\n";
echo "\n";
@@ -140,7 +129,6 @@ else {
echo "";
echo "
";
-
//include the footer
require_once "resources/footer.php";
?>
diff --git a/core/menu/menu_delete.php b/core/menu/menu_delete.php
index 2de7b3f883..3ac63da312 100644
--- a/core/menu/menu_delete.php
+++ b/core/menu/menu_delete.php
@@ -38,55 +38,54 @@ else {
$language = new text;
$text = $language->get();
-//set the variables
- if (count($_GET)>0) {
- $id = check_str($_GET["id"]);
- }
-
//delete the data
- if (strlen($id) == 36) {
+ if (is_uuid($_GET["id"])) {
+ $menu_uuid = $_GET["id"];
+
//start the database transaction
$db->beginTransaction();
//delete the menu
- $sql = "delete from v_menus ";
- $sql .= "where menu_uuid = '$id'; ";
- //echo $sql."\n";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ $array['menus'][0]['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->delete($array);
+ unset($array);
//delete the items in the menu
$sql = "delete from v_menu_items ";
- $sql .= "where menu_uuid = '$id'; ";
- //echo $sql."\n";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ $sql .= "where menu_uuid = :menu_uuid ";
+ $parameters['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
//delete the menu permissions
$sql = "delete from v_menu_item_groups ";
- $sql .= "where menu_uuid = '$id'; ";
- //echo $sql."\n";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ $sql .= "where menu_uuid = :menu_uuid ";
+ $parameters['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
//delete the menu languages
$sql = "delete from v_menu_languages ";
- $sql .= "where menu_uuid = '$id'; ";
- //echo $sql."\n";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
+ $sql .= "where menu_uuid = :menu_uuid ";
+ $parameters['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
//save the changes to the database
$db->commit();
+
+ //set message
+ message::add($text['message-delete']);
}
//redirect the user
- message::add($text['message-delete']);
header("Location: menu.php");
- return;
+ exit;
?>
\ No newline at end of file
diff --git a/core/menu/menu_edit.php b/core/menu/menu_edit.php
index d44a8f88d4..59fa2ca84e 100644
--- a/core/menu/menu_edit.php
+++ b/core/menu/menu_edit.php
@@ -39,9 +39,9 @@ else {
$text = $language->get();
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
- $menu_uuid = check_str($_REQUEST["id"]);
+ $menu_uuid = $_REQUEST["id"];
}
else {
$action = "add";
@@ -49,17 +49,17 @@ else {
//get http post variables and set them to php variables
if (count($_POST)>0) {
- $menu_uuid = check_str($_POST["menu_uuid"]);
- $menu_name = check_str($_POST["menu_name"]);
- $menu_language = check_str($_POST["menu_language"]);
- $menu_description = check_str($_POST["menu_description"]);
+ $menu_uuid = $_POST["menu_uuid"];
+ $menu_name = $_POST["menu_name"];
+ $menu_language = $_POST["menu_language"];
+ $menu_description = $_POST["menu_description"];
}
if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
$msg = '';
if ($action == "update") {
- $menu_uuid = check_str($_POST["menu_uuid"]);
+ $menu_uuid = $_POST["menu_uuid"];
}
//check for all required data
@@ -86,22 +86,15 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
$menu_uuid = uuid();
//start a new menu
- $sql = "insert into v_menus ";
- $sql .= "(";
- $sql .= "menu_uuid, ";
- $sql .= "menu_name, ";
- $sql .= "menu_language, ";
- $sql .= "menu_description ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".$menu_uuid."', ";
- $sql .= "'".$menu_name."', ";
- $sql .= "'".$menu_language."', ";
- $sql .= "'".$menu_description."' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['menus'][0]['menu_uuid'] = $menu_uuid;
+ $array['menus'][0]['menu_name'] = $menu_name;
+ $array['menus'][0]['menu_language'] = $menu_language;
+ $array['menus'][0]['menu_description'] = $menu_description;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->save($array);
+ unset($array);
//add the default items in the menu
require_once "resources/classes/menu.php";
@@ -119,38 +112,39 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
if ($action == "update") {
//update the menu
- $sql = "update v_menus set ";
- $sql .= "menu_name = '".$menu_name."', ";
- $sql .= "menu_language = '".$menu_language."', ";
- $sql .= "menu_description = '".$menu_description."' ";
- $sql .= "where menu_uuid = '".$menu_uuid."'";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['menus'][0]['menu_uuid'] = $menu_uuid;
+ $array['menus'][0]['menu_name'] = $menu_name;
+ $array['menus'][0]['menu_language'] = $menu_language;
+ $array['menus'][0]['menu_description'] = $menu_description;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->save($array);
+ unset($array);
//redirect the user back to the main menu
message::add($text['message-update']);
header("Location: menu.php");
return;
- } //if ($action == "update")
- } //if ($_POST["persistformvar"] != "true")
-} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+ }
+ }
+}
//pre-populate the form
if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
$menu_uuid = $_GET["id"];
$sql = "select * from v_menus ";
- $sql .= "where menu_uuid = '$menu_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where menu_uuid = :menu_uuid ";
+ $parameters['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$menu_uuid = $row["menu_uuid"];
$menu_name = $row["menu_name"];
$menu_language = $row["menu_language"];
$menu_description = $row["menu_description"];
- break; //limit to 1 row
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
}
//show the header
@@ -238,7 +232,9 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
echo "";
//show the menu items
- require_once "core/menu/menu_item_list.php";
+ if ($action == "update") {
+ require_once "core/menu/menu_item_list.php";
+ }
//include the footer
require_once "resources/footer.php";
diff --git a/core/menu/menu_item_delete.php b/core/menu/menu_item_delete.php
index 86c330c14d..526bc131e3 100644
--- a/core/menu/menu_item_delete.php
+++ b/core/menu/menu_item_delete.php
@@ -38,39 +38,49 @@ else {
$language = new text;
$text = $language->get();
-if (count($_GET)>0) {
- //clear the menu session so it will rebuild with the update
- $_SESSION["menu"] = "";
+//delete the data
+ if (is_uuid($_GET["id"]) && is_uuid($_GET["menu_item_uuid"])) {
+ //get the menu uuid
+ $menu_uuid = $_GET["id"];
+ $menu_item_uuid = $_GET["menu_item_uuid"];
- //get the menu uuid
- $menu_uuid = check_str($_GET["id"]);
- $menu_item_uuid = check_str($_GET["menu_item_uuid"]);
+ //clear the menu session so it will rebuild with the update
+ $_SESSION["menu"] = "";
- //delete the item in the menu
- $sql = "delete from v_menu_items ";
- $sql .= "where menu_item_uuid = '$menu_item_uuid' ";
- $sql .= "and menu_uuid = '$menu_uuid' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ //delete the item in the menu
+ $array['menu_items'][0]['menu_item_uuid'] = $menu_item_uuid;
+ $array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->delete($array);
- //delete the menu item groups
- $sql = "delete from v_menu_item_groups ";
- $sql .= "where menu_item_uuid = '$menu_item_uuid' ";
- $sql .= "and menu_uuid = '$menu_uuid' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ //delete the menu item groups
+ $sql = "delete from v_menu_item_groups ";
+ $sql .= "where menu_item_uuid = :menu_item_uuid ";
+ $sql .= "and menu_uuid = :menu_uuid ";
+ $parameters['menu_item_uuid'] = $menu_item_uuid;
+ $parameters['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
- //delete the menu item language
- $sql = "delete from v_menu_languages ";
- $sql .= "where menu_uuid = '$menu_uuid' ";
- $sql .= "and menu_item_uuid = '$menu_item_uuid' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ //delete the menu item language
+ $sql = "delete from v_menu_languages ";
+ $sql .= "where menu_uuid = :menu_uuid ";
+ $sql .= "and menu_item_uuid = :menu_item_uuid ";
+ $parameters['menu_uuid'] = $menu_uuid;
+ $parameters['menu_item_uuid'] = $menu_item_uuid;
+ $database = new database;
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
- //redirect the user
- message::add($text['message-delete']);
- header("Location: menu_edit.php?id=".$menu_uuid);
- return;
-}
+ //set message
+ message::add($text['message-delete']);
+ }
+
+//redirect the user
+ header("Location: menu_edit.php?id=".$menu_uuid);
+ exit;
?>
\ No newline at end of file
diff --git a/core/menu/menu_item_edit.php b/core/menu/menu_item_edit.php
index e512b70011..b3e53f0b7b 100644
--- a/core/menu/menu_item_edit.php
+++ b/core/menu/menu_item_edit.php
@@ -39,17 +39,20 @@ else {
$text = $language->get();
//get the menu_uuid
- $menu_uuid = check_str($_REQUEST["id"]);
- $menu_item_uuid = check_str($_REQUEST['menu_item_uuid']);
- $group_uuid_name = check_str($_REQUEST['group_uuid_name']);
- $menu_item_group_uuid = check_str($_REQUEST['menu_item_group_uuid']);
+ $menu_uuid = $_REQUEST["id"];
+ $menu_item_uuid = $_REQUEST['menu_item_uuid'];
+ $group_uuid_name = $_REQUEST['group_uuid_name'];
+ $menu_item_group_uuid = $_REQUEST['menu_item_group_uuid'];
//delete the group from the menu item
- if ($_REQUEST["a"] == "delete" && permission_exists("menu_delete") && $menu_item_group_uuid != '') {
+ if ($_REQUEST["a"] == "delete" && permission_exists("menu_delete") && is_uuid($menu_item_group_uuid)) {
//delete the group from the users
- $sql = "delete from v_menu_item_groups ";
- $sql .= "where menu_item_group_uuid = '".$menu_item_group_uuid."' ";
- $db->exec(check_sql($sql));
+ $array['menu_item_groups'][0]['menu_item_group_uuid'] = $menu_item_group_uuid;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->delete($array);
+ unset($array);
//redirect the browser
message::add($text['message-delete']);
header("Location: menu_item_edit.php?id=".$menu_uuid."&menu_item_uuid=".$menu_item_uuid."&menu_uuid=".$menu_uuid);
@@ -57,42 +60,38 @@ else {
}
//action add or update
- if (isset($_REQUEST["menu_item_uuid"])) {
- if (strlen($_REQUEST["menu_item_uuid"]) > 0) {
- $action = "update";
- $menu_item_uuid = check_str($_REQUEST["menu_item_uuid"]);
- }
- else {
- $action = "add";
- }
+ if (is_uuid($_REQUEST["menu_item_uuid"])) {
+ $action = "update";
+ $menu_item_uuid = $_REQUEST["menu_item_uuid"];
}
else {
$action = "add";
}
+
//clear the menu session so it will rebuild with the update
$_SESSION["menu"] = "";
//get the HTTP POST variables and set them as PHP variables
if (count($_POST) > 0) {
- $menu_uuid = check_str($_POST["menu_uuid"]);
- $menu_item_uuid = check_str($_POST["menu_item_uuid"]);
- $menu_item_title = check_str($_POST["menu_item_title"]);
- $menu_item_link = check_str($_POST["menu_item_link"]);
- $menu_item_category = check_str($_POST["menu_item_category"]);
- $menu_item_icon = check_str($_POST["menu_item_icon"]);
- $menu_item_description = check_str($_POST["menu_item_description"]);
- $menu_item_protected = check_str($_POST["menu_item_protected"]);
- //$menu_item_uuid = check_str($_POST["menu_item_uuid"]);
- $menu_item_parent_uuid = check_str($_POST["menu_item_parent_uuid"]);
- $menu_item_order = check_str($_POST["menu_item_order"]);
+ $menu_uuid = $_POST["menu_uuid"];
+ $menu_item_uuid = $_POST["menu_item_uuid"];
+ $menu_item_title = $_POST["menu_item_title"];
+ $menu_item_link = $_POST["menu_item_link"];
+ $menu_item_category = $_POST["menu_item_category"];
+ $menu_item_icon = $_POST["menu_item_icon"];
+ $menu_item_description = $_POST["menu_item_description"];
+ $menu_item_protected = $_POST["menu_item_protected"];
+ //$menu_item_uuid = $_POST["menu_item_uuid"];
+ $menu_item_parent_uuid = $_POST["menu_item_parent_uuid"];
+ $menu_item_order = $_POST["menu_item_order"];
}
//when a HTTP POST is available then process it
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
if ($action == "update") {
- $menu_item_uuid = check_str($_POST["menu_item_uuid"]);
+ $menu_item_uuid = $_POST["menu_item_uuid"];
}
//check for all required data
@@ -116,101 +115,77 @@ else {
//add or update the database
if ($_POST["persistformvar"] != "true") {
//get the language from the menu
- $sql = "SELECT menu_language FROM v_menus ";
- $sql .= "where menu_uuid = '$menu_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
- $menu_language = $row['menu_language'];
- }
+ $sql = "select menu_language from v_menus ";
+ $sql .= "where menu_uuid = :menu_uuid ";
+ $parameters['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $menu_language = $database->select($sql, $parameters, 'column');
+ unset($sql, $parameters);
//get the highest menu item order
- if (strlen($menu_item_parent_uuid) == 0) {
- $sql = "SELECT menu_item_order FROM v_menu_items ";
- $sql .= "where menu_uuid = '$menu_uuid' ";
+ if (!is_uuid($menu_item_parent_uuid)) {
+ $sql = "select menu_item_order from v_menu_items ";
+ $sql .= "where menu_uuid = :menu_uuid ";
$sql .= "and menu_item_parent_uuid is null ";
$sql .= "order by menu_item_order desc ";
$sql .= "limit 1 ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
- $highest_menu_item_order = $row['menu_item_order'];
- }
- unset($prep_statement);
+ $parameters['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $highest_menu_item_order = $database->select($sql, $parameters, 'column');
+ unset($sql, $parameters);
}
//add a menu item
if ($action == "add" && permission_exists('menu_add')) {
$menu_item_uuid = uuid();
- $sql = "insert into v_menu_items ";
- $sql .= "(";
- $sql .= "menu_uuid, ";
- $sql .= "menu_item_title, ";
- $sql .= "menu_item_link, ";
- $sql .= "menu_item_category, ";
- $sql .= "menu_item_icon, ";
- $sql .= "menu_item_description, ";
- $sql .= "menu_item_protected, ";
- $sql .= "menu_item_uuid, ";
- $sql .= "menu_item_parent_uuid, ";
- if (strlen($menu_item_parent_uuid) == 0) {
- $sql .= "menu_item_order, ";
- }
- $sql .= "menu_item_add_user, ";
- $sql .= "menu_item_add_date ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'$menu_uuid', ";
- $sql .= "'$menu_item_title', ";
- $sql .= "'$menu_item_link', ";
- $sql .= "'$menu_item_category', ";
- $sql .= "'$menu_item_icon', ";
- $sql .= "'$menu_item_description', ";
- $sql .= "'$menu_item_protected', ";
- $sql .= "'".$menu_item_uuid."', ";
- if (strlen($menu_item_parent_uuid) == 0) {
- $sql .= "null, ";
- $sql .= "'".($highest_menu_item_order+1)."', ";
+ $array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+ $array['menu_items'][0]['menu_item_title'] = $menu_item_title;
+ $array['menu_items'][0]['menu_item_link'] = $menu_item_link;
+ $array['menu_items'][0]['menu_item_category'] = $menu_item_category;
+ $array['menu_items'][0]['menu_item_icon'] = $menu_item_icon;
+ $array['menu_items'][0]['menu_item_description'] = $menu_item_description;
+ $array['menu_items'][0]['menu_item_protected'] = $menu_item_protected;
+ $array['menu_items'][0]['menu_item_uuid'] = $menu_item_uuid;
+ if (!is_uuid($menu_item_parent_uuid)) {
+ $array['menu_items'][0]['menu_item_parent_uuid'] = null;
+ $array['menu_items'][0]['menu_item_order'] = ($highest_menu_item_order + 1);
}
else {
- $sql .= "'$menu_item_parent_uuid', ";
+ $array['menu_items'][0]['menu_item_parent_uuid'] = $menu_item_parent_uuid;
}
- $sql .= "'".$_SESSION["username"]."', ";
- $sql .= "now() ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['menu_items'][0]['menu_item_add_user'] = $_SESSION["username"];
+ $array['menu_items'][0]['menu_item_add_date'] = 'now()';
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->save($array);
+ unset($array);
}
//update the menu item
if ($action == "update" && permission_exists('menu_edit')) {
- $sql = "update v_menu_items set ";
- $sql .= "menu_item_title = '$menu_item_title', ";
- $sql .= "menu_item_link = '$menu_item_link', ";
- $sql .= "menu_item_category = '$menu_item_category', ";
- $sql .= "menu_item_icon = '$menu_item_icon', ";
- $sql .= "menu_item_description = '$menu_item_description', ";
- $sql .= "menu_item_protected = '$menu_item_protected', ";
- if (strlen($menu_item_parent_uuid) == 0) {
- $sql .= "menu_item_parent_uuid = null, ";
- if (strlen($menu_item_order) > 0) {
- $sql .= "menu_item_order = '$menu_item_order', ";
- }
- else {
- $sql .= "menu_item_order = '".($highest_menu_item_order+1)."', ";
- }
+ $array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+ $array['menu_items'][0]['menu_item_title'] = $menu_item_title;
+ $array['menu_items'][0]['menu_item_link'] = $menu_item_link;
+ $array['menu_items'][0]['menu_item_category'] = $menu_item_category;
+ $array['menu_items'][0]['menu_item_icon'] = $menu_item_icon;
+ $array['menu_items'][0]['menu_item_description'] = $menu_item_description;
+ $array['menu_items'][0]['menu_item_protected'] = $menu_item_protected;
+ $array['menu_items'][0]['menu_item_uuid'] = $menu_item_uuid;
+ if (!is_uuid($menu_item_parent_uuid)) {
+ $array['menu_items'][0]['menu_item_parent_uuid'] = null;
+ $array['menu_items'][0]['menu_item_order'] = is_numeric($menu_item_order) ? $menu_item_order : ($highest_menu_item_order + 1);
}
else {
- $sql .= "menu_item_parent_uuid = '$menu_item_parent_uuid', ";
+ $array['menu_items'][0]['menu_item_parent_uuid'] = $menu_item_parent_uuid;
}
- $sql .= "menu_item_mod_user = '".$_SESSION["username"]."', ";
- $sql .= "menu_item_mod_date = now() ";
- $sql .= "where menu_uuid = '$menu_uuid' ";
- $sql .= "and menu_item_uuid = '$menu_item_uuid' ";
- $count = $db->exec(check_sql($sql));
+ $array['menu_items'][0]['menu_item_add_user'] = $_SESSION["username"];
+ $array['menu_items'][0]['menu_item_add_date'] = 'now()';
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->save($array);
+ unset($array);
}
//add a group to the menu
@@ -219,63 +194,56 @@ else {
$group_uuid = $group_data[0];
$group_name = $group_data[1];
//add the group to the menu
- if (strlen($menu_item_uuid) > 0) {
+ if (is_uuid($menu_item_uuid)) {
$menu_item_group_uuid = uuid();
- $sql_insert = "insert into v_menu_item_groups ";
- $sql_insert .= "(";
- $sql_insert .= "menu_item_group_uuid, ";
- $sql_insert .= "menu_uuid, ";
- $sql_insert .= "menu_item_uuid, ";
- $sql_insert .= "group_name, ";
- $sql_insert .= "group_uuid ";
- $sql_insert .= ")";
- $sql_insert .= "values ";
- $sql_insert .= "(";
- $sql_insert .= "'".$menu_item_group_uuid."', ";
- $sql_insert .= "'".$menu_uuid."', ";
- $sql_insert .= "'".$menu_item_uuid."', ";
- $sql_insert .= "'".$group_name."', ";
- $sql_insert .= "'".$group_uuid."' ";
- $sql_insert .= ")";
- $db->exec($sql_insert);
+ $array['menu_item_groups'][0]['menu_item_group_uuid'] = $menu_item_group_uuid;
+ $array['menu_item_groups'][0]['menu_uuid'] = $menu_uuid;
+ $array['menu_item_groups'][0]['menu_item_uuid'] = $menu_item_uuid;
+ $array['menu_item_groups'][0]['group_name'] = $group_name;
+ $array['menu_item_groups'][0]['group_uuid'] = $group_uuid;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->save($array);
+ unset($array);
}
}
//add title to menu languages
if ($_REQUEST["a"] != "delete" && strlen($menu_item_title) > 0 && permission_exists('menu_add')) {
- $sql = "select count(*) as num_rows from v_menu_languages ";
- $sql .= "where menu_item_uuid = '".$menu_item_uuid."' ";
- $sql .= "and menu_language = '$menu_language' ";
- $prep_statement = $db->prepare($sql);
- $prep_statement->execute();
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
- if ($row['num_rows'] == 0) {
- $sql_insert = "insert into v_menu_languages ";
- $sql_insert .= "(";
- $sql_insert .= "menu_language_uuid, ";
- $sql_insert .= "menu_uuid, ";
- $sql_insert .= "menu_item_uuid, ";
- $sql_insert .= "menu_language, ";
- $sql_insert .= "menu_item_title ";
- $sql_insert .= ")";
- $sql_insert .= "values ";
- $sql_insert .= "(";
- $sql_insert .= "'".uuid()."', ";
- $sql_insert .= "'".$menu_uuid."', ";
- $sql_insert .= "'".$menu_item_uuid."', ";
- $sql_insert .= "'".$menu_language."', ";
- $sql_insert .= "'".$menu_item_title."' ";
- $sql_insert .= ")";
- $db->exec($sql_insert);
+ $sql = "select count(*) from v_menu_languages ";
+ $sql .= "where menu_item_uuid = :menu_item_uuid ";
+ $sql .= "and menu_language = :menu_language ";
+ $parameters['menu_item_uuid'] = $menu_item_uuid;
+ $parameters['menu_language'] = $menu_language;
+ $database = new database;
+ $num_rows = $database->select($sql, $parameters, 'column');
+ if ($num_rows == 0) {
+ $array['menu_languages'][0]['menu_language_uuid'] = uuid();
+ $array['menu_languages'][0]['menu_uuid'] = $menu_uuid;
+ $array['menu_languages'][0]['menu_item_uuid'] = $menu_item_uuid;
+ $array['menu_languages'][0]['menu_language'] = $menu_language;
+ $array['menu_languages'][0]['menu_item_title'] = $menu_item_title;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->save($array);
+ unset($array);
}
else {
$sql = "update v_menu_languages set ";
- $sql .= "menu_item_title = '$menu_item_title' ";
- $sql .= "where menu_uuid = '$menu_uuid' ";
- $sql .= "and menu_item_uuid = '$menu_item_uuid' ";
- $sql .= "and menu_language = '$menu_language' ";
- $count = $db->exec(check_sql($sql));
+ $sql .= "menu_item_title = :menu_item_title ";
+ $sql .= "where menu_uuid = :menu_uuid ";
+ $sql .= "and menu_item_uuid = :menu_item_uuid ";
+ $sql .= "and menu_language = :menu_language ";
+ $parameters['menu_item_title'] = $menu_item_title;
+ $parameters['menu_uuid'] = $menu_uuid;
+ $parameters['menu_item_uuid'] = $menu_item_uuid;
+ $parameters['menu_language'] = $menu_language;
+ $database = new database;
+ $database->execute($sql, $parameters);
}
+ unset($sql, $parameters, $num_rows);
}
//set response message
@@ -294,20 +262,21 @@ else {
header("Location: menu_edit.php?id=".$menu_uuid);
}
return;
- } //if ($_POST["persistformvar"] != "true")
- } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+ }
+ }
//pre-populate the form
if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
$menu_item_uuid = $_GET["menu_item_uuid"];
$sql = "select * from v_menu_items ";
- $sql .= "where menu_uuid = '$menu_uuid' ";
- $sql .= "and menu_item_uuid = '$menu_item_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where menu_uuid = :menu_uuid ";
+ $sql .= "and menu_item_uuid = :menu_item_uuid ";
+ $parameters['menu_uuid'] = $menu_uuid;
+ $parameters['menu_item_uuid'] = $menu_item_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$menu_item_title = $row["menu_item_title"];
$menu_item_link = $row["menu_item_link"];
$menu_item_category = $row["menu_item_category"];
@@ -323,15 +292,17 @@ else {
$menu_item_mod_user = $row["menu_item_mod_user"];
$menu_item_mod_date = $row["menu_item_mod_date"];
}
+ unset($sql, $parameters, $row);
}
//get the the menu items
- $sql = "SELECT * FROM v_menu_items ";
- $sql .= "where menu_uuid = '$menu_uuid' ";
+ $sql = "select * from v_menu_items ";
+ $sql .= "where menu_uuid = :menu_uuid ";
$sql .= "order by menu_item_title asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $menu_items = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+ $parameters['menu_uuid'] = $menu_uuid;
+ $database = new database;
+ $menu_items = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//get the assigned groups
$sql = "select ";
@@ -346,30 +317,35 @@ else {
$sql .= "order by ";
$sql .= " g.domain_uuid desc, ";
$sql .= " g.group_name asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->bindParam(':menu_uuid', $menu_uuid);
- $prep_statement->bindParam(':menu_item_uuid', $menu_item_uuid);
- $prep_statement->execute();
- $menu_item_groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- unset($sql, $prep_statement);
+ $parameters['menu_uuid'] = $menu_uuid;
+ $parameters['menu_item_uuid'] = $menu_item_uuid;
+ $database = new database;
+ $menu_item_groups = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//set the assigned_groups array
- foreach($menu_item_groups as $field) {
- if (strlen($field['group_name']) > 0) {
- $assigned_groups[] = $field['group_uuid'];
+ if (is_array($menu_item_groups) && sizeof($menu_item_groups) != 0) {
+ foreach ($menu_item_groups as $field) {
+ if (strlen($field['group_name']) > 0) {
+ $assigned_groups[] = $field['group_uuid'];
+ }
}
}
//get the groups
$sql = "select * from v_groups ";
- if (sizeof($assigned_groups) > 0) {
- $sql .= "where group_uuid not in ('".implode("','",$assigned_groups)."') ";
+ if (is_array($assigned_groups) && sizeof($assigned_groups) != 0) {
+ $sql .= "where ";
+ foreach ($assigned_groups as $index => $assigned_group) {
+ $sql_where[] = "group_uuid <> :group_uuid_".$index;
+ $parameters['group_uuid_'.$index] = $assigned_group;
+ }
+ $sql .= implode(' and ', $sql_where);
}
$sql .= "order by domain_uuid desc, group_name asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- unset($sql, $prep_statement);
+ $database = new database;
+ $groups = $database->select($sql, $parameters, 'all');
+ unset($sql, $sql_where, $parameters);
//include the header
require_once "resources/header.php";
@@ -485,7 +461,7 @@ else {
echo " |
";
echo " | ".$text['label-groups']." | ";
echo " ";
- if (is_array($menu_item_groups)) {
+ if (is_array($menu_item_groups) && sizeof($menu_item_groups) != 0) {
echo "\n";
foreach($menu_item_groups as $field) {
if (strlen($field['group_name']) > 0) {
diff --git a/core/menu/menu_item_list.php b/core/menu/menu_item_list.php
index 4f852bf0c9..e7cbc0bccb 100644
--- a/core/menu/menu_item_list.php
+++ b/core/menu/menu_item_list.php
@@ -42,17 +42,19 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
//check for sub menus
$menu_item_level = $menu_item_level+1;
$sql = "select * from v_menu_items ";
- $sql .= "where menu_uuid = '".$menu_uuid."' ";
- $sql .= "and menu_item_parent_uuid = '".$menu_item_uuid."' ";
+ $sql .= "where menu_uuid = :menu_uuid ";
+ $sql .= "and menu_item_parent_uuid = :menu_item_parent_uuid ";
$sql .= "order by menu_item_title, menu_item_order asc ";
- $prep_statement_2 = $db->prepare($sql);
- $prep_statement_2->execute();
- $result2 = $prep_statement_2->fetchAll(PDO::FETCH_NAMED);
+ $parameters['menu_uuid'] = $menu_uuid;
+ $parameters['menu_item_parent_uuid'] = $menu_item_uuid;
+ $database = new database;
+ $result2 = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
$row_style["0"] = "row_style1";
$row_style["1"] = "row_style1";
- if (count($result2) > 0) {
+ if (is_array($result2) && sizeof($result2) != 0) {
if ($c == 0) { $c2 = 1; } else { $c2 = 0; }
foreach($result2 as $row2) {
//set the db values as php variables
@@ -62,8 +64,8 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
$menu_item_parent_uuid = $row2['menu_item_parent_uuid'];
$menu_item_order = $row2['menu_item_order'];
$menu_item_language = $row2['menu_item_language'];
- $menu_item_title = $row2[menu_item_title];
- $menu_item_link = $row2[menu_item_link];
+ $menu_item_title = $row2['menu_item_title'];
+ $menu_item_link = $row2['menu_item_link'];
//get the groups that have been assigned to the menu
$sql = "select ";
$sql .= " g.group_name, g.domain_uuid as group_domain_uuid ";
@@ -72,20 +74,24 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
$sql .= " v_groups as g ";
$sql .= "where ";
$sql .= " mig.group_uuid = g.group_uuid ";
- $sql .= " and mig.menu_uuid = '".$menu_uuid."' ";
- $sql .= " and mig.menu_item_uuid = '".$menu_item_uuid."' ";
+ $sql .= " and mig.menu_uuid = :menu_uuid ";
+ $sql .= " and mig.menu_item_uuid = :menu_item_uuid ";
$sql .= "order by ";
$sql .= " g.domain_uuid desc, ";
$sql .= " g.group_name asc ";
- $sub_prep_statement = $db->prepare(check_sql($sql));
- $sub_prep_statement->execute();
- $sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED);
- unset($group_list);
- foreach ($sub_result as &$sub_row) {
- $group_list[] = $sub_row["group_name"].(($sub_row['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name'] : null);
+ $parameters['menu_uuid'] = $menu_uuid;
+ $parameters['menu_item_uuid'] = $menu_item_uuid;
+ $database = new database;
+ $sub_result = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters, $group_list);
+
+ if (is_array($sub_result) && sizeof($sub_result) != 0) {
+ foreach ($sub_result as &$sub_row) {
+ $group_list[] = $sub_row["group_name"].(($sub_row['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name'] : null);
+ }
+ $group_list = isset($group_list) ? implode(', ', $group_list) : '';
}
- $group_list = isset($group_list) ? implode(', ', $group_list) : '';
- unset ($sub_prep_statement);
+ unset($sql, $sub_result, $sub_row);
//display the main body of the list
switch ($menu_item_category) {
case "internal":
@@ -103,7 +109,7 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
}
//display the content of the list
- $tr_link = (permission_exists('menu_edit')) ? "href='menu_item_edit.php?id=".$menu_uuid."&menu_item_uuid=".$row2['menu_item_uuid']."&menu_item_parent_uuid=".$row2['menu_item_parent_uuid']."'" : null;
+ $tr_link = permission_exists('menu_edit') ? "href='menu_item_edit.php?id=".$menu_uuid."&menu_item_uuid=".$row2['menu_item_uuid']."&menu_item_parent_uuid=".$row2['menu_item_parent_uuid']."'" : null;
echo "\n";
echo "";
echo "| ".$group_list." | ";
@@ -138,12 +144,15 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
//update the menu order
if ($row2[menu_item_order] != $tmp_menu_item_order) {
- $sql = "update v_menu_items set ";
- $sql .= "menu_item_title = '".$row2[menu_item_title]."', ";
- $sql .= "menu_item_order = '".$tmp_menu_item_order."' ";
- $sql .= "where menu_uuid = '".$menu_uuid."' ";
- $sql .= "and menu_item_uuid = '".$row2[menu_item_uuid]."' ";
- $count = $db->exec(check_sql($sql));
+ $array['menu_items'][0]['menu_item_uuid'] = $row2['menu_item_uuid'];
+ $array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+ $array['menu_items'][0]['menu_item_title'] = $row2['menu_item_title'];
+ $array['menu_items'][0]['menu_item_order'] = $tmp_menu_item_order;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->save($array);
+ unset($array);
}
$tmp_menu_item_order++;
@@ -154,54 +163,44 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
if ($c==0) { $c=1; } else { $c=0; }
} //end foreach
- unset($sql, $result2, $row2);
+ unset($result2, $row2);
}
return $c;
//end check for children
}
require_once "resources/header.php";
-$order_by = $_GET["order_by"];
+
+$order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'menu_item_order';
$order = $_GET["order"];
$sql = "select * from v_menu_items ";
-$sql .= "where menu_uuid = '".$menu_uuid."' ";
+$sql .= "where menu_uuid = :menu_uuid ";
$sql .= "and menu_item_parent_uuid is null ";
-if (strlen($order_by)> 0) {
- $sql .= "order by $order_by $order ";
-}
-else {
- $sql .= "order by menu_item_order asc ";
-}
-$prep_statement = $db->prepare(check_sql($sql));
-$prep_statement->execute();
-$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-$result_count = count($result);
+$sql .= order_by($order_by, $order);
+$parameters['menu_uuid'] = $menu_uuid;
+$database = new database;
+$result = $database->select($sql, $parameters, 'all');
+unset($sql, $parameters);
$c = 0;
$row_style["0"] = "row_style0";
$row_style["1"] = "row_style0";
echo "\n";
-
-if ($result_count == 0) {
- //no results
- echo "| | ";
+echo " ";
+echo " | ".$text['label-title']." | ";
+echo " ".$text['label-groups']." | ";
+echo " ".$text['label-category']." | ";
+echo " ".$text['label-protected']." | ";
+echo " ".$text['label-menu_order']." | ";
+echo " ";
+if (permission_exists('menu_add')) {
+ echo " $v_link_label_add";
}
-else {
- echo " | ";
- echo "| ".$text['label-title']." | ";
- echo "".$text['label-groups']." | ";
- echo "".$text['label-category']." | ";
- echo "".$text['label-protected']." | ";
- echo "".$text['label-menu_order']." | ";
- echo "";
- if (permission_exists('menu_add')) {
- echo "$v_link_label_add";
- }
- echo " | \n";
- echo " ";
-
+echo " \n";
+echo " ";
+if (is_array($result) && sizeof($result) != 0) {
foreach($result as $row) {
//set the db values as php variables
$menu_item_uuid = $row['menu_item_uuid'];
@@ -218,20 +217,24 @@ else {
$sql .= " v_groups as g ";
$sql .= "where ";
$sql .= " mig.group_uuid = g.group_uuid ";
- $sql .= " and mig.menu_uuid = '".$menu_uuid."' ";
- $sql .= " and mig.menu_item_uuid = '".$menu_item_uuid."' ";
+ $sql .= " and mig.menu_uuid = :menu_uuid ";
+ $sql .= " and mig.menu_item_uuid = :menu_item_uuid ";
$sql .= "order by ";
$sql .= " g.domain_uuid desc, ";
$sql .= " g.group_name asc ";
- $sub_prep_statement = $db->prepare(check_sql($sql));
- $sub_prep_statement->execute();
- $sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED);
- unset($group_list);
- foreach ($sub_result as &$sub_row) {
- $group_list[] = $sub_row["group_name"].(($sub_row['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name'] : null);
+ $parameters['menu_uuid'] = $menu_uuid;
+ $parameters['menu_item_uuid'] = $menu_item_uuid;
+ $database = new database;
+ $sub_result = $database->select($sql, $parameters, 'all');
+ unset($sql, $group_list);
+
+ if (is_array($sub_result) && sizeof($sub_result) != 0) {
+ foreach ($sub_result as &$sub_row) {
+ $group_list[] = $sub_row["group_name"].(($sub_row['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name'] : null);
+ }
+ $group_list = implode(', ', $group_list);
}
- $group_list = implode(', ', $group_list);
- unset ($sub_prep_statement);
+ unset($sub_result, $sub_row);
//add the type link based on the typd of the menu
switch ($menu_item_category) {
@@ -290,12 +293,15 @@ else {
//update the menu order
if ($row[menu_item_order] != $tmp_menu_item_order) {
- $sql = "update v_menu_items set ";
- $sql .= "menu_item_title = '".$row['menu_item_title']."', ";
- $sql .= "menu_item_order = '".$tmp_menu_item_order."' ";
- $sql .= "where menu_uuid = '".$menu_uuid."' ";
- $sql .= "and menu_item_uuid = '".$row[menu_item_uuid]."' ";
- //$db->exec(check_sql($sql));
+ $array['menu_items'][0]['menu_item_uuid'] = $row['menu_item_uuid'];
+ $array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+ $array['menu_items'][0]['menu_item_title'] = $row['menu_item_title'];
+ $array['menu_items'][0]['menu_item_order'] = $tmp_menu_item_order;
+ //$database = new database;
+ //$database->app_name = 'menu';
+ //$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ //$database->save($array);
+ unset($array);
}
$tmp_menu_item_order++;
@@ -307,7 +313,7 @@ else {
if ($c==0) { $c=1; } else { $c=0; }
} //end foreach
- unset($sql, $result, $row_count);
+ unset($result);
} //end if results
diff --git a/core/menu/menu_item_move_down.php b/core/menu/menu_item_move_down.php
index 099aca1e78..828a5e9b1b 100644
--- a/core/menu/menu_item_move_down.php
+++ b/core/menu/menu_item_move_down.php
@@ -42,21 +42,17 @@ else {
//update v_menu_items set menu_item_order = (menu_item_order+1) where menu_item_order > 2 or menu_item_order = 2
if (count($_GET)>0) {
- $menu_item_id = check_str($_GET["menu_item_id"]);
- $menu_item_order = check_str($_GET["menu_item_order"]);
- $menu_parent_guid = check_str($_GET["menu_parent_guid"]);
+ $menu_item_id = $_GET["menu_item_id"];
+ $menu_item_order = $_GET["menu_item_order"];
+ $menu_parent_guid = $_GET["menu_parent_guid"];
- $sql = "SELECT menu_item_order FROM v_menu_items ";
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
+ $sql = "select menu_item_order from v_menu_items ";
+ $sql .= "where domain_uuid = :domain_uuid ";
$sql .= "order by menu_item_order desc ";
- $sql .= "limit 1 ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
- $highestmenu_item_order = $row[menu_item_order];
- }
- unset($prep_statement);
+ $sql .= "limit 1 offset 0";
+ $parameters['domain_uuid'] = $domain_uuid;
+ $database = new database;
+ $highestmenu_item_order = $database->select($sql, $parameters, 'column');
if ($menu_item_order != $highestmenu_item_order) {
//clear the menu session so it will rebuild with the update
@@ -64,23 +60,35 @@ if (count($_GET)>0) {
//move the current item's order number up
$sql = "update v_menu_items set ";
- $sql .= "menu_item_order = (menu_item_order-1) "; //move down
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
- $sql .= "and menu_item_order = ".($menu_item_order+1)." ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $sql .= "menu_item_order = (menu_item_order - 1) "; //move down
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and menu_item_order = :menu_item_order ";
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['menu_item_order'] = $menu_item_order + 1;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
//move the selected item's order number down
$sql = "update v_menu_items set ";
- $sql .= "menu_item_order = (menu_item_order+1) "; //move up
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
- $sql .= "and menu_item_id = '$menu_item_id' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $sql .= "menu_item_order = (menu_item_order + 1) "; //move up
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and menu_item_id = :menu_item_id ";
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['menu_item_id'] = $menu_item_id;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
+
+ //set message
+ message::add($text['message-moved_down']);
}
//redirect the user
- message::add($text['message-moved_down']);
header("Location: menu_list.php?menu_item_id=".$menu_item_id);
return;
}
diff --git a/core/menu/menu_item_move_up.php b/core/menu/menu_item_move_up.php
index 05a51579e1..600b3e7bf9 100644
--- a/core/menu/menu_item_move_up.php
+++ b/core/menu/menu_item_move_up.php
@@ -42,8 +42,8 @@ else {
//update v_menu_items set menu_order = (menu_order+1) where menu_order > 2 or menu_order = 2
if (count($_GET)>0) {
- $menu_item_id = check_str($_GET["menu_item_id"]);
- $menu_order = check_str($_GET["menu_order"]);
+ $menu_item_id = $_GET["menu_item_id"];
+ $menu_order = $_GET["menu_order"];
if ($menu_order != 1) {
//clear the menu session so it will rebuild with the update
@@ -51,23 +51,35 @@ if (count($_GET)>0) {
//move the current item's order number down
$sql = "update v_menu_items set ";
- $sql .= "menu_order = (menu_order+1) "; //move down
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
- $sql .= "and menu_order = ".($menu_order-1)." ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $sql .= "menu_order = (menu_order + 1) "; //move down
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and menu_order = :menu_order ";
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['menu_order'] = $menu_order - 1;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
//move the selected item's order number up
$sql = "update v_menu_items set ";
- $sql .= "menu_order = (menu_order-1) "; //move up
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
- $sql .= "and menu_item_id = '$menu_item_id' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $sql .= "menu_order = (menu_order - 1) "; //move up
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and menu_item_id = :menu_item_id ";
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['menu_item_id'] = $menu_item_id;
+ $database = new database;
+ $database->app_name = 'menu';
+ $database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
+
+ //set message
+ message::add($text['message-moved_up']);
}
//redirect the user
- message::add($text['message-moved_up']);
header("Location: menu_list.php?menu_item_id=".$menu_item_id);
return;
}
diff --git a/core/menu/menu_restore_default.php b/core/menu/menu_restore_default.php
index f75d5db840..c2ac31767d 100644
--- a/core/menu/menu_restore_default.php
+++ b/core/menu/menu_restore_default.php
@@ -44,8 +44,8 @@
//get the http value and set as a php variable
if (!$included) {
- $menu_uuid = check_str($_REQUEST["menu_uuid"]);
- $menu_language = check_str($_REQUEST["menu_language"]);
+ $menu_uuid = $_REQUEST["menu_uuid"];
+ $menu_language = $_REQUEST["menu_language"];
}
//menu restore default
|