filter($_POST['token']); $perm = (string) $_SESSION['editable'][$token]['perm']; if(!ADMIN || !e_AJAX_REQUEST || !isset($_SESSION['editable'][$token]) || !getperms($perm)) { $ret['msg'] = "Access Denied"; $ret['status'] = 'error'; echo json_encode($ret); return false; } $keys = array('sc','id','token'); foreach($keys as $k) { if(empty($_POST[$k])){ return; } } // unset($_SESSION['editable'][$token]); $shortcode = e107::getParser()->filter($_POST['sc']); $ret = array(); $id = intval($_POST['id']); $table = $_SESSION['editable'][$token]['table']; $field = $_SESSION['editable'][$token]['shortcodes'][$shortcode]['field']; $pid = $_SESSION['editable'][$token]['pid']; $type = $_SESSION['editable'][$token]['shortcodes'][$shortcode]['type']; if(empty($field) || empty($pid) || empty($table)) { $ret['msg'] = "Missing Data"; $ret['status'] = 'error'; echo json_encode($ret); return false; } $content = e107::getParser()->toDB($_POST['content']); $srch = array("","","[html]","[/html]"); $content = str_replace($srch,'',$content); $content = trim($content); if($type == 'html') { $content = '[html]'.$content.'[/html]'; } else { $content = strip_tags($content); } $update = array( $field => $content, 'WHERE' => $pid ." = ".$id . " LIMIT 1" ); // print_r($table); // print_r($update); if(e107::getDb()->update($table, $update) !== false) { $ret['msg'] = "Saved"; // LAN_UPDATED; or LAN_SAVED $ret['status'] = 'ok'; } else //FIXME only display error when query fails.. { $ret['msg'] = "Saving Failed"; // LAN_UPDATED_FAILED; $ret['status'] = 'error'; return false; } echo json_encode($ret); return true; } } new e107InlineEdit; exit;