OSDN Git Service

Add some codes from 3.61. Currently files under /nucleus/libs and /nucleus/libs/sql...
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / libs / ADMIN.php
index a58cf1c..6b6e536 100755 (executable)
@@ -1,7 +1,7 @@
 <?php\r
 /*\r
  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
- * Copyright (C) 2002-2007 The Nucleus Group\r
+ * Copyright (C) 2002-2010 The Nucleus Group\r
  *\r
  * This program is free software; you can redistribute it and/or\r
  * modify it under the terms of the GNU General Public License\r
@@ -13,8 +13,8 @@
  * The code for the Nucleus admin area\r
  *\r
  * @license http://nucleuscms.org/license.txt GNU General Public License\r
- * @copyright Copyright (C) 2002-2007 The Nucleus Group\r
- * @version $Id: ADMIN.php,v 1.24 2008-02-08 09:31:22 kimitake Exp $\r
+ * @copyright Copyright (C) 2002-2010 The Nucleus Group\r
+ * @version $Id$\r
  * @version $NucleusJP: ADMIN.php,v 1.21.2.4 2007/10/30 19:04:24 kmorimatsu Exp $\r
  */\r
 \r
@@ -62,10 +62,60 @@ class ADMIN {
                // check ticket. All actions need a ticket, unless they are considered to be safe (a safe action\r
                // is an action that requires user interaction before something is actually done)\r
                // all safe actions are in this array:\r
-               $aActionsNotToCheck = array('showlogin', 'login', 'overview', 'itemlist', 'blogcommentlist', 'bookmarklet', 'blogsettings', 'banlist', 'deleteblog', 'editmembersettings', 'browseownitems', 'browseowncomments', 'createitem', 'itemedit', 'itemmove', 'categoryedit', 'categorydelete', 'manage', 'actionlog', 'settingsedit', 'backupoverview', 'pluginlist', 'createnewlog', 'usermanagement', 'skinoverview', 'templateoverview', 'skinieoverview', 'itemcommentlist', 'commentedit', 'commentdelete', 'banlistnewfromitem', 'banlistdelete', 'itemdelete', 'manageteam', 'teamdelete', 'banlistnew', 'memberedit', 'memberdelete', 'pluginhelp', 'pluginoptions', 'plugindelete', 'skinedittype', 'skinremovetype', 'skindelete', 'skinedit', 'templateedit', 'templatedelete', 'activate');\r
+               $aActionsNotToCheck = array(\r
+                       'showlogin',\r
+                       'login',\r
+                       'overview',\r
+                       'itemlist',\r
+                       'blogcommentlist',\r
+                       'bookmarklet',\r
+                       'blogsettings',\r
+                       'banlist',\r
+                       'deleteblog',\r
+                       'editmembersettings',\r
+                       'browseownitems',\r
+                       'browseowncomments',\r
+                       'createitem',\r
+                       'itemedit',\r
+                       'itemmove',\r
+                       'categoryedit',\r
+                       'categorydelete',\r
+                       'manage',\r
+                       'actionlog',\r
+                       'settingsedit',\r
+                       'backupoverview',\r
+                       'pluginlist',\r
+                       'createnewlog',\r
+                       'usermanagement',\r
+                       'skinoverview',\r
+                       'templateoverview',\r
+                       'skinieoverview',\r
+                       'itemcommentlist',\r
+                       'commentedit',\r
+                       'commentdelete',\r
+                       'banlistnewfromitem',\r
+                       'banlistdelete',\r
+                       'itemdelete',\r
+                       'manageteam',\r
+                       'teamdelete',\r
+                       'banlistnew',\r
+                       'memberedit',\r
+                       'memberdelete',\r
+                       'pluginhelp',\r
+                       'pluginoptions',\r
+                       'plugindelete',\r
+                       'skinedittype',\r
+                       'skinremovetype',\r
+                       'skindelete',\r
+                       'skinedit',\r
+                       'templateedit',\r
+                       'templatedelete',\r
+                       'activate',\r
+                       'systemoverview'\r
+               );\r
 /*\r
                // the rest of the actions needs to be checked\r
-               $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'sendping', 'rawping', 'activatesetpwd');\r
+               $aActionsToCheck = array('additem', 'itemupdate', 'itemmoveto', 'categoryupdate', 'categorydeleteconfirm', 'itemdeleteconfirm', 'commentdeleteconfirm', 'teamdeleteconfirm', 'memberdeleteconfirm', 'templatedeleteconfirm', 'skindeleteconfirm', 'banlistdeleteconfirm', 'plugindeleteconfirm', 'batchitem', 'batchcomment', 'batchmember', 'batchcategory', 'batchteam', 'regfile', 'commentupdate', 'banlistadd', 'changemembersettings', 'clearactionlog', 'settingsupdate', 'blogsettingsupdate', 'categorynew', 'teamchangeadmin', 'teamaddmember', 'memberadd', 'addnewlog', 'addnewlog2', 'backupcreate', 'backuprestore', 'pluginup', 'plugindown', 'pluginupdate', 'pluginadd', 'pluginoptionsupdate', 'skinupdate', 'skinclone', 'skineditgeneral', 'templateclone', 'templatenew', 'templateupdate', 'skinieimport', 'skinieexport', 'skiniedoimport', 'skinnew', 'deleteblogconfirm', 'activatesetpwd');\r
 */\r
                if (!in_array($this->action, $aActionsNotToCheck))\r
                {\r
@@ -107,9 +157,9 @@ class ADMIN {
                ?>\r
 \r
                <form action="index.php" method="post"><p>\r
-               <?php echo _LOGIN_NAME?>: <br /><input name="login"  tabindex="10" />\r
+               <?php echo _LOGIN_NAME; ?> <br /><input name="login"  tabindex="10" />\r
                <br />\r
-               <?php echo _LOGIN_PASSWORD?>: <br /><input name="password"  tabindex="20" type="password" />\r
+               <?php echo _LOGIN_PASSWORD; ?> <br /><input name="password"  tabindex="20" type="password" />\r
                <br />\r
                <input name="action" value="login" type="hidden" />\r
                <br />\r
@@ -119,7 +169,7 @@ class ADMIN {
                        <input type="checkbox" value="1" name="shared" tabindex="40" id="shared" /><label for="shared"><?php echo _LOGIN_SHARED?></label>\r
                        <br /><a href="forgotpassword.html"><?php echo _LOGIN_FORGOT?></a>\r
                </small>\r
-               <?php                   // pass through vars\r
+               <?php              // pass through vars\r
 \r
                        $oldaction = postVar('oldaction');\r
                        if (  ($oldaction != 'logout')  && ($oldaction != 'login')  && $passvars ) {\r
@@ -129,7 +179,7 @@ class ADMIN {
 \r
                ?>\r
                </p></form>\r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
        }\r
 \r
 \r
@@ -168,7 +218,7 @@ class ADMIN {
                if (($showAll != 'yes') && ($member->isAdmin())) {\r
                        $total = quickQuery('SELECT COUNT(*) as result FROM ' . sql_table('blog'));\r
                        if ($total > $amount)\r
-                               echo '<p><a href="index.php?action=overview&amp;showall=yes">Show all blogs</a></p>';\r
+                               echo '<p><a href="index.php?action=overview&amp;showall=yes">' . _OVERVIEW_SHOWALL . '</a></p>';\r
                }\r
 \r
                if ($amount == 0)\r
@@ -258,7 +308,7 @@ class ADMIN {
         * @todo document this\r
         */\r
        function action_itemlist($blogid = '') {\r
-               global $member, $manager;\r
+               global $member, $manager, $CONF;\r
 \r
                if ($blogid == '')\r
                        $blogid = intRequestVar('blogid');\r
@@ -283,17 +333,20 @@ class ADMIN {
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = intPostVar('amount');\r
-               else\r
-                       $amount = 10;\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
 \r
                $search = postVar('search');    // search through items\r
 \r
-               $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime'\r
+               $query =  'SELECT bshortname, cname, mname, ititle, ibody, inumber, idraft, itime, bnumber, catid'\r
                           . ' FROM ' . sql_table('item') . ', ' . sql_table('blog') . ', ' . sql_table('member') . ', ' . sql_table('category')\r
                           . ' WHERE iblog=bnumber and iauthor=mnumber and icat=catid and iblog=' . $blogid;\r
 \r
                if ($search)\r
-                       $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
+                       $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';\r
 \r
                // non-blog-admins can only edit/delete their own items\r
                if (!$member->blogAdminRights($blogid))\r
@@ -481,7 +534,7 @@ class ADMIN {
                                case 'unsetadmin':\r
                                        // there should always remain at least one super-admin\r
                                        $r = sql_query('SELECT * FROM '.sql_table('member'). ' WHERE madmin=1 and mcanlogin=1');\r
-                                       if (mysql_num_rows($r) < 2)\r
+                                       if (sql_num_rows($r) < 2)\r
                                                $error = _ERROR_ATLEASTONEADMIN;\r
                                        else\r
                                                sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);\r
@@ -551,7 +604,7 @@ class ADMIN {
                                case 'unsetadmin':\r
                                        // there should always remain at least one admin\r
                                        $r = sql_query('SELECT * FROM '.sql_table('team').' WHERE tadmin=1 and tblog='.$blogid);\r
-                                       if (mysql_num_rows($r) < 2)\r
+                                       if (sql_num_rows($r) < 2)\r
                                                $error = _ERROR_ATLEASTONEBLOGADMIN;\r
                                        else\r
                                                sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);\r
@@ -624,7 +677,7 @@ class ADMIN {
                                        $error = _BATCH_UNKNOWN . htmlspecialchars($action);\r
                        }\r
 \r
-                       echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';\r
+                       echo '<b>',($error ? _ERROR . ': '.$error : _BATCH_SUCCESS),'</b>';\r
                        echo '</li>';\r
                }\r
 \r
@@ -664,7 +717,7 @@ class ADMIN {
                        <input type="submit" value="<?php echo _MOVE_BTN?>" onclick="return checkSubmit();" />\r
 \r
                </div></form>\r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
                exit;\r
        }\r
 \r
@@ -697,7 +750,7 @@ class ADMIN {
                        <input type="submit" value="<?php echo _MOVECAT_BTN?>" onclick="return checkSubmit();" />\r
 \r
                </div></form>\r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
                exit;\r
        }\r
 \r
@@ -716,7 +769,7 @@ class ADMIN {
                        <?php $manager->addTicketHidden() ?>\r
                        <input type="hidden" name="batchaction" value="delete" />\r
                        <input type="hidden" name="confirmation" value="yes" />\r
-                       <?php                           // insert selected item numbers\r
+                       <?php                      // insert selected item numbers\r
                                $idx = 0;\r
                                foreach ($ids as $id)\r
                                        echo '<input type="hidden" name="batch[',($idx++),']" value="',intval($id),'" />';\r
@@ -736,7 +789,7 @@ class ADMIN {
                        <input type="submit" value="<?php echo _BATCH_DELETE_CONFIRM_BTN?>" onclick="return checkSubmit();" />\r
 \r
                </div></form>\r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
                exit;\r
        }\r
 \r
@@ -752,12 +805,12 @@ class ADMIN {
 \r
        /**\r
         * Inserts a HTML select element with choices for all blogs to which the user has access\r
-        *              mode = 'blog' => shows blognames and values are blogids\r
-        *              mode = 'category' => show category names and values are catids\r
+        *        mode = 'blog' => shows blognames and values are blogids\r
+        *        mode = 'category' => show category names and values are catids\r
         *\r
         * @param $iForcedBlogInclude\r
-        *              ID of a blog that always needs to be included, without checking if the\r
-        *              member is on the blog team (-1 = none)\r
+        *        ID of a blog that always needs to be included, without checking if the\r
+        *        member is on the blog team (-1 = none)\r
         * @todo document parameters\r
         */\r
        function selectBlog($name, $mode='blog', $selected = 0, $tabindex = 0, $showNewCat = 0, $iForcedBlogInclude = -1) {\r
@@ -773,7 +826,7 @@ class ADMIN {
                else\r
                        $queryBlogs =  'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
                $rblogids = sql_query($queryBlogs);\r
-               while ($o = mysql_fetch_object($rblogids))\r
+               while ($o = sql_fetch_object($rblogids))\r
                        if ($o->bnumber != $iForcedBlogInclude)\r
                                $aBlogIds[] = intval($o->bnumber);\r
 \r
@@ -787,10 +840,10 @@ class ADMIN {
                $queryBlogs =  'SELECT bnumber, bname FROM '.sql_table('blog').' WHERE bnumber in ('.implode(',',$aBlogIds).') ORDER BY bname';\r
                $blogs = sql_query($queryBlogs);\r
                if ($mode == 'category') {\r
-                       if (mysql_num_rows($blogs) > 1)\r
+                       if (sql_num_rows($blogs) > 1)\r
                                $multipleBlogs = 1;\r
 \r
-                       while ($oBlog = mysql_fetch_object($blogs)) {\r
+                       while ($oBlog = sql_fetch_object($blogs)) {\r
                                if ($multipleBlogs)\r
                                        echo '<optgroup label="',htmlspecialchars($oBlog->bname),'">';\r
 \r
@@ -803,7 +856,7 @@ class ADMIN {
 \r
                                // 2. for each category in that blog\r
                                $categories = sql_query('SELECT cname, catid FROM '.sql_table('category').' WHERE cblog=' . $oBlog->bnumber . ' ORDER BY cname ASC');\r
-                               while ($oCat = mysql_fetch_object($categories)) {\r
+                               while ($oCat = sql_fetch_object($categories)) {\r
                                        if ($oCat->catid == $selected)\r
                                                $selectText = ' selected="selected" ';\r
                                        else\r
@@ -816,7 +869,7 @@ class ADMIN {
                        }\r
                } else {\r
                        // blog mode\r
-                       while ($oBlog = mysql_fetch_object($blogs)) {\r
+                       while ($oBlog = sql_fetch_object($blogs)) {\r
                                echo '<option value="',$oBlog->bnumber,'"';\r
                                if ($oBlog->bnumber == $selected)\r
                                        echo ' selected="selected"';\r
@@ -831,7 +884,7 @@ class ADMIN {
         * @todo document this\r
         */\r
        function action_browseownitems() {\r
-               global $member, $manager;\r
+               global $member, $manager, $CONF;\r
 \r
                $this->pagehead();\r
 \r
@@ -847,8 +900,11 @@ class ADMIN {
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = intPostVar('amount');\r
-               else\r
-                       $amount = 10;\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
 \r
                $search = postVar('search');    // search through items\r
 \r
@@ -857,7 +913,7 @@ class ADMIN {
                           . ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';\r
 \r
                if ($search)\r
-                       $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';\r
+                       $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';\r
 \r
                $query .= ' ORDER BY itime DESC'\r
                                . " LIMIT $start,$amount";\r
@@ -878,7 +934,7 @@ class ADMIN {
         * @param int $itemid\r
         */\r
        function action_itemcommentlist($itemid = '') {\r
-               global $member, $manager;\r
+               global $member, $manager, $CONF;\r
 \r
                if ($itemid == '')\r
                        $itemid = intRequestVar('itemid');\r
@@ -899,18 +955,21 @@ class ADMIN {
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = intPostVar('amount');\r
-               else\r
-                       $amount = 10;\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
 \r
                $search = postVar('search');\r
 \r
                echo '<p>(<a href="index.php?action=itemlist&amp;blogid=',$blogid,'">',_BACKTOOVERVIEW,'</a>)</p>';\r
                echo '<h2>',_COMMENTS,'</h2>';\r
 \r
-               $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;\r
+               $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid;\r
 \r
                if ($search)\r
-                       $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
+                       $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
 \r
                $query .= ' ORDER BY ctime ASC'\r
                                . " LIMIT $start,$amount";\r
@@ -929,7 +988,7 @@ class ADMIN {
         * Browse own comments\r
         */\r
        function action_browseowncomments() {\r
-               global $member, $manager;\r
+               global $member, $manager, $CONF;\r
 \r
                // start index\r
                if (postVar('start'))\r
@@ -940,8 +999,11 @@ class ADMIN {
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = intPostVar('amount');\r
-               else\r
-                       $amount = 10;\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
 \r
                $search = postVar('search');\r
 \r
@@ -949,7 +1011,7 @@ class ADMIN {
                $query =  'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();\r
 \r
                if ($search)\r
-                       $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
+                       $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
 \r
                $query .= ' ORDER BY ctime DESC'\r
                                . " LIMIT $start,$amount";\r
@@ -960,7 +1022,7 @@ class ADMIN {
                echo '<h2>', _COMMENTS_YOUR ,'</h2>';\r
 \r
                $template['content'] = 'commentlist';\r
-               $template['canAddBan'] = 0;     // doesn't make sense to allow banning yourself\r
+               $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself\r
 \r
                $manager->loadClass("ENCAPSULATE");\r
                $navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);\r
@@ -975,7 +1037,7 @@ class ADMIN {
         */\r
        function action_blogcommentlist($blogid = '')\r
        {\r
-               global $member, $manager;\r
+               global $member, $manager, $CONF;\r
 \r
                if ($blogid == '')\r
                        $blogid = intRequestVar('blogid');\r
@@ -993,8 +1055,11 @@ class ADMIN {
                // amount of items to show\r
                if (postVar('amount'))\r
                        $amount = intPostVar('amount');\r
-               else\r
-                       $amount = 10;\r
+               else {\r
+                       $amount = intval($CONF['DefaultListSize']);\r
+                       if ($amount < 1)\r
+                               $amount = 10;\r
+               }\r
 \r
                $search = postVar('search');            // search through comments\r
 \r
@@ -1002,7 +1067,7 @@ class ADMIN {
                $query =  'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);\r
 \r
                if ($search != '')\r
-                       $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';\r
+                       $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';\r
 \r
 \r
                $query .= ' ORDER BY ctime DESC'\r
@@ -1098,9 +1163,9 @@ class ADMIN {
                        return;\r
                }\r
 \r
-               $body   = postVar('body');\r
-               $title  = postVar('title');\r
-               $more   = postVar('more');\r
+               $body   = postVar('body');\r
+               $title  = postVar('title');\r
+               $more   = postVar('more');\r
                $closed = intPostVar('closed');\r
                $draftid = intPostVar('draftid');\r
 \r
@@ -1134,45 +1199,21 @@ class ADMIN {
                                $wasdraft: set to 1 when the item used to be a draft item\r
                                $publish: set to 1 when the edited item is not a draft\r
                */\r
-               switch ($actiontype) {\r
-                       case 'adddraft':\r
-                               $publish = 0;\r
-                               $wasdraft = 1;\r
-                               $timestamp = 0;\r
-                               break;\r
-                       case 'addfuture':\r
-                               $wasdraft = 1;\r
-                               $publish = 1;\r
-                               $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
-                               break;\r
-                       case 'addnow':\r
-                               $wasdraft = 1;\r
-                               $publish = 1;\r
-                               $timestamp = 0;\r
-                               break;\r
-                       case 'changedate':\r
-                               $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));\r
-                               $publish = 1;\r
-                               $wasdraft = 0;\r
-                               break;\r
-                       case 'edit':\r
-                       default:\r
-                               $publish = 1;\r
-                               $wasdraft = 0;\r
-                               $timestamp = 0;\r
+               $blogid =  getBlogIDFromItemID($itemid);\r
+               $blog   =& $manager->getBlog($blogid);\r
+\r
+               $wasdrafts = array('adddraft', 'addfuture', 'addnow');\r
+               $wasdraft  = in_array($actiontype, $wasdrafts) ? 1 : 0;\r
+               $publish   = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;\r
+               if ($actiontype == 'addfuture' || $actiontype == 'changedate') {\r
+                       $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));\r
+               } else {\r
+                       $timestamp =0;\r
                }\r
 \r
                // edit the item for real\r
                ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);\r
 \r
-               $blogid = getBlogIDFromItemID($itemid);\r
-               $blog =& $manager->getBlog($blogid);\r
-\r
-               $isFuture = 0;\r
-               if ($timestamp > $blog->getCorrectTime(time())) {\r
-                       $isFuture = 1;\r
-               }\r
-\r
                $this->updateFuturePosted($blogid);\r
 \r
                if ($draftid > 0) {\r
@@ -1180,11 +1221,6 @@ class ADMIN {
                        ITEM::delete($draftid);\r
                }\r
 \r
-               if (!$closed && $publish && $wasdraft && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 && !$isFuture) {\r
-                       $this->action_sendping($blogid);\r
-                       return;\r
-               }\r
-\r
                // show category edit window when we created a new category\r
                // ($catid will then be a new category ID, while postVar('catid') will be 'newcat-x')\r
                if ($catid != intPostVar('catid')) {\r
@@ -1292,7 +1328,7 @@ class ADMIN {
                $currenttime = $blog->getCorrectTime(time());\r
                $result = sql_query("SELECT * FROM ".sql_table('item').\r
                        " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));\r
-               if (mysql_num_rows($result) > 0) {\r
+               if (sql_num_rows($result) > 0) {\r
                                $blog->setFuturePost();\r
                }\r
                else {\r
@@ -1394,7 +1430,7 @@ class ADMIN {
         * Adds a item to the chosen blog\r
         */\r
        function action_additem() {\r
-               global $member, $manager, $CONF;\r
+               global $manager, $CONF;\r
 \r
                $manager->loadClass('ITEM');\r
 \r
@@ -1405,82 +1441,16 @@ class ADMIN {
 \r
                $blogid = getBlogIDFromItemID($result['itemid']);\r
                $blog =& $manager->getBlog($blogid);\r
+               $btimestamp = $blog->getCorrectTime();\r
+               $item      = $manager->getItem(intval($result['itemid']), 1, 1);\r
 \r
-               $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));\r
-\r
-               if ($result['status'] == 'newcategory')\r
-                       $this->action_categoryedit(\r
-                               $result['catid'],\r
-                               $blogid,\r
-                               $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 ? $pingUrl : ''\r
-                       );\r
-               elseif ((postVar('actiontype') == 'addnow') && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0)\r
-                       $this->action_sendping($blogid);\r
-               else\r
-                       $this->action_itemlist($blogid);\r
-       }\r
-\r
-       /**\r
-        * Shows a window that says we're about to ping.\r
-        * immediately refresh to the real pinging page, which will\r
-        * show an error, or redirect to the blog.\r
-        *\r
-        * @param int $blogid ID of blog for which ping needs to be sent out\r
-        */\r
-       function action_sendping($blogid = -1) {\r
-               global $member, $manager;\r
-\r
-               if ($blogid == -1)\r
-                       $blogid = intRequestVar('blogid');\r
-\r
-               $member->isLoggedIn() or $this->disallow();\r
-\r
-               $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));\r
-\r
-               $this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');\r
-               ?>\r
-               <h2>Site Updated, Now pinging various weblog listing services...</h2>\r
-\r
-               <p>\r
-                       This can take a while...\r
-               </p>\r
-\r
-               <p>\r
-                       If you aren't automatically passed through, <a href="index.php?action=rawping&amp;blogid=<?php echo $blogid?>">try again</a>\r
-               </p>\r
-               <?php           $this->pagefoot();\r
-       }\r
-\r
-       /**\r
-        * Sends the real ping (can take up to 10 seconds!)\r
-        */\r
-       function action_rawping() {\r
-               global $manager;\r
-               // TODO: checks?\r
-\r
-               $blogid = intRequestVar('blogid');\r
-               $blog =& $manager->getBlog($blogid);\r
-\r
-               $this->pagehead();\r
-\r
-               ?>\r
-\r
-               <h2>Pinging services, please wait...</h2>\r
-               <div class='note'>\r
-                <?php\r
-\r
-               // send sendPing event\r
-               $manager->notify('SendPing', array('blogid' => $blogid));\r
-\r
-                ?>\r
-                </div>\r
-\r
-               <ul>\r
-                       <li><a href="index.php?action=itemlist&amp;blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>\r
-                       <li><a href="<?php echo $blog->getURL()?>">Visit your own site</a></li>\r
-               </ul>\r
-\r
-               <?php           $this->pagefoot();\r
+               if ($result['status'] == 'newcategory') {\r
+                       $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));\r
+                       $this->action_categoryedit($result['catid'], $blogid, $distURI);\r
+               } else {\r
+                       $methodName = 'action_itemList';\r
+                       call_user_func(array(&$this, $methodName), $blogid);\r
+               }\r
        }\r
 \r
        /**\r
@@ -1499,9 +1469,11 @@ class ADMIN {
 \r
                // change <br /> to \n\r
                $comment['body'] = str_replace('<br />','',$comment['body']);\r
-\r
-               $comment['body'] = eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>","\\1",$comment['body']);\r
-\r
+               \r
+               // replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0\r
+               /* original eregi_replace: eregi_replace("<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>", "\\1", $comment['body']) */\r
+               $comment['body'] = preg_replace("#<a href=['\"]([^'\"]+)['\"]( rel=\"nofollow\")?>[^<]*</a>#I", "\\1", $comment['body']);\r
+               \r
                $this->pagehead();\r
 \r
                ?>\r
@@ -1517,7 +1489,7 @@ class ADMIN {
                </tr><tr>\r
                        <td><?php echo _EDITC_WHO?></td>\r
                        <td>\r
-                       <?php                           if ($comment['member'])\r
+                       <?php                      if ($comment['member'])\r
                                        echo $comment['member'] . " (" . _EDITC_MEMBER . ")";\r
                                else\r
                                        echo $comment['user'] . " (" . _EDITC_NONMEMBER . ")";\r
@@ -1529,10 +1501,19 @@ class ADMIN {
                </tr><tr>\r
                        <td><?php echo _EDITC_HOST?></td>\r
                        <td><?php echo  $comment['host']; ?></td>\r
-               </tr><tr>\r
+               </tr>\r
+               <tr>\r
+                       <td><?php echo _EDITC_URL; ?></td>\r
+                       <td><input type="text" name="url" size="30" tabindex="6" value="<?php echo $comment['userid']; ?>" /></td>\r
+               </tr>\r
+               <tr>\r
+                       <td><?php echo _EDITC_EMAIL; ?></td>\r
+                       <td><input type="text" name="email" size="30" tabindex="8" value="<?php echo $comment['email']; ?>" /></td>\r
+               </tr>\r
+               <tr>\r
                        <td><?php echo _EDITC_TEXT?></td>\r
                        <td>\r
-                               <textarea name="body" tabindex="10" rows="10" cols="50"><?php                                   // htmlspecialchars not needed (things should be escaped already)\r
+                               <textarea name="body" tabindex="10" rows="10" cols="50"><?php                              // htmlspecialchars not needed (things should be escaped already)\r
                                        echo $comment['body'];\r
                                ?></textarea>\r
                        </td>\r
@@ -1556,19 +1537,28 @@ class ADMIN {
 \r
                $member->canAlterComment($commentid) or $this->disallow();\r
 \r
+               $url = postVar('url');\r
+               $email = postVar('email');\r
                $body = postVar('body');\r
-\r
+               \r
+               # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+               # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE\r
+               # important note that '\' must be matched with '\\\\' in preg* expressions\r
                // intercept words that are too long\r
-               if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)\r
+               if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)\r
+               {\r
                        $this->error(_ERROR_COMMENT_LONGWORD);\r
-\r
+               }\r
+               \r
                // check length\r
-               if (strlen($body)<3)\r
+               if (strlen($body) < 3) {\r
                        $this->error(_ERROR_COMMENT_NOCOMMENT);\r
+               }\r
                if (strlen($body)>5000)\r
+               {\r
                        $this->error(_ERROR_COMMENT_TOOLONG);\r
-\r
-\r
+               }\r
+               \r
                // prepare body\r
                $body = COMMENT::prepareBody($body);\r
 \r
@@ -1576,13 +1566,13 @@ class ADMIN {
                $manager->notify('PreUpdateComment',array('body' => &$body));\r
 \r
                $query =  'UPDATE '.sql_table('comment')\r
-                          . " SET cbody='" .addslashes($body). "'"\r
+                          . " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'"\r
                           . " WHERE cnumber=" . $commentid;\r
                sql_query($query);\r
 \r
                // get itemid\r
                $res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);\r
-               $o = mysql_fetch_object($res);\r
+               $o = sql_fetch_object($res);\r
                $itemid = $o->citem;\r
 \r
                if ($member->canAlterItem($itemid))\r
@@ -1645,7 +1635,7 @@ class ADMIN {
 \r
                // get item id first\r
                $res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);\r
-               $o = mysql_fetch_object($res);\r
+               $o = sql_fetch_object($res);\r
                $itemid = $o->citem;\r
 \r
                $error = $this->deleteOneComment($commentid);\r
@@ -1721,7 +1711,7 @@ class ADMIN {
                                <td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>\r
                                <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>\r
                                </td>\r
-                               <td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>\r
+                               <td><input tabindex="10010" name="name" size="32" maxlength="32" /></td>\r
                        </tr><tr>\r
                                <td><?php echo _MEMBERS_REALNAME?></td>\r
                                <td><input name="realname" tabindex="10020" size="40" maxlength="60" /></td>\r
@@ -1803,7 +1793,7 @@ class ADMIN {
                        </td>\r
                        <td>\r
                        <?php if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { ?>\r
-                               <input name="name" tabindex="10" maxlength="16" size="16" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
+                               <input name="name" tabindex="10" maxlength="32" size="32" value="<?php echo  htmlspecialchars($mem->getDisplayName()); ?>" />\r
                        <?php } else {\r
                                echo htmlspecialchars($member->getDisplayName());\r
                           }\r
@@ -1849,25 +1839,35 @@ class ADMIN {
 \r
                                <select name="deflang" tabindex="85">\r
                                        <option value=""><?php echo _MEMBERS_USESITELANG?></option>\r
-                               <?php                           // show a dropdown list of all available languages\r
+                               <?php                      // show a dropdown list of all available languages\r
                                global $DIR_LANG;\r
                                $dirhandle = opendir($DIR_LANG);\r
-                               while ($filename = readdir($dirhandle)) {\r
-                                       if (ereg("^(.*)\.php$",$filename,$matches)) {\r
+                               while ($filename = readdir($dirhandle))\r
+                               {\r
+                                       # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+                                       # original ereg: ereg("^(.*)\.php$", $filename, $matches)\r
+                                       if (preg_match('#^(.*)\.php$#', $filename, $matches) )\r
+                                       {\r
                                                $name = $matches[1];\r
-                                               echo "<option value='$name'";\r
-                                               if ($name == $mem->getLanguage())\r
-                                                       echo " selected='selected'";\r
+                                               echo "<option value=\"$name\"";\r
+                                               if ($name == $mem->getLanguage() )\r
+                                               {\r
+                                                       echo " selected=\"selected\"";\r
+                                               }\r
                                                echo ">$name</option>";\r
                                        }\r
                                }\r
                                closedir($dirhandle);\r
-\r
+                               \r
                                ?>\r
                                </select>\r
 \r
                        </td>\r
                </tr>\r
+               <tr>\r
+                       <td><?php echo _MEMBERS_USEAUTOSAVE?> <?php help('autosave'); ?></td>\r
+                       <td><?php $this->input_yesno('autosave', $mem->getAutosave(), 87); ?></td>\r
+               </tr>\r
                <?php\r
                        // plugin options\r
                        $this->_insertPluginOptions('member',$memberid);\r
@@ -1905,20 +1905,23 @@ class ADMIN {
                // check if allowed\r
                ($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();\r
 \r
-               $name                   = trim(strip_tags(postVar('name')));\r
-               $realname               = trim(strip_tags(postVar('realname')));\r
-               $password               = postVar('password');\r
-               $repeatpassword = postVar('repeatpassword');\r
-               $email                  = strip_tags(postVar('email'));\r
+               $name              = trim(strip_tags(postVar('name')));\r
+               $realname          = trim(strip_tags(postVar('realname')));\r
+               $password          = postVar('password');\r
+               $repeatpassword = postVar('repeatpassword');\r
+               $email            = strip_tags(postVar('email'));\r
                $url                    = strip_tags(postVar('url'));\r
 \r
-               // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.\r
-               if (!eregi("^https?://", $url))\r
-                       $url = "http://".$url;\r
-\r
-               $admin                  = postVar('admin');\r
-               $canlogin               = postVar('canlogin');\r
-               $notes                  = strip_tags(postVar('notes'));\r
+               # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+               # original eregi: !eregi("^https?://", $url)\r
+               // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.\r
+               if (!preg_match('#^https?://#', $url) )\r
+               {\r
+                       $url = "http://" . $url;\r
+               }\r
+               $admin            = postVar('admin');\r
+               $canlogin          = postVar('canlogin');\r
+               $notes            = strip_tags(postVar('notes'));\r
                $deflang                = postVar('deflang');\r
 \r
                $mem = MEMBER::createFromID($memberid);\r
@@ -1936,6 +1939,15 @@ class ADMIN {
 \r
                        if ($password && (strlen($password) < 6))\r
                                $this->error(_ERROR_PASSWORDTOOSHORT);\r
+\r
+                       if ($password) {\r
+                               $pwdvalid = true;\r
+                               $pwderror = '';\r
+                               $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
+                               if (!$pwdvalid) {\r
+                                       $this->error($pwderror);\r
+                               }\r
+                       }\r
                }\r
 \r
                if (!isValidMailAddress($email))\r
@@ -1950,12 +1962,12 @@ class ADMIN {
 \r
                // check if there will remain at least one site member with both the logon and admin rights\r
                // (check occurs when taking away one of these rights from such a member)\r
-               if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
+               if (    (!$admin && $mem->isAdmin() && $mem->canLogin())\r
                         || (!$canlogin && $mem->isAdmin() && $mem->canLogin())\r
                   )\r
                {\r
                        $r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');\r
-                       if (mysql_num_rows($r) < 2)\r
+                       if (sql_num_rows($r) < 2)\r
                                $this->error(_ERROR_ATLEASTONEADMIN);\r
                }\r
 \r
@@ -1980,6 +1992,8 @@ class ADMIN {
                        $mem->setCanLogin($canlogin);\r
                }\r
 \r
+               $autosave = postVar ('autosave');\r
+               $mem->setAutosave($autosave);\r
 \r
                $mem->write();\r
 \r
@@ -2153,7 +2167,7 @@ class ADMIN {
         * @author dekarma\r
         */\r
        function action_activatesetpwd() {\r
-\r
+               \r
                $key = postVar('key');\r
 \r
                // clean up old activation keys\r
@@ -2170,17 +2184,25 @@ class ADMIN {
                if (!$mem)\r
                        return $this->_showActivationPage($key, _ERROR_ACTIVATE);\r
 \r
-               $password               = postVar('password');\r
-               $repeatpassword = postVar('repeatpassword');\r
+               $password          = postVar('password');\r
+               $repeatpassword = postVar('repeatpassword');\r
 \r
                if ($password != $repeatpassword)\r
                        return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);\r
 \r
                if ($password && (strlen($password) < 6))\r
                        return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);\r
-\r
+               \r
+               if ($password) {\r
+                       $pwdvalid = true;\r
+                       $pwderror = '';\r
+                       global $manager;\r
+                       $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));\r
+                       if (!$pwdvalid) {\r
+                               return $this->_showActivationPage($key,$pwderror);\r
+                       }\r
+               }\r
                $error = '';\r
-               global $manager;\r
                $manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));\r
                if ($error != '')\r
                        return $this->_showActivationPage($key, $error);\r
@@ -2242,7 +2264,7 @@ class ADMIN {
 \r
                        <table><tr>\r
                                <td><?php echo _TEAM_CHOOSEMEMBER?></td>\r
-                               <td><?php                                       // TODO: try to make it so only non-team-members are listed\r
+                               <td><?php                                  // TODO: try to make it so only non-team-members are listed\r
                                        $query =  'SELECT mname as text, mnumber as value'\r
                                                   . ' FROM '.sql_table('member');\r
 \r
@@ -2349,24 +2371,24 @@ class ADMIN {
                        return _ERROR_DISALLOWED;\r
 \r
                // check if: - there remains at least one blog admin\r
-               //           - (there remains at least one team member)\r
-               $mem = MEMBER::createFromID($memberid);\r
+               //                 - (there remains at least one team member)\r
+               $tmem = MEMBER::createFromID($memberid);\r
 \r
-               $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));\r
+               $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
 \r
-               if ($mem->isBlogAdmin($blogid)) {\r
+               if ($tmem->isBlogAdmin($blogid)) {\r
                        // check if there are more blog members left and at least one admin\r
                        // (check for at least two admins before deletion)\r
                        $query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';\r
                        $r = sql_query($query);\r
-                       if (mysql_num_rows($r) < 2)\r
+                       if (sql_num_rows($r) < 2)\r
                                return _ERROR_ATLEASTONEBLOGADMIN;\r
                }\r
 \r
                $query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";\r
                sql_query($query);\r
 \r
-               $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));\r
+               $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));\r
 \r
                return '';\r
        }\r
@@ -2388,7 +2410,7 @@ class ADMIN {
                // don't allow when there is only one admin at this moment\r
                if ($mem->isBlogAdmin($blogid)) {\r
                        $r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");\r
-                       if (mysql_num_rows($r) == 1)\r
+                       if (sql_num_rows($r) == 1)\r
                                $this->error(_ERROR_ATLEASTONEBLOGADMIN);\r
                }\r
 \r
@@ -2429,11 +2451,11 @@ class ADMIN {
 \r
                <h3><?php echo _EBLOG_TEAM_TITLE?></h3>\r
 \r
-               <p>Members currently on your team:\r
+               <p><?php echo _EBLOG_CURRENT_TEAM_MEMBER; ?>\r
                <?php\r
                        $res = sql_query('SELECT mname, mrealname FROM ' . sql_table('member') . ',' . sql_table('team') . ' WHERE mnumber=tmember AND tblog=' . intval($blogid));\r
                        $aMemberNames = array();\r
-                       while ($o = mysql_fetch_object($res))\r
+                       while ($o = sql_fetch_object($res))\r
                                array_push($aMemberNames, htmlspecialchars($o->mname) . ' (' . htmlspecialchars($o->mrealname). ')');\r
                        echo implode(',', $aMemberNames);\r
                ?>\r
@@ -2503,7 +2525,7 @@ class ADMIN {
                 <td><?php $this->input_yesno('reqemail',$blog->emailRequired(),72); ?></td>\r
          </tr><tr>\r
                        <td><?php echo _EBLOG_NOTIFY?> <?php help('blognotify'); ?></td>\r
-                       <td><input name="notify" tabindex="80" maxlength="60" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
+                       <td><input name="notify" tabindex="80" maxlength="128" size="40" value="<?php echo  htmlspecialchars($blog->getNotifyAddress()); ?>" /></td>\r
                </tr><tr>\r
                        <td><?php echo _EBLOG_NOTIFY_ON?></td>\r
                        <td>\r
@@ -2520,15 +2542,6 @@ class ADMIN {
                                /><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>\r
                        </td>\r
                </tr><tr>\r
-               <?php\r
-               if (numberOfEventSubscriber('SendPing') > 0) {\r
-               ?>\r
-                       <td><?php echo _EBLOG_PING?> <?php help('sendping'); ?></td>\r
-                       <td><?php $this->input_yesno('sendping',$blog->sendPing(),85); ?></td>\r
-               </tr><tr>\r
-               <?php\r
-               }\r
-               ?>\r
                        <td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>\r
                        <td><input name="maxcomments" tabindex="90" size="3" value="<?php echo  htmlspecialchars($blog->getMaxComments()); ?>" /></td>\r
                </tr><tr>\r
@@ -2635,13 +2648,13 @@ class ADMIN {
                if (!isValidCategoryName($cname))\r
                        $this->error(_ERROR_BADCATEGORYNAME);\r
 \r
-               $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);\r
+               $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid);\r
                $res = sql_query($query);\r
-               if (mysql_num_rows($res) > 0)\r
+               if (sql_num_rows($res) > 0)\r
                        $this->error(_ERROR_DUPCATEGORYNAME);\r
 \r
-               $blog           =& $manager->getBlog($blogid);\r
-               $newCatID       =  $blog->createNewCategory($cname, $cdesc);\r
+               $blog      =& $manager->getBlog($blogid);\r
+               $newCatID   =  $blog->createNewCategory($cname, $cdesc);\r
 \r
                $this->action_blogsettings();\r
        }\r
@@ -2664,7 +2677,7 @@ class ADMIN {
                $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
                $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");\r
-               $obj = mysql_fetch_object($res);\r
+               $obj = sql_fetch_object($res);\r
 \r
                $cname = $obj->cname;\r
                $cdesc = $obj->cdesc;\r
@@ -2725,14 +2738,14 @@ class ADMIN {
                if (!isValidCategoryName($cname))\r
                        $this->error(_ERROR_BADCATEGORYNAME);\r
 \r
-               $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
+               $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";\r
                $res = sql_query($query);\r
-               if (mysql_num_rows($res) > 0)\r
+               if (sql_num_rows($res) > 0)\r
                        $this->error(_ERROR_DUPCATEGORYNAME);\r
 \r
                $query =  'UPDATE '.sql_table('category').' SET'\r
-                          . " cname='" . addslashes($cname) . "',"\r
-                          . " cdesc='" . addslashes($cdesc) . "'"\r
+                          . " cname='" . sql_real_escape_string($cname) . "',"\r
+                          . " cdesc='" . sql_real_escape_string($cdesc) . "'"\r
                           . " WHERE catid=" . $catid;\r
 \r
                sql_query($query);\r
@@ -2775,7 +2788,7 @@ class ADMIN {
                // check if catid is the only category left for blogid\r
                $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
                $res = sql_query($query);\r
-               if (mysql_num_rows($res) == 1)\r
+               if (sql_num_rows($res) == 1)\r
                        $this->error(_ERROR_DELETELASTCATEGORY);\r
 \r
 \r
@@ -2824,8 +2837,6 @@ class ADMIN {
 \r
                $catid = intval($catid);\r
 \r
-               $manager->notify('PreDeleteCategory', array('catid' => $catid));\r
-\r
                $blogid = getBlogIDFromCatID($catid);\r
 \r
                if (!$member->blogAdminRights($blogid))\r
@@ -2847,9 +2858,11 @@ class ADMIN {
                // check if catid is the only category left for blogid\r
                $query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;\r
                $res = sql_query($query);\r
-               if (mysql_num_rows($res) == 1)\r
+               if (sql_num_rows($res) == 1)\r
                        return _ERROR_DELETELASTCATEGORY;\r
 \r
+               $manager->notify('PreDeleteCategory', array('catid' => $catid));\r
+\r
                // change category for all items to the default category\r
                $query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";\r
                sql_query($query);\r
@@ -2910,7 +2923,7 @@ class ADMIN {
                // update comments table (cblog)\r
                $query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;\r
                $items = sql_query($query);\r
-               while ($oItem = mysql_fetch_object($items)) {\r
+               while ($oItem = sql_fetch_object($items)) {\r
                        sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);\r
                }\r
 \r
@@ -2945,16 +2958,16 @@ class ADMIN {
 \r
                $blog =& $manager->getBlog($blogid);\r
 \r
-               $notify                 = trim(postVar('notify'));\r
-               $shortname              = trim(postVar('shortname'));\r
-               $updatefile             = trim(postVar('update'));\r
+               $notify          = trim(postVar('notify'));\r
+               $shortname        = trim(postVar('shortname'));\r
+               $updatefile      = trim(postVar('update'));\r
 \r
-               $notifyComment  = intPostVar('notifyComment');\r
-               $notifyVote             = intPostVar('notifyVote');\r
-               $notifyNewItem  = intPostVar('notifyNewItem');\r
+               $notifyComment  = intPostVar('notifyComment');\r
+               $notifyVote      = intPostVar('notifyVote');\r
+               $notifyNewItem  = intPostVar('notifyNewItem');\r
 \r
                if ($notifyComment == 0)        $notifyComment = 1;\r
-               if ($notifyVote == 0)           $notifyVote = 1;\r
+               if ($notifyVote == 0)      $notifyVote = 1;\r
                if ($notifyNewItem == 0)        $notifyNewItem = 1;\r
 \r
                $notifyType = $notifyComment * $notifyVote * $notifyNewItem;\r
@@ -2989,7 +3002,6 @@ class ADMIN {
                $blog->setDefaultSkin(intPostVar('defskin'));\r
                $blog->setDescription(trim(postVar('desc')));\r
                $blog->setPublic(postVar('public'));\r
-               $blog->setPingUserland(postVar('sendping'));\r
                $blog->setConvertBreaks(intPostVar('convertbreaks'));\r
                $blog->setAllowPastPosting(intPostVar('allowpastposting'));\r
                $blog->setDefaultCategory(intPostVar('defcat'));\r
@@ -3112,7 +3124,7 @@ class ADMIN {
                        </p>\r
 \r
                        <p>\r
-                       Please note that media files will <b>NOT</b> be deleted. (At least not in this Nucleus version)\r
+                       <?php echo _WARNINGTXT_NOTDELMEDIAFILES ?>\r
                        </p>\r
 \r
                        <form method="post" action="index.php"><div>\r
@@ -3161,9 +3173,11 @@ class ADMIN {
                $manager->notify('PreDeleteMember', array('member' => &$mem));\r
 \r
                /* unlink comments from memberid */\r
-               $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. addslashes($mem->getDisplayName())\r
-                                       .'" WHERE cmember='.$memberid;\r
-               sql_query($query);\r
+               if ($memberid) {\r
+                       $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. sql_real_escape_string($mem->getDisplayName())\r
+                                  .'" WHERE cmember='.$memberid;\r
+                       sql_query($query);\r
+               }\r
 \r
                $query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;\r
                sql_query($query);\r
@@ -3197,18 +3211,18 @@ class ADMIN {
                ?>\r
                <h2><?php echo _EBLOG_CREATE_TITLE?></h2>\r
 \r
-               <h3>注意事項</h3>\r
+               <h3><?php echo _ADMIN_NOTABILIA ?></h3>\r
 \r
-               <p>作成にあたって、下記の<strong>注意事項</strong> をまずお読み下さい</p>\r
+               <p><?php echo _ADMIN_PLEASE_READ ?></p>\r
 \r
-               <p>新しいweblogを作成した後に、このblogにアクセスするための方法を紹介しておきます。方法は2つあります:</p>\r
+               <p><?php echo _ADMIN_HOW_TO_ACCESS ?></p>\r
 \r
                <ol>\r
-                       <li><strong>簡単な方法:</strong> <code>index.php</code>の複製を作り、新しいblogを表示するように変更を加えます。 この変更の詳細は、作成後に表示されます。</li>\r
-                       <li><strong>高度な方法:</strong> 現在のblogで使用しているスキンに<code>otherblog</code>というコードを使った記述を加えます。この方法では、同じページ内で複数のblogを展開することが可能となります。</li>\r
+                       <li><?php echo _ADMIN_SIMPLE_WAY ?></li>\r
+                       <li><?php echo _ADMIN_ADVANCED_WAY ?></li>\r
                </ol>\r
 \r
-               <h3>Weblogの作成</h3>\r
+               <h3><?php echo _ADMIN_HOW_TO_CREATE ?></h3>\r
 \r
                <p>\r
                <?php echo _EBLOG_CREATE_TEXT?>\r
@@ -3241,7 +3255,7 @@ class ADMIN {
                                                   . ' FROM '.sql_table('skin_desc');\r
                                        $template['name'] = 'defskin';\r
                                        $template['tabindex'] = 50;\r
-                                       $template['selected'] = $CONF['BaseSkin'];      // set default selected skin to be globally defined base skin\r
+                                       $template['selected'] = $CONF['BaseSkin'];  // set default selected skin to be globally defined base skin\r
                                        showlist($query,'select',$template);\r
                                ?>\r
                        </td>\r
@@ -3275,11 +3289,11 @@ class ADMIN {
                // Only Super-Admins can do this\r
                $member->isAdmin() or $this->disallow();\r
 \r
-               $bname                  = trim(postVar('name'));\r
-               $bshortname             = trim(postVar('shortname'));\r
+               $bname            = trim(postVar('name'));\r
+               $bshortname      = trim(postVar('shortname'));\r
                $btimeoffset    = postVar('timeoffset');\r
-               $bdesc                  = trim(postVar('desc'));\r
-               $bdefskin               = postVar('defskin');\r
+               $bdesc            = trim(postVar('desc'));\r
+               $bdefskin          = postVar('defskin');\r
 \r
                if (!isValidShortName($bshortname))\r
                        $this->error(_ERROR_BADSHORTBLOGNAME);\r
@@ -3290,9 +3304,9 @@ class ADMIN {
                $manager->notify(\r
                        'PreAddBlog',\r
                        array(\r
-                               'name' => &$bname,\r
-                               'shortname' => &$bshortname,\r
-                               'timeoffset' => &$btimeoffset,\r
+                               'name'          => &$bname,\r
+                               'shortname'   => &$bshortname,\r
+                               'timeoffset'  => &$btimeoffset,\r
                                'description' => &$bdesc,\r
                                'defaultskin' => &$bdefskin\r
                        )\r
@@ -3300,21 +3314,25 @@ class ADMIN {
 \r
 \r
                // add slashes for sql queries\r
-               $bname =                addslashes($bname);\r
-               $bshortname =   addslashes($bshortname);\r
-               $btimeoffset =  addslashes($btimeoffset);\r
-               $bdesc =                addslashes($bdesc);\r
-               $bdefskin =     addslashes($bdefskin);\r
+               $bname     = sql_real_escape_string($bname);\r
+               $bshortname  = sql_real_escape_string($bshortname);\r
+               $btimeoffset = sql_real_escape_string($btimeoffset);\r
+               $bdesc     = sql_real_escape_string($bdesc);\r
+               $bdefskin       = sql_real_escape_string($bdefskin);\r
 \r
                // create blog\r
                $query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')";\r
                sql_query($query);\r
-               $blogid = mysql_insert_id();\r
-               $blog   =& $manager->getBlog($blogid);\r
+               $blogid = sql_insert_id();\r
+               $blog   =& $manager->getBlog($blogid);\r
 \r
                // create new category\r
-               sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, 'General','Items that do not fit in other categories')");\r
-               $catid = mysql_insert_id();\r
+               $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');\r
+               $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');\r
+               $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';\r
+               sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc));\r
+//             sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)");\r
+               $catid = sql_insert_id();\r
 \r
                // set as default category\r
                $blog->setDefaultCategory($catid);\r
@@ -3324,10 +3342,15 @@ class ADMIN {
                $memberid = $member->getID();\r
                $query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)";\r
                sql_query($query);\r
-\r
-\r
-               $blog->additem($blog->getDefaultCategory(),'First Item','これはあなたのweblogにおける最初のアイテムです。自由に削除していただいてかまいません。','',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);\r
-\r
+               \r
+               $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');\r
+               $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');\r
+               \r
+               $blog->additem($blog->getDefaultCategory(),$itemdeftitle,$itemdefbody,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);\r
+               //$blog->additem($blog->getDefaultCategory(),_EBLOG_FIRSTITEM_TITLE,_EBLOG_FIRSTITEM_BODY,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);\r
+               \r
+               \r
+               \r
                $manager->notify(\r
                        'PostAddBlog',\r
                        array(\r
@@ -3338,27 +3361,27 @@ class ADMIN {
                $manager->notify(\r
                        'PostAddCategory',\r
                        array(\r
-                               'blog' => &$blog,\r
-                               'name' => 'General',\r
-                               'description' => 'Items that do not fit in other categories',\r
-                               'catid' => $catid\r
+                               'blog'          => &$blog,\r
+                               'name'          => _EBLOGDEFAULTCATEGORY_NAME,\r
+                               'description' => _EBLOGDEFAULTCATEGORY_DESC,\r
+                               'catid'    => $catid\r
                        )\r
                );\r
 \r
                $this->pagehead();\r
                ?>\r
-               <h2>新しいweblogが作成されました</h2>\r
+               <h2><?php echo _BLOGCREATED_TITLE ?></h2>\r
 \r
-               <p>新しいweblog 「<?php echo htmlspecialchars($bname)?>」が作成されました。続けて、これにアクセスするために以下のどちらかの手順に進んでください。</p>\r
+               <p><?php echo sprintf(_BLOGCREATED_ADDEDTXT, htmlspecialchars($bname)) ?></p>\r
 \r
                <ol>\r
-                       <li><a href="#index_php">簡単な方法: 下のコードを貼付けた <code><?php echo htmlspecialchars($bshortname)?>.php</code> というファイルを作成する</a></li>\r
-                       <li><a href="#skins">高度な方法: 現在使用しているスキンに新しいweblogを展開させるための記述を加える</a></li>\r
+                       <li><a href="#index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEWAY, htmlspecialchars($bshortname)) ?></a></li>\r
+                       <li><a href="#skins"><?php echo _BLOGCREATED_ADVANCEDWAY ?></a></li>\r
                </ol>\r
 \r
-               <h3><a id="index_php">方法 1: <code><?php echo htmlspecialchars($bshortname)?>.php</code> というファイルを作成</a></h3>\r
+               <h3><a id="index_php"><?php echo sprintf(_BLOGCREATED_SIMPLEDESC1, htmlspecialchars($bshortname)) ?></a></h3>\r
 \r
-               <p><code><?php echo htmlspecialchars($bshortname)?>.php</code> というファイルを作成して、中身に以下のコードを貼り付ける:</p>\r
+               <p><?php echo sprintf(_BLOGCREATED_SIMPLEDESC2, htmlspecialchars($bshortname)) ?></p>\r
 <pre><code>&lt;?php\r
 \r
 $CONF['Self'] = '<b><?php echo htmlspecialchars($bshortname)?>.php</b>';\r
@@ -3370,9 +3393,9 @@ selector();
 \r
 ?&gt;</code></pre>\r
 \r
-               <p>すでにある<code>index.php</code>と同じディレクトリにアップロードします。</p>\r
+               <p><?php echo _BLOGCREATED_SIMPLEDESC3 ?></p>\r
 \r
-               <p>新しいweblogの作成を完了するためには、下にこのファイルのURLを入力してください。 (すでに用意した値で合っているとは思いますが保証はしません):</p>\r
+               <p><?php echo _BLOGCREATED_SIMPLEDESC4 ?></p>\r
 \r
                <form action="index.php" method="post"><div>\r
                        <input type="hidden" name="action" value="addnewlog2" />\r
@@ -3387,9 +3410,9 @@ selector();
                        </tr></table>\r
                </div></form>\r
 \r
-               <h3><a id="skins">方法 2: 現在使用しているスキンに新しいweblogを展開する記述を加える</a></h3>\r
+               <h3><a id="skins"><?php echo _BLOGCREATED_ADVANCEDWAY2 ?></a></h3>\r
 \r
-               <p>新しいweblogの作成を完了するためには、下にURLを入力してください。 (大抵は既存blogと同じURL)</p>\r
+               <p><?php echo _BLOGCREATED_ADVANCEDWAY3 ?></p>\r
 \r
                <form action="index.php" method="post"><div>\r
                        <input type="hidden" name="action" value="addnewlog2" />\r
@@ -3404,7 +3427,7 @@ selector();
                        </tr></table>\r
                </div></form>\r
 \r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
 \r
        }\r
 \r
@@ -3416,8 +3439,8 @@ selector();
 \r
                $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
-               $burl   = requestVar('url');\r
-               $blogid = intRequestVar('blogid');\r
+               $burl   = requestVar('url');\r
+               $blogid = intRequestVar('blogid');\r
 \r
                $blog =& $manager->getBlog($blogid);\r
                $blog->setURL(trim($burl));\r
@@ -3445,7 +3468,7 @@ selector();
                <h2><?php echo _SKINIE_TITLE_IMPORT?></h2>\r
 \r
                                <p><label for="skinie_import_local"><?php echo _SKINIE_LOCAL?></label>\r
-                               <?php                                   global $DIR_SKINS;\r
+                               <?php                              global $DIR_SKINS;\r
 \r
                                        $candidates = SKINIMPORT::searchForCandidates($DIR_SKINS);\r
 \r
@@ -3456,7 +3479,7 @@ selector();
                                                                <?php $manager->addTicketHidden() ?>\r
                                                                <input type="hidden" name="mode" value="file" />\r
                                                                <select name="skinfile" id="skinie_import_local">\r
-                                                               <?php                                                                   foreach ($candidates as $skinname => $skinfile) {\r
+                                                               <?php                                                              foreach ($candidates as $skinname => $skinfile) {\r
                                                                                $html = htmlspecialchars($skinfile);\r
                                                                                echo '<option value="',$html,'">',$skinname,'</option>';\r
                                                                        }\r
@@ -3464,7 +3487,7 @@ selector();
                                                                </select>\r
                                                                <input type="submit" value="<?php echo _SKINIE_BTN_IMPORT?>" />\r
                                                        </div></form>\r
-                                               <?php                                   } else {\r
+                                               <?php                              } else {\r
                                                echo _SKINIE_NOCANDIDATES;\r
                                        }\r
                                ?>\r
@@ -3492,9 +3515,9 @@ selector();
                        <table><tr>\r
                                <th colspan="2"><?php echo _SKINIE_EXPORT_SKINS?></th>\r
                        </tr><tr>\r
-       <?php           // show list of skins\r
+       <?php      // show list of skins\r
                $res = sql_query('SELECT * FROM '.sql_table('skin_desc'));\r
-               while ($skinObj = mysql_fetch_object($res)) {\r
+               while ($skinObj = sql_fetch_object($res)) {\r
                        $id = 'skinexp' . $skinObj->sdnumber;\r
                        echo '<td><input type="checkbox" name="skin[',$skinObj->sdnumber,']"  id="',$id,'" />';\r
                        echo '<label for="',$id,'">',htmlspecialchars($skinObj->sdname),'</label></td>';\r
@@ -3506,7 +3529,7 @@ selector();
 \r
                // show list of templates\r
                $res = sql_query('SELECT * FROM '.sql_table('template_desc'));\r
-               while ($templateObj = mysql_fetch_object($res)) {\r
+               while ($templateObj = sql_fetch_object($res)) {\r
                        $id = 'templateexp' . $templateObj->tdnumber;\r
                        echo '<td><input type="checkbox" name="template[',$templateObj->tdnumber,']" id="',$id,'" />';\r
                        echo '<label for="',$id,'">',htmlspecialchars($templateObj->tdname),'</label></td>';\r
@@ -3542,7 +3565,7 @@ selector();
                include_once($DIR_LIBS . 'skinie.php');\r
 \r
                $skinFileRaw= postVar('skinfile');\r
-               $mode           = postVar('mode');\r
+               $mode      = postVar('mode');\r
 \r
                $importer =& new SKINIMPORT();\r
 \r
@@ -3564,7 +3587,7 @@ selector();
                // clashes\r
                $skinNameClashes = $importer->checkSkinNameClashes();\r
                $templateNameClashes = $importer->checkTemplateNameClashes();\r
-               $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);\r
+               $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);\r
 \r
                if ($error) $this->error($error);\r
 \r
@@ -3623,7 +3646,7 @@ selector();
                include_once($DIR_LIBS . 'skinie.php');\r
 \r
                $skinFileRaw= postVar('skinfile');\r
-               $mode           = postVar('mode');\r
+               $mode      = postVar('mode');\r
 \r
                $allowOverwrite = intPostVar('overwrite');\r
 \r
@@ -3664,7 +3687,7 @@ selector();
                        <li><p><strong><?php echo _SKINIE_INFO_IMPORTEDTEMPLS?></strong> <?php echo implode(' <em>'._AND.'</em> ',$importer->getTemplateNames())?></p></li>\r
                </ul>\r
 \r
-       <?php           $this->pagefoot();\r
+       <?php      $this->pagefoot();\r
 \r
        }\r
 \r
@@ -3757,7 +3780,7 @@ selector();
                $member->isAdmin() or $this->disallow();\r
 \r
                $extrahead = '<script type="text/javascript" src="javascript/templateEdit.js"></script>';\r
-               $extrahead .= '<script type="text/javascript">setTemplateEditText("'.addslashes(_EDITTEMPLATE_EMPTY).'");</script>';\r
+               $extrahead .= '<script type="text/javascript">setTemplateEditText("'.sql_real_escape_string(_EDITTEMPLATE_EMPTY).'");</script>';\r
 \r
                $this->pagehead($extrahead);\r
 \r
@@ -3772,7 +3795,7 @@ selector();
 \r
                <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo  htmlspecialchars($templatename); ?>'</h2>\r
 \r
-               <?php                                   if ($msg) echo "<p>"._MESSAGE.": $msg</p>";\r
+               <?php                              if ($msg) echo "<p>"._MESSAGE.": $msg</p>";\r
                ?>\r
 \r
                <p><?php echo _TEMPLATE_EDIT_MSG?></p>\r
@@ -3842,36 +3865,51 @@ selector();
 ?>\r
                </tr><tr>\r
                        <th colspan="2"><?php echo _TEMPLATE_CATEGORYLIST?> <?php help('templatecategorylists'); ?></th>\r
-<?php  $this->_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 160);\r
-       $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 170);\r
-       $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 180);\r
+<?php  $this->_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 190);\r
+       $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 200);\r
+       $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 210);\r
 ?>\r
                </tr><tr>\r
                        <th colspan="2"><?php echo _TEMPLATE_DATETIME?></th>\r
-<?php  $this->_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 190);\r
-       $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 200);\r
-       $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 210);\r
-       $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 220);\r
-       $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 230);\r
+<?php  $this->_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 220);\r
+       $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 230);\r
+       $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 240);\r
+       $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 250);\r
+       $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 260);\r
 ?>\r
                </tr><tr>\r
                        <th colspan="2"><?php echo _TEMPLATE_IMAGE?> <?php help('templatepopups'); ?></th>\r
-<?php  $this->_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 240);\r
-       $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 250);\r
-       $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 260);\r
+<?php  $this->_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 270);\r
+       $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 280);\r
+       $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 290);\r
 ?>\r
                </tr><tr>\r
                        <th colspan="2"><?php echo _TEMPLATE_SEARCH?></th>\r
-<?php  $this->_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',270);\r
-       $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',280);\r
+<?php  $this->_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',300);\r
+       $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',310);\r
+?>\r
+               </tr><tr>\r
+                       <th colspan="2"><?php echo _TEMPLATE_PLUGIN_FIELDS?></th>\r
+<?php\r
+               $tab = 600;\r
+               $pluginfields = array();\r
+               $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields));\r
+\r
+               foreach ($pluginfields as $pfkey=>$pfvalue) {\r
+                       echo "</tr><tr>\n";\r
+                       echo '<th colspan="2">'.htmlentities($pfkey)."</th>\n";\r
+                       foreach ($pfvalue as $pffield=>$pfdesc) {\r
+                               $this->_templateEditRow($template, $pfdesc, $pffield, '',++$tab,0);\r
+                       }\r
+               }\r
 ?>\r
                </tr><tr>\r
                        <th colspan="2"><?php echo _TEMPLATE_UPDATE?></th>\r
                </tr><tr>\r
                        <td><?php echo _TEMPLATE_UPDATE?></td>\r
                        <td>\r
-                               <input type="submit" tabindex="290" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
-                               <input type="reset" tabindex="300" value="<?php echo _TEMPLATE_RESET_BTN?>" />\r
+                               <input type="submit" tabindex="800" value="<?php echo _TEMPLATE_UPDATE_BTN?>" onclick="return checkSubmit();" />\r
+                               <input type="reset" tabindex="810" value="<?php echo _TEMPLATE_RESET_BTN?>" />\r
                        </td>\r
                </tr></table>\r
 \r
@@ -3886,18 +3924,19 @@ selector();
         */\r
        function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {\r
                static $count = 1;\r
+               if (!isset($template[$name])) $template[$name] = '';\r
        ?>\r
                </tr><tr>\r
                        <td><?php echo $description?> <?php if ($help) help('template'.$help); ?></td>\r
                        <td id="td<?php echo $count?>"><textarea class="templateedit" name="<?php echo $name?>" tabindex="<?php echo $tabindex?>" cols="50" rows="<?php echo $big?10:5?>" id="textarea<?php echo $count?>"><?php echo  htmlspecialchars($template[$name]); ?></textarea></td>\r
-       <?php           $count++;\r
+       <?php      $count++;\r
        }\r
 \r
        /**\r
         * @todo document this\r
         */\r
        function action_templateupdate() {\r
-               global $member;\r
+               global $member, $manager;\r
 \r
                $templateid = intRequestVar('templateid');\r
 \r
@@ -3913,8 +3952,8 @@ selector();
                        $this->error(_ERROR_DUPTEMPLATENAME);\r
 \r
 \r
-               $name = addslashes($name);\r
-               $desc = addslashes($desc);\r
+               $name = sql_real_escape_string($name);\r
+               $desc = sql_real_escape_string($desc);\r
 \r
                // 1. Remove all template parts\r
                $query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid;\r
@@ -3963,6 +4002,13 @@ selector();
                $this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));\r
                $this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));\r
 \r
+               $pluginfields = array();\r
+               $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields));\r
+               foreach ($pluginfields as $pfkey=>$pfvalue) {\r
+                       foreach ($pfvalue as $pffield=>$pfdesc) {\r
+                               $this->addToTemplate($templateid, $pffield, postVar($pffield));\r
+                       }\r
+               }\r
 \r
                // jump back to template edit\r
                $this->action_templateedit(_TEMPLATE_UPDATED);\r
@@ -3973,8 +4019,8 @@ selector();
         * @todo document this\r
         */\r
        function addToTemplate($id, $partname, $content) {\r
-               $partname = addslashes($partname);\r
-               $content = addslashes($content);\r
+               $partname = sql_real_escape_string($partname);\r
+               $content = sql_real_escape_string($content);\r
 \r
                $id = intval($id);\r
 \r
@@ -3983,8 +4029,8 @@ selector();
 \r
                $query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) "\r
                           . "VALUES ($id, '$partname', '$content')";\r
-               sql_query($query) or die("Query error: " . mysql_error());\r
-               return mysql_insert_id();\r
+               sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());\r
+               return sql_insert_id();\r
        }\r
 \r
        /**\r
@@ -4095,7 +4141,7 @@ selector();
                // 3. create clone\r
                // go through parts of old template and add them to the new one\r
                $res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid);\r
-               while ($o = mysql_fetch_object($res)) {\r
+               while ($o = sql_fetch_object($res)) {\r
                        $this->addToTemplate($newid, $o->tpartname, $o->tcontent);\r
                }\r
 \r
@@ -4216,12 +4262,12 @@ selector();
                echo '<input type="submit" tabindex="140" value="' . _SKIN_CREATE . '" onclick="return checkSubmit();" />' . "\r\n";\r
                echo '</form>' . "\r\n";\r
 \r
-               if ($res && mysql_num_rows($res) > 0) {\r
+               if ($res && sql_num_rows($res) > 0) {\r
                        echo '<ul>';\r
                        $tabstart = 75;\r
 \r
-                       while ($row = mysql_fetch_assoc($res)) {\r
-                               echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">remove</a>)</li>';\r
+                       while ($row = sql_fetch_assoc($res)) {\r
+                               echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&amp;skinid=' . $skinid . '&amp;type=' . htmlspecialchars(strtolower($row['stype'])) . '">'._LISTS_DELETE.'</a>)</li>';\r
                        }\r
 \r
                        echo '</ul>';\r
@@ -4260,7 +4306,7 @@ selector();
                </form>\r
 \r
 \r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
        }\r
 \r
        /**\r
@@ -4326,7 +4372,7 @@ selector();
 \r
                <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo htmlspecialchars($skin->getName()) ?>': <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2>\r
 \r
-               <?php                   if ($msg) echo "<p>"._MESSAGE.": $msg</p>";\r
+               <?php              if ($msg) echo "<p>"._MESSAGE.": $msg</p>";\r
                ?>\r
 \r
 \r
@@ -4357,7 +4403,7 @@ selector();
 \r
                <br /><br />\r
                <?php echo _SKIN_ALLOWEDVARS?>\r
-               <?php                   $actions = SKIN::getAllowedActionsForType($type);\r
+               <?php              $actions = SKIN::getAllowedActionsForType($type);\r
 \r
                        sort($actions);\r
 \r
@@ -4370,25 +4416,14 @@ selector();
                                echo helplink('skinvar-' . $current) . "$current</a>";\r
                                if (count($actions) != 0) echo ", ";\r
                        }\r
-               ?>\r
-               <br /><br />\r
-               Short blog names:\r
-               <?php                   $query = 'SELECT bshortname, bname FROM '.sql_table('blog');\r
+               echo '<br /><br />' . _SKINEDIT_ALLOWEDBLOGS;\r
+               $query = 'SELECT bshortname, bname FROM '.sql_table('blog');\r
                        showlist($query,'table',array('content'=>'shortblognames'));\r
-               ?>\r
-\r
-               <br />\r
-               Template names:\r
-               <?php                   $query = 'SELECT tdname as name, tddesc as description FROM '.sql_table('template_desc');\r
+               echo '<br />' . _SKINEDIT_ALLOWEDTEMPLATESS;\r
+               $query = 'SELECT tdname as name, tddesc as description FROM '.sql_table('template_desc');\r
                        showlist($query,'table',array('content'=>'shortnames'));\r
-               ?>\r
-\r
-\r
-               </div>\r
-               </form>\r
-\r
-\r
-               <?php           $this->pagefoot();\r
+               echo '</div></form>';\r
+               $this->pagefoot();\r
        }\r
 \r
        /**\r
@@ -4426,7 +4461,7 @@ selector();
                // don't allow deletion of default skins for blogs\r
                $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;\r
                $r = sql_query($query);\r
-               if ($o = mysql_fetch_object($r))\r
+               if ($o = sql_fetch_object($r))\r
                        $this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname));\r
 \r
                $this->pagehead();\r
@@ -4469,7 +4504,7 @@ selector();
                // don't allow deletion of default skins for blogs\r
                $query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;\r
                $r = sql_query($query);\r
-               if ($o = mysql_fetch_object($r))\r
+               if ($o = sql_fetch_object($r))\r
                        $this->error(_ERROR_SKINDEFDELETE .$o->bname);\r
 \r
                $manager->notify('PreDeleteSkin', array('skinid' => $skinid));\r
@@ -4606,7 +4641,7 @@ selector();
 \r
                $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid;\r
                $res = sql_query($query);\r
-               while ($row = mysql_fetch_assoc($res)) {\r
+               while ($row = sql_fetch_assoc($res)) {\r
                        $this->skinclonetype($skin, $newid, $row['stype']);\r
                }\r
 \r
@@ -4621,7 +4656,7 @@ selector();
                $newid = intval($newid);\r
                $content = $skin->getContent($type);\r
                if ($content) {\r
-                       $query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". addslashes($content)."', '". addslashes($type)."')";\r
+                       $query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". sql_real_escape_string($content)."', '". sql_real_escape_string($type)."')";\r
                        sql_query($query);\r
                }\r
        }\r
@@ -4700,15 +4735,21 @@ selector();
                        <td>\r
 \r
                                <select name="Language" tabindex="10050">\r
-                               <?php                           // show a dropdown list of all available languages\r
+                               <?php                      // show a dropdown list of all available languages\r
                                global $DIR_LANG;\r
                                $dirhandle = opendir($DIR_LANG);\r
-                               while ($filename = readdir($dirhandle)) {\r
-                                       if (ereg("^(.*)\.php$",$filename,$matches)) {\r
+                               while ($filename = readdir($dirhandle) )\r
+                               {\r
+                                       # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+                                       # original ereg: ereg("^(.*)\.php$",$filename,$matches)\r
+                                       if (preg_match('#^(.*)\.php$#', $filename, $matches) )\r
+                                       {\r
                                                $name = $matches[1];\r
-                                               echo "<option value='$name'";\r
+                                               echo "<option value=\"$name\"";\r
                                                if ($name == $CONF['Language'])\r
-                                                       echo " selected='selected'";\r
+                                               {\r
+                                                       echo " selected=\"selected\"";\r
+                                               }\r
                                                echo ">$name</option>";\r
                                        }\r
                                }\r
@@ -4723,7 +4764,7 @@ selector();
                        </td>\r
                        <td><?php $this->input_yesno('DisableSite',$CONF['DisableSite'],10060); ?>\r
                                        <br />\r
-                               URL: <input name="DisableSiteURL" tabindex="10070" size="40" value="<?php echo  htmlspecialchars($CONF['DisableSiteURL'])?>" />\r
+                               <?php echo _SETTINGS_DISABLESITEURL ?> <input name="DisableSiteURL" tabindex="10070" size="40" value="<?php echo  htmlspecialchars($CONF['DisableSiteURL'])?>" />\r
                        </td>\r
                </tr><tr>\r
                        <td><?php echo _SETTINGS_DIRS?></td>\r
@@ -4750,7 +4791,7 @@ selector();
                        </td>\r
                        <td><?php /* $this->input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?>\r
                                <select name="DisableJsTools" tabindex="10075">\r
-                       <?php                                   $extra = ($CONF['DisableJsTools'] == 1) ? 'selected="selected"' : '';\r
+                       <?php                              $extra = ($CONF['DisableJsTools'] == 1) ? 'selected="selected"' : '';\r
                                        echo "<option $extra value='1'>",_SETTINGS_JSTOOLBAR_NONE,"</option>";\r
                                        $extra = ($CONF['DisableJsTools'] == 2) ? 'selected="selected"' : '';\r
                                        echo "<option $extra value='2'>",_SETTINGS_JSTOOLBAR_SIMPLE,"</option>";\r
@@ -4772,12 +4813,32 @@ selector();
 \r
                                           </td>\r
                </tr><tr>\r
+                       <td><?php echo _SETTINGS_DEBUGVARS?> <?php help('debugvars');?></td>\r
+                                          <td><?php\r
+\r
+                                               $this->input_yesno('DebugVars',$CONF['DebugVars'],10078);\r
+\r
+                                                        ?>\r
+\r
+                                          </td>\r
+               </tr><tr>\r
+                       <td><?php echo _SETTINGS_DEFAULTLISTSIZE?> <?php help('defaultlistsize');?></td>\r
+                       <td>\r
+                       <?php\r
+                               if (!array_key_exists('DefaultListSize',$CONF)) {\r
+                                       sql_query("INSERT INTO ".sql_table('config')." VALUES ('DefaultListSize', '10')");\r
+                                       $CONF['DefaultListSize'] = 10;\r
+                               }\r
+                       ?>\r
+                               <input name="DefaultListSize" tabindex="10079" size="40" value="<?php echo  htmlspecialchars((intval($CONF['DefaultListSize']) < 1 ? '10' : $CONF['DefaultListSize'])) ?>" />\r
+                       </td>\r
+               </tr><tr>\r
                        <th colspan="2"><?php echo _SETTINGS_MEDIA?> <?php help('media'); ?></th>\r
                </tr><tr>\r
                        <td><?php echo _SETTINGS_MEDIADIR?></td>\r
                        <td><?php echo  htmlspecialchars($DIR_MEDIA) ?>\r
                                <i><?php echo _SETTINGS_SEECONFIGPHP?></i>\r
-                               <?php                           if (!is_dir($DIR_MEDIA))\r
+                               <?php                              if (!is_dir($DIR_MEDIA))\r
                                                echo "<br /><b>" . _WARNING_NOTADIR . "</b>";\r
                                        if (!is_readable($DIR_MEDIA))\r
                                                echo "<br /><b>" . _WARNING_NOTREADABLE . "</b>";\r
@@ -4905,37 +4966,39 @@ selector();
 \r
 \r
                // save settings\r
-               $this->updateConfig('DefaultBlog',              postVar('DefaultBlog'));\r
-               $this->updateConfig('BaseSkin',                 postVar('BaseSkin'));\r
-               $this->updateConfig('IndexURL',                 postVar('IndexURL'));\r
-               $this->updateConfig('AdminURL',                 postVar('AdminURL'));\r
+               $this->updateConfig('DefaultBlog',        postVar('DefaultBlog'));\r
+               $this->updateConfig('BaseSkin',          postVar('BaseSkin'));\r
+               $this->updateConfig('IndexURL',          postVar('IndexURL'));\r
+               $this->updateConfig('AdminURL',          postVar('AdminURL'));\r
                $this->updateConfig('PluginURL',                postVar('PluginURL'));\r
-               $this->updateConfig('SkinsURL',                 postVar('SkinsURL'));\r
+               $this->updateConfig('SkinsURL',          postVar('SkinsURL'));\r
                $this->updateConfig('ActionURL',                postVar('ActionURL'));\r
-               $this->updateConfig('Language',                 postVar('Language'));\r
-               $this->updateConfig('AdminEmail',               postVar('AdminEmail'));\r
+               $this->updateConfig('Language',          postVar('Language'));\r
+               $this->updateConfig('AdminEmail',          postVar('AdminEmail'));\r
                $this->updateConfig('SessionCookie',    postVar('SessionCookie'));\r
                $this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));\r
-               $this->updateConfig('AllowMemberMail',  postVar('AllowMemberMail'));\r
+               $this->updateConfig('AllowMemberMail',  postVar('AllowMemberMail'));\r
                $this->updateConfig('NonmemberMail',    postVar('NonmemberMail'));\r
-               $this->updateConfig('ProtectMemNames',  postVar('ProtectMemNames'));\r
-               $this->updateConfig('SiteName',                 postVar('SiteName'));\r
+               $this->updateConfig('ProtectMemNames',  postVar('ProtectMemNames'));\r
+               $this->updateConfig('SiteName',          postVar('SiteName'));\r
                $this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));\r
-               $this->updateConfig('DisableSite',              postVar('DisableSite'));\r
-               $this->updateConfig('DisableSiteURL',   postVar('DisableSiteURL'));\r
+               $this->updateConfig('DisableSite',        postVar('DisableSite'));\r
+               $this->updateConfig('DisableSiteURL',   postVar('DisableSiteURL'));\r
                $this->updateConfig('LastVisit',                postVar('LastVisit'));\r
-               $this->updateConfig('MediaURL',                 postVar('MediaURL'));\r
-               $this->updateConfig('AllowedTypes',             postVar('AllowedTypes'));\r
-               $this->updateConfig('AllowUpload',              postVar('AllowUpload'));\r
+               $this->updateConfig('MediaURL',          postVar('MediaURL'));\r
+               $this->updateConfig('AllowedTypes',      postVar('AllowedTypes'));\r
+               $this->updateConfig('AllowUpload',        postVar('AllowUpload'));\r
                $this->updateConfig('MaxUploadSize',    postVar('MaxUploadSize'));\r
-               $this->updateConfig('MediaPrefix',              postVar('MediaPrefix'));\r
-               $this->updateConfig('AllowLoginEdit',   postVar('AllowLoginEdit'));\r
-               $this->updateConfig('DisableJsTools',   postVar('DisableJsTools'));\r
-               $this->updateConfig('CookieDomain',             postVar('CookieDomain'));\r
-               $this->updateConfig('CookiePath',               postVar('CookiePath'));\r
-               $this->updateConfig('CookieSecure',             postVar('CookieSecure'));\r
-               $this->updateConfig('URLMode',                  postVar('URLMode'));\r
-               $this->updateConfig('CookiePrefix',             postVar('CookiePrefix'));\r
+               $this->updateConfig('MediaPrefix',        postVar('MediaPrefix'));\r
+               $this->updateConfig('AllowLoginEdit',   postVar('AllowLoginEdit'));\r
+               $this->updateConfig('DisableJsTools',   postVar('DisableJsTools'));\r
+               $this->updateConfig('CookieDomain',      postVar('CookieDomain'));\r
+               $this->updateConfig('CookiePath',          postVar('CookiePath'));\r
+               $this->updateConfig('CookieSecure',      postVar('CookieSecure'));\r
+               $this->updateConfig('URLMode',            postVar('URLMode'));\r
+               $this->updateConfig('CookiePrefix',      postVar('CookiePrefix'));\r
+               $this->updateConfig('DebugVars',                postVar('DebugVars'));\r
+               $this->updateConfig('DefaultListSize',  postVar('DefaultListSize'));\r
 \r
                // load new config and redirect (this way, the new language will be used is necessary)\r
                // note that when changing cookie settings, this redirect might cause the user\r
@@ -4947,18 +5010,158 @@ selector();
        }\r
 \r
        /**\r
+        *  Give an overview over the used system\r
+        */\r
+       function action_systemoverview() {\r
+               global $member, $nucleus, $CONF;\r
+\r
+               $this->pagehead();\r
+\r
+               echo '<h2>' . _ADMIN_SYSTEMOVERVIEW_HEADING . "</h2>\n";\r
+\r
+               if ($member->isLoggedIn() && $member->isAdmin()) {\r
+\r
+                       // Information about the used PHP and MySQL installation\r
+                       echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_PHPANDMYSQL . "</h3>\n";\r
+\r
+                       // Version of PHP MySQL\r
+                       echo "<table>\n";\r
+                       echo "\t<tr>\n";\r
+                       echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . "</th>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . "</td>\n";\r
+                       echo "\t\t" . '<td>' . phpversion() . "</td>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td>' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . "</td>\n";\r
+                       echo "\t\t" . '<td>' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . "</td>\n";\r
+                       echo "\t</tr>";\r
+                       echo "</table>\n";\r
+\r
+                       // Important PHP settings\r
+                       echo "<table>\n";\r
+                       echo "\t<tr>\n";\r
+                       echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . "</th>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td width="50%">magic_quotes_gpc' . "</td>\n";\r
+                       $mqg = get_magic_quotes_gpc() ? 'On' : 'Off';\r
+                       echo "\t\t" . '<td>' . $mqg . "</td>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td>magic_quotes_runtime' . "</td>\n";\r
+                       $mqr = get_magic_quotes_runtime() ? 'On' : 'Off';\r
+                       echo "\t\t" . '<td>' . $mqr . "</td>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td>register_globals' . "</td>\n";\r
+                       $rg = ini_get('register_globals') ? 'On' : 'Off';\r
+                       echo "\t\t" . '<td>' . $rg . "</td>\n";\r
+                       echo "\t</tr>";\r
+                       echo "</table>\n";\r
+\r
+                       // Information about GD library\r
+                       $gdinfo = gd_info();\r
+                       echo "<table>\n";\r
+                       echo "\t<tr>";\r
+                       echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . "</th>\n";\r
+                       echo "\t</tr>\n";\r
+                       foreach ($gdinfo as $key=>$value) {\r
+                               if (is_bool($value)) {\r
+                                       $value = $value ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE;\r
+                               } else {\r
+                                       $value = htmlspecialchars($value, ENT_QUOTES);\r
+                               }\r
+                               echo "\t<tr>";\r
+                               echo "\t\t" . '<td width="50%">' . $key . "</td>\n";\r
+                               echo "\t\t" . '<td>' . $value . "</td>\n";\r
+                               echo "\t</tr>\n";\r
+                       }\r
+                       echo "</table>\n";\r
+\r
+                       // Check if special modules are loaded\r
+                       ob_start();\r
+                       phpinfo(INFO_MODULES);\r
+                       $im = ob_get_contents();\r
+                       ob_clean();\r
+                       echo "<table>\n";\r
+                       echo "\t<tr>";\r
+                       echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_MODULES . "</th>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td width="50%">mod_rewrite' . "</td>\n";\r
+                       $modrewrite = (strstr($im, 'mod_rewrite') != '') ?\r
+                                               _ADMIN_SYSTEMOVERVIEW_ENABLE :\r
+                                               _ADMIN_SYSTEMOVERVIEW_DISABLE;\r
+                       echo "\t\t" . '<td>' . $modrewrite . "</td>\n";\r
+                       echo "\t</tr>\n";\r
+                       echo "</table>\n";\r
+\r
+                       // Information about the used Nucleus CMS\r
+                       echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSYSTEM . "</h3>\n";\r
+                       global $nucleus;\r
+                       $nv = getNucleusVersion() / 100 . '(' . $nucleus['version'] . ')';\r
+                       $np = getNucleusPatchLevel();\r
+                       echo "<table>\n";\r
+                       echo "\t<tr>";\r
+                       echo "\t\t" . '<th colspan="2">Nucleus CMS' . "</th>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . "</td>\n";\r
+                       echo "\t\t" . '<td>' . $nv . "</td>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td width="50%">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . "</td>\n";\r
+                       echo "\t\t" . '<td>' . $np . "</td>\n";\r
+                       echo "\t</tr>\n";\r
+                       echo "</table>\n";\r
+\r
+                       // Important settings of the installation\r
+                       echo "<table>\n";\r
+                       echo "\t<tr>";\r
+                       echo "\t\t" . '<th colspan="2">' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . "</th>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td width="50%">' . '$CONF[' . "'Self']</td>\n";\r
+                       echo "\t\t" . '<td>' . $CONF['Self'] . "</td>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td width="50%">' . '$CONF[' . "'ItemURL']</td>\n";\r
+                       echo "\t\t" . '<td>' . $CONF['ItemURL'] . "</td>\n";\r
+                       echo "\t</tr><tr>\n";\r
+                       echo "\t\t" . '<td width="50%">' . '$CONF[' . "'alertOnHeadersSent']</td>\n";\r
+                       $ohs = $CONF['alertOnHeadersSent'] ?\r
+                                               _ADMIN_SYSTEMOVERVIEW_ENABLE :\r
+                                               _ADMIN_SYSTEMOVERVIEW_DISABLE;\r
+                       echo "\t\t" . '<td>' . $ohs . "</td>\n";\r
+                       echo "\t</tr>\n";\r
+                       echo "</table>\n";\r
+\r
+                       // Link to the online version test at the Nucleus CMS website\r
+                       echo '<h3>' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK . "</h3>\n";\r
+                       if ($nucleus['codename'] != '') {\r
+                               $codenamestring = ' &quot;' . $nucleus['codename'] . '&quot;';\r
+                       } else {\r
+                               $codenamestring = '';\r
+                       }\r
+                       echo _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TXT;\r
+                       $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());\r
+                       echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">';\r
+                       echo 'Nucleus CMS ' . $nv . $codenamestring;\r
+                       echo '</a>';\r
+               //echo '<br />';\r
+               }\r
+               else {\r
+                       echo _ADMIN_SYSTEMOVERVIEW_NOT_ADMIN;\r
+               }\r
+\r
+               $this->pagefoot();\r
+       }\r
+\r
+       /**\r
         * @todo document this\r
         */\r
        function updateConfig($name, $val) {\r
-               $name = addslashes($name);\r
-               $val = trim(addslashes($val));\r
+               $name = sql_real_escape_string($name);\r
+               $val = trim(sql_real_escape_string($val));\r
 \r
                $query = 'UPDATE '.sql_table('config')\r
                           . " SET value='$val'"\r
                           . " WHERE name='$name'";\r
 \r
-               sql_query($query) or die("Query error: " . mysql_error());\r
-               return mysql_insert_id();\r
+               sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());\r
+               return sql_insert_id();\r
        }\r
 \r
        /**\r
@@ -4969,7 +5172,7 @@ selector();
                $this->pagehead();\r
                ?>\r
                <h2>Error!</h2>\r
-               <?php           echo $msg;\r
+               <?php      echo $msg;\r
                echo "<br />";\r
                echo "<a href='index.php' onclick='history.back()'>"._BACK."</a>";\r
                $this->pagefoot();\r
@@ -5003,7 +5206,7 @@ selector();
 \r
                ?>\r
                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r
-               <html xmlns="http://www.w3.org/1999/xhtml">\r
+               <html <?php echo _HTML_XML_NAME_SPACE_AND_LANG_CODE; ?>>\r
                <head>\r
                        <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" />\r
                        <title><?php echo htmlspecialchars($CONF['SiteName'])?> - Admin</title>\r
@@ -5022,13 +5225,14 @@ selector();
                        <?php echo $extrahead?>\r
                </head>\r
                <body>\r
+               <div id="adminwrapper">\r
                <div class="header">\r
                <h1><?php echo htmlspecialchars($CONF['SiteName'])?></h1>\r
                </div>\r
                <div id="container">\r
                <div id="content">\r
                <div class="loginname">\r
-               <?php                   if ($member->isLoggedIn())\r
+               <?php              if ($member->isLoggedIn())\r
                                echo _LOGGEDINAS . ' ' . $member->getDisplayName()\r
                                        ." - <a href='index.php?action=logout'>" . _LOGOUT. "</a>"\r
                                        . "<br /><a href='index.php?action=overview'>" . _ADMINHOME . "</a> - ";\r
@@ -5039,17 +5243,21 @@ selector();
 \r
                        echo '<br />(';\r
 \r
-                       // Note(JP): disabled code name description\r
-/*\r
-                       if ($member->isLoggedIn() && $member->isAdmin())\r
-                               echo '<a href="http://nucleuscms.org/version.php?v=',getNucleusVersion(),'&amp;pl=',getNucleusPatchLevel(),'" title="Check for upgrade">Nucleus CMS ', $nucleus['version'], ' &quot;', $nucleus['codename'], '&quot;</a>';\r
-                       else\r
-                               echo 'Nucleus CMS ', $nucleus['version'], ' &quot;', $nucleus['codename'], '&quot;';\r
-*/\r
-                       if ($member->isLoggedIn() && $member->isAdmin())\r
-                               echo '<a href="http://nucleuscms.org/version.php?v=',getNucleusVersion(),'&amp;pl=',getNucleusPatchLevel(),'" title="Check for upgrade">Nucleus CMS ', $nucleus['version'], ' </a>';\r
-                       else\r
-                               echo 'Nucleus CMS ', $nucleus['version'];\r
+                       $codenamestring = ($nucleus['codename']!='')? ' &quot;'.$nucleus['codename'].'&quot;':'';\r
+\r
+                       if ($member->isLoggedIn() && $member->isAdmin()) {\r
+                               $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());\r
+                               echo '<a href="' . $checkURL . '" title="' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TITLE . '">Nucleus CMS ' . $nucleus['version'] . $codenamestring . '</a>';\r
+                               $newestVersion = getLatestVersion();\r
+                               $newestCompare = str_replace('/','.',$newestVersion);\r
+                               $newestCompare = intval($newestCompare);\r
+                               $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']);\r
+                               if ($newestVersion && version_compare($newestCompare,$currentVersion) > 0) {\r
+                                       echo '<br /><a style="color:red" href="http://nucleuscms.org/upgrade.php" title="'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TITLE.'">'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT.$newestVersion.'</a>';\r
+                               }\r
+                       } else {\r
+                               echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring;\r
+                       }\r
                        echo ')';\r
                echo '</div>';\r
        }\r
@@ -5074,19 +5282,19 @@ selector();
                                <li><a href="index.php?action=overview"><?php echo  _BACKHOME?></a></li>\r
                                <li><a href='index.php?action=logout'><?php echo  _LOGOUT?></a></li>\r
                        </ul>\r
-                       <?php           }\r
+                       <?php      }\r
                ?>\r
                        <div class="foot">\r
-                               <a href="http://nucleuscms.org/">Nucleus CMS</a> &copy; 2002-<?php echo date('Y'); ?> The Nucleus Group\r
+                               <a href="<?php echo _ADMINPAGEFOOT_OFFICIALURL ?>">Nucleus CMS</a> &copy; 2002-<?php echo date('Y') . ' ' . _ADMINPAGEFOOT_COPYRIGHT; ?>\r
                                -\r
-                               <a href="http://nucleuscms.org/donate.php">Donate!</a>\r
+                               <a href="<?php echo _ADMINPAGEFOOT_DONATEURL ?>"><?php echo _ADMINPAGEFOOT_DONATE ?></a>\r
                        </div>\r
 \r
                        </div><!-- content -->\r
 \r
                        <div id="quickmenu">\r
 \r
-                               <?php                           // ---- user settings ----\r
+                               <?php                      // ---- user settings ----\r
                                if (($action != 'showlogin') && ($member->isLoggedIn())) {\r
                                        echo '<ul>';\r
                                        echo '<li><a href="index.php?action=overview">',_QMENU_HOME,'</a></li>';\r
@@ -5121,9 +5329,9 @@ selector();
 \r
                                        echo '<h2>' . $member->getDisplayName(). '</h2>';\r
                                        echo '<ul>';\r
-                                       echo '<li><a href="index.php?action=editmembersettings">',_QMENU_USER_SETTINGS,'</a></li>';\r
-                                       echo '<li><a href="index.php?action=browseownitems">',_QMENU_USER_ITEMS,'</a></li>';\r
-                                       echo '<li><a href="index.php?action=browseowncomments">',_QMENU_USER_COMMENTS,'</a></li>';\r
+                                       echo '<li><a href="index.php?action=editmembersettings">' . _QMENU_USER_SETTINGS . '</a></li>';\r
+                                       echo '<li><a href="index.php?action=browseownitems">' . _QMENU_USER_ITEMS . '</a></li>';\r
+                                       echo '<li><a href="index.php?action=browseowncomments">' . _QMENU_USER_COMMENTS . '</a></li>';\r
                                        echo '</ul>';\r
 \r
 \r
@@ -5135,19 +5343,20 @@ selector();
                                                echo '<h2>',_QMENU_MANAGE,'</h2>';\r
 \r
                                                echo '<ul>';\r
-                                               echo '<li><a href="index.php?action=actionlog">',_QMENU_MANAGE_LOG,'</a></li>';\r
-                                               echo '<li><a href="index.php?action=settingsedit">',_QMENU_MANAGE_SETTINGS,'</a></li>';\r
-                                               echo '<li><a href="index.php?action=usermanagement">',_QMENU_MANAGE_MEMBERS,'</a></li>';\r
-                                               echo '<li><a href="index.php?action=createnewlog">',_QMENU_MANAGE_NEWBLOG,'</a></li>';\r
-                                               echo '<li><a href="index.php?action=backupoverview">',_QMENU_MANAGE_BACKUPS,'</a></li>';\r
-                                               echo '<li><a href="index.php?action=pluginlist">',_QMENU_MANAGE_PLUGINS,'</a></li>';\r
+                                               echo '<li><a href="index.php?action=actionlog">' . _QMENU_MANAGE_LOG . '</a></li>';\r
+                                               echo '<li><a href="index.php?action=settingsedit">' . _QMENU_MANAGE_SETTINGS . '</a></li>';\r
+                                               echo '<li><a href="index.php?action=systemoverview">' . _QMENU_MANAGE_SYSTEM . '</a></li>';\r
+                                               echo '<li><a href="index.php?action=usermanagement">' . _QMENU_MANAGE_MEMBERS . '</a></li>';\r
+                                               echo '<li><a href="index.php?action=createnewlog">' . _QMENU_MANAGE_NEWBLOG . '</a></li>';\r
+                                               echo '<li><a href="index.php?action=backupoverview">' . _QMENU_MANAGE_BACKUPS . '</a></li>';\r
+                                               echo '<li><a href="index.php?action=pluginlist">' . _QMENU_MANAGE_PLUGINS . '</a></li>';\r
                                                echo '</ul>';\r
 \r
                                                echo '<h2>',_QMENU_LAYOUT,'</h2>';\r
                                                echo '<ul>';\r
-                                               echo '<li><a href="index.php?action=skinoverview">',_QMENU_LAYOUT_SKINS,'</a></li>';\r
-                                               echo '<li><a href="index.php?action=templateoverview">',_QMENU_LAYOUT_TEMPL,'</a></li>';\r
-                                               echo '<li><a href="index.php?action=skinieoverview">',_QMENU_LAYOUT_IEXPORT,'</a></li>';\r
+                                               echo '<li><a href="index.php?action=skinoverview">' . _QMENU_LAYOUT_SKINS . '</a></li>';\r
+                                               echo '<li><a href="index.php?action=templateoverview">' . _QMENU_LAYOUT_TEMPL . '</a></li>';\r
+                                               echo '<li><a href="index.php?action=skinieoverview">' . _QMENU_LAYOUT_IEXPORT . '</a></li>';\r
                                                echo '</ul>';\r
 \r
                                        }\r
@@ -5181,12 +5390,14 @@ selector();
                        </div>\r
 \r
                        <!-- content / quickmenu container -->\r
+                       <div class="clear"></div>       <!-- new -->\r
                        </div>\r
 \r
-\r
+                       <!-- adminwrapper -->   <!-- new -->\r
+                       </div>   <!-- new -->\r
                        </body>\r
                        </html>\r
-               <?php   }\r
+               <?php   }\r
 \r
        /**\r
         * @todo document this\r
@@ -5201,7 +5412,7 @@ selector();
                // header-code stolen from phpMyAdmin\r
                // REGEDIT and bookmarklet code stolen from GreyMatter\r
 \r
-               $sjisBlogName = getBlogNameFromID($blogid);\r
+               $sjisBlogName = sprintf(_WINREGFILE_TEXT, getBlogNameFromID($blogid));\r
                $sjisBlogName = mb_convert_encoding($sjisBlogName, "SJIS", "auto");\r
 \r
                header('Content-Type: application/octetstream');\r
@@ -5210,7 +5421,7 @@ selector();
                header('Expires: 0');\r
 \r
                echo "REGEDIT4\n";\r
-               echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\Post To &Nucleus (".$sjisBlogName.")]\n";\r
+               echo "[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\MenuExt\\" . $sjisBlogName . "]\n";\r
                echo '@="' . $CONF['AdminURL'] . "bookmarklet.php?action=contextmenucode&blogid=".intval($blogid)."\"\n";\r
                echo '"contexts"=hex:31';\r
        }\r
@@ -5234,48 +5445,48 @@ selector();
 \r
                ?>\r
 \r
-               <h2>Bookmarklet<!-- and Right Click Menu --></h2>\r
+               <h2><?php echo _BOOKMARKLET_TITLE ?></h2>\r
 \r
                <p>\r
-               Bookmarklet とは、クリック1回で記事の投稿ができるシステムです。 この Bookmarklet をインストールすると、ブラウザのツールバーの'add to weblog'ボタンが利用可能となり、Nucleusの新規アイテムの追加ウィンドウがポップアップします。任意のWebページを開いた状態でこのボタンを押せば、そのWebページのタイトルと、そのページへのリンクタグがすでに埋め込まれた状態でアイテム追加ウィンドウが開き、さらに、そのページ内に引用したい文を選択した状態であればその引用文も自動的に引用します。\r
+               <?php echo _BOOKMARKLET_DESC1 . _BOOKMARKLET_DESC2 . _BOOKMARKLET_DESC3 . _BOOKMARKLET_DESC4 . _BOOKMARKLET_DESC5 ?>\r
                </p>\r
 \r
-               <h3>Bookmarklet</h3>\r
+               <h3><?php echo _BOOKMARKLET_BOOKARKLET ?></h3>\r
                <p>\r
-                       下のリンク部分を「お気に入り」もしくはツールバーにドラッグできます。<small>(その前にテストしてみたい場合は単純に下のリンクをクリックしてみてください)</small>\r
+                       <?php echo _BOOKMARKLET_BMARKTEXT ?><small><?php echo _BOOKMARKLET_BMARKTEST ?></small>\r
                        <br />\r
                        <br />\r
-                       <a href="<?php echo htmlspecialchars($bm)?>">Add to <?php echo $blog->getShortName()?></a> (ほとんどのブラウザで動作します)\r
+                       <?php echo '<a href="' . htmlspecialchars($bm, ENT_QUOTES) . '">' . sprintf(_BOOKMARKLET_ANCHOR, htmlspecialchars($blog->getName(), ENT_QUOTES)) . '</a>' . _BOOKMARKLET_BMARKFOLLOW; ?>\r
                </p>\r
 \r
-               <h3>右クリックメニューにインストール (WindowsでIE使用時)</h3>\r
+               <h3><?php echo _BOOKMARKLET_RIGHTCLICK ?></h3>\r
                <p>\r
                        <?php\r
                                $url = 'index.php?action=regfile&blogid=' . intval($blogid);\r
                                $url = $manager->addTicketToUrl($url);\r
                        ?>\r
-                       あるいは<a href="<?php echo htmlspecialchars($url) ?>">右クリックメニュー</a>にインストールすることもできます (「開く」を選択すれば直接レジストリに登録します)\r
+                       <?php echo _BOOKMARKLET_RIGHTTEXT1 . '<a href="' . htmlspecialchars($url, ENT_QUOTES, "SJIS") . '">' . _BOOKMARKLET_RIGHTLABEL . '</a>' . _BOOKMARKLET_RIGHTTEXT2; ?>\r
                </p>\r
 \r
                <p>\r
-                       このインストールした右クリックメニューを表示するためにはIEの再起動が必要です。\r
+                       <?php echo _BOOKMARKLET_RIGHTTEXT3 ?>\r
                </p>\r
 \r
-               <h3>アンインストール</h3>\r
+               <h3><?php echo _BOOKMARKLET_UNINSTALLTT ?></h3>\r
                <p>\r
-                       「お気に入り」もしくはツールバーから消すには、単に削除するだけです。\r
+                       <?php echo _BOOKMARKLET_DELETEBAR ?>\r
                </p>\r
-               \r
+\r
                <p>\r
-                       右クリックメニューから消したい時は、以下の手順を踏んでください:\r
+                       <?php echo _BOOKMARKLET_DELETERIGHTT ?>\r
                </p>\r
 \r
                <ol>\r
-                       <li>スタートメニューから「ファイルを指定して実行...」を選択</li>\r
-                       <li>"regedit" と入力</li>\r
-                       <li>"OK" ボタンを押す</li>\r
-                       <li>"\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt" をツリーの中から検索</li>\r
-                       <li>"add to weblog" エントリを削除</li>                          \r
+                       <li><?php echo _BOOKMARKLET_DELETERIGHT1 ?></li>\r
+                       <li><?php echo _BOOKMARKLET_DELETERIGHT2 ?></li>\r
+                       <li><?php echo _BOOKMARKLET_DELETERIGHT3 ?></li>\r
+                       <li><?php echo _BOOKMARKLET_DELETERIGHT4 ?></li>\r
+                       <li><?php echo _BOOKMARKLET_DELETERIGHT5 ?></li>\r
                </ol>\r
 \r
                <?php\r
@@ -5356,6 +5567,7 @@ selector();
                $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
                $blog =& $manager->getBlog($blogid);\r
+               $banBlogName =  htmlspecialchars($blog->getName(), ENT_QUOTES);\r
 \r
                $this->pagehead();\r
                ?>\r
@@ -5374,7 +5586,8 @@ selector();
 \r
                        <div>\r
                                <input type="hidden" name="blogid" value="<?php echo $blogid?>" />\r
-                               <input name="allblogs" type="radio" value="0" id="allblogs_one" /><label for="allblogs_one">Only blog '<?php echo htmlspecialchars($blog->getName())?>'</label>\r
+                               <input name="allblogs" type="radio" value="0" id="allblogs_one" />\r
+                               <label for="allblogs_one"><?php echo sprintf(_BAN_BANBLOGNAME, $banBlogName) ?></label>\r
                                <br />\r
                                <input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php echo _BAN_ALLBLOGS?></label>\r
                        </div>\r
@@ -5472,16 +5685,23 @@ selector();
                <p><?php echo _BAN_IPRANGE_TEXT?></p>\r
 \r
                <div class="note">\r
-               <b>An example</b>: "134.58.253.193" will only block one computer, while "134.58.253" will block 256 IP addresses, including the one from the first example.\r
+                       <strong><?php echo _BAN_EXAMPLE_TITLE ?></strong>\r
+                       <?php echo _BAN_EXAMPLE_TEXT ?>\r
                </div>\r
 \r
                <div>\r
-               <?php                   if ($ip) {\r
+               <?php\r
+               if ($ip) {\r
+                       $iprangeVal = htmlspecialchars($ip, ENT_QUOTES);\r
                ?>\r
-                       <input name="iprange" type="radio" value="<?php echo htmlspecialchars($ip)?>" checked="checked" id="ip_fixed" /><label for="ip_fixed"><?php echo htmlspecialchars($ip)?></label>\r
+                       <input name="iprange" type="radio" value="<?php echo $iprangeVal ?>" checked="checked" id="ip_fixed" />\r
+                       <label for="ip_fixed"><?php echo $iprangeVal ?></label>\r
                        <br />\r
-                       <input name="iprange" type="radio" value="custom" id="ip_custom" /><label for="ip_custom">Custom: </label><input name='customiprange' value='<?php echo htmlspecialchars($ip)?>' maxlength='15' size='15' />\r
-               <?php   } else {\r
+                       <input name="iprange" type="radio" value="custom" id="ip_custom" />\r
+                       <label for="ip_custom"><?php echo _BAN_IP_CUSTOM ?></label>\r
+                       <input name='customiprange' value='<?php echo $iprangeVal ?>' maxlength='15' size='15' />\r
+               <?php\r
+               } else {\r
                                echo "<input name='iprange' value='custom' type='hidden' />";\r
                                echo "<input name='customiprange' value='' maxlength='15' size='15' />";\r
                        }\r
@@ -5515,7 +5735,7 @@ selector();
 \r
                </form>\r
 \r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
        }\r
 \r
        /**\r
@@ -5524,12 +5744,12 @@ selector();
        function action_banlistadd() {\r
                global $member;\r
 \r
-               $blogid =               intPostVar('blogid');\r
-               $allblogs =     postVar('allblogs');\r
-               $iprange =              postVar('iprange');\r
+               $blogid =          intPostVar('blogid');\r
+               $allblogs =      postVar('allblogs');\r
+               $iprange =        postVar('iprange');\r
                if ($iprange == "custom")\r
                        $iprange = postVar('customiprange');\r
-               $reason =               postVar('reason');\r
+               $reason =          postVar('reason');\r
 \r
                $member->blogAdminRights($blogid) or $this->disallow();\r
 \r
@@ -5616,7 +5836,7 @@ selector();
                        <br /><?php echo _RESTORE_WARNING?>\r
                </p></form>\r
 \r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
        }\r
 \r
        /**\r
@@ -5636,7 +5856,8 @@ selector();
                // (creating/restoring dumps might take a while)\r
                @set_time_limit(1200);\r
 \r
-               do_backup($useGzip);\r
+               $bu = new Backup();\r
+               $bu->do_backup($useGzip);\r
                exit;\r
        }\r
 \r
@@ -5657,14 +5878,15 @@ selector();
                // (creating/restoring dumps might take a while)\r
                @set_time_limit(1200);\r
 \r
-               $message = do_restore();\r
+               $bu = new Backup();\r
+               $message = $bu->do_restore();\r
                if ($message != '')\r
                        $this->error($message);\r
 \r
                $this->pagehead();\r
                ?>\r
                <h2><?php echo _RESTORE_COMPLETE?></h2>\r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
 \r
        }\r
 \r
@@ -5683,7 +5905,7 @@ selector();
 \r
                echo '<h2>' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), '</h2>';\r
 \r
-               echo '<h3>' , _PLUGS_TITLE_INSTALLED , '</h3>';\r
+               echo '<h3>' , _PLUGS_TITLE_INSTALLED , ' &nbsp;&nbsp;<span style="font-size:smaller">', helplink('getplugins'), _PLUGS_TITLE_GETPLUGINS, '</a></span></h3>';\r
 \r
 \r
                $query =  'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC';\r
@@ -5704,23 +5926,31 @@ selector();
                        </div></form>\r
 \r
                        <h3><?php echo _PLUGS_TITLE_NEW?></h3>\r
-\r
-                       <?php                           // find a list of possibly non-installed plugins\r
+                       \r
+                       <?php\r
+                       // find a list of possibly non-installed plugins\r
                                $candidates = array();\r
                                global $DIR_PLUGINS;\r
                                $dirhandle = opendir($DIR_PLUGINS);\r
-                               while ($filename = readdir($dirhandle)) {\r
-                                       if (ereg('^NP_(.*)\.php$',$filename,$matches)) {\r
+                               while ($filename = readdir($dirhandle) )\r
+                               {\r
+                                       # replaced ereg() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0\r
+                                       # original ereg: ereg('^NP_(.*)\.php$',$filename,$matches)\r
+                                       if (preg_match('#^NP_(.*)\.php$#', $filename, $matches) )\r
+                                       {\r
                                                $name = $matches[1];\r
                                                // only show in list when not yet installed\r
-                                               $res = sql_query('SELECT * FROM '.sql_table('plugin').' WHERE pfile="NP_'.addslashes($name).'"');\r
-                                               if (mysql_num_rows($res) == 0)\r
-                                                       array_push($candidates,$name);\r
+                                               $res = sql_query('SELECT * FROM ' . sql_table('plugin') . ' WHERE `pfile` = "NP_' . sql_real_escape_string($name) . '"');\r
+                                               if (sql_num_rows($res) == 0)\r
+                                               {\r
+                                                       array_push($candidates, $name);\r
+                                               }\r
                                        }\r
                                }\r
                                closedir($dirhandle);\r
-\r
-                               if (sizeof($candidates) > 0) {\r
+                               \r
+                               if (sizeof($candidates) > 0)\r
+                               {\r
                        ?>\r
 \r
                        <p><?php echo _PLUGS_ADD_TEXT?></p>\r
@@ -5730,14 +5960,20 @@ selector();
                                <input type='hidden' name='action' value='pluginadd' />\r
                                <?php $manager->addTicketHidden() ?>\r
                                <select name="filename" tabindex="30">\r
-                               <?php                                   foreach($candidates as $name)\r
-                                               echo '<option value="NP_',$name,'">',htmlspecialchars($name),'</option>';\r
+                               <?php   \r
+                               foreach($candidates as $name)\r
+                               {\r
+                                       echo '<option value="NP_',$name,'">',htmlspecialchars($name),'</option>';\r
+                               }\r
                                ?>\r
                                </select>\r
                                <input type='submit' tabindex="40" value='<?php echo _PLUGS_BTN_INSTALL?>' />\r
                        </div></form>\r
 \r
-               <?php                   } else {        // sizeof(candidates) == 0\r
+               <?php\r
+                               }\r
+                               else\r
+                               {\r
                                echo '<p>',_PLUGS_NOCANDIDATES,'</p>';\r
                        }\r
 \r
@@ -5798,7 +6034,7 @@ selector();
 \r
                // get number of currently installed plugins\r
                $res = sql_query('SELECT * FROM '.sql_table('plugin'));\r
-               $numCurrent = mysql_num_rows($res);\r
+               $numCurrent = sql_num_rows($res);\r
 \r
                // plugin will be added as last one in the list\r
                $newOrder = $numCurrent + 1;\r
@@ -5811,9 +6047,9 @@ selector();
                );\r
 \r
                // do this before calling getPlugin (in case the plugin id is used there)\r
-               $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.addslashes($name).'")';\r
+               $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.sql_real_escape_string($name).'")';\r
                sql_query($query);\r
-               $iPid = mysql_insert_id();\r
+               $iPid = sql_insert_id();\r
 \r
                $manager->clearCachedInfo('installedPlugins');\r
 \r
@@ -5853,12 +6089,12 @@ selector();
                {\r
 \r
                        $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');\r
-                       if (mysql_num_rows($res) == 0)\r
+                       if (sql_num_rows($res) == 0)\r
                        {\r
                                // uninstall plugin again...\r
                                $this->deleteOnePlugin($plugin->getID());\r
 \r
-                               $this->error(_ERROR_INSREQPLUGIN . htmlspecialchars($pluginName));\r
+                               $this->error(sprintf(_ERROR_INSREQPLUGIN, htmlspecialchars($pluginName, ENT_QUOTES)));\r
                        }\r
                }\r
 \r
@@ -5880,7 +6116,7 @@ selector();
         * @todo document this\r
         */\r
        function action_pluginupdate() {\r
-               global $member, $manager;\r
+               global $member, $manager, $CONF;\r
 \r
                // check if allowed\r
                $member->isAdmin() or $this->disallow();\r
@@ -5890,18 +6126,19 @@ selector();
 \r
                // loop over all installed plugins\r
                $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));\r
-               while($o = mysql_fetch_object($res)) {\r
+               while($o = sql_fetch_object($res)) {\r
                        $pid = $o->pid;\r
                        $plug =& $manager->getPlugin($o->pfile);\r
                        if ($plug)\r
                        {\r
                                $eventList = $plug->getEventList();\r
                                foreach ($eventList as $eventName)\r
-                                       sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.addslashes($eventName).'\')');\r
+                                       sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.sql_real_escape_string($eventName).'\')');\r
                        }\r
                }\r
 \r
-               $this->action_pluginlist();\r
+               redirect($CONF['AdminURL'] . '?action=pluginlist');\r
+//             $this->action_pluginlist();\r
        }\r
 \r
        /**\r
@@ -5930,14 +6167,15 @@ selector();
                        <input type="hidden" name="plugid" value="<?php echo $pid; ?>" />\r
                        <input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />\r
                        </div></form>\r
-               <?php           $this->pagefoot();\r
+               <?php\r
+               $this->pagefoot();\r
        }\r
 \r
        /**\r
         * @todo document this\r
         */\r
        function action_plugindeleteconfirm() {\r
-               global $member, $manager;\r
+               global $member, $manager, $CONF;\r
 \r
                // check if allowed\r
                $member->isAdmin() or $this->disallow();\r
@@ -5949,7 +6187,8 @@ selector();
                        $this->error($error);\r
                }\r
 \r
-               $this->action_pluginlist();\r
+               redirect($CONF['AdminURL'] . '?action=pluginlist');\r
+//             $this->action_pluginlist();\r
        }\r
 \r
        /**\r
@@ -5965,15 +6204,15 @@ selector();
 \r
                $name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid);\r
 \r
-               // call the unInstall method of the plugin\r
+/*             // call the unInstall method of the plugin\r
                if ($callUninstall) {\r
                        $plugin =& $manager->getPlugin($name);\r
                        if ($plugin) $plugin->unInstall();\r
-               }\r
+               }*/\r
 \r
                // check dependency before delete\r
                $res = sql_query('SELECT pfile FROM '.sql_table('plugin'));\r
-               while($o = mysql_fetch_object($res)) {\r
+               while($o = sql_fetch_object($res)) {\r
                        $plug =& $manager->getPlugin($o->pfile);\r
                        if ($plug)\r
                        {\r
@@ -5982,7 +6221,7 @@ selector();
                                {\r
                                        if ($name == $depName)\r
                                        {\r
-                                               return _ERROR_DELREQPLUGIN . $o->pfile;\r
+                                               return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);\r
                                        }\r
                                }\r
                        }\r
@@ -5990,6 +6229,12 @@ selector();
 \r
                $manager->notify('PreDeletePlugin', array('plugid' => $pid));\r
 \r
+               // call the unInstall method of the plugin\r
+               if ($callUninstall) {\r
+                       $plugin =& $manager->getPlugin($name);\r
+                       if ($plugin) $plugin->unInstall();\r
+               }\r
+\r
                // delete all subscriptions\r
                sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid);\r
 \r
@@ -5997,7 +6242,7 @@ selector();
                // get OIDs from plugin_option_desc\r
                $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);\r
                $aOIDs = array();\r
-               while ($o = mysql_fetch_object($res)) {\r
+               while ($o = sql_fetch_object($res)) {\r
                        array_push($aOIDs, $o->oid);\r
                }\r
 \r
@@ -6008,7 +6253,7 @@ selector();
 \r
                // update order numbers\r
                $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid);\r
-               $o = mysql_fetch_object($res);\r
+               $o = sql_fetch_object($res);\r
                sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder);\r
 \r
                // delete row\r
@@ -6024,7 +6269,7 @@ selector();
         * @todo document this\r
         */\r
        function action_pluginup() {\r
-               global $member, $manager;\r
+               global $member, $manager, $CONF;\r
 \r
                // check if allowed\r
                $member->isAdmin() or $this->disallow();\r
@@ -6036,7 +6281,7 @@ selector();
 \r
                // 1. get old order number\r
                $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);\r
-               $o = mysql_fetch_object($res);\r
+               $o = sql_fetch_object($res);\r
                $oldOrder = $o->porder;\r
 \r
                // 2. calculate new order number\r
@@ -6048,14 +6293,14 @@ selector();
 \r
                //$this->action_pluginlist();\r
                // To avoid showing ticket in the URL, redirect to pluginlist, instead.\r
-               redirect('?action=pluginlist');\r
+               redirect($CONF['AdminURL'] . '?action=pluginlist');\r
        }\r
 \r
        /**\r
         * @todo document this\r
         */\r
        function action_plugindown() {\r
-               global $member, $manager;\r
+               global $member, $manager, $CONF;\r
 \r
                // check if allowed\r
                $member->isAdmin() or $this->disallow();\r
@@ -6066,11 +6311,11 @@ selector();
 \r
                // 1. get old order number\r
                $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);\r
-               $o = mysql_fetch_object($res);\r
+               $o = sql_fetch_object($res);\r
                $oldOrder = $o->porder;\r
 \r
                $res = sql_query('SELECT * FROM '.sql_table('plugin'));\r
-               $maxOrder = mysql_num_rows($res);\r
+               $maxOrder = sql_num_rows($res);\r
 \r
                // 2. calculate new order number\r
                $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;\r
@@ -6081,7 +6326,7 @@ selector();
 \r
                //$this->action_pluginlist();\r
                // To avoid showing ticket in the URL, redirect to pluginlist, instead.\r
-               redirect('?action=pluginlist');\r
+               redirect($CONF['AdminURL'] . '?action=pluginlist');\r
        }\r
 \r
        /**\r
@@ -6098,12 +6343,13 @@ selector();
                        $this->error(_ERROR_NOSUCHPLUGIN);\r
 \r
                $extrahead = '<script type="text/javascript" src="javascript/numbercheck.js"></script>';\r
+               $pluginName = htmlspecialchars(getPluginNameFromPid($pid), ENT_QUOTES);\r
                $this->pagehead($extrahead);\r
 \r
                ?>\r
                        <p><a href="index.php?action=pluginlist">(<?php echo _PLUGS_BACK?>)</a></p>\r
 \r
-                       <h2>Options for <?php echo htmlspecialchars(getPluginNameFromPid($pid))?></h2>\r
+                       <h2><?php echo sprintf(_PLUGIN_OPTIONS_TITLE, $pluginName) ?></h2>\r
 \r
                        <?php if  ($message) echo $message?>\r
 \r
@@ -6120,7 +6366,7 @@ selector();
                $aOIDs = array();\r
                $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ' WHERE ocontext=\'global\' and opid=' . $pid . ' ORDER BY oid ASC';\r
                $r = sql_query($query);\r
-               while ($o = mysql_fetch_object($r)) {\r
+               while ($o = sql_fetch_object($r)) {\r
                        array_push($aOIDs, $o->oid);\r
                        $aOptions[$o->oid] = array(\r
                                                'oid' => $o->oid,\r
@@ -6135,7 +6381,7 @@ selector();
                // fill out actual values\r
                if (count($aOIDs) > 0) {\r
                        $r = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE oid in ('.implode(',',$aOIDs).')');\r
-                       while ($o = mysql_fetch_object($r))\r
+                       while ($o = sql_fetch_object($r))\r
                                $aOptions[$o->oid]['value'] = $o->ovalue;\r
                }\r
 \r
@@ -6150,7 +6396,7 @@ selector();
                ?>\r
                        </div>\r
                        </form>\r
-               <?php           $this->pagefoot();\r
+               <?php      $this->pagefoot();\r
 \r
 \r
 \r
@@ -6186,16 +6432,16 @@ selector();
                // (note: this might contain doubles for overlapping contextids)\r
                $aIdToValue = array();\r
                $res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));\r
-               while ($o = mysql_fetch_object($res)) {\r
+               while ($o = sql_fetch_object($res)) {\r
                        $aIdToValue[$o->oid] = $o->ovalue;\r
                }\r
 \r
                // get list of oids per pid\r
                $query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin')\r
-                          . ' WHERE opid=pid and ocontext=\''.addslashes($context).'\' ORDER BY porder, oid ASC';\r
+                          . ' WHERE opid=pid and ocontext=\''.sql_real_escape_string($context).'\' ORDER BY porder, oid ASC';\r
                $res = sql_query($query);\r
                $aOptions = array();\r
-               while ($o = mysql_fetch_object($res)) {\r
+               while ($o = sql_fetch_object($res)) {\r
                        if (in_array($o->oid, array_keys($aIdToValue)))\r
                                $value = $aIdToValue[$o->oid];\r
                        else\r
@@ -6225,17 +6471,19 @@ selector();
                        // new plugin?\r
                        if ($iPrevPid != $aOption['pid']) {\r
                                $iPrevPid = $aOption['pid'];\r
-\r
-                               echo '<tr><th colspan="2">Options for ', htmlspecialchars($aOption['pfile']),'</th></tr>';\r
+                               if (!defined('_PLUGIN_OPTIONS_TITLE')) {\r
+                                       define('_PLUGIN_OPTIONS_TITLE', 'Options for %s');\r
+                               }\r
+                               echo '<tr><th colspan="2">'.sprintf(_PLUGIN_OPTIONS_TITLE, htmlspecialchars($aOption['pfile'], ENT_QUOTES)).'</th></tr>';\r
+                       }\r
+                       \r
+                       $meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']);\r
+                       if (@$meta['access'] != 'hidden') {\r
+                               echo '<tr>';\r
+                               listplug_plugOptionRow($aOption);\r
+                               echo '</tr>';\r
                        }\r
-\r
-                       echo '<tr>';\r
-                       listplug_plugOptionRow($aOption);\r
-                       echo '</tr>';\r
-\r
                }\r
-\r
-\r
        }\r
 \r
        /**\r
@@ -6251,7 +6499,7 @@ selector();
 \r
                if ($name=="admin") {\r
                        echo '<input onclick="selectCanLogin(true);" type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" ';\r
-               } else {\r
+               } else {\r
                        echo '<input type="radio" name="', htmlspecialchars($name),'" value="', htmlspecialchars($value1),'" ';\r
                }\r
 \r
@@ -6267,10 +6515,10 @@ selector();
                        if ($checkedval != $value1)\r
                                echo "tabindex='$tabindex' checked='checked'";\r
                        if ($isAdmin && $name=="canlogin")\r
-                               echo " disabled='true'";\r
+                               echo ' disabled="disabled"';\r
                        echo ' id="'.$id2.'" /><label for="'.$id2.'">' . $noval . '</label>';\r
        }\r
 \r
 } // class ADMIN\r
 \r
-?>\r
+?>
\ No newline at end of file