Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-06-19 11:23:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add verify to pages, add messages, limits, fix add

Browse Source
This commit is contained in:
slawkens 2023-02-06 19:36:16 +01:00
parent c1eb7d4f52
commit 958681bdc9
2 changed files with 89 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
admin/pages/pages.php
View File

@ -18,13 +18,18 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
header('X-XSS-Protection:0'); header('X-XSS-Protection:0');
$name = $p_title = ''; $name = $p_title = null;
$groups = new OTS_Groups_List(); $groups = new OTS_Groups_List();
$php = false; $php = false;
$enable_tinymce = true; $enable_tinymce = true;
$access = 0; $access = 0;
// some constants, used mainly by database (cannot by modified without schema changes)
define('PAGE_TITLE_LIMIT', 30);
define('PAGE_NAME_LIMIT', 30);
define('PAGE_BODY_LIMIT', 65535); // maximum page body length
if (!empty($action)) { if (!empty($action)) {
if ($action == 'delete' || $action == 'edit' || $action == 'hide') if ($action == 'delete' || $action == 'edit' || $action == 'hide')
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
@ -50,12 +55,13 @@ if (!empty($action)) {
$errors = array(); $errors = array();
$player_id = 1; $player_id = 1;
if ($action == 'add') { if ($action == 'new') {
if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { if (isset($p_title) && Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
$name = $p_title = $body = ''; $name = $p_title = $body = '';
$player_id = $access = 0; $player_id = $access = 0;
$php = false; $php = false;
$enable_tinymce = true; $enable_tinymce = true;
success('Added successful.');
} }
} else if ($action == 'delete') { } else if ($action == 'delete') {
if (Pages::delete($id, $errors)) if (Pages::delete($id, $errors))
@ -70,15 +76,18 @@ if (!empty($action)) {
$enable_tinymce = $_page['enable_tinymce'] == '1'; $enable_tinymce = $_page['enable_tinymce'] == '1';
$access = $_page['access']; $access = $_page['access'];
} else { } else {
Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access); if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access)) {
$action = $name = $p_title = $body = ''; $action = $name = $p_title = $body = '';
$player_id = 1; $player_id = 1;
$access = 0; $access = 0;
$php = false; $php = false;
$enable_tinymce = true; $enable_tinymce = true;
success("Updated successful.");
}
} }
} else if ($action == 'hide') { } else if ($action == 'hide') {
Pages::toggleHidden($id, $errors); Pages::toggleHidden($id, $errors, $status);
success(($status == 1 ? 'Show' : 'Hide') . " successful.");
} }
if (!empty($errors)) if (!empty($errors))
@ -117,6 +126,44 @@ $twig->display('admin.pages.html.twig', array(
class Pages class Pages
{ {
static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
{
if(!isset($title[0]) || !isset($body[0])) {
$errors[] = 'Please fill all inputs.';
return false;
}
if(strlen($name) > PAGE_NAME_LIMIT) {
$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
return false;
}
if(strlen($title) > PAGE_TITLE_LIMIT) {
$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
return false;
}
if(strlen($body) > PAGE_BODY_LIMIT) {
$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
return false;
}
if(!isset($player_id) || $player_id == 0) {
$errors[] = 'Player ID is wrong.';
return false;
}
if(!isset($php) || ($php != 0 && $php != 1)) {
$errors[] = 'Enable PHP is wrong.';
return false;
}
if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
$errors[] = 'Enable TinyMCE is wrong.';
return false;
}
if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
$errors[] = 'Access is wrong.';
return false;
}
return true;
}
static public function get($id) static public function get($id)
{ {
global $db; global $db;
@ -129,8 +176,11 @@ class Pages
static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors) static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
{ {
if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
return false;
}
global $db; global $db;
if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) {
$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name)); $query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
if ($query === false) if ($query === false)
$db->insert(TABLE_PREFIX . 'pages', $db->insert(TABLE_PREFIX . 'pages',
@ -146,14 +196,16 @@ class Pages
); );
else else
$errors[] = 'Page with this link already exists.'; $errors[] = 'Page with this link already exists.';
} else
$errors[] = 'Please fill all inputs.';
return !count($errors); return !count($errors);
} }
static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access) static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
{ {
if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
return false;
}
global $db; global $db;
$db->update(TABLE_PREFIX . 'pages', $db->update(TABLE_PREFIX . 'pages',
array( array(
@ -166,6 +218,8 @@ class Pages
'access' => $access 'access' => $access
), ),
array('id' => $id)); array('id' => $id));
return true;
} }
static public function delete($id, &$errors) static public function delete($id, &$errors)
@ -182,15 +236,18 @@ class Pages
return !count($errors); return !count($errors);
} }
static public function toggleHidden($id, &$errors) static public function toggleHidden($id, &$errors, &$status)
{ {
global $db; global $db;
if (isset($id)) { if (isset($id)) {
$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id)); $query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
if ($query !== false) if ($query !== false) {
$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id)); $db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
else $status = $query['hidden'];
}
else {
$errors[] = 'Page with id ' . $id . ' does not exists.'; $errors[] = 'Page with id ' . $id . ' does not exists.';
}
} else } else
$errors[] = 'id not set'; $errors[] = 'id not set';

2
system/templates/admin.pages.form.html.twig
View File

@ -3,7 +3,7 @@
<div class="card-header"> <div class="card-header">
<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} page</h5> <h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} page</h5>
</div> </div>
<form id="form" class="form-horizontal" method="post" action="?p=pages&action={% if action == 'edit' %}edit{% else %}add{% endif %}"> <form id="form" class="form-horizontal" method="post" action="?p=pages&action={% if action == 'edit' %}edit{% else %}new{% endif %}">
{% if action == 'edit' %} {% if action == 'edit' %}
<input type="hidden" name="id" value="{{ id }}"/> <input type="hidden" name="id" value="{{ id }}"/>
{% endif %} {% endif %}