*
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: ADMIN.php,v 1.15 2007-02-09 02:47:47 kimitake Exp $
- * @version $NucleusJP: ADMIN.php,v 1.14 2007/02/04 06:28:46 kimitake Exp $
+ * @version $Id: ADMIN.php,v 1.24 2008-02-08 09:31:22 kimitake Exp $
+ * @version $NucleusJP: ADMIN.php,v 1.21.2.4 2007/10/30 19:04:24 kmorimatsu Exp $
*/
-require_once "showlist.php";
+if ( !function_exists('requestVar') ) exit;
+require_once dirname(__FILE__) . '/showlist.php';
/**
* Builds the admin area and executes admin actions
if (method_exists($this, $methodName))
call_user_func(array(&$this, $methodName));
else
- $this->error(_BADACTION . " ($action)");
+ $this->error(_BADACTION . htmlspecialchars(" ($action)"));
}
* @param object BLOG
*/
function bloglink(&$blog) {
- return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'.$blog->getName() .'</a>';
+ return '<a href="'.htmlspecialchars($blog->getURL()).'" title="'._BLOGLIST_TT_VISIT.'">'. htmlspecialchars( $blog->getName() ) .'</a>';
}
/**
$error = $this->moveOneItem($itemid, $destCatid);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
$error = $this->deleteOneComment($commentid);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
sql_query('UPDATE ' . sql_table('member') .' SET madmin=0 WHERE mnumber='.$memberid);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
sql_query('UPDATE '.sql_table('team').' SET tadmin=0 WHERE tblog='.$blogid.' and tmember='.$memberid);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? $error : _BATCH_SUCCESS),'</b>';
$error = $this->moveOneCategory($catid, $destBlogId);
break;
default:
- $error = _BATCH_UNKNOWN . $action;
+ $error = _BATCH_UNKNOWN . htmlspecialchars($action);
}
echo '<b>',($error ? 'Error: '.$error : _BATCH_SUCCESS),'</b>';
// start index
if (postVar('start'))
- $start = postVar('start');
+ $start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
- $amount = postVar('amount');
+ $amount = intPostVar('amount');
else
$amount = 10;
// start index
if (postVar('start'))
- $start = postVar('start');
+ $start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
- $amount = postVar('amount');
+ $amount = intPostVar('amount');
else
$amount = 10;
// start index
if (postVar('start'))
- $start = postVar('start');
+ $start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
- $amount = postVar('amount');
+ $amount = intPostVar('amount');
else
$amount = 10;
// start index
if (postVar('start'))
- $start = postVar('start');
+ $start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
- $amount = postVar('amount');
+ $amount = intPostVar('amount');
else
$amount = 10;
// edit the item for real
ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
- if ($draftid > 0) {
+ $blogid = getBlogIDFromItemID($itemid);
+ $blog =& $manager->getBlog($blogid);
+
+ $isFuture = 0;
+ if ($timestamp > $blog->getCorrectTime(time())) {
+ $isFuture = 1;
+ }
+
+ $this->updateFuturePosted($blogid);
+
+ if ($draftid > 0 && $member->canAlterItem($draftid)) {
ITEM::delete($draftid);
}
- $blogid = getBlogIDFromItemID($itemid);
- $blog =& $manager->getBlog($blogid);
- if (!$closed && $publish && $wasdraft && $blog->pingUserland()) {
+ if (!$closed && $publish && $wasdraft && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 && !$isFuture) {
$this->action_sendping($blogid);
return;
}
if (!$member->canAlterItem($itemid))
return _ERROR_DISALLOWED;
+ // need to get blogid before the item is deleted
+ $blogid = getBlogIDFromItemId($itemid);
+
$manager->loadClass('ITEM');
ITEM::delete($itemid);
+
+ // update blog's futureposted
+ $this->updateFuturePosted($blogid);
+ }
+
+ /**
+ * Update a blog's future posted flag
+ * @param int $blogid
+ */
+ function updateFuturePosted($blogid) {
+ global $manager;
+
+ $blog =& $manager->getBlog($blogid);
+ $currenttime = $blog->getCorrectTime(time());
+ $result = sql_query("SELECT * FROM ".sql_table('item').
+ " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));
+ if (mysql_num_rows($result) > 0) {
+ $blog->setFuturePost();
+ }
+ else {
+ $blog->clearFuturePost();
+ }
}
/**
// only allow if user is allowed to alter item
$member->canUpdateItem($itemid, $catid) or $this->disallow();
+ $old_blogid = getBlogIDFromItemId($itemid);
+
ITEM::move($itemid, $catid);
+ // set the futurePosted flag on the blog
+ $this->updateFuturePosted(getBlogIDFromItemId($itemid));
+
+ // reset the futurePosted in case the item is moved from one blog to another
+ $this->updateFuturePosted($old_blogid);
+
if ($catid != intRequestVar('catid'))
$this->action_categoryedit($catid, $blog->getID());
else
$this->action_categoryedit(
$result['catid'],
$blogid,
- $blog->pingUserland() ? $pingUrl : ''
+ $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0 ? $pingUrl : ''
);
- elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())
+ elseif ((postVar('actiontype') == 'addnow') && $blog->sendPing() && numberOfEventSubscriber('SendPing') > 0)
$this->action_sendping($blogid);
else
$this->action_itemlist($blogid);
}
/**
- * Shows a window that says we're about to ping weblogs.com.
+ * Shows a window that says we're about to ping.
* immediately refresh to the real pinging page, which will
* show an error, or redirect to the blog.
*
$this->pagehead('<meta http-equiv="refresh" content="1; url='.htmlspecialchars($rawPingUrl).'" />');
?>
- <h2>Site Updated, Now pinging weblogs.com</h2>
+ <h2>Site Updated, Now pinging various weblog listing services...</h2>
<p>
- Pinging weblogs.com! This can a while...
- <br />
- When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.
+ This can take a while...
</p>
<p>
}
/**
- * Ping to Weblogs.com
* Sends the real ping (can take up to 10 seconds!)
*/
function action_rawping() {
$blogid = intRequestVar('blogid');
$blog =& $manager->getBlog($blogid);
- $result = $blog->sendUserlandPing();
-
$this->pagehead();
?>
- <h2>Ping Results</h2>
+ <h2>Pinging services, please wait...</h2>
+ <div class='note'>
+ <?php
- <p>The following message was returned by weblogs.com:</p>
+ // send sendPing event
+ $manager->notify('SendPing', array('blogid' => $blogid));
- <div class='note'><?php echo $result ?></div>
+ ?>
+ </div>
<ul>
<li><a href="index.php?action=itemlist&blogid=<?php echo $blog->getID()?>">View list of recent items for <?php echo htmlspecialchars($blog->getName())?></a></li>
<th colspan="2"><?php echo _MEMBERS_NEW?></th>
</tr><tr>
<td><?php echo _MEMBERS_DISPLAY?> <?php help('shortnames');?>
- <br /><small>(This is the name used to logon)</small>
+ <br /><small><?php echo _MEMBERS_DISPLAY_INFO?></small>
</td>
<td><input tabindex="10010" name="name" size="16" maxlength="16" /></td>
</tr><tr>
?>
<h2><?php echo _DELETE_CONFIRM?></h2>
- <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo $teammem->getDisplayName() ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo htmlspecialchars(strip_tags($blog->getName())) ?></b>
+ <p><?php echo _CONFIRMTXT_TEAM1?><b><?php echo htmlspecialchars($teammem->getDisplayName()) ?></b><?php echo _CONFIRMTXT_TEAM2?><b><?php echo htmlspecialchars(strip_tags($blog->getName())) ?></b>
</p>
// check if: - there remains at least one blog admin
// - (there remains at least one team member)
- $tmem = MEMBER::createFromID($memberid);
+ $mem = MEMBER::createFromID($memberid);
$manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
- if ($tmem->isBlogAdmin($blogid)) {
+ if ($mem->isBlogAdmin($blogid)) {
// check if there are more blog members left and at least one admin
// (check for at least two admins before deletion)
$query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
/><label for="notifyNewItem"><?php echo _EBLOG_NOTIFY_ITEM?></label>
</td>
</tr><tr>
- <td><?php echo _EBLOG_PING?> <?php help('pinguserland'); ?></td>
- <td><?php $this->input_yesno('pinguserland',$blog->pingUserland(),85); ?></td>
+ <?php
+ if (numberOfEventSubscriber('SendPing') > 0) {
+ ?>
+ <td><?php echo _EBLOG_PING?> <?php help('sendping'); ?></td>
+ <td><?php $this->input_yesno('sendping',$blog->sendPing(),85); ?></td>
</tr><tr>
+ <?php
+ }
+ ?>
<td><?php echo _EBLOG_MAXCOMMENTS?> <?php help('blogmaxcomments'); ?></td>
<td><input name="maxcomments" tabindex="90" size="3" value="<?php echo htmlspecialchars($blog->getMaxComments()); ?>" /></td>
</tr><tr>
<h2><?php echo _DELETE_CONFIRM?></h2>
<div>
- <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo $blog->getCategoryName($catid)?></b>
+ <?php echo _CONFIRMTXT_CATEGORY?><b><?php echo htmlspecialchars($blog->getCategoryName($catid))?></b>
</div>
<form method="post" action="index.php"><div>
$blog->setDefaultSkin(intPostVar('defskin'));
$blog->setDescription(trim(postVar('desc')));
$blog->setPublic(postVar('public'));
- $blog->setPingUserland(postVar('pinguserland'));
+ $blog->setPingUserland(postVar('sendping'));
$blog->setConvertBreaks(intPostVar('convertbreaks'));
$blog->setAllowPastPosting(intPostVar('allowpastposting'));
$blog->setDefaultCategory(intPostVar('defcat'));
?>
<h2><?php echo _DELETE_CONFIRM?></h2>
- <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo $mem->getDisplayName() ?></b>
+ <p><?php echo _CONFIRMTXT_MEMBER?><b><?php echo htmlspecialchars($mem->getDisplayName()) ?></b>
</p>
<p>
<td><input name="timeoffset" tabindex="110" size="3" value="0" /></td>
</tr><tr>
<td><?php echo _EBLOG_ADMIN?>
- <?php help('blogadmin'); ?>
+ <?php help('teamadmin'); ?>
</td>
<td><?php echo _EBLOG_ADMIN_MSG?></td>
</tr><tr>
'name' => &$bname,
'shortname' => &$bshortname,
'timeoffset' => &$btimeoffset,
- 'description' => &$bdescription,
+ 'description' => &$bdesc,
'defaultskin' => &$bdefskin
)
);
<a href="index.php?action=templateoverview">(<?php echo _TEMPLATE_BACK?>)</a>
</p>
- <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo $templatename; ?>'</h2>
+ <h2><?php echo _TEMPLATE_EDIT_TITLE?> '<?php echo htmlspecialchars($templatename); ?>'</h2>
<?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>";
?>
$this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150);
?>
</tr><tr>
+ <th colspan="2"><?php echo _TEMPLATE_BLOGLIST?> <?php help('templatebloglists'); ?></th>
+<?php $this->_templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160);
+ $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170);
+ $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180);
+?>
+ </tr><tr>
<th colspan="2"><?php echo _TEMPLATE_CATEGORYLIST?> <?php help('templatecategorylists'); ?></th>
<?php $this->_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 160);
$this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 170);
$this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));
$this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
$this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));
+ $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));
+ $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));
+ $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));
$this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));
$this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));
$this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));
<h2><?php echo _DELETE_CONFIRM?></h2>
<p>
- <?php echo _CONFIRMTXT_TEMPLATE?><b><?php echo $name?></b> (<?php echo htmlspecialchars($desc) ?>)
+ <?php echo _CONFIRMTXT_TEMPLATE?><b><?php echo htmlspecialchars($name)?></b> (<?php echo htmlspecialchars($desc) ?>)
</p>
<form method="post" action="index.php"><div>
$tabstart = 75;
while ($row = mysql_fetch_assoc($res)) {
- echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&skinid=' . $skinid . '&type=' . strtolower($row['stype']) . '">' . ucfirst($row['stype']) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&skinid=' . $skinid . '&type=' . strtolower($row['stype']) . '">remove</a>)</li>';
+ echo '<li><a tabindex="' . ($tabstart++) . '" href="index.php?action=skinedittype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">' . htmlspecialchars(ucfirst($row['stype'])) . '</a> (<a tabindex="' . ($tabstart++) . '" href="index.php?action=skinremovetype&skinid=' . $skinid . '&type=' . htmlspecialchars(strtolower($row['stype'])) . '">remove</a>)</li>';
}
echo '</ul>';
?>
<p>(<a href="index.php?action=skinoverview"><?php echo _SKIN_GOBACK?></a>)</p>
- <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo $skin->getName() ?>': <?php echo (isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2>
+ <h2><?php echo _SKIN_EDITPART_TITLE?> '<?php echo htmlspecialchars($skin->getName()) ?>': <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?></h2>
<?php if ($msg) echo "<p>"._MESSAGE.": $msg</p>";
?>
<input type="submit" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" />
<input type="reset" value="<?php echo _SKIN_RESET_BTN?>" />
- (skin type: <?php echo (isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)
- <?php help('skinpart' . $type);?>
+ (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)
+ <?php if (in_array($type, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {
+ help('skinpart' . $type);
+ } else {
+ help('skinpartspecial');
+ }?>
<br />
<textarea class="skinedit" tabindex="10" rows="20" cols="80" name="content"><?php echo htmlspecialchars($skin->getContent($type)) ?></textarea>
<br />
<input type="submit" tabindex="20" value="<?php echo _SKIN_UPDATE_BTN?>" onclick="return checkSubmit();" />
<input type="reset" value="<?php echo _SKIN_RESET_BTN?>" />
- (skin type: <?php echo (isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)
+ (skin type: <?php echo htmlspecialchars(isset($friendlyNames[$type]) ? $friendlyNames[$type] : ucfirst($type)); ?>)
<br /><br />
<?php echo _SKIN_ALLOWEDVARS?>
$query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;
$r = sql_query($query);
if ($o = mysql_fetch_object($r))
- $this->error(_ERROR_SKINDEFDELETE . $o->bname);
+ $this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname));
$this->pagehead();
<h2><?php echo _DELETE_CONFIRM?></h2>
<p>
- <?php echo _CONFIRMTXT_SKIN?><b><?php echo $name ?></b> (<?php echo htmlspecialchars($desc)?>)
+ <?php echo _CONFIRMTXT_SKIN?><b><?php echo htmlspecialchars($name) ?></b> (<?php echo htmlspecialchars($desc)?>)
</p>
<form method="post" action="index.php"><div>
<h2><?php echo _DELETE_CONFIRM?></h2>
<p>
- <?php echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; ?> <b><?php echo $skintype; ?> (<?php echo $name; ?>)</b> (<?php echo htmlspecialchars($desc)?>)
+ <?php echo _CONFIRMTXT_SKIN_PARTS_SPECIAL; ?> <b><?php echo htmlspecialchars($skintype); ?> (<?php echo htmlspecialchars($name); ?>)</b> (<?php echo htmlspecialchars($desc)?>)
</p>
<form method="post" action="index.php"><div>
<input type="hidden" name="action" value="skinremovetypeconfirm" />
<?php $manager->addTicketHidden() ?>
<input type="hidden" name="skinid" value="<?php echo $skinid; ?>" />
- <input type="hidden" name="type" value="<?php echo $skintype; ?>" />
+ <input type="hidden" name="type" value="<?php echo htmlspecialchars($skintype); ?>" />
<input type="submit" tabindex="10" value="<?php echo _DELETE_CONFIRM_BTN?>" />
</div></form>
<?php
if ($manager->pluginInstalled($name))
$this->error(_ERROR_DUPPLUGIN);
if (!checkPlugin($name))
- $this->error(_ERROR_PLUGFILEERROR . ' (' . $name . ')');
+ $this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')');
// get number of currently installed plugins
$res = sql_query('SELECT * FROM '.sql_table('plugin'));
$this->deleteOnePlugin($plugin->getID());
// ...and show error
- $this->error(_ERROR_NUCLEUSVERSIONREQ . $plugin->getMinNucleusVersion());
+ $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion()));
}
// check if plugin needs a newer Nucleus version
$this->deleteOnePlugin($plugin->getID());
// ...and show error
- $this->error(_ERROR_NUCLEUSVERSIONREQ . $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel());
+ $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
}
$pluginList = $plugin->getPluginDep();
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
- $this->error(_ERROR_INSREQPLUGIN . $pluginName);
+ $this->error(_ERROR_INSREQPLUGIN . htmlspecialchars($pluginName));
}
}
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);
- $this->action_pluginlist();
+ //$this->action_pluginlist();
+ // To avoid showing ticket in the URL, redirect to pluginlist, instead.
+ redirect('?action=pluginlist');
}
/**
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);
- $this->action_pluginlist();
+ //$this->action_pluginlist();
+ // To avoid showing ticket in the URL, redirect to pluginlist, instead.
+ redirect('?action=pluginlist');
}
/**