summaryrefslogtreecommitdiffstats
path: root/includes/admin/views/giglog_admin_page.php
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2022-03-12 18:32:31 +0100
committerHarald Eilertsen <haraldei@anduin.net>2022-03-12 18:32:31 +0100
commit6c86c2b2d75ac4f989826275f4a63294bdc2fd17 (patch)
tree94b40dd6efd841fb1f77fde6d8d28627924d784a /includes/admin/views/giglog_admin_page.php
parentb4f6d9c766021c4b3285bdef97d29c25d5ed60fa (diff)
downloadgigologadmin-6c86c2b2d75ac4f989826275f4a63294bdc2fd17.tar.gz
gigologadmin-6c86c2b2d75ac4f989826275f4a63294bdc2fd17.tar.bz2
gigologadmin-6c86c2b2d75ac4f989826275f4a63294bdc2fd17.zip
Move update edit concert form code to class.
Also ensure that nonce checking is performed before both adding and editing concerts, and escape concert data before outputing it in the form.
Diffstat (limited to 'includes/admin/views/giglog_admin_page.php')
-rw-r--r--includes/admin/views/giglog_admin_page.php52
1 files changed, 3 insertions, 49 deletions
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php
index 6ce3cc8..a2682a1 100644
--- a/includes/admin/views/giglog_admin_page.php
+++ b/includes/admin/views/giglog_admin_page.php
@@ -77,57 +77,11 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) {
return;
}
- if (isset($_POST['newconcert'])) {
- if (empty($_POST['cname']) || empty($_POST['selectvenueadmin']) || empty($_POST['cdate']) || empty($_POST['ticket']) || empty($_POST['eventurl'])) {
- echo '<script language="javascript">alert("You are missing a value, concert was not created"); </script>';
- }
- else {
- if (GiglogAdmin_Concert::create($_POST['cname'], $_POST['selectvenueadmin'], $_POST['cdate'], $_POST['ticket'], $_POST['eventurl'])) {
- echo '<script language="javascript">alert("Yey, concert created"); </script>';
- }
- else {
- echo '<script language="javascript">alert("Nay, concert was duplicated"); </script>';
- }
- }
- }
-
- if (isset($_POST['editconcert']))
- {
- if (!isset($_POST['giglog_edit_concert_nonce'])
- || wp_verify_nonce($_POST['giglog_edit_concert_nonce'], plugin_basename( __FILE__ )))
- {
- header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden");
- wp_die('CSRF validation failed.', 403);
- }
-
- $roles = array_reduce(
- ['photo1', 'photo1', 'rev1', 'rev2'],
- function($roles, $r) {
- if (isset($_POST[$r])) {
- $roles[$r] = sanitize_user($_POST[$r]);
- }
- return $roles;
- },
- []
- );
-
- $attributes = [
- 'wpgconcert_name' => sanitize_text_field($_POST['cname']),
- 'venue' => intval($_POST['selectvenueadmin']),
- 'wpgconcert_date' => sanitize_text_field($_POST['cdate']),
- 'wpgconcert_ticket' => esc_url_raw($_POST['ticket']),
- 'wpgconcert_event' => esc_url_raw($_POST['eventurl']),
- 'wpgconcert_roles' => $roles,
- ];
-
- $concert = GiglogAdmin_Concert::get(intval($_POST['pid']));
- if ($concert && $concert->update((object) $attributes)) {
- // let user know the concert was updated.
- // Look into admin_notices
- }
+ if (isset($_POST['newconcert']) || isset($_POST['editconcert'])) {
+ GiglogAdmin_EditConcertForm::update();
+ return;
}
-
if(isset($_POST['newvenue']))
{
if (!isset($_POST['giglog_new_venue_nonce'])