Index: trunk/kernel/include/parseditem.php =================================================================== diff -u -r471 -r480 --- trunk/kernel/include/parseditem.php (.../parseditem.php) (revision 471) +++ trunk/kernel/include/parseditem.php (.../parseditem.php) (revision 480) @@ -1523,7 +1523,7 @@ $this->FixInvalidPage($fix_method); // specially made for cats delete - if ($_REQUEST['Action'] != 'm_cat_delete') { + if ( GetVar('Action', true) != 'm_cat_delete') { return parent::Query_Item($sql,$this->GetPageOffset(),$this->GetPageRowCount()); } else { Index: trunk/kernel/action.php =================================================================== diff -u -r415 -r480 --- trunk/kernel/action.php (.../action.php) (revision 415) +++ trunk/kernel/action.php (.../action.php) (revision 480) @@ -134,7 +134,8 @@ $objCustomEdit->SetTable('live'); - break; + break; + case "m_edit_user": //$CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat()); $dob = DateTimestamp($_POST["user_dob"],GetDateFormat()); @@ -186,9 +187,9 @@ if($DataChanged) $objCustomEdit->SaveData(); $objCustomEdit->SetTable('live'); - break; + break; + case "m_user_primarygroup": - //print_pre($_REQUEST); if($ro_perm) break; $users = explode(',', $_POST["userlist"]); $GroupResourceId = $_POST['grouplist']; @@ -214,37 +215,39 @@ $objEditItems->Add_Group($_POST["group_name"], $_POST["group_comments"],0); break; case "m_group_sysperm": - if($_POST["GroupEditStatus"]==0) - { - $objSession->ResetSysPermCache(); - $GroupId = $_POST["GroupId"]; - if($GroupId) - { - $objEditItems = new clsGroupList(); - $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup"); - $g = $objEditItems->GetItemByField("ResourceId",$GroupId); - if(is_object($g)) - { - - $PermList = explode(",",$_POST["PermList"]); - for($i=0;$iSetSystemPermission($PermList[$i],$value); - } - } - } - } - break; + if($ro_perm) break; + if($_POST["GroupEditStatus"]==0) + { + $objSession->ResetSysPermCache(); + $GroupId = $_POST["GroupId"]; + if($GroupId) + { + $objEditItems = new clsGroupList(); + $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup"); + $g = $objEditItems->GetItemByField("ResourceId",$GroupId); + if(is_object($g)) + { + + $PermList = explode(",",$_POST["PermList"]); + for($i=0;$iSetSystemPermission($PermList[$i],$value); + } + } + } + } + break; + case "m_user_sysperm": if($ro_perm) break; if($_POST["UserEditStatus"]==0) @@ -289,6 +292,7 @@ } } break; + case "m_approve_user": if($ro_perm) break; foreach($_POST["itemlist"] as $userid) @@ -308,41 +312,49 @@ } $objUsers->Clear(); break; + case "m_delete_user": if($ro_perm) break; foreach($_POST["itemlist"] as $userid) $objUsers->Delete_User($userid); break; + case "m_delete_group": if($ro_perm) break; foreach($_POST["itemlist"] as $groupid) { $objGroups->Delete_Group($groupid); } break; - case "m_user_assign": + + case "m_user_assign": // not sure if action is used anywhere + if($ro_perm) break; $useridlist = implode("-", $userlist); $objSession->SetUserStatus($useridlist, "g_usergroup_status"); $g_usergroup_status = $useridlist; - break; - case "m_group_assign": - foreach($grouplist as $group) - $objGroups->Add_Users_To_Group($group); - break; + break; + + case "m_group_assign": // not sure if action is used anywhere + if($ro_perm) break; + foreach($grouplist as $group) $objGroups->Add_Users_To_Group($group); + break; + case "m_remove_group": + if($ro_perm) break; $adodbConnection = GetAdodbConnection(); $adodbConnection->Execute("DELETE FROM UserGroup where UserId='$UserId' AND GroupId='$GroupId'"); - break; + break; case "m_SetVariable": $objSession->SetPersistantVariable($_POST["fieldname"], $_POST["varvalue"]); - break; + break; + case "m_SetSessionVariable": $objSession->SetVariable($_POST["fieldname"], $_POST["varvalue"]); //echo "Setting $fieldname to $varvalue
\n"; if($_POST["fieldname"]=="SearchType") $objSession->SetVariable("SearchWord",""); - break; + break; case "m_edit_permissions": if($ro_perm) break; @@ -419,47 +431,48 @@ //$c->Update(); } break; - case "m_perm_delete_group": - - $ado = GetADODBConnection(); - $CatId = $_POST["CategoryId"]; - foreach($_POST["itemlist"] as $groupid) - { - $g = $objGroups->GetItemByField("ResourceId",$groupid); - if(is_object($g)) - { - $sql = "DELETE FROM ".GetTablePrefix()."Permissions WHERE CatId=$CatId AND GroupId=".$g->Get("GroupId"); - if($objSession->HasSystemPermission("DEBUG.LIST")) - echo $sql."
\n"; - $ado->Execute($sql); - } - } - break; + case "m_perm_delete_group": + if($ro_perm) break; + $ado = GetADODBConnection(); + $CatId = $_POST["CategoryId"]; + foreach($_POST["itemlist"] as $groupid) + { + $g = $objGroups->GetItemByField("ResourceId",$groupid); + if(is_object($g)) + { + $sql = "DELETE FROM ".GetTablePrefix()."Permissions WHERE CatId=$CatId AND GroupId=".$g->Get("GroupId"); + if($objSession->HasSystemPermission("DEBUG.LIST")) + echo $sql."
\n"; + $ado->Execute($sql); + } + } + break; case "m_user_addto_group": - if($ro_perm) break; - $user = $_POST["UserId"]; - if(is_numeric($user)) - { - if(strlen($_POST["grouplist"])) - { - $groups = explode(",",$_POST["grouplist"]); - if(is_array($groups)) - { - for($i=0; $iGetItemByField("ResourceId",$groups[$i]); - $g->AddUser($user); - } - } - else - { - $g = $objGroups->GetItem($groups); - $g->AddUser($user); - } - } - } - break; + if($ro_perm) break; + $user = $_POST["UserId"]; + if(is_numeric($user)) + { + if(strlen($_POST["grouplist"])) + { + $groups = explode(",",$_POST["grouplist"]); + if(is_array($groups)) + { + for($i=0; $iGetItemByField("ResourceId",$groups[$i]); + $g->AddUser($user); + } + } + else + { + $g = $objGroups->GetItem($groups); + $g->AddUser($user); + } + } + } + break; + case "m_group_add_user": if($ro_perm) break; $group = $_POST["GroupId"]; @@ -504,35 +517,40 @@ } break; case "m_sendmail": - $idlist = explode(",",$_POST["idlist"]); - $html = (int)$_POST["html_enable"]; - $body = inp_escape($_POST["email_body"],$html); - $subject = inp_escape($_POST["email_body"],$html); - $Email = new clsEmailMessage(); - $Email->Set("Subject",$subject); - $Email->Set("Template",$body); - if($html) - $Email->Set("MessageType","HTML"); - if(count($idlist)>0) - { - switch($_POST["IdType"]) - { - case "group": - foreach($idlist as $id) - $Email->SendToGroup($id); - break; - case "user": - foreach($idlist as $id) - $Email->SendToUser($id); - break; - }/*switch*/ - } - break; + if($ro_perm) break; + $idlist = explode(",",$_POST["idlist"]); + $html = (int)$_POST["html_enable"]; + $body = inp_escape($_POST["email_body"],$html); + $subject = inp_escape($_POST["email_body"],$html); + $Email = new clsEmailMessage(); + $Email->Set("Subject",$subject); + $Email->Set("Template",$body); + if($html) + $Email->Set("MessageType","HTML"); + if(count($idlist)>0) + { + switch($_POST["IdType"]) + { + case "group": + foreach($idlist as $id) + $Email->SendToGroup($id); + break; + case "user": + foreach($idlist as $id) + $Email->SendToUser($id); + break; + }/*switch*/ + } + break; + case "m_item_recount": - RunDown($m_var_list["cat"],"UpdateCacheCounts"); - break; + if($ro_perm) break; + RunDown($m_var_list["cat"],"UpdateCacheCounts"); + break; + case "m_cat_delete": - if($objSession->HasCatPermission("CATEGORY.DELETE",$objCatList->CurrentCategoryID())) + if($ro_perm) break; + if($objSession->HasCatPermission("CATEGORY.DELETE",$objCatList->CurrentCategoryID())) { if(isset($_POST["catlist"])) { @@ -546,52 +564,60 @@ } break; case "m_cat_cut": - if(isset($_POST["catlist"])) - { - if($objSession->HasCatPermission("CATEGORY.DELETE",$catid)) - { - $objCatList->CopyToClipboard("CUT","CategoryId",$_POST["catlist"]); - } - else - $objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]); - } - break; + if($ro_perm) break; + if(isset($_POST["catlist"])) + { + if($objSession->HasCatPermission("CATEGORY.DELETE",$catid)) + { + $objCatList->CopyToClipboard("CUT","CategoryId",$_POST["catlist"]); + } + else + $objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]); + } + break; + case "m_cat_copy": - if(isset($_POST["catlist"])) - { - $objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]); - } + if($ro_perm) break; + if(isset($_POST["catlist"])) + { + $objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]); + } break; case "m_paste": - if($objCatList->ItemsOnClipboard()>0) - { - /* category's paste function populates a sparse array where array[old_id]=new_id */ - $PastedCatIds = array(); - $objCatList->PasteFromClipboard($objCatList->CurrentCategoryID(),"Name"); - } - else - { - $clip = $objSession->GetVariable("ClipBoard"); - if(strlen($clip)) - { - $ClipBoard = ParseClipboard($clip); - $Action= strtolower($ClipBoard["table"])."_paste"; - } - } - break; + if($ro_perm) break; + if($objCatList->ItemsOnClipboard()>0) + { + /* category's paste function populates a sparse array where array[old_id]=new_id */ + $PastedCatIds = array(); + $objCatList->PasteFromClipboard($objCatList->CurrentCategoryID(),"Name"); + } + else + { + $clip = $objSession->GetVariable("ClipBoard"); + if(strlen($clip)) + { + $ClipBoard = ParseClipboard($clip); + $Action= strtolower($ClipBoard["table"])."_paste"; + } + } + break; + case "m_cat_move_up": - if (isset($_POST["catlist"])) + if($ro_perm) break; + if (isset($_POST["catlist"])) { foreach($_POST["catlist"] as $catid) { $cat =& $objCatList->GetCategory($catid); $cat->MoveUp(); } } - break; + break; + case "m_cat_move_down": - if (isset($_POST["catlist"])) + if($ro_perm) break; + if (isset($_POST["catlist"])) { $catlist=array_reverse($_POST["catlist"]); foreach($catlist as $catid) @@ -601,26 +627,28 @@ } } break; - case "m_cat_approve": - if (isset($_POST["catlist"])) - { - foreach($_POST["catlist"] as $catid) - { - $cat =& $objCatList->GetCategory($catid); - $cat->Approve(); - } - } + case "m_cat_approve": + if($ro_perm) break; + if (isset($_POST["catlist"])) + { + foreach($_POST["catlist"] as $catid) + { + $cat =& $objCatList->GetCategory($catid); + $cat->Approve(); + } + } break; case "m_cat_decline": - if (isset($_POST["catlist"])) - { - foreach($_POST["catlist"] as $catid) - { - $cat =& $objCatList->GetCategory($catid); -// $cat->Deny(); - RunDown($catid,"Deny"); - } - } + if($ro_perm) break; + if (isset($_POST["catlist"])) + { + foreach($_POST["catlist"] as $catid) + { + $cat =& $objCatList->GetCategory($catid); + //$cat->Deny(); + RunDown($catid,"Deny"); + } + } break; case "m_rel_delete": @@ -1104,7 +1132,8 @@ break; case "m_theme_delete": - if (isset($_POST["itemlist"])) + if($ro_perm) break; + if (isset($_POST["itemlist"])) { $Themes = new clsThemeList(); foreach($_POST["itemlist"] as $id) @@ -1114,16 +1143,17 @@ } break; case "m_theme_primary": - if( count($_POST['itemlist']) ) - { - $ThemeId = array_shift( $_POST['itemlist'] ); - $t = new clsThemeList(); - $t->SetPrimaryTheme($ThemeId); - } - break; + if($ro_perm) break; + if( count($_POST['itemlist']) ) + { + $ThemeId = array_shift( $_POST['itemlist'] ); + $t = new clsThemeList(); + $t->SetPrimaryTheme($ThemeId); + } + break; case "m_template_edit": - + if($ro_perm) break; $ThemeId = $_POST["ThemeId"]; $FileId = $_POST["FileId"]; $f = new clsThemeFile($FileId); @@ -1134,7 +1164,7 @@ $f->SaveFileContents($c); break; case "m_template_add": - + if($ro_perm) break; $ThemeId = $_POST["ThemeId"]; if( !is_object($f) ) $f = new clsThemeFile(); @@ -1173,6 +1203,7 @@ } break; case "m_template_delete": + if($ro_perm) break; $dummy = new clsThemeFile(); foreach($_POST["itemlist"] as $FileId) { @@ -1226,19 +1257,21 @@ } break; case "m_lang_export": - include_once($pathtoroot."kernel/include/xml.php"); - $Ids = $_POST["LangList"]; // language ids list to export phrases from - - $phrase_types = GetVar('langtypes'); - $phrase_types = ($phrase_types !== false) ? implode(',',$phrase_types) : null; - - $filename=$_POST["filename"]; - if(strlen($filename)>0) - { - $ExportFilename = $pathtoroot.$admin."/export/".$filename; - $ExportResult = $objLanguages->ExportPhrases($ExportFilename,$Ids, $phrase_types); - } - break; + if($ro_perm) break; + include_once($pathtoroot."kernel/include/xml.php"); + $Ids = $_POST["LangList"]; // language ids list to export phrases from + + $phrase_types = GetVar('langtypes'); + $phrase_types = ($phrase_types !== false) ? implode(',',$phrase_types) : null; + + $filename=$_POST["filename"]; + if(strlen($filename)>0) + { + $ExportFilename = $pathtoroot.$admin."/export/".$filename; + $ExportResult = $objLanguages->ExportPhrases($ExportFilename,$Ids, $phrase_types); + } + break; + case "m_lang_edit": $objEditItems = new clsLanguageList(); $objEditItems->SourceTable = $objSession->GetEditTable("Language"); @@ -1276,33 +1309,36 @@ break; case "m_lang_delete": - if($ro_perm) break; - if (isset($_POST["itemlist"])) - { - $Phrases = new clsPhraseList(); - foreach($_POST["itemlist"] as $id) - { - $objLanguages->DeleteLanguage($id); - $Phrases->DeleteLanguage($id); - } - unset($Phrases); - } - break; + if($ro_perm) break; + if (isset($_POST["itemlist"])) + { + $Phrases = new clsPhraseList(); + foreach($_POST["itemlist"] as $id) + { + $objLanguages->DeleteLanguage($id); + $Phrases->DeleteLanguage($id); + } + unset($Phrases); + } + break; + case "m_lang_select": - $LangId = (int)$_POST["langselect"]; - if($LangId) - { - if($objSession->Get("PortalUserId")>0) - { - //echo "$LangId"; - $objSession->SetPersistantVariable("Language",$LangId); - } - $objSession->Set("Language",$LangId); - $objSession->Update(); - $m_var_list_update["lang"] = $LangId; - $m_var_list["lang"] = $LangId; - } - break; + if($ro_perm) break; + $LangId = (int)$_POST["langselect"]; + if($LangId) + { + if($objSession->Get("PortalUserId")>0) + { + //echo "$LangId"; + $objSession->SetPersistantVariable("Language",$LangId); + } + $objSession->Set("Language",$LangId); + $objSession->Update(); + $m_var_list_update["lang"] = $LangId; + $m_var_list["lang"] = $LangId; + } + break; + case "m_phrase_edit": $objPhraseList = new clsPhraseList(); if((int)$_POST["direct"] != 1) @@ -1338,7 +1374,7 @@ unset($objPhraseList); break; case "m_config_missing_phrase": - //phpinfo(INFO_VARIABLES); + if($ro_perm) break; $LangId = $_POST["LangId"]; $ThemeId = $_POST["ThemeId"]; if(is_array($_POST["Phrase"])) @@ -1368,7 +1404,7 @@ } break; case "m_phrase_delete": - if (isset($_POST["itemlist"])) + if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { @@ -1930,20 +1966,24 @@ } break; case "m_restore_delete": - $bdate = $_POST["backupdate"]; - if($bdate>0) - { - $BackupFile = $objConfig->Get("Backup_Path")."/dump".$bdate.".txt"; - if(file_exists($BackupFile)) - unlink($BackupFile); - } - break; + if($ro_perm) break; + $bdate = $_POST["backupdate"]; + if($bdate>0) + { + $BackupFile = $objConfig->Get("Backup_Path")."/dump".$bdate.".txt"; + if(file_exists($BackupFile)) + unlink($BackupFile); + } + break; + case "m_taglib": include($pathtoroot."kernel/include/tag-class.php"); ParseTagLibrary(); - break; + break; + case "m_sql_query": - $SqlQuery = $_POST["sql"]; + if($ro_perm) break; + $SqlQuery = $_POST["sql"]; $ado = GetADODBConnection(); if(strlen($sql)) {