# HG changeset patch
# User Dan
# Date 1192842474 14400
# Node ID e858bacb5cfa41d45f4b8dd50d7505f680d293c7
# Parent fd0e9c7a7b2847df018efcf0c104548036812307
Sidebar blocks can be renamed now (untested except in Fx2)
diff -r fd0e9c7a7b28 -r e858bacb5cfa includes/clientside/sbedit.js
--- a/includes/clientside/sbedit.js Wed Oct 17 21:54:11 2007 -0400
+++ b/includes/clientside/sbedit.js Fri Oct 19 21:07:54 2007 -0400
@@ -123,3 +123,71 @@
});
}
+function ajaxRenameSidebarStage1(parent, id)
+{
+ var oldname = parent.firstChild.nodeValue;
+ parent.removeChild(parent.firstChild);
+ parent.ondblclick = function() {};
+ parent._idcache = id;
+ var input = document.createElement('input');
+ input.type = 'text';
+ input.sbedit_id = id;
+ input.oldvalue = oldname;
+ input.onkeyup = function(e)
+ {
+ if ( typeof(e) != 'object' )
+ return false;
+ if ( !e.keyCode )
+ return false;
+ if ( e.keyCode == 13 )
+ {
+ ajaxRenameSidebarStage2(this);
+ }
+ if ( e.keyCode == 27 )
+ {
+ ajaxRenameSidebarCancel(this);
+ }
+ };
+ input.onblur = function()
+ {
+ ajaxRenameSidebarCancel(this);
+ };
+ input.value = oldname;
+ input.style.fontSize = '7pt';
+ parent.appendChild(input);
+ input.focus();
+}
+
+function ajaxRenameSidebarStage2(input)
+{
+ var newname = input.value;
+ var id = input.sbedit_id;
+ var parent = input.parentNode;
+ parent.removeChild(input);
+ parent.appendChild(document.createTextNode(newname));
+ parent.ondblclick = function() { ajaxRenameSidebarStage1(this, this._idcache); return false; };
+ var img = document.createElement('img');
+ img.src = scriptPath + '/images/loading.gif';
+ parent.appendChild(img);
+ newname = ajaxEscape(newname);
+ ajaxPost(makeUrlNS('Special', 'EditSidebar', 'ajax&noheaders&action=rename&id='+id), 'newname=' +newname, function()
+ {
+ if ( ajax.readyState == 4 )
+ {
+ parent.removeChild(img);
+ if ( ajax.responseText != 'GOOD' )
+ new messagebox(MB_OK|MB_ICONSTOP, 'Error renaming block', ajax.responseText);
+ }
+ });
+}
+
+function ajaxRenameSidebarCancel(input)
+{
+ var newname = input.oldvalue;
+ var id = input.sbedit_id;
+ var parent = input.parentNode;
+ parent.removeChild(input);
+ parent.appendChild(document.createTextNode(newname));
+ parent.ondblclick = function() { ajaxRenameSidebarStage1(this, this._idcache); return false; };
+}
+
diff -r fd0e9c7a7b28 -r e858bacb5cfa plugins/SpecialAdmin.php
--- a/plugins/SpecialAdmin.php Wed Oct 17 21:54:11 2007 -0400
+++ b/plugins/SpecialAdmin.php Fri Oct 19 21:07:54 2007 -0400
@@ -2979,7 +2979,7 @@
echo '
$_GET[\'side\'] contained an SQL injection attempt
';
break;
}
- $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
if(!$query)
{
echo $db->get_error();
@@ -2989,7 +2989,7 @@
echo 'Item moved.
';
break;
case 'delete':
- $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';'); // Already checked for injection attempts ;-)
+ $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-)
if(!$query)
{
echo $db->get_error();
@@ -3004,7 +3004,7 @@
echo 'Item deleted.
';
break;
case 'disenable';
- $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo $db->get_error();
@@ -3014,7 +3014,22 @@
$r = $db->fetchrow();
$db->free_result();
$e = ( $r['item_enabled'] == 1 ) ? '0' : '1';
- $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';');
+ if(!$q)
+ {
+ echo $db->get_error();
+ $template->footer();
+ exit;
+ }
+ if(isset($_GET['ajax']))
+ {
+ ob_end_clean();
+ die('GOOD');
+ }
+ break;
+ case 'rename';
+ $newname = $db->escape($_POST['newname']);
+ $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo $db->get_error();
@@ -3028,7 +3043,7 @@
}
break;
case 'getsource':
- $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo $db->get_error();
@@ -3044,7 +3059,7 @@
case 'save':
if ( defined('ENANO_DEMO_MODE') )
{
- $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
@@ -3060,13 +3075,13 @@
$_POST['content'] = sanitize_html($_POST['content'], true);
}
}
- $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
exit;
}
- $q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . $db->escape($_GET['id']) . ';');
+ $q = $db->sql_query('SELECT block_type,block_content FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
{
echo 'var status=unescape(\''.hexencode($db->get_error()).'\');';
@@ -3179,7 +3194,7 @@
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
break;
}
- $t = $template->tplWikiFormat($row['block_name']);
+ $t = '' . $template->tplWikiFormat($row['block_name']) . '';
if($row['item_enabled'] == 0) $t .= ' (disabled)';
else $t .= ' (disabled)';
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;