equal
deleted
inserted
replaced
3024 if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) |
3024 if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) |
3025 { |
3025 { |
3026 echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>'; |
3026 echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>'; |
3027 break; |
3027 break; |
3028 } |
3028 } |
3029 $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . intval($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); |
3029 $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); |
3030 if(!$query) |
3030 if(!$query) |
3031 { |
3031 { |
3032 echo $db->get_error(); |
3032 echo $db->get_error(); |
3033 $template->footer(); |
3033 $template->footer(); |
3034 exit; |
3034 exit; |
3060 } |
3060 } |
3061 $r = $db->fetchrow(); |
3061 $r = $db->fetchrow(); |
3062 $db->free_result(); |
3062 $db->free_result(); |
3063 $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; |
3063 $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; |
3064 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); |
3064 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); |
|
3065 if(!$q) |
|
3066 { |
|
3067 echo $db->get_error(); |
|
3068 $template->footer(); |
|
3069 exit; |
|
3070 } |
|
3071 if(isset($_GET['ajax'])) |
|
3072 { |
|
3073 ob_end_clean(); |
|
3074 die('GOOD'); |
|
3075 } |
|
3076 break; |
|
3077 case 'rename'; |
|
3078 $newname = $db->escape($_POST['newname']); |
|
3079 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); |
3065 if(!$q) |
3080 if(!$q) |
3066 { |
3081 { |
3067 echo $db->get_error(); |
3082 echo $db->get_error(); |
3068 $template->footer(); |
3083 $template->footer(); |
3069 exit; |
3084 exit; |
3203 break; |
3218 break; |
3204 case BLOCK_TEMPLATEFORMAT: |
3219 case BLOCK_TEMPLATEFORMAT: |
3205 $parser = $template->makeParserText($vars['sidebar_section']); |
3220 $parser = $template->makeParserText($vars['sidebar_section']); |
3206 $c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl'); |
3221 $c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl'); |
3207 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
3222 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
|
3223 // fix for the "Administration" link that somehow didn't get rendered properly |
|
3224 $c = preg_replace("/(^|\n)([ ]*)<a([ ]+.*)?>(.+)<\/a>(<br(.*)\/>)([\r\n]+|$)/isU", '\\1\\2<li><a\\3>\\4</a></li>\\7', $c); |
3208 break; |
3225 break; |
3209 case BLOCK_HTML: |
3226 case BLOCK_HTML: |
3210 $parser = $template->makeParserText($vars['sidebar_section_raw']); |
3227 $parser = $template->makeParserText($vars['sidebar_section_raw']); |
3211 $c = $row['block_content']; |
3228 $c = $row['block_content']; |
3212 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
3229 $c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c); |
3222 case BLOCK_PLUGIN: |
3239 case BLOCK_PLUGIN: |
3223 $parser = $template->makeParserText($vars['sidebar_section_raw']); |
3240 $parser = $template->makeParserText($vars['sidebar_section_raw']); |
3224 $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block'; |
3241 $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block'; |
3225 break; |
3242 break; |
3226 } |
3243 } |
3227 $block_name = $template->tplWikiFormat($row['block_name']); |
3244 $block_name = $row['block_name']; // $template->tplWikiFormat($row['block_name']); |
3228 if ( empty($block_name) ) |
3245 if ( empty($block_name) ) |
3229 $block_name = '<Unnamed>'; |
3246 $block_name = '<Unnamed>'; |
3230 $t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>'; |
3247 $t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>'; |
3231 if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>'; |
3248 if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>'; |
3232 else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>'; |
3249 else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>'; |