1<?php 2/** 3 * The main glossary index file. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public License, 6 * v. 2.0. If a copy of the MPL was not distributed with this file, You can 7 * obtain one at http://mozilla.org/MPL/2.0/. 8 * 9 * @package phpMyFAQ 10 * @author Thorsten Rinne <thorsten@phpmyfaq.de> 11 * @copyright 2005-2020 phpMyFAQ Team 12 * @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0 13 * @link https://www.phpmyfaq.de 14 * @since 2005-09-15 15 */ 16 17use phpMyFAQ\Filter; 18use phpMyFAQ\Glossary; 19 20if (!defined('IS_VALID_PHPMYFAQ')) { 21 http_response_code(400); 22 exit(); 23} 24?> 25<header class="row"> 26 <div class="col-lg-12"> 27 <h2 class="page-header"> 28 <i aria-hidden="true" class="fa fa-list-ul"></i> <?= $PMF_LANG['ad_menu_glossary'] ?> 29 <div class="float-right"> 30 <a class="btn btn-sm btn-success" href="?action=addglossary"> 31 <i aria-hidden="true" class="fa fa-plus"></i> <?= $PMF_LANG['ad_glossary_add'] ?> 32 </a> 33 </div> 34 </h2> 35 </div> 36</header> 37 38<div class="row"> 39 <div class="col-lg-12"> 40 <?php 41 $csrfTokenFromPost = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING); 42 $csrfTokenFromGet = Filter::filterInput(INPUT_GET, 'csrf', FILTER_SANITIZE_STRING); 43 if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfTokenFromPost) { 44 $csrfCheck = false; 45 } else { 46 $csrfCheck = true; 47 } 48 if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfTokenFromGet) { 49 $csrfCheckDelete = false; 50 } else { 51 $csrfCheckDelete = true; 52 } 53 54 if ($user->perm->checkRight($user->getUserId(), 'addglossary') || 55 $user->perm->checkRight($user->getUserId(), 'editglossary') || 56 $user->perm->checkRight($user->getUserId(), 'delglossary')) { 57 $glossary = new Glossary($faqConfig); 58 59 if ('saveglossary' == $action && $user->perm->checkRight($user->getUserId(), 'addglossary') && $csrfCheck) { 60 $item = Filter::filterInput(INPUT_POST, 'item', FILTER_SANITIZE_SPECIAL_CHARS); 61 $definition = Filter::filterInput(INPUT_POST, 'definition', FILTER_SANITIZE_SPECIAL_CHARS); 62 if ($glossary->addGlossaryItem($item, $definition)) { 63 echo '<p class="alert alert-success"><a href="#" class="close" data-dismiss="alert">×</a>'; 64 echo $PMF_LANG['ad_glossary_save_success'] . '</p>'; 65 } else { 66 echo '<p class="alert alert-danger"><a href="#" class="close" data-dismiss="alert">×</a>'; 67 echo $PMF_LANG['ad_glossary_save_error']; 68 echo '<br>' . $PMF_LANG['ad_adus_dberr'] . '<br>'; 69 echo $faqConfig->getDb()->error() . '</p>'; 70 } 71 } 72 73 if ('updateglossary' == $action && $user->perm->checkRight($user->getUserId(), 74 'editglossary') && $csrfCheck) { 75 $id = Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT); 76 $item = Filter::filterInput(INPUT_POST, 'item', FILTER_SANITIZE_SPECIAL_CHARS); 77 $definition = Filter::filterInput(INPUT_POST, 'definition', FILTER_SANITIZE_SPECIAL_CHARS); 78 if ($glossary->updateGlossaryItem($id, $item, $definition)) { 79 echo '<p class="alert alert-success"><a href="#" class="close" data-dismiss="alert">×</a>'; 80 echo $PMF_LANG['ad_glossary_update_success'] . '</p>'; 81 } else { 82 echo '<p class="alert alert-danger"><a href="#" class="close" data-dismiss="alert">×</a>'; 83 echo $PMF_LANG['ad_glossary_update_error']; 84 echo '<br>' . $PMF_LANG['ad_adus_dberr'] . '<br>'; 85 echo $faqConfig->getDb()->error() . '</p>'; 86 } 87 } 88 89 if ('deleteglossary' == $action && $user->perm->checkRight($user->getUserId(), 90 'editglossary') && $csrfCheckDelete) { 91 $id = Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT); 92 if ($glossary->deleteGlossaryItem($id)) { 93 echo '<p class="alert alert-success"><a href="#" class="close" data-dismiss="alert">×</a>'; 94 echo $PMF_LANG['ad_glossary_delete_success'] . '</p>'; 95 } else { 96 echo '<p class="alert alert-danger"><a href="#" class="close" data-dismiss="alert">×</a>'; 97 echo $PMF_LANG['ad_glossary_delete_error']; 98 echo '<br>' . $PMF_LANG['ad_adus_dberr'] . '<br>'; 99 echo $faqConfig->getDb()->error() . '</p>'; 100 } 101 } 102 103 $glossaryItems = $glossary->getAllGlossaryItems(); 104 105 echo '<table class="table table-striped">'; 106 printf( 107 '<thead><tr><th>%s</th><th>%s</th><th style="width: 16px"> </th></tr></thead>', 108 $PMF_LANG['ad_glossary_item'], 109 $PMF_LANG['ad_glossary_definition'] 110 ); 111 112 foreach ($glossaryItems as $items) { 113 echo '<tr>'; 114 printf( 115 '<td><a href="%s%d">%s</a></td>', 116 '?action=editglossary&id=', 117 $items['id'], 118 $items['item'] 119 ); 120 printf( 121 '<td>%s</td>', 122 $items['definition'] 123 ); 124 printf( 125 '<td><a class="btn btn-danger" onclick="return confirm(\'%s\');" href="%s%d%s%s">', 126 $PMF_LANG['ad_user_del_3'], 127 '?action=deleteglossary&id=', 128 $items['id'], 129 '&csrf=', 130 $user->getCsrfTokenFromSession() 131 ); 132 printf( 133 '<span title="%s"><i aria-hidden="true" class="fa fa-trash"></i></span></a></td>', 134 $PMF_LANG['ad_entry_delete'] 135 ); 136 echo '</tr>'; 137 } 138 echo '</table>'; 139 } else { 140 echo $PMF_LANG['err_NotAuth']; 141 } 142 ?> 143 </div> 144</div> 145