X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-adminedit.php;h=88db098f49578b9b0fe627dc913e1a5388c1ae5b;hp=803b98bc38c87eca2a147057ca02bf66e2a59825;hb=f7f6e55ee0d90558ad773ce6168767c0af816696;hpb=75ad748a68473ace540251427a74fb781b1145e9

diff --git a/inc/modules/admin/what-adminedit.php b/inc/modules/admin/what-adminedit.php
index 803b98bc38..88db098f49 100644
--- a/inc/modules/admin/what-adminedit.php
+++ b/inc/modules/admin/what-adminedit.php
@@ -32,16 +32,16 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
+
 // Add description as navigation point
 ADD_DESCR("admin", basename(__FILE__));
 
 // Do we edit/delete/change main menus or sub menus?
-$AND = "what=''"; $SUB = "";
+$AND = "(what = '' OR what IS NULL)"; $SUB = "";
 if (!empty($_GET['sub']))
 {
 	$AND = sprintf("action='%s'", SQL_ESCAPE($_GET['sub']));
@@ -52,23 +52,18 @@ if (!empty($_GET['sub']))
 $chk = 0;
 if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
 
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
-
 // List all menu points and make them editable
-OUTPUT_HTML ("<BR><BR></FONT>
-<DIV align=\"center\">");
-if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
-{
+if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) {
 	// Edit menu entries
 	define('__SUB_VALUE', $SUB);
 	define('__CHK_VALUE', $chk);
 	$cnt = 0; $SW = 2;
-	foreach ($_POST['sel'] as $sel=>$confirm)
+	foreach ($_POST['sel'] as $sel => $confirm)
 	{
 		if ($confirm == 1)
 		{
 			$cnt++;
-			$result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+			$result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($sel)), __FILE__, __LINE__);
 			if (SQL_NUMROWS($result) == 1)
 			{
@@ -112,12 +107,12 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 	define('__CHK_VALUE', $chk);
 	// Del menu entries with or without confirmation
 	$SW = 2; $cnt = 0; $OUT = "";
-	foreach ($_POST['sel'] as $sel=>$confirm)
+	foreach ($_POST['sel'] as $sel => $confirm)
 	{
 		if ($confirm == 1)
 		{
 			$cnt++;
-			$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+			$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($sel)), __FILE__, __LINE__);
 			if (SQL_NUMROWS($result) == 1)
 			{
@@ -158,7 +153,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO()))
 	switch ($_POST['ok'])
 	{
 	case "edit": // Edit menu
-		foreach ($_POST['sel'] as $sel=>$menu)
+		foreach ($_POST['sel'] as $sel => $menu)
 		{
 			// Secure ID
 			$sel = bigintval($sel);
@@ -169,7 +164,7 @@ title='%s',
 action='%s',
 what='%s',
 descr='%s'
-WHERE ".$AND." AND id=%d LIMIT 1",
+WHERE ".$AND." AND id=%s LIMIT 1",
  array(
 	$menu,
 	$_POST['sel_action'][$sel],
@@ -178,14 +173,16 @@ WHERE ".$AND." AND id=%d LIMIT 1",
 	$sel,
 ), __FILE__, __LINE__);
 		}
+		CACHE_PURGE_ADMIN_MENU(0, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel]);
 		LOAD_TEMPLATE("admin_data_saved");
 		break;
 
 	case "del": // Delete menu
-		foreach ($_POST['sel'] as $sel=>$menu)
+		foreach ($_POST['sel'] as $sel => $menu)
 		{
-			$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%d LIMIT 1",
+			$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($sel)), __FILE__, __LINE__);
+			CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
 		}
 		LOAD_TEMPLATE("admin_data_saved");
 		break;
@@ -216,11 +213,11 @@ WHERE ".$AND." AND id=%d LIMIT 1",
 		 else
 		{
 			// Main menu selected
-			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE what='' AND sort='%s' LIMIT 1",
+			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) AND sort='%s' LIMIT 1",
 			 array(bigintval($_GET['tid'])), __FILE__, __LINE__);
 			list($tid) = SQL_FETCHROW($result);
 			SQL_FREERESULT($result);
-			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE what='' AND sort='%s' LIMIT 1",
+			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) AND sort='%s' LIMIT 1",
 			 array(bigintval($_GET['fid'])), __FILE__, __LINE__);
 			list($fid) = SQL_FETCHROW($result);
 			SQL_FREERESULT($result);
@@ -229,10 +226,11 @@ WHERE ".$AND." AND id=%d LIMIT 1",
 		if ((!empty($tid)) && (!empty($fid)))
 		{
 			// Sort menu
-			$result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+			$result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
-			$result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+			$result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
 			 array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+			CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
 		}
 	}
 
@@ -240,13 +238,13 @@ WHERE ".$AND." AND id=%d LIMIT 1",
 	if (!empty($SUB))
 	{
 		// Sub menus of a main menu
-		$result = SQL_QUERY_ESC("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' ORDER BY sort ASC",
+		$result = SQL_QUERY_ESC("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort ASC",
 		 array($SUB), __FILE__, __LINE__);
 	}
 	 else
 	{
 		// Main menus
-		$result = SQL_QUERY("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_admin_menu WHERE what='' ORDER BY sort ASC", __FILE__, __LINE__);
+		$result = SQL_QUERY("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) ORDER BY sort ASC", __FILE__, __LINE__);
 	}
 	$max = SQL_NUMROWS($result);
 	if ($max > 0)
@@ -302,7 +300,6 @@ WHERE ".$AND." AND id=%d LIMIT 1",
 		LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NO_MENUS_FOUND);
 	}
 }
-OUTPUT_HTML ("</DIV>");
-CLOSE_TABLE();
+
 //
 ?>