3 /* Reminder: always indent with 4 spaces (no tabs). */
4 // +---------------------------------------------------------------------------+
5 // | Polls Plugin 2.1 |
6 // +---------------------------------------------------------------------------+
9 // | Polls plugin administration page |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2009 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // +---------------------------------------------------------------------------+
19 // | This program is free software; you can redistribute it and/or |
20 // | modify it under the terms of the GNU General Public License |
21 // | as published by the Free Software Foundation; either version 2 |
22 // | of the License, or (at your option) any later version. |
24 // | This program is distributed in the hope that it will be useful, |
25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 // | GNU General Public License for more details. |
29 // | You should have received a copy of the GNU General Public License |
30 // | along with this program; if not, write to the Free Software Foundation, |
31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
33 // +---------------------------------------------------------------------------+
36 * Polls plugin administration page
43 * Geeklog common function library and Admin authentication
45 require_once '../../../lib-common.php';
46 require_once '../../auth.inc.php';
48 // Set this to true if you want to log debug messages to error.log
49 $_POLL_VERBOSE = false;
53 if (!SEC_hasRights('polls.edit')) {
54 $display .= COM_siteHeader('menu', $MESSAGE[30])
55 . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
57 COM_accessLog("User {$_USER['username']} tried to illegally access the poll administration screen.");
62 // Uncomment the line below if you need to debug the HTTP variables being passed
63 // to the script. This will sometimes cause errors but it will allow you to see
64 // the data being passed in a POST operation
65 // echo COM_debug($_POST);
69 global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG25, $LANG_ACCESS;
71 require_once $_CONF['path_system'] . 'lib-admin.php';
74 // writing the menu on top
76 array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php?mode=edit',
77 'text' => $LANG_ADMIN['create_new']),
78 array('url' => $_CONF['site_admin_url'],
79 'text' => $LANG_ADMIN['admin_home']));
81 $retval .= COM_startBlock($LANG25[18], '',
82 COM_getBlockTemplate('_admin_block', 'header'));
84 $retval .= ADMIN_createMenu(
87 plugin_geticon_polls()
90 // writing the actual list
91 $header_arr = array( # display 'text' and use table field 'field'
92 array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false),
93 array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true),
94 array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true),
95 array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false),
96 array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true),
97 array('text' => $LANG25[33], 'field' => 'is_open', 'sort' => true)
100 $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
103 'has_extras' => true,
104 'instructions' => $LANG25[19],
105 'form_url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php'
109 'table' => 'polltopics',
110 'sql' => "SELECT *,UNIX_TIMESTAMP(date) AS unixdate "
111 . "FROM {$_TABLES['polltopics']} WHERE 1=1",
112 'query_fields' => array('topic'),
113 'default_filter' => COM_getPermSql ('AND')
116 $retval .= ADMIN_list (
117 'polls', 'plugin_getListField_polls', $header_arr,
118 $text_arr, $query_arr, $defsort_arr
120 $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
128 * Saves a poll topic and potential answers to the database
130 * @param string $pid Poll topic ID
131 * @param string $old_pid Previous poll topic ID
132 * @param array $Q Array of poll questions
133 * @param string $mainpage Checkbox: poll appears on homepage
134 * @param string $topic The text for the topic
135 * @param string $meta_description
136 * @param string $meta_keywords
137 * @param int $statuscode (unused)
138 * @param string $open Checkbox: poll open for voting
139 * @param string $hideresults Checkbox: hide results until closed
140 * @param int $commentcode Indicates if users can comment on poll
141 * @param array $A Array of possible answers
142 * @param array $V Array of vote per each answer
143 * @param array $R Array of remark per each answer
144 * @param int $owner_id ID of poll owner
145 * @param int $group_id ID of group poll belongs to
146 * @param int $perm_owner Permissions the owner has on poll
147 * @param int $perm_grup Permissions the group has on poll
148 * @param int $perm_members Permissions logged in members have on poll
149 * @param int $perm_anon Permissions anonymous users have on poll
150 * @return string HTML redirect or error message
153 function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open,
154 $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id,
155 $perm_owner, $perm_group, $perm_members, $perm_anon)
158 global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE,
163 // Convert array values to numeric permission values
164 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
166 $topic = COM_stripslashes($topic);
167 $meta_description = strip_tags(COM_stripslashes($meta_description));
168 $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
169 $pid = COM_sanitizeID($pid);
170 $old_pid = COM_sanitizeID($old_pid);
172 if (empty($old_pid)) {
173 $pid = COM_makeSid();
179 // check if any question was entered
180 if (empty($topic) or (count($Q) == 0) or (strlen($Q[0]) == 0) or
181 (strlen($A[0][0]) == 0)) {
182 $retval .= COM_siteHeader ('menu', $LANG25[5]);
183 $retval .= COM_startBlock ($LANG21[32], '',
184 COM_getBlockTemplate ('_msg_block', 'header'));
185 $retval .= $LANG25[2];
186 $retval .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer'));
187 $retval .= COM_siteFooter ();
191 if (!SEC_checkToken()) {
192 COM_accessLog("User {$_USER['username']} tried to save poll $pid and failed CSRF checks.");
193 return COM_refresh($_CONF['site_admin_url']
194 . '/plugins/polls/index.php');
197 // check for poll id change
198 if (!empty($old_pid) && ($pid != $old_pid)) {
199 // check if new pid is already in use
200 if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
201 // TBD: abort, display editor with all content intact again
202 $pid = $old_pid; // for now ...
206 // start processing the poll topic
207 if ($_POLL_VERBOSE) {
208 COM_errorLog ('**** Inside savepoll() in '
209 . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
213 if (DB_count ($_TABLES['polltopics'], 'pid', $pid) > 0) {
214 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
215 $P = DB_fetchArray ($result);
216 $access = SEC_hasAccess ($P['owner_id'], $P['group_id'],
217 $P['perm_owner'], $P['perm_group'], $P['perm_members'],
220 $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner,
221 $perm_group, $perm_members, $perm_anon);
223 if (($access < 3) || !SEC_inGroup($group_id)) {
224 $display .= COM_siteHeader('menu', $MESSAGE[30])
225 . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
227 COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll $pid.");
228 COM_output($display);
232 if (empty ($voters)) {
236 if ($_POLL_VERBOSE) {
237 COM_errorLog('owner permissions: ' . $perm_owner, 1);
238 COM_errorLog('group permissions: ' . $perm_group, 1);
239 COM_errorLog('member permissions: ' . $perm_members, 1);
240 COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
243 // we delete everything and re-create it with the input from the form
245 if (!empty($old_pid) && ($pid != $old_pid)) {
246 $del_pid = $old_pid; // delete by old pid, create using new pid below
248 DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
249 DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
250 DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
252 $topic = addslashes($topic);
253 $meta_description = addslashes($meta_description);
254 $meta_keywords = addslashes($meta_keywords);
256 $k = 0; // set up a counter to make sure we do assign a straight line of question id's
257 $v = 0; // re-count votes sine they might have been changed
258 // first dimension of array are the questions
259 $num_questions = count($Q);
260 for ($i = 0; $i < $num_questions; $i++) {
261 $Q[$i] = COM_stripslashes($Q[$i]);
262 if (strlen($Q[$i]) > 0) { // only insert questions that exist
263 $Q[$i] = addslashes($Q[$i]);
264 DB_save($_TABLES['pollquestions'], 'qid, pid, question',
265 "'$k', '$pid', '$Q[$i]'");
266 // within the questions, we have another dimensions with answers,
268 $num_answers = count($A[$i]);
269 for ($j = 0; $j < $num_answers; $j++) {
270 $A[$i][$j] = COM_stripslashes($A[$i][$j]);
271 if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist
272 if (!is_numeric($V[$i][$j])) {
275 $A[$i][$j] = addslashes ($A[$i][$j]);
276 $R[$i][$j] = addslashes ($R[$i][$j]);
277 $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES "
278 . "('$pid', '$k', " . ($j+1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
280 $v = $v + $V[$i][$j];
286 // save topics after the questions so we can include question count into table
287 $sql = "'$pid','$topic','$meta_description','$meta_keywords',$v, $k, '" . date ('Y-m-d H:i:s');
289 if ($mainpage == 'on') {
299 if ($hideresults == 'on') {
305 $sql .= ",'$statuscode','$commentcode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon";
308 DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
310 if (empty($old_pid) || ($old_pid == $pid)) {
311 PLG_itemSaved($pid, 'polls');
313 DB_change($_TABLES['comments'], 'sid', addslashes($pid),
314 array('sid', 'type'), array(addslashes($old_pid), 'polls'));
315 PLG_itemSaved($pid, 'polls', $old_pid);
318 if ($_POLL_VERBOSE) {
319 COM_errorLog ('**** Leaving savepoll() in '
320 . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
323 return PLG_afterSaveSwitch (
324 $_PO_CONF['aftersave'],
325 $_CONF['site_url'] . '/polls/index.php?pid=' . $pid,
330 return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
336 * Diplays the poll editor form
338 * @param string $pid ID of poll to edit
339 * @return string HTML for poll editor form
342 function editpoll ($pid = '')
344 global $_CONF, $_PO_CONF, $_GROUPS, $_TABLES, $_USER, $LANG25, $LANG_ACCESS,
345 $LANG_ADMIN, $MESSAGE, $LANG_POLLS;
349 // writing the menu on top
350 require_once( $_CONF['path_system'] . 'lib-admin.php' );
352 array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php',
353 'text' => $LANG_ADMIN['list_all']),
354 array('url' => $_CONF['site_admin_url'],
355 'text' => $LANG_ADMIN['admin_home']));
357 $retval .= COM_startBlock ($LANG25[5], '',
358 COM_getBlockTemplate ('_admin_block', 'header'));
360 $retval .= ADMIN_createMenu(
362 $LANG_POLLS['editinstructions'],
363 plugin_geticon_polls()
366 $poll_templates = new Template ($_CONF['path']
367 . 'plugins/polls/templates/admin/');
368 $poll_templates->set_file (array ('editor' => 'polleditor.thtml',
369 'question' => 'pollquestions.thtml',
370 'answer' => 'pollansweroption.thtml'));
371 $poll_templates->set_var ( 'xhtml', XHTML );
372 $poll_templates->set_var ('site_url', $_CONF['site_url']);
373 $poll_templates->set_var ('site_admin_url', $_CONF['site_admin_url']);
374 $poll_templates->set_var ('layout_url', $_CONF['layout_url']);
377 $topic = DB_query("SELECT * FROM {$_TABLES['polltopics']} WHERE pid='$pid'");
378 $T = DB_fetchArray($topic);
380 // Get permissions for poll
381 $access = SEC_hasAccess($T['owner_id'],$T['group_id'],$T['perm_owner'],$T['perm_group'],$T['perm_members'],$T['perm_anon']);
382 if ($access == 0 OR $access == 2) {
383 // User doesn't have access...bail
384 $retval .= COM_startBlock ($LANG25[21], '',
385 COM_getBlockTemplate ('_msg_block', 'header'));
386 $retval .= $LANG25[22];
387 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
388 COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll $pid.");
393 if (!empty ($pid) AND ($access == 3) AND !empty ($T['owner_id'])) {
394 $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete']
395 . '" name="mode"%s' . XHTML . '>';
396 $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
397 $poll_templates->set_var ('delete_option',
398 sprintf ($delbutton, $jsconfirm));
399 $poll_templates->set_var ('delete_option_no_confirmation',
400 sprintf ($delbutton, ''));
402 $T['pid'] = COM_makeSid ();
404 $T['meta_description'] = '';
405 $T['meta_keywords'] = '';
409 $T['hideresults'] = 0;
410 $T['owner_id'] = $_USER['uid'];
411 if (isset ($_GROUPS['Polls Admin'])) {
412 $T['group_id'] = $_GROUPS['Polls Admin'];
414 $T['group_id'] = SEC_getFeatureGroup ('polls.edit');
416 SEC_setDefaultPermissions ($T, $_PO_CONF['default_permissions']);
417 $T['statuscode'] = 0;
418 $T['commentcode'] = $_CONF['comment_code'];
422 $poll_templates->set_var('lang_pollid', $LANG25[6]);
423 $poll_templates->set_var('poll_id', $T['pid']);
424 $poll_templates->set_var('lang_donotusespaces', $LANG25[7]);
425 $poll_templates->set_var('lang_topic', $LANG25[9]);
426 $poll_templates->set_var('poll_topic', htmlspecialchars ($T['topic']));
427 $poll_templates->set_var('lang_mode', $LANG25[1]);
429 $poll_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
430 $poll_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
431 if (!empty($T['meta_description'])) {
432 $poll_templates->set_var('meta_description', $T['meta_description']);
434 if (!empty($T['meta_keywords'])) {
435 $poll_templates->set_var('meta_keywords', $T['meta_keywords']);
439 $poll_templates->set_var('status_options', COM_optionList ($_TABLES['statuscodes'], 'code,name', $T['statuscode']));
440 $poll_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'],'code,name',$T['commentcode']));
442 $poll_templates->set_var('lang_appearsonhomepage', $LANG25[8]);
443 $poll_templates->set_var('lang_openforvoting', $LANG25[33]);
444 $poll_templates->set_var('lang_hideresults', $LANG25[37]);
445 $poll_templates->set_var('poll_hideresults_explain', $LANG25[38]);
446 $poll_templates->set_var('poll_topic_info', $LANG25[39]);
448 if ($T['display'] == 1) {
449 $poll_templates->set_var('poll_display', 'checked="checked"');
452 if ($T['is_open'] == 1) {
453 $poll_templates->set_var('poll_open', 'checked="checked"');
455 if ($T['hideresults'] == 1) {
456 $poll_templates->set_var('poll_hideresults', 'checked="checked"');
459 $poll_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
460 $poll_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
461 $ownername = COM_getDisplayName ($T['owner_id']);
462 $poll_templates->set_var('owner_username', DB_getItem($_TABLES['users'],
463 'username', "uid = {$T['owner_id']}"));
464 $poll_templates->set_var('owner_name', $ownername);
465 $poll_templates->set_var('owner', $ownername);
466 $poll_templates->set_var('owner_id', $T['owner_id']);
467 $poll_templates->set_var('lang_group', $LANG_ACCESS['group']);
468 $poll_templates->set_var('group_dropdown',
469 SEC_getGroupDropdown ($T['group_id'], $access));
470 $poll_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
471 $poll_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
472 $poll_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
473 $poll_templates->set_var('permissions_editor', SEC_getPermissionsHTML($T['perm_owner'],$T['perm_group'],$T['perm_members'],$T['perm_anon']));
474 $poll_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
475 $poll_templates->set_var('lang_answersvotes', $LANG25[10]);
476 $poll_templates->set_var('lang_save', $LANG_ADMIN['save']);
477 $poll_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
479 // repeat for several questions
481 $question_sql = "SELECT question,qid "
482 . "FROM {$_TABLES['pollquestions']} WHERE pid='$pid' ORDER BY qid;";
483 $questions = DB_query($question_sql);
484 include ($_CONF['path_system'] . 'classes/navbar.class.php');
485 $navbar = new navbar;
486 for ($j=0; $j<$_PO_CONF['maxquestions']; $j++) {
489 $poll_templates->set_var('style', 'style="display:none;"');
491 $poll_templates->set_var('style', '');
493 $navbar->add_menuitem(
494 $LANG25[31] . " $display_id",
495 "showhidePollsEditorDiv(\"$j\",$j,{$_PO_CONF['maxquestions']});return false;",
498 $Q = DB_fetchArray ($questions);
499 $poll_templates->set_var('question_text', $Q['question']);
500 $poll_templates->set_var('question_id', $j);
501 $poll_templates->set_var('lang_question', $LANG25[31] . " $display_id");
502 $poll_templates->set_var('lang_saveaddnew', $LANG25[32]);
505 $answer_sql = "SELECT answer,aid,votes,remark "
506 . "FROM {$_TABLES['pollanswers']} WHERE qid='$j' AND pid='$pid' ORDER BY aid";
507 $answers = DB_query($answer_sql);
509 for ($i=0; $i<$_PO_CONF['maxanswers']; $i++) {
510 if (isset ($answers)) {
511 $A = DB_fetchArray ($answers);
512 $poll_templates->set_var ('answer_text',
513 htmlspecialchars ($A['answer']));
514 $poll_templates->set_var ('answer_votes', $A['votes']);
515 $poll_templates->set_var ('remark_text', $A['remark']);
517 $poll_templates->set_var ('answer_text', '');
518 $poll_templates->set_var ('answer_votes', '');
519 $poll_templates->set_var ('remark_text', '');
522 $poll_templates->parse ('answer_option', 'answer', true);
524 $poll_templates->parse ('question_list', 'question', true);
525 $poll_templates->clear_var ('answer_option');
527 $navbar->set_selected($LANG25[31] . " 1");
528 $poll_templates->set_var ('navbar', $navbar->generate());
529 $poll_templates->set_var('gltoken_name', CSRF_TOKEN);
530 $poll_templates->set_var('gltoken', SEC_createToken());
532 $poll_templates->parse('output','editor');
533 $retval .= $poll_templates->finish($poll_templates->get_var('output'));
535 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
543 * @param string $pid ID of poll to delete
544 * @return string HTML redirect
547 function deletePoll ($pid)
549 global $_CONF, $_TABLES, $_USER;
551 $pid = addslashes ($pid);
552 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '$pid'");
553 $Q = DB_fetchArray ($result);
554 $access = SEC_hasAccess ($Q['owner_id'], $Q['group_id'], $Q['perm_owner'],
555 $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']);
557 COM_accessLog ("User {$_USER['username']} tried to illegally delete poll $pid.");
558 return COM_refresh ($_CONF['site_admin_url'] . '/plugins/polls/index.php');
561 DB_delete($_TABLES['polltopics'], 'pid', $pid);
562 DB_delete($_TABLES['pollanswers'], 'pid', $pid);
563 DB_delete($_TABLES['pollquestions'], 'pid', $pid);
564 DB_delete($_TABLES['comments'], array('sid', 'type'),
565 array($pid, 'polls'));
567 PLG_itemDeleted($pid, 'polls');
569 return COM_refresh ($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20');
577 if (isset ($_REQUEST['mode'])) {
578 $mode = COM_applyFilter($_REQUEST['mode']);
581 if ($mode == 'edit') {
582 $display .= COM_siteHeader ('menu', $LANG25[5]);
584 if (isset ($_GET['pid'])) {
585 $pid = COM_applyFilter ($_GET['pid']);
587 $display .= editpoll ($pid);
588 $display .= COM_siteFooter ();
589 } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save'])) {
590 $pid = COM_applyFilter($_POST['pid']);
592 if (isset($_POST['old_pid'])) {
593 $old_pid = COM_applyFilter($_POST['old_pid']);
595 if (empty($pid) && !empty($old_pid)) {
598 if (empty($old_pid) && (! empty($pid))) {
603 if (isset ($_POST['statuscode'])) {
604 $statuscode = COM_applyFilter ($_POST['statuscode'], true);
607 if (isset ($_POST['mainpage'])) {
608 $mainpage = COM_applyFilter ($_POST['mainpage']);
611 if (isset ($_POST['open'])) {
612 $open = COM_applyFilter ($_POST['open']);
615 if (isset ($_POST['hideresults'])) {
616 $hideresults = COM_applyFilter ($_POST['hideresults']);
618 $display .= savepoll ($pid, $old_pid, $_POST['question'], $mainpage,
619 $_POST['topic'], $_POST['meta_description'],
620 $_POST['meta_keywords'], $statuscode, $open,
622 COM_applyFilter ($_POST['commentcode'], true),
623 $_POST['answer'], $_POST['votes'], $_POST['remark'],
624 COM_applyFilter ($_POST['owner_id'], true),
625 COM_applyFilter ($_POST['group_id'], true),
626 $_POST['perm_owner'], $_POST['perm_group'],
627 $_POST['perm_members'], $_POST['perm_anon']);
629 $display .= COM_siteHeader ('menu', $LANG25[5]);
630 $display .= COM_startBlock ($LANG21[32], '',
631 COM_getBlockTemplate ('_msg_block', 'header'));
632 $display .= $LANG25[17];
633 $display .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer'));
634 $display .= editpoll ();
635 $display .= COM_siteFooter ();
637 } elseif (($mode == $LANG_ADMIN['delete']) && !empty($LANG_ADMIN['delete'])) {
639 if (isset ($_POST['pid'])) {
640 $pid = COM_applyFilter ($_POST['pid']);
643 COM_errorLog ('Ignored possibly manipulated request to delete a poll.');
644 $display .= COM_refresh ($_CONF['site_admin_url'] . '/plugins/polls/index.php');
645 } elseif (SEC_checkToken()) {
646 $display .= deletePoll ($pid);
648 COM_accessLog("User {$_USER['username']} tried to illegally delete poll $pid and failed CSRF checks.");
649 echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
651 } else { // 'cancel' or no mode at all
653 $display .= COM_siteHeader ('menu', $LANG25[18]);
654 if (isset ($_REQUEST['msg'])) {
655 $msg = COM_applyFilter ($_REQUEST['msg'], true);
657 $display .= COM_showMessage ($msg, 'polls');
660 $display .= listpolls();
661 $display .= COM_siteFooter ();
664 COM_output($display);