Changeset 1392
- Timestamp:
- 12/06/07 15:33:46 (1 year ago)
- Files:
-
- devel/lib/elgglib.php (modified) (1 diff)
- devel/mod/blog/lib/weblogs_actions.php (modified) (2 diffs)
- devel/mod/blog/lib/weblogs_posts_view.php (modified) (2 diffs)
- devel/mod/community/lib/communities_actions.php (modified) (2 diffs)
- devel/mod/community/lib/communities_moderator_of.php (modified) (1 diff)
- devel/mod/community/lib/user_info_menu.php (modified) (1 diff)
- devel/mod/file/file_include_wizard.php (modified) (3 diffs)
- devel/mod/file/lib.php (modified) (4 diffs)
- devel/mod/file/lib/files_actions.php (modified) (3 diffs)
- devel/mod/friend/lib/user_info_menu_text.php (modified) (1 diff)
- devel/mod/generic_comments/comments_actions.php (modified) (1 diff)
- devel/mod/generic_comments/lib.php (modified) (1 diff)
- devel/mod/users/lib/userdetails_actions.php (modified) (1 diff)
- devel/mod/users/lib/userdetails_edit.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
devel/lib/elgglib.php
r1386 r1392 3534 3534 } 3535 3535 3536 /** 3537 * Request confirmation to perform some action 3538 * 3539 * @param string $message Message to show on request 3540 * @param mixed $vars array of parameters to re-send needed to continue action 3541 * @return bool true if sucessful confirmed 3542 */ 3543 function require_confirm($message, $vars=null) { 3544 global $CFG; 3545 3546 $form_key = optional_param('form_key'); 3547 3548 // check if pass key verification 3549 if (elggform_key_check($form_key, 'confirm')) { 3550 // pass form key verification 3551 return true; 3552 } 3553 else { 3554 // build form key and show form 3555 $form_key = elggform_key_get('confirm'); 3556 $title = __gettext('Please confirm your action'); 3557 3558 $sContinue = __gettext('Continue'); 3559 $sBack = __gettext('Back'); 3560 3561 // add form key 3562 $vars['form_key'] = $form_key; 3563 3564 // add parameters 3565 $inputs = ''; 3566 foreach ($vars as $name => $value) { 3567 $value = htmlspecialchars($value, ENT_COMPAT, 'utf-8'); // prevent messing code 3568 $inputs .= "<input type=\"hidden\" id=\"{$name}\" name=\"{$name}\" value=\"{$value}\" />\n"; 3569 } 3570 3571 // add buttons 3572 //$inputs .= "<input type=\"button\" value=\"{$sBack}\" onclick=\"history.back()\" />\n"; 3573 $inputs .= "<a href=\"#\" onclick=\"history.back(); return false;\">{$sBack}</a> or "; 3574 $inputs .= "<input type=\"submit\" name=\"submit\" value=\"{$sContinue}\" />\n"; 3575 3576 $body = "<div id=\"confirm-form\">\n"; 3577 $body .= "<form name=\"confirm-form\" action=\"\" method=\"post\">\n"; 3578 $body .= templates_draw(array( 3579 'context' => 'databox', 3580 'name' => $message, 3581 'column1' => $inputs, 3582 )); 3583 3584 $body .= "</form>\n"; 3585 $body .= "</div>\n"; 3586 3587 // show form 3588 templates_page_output($title, $body); 3589 } 3590 3591 return false; 3592 } 3593 3594 /** 3595 * Generate a secret key to use in forms 3596 * 3597 * @param string $form_name form name identificator 3598 * @return string generated key 3599 */ 3600 function elggform_key_get($form_name) { 3601 //build secret key 3602 $form_key = md5($_SESSION['userid'] . time()); 3603 //store secret in session 3604 $_SESSION['form'][$form_name] = array('key' => $form_key, 'timestamp' => time()); 3605 // return key 3606 return $form_key; 3607 } 3608 3609 /** 3610 * Check form secret key 3611 * 3612 * @param string $form_key key to check 3613 * @param string $form_name form name identificator 3614 * @return bool true if key matchs 3615 */ 3616 function elggform_key_check($form_key, $form_name) { 3617 // clear old keys based on timestamp, delta 1 day 3618 if (isset($_SESSION['form'][$form_name]['timestamp']) 3619 && $_SESSION['form'][$form_name]['timestamp'] < time() - 86400) { 3620 unset($_SESSION['form'][$form_name]); 3621 } 3622 3623 // check if pass key verification 3624 if (!empty($form_key) 3625 && !empty($_SESSION['form'][$form_name]['key']) 3626 && $form_key == $_SESSION['form'][$form_name]['key']) { 3627 // pass form key verification 3628 $result = true; 3629 } else { 3630 $result = false; 3631 } 3632 3633 // clear anyway 3634 unset($_SESSION['form'][$form_name]); 3635 return $result; 3636 } 3637 3536 3638 function get_string($s) { 3537 3639 return __gettext($s); devel/mod/blog/lib/weblogs_actions.php
r1332 r1392 132 132 case "delete_weblog_post": 133 133 $id = optional_param('delete_post_id',0,PARAM_INT); 134 require_confirm(__gettext('Are you sure you want to permanently delete this weblog post?')); 135 134 136 if (logged_on && !empty($id)) { 135 137 if ($post_info = get_record('weblog_posts','ident',$id)) { … … 225 227 case "weblog_comment_delete": 226 228 $comment_id = optional_param('weblog_comment_delete',0,PARAM_INT); 229 require_confirm(__gettext('Are you sure you want to permanently delete this weblog comment?')); 230 227 231 if (logged_on && !empty($comment_id)) { 228 232 $commentinfo = get_record_sql('SELECT wc.*,wp.owner AS postowner,wp.ident AS postid devel/mod/blog/lib/weblogs_posts_view.php
r1280 r1392 127 127 if (run("permissions:check",array("weblog:edit",$post->owner))) { 128 128 $Edit = __gettext("Edit"); 129 $returnConfirm = __gettext("Are you sure you want to permanently delete this weblog post?");130 129 $Delete = __gettext("Delete"); 131 130 $links = <<< END 132 131 | <a href="{$CFG->wwwroot}{$username}/$extensionContext/edit/{$post->ident}">$Edit</a> | 133 <a href="{$CFG->wwwroot}mod/blog/action_redirection.php?action=delete_weblog_post&delete_post_id={$post->ident}&extension={$extensionContext}" onclick="return confirm('$returnConfirm')">$Delete</a>132 <a href="{$CFG->wwwroot}mod/blog/action_redirection.php?action=delete_weblog_post&delete_post_id={$post->ident}&extension={$extensionContext}">$Delete</a> 134 133 END; 135 134 } else { … … 184 183 $commentmenu = ""; 185 184 if (logged_on && ($comment->owner == $_SESSION['userid'] || run("permissions:check",array("weblog:edit",$post->owner)))) { 186 $returnConfirm = __gettext("Are you sure you want to permanently delete this weblog comment?");187 185 $Delete = __gettext("Delete"); 188 186 $commentmenu = <<< END 189 <a href="{$CFG->wwwroot}mod/blog/action_redirection.php?action=weblog_comment_delete&weblog_comment_delete={$comment->ident}&extension={$extensionContext}" onclick="return confirm('$returnConfirm')">$Delete</a>187 <a href="{$CFG->wwwroot}mod/blog/action_redirection.php?action=weblog_comment_delete&weblog_comment_delete={$comment->ident}&extension={$extensionContext}">$Delete</a> 190 188 END; 191 189 } devel/mod/community/lib/communities_actions.php
r1390 r1392 67 67 case "community:delete": 68 68 $community_id = optional_param('community_id',0,PARAM_INT); 69 $community_name = htmlspecialchars(user_name($community_id), ENT_COMPAT, 'utf-8'); 70 require_confirm(__gettext('Are you sure you want to delete this community?')); 71 69 72 if (run("permissions:check",array("userdetails:change", $community_id))) { 70 73 if (user_delete($community_id)) { … … 74 77 $messages[] = __gettext("Error: the community could not be deleted."); 75 78 } 76 $_SESSION['messages'] = $messages; 77 header("Location: ".$CFG->wwwroot.$USER->username."/communities"); 78 exit; 79 header_redirect($CFG->wwwroot.$USER->username.'/communities'); 79 80 } 80 81 break; devel/mod/community/lib/communities_moderator_of.php
r1337 r1392 19 19 $friends_menu = run("community:infobox:menu",array($info)); 20 20 if (run("permissions:check",array("userdetails:change", $info->ident))) { 21 $friends_menu .= "<a href=\"{$CFG->wwwroot}mod/community/index.php?community_id=".$info->ident."&action=community:delete\" onClick=\"return confirm('".__gettext('Are you sure you want to delete this community?')."');\">Delete community</a>";21 $friends_menu .= "<a href=\"{$CFG->wwwroot}mod/community/index.php?community_id=".$info->ident."&action=community:delete\">Delete community</a>"; 22 22 } 23 23 $friends_icon = user_icon_html($info->ident,COMMUNITY_ICON_SIZE); devel/mod/community/lib/user_info_menu.php
r1248 r1392 20 20 if ($info->owner == $_SESSION['userid'] && $info->owner == $profile_id) { 21 21 $functions[] = "<a href=\"" . $CFG->wwwroot . $info->username . "/profile\">" . __gettext("Administrate") . "</a>"; 22 $msg = "onclick=\"return confirm('" . addslashes(__gettext("Are you sure you want to delete this community?")) . "')\""; 23 $functions[] = "<a href=\"" . $CFG->wwwroot . $info->username . "/community/delete\" $msg>" . __gettext("Delete") . "</a>"; 22 $functions[] = "<a href=\"" . $CFG->wwwroot . $info->username . "/community/delete\">" . __gettext("Delete") . "</a>"; 24 23 if ($profile_id != $_SESSION['userid']) { 25 24 $msg = "onclick=\"return confirm('" . addslashes(__gettext("Are you sure you want to separate this user from the community?")) . "')\""; devel/mod/file/file_include_wizard.php
r1136 r1392 45 45 } 46 46 } 47 $directories = ''; 47 48 $keys = array_keys($folders); 48 49 for($i=0;$i<count($keys);$i++){ … … 71 72 72 73 if(!empty($user_files)){ 73 $files .="<ul>";74 $files="<ul>"; 74 75 foreach($user_files as $file){ 75 76 $file_name = (!empty($file->title))?$file->title:$file->originalname; … … 77 78 $type=(array_key_exists($extension,get_mimetype_array()))?" $extension":""; 78 79 if(ALLOW_WIZARD_FILE_DELETE){ 80 //FIXME: set form key to pass require_confirm 81 $form_key = elggform_key_get('confirm'); 82 79 83 $redirect_url = "{$CFG->wwwroot}mod/file/file_include_wizard.php?owner={$owner}&folder={$folder_id}"; 80 84 $delete_msg = __gettext("Are you sure you want to permanently delete this file?"); 81 85 $delete=" "; 82 $delete.="<a onclick=\"return confirm('$delete_msg')\" href=\"{$CFG->wwwroot}mod/file/action_redirection.php?action=delete_file&delete_file_id={$file->ident}&redirection=".rawurlencode($redirect_url)." \">";86 $delete.="<a onclick=\"return confirm('$delete_msg')\" href=\"{$CFG->wwwroot}mod/file/action_redirection.php?action=delete_file&delete_file_id={$file->ident}&redirection=".rawurlencode($redirect_url)."&form_key=$form_key\">"; 83 87 $delete.="<img src=\"{$CFG->wwwroot}mod/file/fileicons/del.png\" border=\"0\"></a>"; 84 88 } devel/mod/file/lib.php
r1366 r1392 10 10 global $metatags; 11 11 12 require_once (dirname(__FILE__)."/default_templates.php");13 12 require_once (dirname(__FILE__)."/lib/file_config.php"); 14 13 $page_owner = $profile_id; … … 65 64 $function['files:init'][] = $CFG->dirroot . "mod/file/lib/metadata_defaults.php"; 66 65 $function['files:init'][] = $CFG->dirroot . "mod/file/lib/inline_mimetypes.php"; 66 $function['init'][] = $CFG->dirroot . "mod/file/default_templates.php"; 67 67 68 68 // Mime-type init … … 494 494 $filemenu = ""; 495 495 if (permissions_check("files:edit", $file->owner) || permissions_check("files:edit", $file->files_owner)) { 496 $areyouSure = __gettext("Are you sure you want to permanently delete this file?"); // gettext variable497 496 $delete = __gettext("Delete"); // gettext variable 498 497 $edit = __gettext("Edit"); // gettext variable 499 498 $filemenu .= <<< END 500 499 [<a href="{$CFG->wwwroot}mod/file/edit_file.php?edit_file_id={$file->ident}&owner=$page_owner">$edit</a>] 501 [<a href="{$CFG->wwwroot}mod/file/action_redirection.php?action=delete_file&delete_file_id={$file->ident}" onclick="return confirm('$areyouSure')">$delete</a>]500 [<a href="{$CFG->wwwroot}mod/file/action_redirection.php?action=delete_file&delete_file_id={$file->ident}">$delete</a>] 502 501 END; 503 502 } … … 512 511 513 512 if (permissions_check("files:edit", $folder->owner) || permissions_check("files:edit", $folder->files_owner)) { 514 $areyouSure = __gettext("Are you sure you want to permanently delete this folder?"); // gettext variable515 513 $delete = __gettext("Delete"); // gettext variable 516 514 $edit = __gettext("Edit"); // gettext variable 517 515 $foldermenu = <<< END 518 516 [<a href="{$CFG->wwwroot}mod/file/edit_folder.php?edit_folder_id={$folder->ident}&owner=$page_owner&return_type=parent">$edit</a>] 519 [<a href="{$CFG->wwwroot}mod/file/action_redirection.php?action=delete_folder&delete_folder_id={$folder->ident}" onclick="return confirm('$areyouSure')">$delete</a>]517 [<a href="{$CFG->wwwroot}mod/file/action_redirection.php?action=delete_folder&delete_folder_id={$folder->ident}">$delete</a>] 520 518 END; 521 519 } devel/mod/file/lib/files_actions.php
r1267 r1392 175 175 } 176 176 } 177 $_SESSION['messages'] = $messages; 178 header("Location: $return_url"); 179 exit; 177 header_redirect($return_url); 180 178 } 181 179 } else { … … 189 187 case "delete_folder": 190 188 $id = optional_param('delete_folder_id',0,PARAM_INT); 189 require_confirm(__gettext('Are you sure you want to permanently delete this folder?')); 190 191 191 if (!empty($id) && $id != -1) { 192 192 $folder = get_record('file_folders','ident',$id); … … 214 214 case "delete_file": 215 215 $id = optional_param('delete_file_id',0,PARAM_INT); 216 require_confirm(__gettext('Are you sure you want to permanently delete this file?')); 217 216 218 if (!empty($id) && $id != -1) { 217 219 $file = get_record('files','ident',$id); devel/mod/friend/lib/user_info_menu_text.php
r1248 r1392 17 17 case 'no': 18 18 case 'yes': 19 $run_result = "<a href=\"".url."mod/friend/index.php?friends_name=".$_SESSION['username']."&action=friend&friend_id=$user_id\" onclick=\"return confirm('". __gettext("Are you sure you want to add this user as a friend?") ."')\">" . __gettext("Click here to add this user as a friend."). "</a>";19 $run_result = "<a href=\"".url."mod/friend/index.php?friends_name=".$_SESSION['username']."&action=friend&friend_id=$user_id\"'". __gettext("Are you sure you want to add this user as a friend?") ."')\">" . __gettext("Click here to add this user as a friend."). "</a>"; 20 20 break; 21 21 case 'priv': devel/mod/generic_comments/comments_actions.php
r1248 r1392 104 104 case "comment:delete": 105 105 $comment_id = optional_param('comment_delete',0,PARAM_INT); 106 require_confirm(__gettext('Are you sure you want to permanently delete this comment?')); 107 106 108 if (logged_on && !empty($comment_id)) { 107 109 $comment = get_record('comments','ident',$comment_id); devel/mod/generic_comments/lib.php
r1307 r1392 230 230 $commentmenu = ""; 231 231 if (isloggedin() && ($comment->owner == $_SESSION['userid'] || run("permissions:check",array("comment:delete",$_SESSION['userid'],$comment->object_id,$comment->object_type)))) { 232 $returnConfirm = __gettext("Are you sure you want to permanently delete this comment?");233 232 $Delete = __gettext("Delete"); 234 233 $commentmenu = <<< END 235 <a href="{$CFG->wwwroot}mod/generic_comments/action_redirection.php?action=comment:delete&comment_form_type=$comment_form_type&comment_delete={$comment->ident}" onclick="return confirm('$returnConfirm')">$Delete</a>234 <a href="{$CFG->wwwroot}mod/generic_comments/action_redirection.php?action=comment:delete&comment_form_type=$comment_form_type&comment_delete={$comment->ident}">$Delete</a> 236 235 END; 237 236 } devel/mod/users/lib/userdetails_actions.php
r1329 r1392 19 19 // Update user details 20 20 case "user:delete": 21 require_confirm(__gettext('Are you sure you want to delete this account?'), array('profile_id' => $page_owner, 'action' => 'user:delete')); 22 21 23 if (user_delete($page_owner)) { 22 24 if ($_SESSION['userid'] == $page_owner) { devel/mod/users/lib/userdetails_edit.php
r1301 r1392 206 206 $blurb = __gettext("Deleting this account is permanent and absolutely cannot be undone. Only click this button if you're really sure!"); 207 207 $deleteaccount = __gettext("Delete account"); 208 $warning = addslashes(__gettext("Delete account: are you positive?")); 209 $body .= <<< END 210 <h2> 211 {$blurb} 212 </h2> 213 <p> 214 <a href="index.php?action=user:delete&profile_id=$page_owner" onclick="return confirm('{$warning}')">{$deleteaccount}</a> 215 </p> 216 END; 217 208 $body .= templates_draw(array( 209 'context' => 'databox', 210 'name' => $blurb, 211 'column1' => "<a href=\"index.php?action=user:delete&profile_id=$page_owner\">{$deleteaccount}</a>", 212 )); 213 218 214 } 219 215
