ave-cms-team/ave-cms-alt
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a79cf6922664bbac579462dc8012baba0d73f37
ave-cms-alt/admin/docs.php

380 lines
9.5 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
/**
* AVE.cms
*
* @package AVE.cms
* @version 3.x
* @filesource
* @copyright © 2007-2014 AVE.cms, http://www.ave-cms.ru
*
* @license GPL v.2
*/
if (! defined('ACP'))
{
header('Location:index.php');
exit;
}
global $AVE_DB, $AVE_Template;
require(BASE_DIR . '/class/class.docs.php');
require(BASE_DIR . '/class/class.rubs.php');
require(BASE_DIR . '/class/class.navigation.php');
require(BASE_DIR . '/class/class.request.php');
$AVE_Document = new AVE_Document;
$AVE_Rubric = new AVE_Rubric;
$AVE_Navigation = new AVE_Navigation;
$AVE_Request = new AVE_Request;
$AVE_Document->documentTemplateTimeAssign();
$AVE_Rubric->rubricPermissionFetch();
$AVE_Template->config_load(BASE_DIR . '/admin/lang/' . $_SESSION['admin_language'] . '/docs.txt', 'docs');
$AVE_Template->assign("navi", $AVE_Template->fetch("navi/navi.tpl"));
switch($_REQUEST['action'])
{
case '' :
$_docs_template = 'documents/docs.tpl';
if (check_permission_acp('document_view'))
{
switch($_REQUEST['sub'])
{
case 'quicksave':
$AVE_Document->quickSave();
break;
}
$AVE_Document->documentListGet();
}
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['rubric_id']
$rubric_id = $_REQUEST['rubric_id'] ?? null;
if ($rubric_id !== null && is_numeric($rubric_id))
// Если существет файл с ID рубрики
if (file_exists(BASE_DIR . '/admin/templates/documents/docs-' . $rubric_id . '.tpl'))
$_docs_template = 'documents/docs-' . $rubric_id . '.tpl';
$AVE_Template->assign('content', $AVE_Template->fetch($_docs_template));
break;
case 'add_new':
if (check_permission_acp('document_view'))
{
$AVE_Request->requestListFetch();
$AVE_Template->assign('content', $AVE_Template->fetch('documents/docs_add_new.tpl'));
}
break;
case 'showsimple':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentListGet();
$AVE_Template->assign('content', $AVE_Template->fetch('documents/docs_simple.tpl'));
}
break;
case 'edit':
if (check_permission_acp('document_view'))
{
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] != 'save')
{
$AVE_Navigation->navigationAllItemList();
$AVE_Request->requestListFetch();
}
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['Id']
$AVE_Document->documentEdit((int)($_REQUEST['Id'] ?? 0));
}
break;
case 'copy':
if (check_permission_acp('document_view'))
{
$AVE_Navigation->navigationAllItemList();
$AVE_Request->requestListFetch();
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['Id']
$AVE_Document->documentCopy((int)($_REQUEST['Id'] ?? 0));
}
break;
case 'new':
if (check_permission_acp('document_view'))
{
if (isset($_REQUEST['sub']) && $_REQUEST['sub'] != 'save')
{
$AVE_Navigation->navigationAllItemList();
$AVE_Request->requestListFetch();
}
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['rubric_id']
$AVE_Document->documentNew((int)($_REQUEST['rubric_id'] ?? 0));
}
break;
case 'innavi':
if (check_permission_acp('document_view') && check_permission_acp('navigation_new'))
{
$AVE_Document->documentInNavi();
}
break;
case 'after':
if (check_permission_acp('document_view'))
{
$AVE_Navigation->navigationAllItemList();
$AVE_Document->documentFormAfter();
}
break;
case 'open':
if (check_permission_acp('document_view'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['Id']
$AVE_Navigation->navigationItemStatusOn((int)($_REQUEST['Id'] ?? 0));
$AVE_Document->documentStatusSet((int)($_REQUEST['Id'] ?? 0), 1);
}
break;
case 'close':
if (check_permission_acp('document_view'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['Id']
$AVE_Navigation->navigationItemStatusOff((int)($_REQUEST['Id'] ?? 0));
$AVE_Document->documentStatusSet((int)($_REQUEST['Id'] ?? 0), 0);
}
break;
case 'delete':
if (check_permission_acp('document_view'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['Id']
$AVE_Navigation->navigationItemStatusOff((int)($_REQUEST['Id'] ?? 0));
$AVE_Document->documentMarkDelete((int)($_REQUEST['Id'] ?? 0));
}
break;
case 'redelete':
if (check_permission_acp('document_view'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['Id']
$AVE_Navigation->navigationItemStatusOn((int)($_REQUEST['Id'] ?? 0));
$AVE_Document->documentUnmarkDelete((int)($_REQUEST['Id'] ?? 0));
}
break;
case 'enddelete':
if (check_permission_acp('alles'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['Id']
$AVE_Navigation->navigationItemDeleteFromDoc((int)($_REQUEST['Id'] ?? 0));
$AVE_Document->documentDelete((int)($_REQUEST['Id'] ?? 0));
// Выполняем обновление страницы
header('Location:index.php?do=docs&cp=' . SESSION);
}
break;
case 'revision_recover':
if (check_permission_acp('document_view'))
{
// ИСПРАВЛЕНИЕ: Защита всех ID
$AVE_Document->documentRevissionRestore(
(int)($_REQUEST['doc_id'] ?? 0),
(int)($_REQUEST['revission'] ?? 0),
(int)($_REQUEST['rubric_id'] ?? 0)
);
}
break;
case 'revision_delete':
if (check_permission_acp('document_view'))
{
// ИСПРАВЛЕНИЕ: Защита всех ID
$AVE_Document->documentRevissionDelete(
(int)($_REQUEST['doc_id'] ?? 0),
(int)($_REQUEST['revission'] ?? 0),
(int)($_REQUEST['rubric_id'] ?? 0)
);
}
break;
case 'revisions_delete':
if (check_permission_acp('document_view')) {
// ИСПРАВЛЕНИЕ: Защита всех ID
$AVE_Document->documentRevissionsDelete(
(int)($_REQUEST['doc_id'] ?? 0),
(int)($_REQUEST['revission'] ?? 0),
(int)($_REQUEST['rubric_id'] ?? 0)
);
}
break;
case 'remark':
if (check_permission_acp('remark_view'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['Id']
$AVE_Document->documentRemarkNew((int)($_REQUEST['Id'] ?? 0), 0);
}
break;
case 'remark_reply':
if (check_permission_acp('remark_view'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['Id']
$AVE_Document->documentRemarkNew((int)($_REQUEST['Id'] ?? 0), 1);
}
break;
case 'remark_status':
if (check_permission_acp('remark_edit'))
{
// ИСПРАВЛЕНИЕ: Защита ID и статуса
$AVE_Document->documentRemarkStatus(
(int)($_REQUEST['Id'] ?? 0),
(int)($_REQUEST['remark_status'] ?? 0)
);
}
break;
case 'remark_del':
if (check_permission_acp('remark_edit'))
{
// ИСПРАВЛЕНИЕ: Защита ID
$AVE_Document->documentRemarkDelete(
(int)($_REQUEST['Id'] ?? 0),
(int)($_REQUEST['remark_first'] ?? 0)
);
}
break;
case 'change':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentRubricChange();
}
break;
case 'change_user':
if (check_permission_acp('document_view'))
{
switch($_REQUEST['sub'])
{
case 'save':
$AVE_Document->changeAutorSave();
break;
}
$AVE_Template->assign('content', $AVE_Template->fetch('documents/user.tpl'));
}
break;
case 'find_user':
if (check_permission_acp('document_view'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['q']
findautor(($_REQUEST['q'] ?? ''), 10);
}
exit;
case 'keywords':
if (check_permission_acp('document_view'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['q']
searchKeywords(($_REQUEST['q'] ?? ''));
}
exit;
case 'editstatus':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentEditStatus();
}
break;
case 'image_import':
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['path']
echo json_encode(array("respons"=>image_multi_import(($_REQUEST['path'] ?? '')), "status"=>"error", "action"=>"return"));
exit;
case 'translit':
$alias = $AVE_Document->documentAliasCreate();
echo($alias ?? ''); // Добавляем защиту на случай, если функция вернула null
exit;
case 'checkurl':
$AVE_Document->documentAliasCheck();
break;
case 'aliases':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentAliasHistoryList();
}
break;
case 'aliases_doc':
if (check_permission_acp('document_view'))
{
// ИСПРАВЛЕНИЕ: Защита $_REQUEST['doc_id']
$AVE_Document->documentAliasListDoc((int)($_REQUEST['doc_id'] ?? 0));
}
break;
case 'aliases_new':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentAliasNew();
}
break;
case 'aliases_edit':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentAliasEdit();
}
break;
case 'aliases_save':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentAliasSave();
}
break;
case 'aliases_del':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentAliasDel();
}
break;
case 'redirect':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentSaveRedirect();
}
break;
case 'changepos':
if (check_permission_acp('document_view'))
{
$AVE_Document->documentPosition();
}
break;
case 'publish':
if (check_permission_acp('document_view')) {
$AVE_Document->documentPublish();
}
break;
case 'recycle':
if (check_permission_acp('document_view')) {
$AVE_Document->documentRecycle();
}
break;
}
?>
Reference in New Issue View Git Blame Copy Permalink