Commit 10998b61 authored by mose's avatar mose

Instant-Auto-Merge from BRANCH to HEAD: tikiticketlib is everywhere now

parent 936cea8e
......@@ -2423,6 +2423,7 @@ tiki/lib/tikihelp/results.html -text
tiki/lib/tikihelp/searchdata.html -text
tiki/lib/tikihelp/toolbar.html -text
tiki/lib/tikilib.php -text
tiki/lib/tikiticketlib.php -text
tiki/lib/trackers/trackerlib.php -text
tiki/lib/tree/categ_admin_tree.php -text
tiki/lib/tree/categ_browse_tree.php -text
......
<?php
/* $Header: /cvsroot/tikiwiki/tiki/lib/tikiticketlib.php,v 1.2 2003-12-28 20:12:55 mose Exp $
Tikiwiki CSRF protection.
also called : anti-banana-skin (oops)
Install:
- copy tikiticketlib.php in lib/tikiticketlib.php (or anywhere to your taste)
- add at the very top of setup.php, under session_start();
include "lib/tikiticketlib.php";
or anywhere your taste previous stated something else
= CLOSING
ask_ticket('something');
- for marking where begins an edit or admin area
that requires protection.
- on most administrative pages that ticket request
should occur AFTER all active tests for modification
- some pages include the edit and display part in same
place. In such case use the ask_ticket at the end of
conditionnal block that determines we are in edit mode.
= OPENING
check_ticket('something');
- for testing if the right ticket have been generated
- that call should occur just after the test of $_REQUEST
variables to see if something is due to be modified.
- if the check fails, it sends a mail to apache admin with
faulty link and referer so the problem can be tracked.
= EXAMPLE
# file tiki-admin_cookies.php
<?php
require_once ('tiki-setup.php');
include_once ('lib/taglines/taglinelib.php');
if ($tiki_p_edit_cookies != 'y') {
$smarty->assign('msg', tra("You dont have permission to use this feature"));
$smarty->display("error.tpl");
die;
}
# insert protection here, with arbitrary string "admin_coojie"
ask_ticket('admin_cookie');
# ... snip ...
if (isset($_REQUEST["remove"])) {
# verify the protection before action
check_ticket('admin_cookie'); // <--------------- protected
$taglinelib->remove_cookie($_REQUEST["remove"]);
}
if (isset($_REQUEST["removeall"])) {
# verify the protection before action
check_ticket('admin_cookie'); // <--------------- protected
$taglinelib->remove_all_cookies();
}
if (isset($_REQUEST["upload"])) {
# verify the protection before action
check_ticket('admin_cookie'); // <--------------- protected
if (isset($_FILES['userfile1']) &&
is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$fp = fopen($_FILES['userfile1']['tmp_name'], "r");
# ... snip ...
if (isset($_REQUEST["save"])) {
# verify the protection before action
check_ticket('admin_cookie'); // <--------------- protected
$taglinelib->replace_cookie($_REQUEST["cookieId"], $_REQUEST["cookie"]);
# ... snip ...
$smarty->assign('mid', 'tiki-admin_cookies.tpl');
$smarty->display("tiki.tpl");
?>
please ask admins@tikiwiki.org if you are lost with a complicated case.
*/
function ask_ticket($area) {
$_SESSION['antisurf'] = $area;
}
function check_ticket($area) {
if ($_SESSION['antisurf'] != $area) {
/* that part is optionnal, it sends a mail of alert
$body = "\nCSRF: ";
if (isset($_SERVER["SCRIPT_URI"]) and $_SERVER["SCRIPT_URI"]) {
$body.= $_SERVER["SCRIPT_URI"];
} else {
$body.= $_SERVER["HTTP_HOST"];
}
if (isset($_SERVER["QUERY_STRING"]) and $_SERVER["QUERY_STRING"]) {
$body.= "?".$_SERVER["QUERY_STRING"];
}
$body.= "\nfrom: ".$_SERVER["HTTP_REFERER"]."\n";
@mail($_SERVER['SERVER_ADMIN'],"[CSRF] alert",$body);
*/
global $smarty;
$smarty->assign('msg',tra("Sea Surfing (CSRF) detected. Operation blocked."));
$smarty->display('error.tpl');
die;
}
}
?>
<?php
// $Header: /cvsroot/tikiwiki/tiki/messu-broadcast.php,v 1.15 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/messu-broadcast.php,v 1.16 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -78,6 +78,7 @@ if (isset($_REQUEST['group'])) {
}
if (isset($_REQUEST['send'])) {
check_ticket('messu-broadcast');
$smarty->assign('sent', 1);
$message = '';
......@@ -129,6 +130,7 @@ if (isset($_REQUEST['send'])) {
$smarty->assign('message', $message);
}
ask_ticket('messu-broadcast');
$groups = $userlib->get_groups(0, -1, 'groupName_asc', '');
$smarty->assign_by_ref('groups', $groups["data"]);
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/messu-compose.php,v 1.14 2003-12-21 17:47:21 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/messu-compose.php,v 1.15 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -50,7 +50,7 @@ if (!isset($_REQUEST['priority']))
// Strip Re:Re:Re: from subject
if(isset($_REQUEST['reply'])||isset($_REQUEST['replyall'])) {
$_REQUEST['subject'] = tra("Re:") . trim(ereg_replace(tra("Re:"), "", $_REQUEST['subject']));
$_REQUEST['subject'] = tra("Re:") . ereg_replace("^(".tra("Re:").")+", "", $_REQUEST['subject']);
}
$smarty->assign('to', $_REQUEST['to']);
......@@ -69,6 +69,8 @@ if (isset($_REQUEST['reply']) || isset($_REQUEST['replyall'])) {
}
if (isset($_REQUEST['send'])) {
check_ticket('messu-compose');
$smarty->assign('sent', 1);
$message = '';
......@@ -161,6 +163,8 @@ if (isset($_REQUEST['send'])) {
$section = 'user_messages';
include_once ('tiki-section_options.php');
ask_ticket('messu-compose');
include_once ('tiki-mytiki_shared.php');
$smarty->display("tiki.tpl");
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/messu-mailbox.php,v 1.11 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/messu-mailbox.php,v 1.12 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -43,6 +43,7 @@ if (isset($_REQUEST["mark"]) && isset($_REQUEST["msg"])) {
// Delete messages if the delete button was pressed
if (isset($_REQUEST["delete"]) && isset($_REQUEST["msg"])) {
check_ticket('messu-mailbox');
foreach (array_keys($_REQUEST["msg"])as $msg) {
$messulib->delete_message($user, $msg);
}
......@@ -116,6 +117,7 @@ $section = 'user_messages';
include_once ('tiki-section_options.php');
include_once ('tiki-mytiki_shared.php');
ask_ticket('messu-mailbox');
$smarty->assign('mid', 'messu-mailbox.tpl');
$smarty->display("tiki.tpl");
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/messu-read.php,v 1.12 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/messu-read.php,v 1.13 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -31,6 +31,7 @@ if ($tiki_p_messages != 'y') {
}
if (isset($_REQUEST["delete"])) {
check_ticket('messu-read');
$messulib->delete_message($user, $_REQUEST['msgdel']);
}
......@@ -69,7 +70,7 @@ $messulib->flag_message($user, $_REQUEST['msgId'], 'isRead', 'y');
// Get the message and assign its data to template vars
$msg = $messulib->get_message($user, $_REQUEST['msgId']);
$smarty->assign('msg', $msg);
ask_ticket('messu-read');
$section = 'user_messages';
include_once ('tiki-section_options.php');
include_once ('tiki-mytiki_shared.php');
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/setup_smarty.php,v 1.8 2003-11-29 23:24:20 marcius Exp $
// $Header: /cvsroot/tikiwiki/tiki/setup_smarty.php,v 1.9 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -11,6 +11,7 @@ if (isset($_SERVER["REQUEST_URI"])) {
}
require_once ("db/tiki-db.php");
require_once("lib/tikiticketlib.php");
error_reporting (E_ALL);
// Set the separator for PHP generated tags to be &amp; instead of &
......
......@@ -45,16 +45,19 @@ $smarty->assign('banId', $_REQUEST['banId']);
$smarty->assign_by_ref('info', $info);
if (isset($_REQUEST['remove'])) {
check_ticket('admin-banning');
$banlib->remove_rule($_REQUEST['remove']);
}
if (isset($_REQUEST['del']) && isset($_REQUEST['delsec'])) {
check_ticket('admin-banning');
foreach (array_keys($_REQUEST['delsec'])as $sec) {
$banlib->remove_rule($sec);
}
}
if (isset($_REQUEST['save'])) {
check_ticket('admin-banning');
$_REQUEST['use_dates'] = isset($_REQUEST['use_dates']) ? 'y' : 'n';
$_REQUEST['date_from'] = mktime(0, 0, 0, $_REQUEST['date_fromMonth'], $_REQUEST['date_fromDay'], $_REQUEST['date_fromYear']);
......@@ -165,6 +168,7 @@ $sections = array(
);
$smarty->assign('sections', $sections);
ask_ticket('admin-banning');
$smarty->assign('mid', 'tiki-admin_banning.tpl');
$smarty->display("tiki.tpl");
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_calendars.php,v 1.10 2003-12-02 16:00:01 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_calendars.php,v 1.11 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -22,11 +22,13 @@ if (!isset($_REQUEST["calendarId"])) {
}
if (isset($_REQUEST["drop"])) {
check_ticket('admin-calendars');
$calendarlib->drop_calendar($_REQUEST["drop"]);
$_REQUEST["calendarId"] = 0;
}
if (isset($_REQUEST["save"])) {
check_ticket('admin-calendars');
$customflags["customlanguages"] = $_REQUEST["customlanguages"];
$customflags["customlocations"] = $_REQUEST["customlocations"];
$customflags["customcategories"] = $_REQUEST["customcategories"];
......@@ -108,6 +110,8 @@ $cat_type = 'calendar';
$cat_objid = $_REQUEST["calendarId"];
include_once ("categorize_list.php");
ask_ticket('admin-calendars');
// Display the template
$smarty->assign('uses_tabs', 'y');
$smarty->assign('mid', 'tiki-admin_calendars.tpl');
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_categories.php,v 1.16 2003-11-19 00:02:28 gongo Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_categories.php,v 1.17 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
//
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_categories.php,v 1.16 2003-11-19 00:02:28 gongo Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_categories.php,v 1.17 2003-12-28 20:12:51 mose Exp $
//
// Initialization
......@@ -47,6 +47,7 @@ if (!isset($_REQUEST["parentId"])) {
$smarty->assign('parentId', $_REQUEST["parentId"]);
if (isset($_REQUEST["addpage"])) {
check_ticket('admin-categories');
// Here we categorize a page
// $categlib->categorize_page($_REQUEST["pageName"],$_REQUEST["parentId"]);
// add multiple pages at once
......@@ -56,51 +57,61 @@ if (isset($_REQUEST["addpage"])) {
}
if (isset($_REQUEST["addpoll"])) {
check_ticket('admin-categories');
// Here we categorize a poll
$categlib->categorize_poll($_REQUEST["pollId"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["addfaq"])) {
check_ticket('admin-categories');
// Here we categorize a faq
$categlib->categorize_faq($_REQUEST["faqId"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["addtracker"])) {
check_ticket('admin-categories');
// Here we categorize a tracker
$categlib->categorize_tracker($_REQUEST["trackerId"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["addquiz"])) {
check_ticket('admin-categories');
// Here we categorize a quiz
$categlib->categorize_quiz($_REQUEST["quizId"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["addforum"])) {
check_ticket('admin-categories');
// Here we categorize a forum
$categlib->categorize_forum($_REQUEST["forumId"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["addgallery"])) {
check_ticket('admin-categories');
// Here we categorize an image gallery
$categlib->categorize_gallery($_REQUEST["galleryId"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["addfilegallery"])) {
check_ticket('admin-categories');
// Here we categorize a file gallery
$categlib->categorize_file_gallery($_REQUEST["file_galleryId"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["addarticle"])) {
check_ticket('admin-categories');
// Here we categorize an article
$categlib->categorize_article($_REQUEST["articleId"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["addblog"])) {
check_ticket('admin-categories');
// Here we categorize a blog
$categlib->categorize_blog($_REQUEST["blogId"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["adddirectory"])) {
check_ticket('admin-categories');
// Here we categorize a directory category
$categlib->categorize_directory($_REQUEST["directoryId"], $_REQUEST["parentId"]);
}
......@@ -115,14 +126,17 @@ if (isset($_REQUEST["categId"])) {
}
if (isset($_REQUEST["removeObject"])) {
check_ticket('admin-categories');
$categlib->remove_object_from_category($_REQUEST["removeObject"], $_REQUEST["parentId"]);
}
if (isset($_REQUEST["removeCat"])) {
check_ticket('admin-categories');
$categlib->remove_category($_REQUEST["removeCat"]);
}
if (isset($_REQUEST["save"]) && isset($_REQUEST["name"]) && strlen($_REQUEST["name"]) > 0) {
check_ticket('admin-categories');
// Save
if ($_REQUEST["categId"]) {
$categlib->update_category($_REQUEST["categId"], $_REQUEST["name"], $_REQUEST["description"], $_REQUEST["parentId"]);
......@@ -271,6 +285,8 @@ $smarty->assign_by_ref('articles', $articles["data"]);
$directories = $dirlib->dir_list_all_categories(0, -1, 'name_asc', $find_objects);
$smarty->assign_by_ref('directories', $directories["data"]);
ask_ticket('admin-categories');
// Display the template
$smarty->assign('mid', 'tiki-admin_categories.tpl');
$smarty->display("tiki.tpl");
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_chart_items.php,v 1.7 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_chart_items.php,v 1.8 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -53,12 +53,14 @@ $smarty->assign('itemId', $_REQUEST['itemId']);
$smarty->assign('info', $info);
if (isset($_REQUEST["delete"])) {
check_ticket('admin-chart-items');
foreach (array_keys($_REQUEST["item"])as $item) {
$chartlib->remove_chart_item($item);
}
}
if (isset($_REQUEST['save'])) {
check_ticket('admin-chart-items');
$vars = array();
$vars['chartId'] = $_REQUEST['chartId'];
......@@ -144,6 +146,7 @@ $sameurl_elements = array(
'chartId',
'itemId'
);
ask_ticket('admin-chart-items');
$smarty->assign('mid', 'tiki-admin_chart_items.tpl');
$smarty->display("tiki.tpl");
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_charts.php,v 1.8 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_charts.php,v 1.9 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -53,12 +53,14 @@ $smarty->assign('chartId', $_REQUEST['chartId']);
$smarty->assign('info', $info);
if (isset($_REQUEST["delete"])) {
check_ticket('admin-charts');
foreach (array_keys($_REQUEST["chart"])as $item) {
$chartlib->remove_chart($item);
}
}
if (isset($_REQUEST['save'])) {
check_ticket('admin-charts');
$vars = array();
$_REQUEST['singleItemVotes'] = isset($_REQUEST['singleItemVotes']) ? 'y' : 'n';
......@@ -170,6 +172,7 @@ $sameurl_elements = array(
'find',
'chartId'
);
ask_ticket('admin-charts');
$smarty->assign('mid', 'tiki-admin_charts.tpl');
$smarty->display("tiki.tpl");
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_chat.php,v 1.6 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_chat.php,v 1.7 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -41,10 +41,12 @@ $smarty->assign('active', $info["active"]);
$smarty->assign('refresh', $info["refresh"]);
if (isset($_REQUEST["remove"])) {
check_ticket('admin-chat');
$chatlib->remove_channel($_REQUEST["remove"]);
}
if (isset($_REQUEST["save"])) {
check_ticket('admin-chat');
if (isset($_REQUEST["active"]) && $_REQUEST["active"] == 'on') {
$active = 'y';
} else {
......@@ -100,8 +102,10 @@ if ($offset > 0) {
$smarty->assign_by_ref('channels', $channels["data"]);
ask_ticket('admin-chat');
// Display the template
$smarty->assign('mid', 'tiki-admin_chat.tpl');
$smarty->display("tiki.tpl");
?>
\ No newline at end of file
?>
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_content_templates.php,v 1.8 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_content_templates.php,v 1.9 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -64,10 +64,12 @@ if ($_REQUEST["templateId"]) {
$smarty->assign('info', $info);
if (isset($_REQUEST["remove"])) {
check_ticket('admin-content-templates');
$templateslib->remove_template($_REQUEST["remove"]);
}
if (isset($_REQUEST["removesection"])) {
check_ticket('admin-content-templates');
$templateslib->remove_template_from_section($_REQUEST["rtemplateId"], $_REQUEST["removesection"]);
}
......@@ -112,6 +114,7 @@ if (isset($_REQUEST["preview"])) {
}
if (isset($_REQUEST["save"])) {
check_ticket('admin-content-templates');
$tid = $templateslib->replace_template($_REQUEST["templateId"], $_REQUEST["name"], $_REQUEST["content"]);
$smarty->assign("templateId", '0');
......@@ -192,8 +195,10 @@ if ($offset > 0) {
$smarty->assign_by_ref('channels', $channels["data"]);
ask_ticket('admin-content-templates');
// Display the template
$smarty->assign('mid', 'tiki-admin_content_templates.tpl');
$smarty->display("tiki.tpl");
?>
\ No newline at end of file
?>
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_cookies.php,v 1.6 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_cookies.php,v 1.7 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -35,14 +35,17 @@ if ($_REQUEST["cookieId"]) {
$smarty->assign('cookie', $info["cookie"]);
if (isset($_REQUEST["remove"])) {
check_ticket('admin-cookies');
$taglinelib->remove_cookie($_REQUEST["remove"]);
}
if (isset($_REQUEST["removeall"])) {
check_ticket('admin-cookies');
$taglinelib->remove_all_cookies();
}
if (isset($_REQUEST["upload"])) {
check_ticket('admin-cookies');
if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$fp = fopen($_FILES['userfile1']['tmp_name'], "r");
......@@ -69,6 +72,7 @@ if (isset($_REQUEST["upload"])) {
}
if (isset($_REQUEST["save"])) {
check_ticket('admin-cookies');
$taglinelib->replace_cookie($_REQUEST["cookieId"], $_REQUEST["cookie"]);
$smarty->assign("cookieId", '0');
......@@ -118,9 +122,10 @@ if ($offset > 0) {
}
$smarty->assign_by_ref('channels', $channels["data"]);
ask_ticket('admin-cookies');
// Display the template
$smarty->assign('mid', 'tiki-admin_cookies.tpl');
$smarty->display("tiki.tpl");
?>
\ No newline at end of file
?>
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_drawings.php,v 1.6 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_drawings.php,v 1.7 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -26,14 +26,17 @@ if ($tiki_p_admin_drawings != 'y') {
}
if (isset($_REQUEST["remove"])) {
check_ticket('admin-drawings');
$drawlib->remove_drawing($_REQUEST["remove"]);
}
if (isset($_REQUEST["removeall"])) {
check_ticket('admin-drawings');
$drawlib->remove_all_drawings($_REQUEST["removeall"]);
}
if (isset($_REQUEST['del'])) {
check_ticket('admin-drawings');
foreach (array_keys($_REQUEST['draw'])as $id) {
$drawlib->remove_drawing($id);
}
......@@ -108,7 +111,9 @@ if ($offset > 0) {
$smarty->assign_by_ref('items', $items["data"]);
ask_ticket('admin-drawings');
$smarty->assign('mid', 'tiki-admin_drawings.tpl');
$smarty->display("tiki.tpl");
?>
\ No newline at end of file
?>
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_dsn.php,v 1.3 2003-11-17 15:44:27 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_dsn.php,v 1.4 2003-12-28 20:12:51 mose Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -36,10 +36,12 @@ if ($_REQUEST["dsnId"]) {
$smarty->assign('info', $info);
if (isset($_REQUEST["remove"])) {
check_ticket('admin-dsn');
$adminlib->remove_dsn($_REQUEST["remove"]);
}
if (isset($_REQUEST["save"])) {
check_ticket('admin-dsn');
$adminlib->replace_dsn($_REQUEST["dsnId"], $_REQUEST["dsn"], $_REQUEST['name']);
$info = array();
......@@ -92,9 +94,10 @@ if ($offset > 0) {