X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-guestedit.php;h=d5486ef469369c2dd29d156a0830576f0694d71c;hp=c2d46fab5b9b77eb53844481b7f6bd8fdae05ea1;hb=b8c86fa12322603c24a88ea2b0fd3dbeba612752;hpb=d5ee31ebfc85f22fc691b8c2753c42e188c1c4ef diff --git a/inc/modules/admin/what-guestedit.php b/inc/modules/admin/what-guestedit.php index c2d46fab5b..d5486ef469 100644 --- a/inc/modules/admin/what-guestedit.php +++ b/inc/modules/admin/what-guestedit.php @@ -43,24 +43,24 @@ ADD_DESCR("admin", __FILE__); // Do we edit/delete/change main menus or sub menus? $AND = "(`what` = '' OR `what` IS NULL)"; $SUB = ""; -if (!empty($_GET['sub'])) { - $AND = sprintf("action='%s' AND `what` IS NOT NULL", SQL_ESCAPE($_GET['sub'])); - $SUB = SQL_ESCAPE($_GET['sub']); +if (REQUEST_ISSET_GET(('sub'))) { + $AND = sprintf("action='%s' AND `what` IS NOT NULL", REQUEST_GET(('sub'))); + $SUB = REQUEST_GET(('sub')); } // END - if // Get count of (maybe) selected menu points $chk = 0; -if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']); +if (REQUEST_ISSET_POST(('sel'))) $chk = SELECTION_COUNT(REQUEST_POST('sel')); // List all menu points and make them editable -if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) +if ((REQUEST_ISSET_POST(('edit'))) && ($chk > 0) && (!IS_DEMO())) { // Edit menu entries define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); $cnt = 0; $SW = 2; $OUT = ""; - foreach ($_POST['sel'] as $sel => $confirm) + foreach (REQUEST_POST('sel') as $sel => $confirm) { if ($confirm == 1) { @@ -99,23 +99,18 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) // Load template LOAD_TEMPLATE("admin_gmenu_edit_form"); -} - elseif ((isset($_POST['del'])) && (!IS_DEMO())) -{ +} elseif ((REQUEST_ISSET_POST(('del'))) && (!IS_DEMO())) { // Del menu entries with or without confirmation define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); $cnt = 0; $OUT = ""; $SW = 2; - foreach ($_POST['sel'] as $sel => $confirm) - { - if ($confirm == 1) - { + foreach (REQUEST_POST('sel') as $sel => $confirm) { + if ($confirm == 1) { $cnt++; $result = SQL_QUERY_ESC("SELECT title FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($sel)), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array(bigintval($sel)), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Entry found so we load the stuff... list($menu) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -126,9 +121,7 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) 'sw' => $SW, ); $OUT .= LOAD_TEMPLATE("admin_gmenu_delete_row", true, $DATA); - } - else - { + } else { // Entry not found? $content = array( 'sw' => $SW, @@ -144,28 +137,24 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) // Load template LOAD_TEMPLATE("admin_gmenu_delete"); -} - elseif ((isset($_POST['ok'])) && (!IS_DEMO())) -{ +} elseif ((IS_FORM_SENT()) && (!IS_DEMO())) { // An action is done... - switch ($_POST['ok']) + switch (REQUEST_POST('ok')) { case "edit": // Edit menu - foreach ($_POST['sel'] as $sel => $menu) - { + foreach (REQUEST_POST('sel') as $sel => $menu) { // Secure selector $sel = bigintval($sel); // Update entry - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `title`='%s', `action`='%s', `what`='%s' WHERE ".$AND." AND id=%s LIMIT 1", + array($menu, REQUEST_POST('sel_action', $sel), REQUEST_POST('sel_what', $sel), $sel),__FILE__, __LINE__); } LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED')); break; case "del": // Delete menu - foreach ($_POST['sel'] as $sel => $menu) - { + foreach (REQUEST_POST('sel') as $sel => $menu) { // Delete enty SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE ".$AND." AND id=%s LIMIT 1", array(bigintval($sel)), __FILE__, __LINE__); @@ -174,34 +163,31 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) break; case "status": // Change access levels - foreach ($_POST['sel'] as $sel => $menu) - { + foreach (REQUEST_POST('sel') as $sel => $menu) { // Secure selector $sel = bigintval($sel); // Update entry SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `visible`='%s', `locked`='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__); + array(REQUEST_POST('visible', $sel), REQUEST_POST('locked', $sel), $sel), __FILE__, __LINE__); } LOAD_TEMPLATE("admin_settings_saved", false, getMessage('SETTINGS_SAVED')); break; default: // Unexpected action - define('__OK_VALUE', $_POST['ok']); - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", $_POST['ok'])); + define('__OK_VALUE', REQUEST_POST('ok')); + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", REQUEST_POST('ok'))); LOAD_TEMPLATE("admin_menu_unknown_okay"); break; } -} - elseif ((isset($_POST['status'])) && ($chk > 0) && (!IS_DEMO())) -{ +} elseif ((REQUEST_ISSET_POST(('status'))) && ($chk > 0) && (!IS_DEMO())) { // Change status (visible / locked) define('__SUB_VALUE', $SUB); define('__CHK_VALUE', $chk); // Load template $SW = 2; $cnt = 0; $OUT = ""; - foreach ($_POST['sel'] as $sel => $confirm) + foreach (REQUEST_POST('sel') as $sel => $confirm) { if ($confirm == 1) { @@ -243,36 +229,36 @@ if ((isset($_POST['edit'])) && ($chk > 0) && (!IS_DEMO())) // Load template LOAD_TEMPLATE("admin_gmenu_status"); } else { - if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid']))) { + if ((REQUEST_ISSET_GET(('act'))) && (REQUEST_ISSET_GET(('tid'))) && (REQUEST_ISSET_GET(('fid')))) { // Get IDs - if (!empty($_GET['w'])) { + if (REQUEST_ISSET_GET(('w'))) { // Sub menus selected - $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE action='%s' AND sort='%s' LIMIT 1", - array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1", + array(REQUEST_GET('act'), bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__); list($tid) = SQL_FETCHROW($result); SQL_FREERESULT($result); - $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE action='%s' AND sort='%s' LIMIT 1", - array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE `action`='%s' AND `sort`='%s' LIMIT 1", + array(REQUEST_GET('act'), bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__); list($fid) = SQL_FETCHROW($result); SQL_FREERESULT($result); } else { // Main menu selected - $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND sort='%s' LIMIT 1", - array(bigintval($_GET['tid'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1", + array(bigintval(REQUEST_GET('tid'))), __FILE__, __LINE__); list($tid) = SQL_FETCHROW($result); SQL_FREERESULT($result); - $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND sort='%s' LIMIT 1", - array(bigintval($_GET['fid'])), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE (what='' OR `what` IS NULL) AND `sort`='%s' LIMIT 1", + array(bigintval(REQUEST_GET('fid'))), __FILE__, __LINE__); list($fid) = SQL_FETCHROW($result); SQL_FREERESULT($result); } if ((!empty($tid)) && (!empty($fid))) { // Sort menu - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__); - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1", - array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1", + array(bigintval(REQUEST_GET('tid')), bigintval($fid)), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_guest_menu` SET `sort`='%s' WHERE ".$AND." AND id=%s LIMIT 1", + array(bigintval(REQUEST_GET('fid')), bigintval($tid)), __FILE__, __LINE__); } // END - if } // END - if