Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/SpecialAdmin.php
changeset 607 935f3799b654
parent 605 d2d4e40ecd29
child 621 68f8a9cc0a18
equal deleted inserted replaced
605:d2d4e40ecd29 607:935f3799b654 
  2164 
  2164 
  2165 function page_Special_EditSidebar()
 
  2165 function page_Special_EditSidebar()
 
  2166 {
 
  2166 {
 
  2167   global $db, $session, $paths, $template, $plugins; // Common objects
 
  2167   global $db, $session, $paths, $template, $plugins; // Common objects
 
  2168   global $lang;
 
  2168   global $lang;
 
       
  2169   global $cache;
 
  2169   
  2170   
  2170   if($session->auth_level < USER_LEVEL_ADMIN) 
  2171   if($session->auth_level < USER_LEVEL_ADMIN) 
  2171   {
 
  2172   {
 
  2172     redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
 
  2173     redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false);
 
  2173     exit;
 
  2174     exit;
 
  2225           echo $t;
 
  2226           echo $t;
 
  2226           $template->footer();
 
  2227           $template->footer();
 
  2227           exit;
 
  2228           exit;
 
  2228         }
 
  2229         }
 
  2229       }
 
  2230       }
 
       
  2231       $cache->purge('anon_sidebar');
 
  2230       echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_order_update_success') . '</div>';
 
  2232       echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_order_update_success') . '</div>';
 
  2231     }
 
  2233     }
 
  2232     elseif(isset($_POST['create']))
 
  2234     elseif(isset($_POST['create']))
 
  2233     {
 
  2235     {
 
  2234       switch((int)$_POST['type'])
 
  2236       switch((int)$_POST['type'])
 
  2277       {
 
  2279       {
 
  2278         echo $db->get_error();
 
  2280         echo $db->get_error();
 
  2279         $template->footer();
 
  2281         $template->footer();
 
  2280         exit;
 
  2282         exit;
 
  2281       }
 
  2283       }
 
  2282       
  2284     
       
  2285       $cache->purge('anon_sidebar');
 
  2283       echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_item_added') . '</div>';
 
  2286       echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_item_added') . '</div>';
 
  2284       
  2287       
  2285     }
 
  2288     }
 
  2286     
  2289     
  2287     if(isset($_GET['action']) && isset($_GET['id']))
 
  2290     if(isset($_GET['action']) && isset($_GET['id']))
 
  2383               <p>
 
  2386               <p>
 
  2384                 <select name="plugin_id">
 
  2387                 <select name="plugin_id">
 
  2385                 <?php
 
  2388                 <?php
 
  2386                   foreach($template->plugin_blocks as $k => $c)
 
  2389                   foreach($template->plugin_blocks as $k => $c)
 
  2387                   {
 
  2390                   {
 
  2388                     echo '<option value="'.$k.'">'.$k.'</option>';
 
  2391                     echo '<option value="'.$k.'">'.$lang->get($k).'</option>';
 
  2389                   }
 
  2392                   }
 
  2390                 ?>
 
  2393                 ?>
 
  2391                 </select>
 
  2394                 </select>
 
  2392               </p>
 
  2395               </p>
 
  2393             </div>
 
  2396             </div>
 
  2412           <?php
 
  2415           <?php
 
  2413           $template->footer();
 
  2416           $template->footer();
 
  2414           return;
 
  2417           return;
 
  2415           break;
 
  2418           break;
 
  2416         case 'move':
 
  2419         case 'move':
 
       
  2420           $cache->purge('anon_sidebar');
 
  2417           if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
 
  2421           if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) )
 
  2418           {
 
  2422           {
 
  2419             echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
 
  2423             echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
 
  2420             break;
 
  2424             break;
 
  2421           }
 
  2425           }
 
  2434           {
 
  2438           {
 
  2435             echo $db->get_error();
 
  2439             echo $db->get_error();
 
  2436             $template->footer();
 
  2440             $template->footer();
 
  2437             exit;
 
  2441             exit;
 
  2438           }
 
  2442           }
 
       
  2443           $cache->purge('anon_sidebar');
 
  2439           if(isset($_GET['ajax']))
 
  2444           if(isset($_GET['ajax']))
 
  2440           {
 
  2445           {
 
  2441             ob_end_clean();
 
  2446             ob_end_clean();
 
  2442             die('GOOD');
 
  2447             die('GOOD');
 
  2443           }
 
  2448           }
 
  2491             exit;
 
  2496             exit;
 
  2492           }
 
  2497           }
 
  2493           ob_end_clean();
 
  2498           ob_end_clean();
 
  2494           $r = $db->fetchrow();
 
  2499           $r = $db->fetchrow();
 
  2495           $db->free_result();
 
  2500           $db->free_result();
 
       
  2501           $cache->purge('anon_sidebar');
 
       
  2502           
  2496           if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN');
 
  2503           if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN');
 
  2497           die($r['block_content']);
 
  2504           die($r['block_content']);
 
  2498           break;
 
  2505           break;
 
  2499         case 'save':
 
  2506         case 'save':
 
  2500           if ( defined('ENANO_DEMO_MODE') )
 
  2507           if ( defined('ENANO_DEMO_MODE') )
 
  2553             case BLOCK_PLUGIN:
 
  2560             case BLOCK_PLUGIN:
 
  2554               $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : $lang->get('sbedit_msg_plugin_not_loaded');
 
  2561               $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : $lang->get('sbedit_msg_plugin_not_loaded');
 
  2555               break;
 
  2562               break;
 
  2556           }
 
  2563           }
 
  2557           $c = preg_replace('/\{(restrict|hideif) ([a-z0-9_\(\)\|&! ]+)\}/', '', $c);
 
  2564           $c = preg_replace('/\{(restrict|hideif) ([a-z0-9_\(\)\|&! ]+)\}/', '', $c);
 
       
  2565           $cache->purge('anon_sidebar');
 
  2558           die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');');
 
  2566           die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');');
 
  2559           break;
 
  2567           break;
 
  2560       }
 
  2568       }
 
  2561     }
 
  2569     }
 
  2562     
  2570
Enano CMS (1.1.x)