Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-05-25 06:54:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forum boards admin links: csrf + refactor

Browse Source
This commit is contained in:
slawkens 2025-05-24 11:28:56 +02:00
parent 6e793390c6
commit e776bd52be
3 changed files with 58 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
system/pages/forum/admin.php
View File

@ -17,6 +17,8 @@ if(!$canEdit) {
return; return;
} }
csrfProtect();
$groupsList = new OTS_Groups_List(); $groupsList = new OTS_Groups_List();
$groups = [ $groups = [
['id' => 0, 'name' => 'Guest'], ['id' => 0, 'name' => 'Guest'],
@ -30,23 +32,24 @@ foreach ($groupsList as $group) {
} }
if(!empty($action)) { if(!empty($action)) {
if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board') if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board') {
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
if(isset($_REQUEST['access'])) {
$access = $_REQUEST['access'];
} }
if(isset($_REQUEST['guild'])) { if(isset($_POST['access'])) {
$guild = $_REQUEST['guild']; $access = $_POST['access'];
} }
if(isset($_REQUEST['name'])) { if(isset($_POST['guild'])) {
$name = $_REQUEST['name']; $guild = $_POST['guild'];
} }
if(isset($_REQUEST['description'])) { if(isset($_POST['name'])) {
$description = stripslashes($_REQUEST['description']); $name = $_POST['name'];
}
if(isset($_POST['description'])) {
$description = stripslashes($_POST['description']);
} }
$errors = []; $errors = [];
@ -55,6 +58,7 @@ if(!empty($action)) {
if(Forum::add_board($name, $description, $access, $guild, $errors)) { if(Forum::add_board($name, $description, $access, $guild, $errors)) {
$action = $name = $description = ''; $action = $name = $description = '';
header('Location: ' . getLink('forum')); header('Location: ' . getLink('forum'));
exit;
} }
} }
else if($action == 'delete_board') { else if($action == 'delete_board') {

43
system/templates/forum.admin.links.html.twig Normal file
View File

@ -0,0 +1,43 @@
<table>
<tr>
<td>
<form action="{{ getLink('forum') }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="edit_board" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" title="Edit"><img src="images/edit.png"/> Edit</button>
</form>
<form action="{{ getLink('forum') }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="delete_board" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" onclick="return confirm('Are you sure?');" title="Delete"><img src="images/del.png"/>Delete</button>
</form>
<form action="{{ getLink('forum') }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="hide_board" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" title="{% if hide != 1 %}Hide{% else %}Show{% endif %}"><img src="images/{{ hide != 1 ? 'success' : 'error' }}.png"/>{{ hide != 1 ? 'Hide' : 'Show' }}</button>
</form>
{% if i != 1 %}
<form action="{{ getLink('forum') }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="moveup_board" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" title="Move up"><img src="images/icons/arrow_up.gif"/>Move up</button>
</form>
{% endif %}
{% if i != loop.last %}
<form action="{{ getLink('forum') }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="movedown_board" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" title="Move down"><img src="images/icons/arrow_down.gif"/>Move down</button>
</form>
{% endif %}
</td>
</tr>
</table>

20
system/templates/forum.boards.html.twig
View File

@ -39,25 +39,7 @@
</td> </td>
{% if canEdit %} {% if canEdit %}
<td> <td>
<a href="{{ getLink('forum') }}?action=edit_board&id={{ board.id }}" title="Edit"> {{ include('forum.admin.links.html.twig', {id: board.id, hide: board.hide, i: i }) }}
<img src="images/edit.png"/>Edit
</a>
<a id="delete" href="{{ getLink('forum') }}?action=delete_board&id={{ board.id }}" onclick="return confirm('Are you sure?');" title="Delete">
<img src="images/del.png"/>Delete
</a>
<a href="{{ getLink('forum') }}?action=hide_board&id={{ board.id }}" title="{% if board.hide != 1 %}Hide{% else %}Show{% endif %}">
<img src="images/{% if board.hide != 1 %}success{% else %}error{% endif %}.png"/>{% if board.hide != 1 %}Hide{% else %}Show{% endif %}
</a>
{% if i != 1 %}
<a href="{{ getLink('forum') }}?action=moveup_board&id={{ board.id }}" title="Move up">
<img src="images/icons/arrow_up.gif"/>Move up
</a>
{% endif %}
{% if i != last %}
<a href="{{ getLink('forum') }}?action=movedown_board&id={{ board.id }}" title="Move down">
<img src="images/icons/arrow_down.gif"/>Move down
</a>
{% endif %}
</td> </td>
{% endif %} {% endif %}
</tr> </tr>