[core] reduce use of POST global
This commit is contained in:
parent
c084016b5b
commit
cbc574db90
33 changed files with 167 additions and 221 deletions
|
@ -101,6 +101,15 @@ class PageRequestEvent extends Event
|
|||
}
|
||||
}
|
||||
|
||||
public function req_GET(string $key): string
|
||||
{
|
||||
$value = $this->get_GET($key);
|
||||
if($value === null) {
|
||||
throw new UserErrorException("Missing GET parameter {$key}");
|
||||
}
|
||||
return $value;
|
||||
}
|
||||
|
||||
public function get_POST(string $key): ?string
|
||||
{
|
||||
if(array_key_exists($key, $this->POST)) {
|
||||
|
@ -113,6 +122,15 @@ class PageRequestEvent extends Event
|
|||
}
|
||||
}
|
||||
|
||||
public function req_POST(string $key): string
|
||||
{
|
||||
$value = $this->get_POST($key);
|
||||
if($value === null) {
|
||||
throw new UserErrorException("Missing POST parameter {$key}");
|
||||
}
|
||||
return $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* Test if the requested path matches a given pattern.
|
||||
*
|
||||
|
|
|
@ -57,7 +57,7 @@ class AdminPage extends Extension
|
|||
send_event(new AdminBuildingEvent($page));
|
||||
} else {
|
||||
$action = $event->get_arg(0);
|
||||
$aae = new AdminActionEvent($action, $_POST);
|
||||
$aae = new AdminActionEvent($action, $event->POST);
|
||||
|
||||
if ($user->check_auth_token()) {
|
||||
log_info("admin", "Util: $action");
|
||||
|
|
|
@ -42,14 +42,7 @@ class Approval extends Extension
|
|||
|
||||
if ($event->page_matches("approve_image") && $user->can(Permissions::APPROVE_IMAGE)) {
|
||||
// Try to get the image ID
|
||||
$image_id = int_escape($event->get_arg(0));
|
||||
if (empty($image_id)) {
|
||||
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
|
||||
}
|
||||
if (empty($image_id)) {
|
||||
throw new SCoreException("Can not approve post: No valid Post ID given.");
|
||||
}
|
||||
|
||||
$image_id = int_escape(null_throws($event->get_arg(0)));
|
||||
self::approve_image($image_id);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/" . $image_id));
|
||||
|
@ -57,14 +50,7 @@ class Approval extends Extension
|
|||
|
||||
if ($event->page_matches("disapprove_image") && $user->can(Permissions::APPROVE_IMAGE)) {
|
||||
// Try to get the image ID
|
||||
$image_id = int_escape($event->get_arg(0));
|
||||
if (empty($image_id)) {
|
||||
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
|
||||
}
|
||||
if (empty($image_id)) {
|
||||
throw new SCoreException("Can not disapprove image: No valid Post ID given.");
|
||||
}
|
||||
|
||||
$image_id = int_escape(null_throws($event->get_arg(0)));
|
||||
self::disapprove_image($image_id);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/".$image_id));
|
||||
|
|
|
@ -17,13 +17,11 @@ class ApprovalTheme extends Themelet
|
|||
if ($image['approved'] === true) {
|
||||
$form = SHM_SIMPLE_FORM(
|
||||
'disapprove_image/'.$image->id,
|
||||
INPUT(["type" => 'hidden', "name" => 'image_id', "value" => $image->id]),
|
||||
SHM_SUBMIT("Disapprove")
|
||||
);
|
||||
} else {
|
||||
$form = SHM_SIMPLE_FORM(
|
||||
'approve_image/'.$image->id,
|
||||
INPUT(["type" => 'hidden', "name" => 'image_id', "value" => $image->id]),
|
||||
SHM_SUBMIT("Approve")
|
||||
);
|
||||
}
|
||||
|
|
|
@ -256,14 +256,14 @@ class Artists extends Extension
|
|||
}
|
||||
case "edit_artist":
|
||||
{
|
||||
$artistID = $_POST['artist_id'];
|
||||
$artistID = int_escape($event->req_POST('artist_id'));
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("artist/edit/".$artistID));
|
||||
break;
|
||||
}
|
||||
case "edited":
|
||||
{
|
||||
$artistID = int_escape($_POST['id']);
|
||||
$artistID = int_escape($event->get_POST('id'));
|
||||
$this->update_artist();
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||
|
@ -271,7 +271,7 @@ class Artists extends Extension
|
|||
}
|
||||
case "nuke_artist":
|
||||
{
|
||||
$artistID = $_POST['artist_id'];
|
||||
$artistID = int_escape($event->req_POST('artist_id'));
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("artist/nuke/".$artistID));
|
||||
break;
|
||||
|
@ -286,19 +286,19 @@ class Artists extends Extension
|
|||
}
|
||||
case "add_alias":
|
||||
{
|
||||
$artistID = $_POST['artist_id'];
|
||||
$artistID = int_escape($event->req_POST('artist_id'));
|
||||
$this->theme->show_new_alias_composer($artistID);
|
||||
break;
|
||||
}
|
||||
case "add_member":
|
||||
{
|
||||
$artistID = $_POST['artist_id'];
|
||||
$artistID = int_escape($event->req_POST('artist_id'));
|
||||
$this->theme->show_new_member_composer($artistID);
|
||||
break;
|
||||
}
|
||||
case "add_url":
|
||||
{
|
||||
$artistID = $_POST['artist_id'];
|
||||
$artistID = int_escape($event->req_POST('artist_id'));
|
||||
$this->theme->show_new_url_composer($artistID);
|
||||
break;
|
||||
}
|
||||
|
@ -308,7 +308,7 @@ class Artists extends Extension
|
|||
switch ($event->get_arg(1)) {
|
||||
case "add":
|
||||
{
|
||||
$artistID = $_POST['artistID'];
|
||||
$artistID = int_escape($event->req_POST('artist_id'));
|
||||
$this->add_alias();
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||
|
@ -333,7 +333,7 @@ class Artists extends Extension
|
|||
case "edited":
|
||||
{
|
||||
$this->update_alias();
|
||||
$aliasID = int_escape($_POST['aliasID']);
|
||||
$aliasID = int_escape($event->req_POST('aliasID'));
|
||||
$artistID = $this->get_artistID_by_aliasID($aliasID);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||
|
@ -349,7 +349,7 @@ class Artists extends Extension
|
|||
switch ($event->get_arg(1)) {
|
||||
case "add":
|
||||
{
|
||||
$artistID = $_POST['artistID'];
|
||||
$artistID = int_escape($event->req_POST('artist_id'));
|
||||
$this->add_urls();
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||
|
@ -374,7 +374,7 @@ class Artists extends Extension
|
|||
case "edited":
|
||||
{
|
||||
$this->update_url();
|
||||
$urlID = int_escape($_POST['urlID']);
|
||||
$urlID = int_escape($event->req_POST('urlID'));
|
||||
$artistID = $this->get_artistID_by_urlID($urlID);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||
|
@ -389,7 +389,7 @@ class Artists extends Extension
|
|||
switch ($event->get_arg(1)) {
|
||||
case "add":
|
||||
{
|
||||
$artistID = $_POST['artistID'];
|
||||
$artistID = int_escape($event->req_POST('artist_id'));
|
||||
$this->add_members();
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||
|
@ -414,7 +414,7 @@ class Artists extends Extension
|
|||
case "edited":
|
||||
{
|
||||
$this->update_member();
|
||||
$memberID = int_escape($_POST['memberID']);
|
||||
$memberID = int_escape($event->req_POST('memberID'));
|
||||
$artistID = $this->get_artistID_by_memberID($memberID);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("artist/view/".$artistID));
|
||||
|
|
|
@ -28,7 +28,7 @@ class Biography extends Extension
|
|||
global $page, $user, $user_config;
|
||||
if ($event->page_matches("biography")) {
|
||||
if ($user->check_auth_token()) {
|
||||
$user_config->set_string("biography", $_POST['biography']);
|
||||
$user_config->set_string("biography", $event->get_POST('biography'));
|
||||
$page->flash("Bio Updated");
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(referer_or(make_link()));
|
||||
|
|
|
@ -74,8 +74,8 @@ class Blocks extends Extension
|
|||
$database->execute("
|
||||
INSERT INTO blocks (pages, title, area, priority, content, userclass)
|
||||
VALUES (:pages, :title, :area, :priority, :content, :userclass)
|
||||
", ['pages' => $_POST['pages'], 'title' => $_POST['title'], 'area' => $_POST['area'], 'priority' => (int)$_POST['priority'], 'content' => $_POST['content'], 'userclass' => $_POST['userclass']]);
|
||||
log_info("blocks", "Added Block #".($database->get_last_insert_id('blocks_id_seq'))." (".$_POST['title'].")");
|
||||
", ['pages' => $event->req_POST('pages'), 'title' => $event->req_POST('title'), 'area' => $event->req_POST('area'), 'priority' => (int)$event->req_POST('priority'), 'content' => $event->req_POST('content'), 'userclass' => $event->req_POST('userclass')]);
|
||||
log_info("blocks", "Added Block #".($database->get_last_insert_id('blocks_id_seq'))." (".$event->req_POST('title').")");
|
||||
$cache->delete("blocks");
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("blocks/list"));
|
||||
|
@ -83,18 +83,18 @@ class Blocks extends Extension
|
|||
}
|
||||
if ($event->get_arg(0) == "update") {
|
||||
if ($user->check_auth_token()) {
|
||||
if (!empty($_POST['delete'])) {
|
||||
if (!empty($event->req_POST('delete'))) {
|
||||
$database->execute("
|
||||
DELETE FROM blocks
|
||||
WHERE id=:id
|
||||
", ['id' => $_POST['id']]);
|
||||
log_info("blocks", "Deleted Block #".$_POST['id']);
|
||||
", ['id' => $event->req_POST('id')]);
|
||||
log_info("blocks", "Deleted Block #".$event->req_POST('id'));
|
||||
} else {
|
||||
$database->execute("
|
||||
UPDATE blocks SET pages=:pages, title=:title, area=:area, priority=:priority, content=:content, userclass=:userclass
|
||||
WHERE id=:id
|
||||
", ['pages' => $_POST['pages'], 'title' => $_POST['title'], 'area' => $_POST['area'], 'priority' => (int)$_POST['priority'], 'content' => $_POST['content'], 'userclass' => $_POST['userclass'], 'id' => $_POST['id']]);
|
||||
log_info("blocks", "Updated Block #".$_POST['id']." (".$_POST['title'].")");
|
||||
", ['pages' => $event->req_POST('pages'), 'title' => $event->req_POST('title'), 'area' => $event->req_POST('area'), 'priority' => (int)$event->req_POST('priority'), 'content' => $event->req_POST('content'), 'userclass' => $event->req_POST('userclass'), 'id' => $event->req_POST('id')]);
|
||||
log_info("blocks", "Updated Block #".$event->req_POST('id')." (".$event->req_POST('title').")");
|
||||
}
|
||||
$cache->delete("blocks");
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
|
|
|
@ -92,11 +92,8 @@ class Blotter extends Extension
|
|||
if (!$user->can(Permissions::BLOTTER_ADMIN) || !$user->check_auth_token()) {
|
||||
$this->theme->display_permission_denied();
|
||||
} else {
|
||||
$entry_text = $_POST['entry_text'];
|
||||
if ($entry_text == "") {
|
||||
die("No entry message!");
|
||||
}
|
||||
$important = isset($_POST['important']);
|
||||
$entry_text = $event->req_POST('entry_text');
|
||||
$important = !is_null($event->get_POST('important'));
|
||||
// Now insert into db:
|
||||
$database->execute(
|
||||
"INSERT INTO blotter (entry_date, entry_text, important) VALUES (now(), :text, :important)",
|
||||
|
@ -114,7 +111,7 @@ class Blotter extends Extension
|
|||
if (!$user->can(Permissions::BLOTTER_ADMIN) || !$user->check_auth_token()) {
|
||||
$this->theme->display_permission_denied();
|
||||
} else {
|
||||
$id = int_escape($_POST['id']);
|
||||
$id = int_escape($event->req_POST('id'));
|
||||
$database->execute("DELETE FROM blotter WHERE id=:id", ["id" => $id]);
|
||||
log_info("blotter", "Removed Entry #$id");
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
|
|
|
@ -170,11 +170,7 @@ class BulkActions extends Extension
|
|||
{
|
||||
global $page, $user;
|
||||
if ($event->page_matches("bulk_action") && $user->can(Permissions::PERFORM_BULK_ACTIONS)) {
|
||||
if (!isset($_POST['bulk_action'])) {
|
||||
return;
|
||||
}
|
||||
|
||||
$action = $_POST['bulk_action'];
|
||||
$action = $event->req_POST('bulk_action');
|
||||
|
||||
try {
|
||||
$items = null;
|
||||
|
|
|
@ -31,9 +31,10 @@ class BulkAdd extends Extension
|
|||
{
|
||||
global $page, $user;
|
||||
if ($event->page_matches("bulk_add")) {
|
||||
if ($user->can(Permissions::BULK_ADD) && $user->check_auth_token() && isset($_POST['dir'])) {
|
||||
$dir = $event->get_POST('dir');
|
||||
if ($user->can(Permissions::BULK_ADD) && $user->check_auth_token() && $dir) {
|
||||
shm_set_timeout(null);
|
||||
$bae = send_event(new BulkAddEvent($_POST['dir']));
|
||||
$bae = send_event(new BulkAddEvent($dir));
|
||||
$this->theme->display_upload_results($page, $bae->results);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,9 +17,10 @@ class BulkAddCSV extends Extension
|
|||
{
|
||||
global $page, $user;
|
||||
if ($event->page_matches("bulk_add_csv")) {
|
||||
if ($user->can(Permissions::BULK_ADD) && $user->check_auth_token() && isset($_POST['csv'])) {
|
||||
$csv = $event->get_POST('csv');
|
||||
if ($user->can(Permissions::BULK_ADD) && $user->check_auth_token() && $csv) {
|
||||
shm_set_timeout(null);
|
||||
$this->add_csv($_POST['csv']);
|
||||
$this->add_csv($csv);
|
||||
$this->theme->display_upload_results($page);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,10 +12,11 @@ class ETServer extends Extension
|
|||
{
|
||||
global $database, $page, $user;
|
||||
if ($event->page_matches("register.php")) {
|
||||
if (isset($_POST["data"])) {
|
||||
$data = $event->get_POST("data");
|
||||
if ($data) {
|
||||
$database->execute(
|
||||
"INSERT INTO registration(data) VALUES(:data)",
|
||||
["data" => $_POST["data"]]
|
||||
["data" => $data]
|
||||
);
|
||||
$page->set_title("Thanks!");
|
||||
$page->set_heading("Thanks!");
|
||||
|
|
|
@ -32,7 +32,7 @@ class ExtManager extends Extension
|
|||
if ($user->can(Permissions::MANAGE_EXTENSION_LIST)) {
|
||||
if ($event->count_args() == 1 && $event->get_arg(0) == "set" && $user->check_auth_token()) {
|
||||
if (is_writable("data/config")) {
|
||||
$this->set_things($_POST);
|
||||
$this->set_things($event->POST);
|
||||
log_warning("ext_manager", "Active extensions changed", "Active extensions changed");
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("ext_manager"));
|
||||
|
|
|
@ -60,9 +60,10 @@ class Favorites extends Extension
|
|||
{
|
||||
global $page, $user;
|
||||
if ($event->page_matches("change_favorite") && !$user->is_anonymous() && $user->check_auth_token()) {
|
||||
$image_id = int_escape($_POST['image_id']);
|
||||
if ((($_POST['favorite_action'] == "set") || ($_POST['favorite_action'] == "unset")) && ($image_id > 0)) {
|
||||
if ($_POST['favorite_action'] == "set") {
|
||||
$image_id = int_escape($event->req_POST('image_id'));
|
||||
$action = $event->req_POST('favorite_action');
|
||||
if ((($action == "set") || ($action == "unset")) && ($image_id > 0)) {
|
||||
if ($action == "set") {
|
||||
send_event(new FavoriteSetEvent($image_id, $user, true));
|
||||
log_debug("favourite", "Favourite set for $image_id", "Favourite added");
|
||||
} else {
|
||||
|
|
|
@ -20,14 +20,12 @@ class Featured extends Extension
|
|||
global $config, $page, $user;
|
||||
if ($event->page_matches("featured_image")) {
|
||||
if ($event->get_arg(0) == "set" && $user->check_auth_token()) {
|
||||
if ($user->can(Permissions::EDIT_FEATURE) && isset($_POST['image_id'])) {
|
||||
$id = int_escape($_POST['image_id']);
|
||||
if ($id > 0) {
|
||||
$config->set_int("featured_id", $id);
|
||||
log_info("featured", "Featured post set to >>$id", "Featured post set");
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/$id"));
|
||||
}
|
||||
$id = int_escape($event->get_POST('image_id'));
|
||||
if ($user->can(Permissions::EDIT_FEATURE) && $id > 0) {
|
||||
$config->set_int("featured_id", $id);
|
||||
log_info("featured", "Featured post set to >>$id", "Featured post set");
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/$id"));
|
||||
}
|
||||
}
|
||||
if ($event->get_arg(0) == "download") {
|
||||
|
|
|
@ -74,8 +74,12 @@ class Media extends Extension
|
|||
{
|
||||
global $page, $user;
|
||||
|
||||
if ($event->page_matches("media_rescan/") && $user->can(Permissions::RESCAN_MEDIA) && isset($_POST['image_id'])) {
|
||||
$image = Image::by_id(int_escape($_POST['image_id']));
|
||||
if (
|
||||
$event->page_matches("media_rescan/") &&
|
||||
$user->can(Permissions::RESCAN_MEDIA) &&
|
||||
$event->get_POST('image_id')
|
||||
) {
|
||||
$image = Image::by_id(int_escape($event->get_POST('image_id')));
|
||||
|
||||
send_event(new MediaCheckPropertiesEvent($image));
|
||||
$image->save_to_db();
|
||||
|
|
|
@ -108,18 +108,20 @@ class Notes extends Extension
|
|||
break;
|
||||
|
||||
case "add_request":
|
||||
$image_id = int_escape($event->req_POST("image_id"));
|
||||
if (!$user->is_anonymous()) {
|
||||
$this->add_note_request();
|
||||
$this->add_note_request($image_id);
|
||||
}
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/".$_POST["image_id"]));
|
||||
$page->set_redirect(make_link("post/view/$image_id"));
|
||||
break;
|
||||
case "nuke_requests":
|
||||
$image_id = int_escape($event->req_POST("image_id"));
|
||||
if ($user->can(Permissions::NOTES_ADMIN)) {
|
||||
$this->nuke_requests();
|
||||
$this->nuke_requests($image_id);
|
||||
}
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/".$_POST["image_id"]));
|
||||
$page->set_redirect(make_link("post/view/$image_id"));
|
||||
break;
|
||||
|
||||
case "create_note":
|
||||
|
@ -147,12 +149,13 @@ class Notes extends Extension
|
|||
}
|
||||
break;
|
||||
case "nuke_notes":
|
||||
$image_id = int_escape($event->req_POST("image_id"));
|
||||
if ($user->can(Permissions::NOTES_ADMIN)) {
|
||||
$this->nuke_notes();
|
||||
$this->nuke_notes($image_id);
|
||||
}
|
||||
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/".$_POST["image_id"]));
|
||||
$page->set_redirect(make_link("post/view/$image_id"));
|
||||
break;
|
||||
|
||||
default:
|
||||
|
@ -295,11 +298,10 @@ class Notes extends Extension
|
|||
return $noteID;
|
||||
}
|
||||
|
||||
private function add_note_request(): void
|
||||
private function add_note_request(int $image_id): void
|
||||
{
|
||||
global $database, $user;
|
||||
|
||||
$image_id = int_escape($_POST["image_id"]);
|
||||
$user_id = $user->id;
|
||||
|
||||
$database->execute(
|
||||
|
@ -346,18 +348,16 @@ class Notes extends Extension
|
|||
log_info("notes", "Note deleted {$note["note_id"]} by {$user->name}");
|
||||
}
|
||||
|
||||
private function nuke_notes(): void
|
||||
private function nuke_notes(int $image_id): void
|
||||
{
|
||||
global $database, $user;
|
||||
$image_id = int_escape($_POST["image_id"]);
|
||||
$database->execute("DELETE FROM notes WHERE image_id = :image_id", ['image_id' => $image_id]);
|
||||
log_info("notes", "Notes deleted from {$image_id} by {$user->name}");
|
||||
}
|
||||
|
||||
private function nuke_requests(): void
|
||||
private function nuke_requests(int $image_id): void
|
||||
{
|
||||
global $database, $user;
|
||||
$image_id = int_escape($_POST["image_id"]);
|
||||
|
||||
$database->execute("DELETE FROM note_request WHERE image_id = :image_id", ['image_id' => $image_id]);
|
||||
|
||||
|
|
|
@ -158,8 +158,8 @@ class NumericScore extends Extension
|
|||
die($html);
|
||||
} elseif ($event->page_matches("numeric_score_vote") && $user->check_auth_token()) {
|
||||
if ($user->can(Permissions::CREATE_VOTE)) {
|
||||
$image_id = int_escape($_POST['image_id']);
|
||||
$score = int_escape($_POST['vote']);
|
||||
$image_id = int_escape($event->req_POST("image_id"));
|
||||
$score = int_escape($event->req_POST("vote"));
|
||||
if (($score == -1 || $score == 0 || $score == 1) && $image_id > 0) {
|
||||
send_event(new NumericScoreSetEvent($image_id, $user, $score));
|
||||
}
|
||||
|
@ -168,7 +168,7 @@ class NumericScore extends Extension
|
|||
}
|
||||
} elseif ($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) {
|
||||
if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
|
||||
$image_id = int_escape($_POST['image_id']);
|
||||
$image_id = int_escape($event->req_POST("image_id"));
|
||||
$database->execute(
|
||||
"DELETE FROM numeric_score_votes WHERE image_id=:image_id",
|
||||
['image_id' => $image_id]
|
||||
|
@ -182,7 +182,7 @@ class NumericScore extends Extension
|
|||
}
|
||||
} elseif ($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) {
|
||||
if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
|
||||
$this->delete_votes_by(int_escape($_POST['user_id']));
|
||||
$this->delete_votes_by(int_escape($event->req_POST('user_id')));
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link());
|
||||
}
|
||||
|
|
|
@ -254,7 +254,7 @@ class PrivMsg extends Extension
|
|||
case "delete":
|
||||
if ($user->can(Permissions::READ_PM)) {
|
||||
if ($user->check_auth_token()) {
|
||||
$pm_id = int_escape($_POST["pm_id"]);
|
||||
$pm_id = int_escape($event->get_POST("pm_id"));
|
||||
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", ["id" => $pm_id]);
|
||||
if (is_null($pm)) {
|
||||
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
|
||||
|
@ -271,10 +271,10 @@ class PrivMsg extends Extension
|
|||
case "send":
|
||||
if ($user->can(Permissions::SEND_PM)) {
|
||||
if ($user->check_auth_token()) {
|
||||
$to_id = int_escape($_POST["to_id"]);
|
||||
$to_id = int_escape($event->get_POST("to_id"));
|
||||
$from_id = $user->id;
|
||||
$subject = $_POST["subject"];
|
||||
$message = $_POST["message"];
|
||||
$subject = $event->req_POST("subject");
|
||||
$message = $event->req_POST("message");
|
||||
send_event(new SendPMEvent(new PM($from_id, get_real_ip(), $to_id, $subject, $message)));
|
||||
$page->flash("PM sent");
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
|
|
|
@ -263,12 +263,11 @@ class Pools extends Extension
|
|||
|
||||
case "create": // ADD _POST
|
||||
try {
|
||||
$title = $_POST["title"];
|
||||
$event = send_event(new PoolCreationEvent(
|
||||
$title,
|
||||
$event->req_POST("title"),
|
||||
$user,
|
||||
bool_escape($_POST["public"]),
|
||||
$_POST["description"]
|
||||
bool_escape($event->req_POST("public")),
|
||||
$event->req_POST("description")
|
||||
));
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("pool/view/" . $event->new_id));
|
||||
|
@ -296,7 +295,7 @@ class Pools extends Extension
|
|||
break;
|
||||
|
||||
case "edit": // Edit the pool (remove images)
|
||||
$pool_id = int_escape($_POST["pool_id"]);
|
||||
$pool_id = int_escape($event->req_POST("pool_id"));
|
||||
$pool = $this->get_single_pool($pool_id);
|
||||
|
||||
if ($this->have_permission($user, $pool)) {
|
||||
|
@ -313,10 +312,10 @@ class Pools extends Extension
|
|||
break;
|
||||
|
||||
case "order": // Order the pool (view and change the order of images within the pool)
|
||||
$pool_id = int_escape($_POST["pool_id"]);
|
||||
$pool_id = int_escape($event->req_POST("pool_id"));
|
||||
$pool = $this->get_single_pool($pool_id);
|
||||
|
||||
if (isset($_POST["order_view"])) {
|
||||
if (isset($event->req_POST("order_view"))) {
|
||||
if ($this->have_permission($user, $pool)) {
|
||||
$result = $database->execute(
|
||||
"SELECT image_id FROM pool_images WHERE pool_id=:pid ORDER BY image_order ASC",
|
||||
|
@ -342,14 +341,14 @@ class Pools extends Extension
|
|||
}
|
||||
} else {
|
||||
if ($this->have_permission($user, $pool)) {
|
||||
foreach ($_POST['imgs'] as $data) {
|
||||
foreach ($event->req_POST('imgs') as $data) {
|
||||
list($imageORDER, $imageID) = $data;
|
||||
$database->execute(
|
||||
"
|
||||
UPDATE pool_images
|
||||
SET image_order = :ord
|
||||
WHERE pool_id = :pid AND image_id = :iid",
|
||||
["ord" => $imageORDER, "pid" => int_escape($_POST['pool_id']), "iid" => $imageID]
|
||||
["ord" => $imageORDER, "pid" => int_escape($event->req_POST('pool_id')), "iid" => $imageID]
|
||||
);
|
||||
}
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
|
@ -360,7 +359,7 @@ class Pools extends Extension
|
|||
}
|
||||
break;
|
||||
case "reverse":
|
||||
$pool_id = int_escape($_POST["pool_id"]);
|
||||
$pool_id = int_escape($event->req_POST("pool_id"));
|
||||
$pool = $this->get_single_pool($pool_id);
|
||||
|
||||
if ($this->have_permission($user, $pool)) {
|
||||
|
@ -389,13 +388,13 @@ class Pools extends Extension
|
|||
}
|
||||
break;
|
||||
case "import":
|
||||
$pool_id = int_escape($_POST["pool_id"]);
|
||||
$pool_id = int_escape($event->req_POST("pool_id"));
|
||||
$pool = $this->get_single_pool($pool_id);
|
||||
|
||||
if ($this->have_permission($user, $pool)) {
|
||||
$images = Search::find_images(
|
||||
limit: $config->get_int(PoolsConfig::MAX_IMPORT_RESULTS, 1000),
|
||||
tags: Tag::explode($_POST["pool_tag"])
|
||||
tags: Tag::explode($event->req_POST("pool_tag"))
|
||||
);
|
||||
$this->theme->pool_result($page, $images, $pool);
|
||||
} else {
|
||||
|
@ -404,11 +403,11 @@ class Pools extends Extension
|
|||
break;
|
||||
|
||||
case "add_posts":
|
||||
$pool_id = int_escape($_POST["pool_id"]);
|
||||
$pool_id = int_escape($event->req_POST("pool_id"));
|
||||
$pool = $this->get_single_pool($pool_id);
|
||||
|
||||
if ($this->have_permission($user, $pool)) {
|
||||
$image_ids = array_map('intval', $_POST['check']);
|
||||
$image_ids = array_map('intval', $event->req_POST('check'));
|
||||
send_event(new PoolAddPostsEvent($pool_id, $image_ids));
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("pool/view/" . $pool_id));
|
||||
|
@ -418,12 +417,12 @@ class Pools extends Extension
|
|||
break;
|
||||
|
||||
case "remove_posts":
|
||||
$pool_id = int_escape($_POST["pool_id"]);
|
||||
$pool_id = int_escape($event->req_POST("pool_id"));
|
||||
$pool = $this->get_single_pool($pool_id);
|
||||
|
||||
if ($this->have_permission($user, $pool)) {
|
||||
$images = "";
|
||||
foreach ($_POST['check'] as $imageID) {
|
||||
foreach ($event->req_POST('check') as $imageID) {
|
||||
$database->execute(
|
||||
"DELETE FROM pool_images WHERE pool_id = :pid AND image_id = :iid",
|
||||
["pid" => $pool_id, "iid" => $imageID]
|
||||
|
@ -444,13 +443,13 @@ class Pools extends Extension
|
|||
break;
|
||||
|
||||
case "edit_description":
|
||||
$pool_id = int_escape($_POST["pool_id"]);
|
||||
$pool_id = int_escape($event->req_POST("pool_id"));
|
||||
$pool = $this->get_single_pool($pool_id);
|
||||
|
||||
if ($this->have_permission($user, $pool)) {
|
||||
$database->execute(
|
||||
"UPDATE pools SET description=:dsc,lastupdated=CURRENT_TIMESTAMP WHERE id=:pid",
|
||||
["dsc" => $_POST['description'], "pid" => $pool_id]
|
||||
["dsc" => $event->req_POST('description'), "pid" => $pool_id]
|
||||
);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("pool/view/" . $pool_id));
|
||||
|
@ -463,7 +462,7 @@ class Pools extends Extension
|
|||
case "nuke":
|
||||
// Completely remove the given pool.
|
||||
// -> Only admins and owners may do this
|
||||
$pool_id = int_escape($_POST["pool_id"]);
|
||||
$pool_id = int_escape($event->req_POST("pool_id"));
|
||||
$pool = $this->get_single_pool($pool_id);
|
||||
|
||||
if ($user->can(Permissions::POOLS_ADMIN) || $user->id == $pool->user_id) {
|
||||
|
|
|
@ -45,13 +45,7 @@ class PrivateImage extends Extension
|
|||
|
||||
if ($event->page_matches("privatize_image") && $user->can(Permissions::SET_PRIVATE_IMAGE)) {
|
||||
// Try to get the image ID
|
||||
$image_id = int_escape($event->get_arg(0));
|
||||
if (empty($image_id)) {
|
||||
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
|
||||
}
|
||||
if (empty($image_id)) {
|
||||
throw new SCoreException("Can not make image private: No valid Post ID given.");
|
||||
}
|
||||
$image_id = int_escape(null_throws($event->get_arg(0)));
|
||||
$image = Image::by_id($image_id);
|
||||
if ($image == null) {
|
||||
throw new SCoreException("Post not found.");
|
||||
|
@ -67,13 +61,7 @@ class PrivateImage extends Extension
|
|||
|
||||
if ($event->page_matches("publicize_image")) {
|
||||
// Try to get the image ID
|
||||
$image_id = int_escape($event->get_arg(0));
|
||||
if (empty($image_id)) {
|
||||
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
|
||||
}
|
||||
if (empty($image_id)) {
|
||||
throw new SCoreException("Can not make image public: No valid Post ID given.");
|
||||
}
|
||||
$image_id = int_escape(null_throws($event->get_arg(0)));
|
||||
$image = Image::by_id($image_id);
|
||||
if ($image == null) {
|
||||
throw new SCoreException("Post not found.");
|
||||
|
@ -93,15 +81,12 @@ class PrivateImage extends Extension
|
|||
}
|
||||
switch ($event->get_arg(0)) {
|
||||
case "private_image":
|
||||
if (!array_key_exists("id", $_POST) || empty($_POST["id"])) {
|
||||
return;
|
||||
}
|
||||
$id = intval($_POST["id"]);
|
||||
$id = int_escape($event->req_POST('id'));
|
||||
if ($id != $user->id) {
|
||||
throw new SCoreException("Cannot change another user's settings");
|
||||
}
|
||||
$set_default = array_key_exists("set_default", $_POST);
|
||||
$view_default = array_key_exists("view_default", $_POST);
|
||||
$set_default = array_key_exists("set_default", $event->POST);
|
||||
$view_default = array_key_exists("view_default", $event->POST);
|
||||
|
||||
$user_config->set_bool(PrivateImageConfig::USER_SET_DEFAULT, $set_default);
|
||||
$user_config->set_bool(PrivateImageConfig::USER_VIEW_DEFAULT, $view_default);
|
||||
|
|
|
@ -13,13 +13,11 @@ class PrivateImageTheme extends Themelet
|
|||
if ($image['private'] === false) {
|
||||
$html = SHM_SIMPLE_FORM(
|
||||
'privatize_image/'.$image->id,
|
||||
INPUT(["type" => 'hidden', "name" => 'image_id', "value" => $image->id]),
|
||||
SHM_SUBMIT("Make Private")
|
||||
);
|
||||
} else {
|
||||
$html = SHM_SIMPLE_FORM(
|
||||
'publicize_image/'.$image->id,
|
||||
INPUT(["type" => 'hidden', "name" => 'image_id', "value" => $image->id]),
|
||||
SHM_SUBMIT("Make Public")
|
||||
);
|
||||
}
|
||||
|
|
|
@ -380,7 +380,7 @@ class Ratings extends Extension
|
|||
} else {
|
||||
$n = 0;
|
||||
while (true) {
|
||||
$images = Search::find_images($n, 100, Tag::explode($_POST["query"]));
|
||||
$images = Search::find_images($n, 100, Tag::explode($event->req_POST("query")));
|
||||
if (count($images) == 0) {
|
||||
break;
|
||||
}
|
||||
|
@ -388,15 +388,10 @@ class Ratings extends Extension
|
|||
reset($images); // rewind to first element in array.
|
||||
|
||||
foreach ($images as $image) {
|
||||
send_event(new RatingSetEvent($image, $_POST['rating']));
|
||||
send_event(new RatingSetEvent($image, $event->req_POST('rating')));
|
||||
}
|
||||
$n += 100;
|
||||
}
|
||||
#$database->execute("
|
||||
# update images set rating=:rating where images.id in (
|
||||
# select image_id from image_tags join tags
|
||||
# on image_tags.tag_id = tags.id where tags.tag = :tag);
|
||||
# ", ['rating'=>$_POST["rating"], 'tag'=>$_POST["tag"]]);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link());
|
||||
}
|
||||
|
|
|
@ -28,15 +28,15 @@ class ReplaceFile extends Extension
|
|||
if($event->method == "GET") {
|
||||
$this->theme->display_replace_page($page, $image_id);
|
||||
} elseif($event->method == "POST") {
|
||||
if (!empty($_POST["url"])) {
|
||||
if (!empty($event->get_POST("url"))) {
|
||||
$tmp_filename = shm_tempnam("transload");
|
||||
fetch_url($_POST["url"], $tmp_filename);
|
||||
fetch_url($event->req_POST("url"), $tmp_filename);
|
||||
send_event(new ImageReplaceEvent($image, $tmp_filename));
|
||||
} elseif (count($_FILES) > 0) {
|
||||
send_event(new ImageReplaceEvent($image, $_FILES["data"]['tmp_name']));
|
||||
}
|
||||
if(!empty($_POST["source"])) {
|
||||
send_event(new SourceSetEvent($image, $_POST["source"]));
|
||||
if($event->get_POST("source")) {
|
||||
send_event(new SourceSetEvent($image, $event->req_POST("source")));
|
||||
}
|
||||
$cache->delete("thumb-block:{$image_id}");
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
|
|
|
@ -123,14 +123,7 @@ class ResizeImage extends Extension
|
|||
|
||||
if ($event->page_matches("resize") && $user->can(Permissions::EDIT_FILES)) {
|
||||
// Try to get the image ID
|
||||
$image_id = int_escape($event->get_arg(0));
|
||||
if (empty($image_id)) {
|
||||
$image_id = isset($_POST['image_id']) ? int_escape($_POST['image_id']) : null;
|
||||
}
|
||||
if (empty($image_id)) {
|
||||
throw new ImageResizeException("Can not resize Image: No valid Post ID given.");
|
||||
}
|
||||
|
||||
$image_id = int_escape(null_throws($event->get_arg(0)));
|
||||
$image = Image::by_id($image_id);
|
||||
if (is_null($image)) {
|
||||
$this->theme->display_error(404, "Post not found", "No image in the database has the ID #$image_id");
|
||||
|
|
|
@ -27,7 +27,6 @@ class ResizeImageTheme extends Themelet
|
|||
|
||||
$html = rawHTML("
|
||||
".make_form(make_link("resize/{$image->id}"))."
|
||||
<input type='hidden' name='image_id' value='{$image->id}'>
|
||||
<input id='original_width' name='original_width' type='hidden' value='{$image->width}'>
|
||||
<input id='original_height' name='original_height' type='hidden' value='{$image->height}'>
|
||||
<input id='resize_width' style='width: 70px;' name='resize_width' type='number' min='1' value='".$default_width."'> x
|
||||
|
|
|
@ -55,39 +55,21 @@ class RotateImage extends Extension
|
|||
|
||||
if ($event->page_matches("rotate") && $user->can(Permissions::EDIT_FILES)) {
|
||||
// Try to get the image ID
|
||||
$image_id = int_escape($event->get_arg(0));
|
||||
if (empty($image_id)) {
|
||||
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
|
||||
}
|
||||
if (empty($image_id)) {
|
||||
throw new ImageRotateException("Can not rotate Image: No valid Post ID given.");
|
||||
}
|
||||
|
||||
$image_id = int_escape(null_throws($event->get_arg(0)));
|
||||
$image = Image::by_id($image_id);
|
||||
if (is_null($image)) {
|
||||
$this->theme->display_error(404, "Post not found", "No image in the database has the ID #$image_id");
|
||||
} else {
|
||||
/* Check if options were given to rotate an image. */
|
||||
if (isset($_POST['rotate_deg'])) {
|
||||
/* get options */
|
||||
$deg = int_escape($event->req_POST('rotate_deg'));
|
||||
|
||||
$deg = 0;
|
||||
|
||||
if (isset($_POST['rotate_deg'])) {
|
||||
$deg = int_escape($_POST['rotate_deg']);
|
||||
}
|
||||
|
||||
/* Attempt to rotate the image */
|
||||
try {
|
||||
$this->rotate_image($image_id, $deg);
|
||||
|
||||
//$this->theme->display_rotate_page($page, $image_id);
|
||||
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/".$image_id));
|
||||
} catch (ImageRotateException $e) {
|
||||
$this->theme->display_rotate_error($page, "Error Rotating", $e->error);
|
||||
}
|
||||
/* Attempt to rotate the image */
|
||||
try {
|
||||
$this->rotate_image($image_id, $deg);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/".$image_id));
|
||||
} catch (ImageRotateException $e) {
|
||||
$this->theme->display_rotate_error($page, "Error Rotating", $e->error);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,7 +15,6 @@ class RotateImageTheme extends Themelet
|
|||
{
|
||||
return SHM_SIMPLE_FORM(
|
||||
'rotate/'.$image_id,
|
||||
INPUT(["type" => 'hidden', "name" => 'image_id', "value" => $image_id]),
|
||||
INPUT(["type" => 'number', "name" => 'rotate_deg', "id" => "rotate_deg", "placeholder" => "Rotation degrees"]),
|
||||
INPUT(["type" => 'submit', "value" => 'Rotate', "id" => "rotatebutton"]),
|
||||
);
|
||||
|
|
|
@ -30,15 +30,7 @@ class Trash extends Extension
|
|||
global $page, $user;
|
||||
|
||||
if ($event->page_matches("trash_restore") && $user->can(Permissions::VIEW_TRASH)) {
|
||||
// Try to get the image ID
|
||||
if ($event->count_args() >= 1) {
|
||||
$image_id = int_escape($event->get_arg(0));
|
||||
} elseif (isset($_POST['image_id'])) {
|
||||
$image_id = $_POST['image_id'];
|
||||
} else {
|
||||
throw new SCoreException("Can not restore post: No valid Post ID given.");
|
||||
}
|
||||
|
||||
$image_id = int_escape(null_throws($event->get_arg(0)));
|
||||
self::set_trash($image_id, false);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("post/view/".$image_id));
|
||||
|
|
|
@ -12,7 +12,6 @@ class TrashTheme extends Themelet
|
|||
{
|
||||
return SHM_SIMPLE_FORM(
|
||||
'trash_restore/'.$image_id,
|
||||
INPUT(["type" => 'hidden', "name" => 'image_id', "value" => $image_id]),
|
||||
INPUT(["type" => 'submit', "value" => 'Restore From Trash']),
|
||||
);
|
||||
}
|
||||
|
|
|
@ -171,17 +171,23 @@ class UserPage extends Extension
|
|||
|
||||
if ($event->page_matches("user_admin")) {
|
||||
if ($event->get_arg(0) == "login") {
|
||||
if (isset($_POST['user']) && isset($_POST['pass'])) {
|
||||
$this->page_login($_POST['user'], $_POST['pass']);
|
||||
if ($event->get_POST('user') && $event->get_POST('pass')) {
|
||||
$this->page_login($event->req_POST('user'), $event->req_POST('pass'));
|
||||
} else {
|
||||
$this->theme->display_login_page($page);
|
||||
}
|
||||
} elseif ($event->get_arg(0) == "recover") {
|
||||
$this->page_recover($_POST['username']);
|
||||
$this->page_recover($event->req_POST('username'));
|
||||
} elseif ($event->get_arg(0) == "create") {
|
||||
$this->page_create();
|
||||
} elseif ($event->get_arg(0) == "create_other") {
|
||||
send_event(new UserCreationEvent($_POST['name'], $_POST['pass1'], $_POST['pass1'], $_POST['email'], false));
|
||||
send_event(new UserCreationEvent(
|
||||
$event->req_POST("name"),
|
||||
$event->req_POST("pass1"),
|
||||
$event->req_POST("pass1"),
|
||||
$event->req_POST("email"),
|
||||
false
|
||||
));
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("admin"));
|
||||
$page->flash("Created new user");
|
||||
|
@ -237,7 +243,11 @@ class UserPage extends Extension
|
|||
$duser = User::by_id($input['id']);
|
||||
$this->change_class_wrapper($duser, $input['class']);
|
||||
} elseif ($event->get_arg(0) == "delete_user") {
|
||||
$this->delete_user($page, isset($_POST["with_images"]), isset($_POST["with_comments"]));
|
||||
$this->delete_user(
|
||||
$page,
|
||||
$event->get_POST("with_images") == "on",
|
||||
$event->get_POST("with_comments") == "on"
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -825,18 +835,13 @@ class UserPage extends Extension
|
|||
|
||||
if (!$user->can(Permissions::DELETE_USER)) {
|
||||
$page->add_block(new Block("Not Admin", "Only admins can delete accounts"));
|
||||
} elseif (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
|
||||
$page->add_block(new Block(
|
||||
"No ID Specified",
|
||||
"You need to specify the account number to edit"
|
||||
));
|
||||
} else {
|
||||
$uid = int_escape((string)$_POST['id']);
|
||||
$uid = int_escape($_POST['id']);
|
||||
$duser = User::by_id($uid);
|
||||
log_warning("user", "Deleting user #{$uid} (@{$duser->name})");
|
||||
|
||||
if ($with_images) {
|
||||
log_warning("user", "Deleting user #{$_POST['id']} (@{$duser->name})'s uploads");
|
||||
log_warning("user", "Deleting user #{$uid} (@{$duser->name})'s uploads");
|
||||
$image_ids = $database->get_col("SELECT id FROM images WHERE owner_id = :owner_id", ["owner_id" => $_POST['id']]);
|
||||
foreach ($image_ids as $image_id) {
|
||||
$image = Image::by_id((int)$image_id);
|
||||
|
@ -847,17 +852,17 @@ class UserPage extends Extension
|
|||
} else {
|
||||
$database->execute(
|
||||
"UPDATE images SET owner_id = :new_owner_id WHERE owner_id = :old_owner_id",
|
||||
["new_owner_id" => $config->get_int('anon_id'), "old_owner_id" => $_POST['id']]
|
||||
["new_owner_id" => $config->get_int('anon_id'), "old_owner_id" => $uid]
|
||||
);
|
||||
}
|
||||
|
||||
if ($with_comments) {
|
||||
log_warning("user", "Deleting user #{$_POST['id']} (@{$duser->name})'s comments");
|
||||
$database->execute("DELETE FROM comments WHERE owner_id = :owner_id", ["owner_id" => $_POST['id']]);
|
||||
log_warning("user", "Deleting user #{$uid} (@{$duser->name})'s comments");
|
||||
$database->execute("DELETE FROM comments WHERE owner_id = :owner_id", ["owner_id" => $uid]);
|
||||
} else {
|
||||
$database->execute(
|
||||
"UPDATE comments SET owner_id = :new_owner_id WHERE owner_id = :old_owner_id",
|
||||
["new_owner_id" => $config->get_int('anon_id'), "old_owner_id" => $_POST['id']]
|
||||
["new_owner_id" => $config->get_int('anon_id'), "old_owner_id" => $uid]
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -865,7 +870,7 @@ class UserPage extends Extension
|
|||
|
||||
$database->execute(
|
||||
"DELETE FROM users WHERE id = :id",
|
||||
["id" => $_POST['id']]
|
||||
["id" => $uid]
|
||||
);
|
||||
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
|
|
|
@ -73,14 +73,10 @@ class ViewPost extends Extension
|
|||
$this->theme->display_error(404, "Post not found", "No post in the database has the ID #$image_id");
|
||||
}
|
||||
} elseif ($event->page_matches("post/set")) {
|
||||
if (!isset($_POST['image_id'])) {
|
||||
return;
|
||||
}
|
||||
|
||||
$image_id = int_escape($_POST['image_id']);
|
||||
$image_id = int_escape($event->req_POST('image_id'));
|
||||
$image = Image::by_id($image_id);
|
||||
if (!$image->is_locked() || $user->can(Permissions::EDIT_IMAGE_LOCK)) {
|
||||
send_event(new ImageInfoSetEvent($image, $_POST));
|
||||
send_event(new ImageInfoSetEvent($image, $event->POST));
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
|
||||
if ($event->get_GET('search')) {
|
||||
|
|
|
@ -191,13 +191,13 @@ class Wiki extends Extension
|
|||
$content = $this->get_page($title, $revision);
|
||||
$this->theme->display_page($page, $content, $this->get_page("wiki:sidebar"));
|
||||
} elseif ($event->page_matches("wiki_admin/edit")) {
|
||||
$content = $this->get_page($_POST['title']);
|
||||
$content = $this->get_page($event->req_POST('title'));
|
||||
$this->theme->display_page_editor($page, $content);
|
||||
} elseif ($event->page_matches("wiki_admin/save")) {
|
||||
$title = $_POST['title'];
|
||||
$rev = int_escape($_POST['revision']);
|
||||
$body = $_POST['body'];
|
||||
$lock = $user->can(Permissions::WIKI_ADMIN) && isset($_POST['lock']) && ($_POST['lock'] == "on");
|
||||
$title = $event->req_POST('title');
|
||||
$rev = int_escape($event->req_POST('revision'));
|
||||
$body = $event->req_POST('body');
|
||||
$lock = $user->can(Permissions::WIKI_ADMIN) && ($event->get_POST('lock') == "on");
|
||||
|
||||
if ($this->can_edit($user, $this->get_page($title))) {
|
||||
$wikipage = $this->get_page($title);
|
||||
|
@ -216,15 +216,18 @@ class Wiki extends Extension
|
|||
$this->theme->display_page_history($page, $event->get_GET('title'), $history);
|
||||
} elseif ($event->page_matches("wiki_admin/delete_revision")) {
|
||||
if ($user->can(Permissions::WIKI_ADMIN)) {
|
||||
send_event(new WikiDeleteRevisionEvent($_POST["title"], (int)$_POST["revision"]));
|
||||
$u_title = url_escape($_POST["title"]);
|
||||
$title = $event->req_POST('title');
|
||||
$revision = int_escape($event->req_POST('revision'));
|
||||
send_event(new WikiDeleteRevisionEvent($title, $revision));
|
||||
$u_title = url_escape($title);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("wiki/$u_title"));
|
||||
}
|
||||
} elseif ($event->page_matches("wiki_admin/delete_all")) {
|
||||
if ($user->can(Permissions::WIKI_ADMIN)) {
|
||||
send_event(new WikiDeletePageEvent($_POST["title"]));
|
||||
$u_title = url_escape($_POST["title"]);
|
||||
$title = $event->req_POST('title');
|
||||
send_event(new WikiDeletePageEvent($title));
|
||||
$u_title = url_escape($title);
|
||||
$page->set_mode(PageMode::REDIRECT);
|
||||
$page->set_redirect(make_link("wiki/$u_title"));
|
||||
}
|
||||
|
|
Reference in a new issue