Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        modules
5
 * @package         code
6
 * @author          WebsiteBaker Project
7
 * @copyright       WebsiteBaker Org. e.V.
8
 * @link            http://websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.3
11
 * @requirements    PHP 5.3.6 and higher
12
 * @version         $Id: save.php 2 2017-07-02 15:14:29Z Manuela $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/branches/main/modules/code/save.php $
14
 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
15
 *
16
 */
17

    
18
if ( !defined( 'WB_PATH' ) ){ require( dirname(dirname((__DIR__))).'/config.php' ); }
19
$aErrorMessage = array();
20
// suppress to print the header, so no new FTAN will be set
21
$admin_header = false;
22
// Tells script to update when this page was last updated
23
$update_when_modified = true;
24
// Include WB admin wrapper script
25
require(WB_PATH.'/modules/admin.php');
26

    
27
$bBackAfterSave = intval(isset($aRequestVars['pagetree']));
28
$OverviewUrl = ADMIN_URL.'/pages/modify.php?page_id='.$page_id;
29
if ( !$admin->checkFTAN())
30
{
31
    $admin->print_header();
32
    $sInfo = strtoupper(basename(__DIR__).'_'.basename(__FILE__, ''.PAGE_EXTENSION).'::');
33
    $sDEBUG=(@DEBUG?$sInfo:'');
34
    $admin->print_error($sDEBUG.$MESSAGE['GENERIC_SECURITY_ACCESS'], $OverviewUrl);
35
}
36
$admin->print_header();
37
// Update the mod_wysiwygs table with the contents
38
if(isset($_POST['content'])) {
39
    $notAllowedTags = array('<?php', '?>' , '<?', '<?=');
40
    $content = (str_replace($notAllowedTags, '', $_POST['content']));
41

    
42
    $sqlSet = '`'.TABLE_PREFIX.'mod_code` SET '
43
            . '`section_id`='.$section_id.', '
44
            . '`page_id`='.$page_id.', '
45
            . '`content` = \''.$database->escapeString($content).'\' ';
46
    // search for instance of this module in section
47
    $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'mod_code` '
48
         . 'WHERE `section_id`='.$section_id;
49
    if ($database->get_one($sql)) {
50
    // if matching record already exists run UPDATE
51
        $sql  = 'UPDATE '.$sqlSet
52
              .'WHERE `section_id`='.$section_id;
53
    } else {
54
    // if no matching record exists INSERT new record
55
        $sql = 'INSERT INTO '.$sqlSet;
56
    }
57
    if (!$database->query($sql)){
58
        $aErrorMessage[] = ($database->is_error()?$database->get_error():'');
59
    }
60
}
61
// Check if there is a database error, otherwise say successful
62
if (sizeof($aErrorMessage)) {
63
    $admin->print_error(implode('<br />', $aErrorMessage), $OverviewUrl);
64
} else {
65
    $sIndexUrl = ADMIN_URL.'/pages/index.php';
66
    $OverviewUrl = (@$bBackAfterSave ? $sIndexUrl : $OverviewUrl);
67
    $admin->print_success($MESSAGE['PAGES_SAVED'], $OverviewUrl);
68
}
69

    
70
// Print admin footer
71
$admin->print_footer();
(9-9/12)