607 // Once again, the new template parsing system can be used here |
607 // Once again, the new template parsing system can be used here |
608 |
608 |
609 $parser = $this->makeParserText($tplvars['sidebar_button']); |
609 $parser = $this->makeParserText($tplvars['sidebar_button']); |
610 |
610 |
611 $parser->assign_vars(Array( |
611 $parser->assign_vars(Array( |
612 'HREF'=>makeUrlNS('Special', 'Logout'), |
612 'HREF'=>makeUrlNS('Special', 'Logout/' . $session->csrf_token), |
613 'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"', |
613 'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"', |
614 'TEXT'=>'Log out', |
614 'TEXT'=>'Log out', |
615 )); |
615 )); |
616 |
616 |
617 $logout_link = $parser->run(); |
617 $logout_link = $parser->run(); |
679 // if($t['theme_id'] == $session->theme) $js_dynamic .= ' selected="selected"'; |
679 // if($t['theme_id'] == $session->theme) $js_dynamic .= ' selected="selected"'; |
680 $js_dynamic .= '>'.$t['theme_name'].'</option>'; |
680 $js_dynamic .= '>'.$t['theme_name'].'</option>'; |
681 } |
681 } |
682 } |
682 } |
683 $js_dynamic .= '\'; |
683 $js_dynamic .= '\'; |
684 var ENANO_CURRENT_THEME = \''. $session->theme .'\';'; |
684 var ENANO_CURRENT_THEME = \''. $session->theme .'\'; |
|
685 var csrf_token = \'' . $session->csrf_token . '\';'; |
685 foreach($paths->nslist as $k => $c) |
686 foreach($paths->nslist as $k => $c) |
686 { |
687 { |
687 $js_dynamic .= "namespace_list['{$k}'] = '$c';"; |
688 $js_dynamic .= "namespace_list['{$k}'] = '$c';"; |
688 } |
689 } |
689 $js_dynamic .= "\n //]]>\n </script>"; |
690 $js_dynamic .= "\n //]]>\n </script>"; |
1678 return ''; |
1679 return ''; |
1679 } |
1680 } |
1680 $ob = '<div class="usermessage">'."\n"; |
1681 $ob = '<div class="usermessage">'."\n"; |
1681 $s = ( $session->unread_pms == 1 ) ? '' : 's'; |
1682 $s = ( $session->unread_pms == 1 ) ? '' : 's'; |
1682 $ob .= " <b>You have $session->unread_pms <a href=" . '"' . makeUrlNS('Special', 'PrivateMessages' ) . '"' . ">unread private message$s</a>.</b><br />\n Messages: "; |
1683 $ob .= " <b>You have $session->unread_pms <a href=" . '"' . makeUrlNS('Special', 'PrivateMessages' ) . '"' . ">unread private message$s</a>.</b><br />\n Messages: "; |
1683 $q = $db->sql_query('SELECT message_id,message_from,subject,date FROM '.table_prefix.'privmsgs WHERE message_to=\'' . $session->username . '\' AND message_read=0 ORDER BY date DESC;'); |
1684 $q = $db->sql_query('SELECT message_id,message_from,subject,date FROM '.table_prefix.'privmsgs WHERE message_to=\'' . $session->username . '\' AND message_read=0 AND folder_name != \'drafts\' ORDER BY date DESC;'); |
1684 if ( !$q ) |
1685 if ( !$q ) |
1685 $db->_die(); |
1686 $db->_die(); |
1686 $messages = array(); |
1687 $messages = array(); |
1687 while ( $row = $db->fetchrow() ) |
1688 while ( $row = $db->fetchrow() ) |
1688 { |
1689 { |
1689 $messages[] = '<a href="' . makeUrlNS('Special', 'PrivateMessages/View/' . $row['message_id']) . '" title="Sent ' . date('F d, Y h:i a', $row['date']) . ' by ' . $row['message_from'] . '">' . $row['subject'] . '</a>'; |
1690 $messages[] = '<a href="' . makeUrlNS('Special', 'PrivateMessages/View/' . $row['message_id']) . '" title="Sent ' . date('F d, Y h:i a', $row['date']) . ' by ' . htmlspecialchars($row['message_from']) . '">' . htmlspecialchars($row['subject']) . '</a>'; |
1690 } |
1691 } |
1691 $ob .= implode(",\n " , $messages)."\n"; |
1692 $ob .= implode(",\n " , $messages)."\n"; |
1692 $ob .= '</div>'."\n"; |
1693 $ob .= '</div>'."\n"; |
1693 return $ob; |
1694 return $ob; |
1694 } |
1695 } |