|
|
|
@ -169,12 +169,12 @@ class blog extends common {
|
|
|
|
|
utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $articleIds[$i], 'publishedOn']))), |
|
|
|
|
self::$states[$this->getData(['module', $this->getUrl(0), $articleIds[$i], 'state'])], |
|
|
|
|
template::button('blogConfigEdit' . $articleIds[$i], [ |
|
|
|
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i], |
|
|
|
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i]. '/' . $_SESSION['csrf'], |
|
|
|
|
'value' => template::ico('pencil') |
|
|
|
|
]), |
|
|
|
|
template::button('blogConfigDelete' . $articleIds[$i], [ |
|
|
|
|
'class' => 'blogConfigDelete buttonRed', |
|
|
|
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i]. '&csrf=' . $_SESSION['csrf'], |
|
|
|
|
'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i]. '/' . $_SESSION['csrf'], |
|
|
|
|
'value' => template::ico('cancel') |
|
|
|
|
]) |
|
|
|
|
]; |
|
|
|
@ -190,33 +190,23 @@ class blog extends common {
|
|
|
|
|
* Suppression |
|
|
|
|
*/ |
|
|
|
|
public function delete() { |
|
|
|
|
// $url prend l'adresse sans le token |
|
|
|
|
$url = explode('&',$this->getUrl(2)); |
|
|
|
|
// L'article n'existe pas |
|
|
|
|
if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) { |
|
|
|
|
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { |
|
|
|
|
// Valeurs en sortie |
|
|
|
|
$this->addOutput([ |
|
|
|
|
'access' => false |
|
|
|
|
]); |
|
|
|
|
} |
|
|
|
|
// Jeton incorrect |
|
|
|
|
elseif(!isset($_GET['csrf'])) { |
|
|
|
|
elseif ($this->getUrl(3) !== $_SESSION['csrf']) { |
|
|
|
|
// Valeurs en sortie |
|
|
|
|
$this->addOutput([ |
|
|
|
|
'redirect' => helper::baseUrl(). $this->getUrl(0) . '/config', |
|
|
|
|
'notification' => 'Jeton invalide' |
|
|
|
|
]); |
|
|
|
|
} |
|
|
|
|
elseif ($_GET['csrf'] !== $_SESSION['csrf']) { |
|
|
|
|
// Valeurs en sortie |
|
|
|
|
$this->addOutput([ |
|
|
|
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', |
|
|
|
|
'notification' => 'Suppression non autorisée' |
|
|
|
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', |
|
|
|
|
'notification' => 'Action non autorisée' |
|
|
|
|
]); |
|
|
|
|
} |
|
|
|
|
// Suppression |
|
|
|
|
else { |
|
|
|
|
$this->deleteData(['module', $this->getUrl(0), $url[0]]); |
|
|
|
|
$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]); |
|
|
|
|
// Valeurs en sortie |
|
|
|
|
$this->addOutput([ |
|
|
|
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', |
|
|
|
@ -230,6 +220,14 @@ class blog extends common {
|
|
|
|
|
* Édition |
|
|
|
|
*/ |
|
|
|
|
public function edit() { |
|
|
|
|
// Jeton incorrect |
|
|
|
|
if ($this->getUrl(3) !== $_SESSION['csrf']) { |
|
|
|
|
// Valeurs en sortie |
|
|
|
|
$this->addOutput([ |
|
|
|
|
'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', |
|
|
|
|
'notification' => 'Action non autorisée' |
|
|
|
|
]); |
|
|
|
|
} |
|
|
|
|
// L'article n'existe pas |
|
|
|
|
if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { |
|
|
|
|
// Valeurs en sortie |
|
|
|
@ -240,7 +238,7 @@ class blog extends common {
|
|
|
|
|
// L'article existe |
|
|
|
|
else { |
|
|
|
|
// Soumission du formulaire |
|
|
|
|
if($this->isPost()) { |
|
|
|
|
if($this->isPost()) { |
|
|
|
|
$articleId = $this->getInput('blogEditTitle', helper::FILTER_ID, true); |
|
|
|
|
// Incrémente le nouvel id de l'article |
|
|
|
|
if($articleId !== $this->getUrl(2)) { |
|
|
|
|