/**
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: globalfunctions.php,v 1.12 2007-02-04 06:28:46 kimitake Exp $
- * $NucleusJP: globalfunctions.php,v 1.11 2007/02/03 06:03:57 kimitake Exp $
+ * @version $Id: globalfunctions.php,v 1.18 2007-03-19 10:19:29 shizuki Exp $
+ * $NucleusJP: globalfunctions.php,v 1.17 2007/03/13 05:10:23 shizuki Exp $
*/
// needed if we include globalfunctions from install.php
}
// login completed
+ticketForPlugin();
$manager->notify('PostAuthentication', array('loggedIn' => $member->isLoggedIn() ) );
// first, let's see if the site is disabled or not. always allow admin area access.
$CONF['CategoryKey'] = 'category';
}
+ if ($CONF['SpecialskinKey'] == '') {
+ $CONF['SpecialskinKey'] = 'special';
+ }
+
$parsed = false;
$manager->notify(
'ParseURL',
}
break;
+ case $CONF['SpecialskinKey']:
+ $i++;
+
+ if ($i < sizeof($data) ) {
+ $_REQUEST['special'] = $data[$i];
+ }
+ break;
+
default:
// skip...
}
// if ($blogid && (intval($blogid) != $obj->iblog) ) {
// doError(_ERROR_NOSUCHITEM);
// }
- if ($blogid && (intval($blogid) != $obj->iblog) ) {
+ if ($blogid && (intval($blogid) != $obj->iblog)) {
if (!headers_sent()) {
$b =& $manager->getBlog($obj->iblog);
- $correctURL = $b->getURL();
-
- if ($CONF['URLMode'] == 'pathinfo') {
- if (substr($correctURL,strlen($correctURL)-1,1)=='/') {
- $correctURL .= 'item/' . $itemid;
- } else {
- $correctURL .= '/item/' . $itemid;
- }
- } else {
- $correctURL .= '?itemid=' . $itemid;
- }
-
+ $CONF['ItemURL'] = $b->getURL();
+ if ($CONF['URLMode'] == 'pathinfo' and substr($CONF['ItemURL'],-1) == '/')
+ $CONF['ItemURL'] = substr($CONF['ItemURL'], 0, -1);
+ $correctURL = createItemLink($itemid, '');
redirect($correctURL);
exit;
} else {
// show archive
$type = 'archive';
- // get next and prev month links
- global $archivenext, $archiveprev, $archivetype;
+ // get next and prev month links ...
+ global $archivenext, $archiveprev, $archivetype, $archivenextexists, $archiveprevexists;
+
+ // sql queries for the timestamp of the first and the last published item
+ $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM ".sql_table('item')." WHERE idraft=0 ORDER BY itime ASC";
+ $first_timestamp=quickQuery ($query);
+ $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM ".sql_table('item')." WHERE idraft=0 ORDER BY itime DESC";
+ $last_timestamp=quickQuery ($query);
sscanf($archive, '%d-%d-%d', $y, $m, $d);
if ($d != 0) {
$archivetype = _ARCHIVETYPE_DAY;
$t = mktime(0, 0, 0, $m, $d, $y);
+
$archiveprev = strftime('%Y-%m-%d', $t - (24 * 60 * 60) );
+ // check for published items
+ if ($t > $first_timestamp) {
+ $archiveprevexists = true;
+ }
+ else {
+ $archiveprevexists = false;
+ }
+
+ // one day later
+// $t += 86400;
+// $archivenext = strftime('%Y-%m-%d', $t);
$archivenext = strftime('%Y-%m-%d', $t + (24 * 60 * 60) );
+ if ($t + (24 * 60 * 60) < $last_timestamp) {
+ $archivenextexists = true;
+ }
+ else {
+ $archivenextexists = false;
+ }
+
} else {
$archivetype = _ARCHIVETYPE_MONTH;
$t = mktime(0, 0, 0, $m, 1, $y);
+
$archiveprev = strftime('%Y-%m', $t - (1 * 24 * 60 * 60) );
- $archivenext = strftime('%Y-%m', $t + (32 * 24 * 60 * 60) );
+ if ($t > $first_timestamp) {
+ $archiveprevexists = true;
+ }
+ else {
+ $archiveprevexists = false;
+ }
+
+// $archivenext = strftime('%Y-%m', $t + (32 * 24 * 60 * 60) );
+ // timestamp for the next month
+ $t = mktime(0, 0, 0, $m+1, 1, $y);
+ $archivenext = strftime('%Y-%m', $t);
+ if ($t < $last_timestamp) {
+ $archivenextexists = true;
+ }
+ else {
+ $archivenextexists = false;
+ }
}
} elseif ($archivelist) {
// at the end (end length is <= $maxlength)
function shorten($text, $maxlength, $toadd) {
// 1. remove entities...
- $trans = get_html_translation_table(HTML_ENTITIES);
+// $trans = get_html_translation_table(HTML_ENTITIES);
+ $trans = get_html_translation_table(HTML_SPECIALCHARS); // for Japanese
$trans = array_flip($trans);
$text = strtr($text, $trans);
}
function createBlogLink($url, $params) {
- return addLinkParams($url . '?', $params);
+ global $CONF;
+ if ($CONF['URLMode'] == 'normal') {
+ if (strpos($url, '?') === FALSE && is_array($params)) {
+ $fParam = reset($params);
+ $fKey = key($params);
+ array_shift($params);
+ $url .= '?' . $fKey . '=' . $fParam;
+ }
+ } elseif ($CONF['URLMode'] == 'pathinfo' && substr($url, -1) == '/') {
+ $url = substr($url, 0, -1);
+ }
+ return addLinkParams($url, $params);
}
function addLinkParams($link, $params) {
}
/**
+ * Check ticket when not checked in plugin's admin page
+ * to avoid CSRF.
+ * Also avoid the access to plugin/index.php by guest user.
+ */
+function ticketForPlugin(){
+ global $CONF,$DIR_PLUGINS,$member,$ticketforplugin;
+
+ /* initialize */
+ $ticketforplugin=array();
+ $ticketforplugin['ticket']=false;
+
+ /* Check if using plugin's php file. */
+ if ($p_translated=serverVar('PATH_TRANSLATED')) {
+ if (!file_exists($p_translated)) $p_translated='';
+ }
+ if (!$p_translated) {
+ $p_translated=serverVar('SCRIPT_FILENAME');
+ if (!file_exists($p_translated)) {
+ header("HTTP/1.0 404 Not Found");
+ exit('');
+ }
+ }
+ $p_translated=str_replace('\\','/',$p_translated);
+ $d_plugins=str_replace('\\','/',$DIR_PLUGINS);
+ if (strpos($p_translated,$d_plugins)!==0) return;// This isn't plugin php file.
+
+ /* Solve the plugin php file or admin directory */
+ $phppath=substr($p_translated,strlen($d_plugins));
+ $phppath=preg_replace('!^/!','',$phppath);// Remove the first "/" if exists.
+ $path=preg_replace('/^NP_([.]*)\.php$/','$1',$phppath); // Remove the first "NP_" and the last ".php" if exists.
+ $path=preg_replace('!^([^/]*)/(.*)$!','$1',$path); // Remove the "/" and beyond.
+
+ /* Solve the plugin name. */
+ $plugins=array();
+ $query='SELECT pfile FROM '.sql_table('plugin');
+ $res=sql_query($query);
+ while($row=mysql_fetch_row($res)) {
+ $name=substr($row[0],3);
+ $plugins[strtolower($name)]=$name;
+ }
+ mysql_free_result($res);
+ if ($plugins[$path]) $plugin_name=$plugins[$path];
+ else if (array_key_exists($path,$plugins)) $plugin_name=$path;
+ else {
+ header("HTTP/1.0 404 Not Found");
+ exit('');
+ }
+
+ /* Return if not index.php */
+ if ( $phppath!=strtolower($plugin_name).'/'
+ && $phppath!=strtolower($plugin_name).'/index.php' ) return;
+
+ /* Exit if not logged in. */
+ if ( !$member->isLoggedIn() ) exit("You aren't logged in.");
+
+ global $manager,$DIR_LIBS,$DIR_LANG,$HTTP_GET_VARS,$HTTP_POST_VARS;
+
+ /* Check if this feature is needed (ie, if "$manager->checkTicket()" is not included in the script). */
+ if (!($p_translated=serverVar('PATH_TRANSLATED'))) $p_translated=serverVar('SCRIPT_FILENAME');
+ if ($file=@file($p_translated)) {
+ $prevline='';
+ foreach($file as $line) {
+ if (preg_match('/[\$]manager([\s]*)[\-]>([\s]*)checkTicket([\s]*)[\(]/i',$prevline.$line)) return;
+ $prevline=$line;
+ }
+ }
+
+ /* Show a form if not valid ticket */
+ if ( ( strstr(serverVar('REQUEST_URI'),'?') || serverVar('QUERY_STRING')
+ || strtoupper(serverVar('REQUEST_METHOD'))=='POST' )
+ && (!$manager->checkTicket()) ){
+
+ if (!class_exists('PluginAdmin')) {
+ $language = getLanguageName();
+ include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php');
+ include($DIR_LIBS . 'PLUGINADMIN.php');
+ }
+ if (!(function_exists('mb_strimwidth') || extension_loaded('mbstring'))) {
+ if (file_exists($DIR_LIBS.'mb_emulator/mb-emulator.php')) {
+ global $mbemu_internals;
+ include_once($DIR_LIBS.'mb_emulator/mb-emulator.php');
+ }
+ }
+ $oPluginAdmin = new PluginAdmin($plugin_name);
+ $oPluginAdmin->start();
+ echo '<p>' . _ERROR_BADTICKET . "</p>\n";
+
+ /* Show the form to confirm action */
+ // PHP 4.0.x support
+ $get= (isset($_GET)) ? $_GET : $HTTP_GET_VARS;
+ $post= (isset($_POST)) ? $_POST : $HTTP_POST_VARS;
+ // Resolve URI and QUERY_STRING
+ if ($uri=serverVar('REQUEST_URI')) {
+ list($uri,$qstring)=explode('?',$uri);
+ } else {
+ if ( !($uri=serverVar('PHP_SELF')) ) $uri=serverVar('SCRIPT_NAME');
+ $qstring=serverVar('QUERY_STRING');
+ }
+ if ($qstring) $qstring='?'.$qstring;
+ echo '<p>'._SETTINGS_UPDATE.' : '._QMENU_PLUGINS.' <span style="color:red;">'.
+ htmlspecialchars($plugin_name)."</span> ?</p>\n";
+ switch(strtoupper(serverVar('REQUEST_METHOD'))){
+ case 'POST':
+ echo '<form method="POST" action="'.htmlspecialchars($uri.$qstring).'">';
+ $manager->addTicketHidden();
+ _addInputTags($post);
+ break;
+ case 'GET':
+ echo '<form method="GET" action="'.htmlspecialchars($uri).'">';
+ $manager->addTicketHidden();
+ _addInputTags($get);
+ default:
+ break;
+ }
+ echo '<input type="submit" value="'._YES.'" /> ';
+ echo '<input type="button" value="'._NO.'" onclick="history.back(); return false;" />';
+ echo "</form>\n";
+
+ $oPluginAdmin->end();
+ exit;
+ }
+
+ /* Create new ticket */
+ $ticket=$manager->addTicketToUrl('');
+ $ticketforplugin['ticket']=substr($ticket,strpos($ticket,'ticket=')+7);
+}
+function _addInputTags(&$keys,$prefix=''){
+ foreach($keys as $key=>$value){
+ if ($prefix) $key=$prefix.'['.$key.']';
+ if (is_array($value)) _addInputTags($value,$key);
+ else {
+ if (get_magic_quotes_gpc()) $value=stripslashes($value);
+ if ($key=='ticket') continue;
+ echo '<input type="hidden" name="'.htmlspecialchars($key).
+ '" value="'.htmlspecialchars($value).'" />'."\n";
+ }
+ }
+}
+
+/**
* Convert the server string such as $_SERVER['REQUEST_URI']
* to arry like arry['blogid']=1 and array['page']=2 etc.
*/
return null;
}
-?>
+?>
\ No newline at end of file
OSDN Git Service
