display); - -?> diff --git a/public_html/admin/plugins/staticpages/index.php b/public_html/admin/plugins/staticpages/index.php index 6d1856c47..5726f8c67 100644 --- a/public_html/admin/plugins/staticpages/index.php +++ b/public_html/admin/plugins/staticpages/index.php @@ -33,15 +33,15 @@ // +---------------------------------------------------------------------------+ /** -* Static Pages plugin administration page -* -* @package StaticPages -* @subpackage admin -*/ + * Static Pages plugin administration page + * + * @package StaticPages + * @subpackage admin + */ -/** -* Geeklog common function library and Admin authentication -*/ +global $_CONF, $_USER, $_SP_CONF, $MESSAGE, $LANG_ADMIN, $sp_help; + +// Geeklog common function library and Admin authentication require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; @@ -57,22 +57,21 @@ /** -* Displays the static page editor form -* -* @param array $A Data to display -* @return string HTML for the static page editor -* -*/ + * Displays the static page editor form + * + * @param array $A Data to display + * @return string HTML for the static page editor + */ function staticpageeditor_form($A) { global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $mode, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG01, $LANG24, $LANG_postmodes, $MESSAGE, $_IMAGE_TYPE, $_SCRIPTS; - if (!empty($sp_id) && $mode=='edit') { - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); + if (!empty($sp_id) && $mode === 'edit') { + $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { - if ($mode != 'clone') { + if ($mode !== 'clone') { $A['sp_inblock'] = $_SP_CONF['in_block']; } $A['owner_id'] = $_USER['uid']; @@ -84,7 +83,7 @@ function staticpageeditor_form($A) SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']); $access = 3; if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { - $A['advanced_editor_mode'] = 1; + $A['advanced_editor_mode'] = 1; } } $retval = ''; @@ -122,17 +121,17 @@ function staticpageeditor_form($A) $sp_template->set_var('show_htmleditor', ''); } $post_options = ''; + . $LANG_postmodes['html'] . ''; if (isset($A['postmode']) && ($A['postmode'] == 'adveditor')) { $post_options .= ''; + . $LANG24[86] . ''; } else { $post_options .= ''; + . $LANG24[86] . ''; } - $sp_template->set_var('post_options', $post_options ); + $sp_template->set_var('post_options', $post_options); $sp_template->set_var('change_editormode', - 'onchange="change_editmode(this);"'); + 'onchange="change_editmode(this);"'); } else { $sp_template->set_file('form', 'editor.thtml'); } @@ -145,15 +144,15 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_mode', $LANG24[3]); $sp_template->set_var('comment_options', - COM_optionList($_TABLES['commentcodes'], 'code,name', - $A['commentcode'])); + COM_optionList($_TABLES['commentcodes'], 'code,name', + $A['commentcode'])); $sp_template->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $sp_template->set_var('lang_owner', $LANG_ACCESS['owner']); $owner_name = COM_getDisplayName($A['owner_id']); $owner_username = DB_getItem($_TABLES['users'], 'username', - "uid = {$A['owner_id']}"); + "uid = {$A['owner_id']}"); $sp_template->set_var('owner_id', $A['owner_id']); $sp_template->set_var('owner', $owner_name); $sp_template->set_var('owner_name', $owner_name); @@ -161,24 +160,24 @@ function staticpageeditor_form($A) if ($A['owner_id'] > 1) { $profile_link = $_CONF['site_url'] - . '/users.php?mode=profile&uid=' . $A['owner_id']; + . '/users.php?mode=profile&uid=' . $A['owner_id']; $sp_template->set_var('start_owner_anchortag', - '' ); + ''); $sp_template->set_var('end_owner_anchortag', ''); $sp_template->set_var('owner_link', - COM_createLink($owner_name, $profile_link)); + COM_createLink($owner_name, $profile_link)); $photo = ''; if ($_CONF['allow_user_photo']) { $photo = DB_getItem($_TABLES['users'], 'photo', - "uid = {$A['owner_id']}"); - if (! empty($photo)) { + "uid = {$A['owner_id']}"); + if (!empty($photo)) { $camera_icon = ''; + . '/images/smallcamera.' . $_IMAGE_TYPE + . '" alt=""' . XHTML . '>'; $sp_template->set_var('camera_icon', - COM_createLink($camera_icon, $profile_link)); + COM_createLink($camera_icon, $profile_link)); } } if (empty($photo)) { @@ -192,10 +191,10 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_group', $LANG_ACCESS['group']); $sp_template->set_var('group_dropdown', - SEC_getGroupDropdown($A['group_id'], $access)); + SEC_getGroupDropdown($A['group_id'], $access)); $sp_template->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], - $A['perm_members'], $A['perm_anon'])); + $A['perm_members'], $A['perm_anon'])); $sp_template->set_var('lang_permissions', $LANG_ACCESS['permissions']); $sp_template->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $sp_template->set_var('permissions_msg', $LANG_ACCESS['permmsg']); @@ -203,7 +202,7 @@ function staticpageeditor_form($A) $token = SEC_createToken(); $start_block = COM_startBlock($LANG_STATIC['staticpageeditor'], '', - COM_getBlockTemplate('_admin_block', 'header')); + COM_getBlockTemplate('_admin_block', 'header')); $start_block .= SEC_getTokenExpiryNotice($token); $sp_template->set_var('start_block_editor', $start_block); @@ -211,14 +210,15 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_cancel', $LANG_ADMIN['cancel']); $sp_template->set_var('lang_preview', $LANG_ADMIN['preview']); if (SEC_hasRights('staticpages.delete') && ($mode != 'clone') && - !empty($A['sp_old_id'])) { + !empty($A['sp_old_id']) + ) { $delbutton = ''; + . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $sp_template->set_var('delete_option', - sprintf($delbutton, $jsconfirm)); + sprintf($delbutton, $jsconfirm)); $sp_template->set_var('delete_option_no_confirmation', - sprintf($delbutton, '')); + sprintf($delbutton, '')); $sp_template->set_var('allow_delete', true); $sp_template->set_var('lang_delete', $LANG_ADMIN['delete']); @@ -228,7 +228,7 @@ function staticpageeditor_form($A) } $sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']); $sp_template->set_var('username', DB_getItem($_TABLES['users'], - 'username', "uid = {$A['owner_id']}")); + 'username', "uid = {$A['owner_id']}")); $authorname = COM_getDisplayName($A['owner_id']); $sp_template->set_var('name', $authorname); $sp_template->set_var('author', $authorname); @@ -238,7 +238,7 @@ function staticpageeditor_form($A) $sp_template->set_var('sp_id', $A['sp_id']); $sp_template->set_var('sp_old_id', $A['sp_old_id']); $sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] - . '/staticpages/index.php?page=' . $A['sp_id'])); + . '/staticpages/index.php?page=' . $A['sp_id'])); $sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']); $sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']); @@ -246,7 +246,7 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_centerblock_desc', $LANG21[52]); $sp_template->set_var('centerblock_help', $A['sp_help']); $sp_template->set_var('lang_centerblock_msg', - $LANG_STATIC['centerblock_msg']); + $LANG_STATIC['centerblock_msg']); if (isset($A['sp_centerblock']) && ($A['sp_centerblock'] == 1)) { $sp_template->set_var('centerblock_checked', 'checked="checked"'); } else { @@ -279,7 +279,7 @@ function staticpageeditor_form($A) $sp_template->set_var('pos_selection', $position); if (($_SP_CONF['allow_php'] == 1) && SEC_hasRights('staticpages.PHP')) { - if (! isset($A['sp_php'])) { + if (!isset($A['sp_php'])) { $A['sp_php'] = 0; } $selection = '' - . $template_none . $template_list . ''); + . $template_none . $template_list . ''); $sp_template->set_var('lang_use_template', $LANG_STATIC['use_template']); $sp_template->set_var('lang_use_template_msg', $LANG_STATIC['use_template_msg']); @@ -420,7 +420,7 @@ function staticpageeditor_form($A) } else { $sp_template->set_var('onlastupdate_checked', ''); } - + $sp_template->set_var('lang_label', $LANG_STATIC['label']); if (isset($A['sp_label'])) { $sp_template->set_var('sp_label', $A['sp_label']); @@ -432,7 +432,7 @@ function staticpageeditor_form($A) $sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']); $sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']); $sp_template->set_var('lang_leftrightblocks', - $LANG_STATIC['leftrightblocks']); + $LANG_STATIC['leftrightblocks']); if (!isset($A['sp_format'])) { $A['sp_format'] = ''; } @@ -462,11 +462,11 @@ function staticpageeditor_form($A) if (isset($A['sp_content'])) { $content = htmlspecialchars(stripslashes($A['sp_content'])); $content = str_replace(array('{', '}'), array('{', '}'), - $content); + $content); } $sp_template->set_var('sp_content', $content); $allowed = COM_allowedHTML('staticpages.edit', false, $_SP_CONF['filter_html']) - . COM_allowedAutotags(); + . COM_allowedAutotags(); $sp_template->set_var('lang_allowedhtml', $allowed); $sp_template->set_var('lang_allowed_html', $allowed); $sp_template->set_var('lang_show_on_page', $LANG_STATIC['show_on_page']); @@ -477,7 +477,7 @@ function staticpageeditor_form($A) } else { $sp_template->set_var('sp_hits', $A['sp_hits']); $sp_template->set_var('sp_hits_formatted', - COM_numberFormat($A['sp_hits'])); + COM_numberFormat($A['sp_hits'])); } $sp_template->set_var('lang_comments', $LANG_STATIC['comments']); if ($A['commentcode'] == -1) { @@ -488,7 +488,7 @@ function staticpageeditor_form($A) $sp_template->set_var('sp_comments', COM_numberFormat($num_comments)); } $sp_template->set_var('end_block', - COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); + COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); $sp_template->set_var('gltoken_name', CSRF_TOKEN); $sp_template->set_var('gltoken', $token); $sp_template->parse('output', 'form'); @@ -499,12 +499,12 @@ function staticpageeditor_form($A) } /** -* List all template static pages. For use with a dropdown. -* -* @retun string HTML for the list -* -*/ -function templatelist( $selected = '' ) + * List all template static pages. For use with a dropdown. + * + * @param string $selected + * @return string HTML for the list + */ +function templatelist($selected = '') { global $_TABLES; @@ -516,12 +516,12 @@ function templatelist( $selected = '' ) } $sql = "SELECT sp_id, sp_title FROM {$_TABLES['staticpage']} WHERE template_flag = 1 AND (draft_flag = 0)" . $perms . " ORDER BY sp_title"; - $result = DB_query ($sql); - $nrows = DB_numRows ($result); + $result = DB_query($sql); + $nrows = DB_numRows($result); if ($nrows > 0) { for ($i = 0; $i < $nrows; $i++) { - $A = DB_fetchArray ($result); + $A = DB_fetchArray($result); $retval .= '