This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | /* |
||
3 | * You may not change or alter any portion of this comment or credits |
||
4 | * of supporting developers from this source code or any supporting source code |
||
5 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||
6 | * |
||
7 | * This program is distributed in the hope that it will be useful, |
||
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
10 | */ |
||
11 | |||
12 | /** |
||
13 | * @copyright XOOPS Project (https://xoops.org) |
||
14 | * @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html) |
||
15 | * @author XOOPS Development Team, Kazumi Ono (AKA onokazu) |
||
16 | */ |
||
17 | |||
18 | use Xmf\Request; |
||
19 | use XoopsModules\Lexikon\{Helper |
||
20 | }; |
||
21 | |||
22 | $moduleDirName = \basename(\dirname(__DIR__)); |
||
23 | $moduleDirNameUpper = \mb_strtoupper($moduleDirName); |
||
24 | |||
25 | $helper = Helper::getInstance(); |
||
26 | $helper->loadLanguage('admin'); |
||
27 | |||
28 | if (!is_object($xoopsUser) || !is_object($xoopsModule) || !$xoopsUser->isAdmin($xoopsModule->mid())) { |
||
29 | exit('Access Denied'); |
||
30 | } |
||
31 | require_once XOOPS_ROOT_PATH . '/kernel/block.php'; |
||
32 | //mb require_once XOOPS_ROOT_PATH . '/modules/system/admin/blocksadmin/blocksadmin.php'; |
||
33 | |||
34 | $op = 'list'; |
||
35 | |||
36 | if (!empty($_POST['op'])) { |
||
37 | $op = $_POST['op']; |
||
38 | } |
||
39 | if (!empty($_POST['bid'])) { |
||
40 | $bid = Request::getInt('bid', 0, 'POST'); |
||
41 | } |
||
42 | |||
43 | if (Request::hasVar('op', 'GET')) { |
||
44 | if ('edit' === $_GET['op'] || 'delete' === $_GET['op'] || 'delete_ok' === $_GET['op'] |
||
45 | || 'clone' === $_GET['op'] /* || $_GET['op'] == 'previewpopup'*/) { |
||
46 | $op = $_GET['op']; |
||
47 | $bid = Request::getInt('bid', 0, 'GET'); |
||
48 | } |
||
49 | } |
||
50 | |||
51 | if (Request::hasVar('previewblock', 'POST')) { |
||
52 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||
53 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||
54 | } |
||
55 | |||
56 | if (empty($bid)) { |
||
57 | exit('Invalid bid.'); |
||
58 | } |
||
59 | |||
60 | $bside = Request::getInt('bside', 0, 'POST'); |
||
61 | $bweight = Request::getInt('bweight', 0, 'POST'); |
||
62 | $bvisible = Request::getInt('bvisible', 0, 'POST'); |
||
63 | $bmodule = Request::getArray('bmodule', [], 'POST'); |
||
64 | $btitle = Request::getString('btitle', '', 'POST'); |
||
65 | $bcontent = Request::getString('bcontent', '', 'POST'); |
||
66 | $bctype = Request::getString('bctype', '', 'POST'); |
||
67 | $bcachetime = Request::getInt('bcachetime', 0, 'POST'); |
||
68 | |||
69 | xoops_cp_header(); |
||
70 | require_once XOOPS_ROOT_PATH . '/class/template.php'; |
||
71 | $xoopsTpl = new \XoopsTpl(); |
||
72 | $xoopsTpl->caching = 0; |
||
73 | $block['bid'] = $bid; |
||
74 | |||
75 | if ('clone_ok' === $op) { |
||
76 | $block['form_title'] = _AM_CLONEBLOCK; |
||
77 | $block['submit_button'] = _CLONE; |
||
78 | $myblock = new \XoopsBlock(); |
||
79 | $myblock->setVar('block_type', 'C'); |
||
80 | } else { |
||
81 | $op = 'update'; |
||
82 | $block['form_title'] = _AM_EDITBLOCK; |
||
83 | $block['submit_button'] = _SUBMIT; |
||
84 | $myblock = new \XoopsBlock($bid); |
||
85 | $block['name'] = $myblock->getVar('name'); |
||
86 | } |
||
87 | |||
88 | $myts = \MyTextSanitizer::getInstance(); |
||
89 | $myblock->setVar('title', ($btitle)); |
||
90 | $myblock->setVar('content', ($bcontent)); |
||
91 | |||
92 | $block['edit_form'] = false; |
||
93 | $block['template'] = ''; |
||
94 | $block['op'] = $op; |
||
95 | $block['side'] = $bside; |
||
96 | $block['weight'] = $bweight; |
||
97 | $block['visible'] = $bvisible; |
||
98 | $block['title'] = $myblock->getVar('title', 'E'); |
||
99 | $block['content'] = $myblock->getVar('content', 'n'); |
||
100 | $block['modules'] = $bmodule; |
||
101 | $block['ctype'] = $bctype ?? $myblock->getVar('c_type'); |
||
102 | $block['is_custom'] = true; |
||
103 | $block['cachetime'] = $bcachetime; |
||
104 | echo '<a href="myblocksadmin.php">' . constant('CO_' . $moduleDirNameUpper . '_' . 'BADMIN') . '</a> <span style="font-weight:bold;">»»</span> ' . $block['form_title'] . '<br><br>'; |
||
105 | require_once \dirname(__DIR__) . '/admin/myblockform.php'; //GIJ |
||
106 | |||
107 | // $xoopsGTicket->addTicketXoopsFormElement($form, __LINE__, 1800, 'myblocksadmin'); //GIJ |
||
108 | $form->display(); |
||
109 | |||
110 | $original_level = error_reporting(E_ALL); |
||
111 | echo " |
||
112 | <table width='100%' class='outer' cellspacing='1'> |
||
113 | <tr> |
||
114 | <th>" . $myblock->getVar('title') . "</th> |
||
115 | </tr> |
||
116 | <tr> |
||
117 | <td class='odd'>" . $myblock->getContent('S', $bctype) . '</td> |
||
118 | </tr> |
||
119 | </table>'; |
||
120 | error_reporting($original_level); |
||
121 | |||
122 | xoops_cp_footer(); |
||
123 | /* echo '<script type="text/javascript"> |
||
124 | preview_window = openWithSelfMain("'.XOOPS_URL.'/modules/system/admin.php?fct=blocksadmin&op=previewpopup&file='.$dummyfile.'", "popup", 250, 200); |
||
125 | </script>';*/ |
||
126 | |||
127 | exit(); |
||
128 | } |
||
129 | |||
130 | /* if ($op == 'previewpopup') { |
||
131 | if ( !admin_refcheck("/modules/$moduleDirName/admin/") ) { |
||
132 | exit('Invalid Referer'); |
||
133 | } |
||
134 | $file = str_replace('..', '', XOOPS_CACHE_PATH.'/'.trim($_GET['file'])); |
||
135 | if (file_exists($file)) { |
||
136 | require $file; |
||
137 | @unlink($file); |
||
138 | } |
||
139 | exit(); |
||
140 | } */ |
||
141 | |||
142 | /* if ($op == "list") { |
||
143 | xoops_cp_header(); |
||
144 | list_blocks(); |
||
145 | xoops_cp_footer(); |
||
146 | exit(); |
||
147 | } */ |
||
148 | |||
149 | if ('order' === $op) { |
||
150 | //if ( !admin_refcheck("/modules/$moduleDirName/admin/") ) { |
||
151 | // exit('Invalid Referer'); |
||
152 | //} |
||
153 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||
154 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||
155 | } |
||
156 | if (Request::hasVar('side', 'POST')) { |
||
157 | $side = $_POST['side']; |
||
158 | } |
||
159 | // if ( !empty($_POST['weight']) ) { $weight = $_POST['weight']; } |
||
160 | if (Request::hasVar('visible', 'POST')) { |
||
161 | $visible = $_POST['visible']; |
||
162 | } |
||
163 | // if ( !empty($_POST['oldside']) ) { $oldside = $_POST['oldside']; } |
||
164 | // if ( !empty($_POST['oldweight']) ) { $oldweight = $_POST['oldweight']; } |
||
165 | // if ( !empty($_POST['oldvisible']) ) { $oldvisible = $_POST['oldvisible']; } |
||
166 | if (Request::hasVar('bid', 'POST')) { |
||
167 | $bid = $_POST['bid']; |
||
168 | } else { |
||
169 | $bid = []; |
||
170 | } |
||
171 | // GIJ start |
||
172 | foreach (array_keys($bid) as $i) { |
||
173 | if ($side[$i] < 0) { |
||
174 | $visible[$i] = 0; |
||
175 | $side[$i] = -1; |
||
176 | } else { |
||
177 | $visible[$i] = 1; |
||
178 | } |
||
179 | |||
180 | $bmodule = (isset($_POST['bmodule'][$i]) |
||
181 | && is_array($_POST['bmodule'][$i])) ? $_POST['bmodule'][$i] : [-1]; |
||
182 | |||
183 | myblocksadmin_update_block($i, $side[$i], $_POST['weight'][$i], $visible[$i], $_POST['title'][$i], null, null, $_POST['bcachetime'][$i], $bmodule, []); |
||
184 | |||
185 | // if ( $oldweight[$i] != $weight[$i] || $oldvisible[$i] != $visible[$i] || $oldside[$i] != $side[$i] ) |
||
186 | // order_block($bid[$i], $weight[$i], $visible[$i], $side[$i]); |
||
187 | } |
||
188 | $query4redirect = '?dirname=' . urlencode(strip_tags(mb_substr($_POST['query4redirect'], 9))); |
||
189 | redirect_header("myblocksadmin.php$query4redirect", 1, _AM_DBUPDATED); |
||
190 | // GIJ end |
||
191 | } |
||
192 | |||
193 | if ('order2' === $op) { |
||
194 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||
195 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||
196 | } |
||
197 | |||
198 | if (Request::hasVar('addblock', 'POST') && is_array($_POST['addblock'])) { |
||
199 | // addblock |
||
200 | foreach ($_POST['addblock'] as $bid => $val) { |
||
201 | myblocksadmin_update_blockinstance(0, 0, 0, 0, '', null, null, 0, [], [], (int)$bid); |
||
202 | } |
||
203 | } else { |
||
204 | // else change order |
||
205 | if (Request::hasVar('side', 'POST')) { |
||
206 | $side = $_POST['side']; |
||
207 | } |
||
208 | if (Request::hasVar('visible', 'POST')) { |
||
209 | $visible = $_POST['visible']; |
||
210 | } |
||
211 | if (Request::hasVar('id', 'POST')) { |
||
212 | $id = $_POST['id']; |
||
213 | } else { |
||
214 | $id = []; |
||
215 | } |
||
216 | |||
217 | foreach (array_keys($id) as $i) { |
||
218 | // separate side and visible |
||
219 | if ($side[$i] < 0) { |
||
220 | $visible[$i] = 0; |
||
221 | $side[$i] = -1; // for not to destroy the original position |
||
222 | } else { |
||
223 | $visible[$i] = 1; |
||
224 | } |
||
225 | |||
226 | $bmodule = (isset($_POST['bmodule'][$i]) |
||
227 | && is_array($_POST['bmodule'][$i])) ? $_POST['bmodule'][$i] : [-1]; |
||
228 | |||
229 | myblocksadmin_update_blockinstance($i, $side[$i], $_POST['weight'][$i], $visible[$i], $_POST['title'][$i], null, null, $_POST['bcachetime'][$i], $bmodule, []); |
||
230 | } |
||
231 | } |
||
232 | |||
233 | $query4redirect = '?dirname=' . urlencode(strip_tags(mb_substr($_POST['query4redirect'], 9))); |
||
234 | redirect_header("myblocksadmin.php$query4redirect", 1, _MD_AM_DBUPDATED); |
||
235 | } |
||
236 | |||
237 | /* if ($op == 'save') { |
||
238 | if ( !admin_refcheck("/modules/$moduleDirName/admin/") ) { |
||
239 | exit('Invalid Referer'); |
||
240 | } |
||
241 | if ( ! $GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin']) ) { |
||
242 | redirect_header(XOOPS_URL.'/',3,$GLOBALS['xoopsSecurity']->getErrors()); |
||
243 | } |
||
244 | if ( !empty($_POST['bside']) ) { $bside = (int)($_POST['bside']); } else { $bside = 0; } |
||
245 | if ( !empty($_POST['bweight']) ) { $bweight = (int)($_POST['bweight']); } else { $bweight = 0; } |
||
246 | if ( !empty($_POST['bvisible']) ) { $bvisible = (int)($_POST['bvisible']); } else { $bvisible = 0; } |
||
247 | if ( !empty($_POST['bmodule']) ) { $bmodule = $_POST['bmodule']; } else { $bmodule = []; } |
||
248 | if ( !empty($_POST['btitle']) ) { $btitle = $_POST['btitle']; } else { $btitle = ""; } |
||
249 | if ( !empty($_POST['bcontent']) ) { $bcontent = $_POST['bcontent']; } else { $bcontent = ""; } |
||
250 | if ( !empty($_POST['bctype']) ) { $bctype = $_POST['bctype']; } else { $bctype = ""; } |
||
251 | if ( !empty($_POST['bcachetime']) ) { $bcachetime = (int)($_POST['bcachetime']); } else { $bcachetime = 0; } |
||
252 | save_block($bside, $bweight, $bvisible, $btitle, $bcontent, $bctype, $bmodule, $bcachetime); |
||
253 | exit(); |
||
254 | } */ |
||
255 | |||
256 | if ('update' === $op) { |
||
257 | //if ( !admin_refcheck("/modules/$moduleDirName/admin/") ) { |
||
258 | // exit('Invalid Referer'); |
||
259 | //} |
||
260 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||
261 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||
262 | } |
||
263 | /* if ( !empty($_POST['bside']) ) { $bside = (int)($_POST['bside']); } else { $bside = 0; } |
||
264 | if ( !empty($_POST['bweight']) ) { $bweight = (int)($_POST['bweight']); } else { $bweight = 0; } |
||
265 | if ( !empty($_POST['bvisible']) ) { $bvisible = (int)($_POST['bvisible']); } else { $bvisible = 0; } |
||
266 | if ( !empty($_POST['btitle']) ) { $btitle = $_POST['btitle']; } else { $btitle = ""; } |
||
267 | if ( !empty($_POST['bcontent']) ) { $bcontent = $_POST['bcontent']; } else { $bcontent = ""; } |
||
268 | if ( !empty($_POST['bctype']) ) { $bctype = $_POST['bctype']; } else { $bctype = ""; } |
||
269 | if ( !empty($_POST['bcachetime']) ) { $bcachetime = (int)($_POST['bcachetime']); } else { $bcachetime = 0; } |
||
270 | if ( !empty($_POST['bmodule']) ) { $bmodule = $_POST['bmodule']; } else { $bmodule = []; } |
||
271 | if ( !empty($_POST['options']) ) { $options = $_POST['options']; } else { $options = []; } |
||
272 | update_block($bid, $bside, $bweight, $bvisible, $btitle, $bcontent, $bctype, $bcachetime, $bmodule, $options);*/ |
||
273 | |||
274 | $bcachetime = Request::getInt('bcachetime', 0, 'POST'); |
||
275 | $options = $_POST['options'] ?? []; |
||
276 | $bcontent = Request::getString('bcontent', '', 'POST'); |
||
277 | $bctype = Request::getString('bctype', '', 'POST'); |
||
278 | $bmodule = (isset($_POST['bmodule']) && is_array($_POST['bmodule'])) ? $_POST['bmodule'] : [-1]; // GIJ + |
||
279 | $msg = myblocksadmin_update_block($_POST['bid'], $_POST['bside'], $_POST['bweight'], $_POST['bvisible'], $_POST['btitle'], $bcontent, $bctype, $bcachetime, $bmodule, $options); // GIJ ! |
||
280 | redirect_header('myblocksadmin.php', 1, $msg); |
||
281 | } |
||
282 | |||
283 | if ('delete_ok' === $op) { |
||
284 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||
285 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||
286 | } |
||
287 | // delete_block_ok($bid); GIJ imported from blocksadmin.php |
||
288 | $myblock = new \XoopsBlock($bid); |
||
289 | if ('D' !== $myblock->getVar('block_type') && 'C' !== $myblock->getVar('block_type')) { |
||
290 | redirect_header('myblocksadmin.php', 4, 'Invalid block'); |
||
291 | } |
||
292 | $myblock->delete(); |
||
293 | if ('' != $myblock->getVar('template') && !defined('XOOPS_ORETEKI')) { |
||
294 | /** @var \XoopsTplfileHandler $tplfileHandler */ |
||
295 | $tplfileHandler = xoops_getHandler('tplfile'); |
||
296 | $btemplate = $tplfileHandler->find($GLOBALS['xoopsConfig']['template_set'], 'block', $bid); |
||
297 | if (count($btemplate) > 0) { |
||
298 | $tplman->delete($btemplate[0]); |
||
299 | } |
||
300 | } |
||
301 | redirect_header('myblocksadmin.php', 1, _AM_DBUPDATED); |
||
302 | // end of delete_block_ok() GIJ |
||
303 | } |
||
304 | |||
305 | if ('delete' === $op) { |
||
306 | xoops_cp_header(); |
||
307 | // delete_block($bid); GIJ imported from blocksadmin.php |
||
308 | $myblock = new \XoopsBlock($bid); |
||
309 | if ('S' === $myblock->getVar('block_type')) { |
||
310 | $message = _AM_SYSTEMCANT; |
||
311 | redirect_header('admin.php?fct=blocksadmin', 4, $message); |
||
312 | } elseif ('M' === $myblock->getVar('block_type')) { |
||
313 | $message = _AM_MODULECANT; |
||
314 | redirect_header('admin.php?fct=blocksadmin', 4, $message); |
||
315 | } else { |
||
316 | //xoops_confirm(['fct' => 'blocksadmin', 'op' => 'delete_ok', 'bid' => $myblock->getVar('bid')] + $xoopsGTicket->getTicketArray(__LINE__, 1800, 'myblocksadmin'), 'admin.php', sprintf(_AM_RUSUREDEL, $myblock->getVar('title'))); |
||
317 | xoops_confirm(['fct' => 'blocksadmin', 'op' => 'delete_ok', 'bid' => $myblock->getVar('bid')], 'admin.php', sprintf(_AM_RUSUREDEL, $myblock->getVar('title'))); |
||
318 | } |
||
319 | // end of delete_block() GIJ |
||
320 | xoops_cp_footer(); |
||
321 | exit(); |
||
322 | } |
||
323 | |||
324 | if ('edit' === $op) { |
||
325 | xoops_cp_header(); |
||
326 | // edit_block($bid); GIJ imported from blocksadmin.php |
||
327 | $myblock = new \XoopsBlock($bid); |
||
328 | |||
329 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||
330 | $sql = 'SELECT module_id FROM ' . $db->prefix('block_module_link') . ' WHERE block_id=' . (int)$bid; |
||
331 | $result = $db->query($sql); |
||
332 | $modules = []; |
||
333 | while (false !== ($row = $db->fetchArray($result))) { |
||
334 | $modules[] = (int)$row['module_id']; |
||
335 | } |
||
336 | $is_custom = 'C' === $myblock->getVar('block_type') || 'E' === $myblock->getVar('block_type'); |
||
337 | $block = [ |
||
338 | 'form_title' => _AM_EDITBLOCK, |
||
339 | 'name' => $myblock->getVar('name'), |
||
340 | 'side' => $myblock->getVar('side'), |
||
341 | 'weight' => $myblock->getVar('weight'), |
||
342 | 'visible' => $myblock->getVar('visible'), |
||
343 | 'title' => $myblock->getVar('title', 'E'), |
||
344 | 'content' => $myblock->getVar('content', 'n'), |
||
345 | 'modules' => $modules, |
||
346 | 'is_custom' => $is_custom, |
||
347 | 'ctype' => $myblock->getVar('c_type'), |
||
348 | 'cachetime' => $myblock->getVar('bcachetime'), |
||
349 | 'op' => 'update', |
||
350 | 'bid' => $myblock->getVar('bid'), |
||
351 | 'edit_form' => $myblock->getOptions(), |
||
352 | 'template' => $myblock->getVar('template'), |
||
353 | 'options' => $myblock->getVar('options'), |
||
354 | 'submit_button' => _SUBMIT, |
||
355 | ]; |
||
356 | |||
357 | echo '<a href="myblocksadmin.php">' . constant('CO_' . $moduleDirNameUpper . '_' . 'BADMIN') . '</a> <span style="font-weight:bold;">»»</span> ' . _AM_EDITBLOCK . '<br><br>'; |
||
358 | require \dirname(__DIR__) . '/admin/myblockform.php'; //GIJ |
||
359 | // $xoopsGTicket->addTicketXoopsFormElement($form, __LINE__, 1800, 'myblocksadmin'); //GIJ |
||
360 | $form->display(); |
||
361 | // end of edit_block() GIJ |
||
362 | xoops_cp_footer(); |
||
363 | exit(); |
||
364 | } |
||
365 | |||
366 | if ('clone' === $op) { |
||
367 | xoops_cp_header(); |
||
368 | $myblock = new \XoopsBlock($bid); |
||
369 | |||
370 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||
371 | $sql = 'SELECT module_id FROM ' . $db->prefix('block_module_link') . ' WHERE block_id=' . (int)$bid; |
||
372 | $result = $db->query($sql); |
||
373 | $modules = []; |
||
374 | while (false !== ($row = $db->fetchArray($result))) { |
||
375 | $modules[] = (int)$row['module_id']; |
||
376 | } |
||
377 | $is_custom = 'C' === $myblock->getVar('block_type') || 'E' === $myblock->getVar('block_type'); |
||
378 | $block = [ |
||
379 | 'form_title' => _AM_CLONEBLOCK, |
||
380 | 'name' => $myblock->getVar('name'), |
||
381 | 'side' => $myblock->getVar('side'), |
||
382 | 'weight' => $myblock->getVar('weight'), |
||
383 | 'visible' => $myblock->getVar('visible'), |
||
384 | 'content' => $myblock->getVar('content', 'N'), |
||
385 | 'title' => $myblock->getVar('title', 'E'), |
||
386 | 'modules' => $modules, |
||
387 | 'is_custom' => $is_custom, |
||
388 | 'ctype' => $myblock->getVar('c_type'), |
||
389 | 'cachetime' => $myblock->getVar('bcachetime'), |
||
390 | 'op' => 'clone_ok', |
||
391 | 'bid' => $myblock->getVar('bid'), |
||
392 | 'edit_form' => $myblock->getOptions(), |
||
393 | 'template' => $myblock->getVar('template'), |
||
394 | 'options' => $myblock->getVar('options'), |
||
395 | 'submit_button' => _CLONE, |
||
396 | ]; |
||
397 | echo '<a href="myblocksadmin.php">' . _AM_SYSTEM_BLOCKS_ADMIN . '</a> <span style="font-weight:bold;">»»</span> ' . _AM_SYSTEM_BLOCKS_CLONEBLOCK . '<br><br>'; |
||
398 | require \dirname(__DIR__) . '/admin/myblockform.php'; |
||
399 | // $xoopsGTicket->addTicketXoopsFormElement($form, __LINE__, 1800, 'myblocksadmin'); //GIJ |
||
400 | $form->display(); |
||
401 | xoops_cp_footer(); |
||
402 | exit(); |
||
403 | } |
||
404 | |||
405 | if ('clone_ok' === $op) { |
||
406 | // Ticket Check |
||
407 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||
408 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||
409 | } |
||
410 | |||
411 | $block = new \XoopsBlock($bid); |
||
412 | |||
413 | // block type check |
||
414 | $block_type = $block->getVar('block_type'); |
||
415 | if ('C' !== $block_type && 'M' !== $block_type && 'D' !== $block_type) { |
||
416 | redirect_header('myblocksadmin.php', 4, 'Invalid block'); |
||
417 | } |
||
418 | |||
419 | if (empty($_POST['options'])) { |
||
420 | $options = []; |
||
421 | } elseif (is_array($_POST['options'])) { |
||
422 | $options = $_POST['options']; |
||
423 | } else { |
||
424 | $options = explode('|', $_POST['options']); |
||
425 | } |
||
426 | |||
427 | // for backward compatibility |
||
428 | // $cblock =& $block->clone(); or $cblock =& $block->xoopsClone(); |
||
429 | $cblock = new \XoopsBlock(); |
||
430 | foreach ($block->vars as $k => $v) { |
||
431 | $cblock->assignVar($k, $v['value']); |
||
432 | } |
||
433 | $cblock->setNew(); |
||
434 | |||
435 | $myts = \MyTextSanitizer::getInstance(); |
||
436 | $cblock->setVar('side', $_POST['bside']); |
||
437 | $cblock->setVar('weight', $_POST['bweight']); |
||
438 | $cblock->setVar('visible', $_POST['bvisible']); |
||
439 | $cblock->setVar('title', $_POST['btitle']); |
||
440 | $cblock->setVar('content', @$_POST['bcontent']); |
||
441 | $cblock->setVar('c_type', @$_POST['bctype']); |
||
442 | $cblock->setVar('bcachetime', $_POST['bcachetime']); |
||
443 | if (isset($options) && (count($options) > 0)) { |
||
444 | $options = implode('|', $options); |
||
445 | $cblock->setVar('options', $options); |
||
446 | } |
||
447 | $cblock->setVar('bid', 0); |
||
448 | $cblock->setVar('block_type', 'C' === $block_type ? 'C' : 'D'); |
||
449 | $cblock->setVar('func_num', 255); |
||
450 | $newid = $cblock->store(); |
||
451 | if (!$newid) { |
||
452 | xoops_cp_header(); |
||
453 | $cblock->getHtmlErrors(); |
||
454 | xoops_cp_footer(); |
||
455 | exit(); |
||
456 | } |
||
457 | /* if ($cblock->getVar('template') != '') { |
||
458 | $tplfileHandler = xoops_getHandler('tplfile'); |
||
459 | $btemplate = $tplfileHandler->find($GLOBALS['xoopsConfig']['template_set'], 'block', $bid); |
||
460 | if (count($btemplate) > 0) { |
||
461 | $tplclone =& $btemplate[0]->clone(); |
||
462 | $tplclone->setVar('tpl_id', 0); |
||
463 | $tplclone->setVar('tpl_refid', $newid); |
||
464 | $tplman->insert($tplclone); |
||
465 | } |
||
466 | } */ |
||
467 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||
468 | $bmodule = (isset($_POST['bmodule']) && is_array($_POST['bmodule'])) ? $_POST['bmodule'] : [-1]; // GIJ + |
||
469 | foreach ($bmodule as $bmid) { |
||
470 | $sql = 'INSERT INTO ' . $db->prefix('block_module_link') . ' (block_id, module_id) VALUES (' . $newid . ', ' . $bmid . ')'; |
||
471 | $db->query($sql); |
||
472 | } |
||
473 | |||
474 | /* global $xoopsUser; |
||
475 | $groups =& $xoopsUser->getGroups(); |
||
476 | $count = count($groups); |
||
477 | for ($i = 0; $i < $count; ++$i) { |
||
478 | $sql = "INSERT INTO ".$db->prefix('group_permission')." (gperm_groupid, gperm_itemid, gperm_modid, gperm_name) VALUES (".$groups[$i].", ".$newid.", 1, 'block_read')"; |
||
479 | $db->query($sql); |
||
480 | } |
||
481 | */ |
||
482 | |||
483 | $sql = 'SELECT gperm_groupid FROM ' . $db->prefix('group_permission') . " WHERE gperm_name='block_read' AND gperm_modid='1' AND gperm_itemid='$bid'"; |
||
484 | $result = $db->query($sql); |
||
485 | while (list($gid) = $db->fetchRow($result)) { |
||
486 | $sql = 'INSERT INTO ' . $db->prefix('group_permission') . " (gperm_groupid, gperm_itemid, gperm_modid, gperm_name) VALUES ($gid, $newid, 1, 'block_read')"; |
||
487 | $db->query($sql); |
||
488 | } |
||
489 | |||
490 | redirect_header('myblocksadmin.php', 1, _AM_DBUPDATED); |
||
491 | } |
||
492 | |||
493 | // import from modules/system/admin/blocksadmin/blocksadmin.php |
||
494 | /** |
||
495 | * @param $bid |
||
496 | * @param $bside |
||
497 | * @param $bweight |
||
498 | * @param $bvisible |
||
499 | * @param $btitle |
||
500 | * @param $bcontent |
||
501 | * @param $bctype |
||
502 | * @param $bcachetime |
||
503 | * @param $bmodule |
||
504 | * @param array $options |
||
505 | * @return string |
||
506 | */ |
||
507 | function myblocksadmin_update_block( |
||
508 | $bid, |
||
509 | $bside, |
||
510 | $bweight, |
||
511 | $bvisible, |
||
512 | $btitle, |
||
513 | $bcontent, |
||
514 | $bctype, |
||
515 | $bcachetime, |
||
516 | $bmodule, |
||
517 | $options = [] |
||
518 | ) { |
||
519 | global $xoopsConfig; |
||
520 | /* if (empty($bmodule)) { |
||
521 | xoops_cp_header(); |
||
522 | xoops_error(sprintf(_AM_NOTSELNG, _AM_VISIBLEIN)); |
||
523 | xoops_cp_footer(); |
||
524 | exit(); |
||
525 | } */ |
||
526 | $myblock = new \XoopsBlock($bid); |
||
527 | // $myblock->setVar('side', $bside); GIJ - |
||
528 | if ($bside >= 0) { |
||
529 | $myblock->setVar('side', $bside); |
||
530 | } // GIJ + |
||
531 | $myblock->setVar('weight', $bweight); |
||
532 | $myblock->setVar('visible', $bvisible); |
||
533 | $myblock->setVar('title', $btitle); |
||
534 | if (isset($bcontent)) { |
||
535 | $myblock->setVar('content', $bcontent); |
||
536 | } |
||
537 | if (isset($bctype)) { |
||
538 | $myblock->setVar('c_type', $bctype); |
||
539 | } |
||
540 | $myblock->setVar('bcachetime', $bcachetime); |
||
541 | if (isset($options) && (count($options) > 0)) { |
||
542 | $options = implode('|', $options); |
||
543 | $myblock->setVar('options', $options); |
||
544 | } |
||
545 | if ('C' === $myblock->getVar('block_type')) { |
||
546 | switch ($myblock->getVar('c_type')) { |
||
547 | case 'H': |
||
548 | $name = _AM_CUSTOMHTML; |
||
549 | break; |
||
550 | case 'P': |
||
551 | $name = _AM_CUSTOMPHP; |
||
552 | break; |
||
553 | case 'S': |
||
554 | $name = _AM_CUSTOMSMILE; |
||
555 | break; |
||
556 | default: |
||
557 | $name = _AM_CUSTOMNOSMILE; |
||
558 | break; |
||
559 | } |
||
560 | $myblock->setVar('name', $name); |
||
561 | } |
||
562 | $msg = _AM_DBUPDATED; |
||
563 | if (false !== $myblock->store()) { |
||
564 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||
565 | $sql = sprintf('DELETE FROM `%s` WHERE block_id = %u', $db->prefix('block_module_link'), $bid); |
||
566 | $db->query($sql); |
||
567 | foreach ($bmodule as $bmid) { |
||
568 | $sql = sprintf('INSERT INTO `%s` (block_id, module_id) VALUES (%u, %d)', $db->prefix('block_module_link'), $bid, (int)$bmid); |
||
569 | $db->query($sql); |
||
570 | } |
||
571 | require_once XOOPS_ROOT_PATH . '/class/template.php'; |
||
572 | $xoopsTpl = new \XoopsTpl(); |
||
573 | $xoopsTpl->caching = 2; |
||
574 | if ('' != $myblock->getVar('template')) { |
||
575 | if ($xoopsTpl->is_cached('db:' . $myblock->getVar('template'))) { |
||
576 | if (!$xoopsTpl->clear_cache('db:' . $myblock->getVar('template'))) { |
||
577 | $msg = 'Unable to clear cache for block ID' . $bid; |
||
578 | } |
||
579 | } |
||
580 | } else { |
||
581 | if ($xoopsTpl->is_cached('db:system_dummy.tpl', 'block' . $bid)) { |
||
582 | if (!$xoopsTpl->clear_cache('db:system_dummy.tpl', 'block' . $bid)) { |
||
583 | $msg = 'Unable to clear cache for block ID' . $bid; |
||
584 | } |
||
585 | } |
||
586 | } |
||
587 | } else { |
||
588 | $msg = 'Failed update of block. ID:' . $bid; |
||
589 | } |
||
590 | // redirect_header('admin.php?fct=blocksadmin&t='.time(),1,$msg); |
||
591 | // exit(); GIJ - |
||
592 | return $msg; // GIJ + |
||
593 | } |
||
594 | |||
595 | // update block instance for 2.2 |
||
596 | /** |
||
597 | * @param $id |
||
598 | * @param $bside |
||
599 | * @param $bweight |
||
600 | * @param $bvisible |
||
601 | * @param $btitle |
||
602 | * @param $bcontent |
||
603 | * @param $bctype |
||
604 | * @param $bcachetime |
||
605 | * @param $bmodule |
||
606 | * @param array $options |
||
607 | * @param null $bid |
||
0 ignored issues
–
show
Documentation
Bug
introduced
by
Loading history...
|
|||
608 | * @return string |
||
609 | */ |
||
610 | function myblocksadmin_update_blockinstance( |
||
611 | $id, |
||
612 | $bside, |
||
613 | $bweight, |
||
614 | $bvisible, |
||
615 | $btitle, |
||
616 | $bcontent, |
||
617 | $bctype, |
||
618 | $bcachetime, |
||
619 | $bmodule, |
||
620 | $options = [], |
||
621 | $bid = null |
||
622 | ) { |
||
623 | global $xoopsDB; |
||
624 | |||
625 | $instanceHandler = xoops_getHandler('blockinstance'); |
||
626 | $blockHandler = xoops_getHandler('block'); |
||
627 | if ($id > 0) { |
||
628 | // update |
||
629 | $instance = $instanceHandler->get($id); |
||
630 | if ($bside >= 0) { |
||
631 | $instance->setVar('side', $bside); |
||
632 | } |
||
633 | if (!empty($options)) { |
||
634 | $instance->setVar('options', $options); |
||
635 | } |
||
636 | } else { |
||
637 | // insert |
||
638 | $instance = $instanceHandler->create(); |
||
639 | $instance->setVar('bid', $bid); |
||
640 | $instance->setVar('side', $bside); |
||
641 | $block = $blockHandler->get($bid); |
||
642 | $instance->setVar('options', $block->getVar('options')); |
||
643 | if (empty($btitle)) { |
||
644 | $btitle = $block->getVar('name'); |
||
645 | } |
||
646 | } |
||
647 | $instance->setVar('weight', $bweight); |
||
648 | $instance->setVar('visible', $bvisible); |
||
649 | $instance->setVar('title', $btitle); |
||
650 | // if( isset( $bcontent ) ) $instance->setVar('content', $bcontent); |
||
651 | // if( isset( $bctype ) ) $instance->setVar('c_type', $bctype); |
||
652 | $instance->setVar('bcachetime', $bcachetime); |
||
653 | |||
654 | if ($instanceHandler->insert($instance)) { |
||
655 | $GLOBALS['xoopsDB']->query('DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('block_module_link') . ' WHERE block_id=' . $instance->getVar('instanceid')); |
||
656 | foreach ($bmodule as $mid) { |
||
657 | $page = explode('-', $mid); |
||
658 | $mid = $page[0]; |
||
659 | $pageid = $page[1]; |
||
660 | $GLOBALS['xoopsDB']->query('INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('block_module_link') . ' VALUES (' . $instance->getVar('instanceid') . ', ' . (int)$mid . ', ' . (int)$pageid . ')'); |
||
661 | } |
||
662 | |||
663 | return _MD_AM_DBUPDATED; |
||
664 | } |
||
665 | |||
666 | return 'Failed update of block instance. ID:' . $id; |
||
667 | } |
||
668 | |||
669 | // TODO edit2, delete2, customblocks |
||
670 |