thorsten /
phpMyFAQ
@@ -59,7 +59,7 @@ |
||
| 59 | 59 | <iframe id="keepPMFSessionAlive" src="session.keepalive.php?lang=<?= $LANGCODE ?>" width="0" height="0" |
| 60 | 60 | style="display: none;"></iframe> |
| 61 | 61 | <?php |
| 62 | - if (isset($auth) && (('takequestion' == $action) || ('editentry' == $action) || ('editpreview' == $action) || |
|
| 62 | + if (isset($auth) && (('takequestion' == $action) || ('editentry' == $action) || ('editpreview' == $action) || |
|
| 63 | 63 | ('addnews' == $action) || ('editnews' == $action) || ('copyentry' == $action))) { |
| 64 | 64 | if ($faqConfig->get('main.enableWysiwygEditor') == true) { |
| 65 | 65 | ?> |
@@ -224,12 +224,15 @@ |
||
| 224 | 224 | action: 'ajax', |
| 225 | 225 | ajax: 'recordAdd' |
| 226 | 226 | }; |
| 227 | - <?php else: ?> |
|
| 227 | + <?php else { |
|
| 228 | + : ?> |
|
| 228 | 229 | var data = { |
| 229 | 230 | action: 'ajax', |
| 230 | 231 | ajax: 'recordSave' |
| 231 | 232 | }; |
| 232 | - <?php endif; ?> |
|
| 233 | + <?php endif; |
|
| 234 | +} |
|
| 235 | +?> |
|
| 233 | 236 | |
| 234 | 237 | $.each($('#faqEditor').serializeArray(), function (i, field) { |
| 235 | 238 | data[field.name] = field.value; |
@@ -104,8 +104,8 @@ discard block |
||
| 104 | 104 | echo Language::languageOptions( |
| 105 | 105 | str_replace( |
| 106 | 106 | array( |
| 107 | - 'language_', |
|
| 108 | - '.php', |
|
| 107 | + 'language_', |
|
| 108 | + '.php', |
|
| 109 | 109 | ), |
| 110 | 110 | '', |
| 111 | 111 | $faqConfig->get('main.language') |
@@ -116,7 +116,7 @@ discard block |
||
| 116 | 116 | } else { |
| 117 | 117 | echo '<option value="language_en.php">English</option>'; |
| 118 | 118 | } |
| 119 | - break; |
|
| 119 | + break; |
|
| 120 | 120 | |
| 121 | 121 | case 'records.orderby': |
| 122 | 122 | echo Configuration::sortingOptions($faqConfig->get($key)); |
@@ -65,7 +65,7 @@ discard block |
||
| 65 | 65 | $groupAction = $defaultGroupAction; |
| 66 | 66 | } |
| 67 | 67 | |
| 68 | -if (!in_array($groupAction, $groupActionList)){ |
|
| 68 | +if (!in_array($groupAction, $groupActionList)) { |
|
| 69 | 69 | // @Todo: implement Error message |
| 70 | 70 | } |
| 71 | 71 | |
@@ -85,7 +85,7 @@ discard block |
||
| 85 | 85 | $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_msg_mysqlerr']); |
| 86 | 86 | } |
| 87 | 87 | foreach ($groupMembers as $memberId) { |
| 88 | - $perm->addToGroup((int) $memberId, $groupId); |
|
| 88 | + $perm->addToGroup((int)$memberId, $groupId); |
|
| 89 | 89 | } |
| 90 | 90 | $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', |
| 91 | 91 | $PMF_LANG['ad_msg_savedsuc_1'], |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_msg_mysqlerr']); |
| 110 | 110 | } |
| 111 | 111 | foreach ($groupRights as $rightId) { |
| 112 | - $perm->grantGroupRight($groupId, (int) $rightId); |
|
| 112 | + $perm->grantGroupRight($groupId, (int)$rightId); |
|
| 113 | 113 | } |
| 114 | 114 | $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', |
| 115 | 115 | $PMF_LANG['ad_msg_savedsuc_1'], |
@@ -153,11 +153,11 @@ |
||
| 153 | 153 | (response) => { |
| 154 | 154 | if (response === 1) { |
| 155 | 155 | $('#ajaxresponse').html('<?php printf('<p class="alert alert-success">%s</p>', |
| 156 | - $PMF_LANG['ad_search_delsuc']) ?>'); |
|
| 156 | + $PMF_LANG['ad_search_delsuc']) ?>'); |
|
| 157 | 157 | $('.row_search_id_' + searchId).fadeOut('slow'); |
| 158 | 158 | } else { |
| 159 | 159 | $('#ajaxresponse').html('<?php printf('<p class="alert alert-danger">%s</p>', |
| 160 | - $PMF_LANG['ad_search_delfail']) ?>'); |
|
| 160 | + $PMF_LANG['ad_search_delfail']) ?>'); |
|
| 161 | 161 | } |
| 162 | 162 | }); |
| 163 | 163 | } |
@@ -66,10 +66,10 @@ discard block |
||
| 66 | 66 | $searchesList = $search->getMostPopularSearches($searchesCount + 1, true); |
| 67 | 67 | |
| 68 | 68 | if (is_null($pages)) { |
| 69 | - $pages = round((count($searchesList) + ($perPage / 3)) / $perPage, 0); |
|
| 69 | + $pages = round((count($searchesList) + ($perPage/3))/$perPage, 0); |
|
| 70 | 70 | } |
| 71 | 71 | |
| 72 | - $start = ($page - 1) * $perPage; |
|
| 72 | + $start = ($page - 1)*$perPage; |
|
| 73 | 73 | $end = $start + $perPage; |
| 74 | 74 | |
| 75 | 75 | $baseUrl = sprintf( |
@@ -120,7 +120,7 @@ discard block |
||
| 120 | 120 | } |
| 121 | 121 | ++$displayedCounter; |
| 122 | 122 | |
| 123 | - $num = round(($searchItem['number'] * 100 / $searchesCount), 2); |
|
| 123 | + $num = round(($searchItem['number']*100/$searchesCount), 2); |
|
| 124 | 124 | ?> |
| 125 | 125 | <tr class="row_search_id_<?= $searchItem['id'] ?>"> |
| 126 | 126 | <td><?= Strings::htmlspecialchars($searchItem['searchterm']) ?></td> |
@@ -58,7 +58,7 @@ discard block |
||
| 58 | 58 | $secLevelEntries .= $adminHelper->addMenuEntry('addgroup+editgroup+delgroup', 'group', 'ad_menu_group_administration', $action); |
| 59 | 59 | } |
| 60 | 60 | if ($faqConfig->get('security.permLevel') == 'large') { |
| 61 | - $secLevelEntries .= $adminHelper->addMenuEntry('add_section+edit_section+del_section', 'section', 'ad_menu_section_administration', $action); |
|
| 61 | + $secLevelEntries .= $adminHelper->addMenuEntry('add_section+edit_section+del_section', 'section', 'ad_menu_section_administration', $action); |
|
| 62 | 62 | } |
| 63 | 63 | if (!$faqConfig->get('ldap.ldapSupport')) { |
| 64 | 64 | $secLevelEntries .= $adminHelper->addMenuEntry('passwd', 'passwd', 'ad_menu_passwd', $action); |
@@ -230,13 +230,13 @@ discard block |
||
| 230 | 230 | <li class="nav-item dropdown"> |
| 231 | 231 | <a class="nav-link dropdown-toggle" href="#" id="pmf-admin-dropdown" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> |
| 232 | 232 | <?php |
| 233 | - if ($faqConfig->get('main.enableGravatarSupport')) { |
|
| 234 | - $avatar = new Gravatar($faqConfig); |
|
| 235 | - echo $avatar->getImage($user->getUserData('email'), ['size' => 24, 'class' => 'rounded-circle']); |
|
| 236 | - } else { |
|
| 237 | - echo '<i aria-hidden="true" class="fas fa-user"></i>'; |
|
| 238 | - } |
|
| 239 | - ?> |
|
| 233 | + if ($faqConfig->get('main.enableGravatarSupport')) { |
|
| 234 | + $avatar = new Gravatar($faqConfig); |
|
| 235 | + echo $avatar->getImage($user->getUserData('email'), ['size' => 24, 'class' => 'rounded-circle']); |
|
| 236 | + } else { |
|
| 237 | + echo '<i aria-hidden="true" class="fas fa-user"></i>'; |
|
| 238 | + } |
|
| 239 | + ?> |
|
| 240 | 240 | <span title="<?= $PMF_LANG['ad_user_loggedin'].$user->getLogin(); ?>"> |
| 241 | 241 | <?= $user->getUserData('display_name'); ?> |
| 242 | 242 | </span> |
@@ -107,10 +107,10 @@ |
||
| 107 | 107 | <div class="col-lg-4"> |
| 108 | 108 | <ul class="list-unstyled"> |
| 109 | 109 | <?php |
| 110 | - foreach ($category->getCategoryLanguagesTranslated($id) as $language => $description) { |
|
| 111 | - echo '<input type="text" readonly class="form-control-plaintext" id="staticEmail" value="' . $language . ': ' . $description . '">'; |
|
| 112 | - } |
|
| 113 | - ?> |
|
| 110 | + foreach ($category->getCategoryLanguagesTranslated($id) as $language => $description) { |
|
| 111 | + echo '<input type="text" readonly class="form-control-plaintext" id="staticEmail" value="' . $language . ': ' . $description . '">'; |
|
| 112 | + } |
|
| 113 | + ?> |
|
| 114 | 114 | </ul> |
| 115 | 115 | </div> |
| 116 | 116 | </div> |
@@ -108,7 +108,7 @@ |
||
| 108 | 108 | <ul class="list-unstyled"> |
| 109 | 109 | <?php |
| 110 | 110 | foreach ($category->getCategoryLanguagesTranslated($id) as $language => $description) { |
| 111 | - echo '<input type="text" readonly class="form-control-plaintext" id="staticEmail" value="' . $language . ': ' . $description . '">'; |
|
| 111 | + echo '<input type="text" readonly class="form-control-plaintext" id="staticEmail" value="'.$language.': '.$description.'">'; |
|
| 112 | 112 | } |
| 113 | 113 | ?> |
| 114 | 114 | </ul> |
@@ -64,9 +64,12 @@ |
||
| 64 | 64 | <input type="hidden" name="showcat" value="<?= $showcat ?>"> |
| 65 | 65 | <?php if ($faqConfig->get('security.permLevel') !== 'basic'): ?> |
| 66 | 66 | <input type="hidden" name="restricted_groups[]" value="<?= $groupPermission[0] ?>"> |
| 67 | - <?php else: ?> |
|
| 67 | + <?php else { |
|
| 68 | + : ?> |
|
| 68 | 69 | <input type="hidden" name="restricted_groups[]" value="-1"> |
| 69 | - <?php endif; ?> |
|
| 70 | + <?php endif; |
|
| 71 | +} |
|
| 72 | +?> |
|
| 70 | 73 | <input type="hidden" name="restricted_users" value="<?= $userPermission[0] ?>"> |
| 71 | 74 | <input type="hidden" name="csrf" value="<?= $user->getCsrfTokenFromSession() ?>"> |
| 72 | 75 | |
@@ -69,71 +69,71 @@ discard block |
||
| 69 | 69 | |
| 70 | 70 | // update section members |
| 71 | 71 | if ($sectionAction == 'update_members' && $user->perm->checkRight($user->getUserId(), 'edit_section')) { |
| 72 | - $message = ''; |
|
| 73 | - $sectionAction = $defaultSectionAction; |
|
| 74 | - $sectionId = Filter::filterInput(INPUT_POST, 'section_id', FILTER_VALIDATE_INT, 0); |
|
| 75 | - $sectionMembers = isset($_POST['section_members']) ? $_POST['section_members'] : []; |
|
| 76 | - |
|
| 77 | - if ($sectionId == 0) { |
|
| 78 | - $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']); |
|
| 79 | - } else { |
|
| 80 | - $user = new User($faqConfig); |
|
| 81 | - $perm = $user->perm; |
|
| 82 | - if (!$perm->removeAllGroupsFromSection($sectionId)) { |
|
| 83 | - $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_msg_mysqlerr']); |
|
| 84 | - } |
|
| 85 | - foreach ($sectionMembers as $memberId) { |
|
| 86 | - $perm->addGroupToSection((int) $memberId, $sectionId); |
|
| 87 | - } |
|
| 88 | - $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', |
|
| 89 | - $PMF_LANG['ad_msg_savedsuc_1'], |
|
| 90 | - $perm->getSectionName($sectionId), |
|
| 91 | - $PMF_LANG['ad_msg_savedsuc_2']); |
|
| 92 | - } |
|
| 72 | + $message = ''; |
|
| 73 | + $sectionAction = $defaultSectionAction; |
|
| 74 | + $sectionId = Filter::filterInput(INPUT_POST, 'section_id', FILTER_VALIDATE_INT, 0); |
|
| 75 | + $sectionMembers = isset($_POST['section_members']) ? $_POST['section_members'] : []; |
|
| 76 | + |
|
| 77 | + if ($sectionId == 0) { |
|
| 78 | + $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']); |
|
| 79 | + } else { |
|
| 80 | + $user = new User($faqConfig); |
|
| 81 | + $perm = $user->perm; |
|
| 82 | + if (!$perm->removeAllGroupsFromSection($sectionId)) { |
|
| 83 | + $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_msg_mysqlerr']); |
|
| 84 | + } |
|
| 85 | + foreach ($sectionMembers as $memberId) { |
|
| 86 | + $perm->addGroupToSection((int) $memberId, $sectionId); |
|
| 87 | + } |
|
| 88 | + $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', |
|
| 89 | + $PMF_LANG['ad_msg_savedsuc_1'], |
|
| 90 | + $perm->getSectionName($sectionId), |
|
| 91 | + $PMF_LANG['ad_msg_savedsuc_2']); |
|
| 92 | + } |
|
| 93 | 93 | } |
| 94 | 94 | |
| 95 | 95 | // update section data |
| 96 | 96 | if ($sectionAction == 'update_data' && $user->perm->checkRight($user->getUserId(), 'edit_section')) { |
| 97 | - $message = ''; |
|
| 98 | - $sectionAction = $defaultSectionAction; |
|
| 99 | - $sectionId = Filter::filterInput(INPUT_POST, 'section_id', FILTER_VALIDATE_INT, 0); |
|
| 100 | - if ($sectionId == 0) { |
|
| 101 | - $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']); |
|
| 102 | - } else { |
|
| 103 | - $sectionData = []; |
|
| 104 | - $dataFields = ['name', 'description']; |
|
| 105 | - foreach ($dataFields as $field) { |
|
| 106 | - $sectionData[$field] = Filter::filterInput(INPUT_POST, $field, FILTER_SANITIZE_STRING, ''); |
|
| 107 | - } |
|
| 108 | - $user = new User($faqConfig); |
|
| 109 | - $perm = $user->perm; |
|
| 110 | - if (!$perm->changeSection($sectionId, $sectionData)) { |
|
| 111 | - $message .= sprintf( |
|
| 112 | - '<p class="alert alert-danger">%s<br>%s</p>', |
|
| 113 | - $PMF_LANG['ad_msg_mysqlerr'], |
|
| 114 | - $db->error() |
|
| 115 | - ); |
|
| 116 | - } else { |
|
| 117 | - $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', |
|
| 118 | - $PMF_LANG['ad_msg_savedsuc_1'], |
|
| 119 | - $perm->getSectionName($sectionId), |
|
| 120 | - $PMF_LANG['ad_msg_savedsuc_2']); |
|
| 121 | - } |
|
| 122 | - } |
|
| 97 | + $message = ''; |
|
| 98 | + $sectionAction = $defaultSectionAction; |
|
| 99 | + $sectionId = Filter::filterInput(INPUT_POST, 'section_id', FILTER_VALIDATE_INT, 0); |
|
| 100 | + if ($sectionId == 0) { |
|
| 101 | + $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']); |
|
| 102 | + } else { |
|
| 103 | + $sectionData = []; |
|
| 104 | + $dataFields = ['name', 'description']; |
|
| 105 | + foreach ($dataFields as $field) { |
|
| 106 | + $sectionData[$field] = Filter::filterInput(INPUT_POST, $field, FILTER_SANITIZE_STRING, ''); |
|
| 107 | + } |
|
| 108 | + $user = new User($faqConfig); |
|
| 109 | + $perm = $user->perm; |
|
| 110 | + if (!$perm->changeSection($sectionId, $sectionData)) { |
|
| 111 | + $message .= sprintf( |
|
| 112 | + '<p class="alert alert-danger">%s<br>%s</p>', |
|
| 113 | + $PMF_LANG['ad_msg_mysqlerr'], |
|
| 114 | + $db->error() |
|
| 115 | + ); |
|
| 116 | + } else { |
|
| 117 | + $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', |
|
| 118 | + $PMF_LANG['ad_msg_savedsuc_1'], |
|
| 119 | + $perm->getSectionName($sectionId), |
|
| 120 | + $PMF_LANG['ad_msg_savedsuc_2']); |
|
| 121 | + } |
|
| 122 | + } |
|
| 123 | 123 | } |
| 124 | 124 | |
| 125 | 125 | // delete section confirmation |
| 126 | 126 | if ($sectionAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'delete_section')) { |
| 127 | - $message = ''; |
|
| 128 | - $user = new CurrentUser($faqConfig); |
|
| 129 | - $perm = $user->perm; |
|
| 130 | - $sectionId = Filter::filterInput(INPUT_POST, 'section_list_select', FILTER_VALIDATE_INT, 0); |
|
| 131 | - if ($sectionId <= 0) { |
|
| 132 | - $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']); |
|
| 133 | - $sectionAction = $defaultSectionAction; |
|
| 134 | - } else { |
|
| 135 | - $sectionData = $perm->getSectionData($sectionId); |
|
| 136 | - ?> |
|
| 127 | + $message = ''; |
|
| 128 | + $user = new CurrentUser($faqConfig); |
|
| 129 | + $perm = $user->perm; |
|
| 130 | + $sectionId = Filter::filterInput(INPUT_POST, 'section_list_select', FILTER_VALIDATE_INT, 0); |
|
| 131 | + if ($sectionId <= 0) { |
|
| 132 | + $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']); |
|
| 133 | + $sectionAction = $defaultSectionAction; |
|
| 134 | + } else { |
|
| 135 | + $sectionData = $perm->getSectionData($sectionId); |
|
| 136 | + ?> |
|
| 137 | 137 | <header class="row"> |
| 138 | 138 | <div class="col-lg-12"> |
| 139 | 139 | <h2 class="page-header"> |
@@ -162,85 +162,85 @@ discard block |
||
| 162 | 162 | </div> |
| 163 | 163 | <?php |
| 164 | 164 | |
| 165 | - } |
|
| 165 | + } |
|
| 166 | 166 | } |
| 167 | 167 | |
| 168 | 168 | if ($sectionAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'delete_section')) { |
| 169 | - $message = ''; |
|
| 170 | - $user = new User($faqConfig); |
|
| 171 | - $sectionId = Filter::filterInput(INPUT_POST, 'section_id', FILTER_VALIDATE_INT, 0); |
|
| 172 | - $csrfOkay = true; |
|
| 173 | - $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING); |
|
| 174 | - if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) { |
|
| 175 | - $csrfOkay = false; |
|
| 176 | - } |
|
| 177 | - $sectionAction = $defaultSectionAction; |
|
| 178 | - if ($sectionId <= 0) { |
|
| 179 | - $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']); |
|
| 180 | - } else { |
|
| 181 | - if (!$user->perm->deleteSection($sectionId) && !$csrfOkay) { |
|
| 182 | - $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_section_error_delete']); |
|
| 183 | - } else { |
|
| 184 | - $message .= sprintf('<p class="alert alert-success">%s</p>', $PMF_LANG['ad_section_deleted']); |
|
| 185 | - } |
|
| 186 | - $userError = $user->error(); |
|
| 187 | - if ($userError != '') { |
|
| 188 | - $message .= sprintf('<p class="alert alert-danger">%s</p>', $userError); |
|
| 189 | - } |
|
| 190 | - } |
|
| 169 | + $message = ''; |
|
| 170 | + $user = new User($faqConfig); |
|
| 171 | + $sectionId = Filter::filterInput(INPUT_POST, 'section_id', FILTER_VALIDATE_INT, 0); |
|
| 172 | + $csrfOkay = true; |
|
| 173 | + $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING); |
|
| 174 | + if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) { |
|
| 175 | + $csrfOkay = false; |
|
| 176 | + } |
|
| 177 | + $sectionAction = $defaultSectionAction; |
|
| 178 | + if ($sectionId <= 0) { |
|
| 179 | + $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_user_error_noId']); |
|
| 180 | + } else { |
|
| 181 | + if (!$user->perm->deleteSection($sectionId) && !$csrfOkay) { |
|
| 182 | + $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_section_error_delete']); |
|
| 183 | + } else { |
|
| 184 | + $message .= sprintf('<p class="alert alert-success">%s</p>', $PMF_LANG['ad_section_deleted']); |
|
| 185 | + } |
|
| 186 | + $userError = $user->error(); |
|
| 187 | + if ($userError != '') { |
|
| 188 | + $message .= sprintf('<p class="alert alert-danger">%s</p>', $userError); |
|
| 189 | + } |
|
| 190 | + } |
|
| 191 | 191 | } |
| 192 | 192 | |
| 193 | 193 | if ($sectionAction == 'addsave' && $user->perm->checkRight($user->getUserId(), 'add_section')) { |
| 194 | - $user = new User($faqConfig); |
|
| 195 | - $message = ''; |
|
| 196 | - $messages = []; |
|
| 197 | - $sectionName = Filter::filterInput(INPUT_POST, 'section_name', FILTER_SANITIZE_STRING, ''); |
|
| 198 | - $sectionDescription = Filter::filterInput(INPUT_POST, 'section_description', FILTER_SANITIZE_STRING, ''); |
|
| 199 | - $csrfOkay = true; |
|
| 200 | - $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING); |
|
| 201 | - |
|
| 202 | - if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) { |
|
| 203 | - $csrfOkay = false; |
|
| 204 | - } |
|
| 205 | - // check section name |
|
| 206 | - if ($sectionName == '') { |
|
| 207 | - $messages[] = $PMF_LANG['ad_section_error_noName']; |
|
| 208 | - } |
|
| 209 | - // ok, let's go |
|
| 210 | - if (count($messages) == 0 && $csrfOkay) { |
|
| 211 | - // create section |
|
| 212 | - $sectionData = array( |
|
| 213 | - 'name' => $sectionName, |
|
| 214 | - 'description' => $sectionDescription |
|
| 215 | - ); |
|
| 216 | - |
|
| 217 | - if ($user->perm->addSection($sectionData) <= 0) { |
|
| 218 | - $messages[] = $PMF_LANG['ad_adus_dberr']; |
|
| 219 | - } |
|
| 220 | - } |
|
| 221 | - // no errors, show list |
|
| 222 | - if (count($messages) == 0) { |
|
| 223 | - $sectionAction = $defaultSectionAction; |
|
| 224 | - $message = sprintf('<p class="alert alert-success">%s</p>', $PMF_LANG['ad_section_suc']); |
|
| 225 | - // display error messages and show form again |
|
| 226 | - } else { |
|
| 227 | - $sectionAction = 'add'; |
|
| 228 | - $message = '<p class="alert alert-danger">'; |
|
| 229 | - foreach ($messages as $err) { |
|
| 230 | - $message .= $err.'<br>'; |
|
| 231 | - } |
|
| 232 | - $message .= '</p>'; |
|
| 233 | - } |
|
| 194 | + $user = new User($faqConfig); |
|
| 195 | + $message = ''; |
|
| 196 | + $messages = []; |
|
| 197 | + $sectionName = Filter::filterInput(INPUT_POST, 'section_name', FILTER_SANITIZE_STRING, ''); |
|
| 198 | + $sectionDescription = Filter::filterInput(INPUT_POST, 'section_description', FILTER_SANITIZE_STRING, ''); |
|
| 199 | + $csrfOkay = true; |
|
| 200 | + $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING); |
|
| 201 | + |
|
| 202 | + if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) { |
|
| 203 | + $csrfOkay = false; |
|
| 204 | + } |
|
| 205 | + // check section name |
|
| 206 | + if ($sectionName == '') { |
|
| 207 | + $messages[] = $PMF_LANG['ad_section_error_noName']; |
|
| 208 | + } |
|
| 209 | + // ok, let's go |
|
| 210 | + if (count($messages) == 0 && $csrfOkay) { |
|
| 211 | + // create section |
|
| 212 | + $sectionData = array( |
|
| 213 | + 'name' => $sectionName, |
|
| 214 | + 'description' => $sectionDescription |
|
| 215 | + ); |
|
| 216 | + |
|
| 217 | + if ($user->perm->addSection($sectionData) <= 0) { |
|
| 218 | + $messages[] = $PMF_LANG['ad_adus_dberr']; |
|
| 219 | + } |
|
| 220 | + } |
|
| 221 | + // no errors, show list |
|
| 222 | + if (count($messages) == 0) { |
|
| 223 | + $sectionAction = $defaultSectionAction; |
|
| 224 | + $message = sprintf('<p class="alert alert-success">%s</p>', $PMF_LANG['ad_section_suc']); |
|
| 225 | + // display error messages and show form again |
|
| 226 | + } else { |
|
| 227 | + $sectionAction = 'add'; |
|
| 228 | + $message = '<p class="alert alert-danger">'; |
|
| 229 | + foreach ($messages as $err) { |
|
| 230 | + $message .= $err.'<br>'; |
|
| 231 | + } |
|
| 232 | + $message .= '</p>'; |
|
| 233 | + } |
|
| 234 | 234 | } |
| 235 | 235 | |
| 236 | 236 | if (!isset($message)) { |
| 237 | - $message = ''; |
|
| 237 | + $message = ''; |
|
| 238 | 238 | } |
| 239 | 239 | |
| 240 | 240 | // show new section form |
| 241 | 241 | if ($sectionAction == 'add' && $user->perm->checkRight($user->getUserId(), 'add_section')) { |
| 242 | - $user = new CurrentUser($faqConfig); |
|
| 243 | - ?> |
|
| 242 | + $user = new CurrentUser($faqConfig); |
|
| 243 | + ?> |
|
| 244 | 244 | |
| 245 | 245 | <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom"> |
| 246 | 246 | <h1 class="h2"> |
@@ -63,7 +63,7 @@ discard block |
||
| 63 | 63 | } |
| 64 | 64 | |
| 65 | 65 | // validate sectionAction |
| 66 | -if (!in_array($sectionAction, $sectionActionList)){ |
|
| 66 | +if (!in_array($sectionAction, $sectionActionList)) { |
|
| 67 | 67 | // @Todo: implement Error message |
| 68 | 68 | } |
| 69 | 69 | |
@@ -83,7 +83,7 @@ discard block |
||
| 83 | 83 | $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_msg_mysqlerr']); |
| 84 | 84 | } |
| 85 | 85 | foreach ($sectionMembers as $memberId) { |
| 86 | - $perm->addGroupToSection((int) $memberId, $sectionId); |
|
| 86 | + $perm->addGroupToSection((int)$memberId, $sectionId); |
|
| 87 | 87 | } |
| 88 | 88 | $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', |
| 89 | 89 | $PMF_LANG['ad_msg_savedsuc_1'], |
