Mercurial Mercurial > repos > enano-1.1 / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/SpecialAdmin.php
changeset 215 94db56b8124f
parent 210 2b283402e4e4
child 216 feaffad3e07b 
--- a/plugins/SpecialAdmin.php	Sun Oct 28 23:50:10 2007 -0400
+++ b/plugins/SpecialAdmin.php	Mon Oct 29 11:17:55 2007 -0400
@@ -3026,7 +3026,7 @@
             echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>';
             break;
           }
-          $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . intval($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
+          $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
           if(!$query)
           {
             echo $db->get_error();
@@ -3074,6 +3074,21 @@
             die('GOOD');
           }
           break;
+        case 'rename';
+          $newname = $db->escape($_POST['newname']);
+          $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';');
+          if(!$q)
+          {
+            echo $db->get_error();
+            $template->footer();
+            exit;
+          }
+          if(isset($_GET['ajax']))
+          {
+            ob_end_clean();
+            die('GOOD');
+          }
+          break;
         case 'getsource':
           $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
           if(!$q)
@@ -3205,6 +3220,8 @@
           $parser = $template->makeParserText($vars['sidebar_section']);
           $c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
           $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
+          // fix for the "Administration" link that somehow didn't get rendered properly
+          $c = preg_replace("/(^|\n)([ ]*)<a([ ]+.*)?>(.+)<\/a>(<br(.*)\/>)([\r\n]+|$)/isU", '\\1\\2<li><a\\3>\\4</a></li>\\7', $c);
           break;
         case BLOCK_HTML:
           $parser = $template->makeParserText($vars['sidebar_section_raw']);
@@ -3224,7 +3241,7 @@
           $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
           break;
       }
-      $block_name = $template->tplWikiFormat($row['block_name']);
+      $block_name = $row['block_name']; // $template->tplWikiFormat($row['block_name']);
       if ( empty($block_name) )
         $block_name = '&lt;Unnamed&gt;';
       $t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>';
Enano CMS (1.1.x)