thorsten /
phpMyFAQ
@@ -40,46 +40,46 @@ |
||
| 40 | 40 | } |
| 41 | 41 | switch ($ajaxAction) { |
| 42 | 42 | |
| 43 | - case 'upload': |
|
| 43 | + case 'upload': |
|
| 44 | 44 | |
| 45 | - $uploadDir = '../images/'; |
|
| 46 | - $validFileExtensions = ['gif', 'jpg', 'jpeg', 'png']; |
|
| 47 | - if ($csrfOkay) { |
|
| 48 | - reset($_FILES); |
|
| 49 | - $temp = current($_FILES); |
|
| 50 | - if (is_uploaded_file($temp['tmp_name'])) { |
|
| 51 | - if (isset($_SERVER['HTTP_ORIGIN'])) { |
|
| 52 | - if ($_SERVER['HTTP_ORIGIN'] . '/' === $faqConfig->getDefaultUrl()) { |
|
| 53 | - $http->sendCorsHeader(); |
|
| 54 | - } else { |
|
| 55 | - $http->sendStatus(403); |
|
| 56 | - return; |
|
| 45 | + $uploadDir = '../images/'; |
|
| 46 | + $validFileExtensions = ['gif', 'jpg', 'jpeg', 'png']; |
|
| 47 | + if ($csrfOkay) { |
|
| 48 | + reset($_FILES); |
|
| 49 | + $temp = current($_FILES); |
|
| 50 | + if (is_uploaded_file($temp['tmp_name'])) { |
|
| 51 | + if (isset($_SERVER['HTTP_ORIGIN'])) { |
|
| 52 | + if ($_SERVER['HTTP_ORIGIN'] . '/' === $faqConfig->getDefaultUrl()) { |
|
| 53 | + $http->sendCorsHeader(); |
|
| 54 | + } else { |
|
| 55 | + $http->sendStatus(403); |
|
| 56 | + return; |
|
| 57 | + } |
|
| 57 | 58 | } |
| 58 | - } |
|
| 59 | 59 | |
| 60 | - // Sanitize input |
|
| 61 | - if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) { |
|
| 62 | - $http->sendStatus(400); |
|
| 63 | - return; |
|
| 64 | - } |
|
| 60 | + // Sanitize input |
|
| 61 | + if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) { |
|
| 62 | + $http->sendStatus(400); |
|
| 63 | + return; |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - // Verify extension |
|
| 67 | - if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), $validFileExtensions)) { |
|
| 68 | - $http->sendStatus(400); |
|
| 69 | - return; |
|
| 70 | - } |
|
| 66 | + // Verify extension |
|
| 67 | + if (!in_array(strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION)), $validFileExtensions)) { |
|
| 68 | + $http->sendStatus(400); |
|
| 69 | + return; |
|
| 70 | + } |
|
| 71 | 71 | |
| 72 | - // Accept upload if there was no origin, or if it is an accepted origin |
|
| 73 | - $fileToWrite = $uploadDir . $temp['name']; |
|
| 74 | - move_uploaded_file($temp['tmp_name'], $fileToWrite); |
|
| 72 | + // Accept upload if there was no origin, or if it is an accepted origin |
|
| 73 | + $fileToWrite = $uploadDir . $temp['name']; |
|
| 74 | + move_uploaded_file($temp['tmp_name'], $fileToWrite); |
|
| 75 | 75 | |
| 76 | - // Respond to the successful upload with JSON. |
|
| 77 | - $http->sendJsonWithHeaders(['location' => $fileToWrite]); |
|
| 76 | + // Respond to the successful upload with JSON. |
|
| 77 | + $http->sendJsonWithHeaders(['location' => $fileToWrite]); |
|
| 78 | + } else { |
|
| 79 | + $http->sendStatus(500); |
|
| 80 | + } |
|
| 78 | 81 | } else { |
| 79 | - $http->sendStatus(500); |
|
| 82 | + $http->sendStatus(401); |
|
| 80 | 83 | } |
| 81 | - } else { |
|
| 82 | - $http->sendStatus(401); |
|
| 83 | - } |
|
| 84 | - break; |
|
| 84 | + break; |
|
| 85 | 85 | } |
@@ -54,101 +54,101 @@ |
||
| 54 | 54 | switch ($ajax_action) { |
| 55 | 55 | |
| 56 | 56 | // save active FAQs |
| 57 | - case 'save_active_records': |
|
| 58 | - if ($user->perm->checkRight($user->getUserId(), 'approverec')) { |
|
| 59 | - if (!empty($items)) { |
|
| 60 | - $faq = new Faq($faqConfig); |
|
| 61 | - |
|
| 62 | - foreach ($items as $item) { |
|
| 63 | - if (is_array($item) && count($item) == 3 && Language::isASupportedLanguage($item[1])) { |
|
| 64 | - echo $faq->updateRecordFlag((int) $item[0], addslashes($item[1]), $item[2], 'active'); |
|
| 57 | + case 'save_active_records': |
|
| 58 | + if ($user->perm->checkRight($user->getUserId(), 'approverec')) { |
|
| 59 | + if (!empty($items)) { |
|
| 60 | + $faq = new Faq($faqConfig); |
|
| 61 | + |
|
| 62 | + foreach ($items as $item) { |
|
| 63 | + if (is_array($item) && count($item) == 3 && Language::isASupportedLanguage($item[1])) { |
|
| 64 | + echo $faq->updateRecordFlag((int) $item[0], addslashes($item[1]), $item[2], 'active'); |
|
| 65 | + } |
|
| 65 | 66 | } |
| 66 | 67 | } |
| 68 | + } else { |
|
| 69 | + echo $PMF_LANG['err_NotAuth']; |
|
| 67 | 70 | } |
| 68 | - } else { |
|
| 69 | - echo $PMF_LANG['err_NotAuth']; |
|
| 70 | - } |
|
| 71 | - break; |
|
| 72 | - |
|
| 73 | - // save sticky FAQs |
|
| 74 | - case 'save_sticky_records': |
|
| 75 | - if ($user->perm->checkRight($user->getUserId(), 'edit_faq')) { |
|
| 76 | - if (!empty($items)) { |
|
| 71 | + break; |
|
| 72 | + |
|
| 73 | + // save sticky FAQs |
|
| 74 | + case 'save_sticky_records': |
|
| 75 | + if ($user->perm->checkRight($user->getUserId(), 'edit_faq')) { |
|
| 76 | + if (!empty($items)) { |
|
| 77 | + $faq = new Faq($faqConfig); |
|
| 78 | + |
|
| 79 | + foreach ($items as $item) { |
|
| 80 | + if (is_array($item) && count($item) == 3 && Language::isASupportedLanguage($item[1])) { |
|
| 81 | + echo $faq->updateRecordFlag((int) $item[0], addslashes($item[1]), $item[2], 'sticky'); |
|
| 82 | + } |
|
| 83 | + } |
|
| 84 | + } |
|
| 85 | + } else { |
|
| 86 | + echo $PMF_LANG['err_NotAuth']; |
|
| 87 | + } |
|
| 88 | + break; |
|
| 89 | + |
|
| 90 | + // search FAQs for suggestions |
|
| 91 | + case 'search_records': |
|
| 92 | + if ($user->perm->checkRight($user->getUserId(), 'edit_faq')) { |
|
| 77 | 93 | $faq = new Faq($faqConfig); |
| 94 | + $faqSearch = new Search($faqConfig); |
|
| 95 | + $faqSearch->setCategory(new Category($faqConfig)); |
|
| 96 | + $faqSearchResult = new Resultset($user, $faq, $faqConfig); |
|
| 97 | + $searchResult = ''; |
|
| 98 | + $searchString = Filter::filterInput(INPUT_POST, 'search', FILTER_SANITIZE_STRIPPED); |
|
| 99 | + |
|
| 100 | + if (!is_null($searchString)) { |
|
| 101 | + try { |
|
| 102 | + $searchResult = $faqSearch->search($searchString, false); |
|
| 78 | 103 | |
| 79 | - foreach ($items as $item) { |
|
| 80 | - if (is_array($item) && count($item) == 3 && Language::isASupportedLanguage($item[1])) { |
|
| 81 | - echo $faq->updateRecordFlag((int) $item[0], addslashes($item[1]), $item[2], 'sticky'); |
|
| 104 | + $faqSearchResult->reviewResultset($searchResult); |
|
| 105 | + |
|
| 106 | + $searchHelper = new SearchHelper($faqConfig); |
|
| 107 | + $searchHelper->setSearchterm($searchString); |
|
| 108 | + |
|
| 109 | + echo $searchHelper->renderAdminSuggestionResult($faqSearchResult); |
|
| 110 | + } catch (Search\Exception $e) { |
|
| 111 | + // |
|
| 82 | 112 | } |
| 83 | 113 | } |
| 114 | + } else { |
|
| 115 | + echo $PMF_LANG['err_NotAuth']; |
|
| 84 | 116 | } |
| 85 | - } else { |
|
| 86 | - echo $PMF_LANG['err_NotAuth']; |
|
| 87 | - } |
|
| 88 | - break; |
|
| 89 | - |
|
| 90 | - // search FAQs for suggestions |
|
| 91 | - case 'search_records': |
|
| 92 | - if ($user->perm->checkRight($user->getUserId(), 'edit_faq')) { |
|
| 93 | - $faq = new Faq($faqConfig); |
|
| 94 | - $faqSearch = new Search($faqConfig); |
|
| 95 | - $faqSearch->setCategory(new Category($faqConfig)); |
|
| 96 | - $faqSearchResult = new Resultset($user, $faq, $faqConfig); |
|
| 97 | - $searchResult = ''; |
|
| 98 | - $searchString = Filter::filterInput(INPUT_POST, 'search', FILTER_SANITIZE_STRIPPED); |
|
| 99 | - |
|
| 100 | - if (!is_null($searchString)) { |
|
| 101 | - try { |
|
| 102 | - $searchResult = $faqSearch->search($searchString, false); |
|
| 103 | - |
|
| 104 | - $faqSearchResult->reviewResultset($searchResult); |
|
| 105 | - |
|
| 106 | - $searchHelper = new SearchHelper($faqConfig); |
|
| 107 | - $searchHelper->setSearchterm($searchString); |
|
| 108 | - |
|
| 109 | - echo $searchHelper->renderAdminSuggestionResult($faqSearchResult); |
|
| 110 | - } catch (Search\Exception $e) { |
|
| 111 | - // |
|
| 112 | - } |
|
| 117 | + break; |
|
| 118 | + |
|
| 119 | + // delete FAQs |
|
| 120 | + case 'delete_record': |
|
| 121 | + if ($user->perm->checkRight($user->getUserId(), 'delete_faq')) { |
|
| 122 | + $recordId = Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT); |
|
| 123 | + $recordLang = Filter::filterInput(INPUT_POST, 'record_lang', FILTER_SANITIZE_STRING); |
|
| 124 | + |
|
| 125 | + $logging = new Logging($faqConfig); |
|
| 126 | + $logging->logAdmin($user, 'Deleted FAQ ID '.$recordId); |
|
| 127 | + |
|
| 128 | + $faq->deleteRecord($recordId, $recordLang); |
|
| 129 | + echo $PMF_LANG['ad_entry_delsuc']; |
|
| 130 | + } else { |
|
| 131 | + echo $PMF_LANG['err_NotAuth']; |
|
| 113 | 132 | } |
| 114 | - } else { |
|
| 115 | - echo $PMF_LANG['err_NotAuth']; |
|
| 116 | - } |
|
| 117 | - break; |
|
| 118 | - |
|
| 119 | - // delete FAQs |
|
| 120 | - case 'delete_record': |
|
| 121 | - if ($user->perm->checkRight($user->getUserId(), 'delete_faq')) { |
|
| 122 | - $recordId = Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT); |
|
| 123 | - $recordLang = Filter::filterInput(INPUT_POST, 'record_lang', FILTER_SANITIZE_STRING); |
|
| 124 | - |
|
| 125 | - $logging = new Logging($faqConfig); |
|
| 126 | - $logging->logAdmin($user, 'Deleted FAQ ID '.$recordId); |
|
| 127 | - |
|
| 128 | - $faq->deleteRecord($recordId, $recordLang); |
|
| 129 | - echo $PMF_LANG['ad_entry_delsuc']; |
|
| 130 | - } else { |
|
| 131 | - echo $PMF_LANG['err_NotAuth']; |
|
| 132 | - } |
|
| 133 | - break; |
|
| 134 | - |
|
| 135 | - // delete open questions |
|
| 136 | - case 'delete_question': |
|
| 137 | - if ($user->perm->checkRight($user->getUserId(), 'delquestion')) { |
|
| 138 | - $checks = array( |
|
| 139 | - 'filter' => FILTER_VALIDATE_INT, |
|
| 140 | - 'flags' => FILTER_REQUIRE_ARRAY, |
|
| 141 | - ); |
|
| 142 | - $questionIds = Filter::filterInputArray(INPUT_POST, array('questions' => $checks)); |
|
| 143 | - |
|
| 144 | - if (!is_null($questionIds['questions'])) { |
|
| 145 | - foreach ($questionIds['questions'] as $questionId) { |
|
| 146 | - $faq->deleteQuestion((int) $questionId); |
|
| 133 | + break; |
|
| 134 | + |
|
| 135 | + // delete open questions |
|
| 136 | + case 'delete_question': |
|
| 137 | + if ($user->perm->checkRight($user->getUserId(), 'delquestion')) { |
|
| 138 | + $checks = array( |
|
| 139 | + 'filter' => FILTER_VALIDATE_INT, |
|
| 140 | + 'flags' => FILTER_REQUIRE_ARRAY, |
|
| 141 | + ); |
|
| 142 | + $questionIds = Filter::filterInputArray(INPUT_POST, array('questions' => $checks)); |
|
| 143 | + |
|
| 144 | + if (!is_null($questionIds['questions'])) { |
|
| 145 | + foreach ($questionIds['questions'] as $questionId) { |
|
| 146 | + $faq->deleteQuestion((int) $questionId); |
|
| 147 | + } |
|
| 147 | 148 | } |
| 149 | + echo $PMF_LANG['ad_entry_delsuc']; |
|
| 150 | + } else { |
|
| 151 | + echo $PMF_LANG['err_NotAuth']; |
|
| 148 | 152 | } |
| 149 | - echo $PMF_LANG['ad_entry_delsuc']; |
|
| 150 | - } else { |
|
| 151 | - echo $PMF_LANG['err_NotAuth']; |
|
| 152 | - } |
|
| 153 | - break; |
|
| 153 | + break; |
|
| 154 | 154 | } |
