diff -r a6ed8b6cdbe1 -r 94db56b8124f plugins/SpecialAdmin.php
--- a/plugins/SpecialAdmin.php Sun Oct 28 23:50:10 2007 -0400
+++ b/plugins/SpecialAdmin.php Mon Oct 29 11:17:55 2007 -0400
@@ -3026,7 +3026,7 @@
echo '
$_GET[\'side\'] contained an SQL injection attempt
';
break;
}
- $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . intval($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
+ $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';');
if(!$query)
{
echo $db->get_error();
@@ -3074,6 +3074,21 @@
die('GOOD');
}
break;
+ case 'rename';
+ $newname = $db->escape($_POST['newname']);
+ $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';');
+ if(!$q)
+ {
+ echo $db->get_error();
+ $template->footer();
+ exit;
+ }
+ if(isset($_GET['ajax']))
+ {
+ ob_end_clean();
+ die('GOOD');
+ }
+ break;
case 'getsource':
$q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
if(!$q)
@@ -3205,6 +3220,8 @@
$parser = $template->makeParserText($vars['sidebar_section']);
$c = $template->tplWikiFormat($row['block_content'], false, 'sidebar-editor.tpl');
$c = preg_replace('#(.*?)#is', '\\2', $c);
+ // fix for the "Administration" link that somehow didn't get rendered properly
+ $c = preg_replace("/(^|\n)([ ]*)(.+)<\/a>(
)([\r\n]+|$)/isU", '\\1\\2\\4\\7', $c);
break;
case BLOCK_HTML:
$parser = $template->makeParserText($vars['sidebar_section_raw']);
@@ -3224,7 +3241,7 @@
$c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
break;
}
- $block_name = $template->tplWikiFormat($row['block_name']);
+ $block_name = $row['block_name']; // $template->tplWikiFormat($row['block_name']);
if ( empty($block_name) )
$block_name = '<Unnamed>';
$t = '' . $block_name . '';