1.1 --- a/system/lib-admin.php Sat Oct 03 15:53:36 2009 +0200
1.2 +++ b/system/lib-admin.php Sat Oct 03 16:23:00 2009 +0200
1.3 @@ -625,62 +625,70 @@
1.4
1.5 $retval = false;
1.6
1.7 - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
1.8 + $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'],
1.9 + $A['perm_group'], $A['perm_members'], $A['perm_anon']);
1.10
1.11 - if (($access > 0) && (hasBlockTopicAccess ($A['tid']) > 0)) {
1.12 - switch($fieldname) {
1.13 - case 'edit':
1.14 - if ($access == 3) {
1.15 - $retval = COM_createLink($icon_arr['edit'],
1.16 - "{$_CONF['site_admin_url']}/block.php?mode=edit&bid={$A['bid']}");
1.17 + if (($access > 0) && (hasBlockTopicAccess($A['tid']) > 0)) {
1.18 + switch ($fieldname) {
1.19 + case 'edit':
1.20 + if ($access == 3) {
1.21 + $retval = COM_createLink($icon_arr['edit'],
1.22 + "{$_CONF['site_admin_url']}/block.php?mode=edit&bid={$A['bid']}");
1.23 + }
1.24 + break;
1.25 +
1.26 + case 'title':
1.27 + $retval = stripslashes($A['title']);
1.28 + if (empty($retval)) {
1.29 + $retval = '(' . $A['name'] . ')';
1.30 + }
1.31 + break;
1.32 +
1.33 + case 'blockorder':
1.34 + $retval .= $A['blockorder'];
1.35 + break;
1.36 +
1.37 + case 'is_enabled':
1.38 + if ($access == 3) {
1.39 + if ($A['is_enabled'] == 1) {
1.40 + $switch = ' checked="checked"';
1.41 + } else {
1.42 + $switch = '';
1.43 }
1.44 - break;
1.45 - case 'title':
1.46 - $retval = stripslashes ($A['title']);
1.47 - if (empty ($retval)) {
1.48 - $retval = '(' . $A['name'] . ')';
1.49 + $retval = "<input type=\"checkbox\" name=\"enabledblocks[{$A['bid']}]\" "
1.50 + . "onclick=\"submit()\" value=\"{$A['onleft']}\"$switch" . XHTML . ">";
1.51 + $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . ">";
1.52 + }
1.53 + break;
1.54 +
1.55 + case 'move':
1.56 + if ($access == 3) {
1.57 + if ($A['onleft'] == 1) {
1.58 + $side = $LANG21[40];
1.59 + $blockcontrol_image = 'block-right.' . $_IMAGE_TYPE;
1.60 + $moveTitleMsg = $LANG21[59];
1.61 + $switchside = '1';
1.62 + } else {
1.63 + $blockcontrol_image = 'block-left.' . $_IMAGE_TYPE;
1.64 + $moveTitleMsg = $LANG21[60];
1.65 + $switchside = '0';
1.66 }
1.67 - break;
1.68 - case 'blockorder':
1.69 - $retval .= $A['blockorder'];
1.70 - break;
1.71 - case 'is_enabled':
1.72 - if ($access == 3) {
1.73 - if ($A['is_enabled'] == 1) {
1.74 - $switch = ' checked="checked"';
1.75 - } else {
1.76 - $switch = '';
1.77 - }
1.78 - $retval = "<input type=\"checkbox\" name=\"enabledblocks[{$A['bid']}]\" "
1.79 - . "onclick=\"submit()\" value=\"{$A['onleft']}\"$switch" . XHTML . ">";
1.80 - $retval .= "<input type=\"hidden\" name=\"" . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . ">";
1.81 - }
1.82 - break;
1.83 - case 'move':
1.84 - if ($access == 3) {
1.85 - if ($A['onleft'] == 1) {
1.86 - $side = $LANG21[40];
1.87 - $blockcontrol_image = 'block-right.' . $_IMAGE_TYPE;
1.88 - $moveTitleMsg = $LANG21[59];
1.89 - $switchside = '1';
1.90 - } else {
1.91 - $blockcontrol_image = 'block-left.' . $_IMAGE_TYPE;
1.92 - $moveTitleMsg = $LANG21[60];
1.93 - $switchside = '0';
1.94 - }
1.95 - $retval.="<img src=\"{$_CONF['layout_url']}/images/admin/$blockcontrol_image\" width=\"45\" height=\"20\" usemap=\"#arrow{$A['bid']}\" alt=\"\"" . XHTML . ">"
1.96 - ."<map id=\"arrow{$A['bid']}\" name=\"arrow{$A['bid']}\">"
1.97 - ."<area coords=\"0,0,12,20\" title=\"{$LANG21[58]}\" href=\"{$_CONF['site_admin_url']}/block.php?mode=move&bid={$A['bid']}&where=up&".CSRF_TOKEN."={$token}\" alt=\"{$LANG21[58]}\"" . XHTML . ">"
1.98 - ."<area coords=\"13,0,29,20\" title=\"$moveTitleMsg\" href=\"{$_CONF['site_admin_url']}/block.php?mode=move&bid={$A['bid']}&where=$switchside&".CSRF_TOKEN."={$token}\" alt=\"$moveTitleMsg\"" . XHTML . ">"
1.99 - ."<area coords=\"30,0,43,20\" title=\"{$LANG21[57]}\" href=\"{$_CONF['site_admin_url']}/block.php?mode=move&bid={$A['bid']}&where=dn&".CSRF_TOKEN."={$token}\" alt=\"{$LANG21[57]}\"" . XHTML . ">"
1.100 - ."</map>";
1.101 - }
1.102 - break;
1.103 - default:
1.104 - $retval = $fieldvalue;
1.105 - break;
1.106 + $csrftoken = '&' . CSRF_TOKEN . '=' . $token;
1.107 + $retval.="<img src=\"{$_CONF['layout_url']}/images/admin/$blockcontrol_image\" width=\"45\" height=\"20\" usemap=\"#arrow{$A['bid']}\" alt=\"\"" . XHTML . ">"
1.108 + ."<map id=\"arrow{$A['bid']}\" name=\"arrow{$A['bid']}\">"
1.109 + ."<area coords=\"0,0,12,20\" title=\"{$LANG21[58]}\" href=\"{$_CONF['site_admin_url']}/block.php?mode=move&bid={$A['bid']}&where=up{$csrftoken}\" alt=\"{$LANG21[58]}\"" . XHTML . ">"
1.110 + ."<area coords=\"13,0,29,20\" title=\"$moveTitleMsg\" href=\"{$_CONF['site_admin_url']}/block.php?mode=move&bid={$A['bid']}&where=$switchside{$csrftoken}\" alt=\"$moveTitleMsg\"" . XHTML . ">"
1.111 + ."<area coords=\"30,0,43,20\" title=\"{$LANG21[57]}\" href=\"{$_CONF['site_admin_url']}/block.php?mode=move&bid={$A['bid']}&where=dn${csrftoken}\" alt=\"{$LANG21[57]}\"" . XHTML . ">"
1.112 + ."</map>";
1.113 + }
1.114 + break;
1.115 +
1.116 + default:
1.117 + $retval = $fieldvalue;
1.118 + break;
1.119 }
1.120 }
1.121 +
1.122 return $retval;
1.123 }
1.124