<?php
/*
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
- * Copyright (C) 2002-2009 The Nucleus Group
+ * Copyright (C) 2002-2010 The Nucleus Group
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Class representing a skin
*
* @license http://nucleuscms.org/license.txt GNU General Public License
- * @copyright Copyright (C) 2002-2009 The Nucleus Group
+ * @copyright Copyright (C) 2002-2010 The Nucleus Group
* @version $Id$
* @version $NucleusJP: SKIN.php,v 1.8.2.1 2007/09/05 07:45:01 kimitake Exp $
*/
// read skin name/description/content type
$res = sql_query('SELECT * FROM '.sql_table('skin_desc').' WHERE sdnumber=' . $this->id);
- $obj = mysql_fetch_object($res);
- $this->isValid = (mysql_num_rows($res) > 0);
+ $obj = sql_fetch_object($res);
+ $this->isValid = (sql_num_rows($res) > 0);
if (!$this->isValid)
return;
* @static
*/
function exists($name) {
- return quickQuery('select count(*) as result FROM '.sql_table('skin_desc').' WHERE sdname="'.addslashes($name).'"') > 0;
+ return quickQuery('select count(*) as result FROM '.sql_table('skin_desc').' WHERE sdname="'.sql_real_escape_string($name).'"') > 0;
}
/**
function getIdFromName($name) {
$query = 'SELECT sdnumber'
. ' FROM '.sql_table('skin_desc')
- . ' WHERE sdname="'.addslashes($name).'"';
+ . ' WHERE sdname="'.sql_real_escape_string($name).'"';
$res = sql_query($query);
- $obj = mysql_fetch_object($res);
+ $obj = sql_fetch_object($res);
return $obj->sdnumber;
}
)
);
- sql_query('INSERT INTO '.sql_table('skin_desc')." (sdname, sddesc, sdtype, sdincmode, sdincpref) VALUES ('" . addslashes($name) . "','" . addslashes($desc) . "','".addslashes($type)."','".addslashes($includeMode)."','".addslashes($includePrefix)."')");
- $newid = mysql_insert_id();
+ sql_query('INSERT INTO '.sql_table('skin_desc')." (sdname, sddesc, sdtype, sdincmode, sdincpref) VALUES ('" . sql_real_escape_string($name) . "','" . sql_real_escape_string($desc) . "','".sql_real_escape_string($type)."','".sql_real_escape_string($includeMode)."','".sql_real_escape_string($includePrefix)."')");
+ $newid = sql_insert_id();
$manager->notify(
'PostAddSkin',
}
function parse($type) {
- global $manager, $CONF;
-
+ global $manager, $CONF, $skinid;
+
$manager->notify('InitSkinParse',array('skin' => &$this, 'type' => $type));
-
+ $skinid = $this->id;
+
// set output type
sendContentType($this->getContentType(), 'skin', _CHARSET);
-
+
// set skin name as global var (so plugins can access it)
global $currentSkinName;
$currentSkinName = $this->getName();
-
+
$contents = $this->getContent($type);
-
+
if (!$contents) {
// use base skin if this skin does not have contents
$defskin =& new SKIN($CONF['BaseSkin']);
return;
}
}
-
+
$actions = $this->getAllowedActionsForType($type);
-
+
$manager->notify('PreSkinParse',array('skin' => &$this, 'type' => $type, 'contents' => &$contents));
-
+ $skinid = $this->id;
+
// set IncludeMode properties of parser
PARSER::setProperty('IncludeMode',$this->getIncludeMode());
PARSER::setProperty('IncludePrefix',$this->getIncludePrefix());
-
+
$handler =& new ACTIONS($type, $this);
$parser =& new PARSER($actions, $handler);
$handler->setParser($parser);
$handler->setSkin($this);
$parser->parse($contents);
-
+
$manager->notify('PostSkinParse',array('skin' => &$this, 'type' => $type));
+ $skinid = $this->id;
}
function getContent($type) {
- $query = 'SELECT scontent FROM '.sql_table('skin')." WHERE sdesc=$this->id and stype='". addslashes($type) ."'";
+ $query = 'SELECT scontent FROM '.sql_table('skin')." WHERE sdesc=$this->id and stype='". sql_real_escape_string($type) ."'";
$res = sql_query($query);
- if (mysql_num_rows($res) == 0)
+ if (sql_num_rows($res) == 0)
return '';
else
- return mysql_result($res, 0, 0);
+ return sql_result($res, 0, 0);
}
/**
$skinid = $this->id;
// delete old thingie
- sql_query('DELETE FROM '.sql_table('skin')." WHERE stype='".addslashes($type)."' and sdesc=" . intval($skinid));
+ sql_query('DELETE FROM '.sql_table('skin')." WHERE stype='".sql_real_escape_string($type)."' and sdesc=" . intval($skinid));
// write new thingie
if ($content) {
- sql_query('INSERT INTO '.sql_table('skin')." SET scontent='" . addslashes($content) . "', stype='" . addslashes($type) . "', sdesc=" . intval($skinid));
+ sql_query('INSERT INTO '.sql_table('skin')." SET scontent='" . sql_real_escape_string($content) . "', stype='" . sql_real_escape_string($type) . "', sdesc=" . intval($skinid));
}
}
*/
function updateGeneralInfo($name, $desc, $type = 'text/html', $includeMode = 'normal', $includePrefix = '') {
$query = 'UPDATE '.sql_table('skin_desc').' SET'
- . " sdname='" . addslashes($name) . "',"
- . " sddesc='" . addslashes($desc) . "',"
- . " sdtype='" . addslashes($type) . "',"
- . " sdincmode='" . addslashes($includeMode) . "',"
- . " sdincpref='" . addslashes($includePrefix) . "'"
+ . " sdname='" . sql_real_escape_string($name) . "',"
+ . " sddesc='" . sql_real_escape_string($desc) . "',"
+ . " sdtype='" . sql_real_escape_string($type) . "',"
+ . " sdincmode='" . sql_real_escape_string($includeMode) . "',"
+ . " sdincpref='" . sql_real_escape_string($includePrefix) . "'"
. " WHERE sdnumber=" . $this->getID();
sql_query($query);
}
$query = "SELECT stype FROM " . sql_table('skin') . " WHERE stype NOT IN ('index', 'item', 'error', 'search', 'archive', 'archivelist', 'imagepopup', 'member')";
$res = sql_query($query);
- while ($row = mysql_fetch_array($res)) {
+ while ($row = sql_fetch_array($res)) {
$skintypes[strtolower($row['stype'])] = ucfirst($row['stype']);
}
'sitevar',
'otherarchivelist',
'otherarchivedaylist',
+ 'otherarchiveyearlist',
'self',
'adminurl',
'todaylink',
'ifnot',
'elseifnot',
'charset',
- 'bloglist',\r
- 'addlink',\r
- 'addpopupcode'\r
+ 'bloglist',
+ 'addlink',
+ 'addpopupcode',
+ 'sticky'
);
// extra actions specific for a certain skin type
'categorylist',
'archivelist',
'archivedaylist',
+ 'archiveyearlist',
'nextlink',
'prevlink'
);
'categorylist',
'archivelist',
'archivedaylist',
+ 'archiveyearlist',
'blogsetting',
'archivedate',
'nextarchive',
$extraActions = array('blog',
'archivelist',
'archivedaylist',
+ 'archiveyearlist',
'categorylist',
'blogsetting',
);
$extraActions = array('blog',
'archivelist',
'archivedaylist',
+ 'archiveyearlist',
'categorylist',
'searchresults',
'othersearchresults',
$extraActions = array(
'membermailform',
'blogsetting',
- 'nucleusbutton'
+// 'nucleusbutton'
+ 'categorylist'
);
break;
case 'item':
'categorylist',
'archivelist',
'archivedaylist',
+ 'archiveyearlist',
'itemtitle',
'itemid',
'itemlink',
break;
case 'error':
$extraActions = array(
- 'errormessage'
+ 'errormessage',
+ 'categorylist'
);
break;
default:
'categorylist',
'archivelist',
'archivedaylist',
+ 'archiveyearlist',
'nextlink',
- 'archivelist',
- 'archivedaylist',
'prevlink',
'membermailform',
- 'nucleusbutton'
+// 'nucleusbutton'
+ 'categorylist'
);
}
break;