[geeklog-cvs] geeklog-1.3/public_html/admin block.php,1.58,1.59
dhaun at iowaoutdoors.org
dhaun at iowaoutdoors.org
Mon Jul 26 09:40:45 EDT 2004
Update of /var/cvs/geeklog-1.3/public_html/admin
In directory www:/tmp/cvs-serv16919
Modified Files:
block.php
Log Message:
Added some parameter filtering
Index: block.php
===================================================================
RCS file: /var/cvs/geeklog-1.3/public_html/admin/block.php,v
retrieving revision 1.58
retrieving revision 1.59
diff -C2 -d -r1.58 -r1.59
*** block.php 21 Mar 2004 20:58:54 -0000 1.58
--- block.php 26 Jul 2004 13:40:42 -0000 1.59
***************
*** 40,48 ****
// echo COM_debug($HTTP_POST_VARS);
! include('../lib-common.php');
! include('auth.inc.php');
! if (!SEC_hasrights('block.edit')) {
! $display .= COM_siteHeader()
. COM_startBlock ($MESSAGE[30], '',
COM_getBlockTemplate ('_msg_block', 'header'))
--- 40,48 ----
// echo COM_debug($HTTP_POST_VARS);
! require_once ('../lib-common.php');
! require_once ('auth.inc.php');
! if (!SEC_hasrights ('block.edit')) {
! $display .= COM_siteHeader ()
. COM_startBlock ($MESSAGE[30], '',
COM_getBlockTemplate ('_msg_block', 'header'))
***************
*** 50,54 ****
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
. COM_siteFooter ();
! COM_accessLog("User {$_USER['username']} tried to illegally access the block administration screen");
echo $display;
exit;
--- 50,54 ----
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
. COM_siteFooter ();
! COM_accessLog ("User {$_USER['username']} tried to illegally access the block administration screen");
echo $display;
exit;
***************
*** 59,64 ****
* special cases)
*
! * @param string $tid ID for topic to check on
! * @return int returns 3 for read/edit 2 for read only 0 for no access
*
*/
--- 59,64 ----
* special cases)
*
! * @param string $tid ID for topic to check on
! * @return int returns 3 for read/edit 2 for read only 0 for no access
*
*/
***************
*** 83,93 ****
* edit properties so this form shows that.
*
! * @A array Array of data to show on form
! * @access int Permissions this user has
*
*/
! function editdefaultblock($A,$access)
{
! global $_TABLES, $_USER, $LANG21, $_CONF, $LANG_ACCESS;
$retval = '';
--- 83,94 ----
* edit properties so this form shows that.
*
! * @param array $A Array of data to show on form
! * @param int $access Permissions this user has
! * @return string HTML for default block editor
*
*/
! function editdefaultblock ($A, $access)
{
! global $_CONF, $_TABLES, $_USER, $LANG21, $LANG_ACCESS;
$retval = '';
***************
*** 155,164 ****
* send it off to editdefaultblock.
*
! * @bid string ID of block to edit
*
*/
! function editblock($bid='')
{
! global $_TABLES, $_USER, $LANG21, $_CONF, $LANG_ACCESS;
if (!empty($bid)) {
--- 156,168 ----
* send it off to editdefaultblock.
*
! * @param string $bid ID of block to edit
! * @return string HTML for block editor
*
*/
! function editblock ($bid = '')
{
! global $_CONF, $_TABLES, $_USER, $LANG21, $LANG_ACCESS;
!
! $retval = '';
if (!empty($bid)) {
***************
*** 309,334 ****
* Saves a block
*
! * @bid string Block ID
! * @title string Block title
! * @type string Type of block
! * @blockorder int Order block appears relative to the others
! * @content string Content of block
! * @tid string Topic block should appear in
! * @rdfurl string URL to headline feed for portal blocks
! * @rdfupdated string Date RSS/RDF feed was last updated
! * @phpblockfn string Name of php function to call to get content
! * @onleft int Flag indicates if block shows up on left or right
! * @owner_id int ID of owner
! * @group_id int ID of group block belongs to
! * @perm_owner array Permissions the owner has on the object
! * @perm_group array Permissions the group has on the object
! * @perm_members array Permissions the logged in members have
! * @perm_anon array Permissinos anonymous users have
! * @is_enabled int Flag, indicates if block is enabled or not
*
*/
! function saveblock($bid,$name,$title,$help,$type,$blockorder,$content,$tid,$rdfurl,$rdfupdated,$phpblockfn,$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled)
{
! global $_TABLES, $_CONF, $LANG21, $LANG01, $MESSAGE, $HTTP_POST_VARS;
// Convert array values to numeric permission values
--- 313,341 ----
* Saves a block
*
! * @param string $bid Block ID
! * @param string $title Block title
! * @param string $type Type of block
! * @param int $blockorder Order block appears relative to the others
! * @param string $content Content of block
! * @param string $tid Topic block should appear in
! * @param string $rdfurl URL to headline feed for portal blocks
! * @param string $rdfupdated Date RSS/RDF feed was last updated
! * @param string $phpblockfn Name of php function to call to get content
! * @param int $onleft Flag indicates if block shows up on left or right
! * @param int $owner_id ID of owner
! * @param int $group_id ID of group block belongs to
! * @param array $perm_owner Permissions the owner has on the object
! * @param array $perm_group Permissions the group has on the object
! * @param array $perm_members Permissions the logged in members have
! * @param array $perm_anon Permissinos anonymous users have
! * @param int $is_enabled Flag, indicates if block is enabled or not
! * @return string HTML redirect or error message
*
*/
! function saveblock ($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled)
{
! global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $HTTP_POST_VARS;
!
! $retval = '';
// Convert array values to numeric permission values
***************
*** 347,359 ****
}
if (($access < 3) || !hasBlockTopicAccess ($tid) || !SEC_inGroup ($group_id)) {
! $display .= COM_siteHeader('menu');
! $display .= COM_startBlock ($MESSAGE[30], '',
COM_getBlockTemplate ('_msg_block', 'header'));
! $display .= $MESSAGE[31];
! $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
! $display .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block $bid.");
! echo $display;
! exit;
} elseif (($type == 'normal' && !empty($title) && !empty($content)) OR ($type == 'portal' && !empty($title) && !empty($rdfurl)) OR ($type == 'layout' && !empty($content)) OR ($type == 'gldefault' && (strlen($blockorder)>0)) OR ($type == 'phpblock' && !empty($phpblockfn) && !empty($title))) {
if ($is_enabled == 'on') {
--- 354,366 ----
}
if (($access < 3) || !hasBlockTopicAccess ($tid) || !SEC_inGroup ($group_id)) {
! $retval .= COM_siteHeader('menu');
! $retval .= COM_startBlock ($MESSAGE[30], '',
COM_getBlockTemplate ('_msg_block', 'header'));
! $retval .= $MESSAGE[31];
! $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
! $retval .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block $bid.");
!
! return $retval;
} elseif (($type == 'normal' && !empty($title) && !empty($content)) OR ($type == 'portal' && !empty($title) && !empty($rdfurl)) OR ($type == 'layout' && !empty($content)) OR ($type == 'gldefault' && (strlen($blockorder)>0)) OR ($type == 'phpblock' && !empty($phpblockfn) && !empty($title))) {
if ($is_enabled == 'on') {
***************
*** 409,413 ****
$title = addslashes (COM_stripslashes ($title));
! DB_save($_TABLES['blocks'],'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled',"$bid,'$name','$title','$help','$type','$blockorder','$content','$tid','$rdfurl','$rdfupdated','$phpblockfn',$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled",$_CONF['site_admin_url'] . "/block.php?msg=11");
if (($type == 'gldefault') && ($name == 'older_stories')) {
--- 416,420 ----
$title = addslashes (COM_stripslashes ($title));
! DB_save($_TABLES['blocks'],'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled',"$bid,'$name','$title','$help','$type','$blockorder','$content','$tid','$rdfurl','$rdfupdated','$phpblockfn',$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled");
if (($type == 'gldefault') && ($name == 'older_stories')) {
***************
*** 415,418 ****
--- 422,426 ----
}
+ return COM_refresh ($_CONF['site_admin_url'] . '/block.php?msg=11');
} else {
$retval .= COM_siteHeader()
***************
*** 446,449 ****
--- 454,459 ----
* Lists all block in the system
*
+ * @return string HTML with list of blocks
+ *
*/
function listblocks()
***************
*** 553,560 ****
*
*/
- function moveBlock() {
-
- global $HTTP_GET_VARS,$_CONF, $_TABLES, $LANG21;
$retval = '';
--- 563,570 ----
*
*/
+ function moveBlock()
+ {
+ global $_CONF, $_TABLES, $LANG21, $HTTP_GET_VARS;
$retval = '';
***************
*** 596,601 ****
* Enable and Disable block
*/
! function changeBlockStatus($bid) {
! global $_TABLES,$_CONF;
if (DB_getItem($_TABLES['blocks'],"is_enabled", "bid=$bid")) {
DB_query("UPDATE {$_TABLES['blocks']} set is_enabled = '0' WHERE bid=$bid");
--- 606,613 ----
* Enable and Disable block
*/
! function changeBlockStatus ($bid)
! {
! global $_CONF, $_TABLES;
!
if (DB_getItem($_TABLES['blocks'],"is_enabled", "bid=$bid")) {
DB_query("UPDATE {$_TABLES['blocks']} set is_enabled = '0' WHERE bid=$bid");
***************
*** 610,613 ****
--- 622,628 ----
* Delete a block
*
+ * @param string $bid id of block to delete
+ * @return string HTML redirect or error message
+ *
*/
function deleteBlock ($bid)
***************
*** 633,644 ****
$mode = $HTTP_POST_VARS['mode'];
}
! elseif (isset ($HTTP_GET_VARS['mode'])) {
$mode = $HTTP_GET_VARS['mode'];
}
if (isset ($HTTP_POST_VARS['bid'])) {
! $bid = $HTTP_POST_VARS['bid'];
}
! elseif (isset ($HTTP_GET_VARS['bid'])) {
! $bid = $HTTP_GET_VARS['bid'];
}
--- 648,659 ----
$mode = $HTTP_POST_VARS['mode'];
}
! else {
$mode = $HTTP_GET_VARS['mode'];
}
if (isset ($HTTP_POST_VARS['bid'])) {
! $bid = COM_applyFilter ($HTTP_POST_VARS['bid']);
}
! else {
! $bid = COM_applyFilter ($HTTP_GET_VARS['bid']);
}
***************
*** 655,665 ****
}
} else if (($mode == $LANG21[54]) && !empty ($LANG21[54])) { // save
! $display .= saveblock($bid,$name,$title,$help,$type,$blockorder,$content,
! $tid,$rdfurl,$rdfupdated,$phpblockfn,$onleft,$owner_id,$group_id,
! $perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled);
} else if ($mode == 'edit') {
! $display .= COM_siteHeader()
! .editblock($bid)
! .COM_siteFooter();
} else if ($mode == 'move') {
$display .= COM_siteHeader();
--- 670,687 ----
}
} else if (($mode == $LANG21[54]) && !empty ($LANG21[54])) { // save
! $display .= saveblock ($bid, $HTTP_POSTVARS['name'],
! $HTTP_POST_VARS['title'], $HTTP_POST_VARS['help'],
! $HTTP_POST_VARS['type'], $HTTP_POST_VARS['blockorder'],
! $HTTP_POST_VARS['content'], $HTTP_POST_VARS['tid'],
! $HTTP_POST_VARS['rdfurl'], $HTTP_POST_VARS['rdfupdated'],
! $HTTP_POST_VARS['phpblockfn'], $HTTP_POST_VARS['onleft'],
! $HTTP_POST_VARS['owner_id'], $HTTP_POST_VARS['group_id'],
! $HTTP_POST_VARS['perm_owner'], $HTTP_POST_VARS['perm_group'],
! $HTTP_POST_VARS['perm_members'], $HTTP_POST_VARS['perm_anon'],
! $HTTP_POST_VARS['is_enabled']);
} else if ($mode == 'edit') {
! $display .= COM_siteHeader ()
! . editblock ($bid)
! . COM_siteFooter ();
} else if ($mode == 'move') {
$display .= COM_siteHeader();
***************
*** 668,675 ****
$display .= COM_siteFooter();
} else { // 'cancel' or no mode at all
! $display .= COM_siteHeader()
! .COM_showMessage($msg)
! .listblocks()
! .COM_siteFooter();
}
--- 690,705 ----
$display .= COM_siteFooter();
} else { // 'cancel' or no mode at all
! $display .= COM_siteHeader ();
! $msg = 0;
! if (isset ($HTTP_POST_VARS['msg'])) {
! $msg = COM_applyFilter ($HTTP_POST_VARS['msg'], true);
! } else if (isset ($HTTP_GET_VARS['msg'])) {
! $msg = COM_applyFilter ($HTTP_GET_VARS['msg'], true);
! }
! if ($msg > 0) {
! $display .= COM_showMessage ($msg);
! }
! $display .= listblocks ();
! $display .= COM_siteFooter ();
}
More information about the geeklog-cvs
mailing list