3 /* Reminder: always indent with 4 spaces (no tabs). */
4 // +---------------------------------------------------------------------------+
6 // +---------------------------------------------------------------------------+
9 // | Geeklog topic administration page. |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2009 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // +---------------------------------------------------------------------------+
19 // | This program is free software; you can redistribute it and/or |
20 // | modify it under the terms of the GNU General Public License |
21 // | as published by the Free Software Foundation; either version 2 |
22 // | of the License, or (at your option) any later version. |
24 // | This program is distributed in the hope that it will be useful, |
25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 // | GNU General Public License for more details. |
29 // | You should have received a copy of the GNU General Public License |
30 // | along with this program; if not, write to the Free Software Foundation, |
31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
33 // +---------------------------------------------------------------------------+
35 require_once '../lib-common.php';
36 require_once 'auth.inc.php';
37 require_once $_CONF['path_system'] . 'lib-story.php';
41 if (!SEC_hasRights('topic.edit')) {
42 $display .= COM_siteHeader('menu', $MESSAGE[30])
43 . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
45 COM_accessLog("User {$_USER['username']} tried to illegally access the topic administration screen.");
50 // Uncomment the line below if you need to debug the HTTP variables being passed
51 // to the script. This will sometimes cause errors but it will allow you to see
52 // the data being passed in a POST operation
53 // echo COM_debug($_POST);
56 * Show topic administration form
58 * @param string tid ID of topic to edit
59 * @return string HTML for the topic editor
62 function edittopic ($tid = '')
64 global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG27, $LANG_ACCESS,
65 $LANG_ADMIN, $MESSAGE;
70 // new topic - set defaults
75 $A['limitnews'] = ''; // leave empty!
77 $A['archive_flag'] = 0;
79 $result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='$tid'");
80 $A = DB_fetchArray($result);
81 $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
82 if ($access == 0 OR $access == 2) {
83 $retval .= COM_startBlock ($LANG27[12], '',
84 COM_getBlockTemplate ('_msg_block', 'header'));
85 $retval .= $LANG27[13];
86 $retval .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer'));
87 COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic $tid.");
92 $retval .= COM_startBlock ($LANG27[1], '',
93 COM_getBlockTemplate ('_admin_block', 'header'));
94 if (!is_array ($A) || empty ($A['owner_id'])) {
95 $A['owner_id'] = $_USER['uid'];
97 // this is the one instance where we default the group
98 // most topics should belong to the Topic Admin group
99 if (isset ($_GROUPS['Topic Admin'])) {
100 $A['group_id'] = $_GROUPS['Topic Admin'];
102 $A['group_id'] = SEC_getFeatureGroup ('topic.edit');
104 SEC_setDefaultPermissions ($A, $_CONF['default_permissions_topic']);
107 $topic_templates = new Template($_CONF['path_layout'] . 'admin/topic');
108 $topic_templates->set_file('editor','topiceditor.thtml');
109 $topic_templates->set_var( 'xhtml', XHTML );
110 $topic_templates->set_var('site_url', $_CONF['site_url']);
111 $topic_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
112 $topic_templates->set_var('layout_url', $_CONF['layout_url']);
113 if (!empty($tid) && SEC_hasRights('topic.edit')) {
114 $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete']
115 . '" name="mode"%s' . XHTML . '>';
116 $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
117 $topic_templates->set_var('delete_option',
118 sprintf($delbutton, $jsconfirm));
119 $topic_templates->set_var('delete_option_no_confirmation',
120 sprintf($delbutton, ''));
121 $topic_templates->set_var('warning_msg', $LANG27[6]);
123 $topic_templates->set_var('lang_topicid', $LANG27[2]);
124 $topic_templates->set_var('topic_id', $A['tid']);
125 $topic_templates->set_var('lang_donotusespaces', $LANG27[5]);
126 $topic_templates->set_var('lang_accessrights',$LANG_ACCESS['accessrights']);
127 $topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
128 $ownername = COM_getDisplayName ($A['owner_id']);
129 $topic_templates->set_var('owner_username', DB_getItem ($_TABLES['users'],
130 'username', "uid = {$A['owner_id']}"));
131 $topic_templates->set_var('owner_name', $ownername);
132 $topic_templates->set_var('owner', $ownername);
133 $topic_templates->set_var('owner_id', $A['owner_id']);
134 $topic_templates->set_var('lang_group', $LANG_ACCESS['group']);
135 $topic_templates->set_var('lang_save', $LANG_ADMIN['save']);
136 $topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
137 $topic_templates->set_var('group_dropdown',
138 SEC_getGroupDropdown ($A['group_id'], $access));
139 $topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
140 $topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']);
141 $topic_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
142 $topic_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
143 $topic_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
144 $topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']));
146 // show sort order only if they specified sortnum as the sort method
147 if ($_CONF['sortmethod'] <> 'alpha') {
148 $topic_templates->set_var('lang_sortorder', $LANG27[10]);
149 if ($A['sortnum'] == 0) {
152 $topic_templates->set_var('sort_order', '<input type="text" size="3" maxlength="3" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>');
154 $topic_templates->set_var('lang_sortorder', $LANG27[14]);
155 $topic_templates->set_var('sort_order', $LANG27[15]);
157 $topic_templates->set_var('lang_storiesperpage', $LANG27[11]);
158 if ($A['limitnews'] == 0) {
159 $topic_templates->set_var('story_limit', '');
161 $topic_templates->set_var('story_limit', $A['limitnews']);
163 $topic_templates->set_var('default_limit', $_CONF['limitnews']);
164 $topic_templates->set_var('lang_defaultis', $LANG27[16]);
165 $topic_templates->set_var('lang_topicname', $LANG27[3]);
166 $topic_templates->set_var('topic_name', stripslashes ($A['topic']));
167 if (empty($A['tid'])) {
168 $A['imageurl'] = '/images/topics/';
170 $topic_templates->set_var('lang_topicimage', $LANG27[4]);
171 $topic_templates->set_var('lang_uploadimage', $LANG27[27]);
172 $topic_templates->set_var('icon_dimensions', $_CONF['max_topicicon_width'].' x '.$_CONF['max_topicicon_height']);
173 $topic_templates->set_var('lang_maxsize', $LANG27[28]);
174 $topic_templates->set_var('max_url_length', 255);
175 $topic_templates->set_var('image_url', $A['imageurl']);
177 $topic_templates->set_var('lang_metadescription',
178 $LANG_ADMIN['meta_description']);
179 $topic_templates->set_var('lang_metakeywords',
180 $LANG_ADMIN['meta_keywords']);
181 if (! empty($A['meta_description'])) {
182 $topic_templates->set_var('meta_description', $A['meta_description']);
184 if (! empty($A['meta_keywords'])) {
185 $topic_templates->set_var('meta_keywords', $A['meta_keywords']);
188 $topic_templates->set_var ('lang_defaulttopic', $LANG27[22]);
189 $topic_templates->set_var ('lang_defaulttext', $LANG27[23]);
190 if ($A['is_default'] == 1) {
191 $topic_templates->set_var ('default_checked', 'checked="checked"');
193 $topic_templates->set_var ('default_checked', '');
196 $topic_templates->set_var ('lang_archivetopic', $LANG27[25]);
197 $topic_templates->set_var ('lang_archivetext', $LANG27[26]);
198 $topic_templates->set_var ('archive_disabled', '');
199 if ($A['archive_flag'] == 1) {
200 $topic_templates->set_var ('archive_checked', 'checked="checked"');
202 $topic_templates->set_var ('archive_checked', '');
203 // Only 1 topic can be the archive topic - so check if there already is one
204 if (DB_count($_TABLES['topics'], 'archive_flag', '1') > 0) {
205 $topic_templates->set_var ('archive_disabled', 'disabled');
210 $num_stories = $LANG_ADMIN['na'];
212 $nresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE tid = '" . addslashes($tid) . "'" . COM_getPermSql('AND'));
213 $N = DB_fetchArray( $nresult );
214 $num_stories = $N['count'];
217 $topic_templates->set_var('lang_num_stories', $LANG27[30]);
218 $topic_templates->set_var('num_stories', COM_numberFormat($num_stories));
219 $topic_templates->set_var('gltoken_name', CSRF_TOKEN);
220 $topic_templates->set_var('gltoken', SEC_createToken());
221 $topic_templates->parse('output', 'editor');
222 $retval .= $topic_templates->finish($topic_templates->get_var('output'));
223 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
229 * Save topic to the database
231 * @param string $tid Topic ID
232 * @param string $topic Name of topic (what the user sees)
233 * @param string $imageurl (partial) URL to topic image
234 * @param string $meta_description Topic meta description
235 * @param string $meta_keywords Topic meta keywords
236 * @param int $sortnum number for sort order in "Topics" block
237 * @param int $limitnews number of stories per page for this topic
238 * @param int $owner_id ID of owner
239 * @param int $group_id ID of group topic belongs to
240 * @param int $perm_owner Permissions the owner has
241 * @param int $perm_group Permissions the group has
242 * @param int $perm_member Permissions members have
243 * @param int $perm_anon Permissions anonymous users have
244 * @param string $is_default 'on' if this is the default topic
245 * @param string $is_archive 'on' if this is the archive topic
246 * @return string HTML redirect or error message
248 function savetopic($tid,$topic,$imageurl,$meta_description,$meta_keywords,$sortnum,$limitnews,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_default,$is_archive)
250 global $_CONF, $_TABLES, $LANG27, $MESSAGE;
254 // Convert array values to numeric permission values
255 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
257 $tid = COM_sanitizeID($tid);
260 if (DB_count ($_TABLES['topics'], 'tid', $tid) > 0) {
261 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
262 $A = DB_fetchArray ($result);
263 $access = SEC_hasAccess ($A['owner_id'], $A['group_id'],
264 $A['perm_owner'], $A['perm_group'], $A['perm_members'],
267 $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
268 $perm_members, $perm_anon);
270 if (($access < 3) || !SEC_inGroup($group_id)) {
271 $retval .= COM_siteHeader('menu', $MESSAGE[30])
272 . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
274 COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic $tid.");
275 } elseif (!empty($tid) && !empty($topic)) {
276 if ($imageurl == '/images/topics/') {
279 $topic = addslashes($topic);
280 $meta_description = addslashes(strip_tags($meta_description));
281 $meta_keywords = addslashes(strip_tags($meta_keywords));
283 if ($is_default == 'on') {
285 DB_query ("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
290 $is_archive = ($is_archive == 'on') ? 1 : 0;
292 $archivetid = DB_getItem ($_TABLES['topics'], 'tid', "archive_flag=1");
294 // $tid is the archive topic
295 // - if it wasn't already, mark all its stories "archived" now
296 if ($archivetid != $tid) {
297 DB_query ("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '$tid'");
298 DB_query ("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
301 // $tid is not the archive topic
302 // - if it was until now, reset the "archived" status of its stories
303 if ($archivetid == $tid) {
304 DB_query ("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '$tid'");
305 DB_query ("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
309 DB_save($_TABLES['topics'],'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon',"'$tid', '$topic', '$imageurl', '$meta_description', '$meta_keywords','$sortnum','$limitnews',$is_default,'$is_archive',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon");
311 // update feed(s) and Older Stories block
312 COM_rdfUpToDateCheck('article', $tid);
315 $retval = COM_refresh ($_CONF['site_admin_url'] . '/topic.php?msg=13');
317 $retval .= COM_siteHeader('menu', $LANG27[1]);
318 $retval .= COM_errorLog($LANG27[7], 2);
319 $retval .= COM_siteFooter();
326 * Displays a list of topics
328 * Lists all the topics and their icons.
330 * @return string HTML for the topic list
333 function listtopics()
335 global $_CONF, $_TABLES, $LANG27, $LANG_ACCESS, $LANG_ADMIN;
337 require_once( $_CONF['path_system'] . 'lib-admin.php' );
341 $retval .= COM_startBlock ($LANG27[8], '',
342 COM_getBlockTemplate ('_admin_block', 'header'));
344 $topic_templates = new Template($_CONF['path_layout'] . 'admin/topic');
345 $topic_templates->set_file(array('list'=>'topiclist.thtml', 'item'=>'listitem.thtml'));
346 $topic_templates->set_var( 'xhtml', XHTML );
347 $topic_templates->set_var('site_url', $_CONF['site_url']);
348 $topic_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
349 $topic_templates->set_var('layout_url', $_CONF['layout_url']);
350 $topic_templates->set_var('lang_newtopic', $LANG_ADMIN['create_new']);
351 $topic_templates->set_var('lang_adminhome', $LANG27[18]);
352 $topic_templates->set_var('lang_instructions', $LANG27[9]);
353 $topic_templates->set_var('begin_row', '<tr align="center" valign="bottom">');
355 $result = DB_query("SELECT * FROM {$_TABLES['topics']}");
356 $nrows = DB_numRows($result);
360 array('url' => $_CONF['site_admin_url'] . '/topic.php?mode=edit',
361 'text' => $LANG_ADMIN['create_new']),
362 array('url' => $_CONF['site_admin_url'],
363 'text' => $LANG_ADMIN['admin_home']));
364 $menu = ADMIN_createMenu(
367 $_CONF['layout_url'] . "/images/icons/topic.png"
369 $topic_templates->set_var('top_menu', $menu);
371 for ($i = 0; $i < $nrows; $i++) {
372 $A = DB_fetchArray($result);
374 $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
378 $access = $LANG_ACCESS['edit'];
380 $access = $LANG_ACCESS['readonly'];
383 $topic_templates->set_var('topic_id', $A['tid']);
384 $topic_templates->set_var('topic_name', stripslashes ($A['topic']));
385 $topic_templates->set_var('topic_access', $access);
386 if ($A['is_default'] == 1) {
387 $topic_templates->set_var ('default_topic', $LANG27[24]);
389 $topic_templates->set_var ('default_topic', '');
391 if (empty ($A['imageurl'])) {
392 $topic_templates->set_var ('image_tag', '');
394 $imageurl = COM_getTopicImageUrl ($A['imageurl']);
395 $topic_templates->set_var ('image_tag', '<img src="' . $imageurl
396 . '" alt=""' . XHTML . '>');
400 $topic_templates->set_var('end_row','</tr>');
401 $topic_templates->parse('list_row','item',true);
402 $topic_templates->set_var('begin_row','<tr align="center" valign="bottom">');
404 if ($i == $nrows - 1) {
405 $topic_templates->set_var('end_row','</tr>');
407 $topic_templates->set_var('end_row','');
410 $topic_templates->parse('list_row','item',true);
411 $topic_templates->set_var('begin_row','');
412 $counter = $counter + 1;
416 $topic_templates->parse('output', 'list');
417 $retval .= $topic_templates->finish($topic_templates->get_var('output'));
418 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
426 * @param string $tid Topic ID
427 * @return string HTML redirect
430 function deleteTopic ($tid)
432 global $_CONF, $_TABLES, $_USER;
434 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='$tid'");
435 $A = DB_fetchArray ($result);
436 $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
437 $A['perm_group'], $A['perm_members'], $A['perm_anon']);
439 COM_accessLog ("User {$_USER['username']} tried to illegally delete topic $tid.");
440 return COM_refresh ($_CONF['site_admin_url'] . '/topic.php');
443 // don't delete topic blocks - assign them to 'all' and disable them
444 DB_query ("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '$tid'");
447 DB_query ("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '$tid'");
449 // delete comments, trackbacks, images associated with stories in this topic
450 $result = DB_query ("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '$tid'");
451 $numStories = DB_numRows($result);
452 for ($i = 0; $i < $numStories; $i++) {
453 $A = DB_fetchArray($result);
454 STORY_deleteImages($A['sid']);
455 DB_delete($_TABLES['comments'], array('sid', 'type'),
456 array($A['sid'], 'article'));
457 DB_delete($_TABLES['trackback'], array('sid', 'type'),
458 array($A['sid'], 'article'));
462 DB_delete($_TABLES['stories'], 'tid', $tid);
463 DB_delete($_TABLES['storysubmission'], 'tid', $tid);
464 DB_delete($_TABLES['topics'], 'tid', $tid);
466 // update feed(s) and Older Stories block
467 COM_rdfUpToDateCheck('article');
470 return COM_refresh ($_CONF['site_admin_url'] . '/topic.php?msg=14');
474 * Upload new topic icon, replaces previous icon if one exists
476 * @param string tid ID of topic to prepend to filename
477 * @return string filename of new photo (empty = no new photo)
480 function handleIconUpload($tid)
482 global $_CONF, $_TABLES, $LANG27;
484 require_once ($_CONF['path_system'] . 'classes/upload.class.php');
486 $upload = new upload();
487 if (!empty ($_CONF['image_lib'])) {
488 if ($_CONF['image_lib'] == 'imagemagick') {
490 $upload->setMogrifyPath ($_CONF['path_to_mogrify']);
491 } elseif ($_CONF['image_lib'] == 'netpbm') {
493 $upload->setNetPBM ($_CONF['path_to_netpbm']);
494 } elseif ($_CONF['image_lib'] == 'gdlib') {
495 // using the GD library
496 $upload->setGDLib ();
498 $upload->setAutomaticResize (true);
499 if (isset ($_CONF['debug_image_upload']) &&
500 $_CONF['debug_image_upload']) {
501 $upload->setLogFile ($_CONF['path'] . 'logs/error.log');
502 $upload->setDebug (true);
504 if (isset($_CONF['jpeg_quality'])) {
505 $upload->setJpegQuality($_CONF['jpeg_quality']);
508 $upload->setAllowedMimeTypes (array ('image/gif' => '.gif',
509 'image/jpeg' => '.jpg,.jpeg',
510 'image/pjpeg' => '.jpg,.jpeg',
511 'image/x-png' => '.png',
512 'image/png' => '.png'
514 if (!$upload->setPath ($_CONF['path_images'] . 'topics')) {
515 $display = COM_siteHeader ('menu', $LANG27[29]);
516 $display .= COM_startBlock ($LANG27[29], '',
517 COM_getBlockTemplate ('_msg_block', 'header'));
518 $display .= $upload->printErrors (false);
519 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
521 $display .= COM_siteFooter ();
522 COM_output($display);
523 exit; // don't return
528 // see if user wants to upload a (new) icon
529 $newicon = $_FILES['newicon'];
530 if (!empty ($newicon['name'])) {
531 $pos = strrpos ($newicon['name'], '.') + 1;
532 $fextension = substr ($newicon['name'], $pos);
533 $filename = 'topic_' . $tid . '.' . $fextension;
537 if (!empty ($filename)) {
538 $upload->setFileNames ($filename);
539 $upload->setPerms ('0644');
540 if (($_CONF['max_topicicon_width'] > 0) &&
541 ($_CONF['max_topicicon_height'] > 0)) {
542 $upload->setMaxDimensions ($_CONF['max_topicicon_width'],
543 $_CONF['max_topicicon_height']);
545 $upload->setMaxDimensions ($_CONF['max_image_width'],
546 $_CONF['max_image_height']);
548 if ($_CONF['max_topicicon_size'] > 0) {
549 $upload->setMaxFileSize($_CONF['max_topicicon_size']);
551 $upload->setMaxFileSize($_CONF['max_image_size']);
553 $upload->uploadFiles ();
555 if ($upload->areErrors ()) {
556 $display = COM_siteHeader ('menu', $LANG27[29]);
557 $display .= COM_startBlock ($LANG27[29], '',
558 COM_getBlockTemplate ('_msg_block', 'header'));
559 $display .= $upload->printErrors (false);
560 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
562 $display .= COM_siteFooter ();
563 COM_output($display);
564 exit; // don't return
566 $filename = '/images/topics/' . $filename;
577 if (isset ($_REQUEST['mode'])) {
578 $mode = $_REQUEST['mode'];
581 if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) {
582 $tid = COM_applyFilter ($_POST['tid']);
583 if (!isset ($tid) || empty ($tid)) {
584 COM_errorLog ('Attempted to delete topic tid=' . $tid);
585 $display .= COM_refresh ($_CONF['site_admin_url'] . '/topic.php');
586 } elseif (SEC_checkToken()) {
587 $display .= deleteTopic($tid);
589 COM_accessLog("User {$_USER['username']} tried to illegally delete topic $tid and failed CSRF checks.");
590 echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
592 } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) {
593 if (empty ($_FILES['newicon']['name'])){
594 $imageurl = COM_applyFilter ($_POST['imageurl']);
596 $imageurl = handleIconUpload($_POST['tid']);
597 $imageurl = COM_applyFilter ($imageurl);
600 if (isset($_POST['is_default'])) {
601 $is_default = $_POST['is_default'];
604 if (isset($_POST['is_archive'])) {
605 $is_archive = $_POST['is_archive'];
607 $display .= savetopic(COM_applyFilter($_POST['tid']), $_POST['topic'],
608 $imageurl, $_POST['meta_description'],
609 $_POST['meta_keywords'],
610 COM_applyFilter($_POST['sortnum'], true),
611 COM_applyFilter($_POST['limitnews'], true),
612 COM_applyFilter($_POST['owner_id'], true),
613 COM_applyFilter($_POST['group_id'], true),
614 $_POST['perm_owner'], $_POST['perm_group'],
615 $_POST['perm_members'], $_POST['perm_anon'],
616 $is_default, $is_archive);
617 } else if ($mode == 'edit') {
618 $display .= COM_siteHeader('menu', $LANG27[1]);
620 if (isset($_GET['tid'])) {
621 $tid = COM_applyFilter($_GET['tid']);
623 $display .= edittopic($tid);
624 $display .= COM_siteFooter();
625 } else { // 'cancel' or no mode at all
626 $display .= COM_siteHeader('menu', $LANG27[8]);
627 $display .= COM_showMessageFromParameter();
628 $display .= listtopics();
629 $display .= COM_siteFooter();
632 COM_output($display);