// needed if we include globalfunctions from install.php\r
global $nucleus, $CONF, $DIR_LIBS, $DIR_LANG, $manager, $member;\r
\r
-$nucleus['version'] = 'v3.40RC';\r
+$nucleus['version'] = 'v3.41RC';\r
$nucleus['codename'] = '';\r
\r
checkVars(array('nucleus', 'CONF', 'DIR_LIBS', 'MYSQL_HOST', 'MYSQL_USER', 'MYSQL_PASSWORD', 'MYSQL_DATABASE', 'DIR_LANG', 'DIR_PLUGINS', 'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS', 'HTTP_SESSION_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS', 'GLOBALS', 'argv', 'argc', '_GET', '_POST', '_COOKIE', '_ENV', '_SESSION', '_SERVER', '_FILES'));\r
more of the installation files (install.php, install.sql, upgrades/\r
directory) are still on the server.\r
*/\r
+\r
$CONF['alertOnHeadersSent'] = 1;\r
$CONF['alertOnSecurityRisk'] = 1;\r
-$CONF['ItemURL'] = $CONF['Self'];\r
+/*$CONF['ItemURL'] = $CONF['Self'];\r
$CONF['ArchiveURL'] = $CONF['Self'];\r
$CONF['ArchiveListURL'] = $CONF['Self'];\r
$CONF['MemberURL'] = $CONF['Self'];\r
// this avoids urls like index.php/item/13/index.php/item/15\r
if (!isset($CONF['URLMode']) || (($CONF['URLMode'] == 'pathinfo') && (substr($CONF['Self'], strlen($CONF['Self']) - 4) == '.php'))) {\r
$CONF['URLMode'] = 'normal';\r
-}\r
+}*/\r
\r
if (getNucleusPatchLevel() > 0) {\r
$nucleus['version'] .= '/' . getNucleusPatchLevel();\r
$CONF['Self'] = substr($CONF['Self'], 0, strlen($CONF['Self']) -1);\r
}\r
\r
- $CONF['ItemURL'] = $CONF['Self'];\r
+/* $CONF['ItemURL'] = $CONF['Self'];\r
$CONF['ArchiveURL'] = $CONF['Self'];\r
$CONF['ArchiveListURL'] = $CONF['Self'];\r
$CONF['MemberURL'] = $CONF['Self'];\r
$CONF['SearchURL'] = $CONF['Self'];\r
$CONF['BlogURL'] = $CONF['Self'];\r
- $CONF['CategoryURL'] = $CONF['Self'];\r
+ $CONF['CategoryURL'] = $CONF['Self'];*/\r
+}\r
+\r
+$CONF['ItemURL'] = $CONF['Self'];\r
+$CONF['ArchiveURL'] = $CONF['Self'];\r
+$CONF['ArchiveListURL'] = $CONF['Self'];\r
+$CONF['MemberURL'] = $CONF['Self'];\r
+$CONF['SearchURL'] = $CONF['Self'];\r
+$CONF['BlogURL'] = $CONF['Self'];\r
+$CONF['CategoryURL'] = $CONF['Self'];\r
+\r
+// switch URLMode back to normal when $CONF['Self'] ends in .php\r
+// this avoids urls like index.php/item/13/index.php/item/15\r
+if (!isset($CONF['URLMode']) || (($CONF['URLMode'] == 'pathinfo') && (substr($CONF['Self'], strlen($CONF['Self']) - 4) == '.php'))) {\r
+ $CONF['URLMode'] = 'normal';\r
}\r
\r
// automatically use simpler toolbar for mozilla\r
$CONF['CategoryKey'] = 'category';\r
}\r
\r
- if ($CONF['SpecialskinKey'] == '') {\r
+ if (!isset($CONF['SpecialskinKey']) || $CONF['SpecialskinKey'] == '') {\r
$CONF['SpecialskinKey'] = 'special';\r
}\r
\r
* returns the currently used version (100 = 1.00, 101 = 1.01, etc...)\r
*/\r
function getNucleusVersion() {\r
- return 340;\r
+ return 341;\r
}\r
\r
/**\r
\r
// get next and prev month links ...\r
global $archivenext, $archiveprev, $archivetype, $archivenextexists, $archiveprevexists;\r
- \r
+\r
// sql queries for the timestamp of the first and the last published item\r
$query = "SELECT UNIX_TIMESTAMP(itime) as result FROM ".sql_table('item')." WHERE idraft=0 AND iblog=".(int)($blogid ? $blogid : $CONF['DefaultBlog'])." ORDER BY itime ASC";\r
$first_timestamp=quickQuery ($query);\r
if ($d != 0) {\r
$archivetype = _ARCHIVETYPE_DAY;\r
$t = mktime(0, 0, 0, $m, $d, $y);\r
- // one day has 24 * 60 * 60 = 86400 seconds \r
+ // one day has 24 * 60 * 60 = 86400 seconds\r
$archiveprev = strftime('%Y-%m-%d', $t - 86400 );\r
- // check for published items \r
+ // check for published items\r
if ($t > $first_timestamp) {\r
$archiveprevexists = true;\r
}\r
else {\r
$archiveprevexists = false;\r
}\r
- \r
+\r
// one day later\r
- $t += 86400; \r
+ $t += 86400;\r
$archivenext = strftime('%Y-%m-%d', $t);\r
if ($t < $last_timestamp) {\r
$archivenextexists = true;\r
else {\r
$archivenextexists = false;\r
}\r
- \r
+\r
} else {\r
$archivetype = _ARCHIVETYPE_MONTH;\r
$t = mktime(0, 0, 0, $m, 1, $y);\r
else {\r
$archiveprevexists = false;\r
}\r
- \r
- // timestamp for the next month \r
+\r
+ // timestamp for the next month\r
$t = mktime(0, 0, 0, $m+1, 1, $y);\r
$archivenext = strftime('%Y-%m', $t);\r
if ($t < $last_timestamp) {\r
$text = strtr($text, $trans);\r
\r
// 2. the actual shortening\r
- if (strlen($text) > $maxlength)\r
- $text = mb_strimwidth($text, 0, $maxlength, $toadd, _CHARSET);\r
+ if (strlen($text) > $maxlength) {\r
+// $text = substr($text, 0, $maxlength - strlen($toadd) ) . $toadd;\r
+ $text = mb_strimwidth($text, 0, $maxlength, $toadd, _CHARSET); // for Japanese\r
+ }\r
return $text;\r
}\r
\r
\r
function helpHtml($id) {\r
global $CONF;\r
- return helplink($id) . '<img src="' . $CONF['AdminURL'] . 'documentation/icon-help.gif" width="15" height="15" alt="' . _HELP_TT . '" /></a>';\r
+ return helplink($id) . '<img src="' . $CONF['AdminURL'] . 'documentation/icon-help.gif" width="15" height="15" alt="' . _HELP_TT . '" title="' . _HELP_TT . '" /></a>';\r
}\r
\r
function helplink($id) {\r
}\r
\r
\r
-/** \r
+/**\r
* Sanitize parameters such as $_GET and $_SERVER['REQUEST_URI'] etc.\r
- * to avoid XSS \r
+ * to avoid XSS\r
*/\r
function sanitizeParams()\r
{\r
global $HTTP_SERVER_VARS;\r
- \r
+\r
$array = array();\r
$str = '';\r
$frontParam = '';\r
- \r
+\r
// REQUEST_URI of $HTTP_SERVER_VARS\r
$str =& $HTTP_SERVER_VARS["REQUEST_URI"];\r
serverStringToArray($str, $array, $frontParam);\r
sanitizeArray($array);\r
arrayToServerString($array, $frontParam, $str);\r
- \r
+\r
// QUERY_STRING of $HTTP_SERVER_VARS\r
$str =& $HTTP_SERVER_VARS["QUERY_STRING"];\r
serverStringToArray($str, $array, $frontParam);\r
sanitizeArray($array);\r
arrayToServerString($array, $frontParam, $str);\r
- \r
+\r
if (phpversion() >= '4.1.0') {\r
// REQUEST_URI of $_SERVER\r
$str =& $_SERVER["REQUEST_URI"];\r
serverStringToArray($str, $array, $frontParam);\r
sanitizeArray($array);\r
arrayToServerString($array, $frontParam, $str);\r
- \r
+\r
// QUERY_STRING of $_SERVER\r
$str =& $_SERVER["QUERY_STRING"];\r
serverStringToArray($str, $array, $frontParam);\r
sanitizeArray($array);\r
arrayToServerString($array, $frontParam, $str);\r
}\r
- \r
+\r
// $_GET\r
convArrayForSanitizing($_GET, $array);\r
sanitizeArray($array);\r
revertArrayForSanitizing($array, $_GET);\r
- \r
+\r
// $_REQUEST (only GET param)\r
convArrayForSanitizing($_REQUEST, $array);\r
sanitizeArray($array);\r
revertArrayForSanitizing($array, $_REQUEST);\r
}\r
\r
-/** \r
+/**\r
* Check ticket when not checked in plugin's admin page\r
* to avoid CSRF.\r
* Also avoid the access to plugin/index.php by guest user.\r
*/\r
function ticketForPlugin(){\r
global $CONF,$DIR_PLUGINS,$member,$ticketforplugin;\r
- \r
+\r
/* initialize */\r
$ticketforplugin=array();\r
$ticketforplugin['ticket']=false;\r
- \r
+\r
/* Check if using plugin's php file. */\r
if ($p_translated=serverVar('PATH_TRANSLATED')) {\r
if (!file_exists($p_translated)) $p_translated='';\r
$p_translated=str_replace('\\','/',$p_translated);\r
$d_plugins=str_replace('\\','/',$DIR_PLUGINS);\r
if (strpos($p_translated,$d_plugins)!==0) return;// This isn't plugin php file.\r
- \r
+\r
/* Solve the plugin php file or admin directory */\r
$phppath=substr($p_translated,strlen($d_plugins));\r
$phppath=preg_replace('!^/!','',$phppath);// Remove the first "/" if exists.\r
$path=preg_replace('/^NP_(.*)\.php$/','$1',$phppath); // Remove the first "NP_" and the last ".php" if exists.\r
$path=preg_replace('!^([^/]*)/(.*)$!','$1',$path); // Remove the "/" and beyond.\r
- \r
+\r
/* Solve the plugin name. */\r
$plugins=array();\r
$query='SELECT pfile FROM '.sql_table('plugin');\r
header("HTTP/1.0 404 Not Found");\r
exit('');\r
}\r
- \r
+\r
/* Return if not index.php */\r
if ( $phppath!=strtolower($plugin_name).'/'\r
&& $phppath!=strtolower($plugin_name).'/index.php' ) return;\r
- \r
+\r
/* Exit if not logged in. */\r
if ( !$member->isLoggedIn() ) exit("You aren't logged in.");\r
- \r
+\r
global $manager,$DIR_LIBS,$DIR_LANG,$HTTP_GET_VARS,$HTTP_POST_VARS;\r
- \r
+\r
/* Check if this feature is needed (ie, if "$manager->checkTicket()" is not included in the script). */\r
if (!($p_translated=serverVar('PATH_TRANSLATED'))) $p_translated=serverVar('SCRIPT_FILENAME');\r
if ($file=@file($p_translated)) {\r
$prevline=$line;\r
}\r
}\r
- \r
+\r
/* Show a form if not valid ticket */\r
if ( ( strstr(serverVar('REQUEST_URI'),'?') || serverVar('QUERY_STRING')\r
|| strtoupper(serverVar('REQUEST_METHOD'))=='POST' )\r
$oPluginAdmin = new PluginAdmin($plugin_name);\r
$oPluginAdmin->start();\r
echo '<p>' . _ERROR_BADTICKET . "</p>\n";\r
- \r
+\r
/* Show the form to confirm action */\r
// PHP 4.0.x support\r
$get= (isset($_GET)) ? $_GET : $HTTP_GET_VARS;\r
echo '<input type="submit" value="'._YES.'" /> ';\r
echo '<input type="button" value="'._NO.'" onclick="history.back(); return false;" />';\r
echo "</form>\n";\r
- \r
+\r
$oPluginAdmin->end();\r
exit;\r
}\r
- \r
+\r
/* Create new ticket */\r
$ticket=$manager->addTicketToUrl('');\r
$ticketforplugin['ticket']=substr($ticket,strpos($ticket,'ticket=')+7);\r
}\r
}\r
\r
-/** \r
+/**\r
* Convert the server string such as $_SERVER['REQUEST_URI']\r
* to arry like arry['blogid']=1 and array['page']=2 etc.\r
*/\r
$args = $str;\r
$frontParam = "";\r
}\r
- \r
+\r
// If there is no args like blogid=1&page=2, return\r
if (!strstr($str, "=") && !strlen($frontParam)) {\r
$frontParam = $str;\r
$array = explode("&", $args);\r
}\r
\r
-/** \r
+/**\r
* Convert array like array['blogid'] to server string\r
* such as $_SERVER['REQUEST_URI']\r
*/\r
}\r
}\r
\r
-/** \r
+/**\r
* Sanitize array parameters.\r
* This function checks both key and value.\r
* - check key if it inclues " (double quote), remove from array\r
* - check value if it includes \ (escape sequece), remove remaining string\r
*/\r
function sanitizeArray(&$array)\r
-{ \r
+{\r
$excludeListForSanitization = array('query');\r
// $excludeListForSanitization = array();\r
\r
$val = stripslashes($val);\r
}\r
$val = addslashes($val);\r
- \r
+\r
// if $key is included in exclude list, skip this param\r
if (!in_array($key, $excludeListForSanitization)) {\r
- \r
+\r
// check value\r
- @list($val, $tmp) = explode('\\', $val);\r
- \r
+ if (strpos($val, '\\')) {\r
+ list($val, $tmp) = explode('\\', $val);\r
+ }\r
+\r
// remove control code etc.\r
$val = strtr($val, "\0\r\n<>'\"", " ");\r
- \r
+\r
// check key\r
if (preg_match('/\"/i', $key)) {\r
unset($array[$k]);\r
continue;\r
}\r
- \r
+\r
// set sanitized info\r
$array[$k] = sprintf("%s=%s", $key, $val);\r
}\r
* @todo document this\r
*/\r
function encode_desc(&$data)\r
- { //_$to_entities = get_html_translation_table(HTML_ENTITIES);\r
- $to_entities = get_html_translation_table(HTML_SPECIALCHARS);\r
- $from_entities = array_flip($to_entities);\r
- $data = str_replace('<br />', '\n', $data); //hack\r
- $data = strtr($data,$from_entities);\r
- $data = strtr($data,$to_entities);\r
- $data = str_replace('\n', '<br />', $data); //hack\r
- return $data;\r
- }\r
- \r
+{\r
+// _$to_entities = get_html_translation_table(HTML_ENTITIES);\r
+ $to_entities = get_html_translation_table(HTML_SPECIALCHARS); // for Japanese\r
+ $from_entities = array_flip($to_entities);\r
+ $data = str_replace('<br />', '\n', $data); //hack\r
+ $data = strtr($data,$from_entities);\r
+ $data = strtr($data,$to_entities);\r
+ $data = str_replace('\n', '<br />', $data); //hack\r
+ return $data;\r
+}\r
+\r
/**\r
* Returns the Javascript code for a bookmarklet that works on most modern browsers\r
*\r