bnumber == $selected)
echo ' selected="selected"';
@@ -776,8 +880,11 @@ class ADMIN {
}
+ /**
+ * @todo document this
+ */
function action_browseownitems() {
- global $member;
+ global $member, $manager, $CONF;
$this->pagehead();
@@ -786,15 +893,18 @@ class ADMIN {
// start index
if (postVar('start'))
- $start = postVar('start');
+ $start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
- $amount = postVar('amount');
- else
- $amount = 10;
+ $amount = intPostVar('amount');
+ else {
+ $amount = intval($CONF['DefaultListSize']);
+ if ($amount < 1)
+ $amount = 10;
+ }
$search = postVar('search'); // search through items
@@ -803,7 +913,7 @@ class ADMIN {
. ' WHERE iauthor='. $member->getID() .' and iauthor=mnumber and iblog=bnumber and icat=catid';
if ($search)
- $query .= ' and ((ititle LIKE "%' . addslashes($search) . '%") or (ibody LIKE "%' . addslashes($search) . '%") or (imore LIKE "%' . addslashes($search) . '%"))';
+ $query .= ' and ((ititle LIKE "%' . sql_real_escape_string($search) . '%") or (ibody LIKE "%' . sql_real_escape_string($search) . '%") or (imore LIKE "%' . sql_real_escape_string($search) . '%"))';
$query .= ' ORDER BY itime DESC'
. " LIMIT $start,$amount";
@@ -811,7 +921,8 @@ class ADMIN {
$template['content'] = 'itemlist';
$template['now'] = time();
- $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, $blogid, $search, 0);
+ $manager->loadClass("ENCAPSULATE");
+ $navList =& new NAVLIST('browseownitems', $start, $amount, 0, 1000, /*$blogid*/ 0, $search, 0);
$navList->showBatchList('item',$query,'table',$template);
$this->pagefoot();
@@ -819,10 +930,11 @@ class ADMIN {
}
/**
- * Show all the comments for a given item
- */
+ * Show all the comments for a given item
+ * @param int $itemid
+ */
function action_itemcommentlist($itemid = '') {
- global $member;
+ global $member, $manager, $CONF;
if ($itemid == '')
$itemid = intRequestVar('itemid');
@@ -836,25 +948,28 @@ class ADMIN {
// start index
if (postVar('start'))
- $start = postVar('start');
+ $start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
- $amount = postVar('amount');
- else
- $amount = 10;
+ $amount = intPostVar('amount');
+ else {
+ $amount = intval($CONF['DefaultListSize']);
+ if ($amount < 1)
+ $amount = 10;
+ }
$search = postVar('search');
echo '(',_BACKTOOVERVIEW,' )
';
echo '',_COMMENTS,' ';
- $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE citem=' . $itemid;
+ $query = 'SELECT cbody, cuser, cmail, cemail, mname, ctime, chost, cnumber, cip, citem FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON mnumber = cmember WHERE citem = ' . $itemid;
if ($search)
- $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
+ $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';
$query .= ' ORDER BY ctime ASC'
. " LIMIT $start,$amount";
@@ -862,6 +977,7 @@ class ADMIN {
$template['content'] = 'commentlist';
$template['canAddBan'] = $member->blogAdminRights(getBlogIDFromItemID($itemid));
+ $manager->loadClass("ENCAPSULATE");
$navList =& new NAVLIST('itemcommentlist', $start, $amount, 0, 1000, 0, $search, $itemid);
$navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS);
@@ -869,22 +985,25 @@ class ADMIN {
}
/**
- * Browse own comments
- */
+ * Browse own comments
+ */
function action_browseowncomments() {
- global $member;
+ global $member, $manager, $CONF;
// start index
if (postVar('start'))
- $start = postVar('start');
+ $start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
- $amount = postVar('amount');
- else
- $amount = 10;
+ $amount = intPostVar('amount');
+ else {
+ $amount = intval($CONF['DefaultListSize']);
+ if ($amount < 1)
+ $amount = 10;
+ }
$search = postVar('search');
@@ -892,7 +1011,7 @@ class ADMIN {
$query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cmember=' . $member->getID();
if ($search)
- $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
+ $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';
$query .= ' ORDER BY ctime DESC'
. " LIMIT $start,$amount";
@@ -903,8 +1022,9 @@ class ADMIN {
echo '', _COMMENTS_YOUR ,' ';
$template['content'] = 'commentlist';
- $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself
+ $template['canAddBan'] = 0; // doesn't make sense to allow banning yourself
+ $manager->loadClass("ENCAPSULATE");
$navList =& new NAVLIST('browseowncomments', $start, $amount, 0, 1000, 0, $search, 0);
$navList->showBatchList('comment',$query,'table',$template,_NOCOMMENTS_YOUR);
@@ -912,11 +1032,12 @@ class ADMIN {
}
/**
- * Browse all comments for a weblog
- */
+ * Browse all comments for a weblog
+ * @param int $blogid
+ */
function action_blogcommentlist($blogid = '')
{
- global $member, $manager;
+ global $member, $manager, $CONF;
if ($blogid == '')
$blogid = intRequestVar('blogid');
@@ -927,23 +1048,26 @@ class ADMIN {
// start index
if (postVar('start'))
- $start = postVar('start');
+ $start = intPostVar('start');
else
$start = 0;
// amount of items to show
if (postVar('amount'))
- $amount = postVar('amount');
- else
- $amount = 10;
+ $amount = intPostVar('amount');
+ else {
+ $amount = intval($CONF['DefaultListSize']);
+ if ($amount < 1)
+ $amount = 10;
+ }
$search = postVar('search'); // search through comments
- $query = 'SELECT cbody, cuser, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
+ $query = 'SELECT cbody, cuser, cemail, cmail, mname, ctime, chost, cnumber, cip, citem FROM '.sql_table('comment').' LEFT OUTER JOIN '.sql_table('member').' ON mnumber=cmember WHERE cblog=' . intval($blogid);
if ($search != '')
- $query .= ' and cbody LIKE "%' . addslashes($search) . '%"';
+ $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"';
$query .= ' ORDER BY ctime DESC'
@@ -960,6 +1084,7 @@ class ADMIN {
$template['content'] = 'commentlist';
$template['canAddBan'] = $member->blogAdminRights($blogid);
+ $manager->loadClass("ENCAPSULATE");
$navList =& new NAVLIST('blogcommentlist', $start, $amount, 0, 1000, $blogid, $search, 0);
$navList->showBatchList('comment',$query,'table',$template, _NOCOMMENTS_BLOG);
@@ -967,8 +1092,8 @@ class ADMIN {
}
/**
- * Provide a page to item a new item to the given blog
- */
+ * Provide a page to item a new item to the given blog
+ */
function action_createitem() {
global $member, $manager;
@@ -990,6 +1115,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_itemedit() {
global $member, $manager;
@@ -1015,6 +1143,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_itemupdate() {
global $member, $manager, $CONF;
@@ -1032,10 +1163,11 @@ class ADMIN {
return;
}
- $body = postVar('body');
- $title = postVar('title');
- $more = postVar('more');
+ $body = postVar('body');
+ $title = postVar('title');
+ $more = postVar('more');
$closed = intPostVar('closed');
+ $draftid = intPostVar('draftid');
// default action = add now
if (!$actiontype)
@@ -1067,42 +1199,26 @@ class ADMIN {
$wasdraft: set to 1 when the item used to be a draft item
$publish: set to 1 when the edited item is not a draft
*/
- switch ($actiontype) {
- case 'adddraft':
- $publish = 0;
- $wasdraft = 1;
- $timestamp = 0;
- break;
- case 'addfuture':
- $wasdraft = 1;
- $publish = 1;
- $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
- break;
- case 'addnow':
- $wasdraft = 1;
- $publish = 1;
- $timestamp = 0;
- break;
- case 'changedate':
- $timestamp = mktime(postVar('hour'), postVar('minutes'), 0, postVar('month'), postVar('day'), postVar('year'));
- $publish = 1;
- $wasdraft = 0;
- break;
- case 'edit':
- default:
- $publish = 1;
- $wasdraft = 0;
- $timestamp = 0;
+ $blogid = getBlogIDFromItemID($itemid);
+ $blog =& $manager->getBlog($blogid);
+
+ $wasdrafts = array('adddraft', 'addfuture', 'addnow');
+ $wasdraft = in_array($actiontype, $wasdrafts) ? 1 : 0;
+ $publish = ($actiontype != 'adddraft' && $actiontype != 'backtodrafts') ? 1 : 0;
+ if ($actiontype == 'addfuture' || $actiontype == 'changedate') {
+ $timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
+ } else {
+ $timestamp =0;
}
// edit the item for real
ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
- $blogid = getBlogIDFromItemID($itemid);
- $blog =& $manager->getBlog($blogid);
- if (!$closed && $publish && $wasdraft && $blog->pingUserland()) {
- $this->action_sendping($blogid);
- return;
+ $this->updateFuturePosted($blogid);
+
+ if ($draftid > 0) {
+ // delete permission is checked inside ITEM::delete()
+ ITEM::delete($draftid);
}
// show category edit window when we created a new category
@@ -1119,6 +1235,9 @@ class ADMIN {
}
}
+ /**
+ * @todo document this
+ */
function action_itemdelete() {
global $member, $manager;
@@ -1157,6 +1276,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_itemdeleteconfirm() {
global $member;
@@ -1174,7 +1296,10 @@ class ADMIN {
$this->action_itemlist($blogid);
}
- // deletes one item and returns error if something goes wrong
+ /**
+ * Deletes one item and returns error if something goes wrong
+ * @param int $itemid
+ */
function deleteOneItem($itemid) {
global $member, $manager;
@@ -1182,10 +1307,38 @@ class ADMIN {
if (!$member->canAlterItem($itemid))
return _ERROR_DISALLOWED;
+ // need to get blogid before the item is deleted
+ $blogid = getBlogIDFromItemId($itemid);
+
$manager->loadClass('ITEM');
ITEM::delete($itemid);
+
+ // update blog's futureposted
+ $this->updateFuturePosted($blogid);
+ }
+
+ /**
+ * Update a blog's future posted flag
+ * @param int $blogid
+ */
+ function updateFuturePosted($blogid) {
+ global $manager;
+
+ $blog =& $manager->getBlog($blogid);
+ $currenttime = $blog->getCorrectTime(time());
+ $result = sql_query("SELECT * FROM ".sql_table('item').
+ " WHERE iblog='".$blogid."' AND iposted=0 AND itime>".mysqldate($currenttime));
+ if (sql_num_rows($result) > 0) {
+ $blog->setFuturePost();
+ }
+ else {
+ $blog->clearFuturePost();
+ }
}
+ /**
+ * @todo document this
+ */
function action_itemmove() {
global $member, $manager;
@@ -1215,6 +1368,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_itemmoveto() {
global $member, $manager;
@@ -1238,8 +1394,16 @@ class ADMIN {
// only allow if user is allowed to alter item
$member->canUpdateItem($itemid, $catid) or $this->disallow();
+ $old_blogid = getBlogIDFromItemId($itemid);
+
ITEM::move($itemid, $catid);
+ // set the futurePosted flag on the blog
+ $this->updateFuturePosted(getBlogIDFromItemId($itemid));
+
+ // reset the futurePosted in case the item is moved from one blog to another
+ $this->updateFuturePosted($old_blogid);
+
if ($catid != intRequestVar('catid'))
$this->action_categoryedit($catid, $blog->getID());
else
@@ -1247,9 +1411,11 @@ class ADMIN {
}
/**
- * Moves one item to a given category (category existance should be checked by caller)
- * errors are returned
- */
+ * Moves one item to a given category (category existance should be checked by caller)
+ * errors are returned
+ * @param int $itemid
+ * @param int $destCatid category ID to which the item will be moved
+ */
function moveOneItem($itemid, $destCatid) {
global $member;
@@ -1261,10 +1427,10 @@ class ADMIN {
}
/**
- * Adds a item to the chosen blog
- */
+ * Adds a item to the chosen blog
+ */
function action_additem() {
- global $member, $manager, $CONF;
+ global $manager, $CONF;
$manager->loadClass('ITEM');
@@ -1275,86 +1441,21 @@ class ADMIN {
$blogid = getBlogIDFromItemID($result['itemid']);
$blog =& $manager->getBlog($blogid);
+ $btimestamp = $blog->getCorrectTime();
+ $item = $manager->getItem(intval($result['itemid']), 1, 1);
- $pingUrl = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=sendping&blogid=' . intval($blogid));
-
- if ($result['status'] == 'newcategory')
- $this->action_categoryedit(
- $result['catid'],
- $blogid,
- $blog->pingUserland() ? $pingUrl : ''
- );
- elseif ((postVar('actiontype') == 'addnow') && $blog->pingUserland())
- $this->action_sendping($blogid);
- else
- $this->action_itemlist($blogid);
- }
-
- /**
- * Shows a window that says we're about to ping weblogs.com.
- * immediately refresh to the real pinging page, which will
- * show an error, or redirect to the blog.
- *
- * @param $blogid ID of blog for which ping needs to be sent out
- */
- function action_sendping($blogid = -1) {
- global $member, $manager;
-
- if ($blogid == -1)
- $blogid = intRequestVar('blogid');
-
- $member->isLoggedIn() or $this->disallow();
-
- $rawPingUrl = $manager->addTicketToUrl('index.php?action=rawping&blogid=' . intval($blogid));
-
- $this->pagehead(' ');
- ?>
- Site Updated, Now pinging weblogs.com
-
-
- Pinging weblogs.com! This can a while...
-
- When the ping is complete (and successfull), your weblog will show up in the weblogs.com updates list.
-
-
-
- If you aren't automatically passed through, try again
-
- pagefoot();
- }
-
- // ping to Weblogs.com
- // sends the real ping (can take up to 10 seconds!)
- function action_rawping() {
- global $manager;
- // TODO: checks?
-
- $blogid = intRequestVar('blogid');
- $blog =& $manager->getBlog($blogid);
-
- $result = $blog->sendUserlandPing();
-
- $this->pagehead();
-
- ?>
-
- Ping Results
-
- The following message was returned by weblogs.com:
-
-
-
-
-
- pagefoot();
+ if ($result['status'] == 'newcategory') {
+ $distURI = $manager->addTicketToUrl($CONF['AdminURL'] . 'index.php?action=itemList&blogid=' . intval($blogid));
+ $this->action_categoryedit($result['catid'], $blogid, $distURI);
+ } else {
+ $methodName = 'action_itemList';
+ call_user_func(array(&$this, $methodName), $blogid);
+ }
}
/**
- * Allows to edit previously made comments
- */
+ * Allows to edit previously made comments
+ */
function action_commentedit() {
global $member, $manager;
@@ -1368,9 +1469,11 @@ class ADMIN {
// change to \n
$comment['body'] = str_replace(' ','',$comment['body']);
-
- $comment['body'] = eregi_replace("[^<]* ","\\1",$comment['body']);
-
+
+ // replaced eregi_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0
+ /* original eregi_replace: eregi_replace("[^<]* ", "\\1", $comment['body']) */
+ $comment['body'] = preg_replace("#[^<]* #I", "\\1", $comment['body']);
+
$this->pagehead();
?>
@@ -1386,7 +1489,7 @@ class ADMIN {
-
-
+
+
+
+
+
+
+
+
+
+
-
@@ -1415,6 +1527,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_commentupdate() {
global $member, $manager;
@@ -1422,19 +1537,28 @@ class ADMIN {
$member->canAlterComment($commentid) or $this->disallow();
+ $url = postVar('url');
+ $email = postVar('email');
$body = postVar('body');
-
+
+ # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
+ # original eregi: eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}", $body) != FALSE
+ # important note that '\' must be matched with '\\\\' in preg* expressions
// intercept words that are too long
- if (eregi("[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}",$body) != false)
+ if (preg_match('#[a-zA-Z0-9|\.,;:!\?=\/\\\\]{90,90}#', $body) != FALSE)
+ {
$this->error(_ERROR_COMMENT_LONGWORD);
-
+ }
+
// check length
- if (strlen($body)<3)
+ if (strlen($body) < 3) {
$this->error(_ERROR_COMMENT_NOCOMMENT);
+ }
if (strlen($body)>5000)
+ {
$this->error(_ERROR_COMMENT_TOOLONG);
-
-
+ }
+
// prepare body
$body = COMMENT::prepareBody($body);
@@ -1442,13 +1566,13 @@ class ADMIN {
$manager->notify('PreUpdateComment',array('body' => &$body));
$query = 'UPDATE '.sql_table('comment')
- . " SET cbody='" .addslashes($body). "'"
+ . " SET cmail = '" . sql_real_escape_string($url) . "', cemail = '" . sql_real_escape_string($email) . "', cbody = '" . sql_real_escape_string($body) . "'"
. " WHERE cnumber=" . $commentid;
sql_query($query);
// get itemid
$res = sql_query('SELECT citem FROM '.sql_table('comment').' WHERE cnumber=' . $commentid);
- $o = mysql_fetch_object($res);
+ $o = sql_fetch_object($res);
$itemid = $o->citem;
if ($member->canAlterItem($itemid))
@@ -1458,6 +1582,9 @@ class ADMIN {
}
+ /**
+ * @todo document this
+ */
function action_commentdelete() {
global $member, $manager;
@@ -1498,6 +1625,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_commentdeleteconfirm() {
global $member;
@@ -1505,7 +1635,7 @@ class ADMIN {
// get item id first
$res = sql_query('SELECT citem FROM '.sql_table('comment') .' WHERE cnumber=' . $commentid);
- $o = mysql_fetch_object($res);
+ $o = sql_fetch_object($res);
$itemid = $o->citem;
$error = $this->deleteOneComment($commentid);
@@ -1518,6 +1648,9 @@ class ADMIN {
$this->action_browseowncomments();
}
+ /**
+ * @todo document this
+ */
function deleteOneComment($commentid) {
global $member, $manager;
@@ -1538,8 +1671,8 @@ class ADMIN {
}
/**
- * Usermanagement main
- */
+ * Usermanagement main
+ */
function action_usermanagement() {
global $member, $manager;
@@ -1560,12 +1693,13 @@ class ADMIN {
$template['content'] = 'memberlist';
$template['tabindex'] = 10;
+ $manager->loadClass("ENCAPSULATE");
$batch =& new BATCH('member');
$batch->showlist($query,'table',$template);
echo '' . _MEMBERS_NEW .' ';
?>
-
- (This is the name used to logon)
+
-
+
@@ -1613,11 +1747,15 @@ class ADMIN {
}
/**
- * Edit member settings
- */
+ * Edit member settings
+ */
function action_memberedit() {
$this->action_editmembersettings(intRequestVar('memberid'));
}
+
+ /**
+ * @todo document this
+ */
function action_editmembersettings($memberid = '') {
global $member, $manager, $CONF;
@@ -1641,7 +1779,7 @@ class ADMIN {
$mem = MEMBER::createFromID($memberid);
?>
-
- input_yesno('canlogin',$mem->canLogin(),70); ?>
+ input_yesno('canlogin',$mem->canLogin(),70,1,0,_YES,_NO,$mem->isAdmin()); ?>
@@ -1701,25 +1839,35 @@ class ADMIN {
- getLanguage())
- echo " selected='selected'";
+ echo "getLanguage() )
+ {
+ echo " selected=\"selected\"";
+ }
echo ">$name ";
}
}
closedir($dirhandle);
-
+
?>
+
+
+ input_yesno('autosave', $mem->getAutosave(), 87); ?>
+
_insertPluginOptions('member',$memberid);
@@ -1746,7 +1894,9 @@ class ADMIN {
$this->pagefoot();
}
-
+ /**
+ * @todo document this
+ */
function action_changemembersettings() {
global $member, $CONF, $manager;
@@ -1755,20 +1905,23 @@ class ADMIN {
// check if allowed
($member->getID() == $memberid) or $member->isAdmin() or $this->disallow();
- $name = trim(postVar('name'));
- $realname = trim(postVar('realname'));
- $password = postVar('password');
- $repeatpassword = postVar('repeatpassword');
- $email = postVar('email');
- $url = postVar('url');
-
- // Sometimes user didn't prefix the URL with http://, this cause a malformed URL. Let's fix it.
- if (!eregi("^https?://", $url))
- $url = "http://".$url;
-
- $admin = postVar('admin');
- $canlogin = postVar('canlogin');
- $notes = postVar('notes');
+ $name = trim(strip_tags(postVar('name')));
+ $realname = trim(strip_tags(postVar('realname')));
+ $password = postVar('password');
+ $repeatpassword = postVar('repeatpassword');
+ $email = strip_tags(postVar('email'));
+ $url = strip_tags(postVar('url'));
+
+ # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
+ # original eregi: !eregi("^https?://", $url)
+ // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
+ if (!preg_match('#^https?://#', $url) )
+ {
+ $url = "http://" . $url;
+ }
+ $admin = postVar('admin');
+ $canlogin = postVar('canlogin');
+ $notes = strip_tags(postVar('notes'));
$deflang = postVar('deflang');
$mem = MEMBER::createFromID($memberid);
@@ -1786,6 +1939,15 @@ class ADMIN {
if ($password && (strlen($password) < 6))
$this->error(_ERROR_PASSWORDTOOSHORT);
+
+ if ($password) {
+ $pwdvalid = true;
+ $pwderror = '';
+ $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));
+ if (!$pwdvalid) {
+ $this->error($pwderror);
+ }
+ }
}
if (!isValidMailAddress($email))
@@ -1800,12 +1962,12 @@ class ADMIN {
// check if there will remain at least one site member with both the logon and admin rights
// (check occurs when taking away one of these rights from such a member)
- if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
+ if ( (!$admin && $mem->isAdmin() && $mem->canLogin())
|| (!$canlogin && $mem->isAdmin() && $mem->canLogin())
)
{
$r = sql_query('SELECT * FROM '.sql_table('member').' WHERE madmin=1 and mcanlogin=1');
- if (mysql_num_rows($r) < 2)
+ if (sql_num_rows($r) < 2)
$this->error(_ERROR_ATLEASTONEADMIN);
}
@@ -1815,9 +1977,6 @@ class ADMIN {
$mem->setPassword($password);
}
- if ($newpass)
- $mem->setPassword($password);
-
$oldEmail = $mem->getEmail();
$mem->setRealName($realname);
@@ -1833,28 +1992,33 @@ class ADMIN {
$mem->setCanLogin($canlogin);
}
+ $autosave = postVar ('autosave');
+ $mem->setAutosave($autosave);
$mem->write();
+ // store plugin options
+ $aOptions = requestArray('plugoption');
+ NucleusPlugin::_applyPluginOptions($aOptions);
+ $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
+
// if email changed, generate new password
if ($oldEmail != $mem->getEmail())
{
$mem->sendActivationLink('addresschange', $oldEmail);
// logout member
$mem->newCookieKey();
- $member->logout();
+
+ // only log out if the member being edited is the current member.
+ if ($member->getID() == $memberid)
+ $member->logout();
$this->action_login(_MSG_ACTIVATION_SENT, 0);
return;
}
- // store plugin options
- $aOptions = requestArray('plugoption');
- NucleusPlugin::_applyPluginOptions($aOptions);
- $manager->notify('PostPluginOptionsUpdate',array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
-
if ( ( $mem->getID() == $member->getID() )
- && ( $newpass || ( $mem->getDisplayName() != $member->getDisplayName() ) )
+ && ( $mem->getDisplayName() != $member->getDisplayName() )
) {
$mem->newCookieKey();
$member->logout();
@@ -1864,8 +2028,11 @@ class ADMIN {
}
}
+ /**
+ * @todo document this
+ */
function action_memberadd() {
- global $member;
+ global $member, $manager;
// check if allowed
$member->isAdmin() or $this->disallow();
@@ -1879,6 +2046,11 @@ class ADMIN {
if ($res != 1)
$this->error($res);
+ // fire PostRegister event
+ $newmem = new MEMBER();
+ $newmem->readFromName(postVar('name'));
+ $manager->notify('PostRegister',array('member' => &$newmem));
+
$this->action_usermanagement();
}
@@ -1893,6 +2065,9 @@ class ADMIN {
$this->_showActivationPage($key);
}
+ /**
+ * @todo document this
+ */
function _showActivationPage($key, $message = '')
{
global $manager;
@@ -1992,7 +2167,7 @@ class ADMIN {
* @author dekarma
*/
function action_activatesetpwd() {
-
+
$key = postVar('key');
// clean up old activation keys
@@ -2009,17 +2184,25 @@ class ADMIN {
if (!$mem)
return $this->_showActivationPage($key, _ERROR_ACTIVATE);
- $password = postVar('password');
- $repeatpassword = postVar('repeatpassword');
+ $password = postVar('password');
+ $repeatpassword = postVar('repeatpassword');
if ($password != $repeatpassword)
return $this->_showActivationPage($key, _ERROR_PASSWORDMISMATCH);
if ($password && (strlen($password) < 6))
return $this->_showActivationPage($key, _ERROR_PASSWORDTOOSHORT);
-
+
+ if ($password) {
+ $pwdvalid = true;
+ $pwderror = '';
+ global $manager;
+ $manager->notify('PrePasswordSet',array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));
+ if (!$pwdvalid) {
+ return $this->_showActivationPage($key,$pwderror);
+ }
+ }
$error = '';
- global $manager;
$manager->notify('ValidateForm', array('type' => 'activation', 'member' => $mem, 'error' => &$error));
if ($error != '')
return $this->_showActivationPage($key, $error);
@@ -2039,8 +2222,8 @@ class ADMIN {
}
/**
- * Manage team
- */
+ * Manage team
+ */
function action_manageteam() {
global $member, $manager;
@@ -2066,6 +2249,7 @@ class ADMIN {
$template['content'] = 'teamlist';
$template['tabindex'] = 10;
+ $manager->loadClass("ENCAPSULATE");
$batch =& new BATCH('team');
$batch->showlist($query, 'table', $template);
@@ -2080,7 +2264,7 @@ class ADMIN {
-
- getDisplayName() ?> getName())) ?>
+
getDisplayName()) ?> getName())) ?>
@@ -2153,6 +2340,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_teamdeleteconfirm() {
global $member;
@@ -2167,6 +2357,9 @@ class ADMIN {
$this->action_manageteam();
}
+ /**
+ * @todo document this
+ */
function deleteOneTeamMember($blogid, $memberid) {
global $member, $manager;
@@ -2178,28 +2371,31 @@ class ADMIN {
return _ERROR_DISALLOWED;
// check if: - there remains at least one blog admin
- // - (there remains at least one team member)
+ // - (there remains at least one team member)
$tmem = MEMBER::createFromID($memberid);
- $manager->notify('PreDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
+ $manager->notify('PreDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));
if ($tmem->isBlogAdmin($blogid)) {
// check if there are more blog members left and at least one admin
// (check for at least two admins before deletion)
$query = 'SELECT * FROM '.sql_table('team') . ' WHERE tblog='.$blogid.' and tadmin=1';
$r = sql_query($query);
- if (mysql_num_rows($r) < 2)
+ if (sql_num_rows($r) < 2)
return _ERROR_ATLEASTONEBLOGADMIN;
}
$query = 'DELETE FROM '.sql_table('team')." WHERE tblog=$blogid and tmember=$memberid";
sql_query($query);
- $manager->notify('PostDeleteTeamMember', array('member' => &$mem, 'blogid' => $blogid));
+ $manager->notify('PostDeleteTeamMember', array('member' => &$tmem, 'blogid' => $blogid));
return '';
}
+ /**
+ * @todo document this
+ */
function action_teamchangeadmin() {
global $member;
@@ -2214,7 +2410,7 @@ class ADMIN {
// don't allow when there is only one admin at this moment
if ($mem->isBlogAdmin($blogid)) {
$r = sql_query('SELECT * FROM '.sql_table('team') . " WHERE tblog=$blogid and tadmin=1");
- if (mysql_num_rows($r) == 1)
+ if (sql_num_rows($r) == 1)
$this->error(_ERROR_ATLEASTONEBLOGADMIN);
}
@@ -2233,6 +2429,9 @@ class ADMIN {
$this->action_overview(_MSG_ADMINCHANGED);
}
+ /**
+ * @todo document this
+ */
function action_blogsettings() {
global $member, $manager;
@@ -2252,11 +2451,11 @@ class ADMIN {
- Members currently on your team:
+
mname) . ' (' . htmlspecialchars($o->mrealname). ')');
echo implode(',', $aMemberNames);
?>
@@ -2321,8 +2520,12 @@ class ADMIN {
input_yesno('public',$blog->isPublic(),70); ?>
+
+
+ input_yesno('reqemail',$blog->emailRequired(),72); ?>
+
-
+
@@ -2339,9 +2542,6 @@ class ADMIN {
/>
-
- input_yesno('pinguserland',$blog->pingUserland(),85); ?>
-
@@ -2391,6 +2591,7 @@ class ADMIN {
$template['content'] = 'categorylist';
$template['tabindex'] = 200;
+ $manager->loadClass("ENCAPSULATE");
$batch =& new BATCH('category');
$batch->showlist($query,'table',$template);
@@ -2431,6 +2632,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_categorynew() {
global $member, $manager;
@@ -2444,18 +2648,20 @@ class ADMIN {
if (!isValidCategoryName($cname))
$this->error(_ERROR_BADCATEGORYNAME);
- $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid);
+ $query = 'SELECT * FROM '.sql_table('category') . ' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid);
$res = sql_query($query);
- if (mysql_num_rows($res) > 0)
+ if (sql_num_rows($res) > 0)
$this->error(_ERROR_DUPCATEGORYNAME);
- $blog =& $manager->getBlog($blogid);
- $newCatID = $blog->createNewCategory($cname, $cdesc);
+ $blog =& $manager->getBlog($blogid);
+ $newCatID = $blog->createNewCategory($cname, $cdesc);
$this->action_blogsettings();
}
-
+ /**
+ * @todo document this
+ */
function action_categoryedit($catid = '', $blogid = '', $desturl = '') {
global $member, $manager;
@@ -2471,7 +2677,7 @@ class ADMIN {
$member->blogAdminRights($blogid) or $this->disallow();
$res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cblog=$blogid AND catid=$catid");
- $obj = mysql_fetch_object($res);
+ $obj = sql_fetch_object($res);
$cname = $obj->cname;
$cdesc = $obj->cdesc;
@@ -2479,6 +2685,8 @@ class ADMIN {
$extrahead = '';
$this->pagehead($extrahead);
+ echo "(",_BACK_TO_BLOGSETTINGS,")
";
+
?>
''
@@ -2513,7 +2721,9 @@ class ADMIN {
$this->pagefoot();
}
-
+ /**
+ * @todo document this
+ */
function action_categoryupdate() {
global $member, $manager;
@@ -2528,14 +2738,14 @@ class ADMIN {
if (!isValidCategoryName($cname))
$this->error(_ERROR_BADCATEGORYNAME);
- $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . addslashes($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
+ $query = 'SELECT * FROM '.sql_table('category').' WHERE cname=\'' . sql_real_escape_string($cname).'\' and cblog=' . intval($blogid) . " and not(catid=$catid)";
$res = sql_query($query);
- if (mysql_num_rows($res) > 0)
+ if (sql_num_rows($res) > 0)
$this->error(_ERROR_DUPCATEGORYNAME);
$query = 'UPDATE '.sql_table('category').' SET'
- . " cname='" . addslashes($cname) . "',"
- . " cdesc='" . addslashes($cdesc) . "'"
+ . " cname='" . sql_real_escape_string($cname) . "',"
+ . " cdesc='" . sql_real_escape_string($cdesc) . "'"
. " WHERE catid=" . $catid;
sql_query($query);
@@ -2554,6 +2764,9 @@ class ADMIN {
}
}
+ /**
+ * @todo document this
+ */
function action_categorydelete() {
global $member, $manager;
@@ -2575,7 +2788,7 @@ class ADMIN {
// check if catid is the only category left for blogid
$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
$res = sql_query($query);
- if (mysql_num_rows($res) == 1)
+ if (sql_num_rows($res) == 1)
$this->error(_ERROR_DELETELASTCATEGORY);
@@ -2584,7 +2797,7 @@ class ADMIN {
- getCategoryName($catid)?>
+ getCategoryName($catid))?>
@@ -2598,6 +2811,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_categorydeleteconfirm() {
global $member, $manager;
@@ -2613,13 +2829,14 @@ class ADMIN {
$this->action_blogsettings();
}
+ /**
+ * @todo document this
+ */
function deleteOneCategory($catid) {
global $manager, $member;
$catid = intval($catid);
- $manager->notify('PreDeleteCategory', array('catid' => $catid));
-
$blogid = getBlogIDFromCatID($catid);
if (!$member->blogAdminRights($blogid))
@@ -2641,9 +2858,11 @@ class ADMIN {
// check if catid is the only category left for blogid
$query = 'SELECT catid FROM '.sql_table('category').' WHERE cblog=' . $blogid;
$res = sql_query($query);
- if (mysql_num_rows($res) == 1)
+ if (sql_num_rows($res) == 1)
return _ERROR_DELETELASTCATEGORY;
+ $manager->notify('PreDeleteCategory', array('catid' => $catid));
+
// change category for all items to the default category
$query = 'UPDATE '.sql_table('item')." SET icat=$destcatid WHERE icat=$catid";
sql_query($query);
@@ -2659,6 +2878,9 @@ class ADMIN {
}
+ /**
+ * @todo document this
+ */
function moveOneCategory($catid, $destblogid) {
global $manager, $member;
@@ -2701,7 +2923,7 @@ class ADMIN {
// update comments table (cblog)
$query = 'SELECT inumber FROM '.sql_table('item').' WHERE icat='.$catid;
$items = sql_query($query);
- while ($oItem = mysql_fetch_object($items)) {
+ while ($oItem = sql_fetch_object($items)) {
sql_query('UPDATE '.sql_table('comment').' SET cblog='.$destblogid.' WHERE citem='.$oItem->inumber);
}
@@ -2724,6 +2946,9 @@ class ADMIN {
}
+ /**
+ * @todo document this
+ */
function action_blogsettingsupdate() {
global $member, $manager;
@@ -2733,16 +2958,16 @@ class ADMIN {
$blog =& $manager->getBlog($blogid);
- $notify = trim(postVar('notify'));
- $shortname = trim(postVar('shortname'));
- $updatefile = trim(postVar('update'));
+ $notify = trim(postVar('notify'));
+ $shortname = trim(postVar('shortname'));
+ $updatefile = trim(postVar('update'));
- $notifyComment = intPostVar('notifyComment');
- $notifyVote = intPostVar('notifyVote');
- $notifyNewItem = intPostVar('notifyNewItem');
+ $notifyComment = intPostVar('notifyComment');
+ $notifyVote = intPostVar('notifyVote');
+ $notifyNewItem = intPostVar('notifyNewItem');
if ($notifyComment == 0) $notifyComment = 1;
- if ($notifyVote == 0) $notifyVote = 1;
+ if ($notifyVote == 0) $notifyVote = 1;
if ($notifyNewItem == 0) $notifyNewItem = 1;
$notifyType = $notifyComment * $notifyVote * $notifyNewItem;
@@ -2777,11 +3002,11 @@ class ADMIN {
$blog->setDefaultSkin(intPostVar('defskin'));
$blog->setDescription(trim(postVar('desc')));
$blog->setPublic(postVar('public'));
- $blog->setPingUserland(postVar('pinguserland'));
$blog->setConvertBreaks(intPostVar('convertbreaks'));
$blog->setAllowPastPosting(intPostVar('allowpastposting'));
$blog->setDefaultCategory(intPostVar('defcat'));
$blog->setSearchable(intPostVar('searchable'));
+ $blog->setEmailRequired(intPostVar('reqemail'));
$blog->writeSettings();
@@ -2794,6 +3019,9 @@ class ADMIN {
$this->action_overview(_MSG_SETTINGSCHANGED);
}
+ /**
+ * @todo document this
+ */
function action_deleteblog() {
global $member, $CONF, $manager;
@@ -2828,6 +3056,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_deleteblogconfirm() {
global $member, $CONF, $manager;
@@ -2873,6 +3104,9 @@ class ADMIN {
$this->action_overview(_DELETED_BLOG);
}
+ /**
+ * @todo document this
+ */
function action_memberdelete() {
global $member, $manager;
@@ -2886,11 +3120,11 @@ class ADMIN {
?>
-
getDisplayName() ?>
+
getDisplayName()) ?>
- Please note that media files will NOT be deleted. (At least not in this Nucleus version)
+
@@ -2903,6 +3137,9 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_memberdeleteconfirm() {
global $member;
@@ -2920,7 +3157,10 @@ class ADMIN {
$this->action_overview(_DELETED_MEMBER);
}
- // (static)
+ /**
+ * @static
+ * @todo document this
+ */
function deleteOneMember($memberid) {
global $manager;
@@ -2932,6 +3172,13 @@ class ADMIN {
$manager->notify('PreDeleteMember', array('member' => &$mem));
+ /* unlink comments from memberid */
+ if ($memberid) {
+ $query = 'UPDATE ' . sql_table('comment') . ' SET cmember="0", cuser="'. sql_real_escape_string($mem->getDisplayName())
+ .'" WHERE cmember='.$memberid;
+ sql_query($query);
+ }
+
$query = 'DELETE FROM '.sql_table('member').' WHERE mnumber='.$memberid;
sql_query($query);
@@ -2949,6 +3196,9 @@ class ADMIN {
return '';
}
+ /**
+ * @todo document this
+ */
function action_createnewlog() {
global $member, $CONF, $manager;
@@ -2961,18 +3211,18 @@ class ADMIN {
?>
-
注æäºé
+
-
ä½æã«ããã£ã¦ãä¸è¨ã®æ³¨æäºé
ãã¾ããèªã¿ä¸ãã
+
-
æ°ããweblogãä½æããå¾ã«ããã®blogã«ã¢ã¯ã»ã¹ããããã®æ¹æ³ãç´¹ä»ãã¦ããã¾ããæ¹æ³ã¯2ã¤ããã¾ã:
+
- ç°¡åãªæ¹æ³: index.php
ã®è¤è£½ãä½ããæ°ããblogã表示ããããã«å¤æ´ãå ãã¾ãã ãã®å¤æ´ã®è©³ç´°ã¯ãä½æå¾ã«è¡¨ç¤ºããã¾ãã
- é«åº¦ãªæ¹æ³: ç¾å¨ã®blogã§ä½¿ç¨ãã¦ããã¹ãã³ã«otherblog
ã¨ããã³ã¼ãã使ã£ãè¨è¿°ãå ãã¾ãããã®æ¹æ³ã§ã¯ãåããã¼ã¸å
ã§è¤æ°ã®blogãå±éãããã¨ãå¯è½ã¨ãªãã¾ãã
+
+
-
Weblogã®ä½æ
+
@@ -3005,7 +3255,7 @@ class ADMIN {
. ' FROM '.sql_table('skin_desc');
$template['name'] = 'defskin';
$template['tabindex'] = 50;
- $template['selected'] = $CONF['BaseSkin']; // set default selected skin to be globally defined base skin
+ $template['selected'] = $CONF['BaseSkin']; // set default selected skin to be globally defined base skin
showlist($query,'select',$template);
?>
@@ -3017,7 +3267,7 @@ class ADMIN {
-
+
@@ -3030,17 +3280,20 @@ class ADMIN {
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_addnewlog() {
global $member, $manager, $CONF;
// Only Super-Admins can do this
$member->isAdmin() or $this->disallow();
- $bname = trim(postVar('name'));
- $bshortname = trim(postVar('shortname'));
+ $bname = trim(postVar('name'));
+ $bshortname = trim(postVar('shortname'));
$btimeoffset = postVar('timeoffset');
- $bdesc = trim(postVar('desc'));
- $bdefskin = postVar('defskin');
+ $bdesc = trim(postVar('desc'));
+ $bdefskin = postVar('defskin');
if (!isValidShortName($bshortname))
$this->error(_ERROR_BADSHORTBLOGNAME);
@@ -3051,31 +3304,35 @@ class ADMIN {
$manager->notify(
'PreAddBlog',
array(
- 'name' => &$bname,
- 'shortname' => &$bshortname,
- 'timeoffset' => &$btimeoffset,
- 'description' => &$bdescription,
+ 'name' => &$bname,
+ 'shortname' => &$bshortname,
+ 'timeoffset' => &$btimeoffset,
+ 'description' => &$bdesc,
'defaultskin' => &$bdefskin
)
);
// add slashes for sql queries
- $bname = addslashes($bname);
- $bshortname = addslashes($bshortname);
- $btimeoffset = addslashes($btimeoffset);
- $bdesc = addslashes($bdesc);
- $bdefskin = addslashes($bdefskin);
+ $bname = sql_real_escape_string($bname);
+ $bshortname = sql_real_escape_string($bshortname);
+ $btimeoffset = sql_real_escape_string($btimeoffset);
+ $bdesc = sql_real_escape_string($bdesc);
+ $bdefskin = sql_real_escape_string($bdefskin);
// create blog
$query = 'INSERT INTO '.sql_table('blog')." (bname, bshortname, bdesc, btimeoffset, bdefskin) VALUES ('$bname', '$bshortname', '$bdesc', '$btimeoffset', '$bdefskin')";
sql_query($query);
- $blogid = mysql_insert_id();
- $blog =& $manager->getBlog($blogid);
+ $blogid = sql_insert_id();
+ $blog =& $manager->getBlog($blogid);
// create new category
- sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, 'General','Items that do not fit in other categories')");
- $catid = mysql_insert_id();
+ $catdefname = (defined('_EBLOGDEFAULTCATEGORY_NAME') ? _EBLOGDEFAULTCATEGORY_NAME : 'General');
+ $catdefdesc = (defined('_EBLOGDEFAULTCATEGORY_DESC') ? _EBLOGDEFAULTCATEGORY_DESC : 'Items that do not fit in other categories');
+ $sql = 'INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, "%s", "%s")';
+ sql_query(sprintf($sql, sql_table('category'), $blogid, $catdefname, $catdefdesc));
+// sql_query('INSERT INTO '.sql_table('category')." (cblog, cname, cdesc) VALUES ($blogid, _EBLOGDEFAULTCATEGORY_NAME, _EBLOGDEFAULTCATEGORY_DESC)");
+ $catid = sql_insert_id();
// set as default category
$blog->setDefaultCategory($catid);
@@ -3085,10 +3342,15 @@ class ADMIN {
$memberid = $member->getID();
$query = 'INSERT INTO '.sql_table('team')." (tmember, tblog, tadmin) VALUES ($memberid, $blogid, 1)";
sql_query($query);
-
-
- $blog->additem($blog->getDefaultCategory(),'First Item','ããã¯ããªãã®weblogã«ãããæåã®ã¢ã¤ãã ã§ããèªç±ã«åé¤ãã¦ããã ãã¦ãã¾ãã¾ããã','',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);
-
+
+ $itemdeftitle = (defined('_EBLOG_FIRSTITEM_TITLE') ? _EBLOG_FIRSTITEM_TITLE : 'First Item');
+ $itemdefbody = (defined('_EBLOG_FIRSTITEM_BODY') ? _EBLOG_FIRSTITEM_BODY : 'This is the first item in your weblog. Feel free to delete it.');
+
+ $blog->additem($blog->getDefaultCategory(),$itemdeftitle,$itemdefbody,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);
+ //$blog->additem($blog->getDefaultCategory(),_EBLOG_FIRSTITEM_TITLE,_EBLOG_FIRSTITEM_BODY,'',$blogid, $memberid,$blog->getCorrectTime(),0,0,0);
+
+
+
$manager->notify(
'PostAddBlog',
array(
@@ -3099,24 +3361,27 @@ class ADMIN {
$manager->notify(
'PostAddCategory',
array(
- 'catid' => $catid
+ 'blog' => &$blog,
+ 'name' => _EBLOGDEFAULTCATEGORY_NAME,
+ 'description' => _EBLOGDEFAULTCATEGORY_DESC,
+ 'catid' => $catid
)
);
$this->pagehead();
?>
- æ°ããweblogãä½æããã¾ãã
+
- æ°ããweblog ãããä½æããã¾ãããç¶ãã¦ãããã«ã¢ã¯ã»ã¹ããããã«ä»¥ä¸ã®ã©ã¡ããã®æé ã«é²ãã§ãã ããã
+
- ç°¡åãªæ¹æ³: ä¸ã®ã³ã¼ããè²¼ä»ãã .php
ã¨ãããã¡ã¤ã«ãä½æãã
- é«åº¦ãªæ¹æ³: ç¾å¨ä½¿ç¨ãã¦ããã¹ãã³ã«æ°ããweblogãå±éãããããã®è¨è¿°ãå ãã
+
+
-
+
- .php
ã¨ãããã¡ã¤ã«ãä½æãã¦ãä¸èº«ã«ä»¥ä¸ã®ã³ã¼ããè²¼ãä»ãã:
+
<?php
$CONF['Self'] = '.php ';
@@ -3128,10 +3393,9 @@ selector();
?>
- ãã§ã«ããindex.php
ã¨åããã£ã¬ã¯ããªã«ã¢ãããã¼ããã¾ãã
-
- æ°ããweblogã®ä½æãå®äºããããã«ã¯ãä¸ã«ãã®ãã¡ã¤ã«ã®URLãå
¥åãã¦ãã ããã (ãã§ã«ç¨æããå¤ã§åã£ã¦ããã¨ã¯æãã¾ããä¿è¨¼ã¯ãã¾ãã):
+
+
@@ -3146,10 +3410,9 @@ selector();
-
-
- æ°ããweblogã®ä½æãå®äºããããã«ã¯ãä¸ã«URLãå
¥åãã¦ãã ããã (大æµã¯æ¢åblogã¨åãURL)
+
+
@@ -3164,17 +3427,20 @@ selector();
- pagefoot();
+ pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_addnewlog2() {
global $member, $manager;
$member->blogAdminRights($blogid) or $this->disallow();
- $burl = requestVar('url');
- $blogid = intRequestVar('blogid');
+ $burl = requestVar('url');
+ $blogid = intRequestVar('blogid');
$blog =& $manager->getBlog($blogid);
$blog->setURL(trim($burl));
@@ -3183,6 +3449,9 @@ selector();
$this->action_overview(_MSG_NEWBLOG);
}
+ /**
+ * @todo document this
+ */
function action_skinieoverview() {
global $member, $DIR_LIBS, $manager;
@@ -3199,7 +3468,7 @@ selector();
- addTicketHidden() ?>
- $skinfile) {
+ $skinfile) {
$html = htmlspecialchars($skinfile);
echo '',$skinname,' ';
}
@@ -3218,7 +3487,7 @@ selector();
-
@@ -3246,9 +3515,9 @@ selector();
- sdnumber;
echo ' ';
echo '',htmlspecialchars($skinObj->sdname),' ';
@@ -3260,7 +3529,7 @@ selector();
// show list of templates
$res = sql_query('SELECT * FROM '.sql_table('template_desc'));
- while ($templateObj = mysql_fetch_object($res)) {
+ while ($templateObj = sql_fetch_object($res)) {
$id = 'templateexp' . $templateObj->tdnumber;
echo ' ';
echo '',htmlspecialchars($templateObj->tdname),' ';
@@ -3284,6 +3553,9 @@ selector();
}
+ /**
+ * @todo document this
+ */
function action_skinieimport() {
global $member, $DIR_LIBS, $DIR_SKINS, $manager;
@@ -3293,7 +3565,7 @@ selector();
include_once($DIR_LIBS . 'skinie.php');
$skinFileRaw= postVar('skinfile');
- $mode = postVar('mode');
+ $mode = postVar('mode');
$importer =& new SKINIMPORT();
@@ -3312,6 +3584,10 @@ selector();
// read only metadata
$error = $importer->readFile($skinFile, 1);
+ // clashes
+ $skinNameClashes = $importer->checkSkinNameClashes();
+ $templateNameClashes = $importer->checkTemplateNameClashes();
+ $hasNameClashes = (count($skinNameClashes) > 0) || (count($templateNameClashes) > 0);
if ($error) $this->error($error);
@@ -3325,8 +3601,15 @@ selector();
getInfo())?>
'._AND.' ',$importer->getSkinNames())?>
'._AND.' ',$importer->getTemplateNames())?>
- '._AND.' ',$importer->checkSkinNameClashes())?>
- '._AND.' ',$importer->checkTemplateNameClashes())?>
+
+ '._AND.' ',$skinNameClashes)?>
+ '._AND.' ',$templateNameClashes)?>
+
@@ -3335,8 +3618,15 @@ selector();
+
+
@@ -3344,6 +3634,9 @@ selector();
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_skiniedoimport() {
global $member, $DIR_LIBS, $DIR_SKINS;
@@ -3353,7 +3646,7 @@ selector();
include_once($DIR_LIBS . 'skinie.php');
$skinFileRaw= postVar('skinfile');
- $mode = postVar('mode');
+ $mode = postVar('mode');
$allowOverwrite = intPostVar('overwrite');
@@ -3394,10 +3687,13 @@ selector();
'._AND.' ',$importer->getTemplateNames())?>
- pagefoot();
+ pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_skinieexport() {
global $member, $DIR_LIBS;
@@ -3429,6 +3725,9 @@ selector();
$exporter->export();
}
+ /**
+ * @todo document this
+ */
function action_templateoverview() {
global $member, $manager;
@@ -3470,6 +3769,9 @@ selector();
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_templateedit($msg = '') {
global $member, $manager;
@@ -3478,7 +3780,7 @@ selector();
$member->isAdmin() or $this->disallow();
$extrahead = '';
- $extrahead .= '';
+ $extrahead .= '';
$this->pagehead($extrahead);
@@ -3491,9 +3793,9 @@ selector();
()
- ''
+ ''
- "._MESSAGE.": $msg";
+ "._MESSAGE.": $msg";
?>
@@ -3556,37 +3858,58 @@ selector();
$this->_templateEditRow($template, _TEMPLATE_AFOOTER, 'ARCHIVELIST_FOOTER', '', 150);
?>
+
+_templateEditRow($template, _TEMPLATE_BLOGHEADER, 'BLOGLIST_HEADER', '', 160);
+ $this->_templateEditRow($template, _TEMPLATE_BLOGITEM, 'BLOGLIST_LISTITEM', '', 170);
+ $this->_templateEditRow($template, _TEMPLATE_BLOGFOOTER, 'BLOGLIST_FOOTER', '', 180);
+?>
+
-_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 160);
- $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 170);
- $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 180);
+_templateEditRow($template, _TEMPLATE_CATHEADER, 'CATLIST_HEADER', '', 190);
+ $this->_templateEditRow($template, _TEMPLATE_CATITEM, 'CATLIST_LISTITEM', '', 200);
+ $this->_templateEditRow($template, _TEMPLATE_CATFOOTER, 'CATLIST_FOOTER', '', 210);
?>
-_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 190);
- $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 200);
- $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 210);
- $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 220);
- $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 230);
+_templateEditRow($template, _TEMPLATE_DHEADER, 'DATE_HEADER', 'dateheads', 220);
+ $this->_templateEditRow($template, _TEMPLATE_DFOOTER, 'DATE_FOOTER', 'dateheads', 230);
+ $this->_templateEditRow($template, _TEMPLATE_DFORMAT, 'FORMAT_DATE', 'datetime', 240);
+ $this->_templateEditRow($template, _TEMPLATE_TFORMAT, 'FORMAT_TIME', 'datetime', 250);
+ $this->_templateEditRow($template, _TEMPLATE_LOCALE, 'LOCALE', 'locale', 260);
?>
-_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 240);
- $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 250);
- $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 260);
+_templateEditRow($template, _TEMPLATE_PCODE, 'POPUP_CODE', '', 270);
+ $this->_templateEditRow($template, _TEMPLATE_ICODE, 'IMAGE_CODE', '', 280);
+ $this->_templateEditRow($template, _TEMPLATE_MCODE, 'MEDIA_CODE', '', 290);
?>
-_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',270);
- $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',280);
+_templateEditRow($template, _TEMPLATE_SHIGHLIGHT, 'SEARCH_HIGHLIGHT', 'highlight',300);
+ $this->_templateEditRow($template, _TEMPLATE_SNOTFOUND, 'SEARCH_NOTHINGFOUND', 'nothingfound',310);
+?>
+
+
+notify('TemplateExtraFields',array('fields'=>&$pluginfields));
+
+ foreach ($pluginfields as $pfkey=>$pfvalue) {
+ echo " \n";
+ echo ''.htmlentities($pfkey)." \n";
+ foreach ($pfvalue as $pffield=>$pfdesc) {
+ $this->_templateEditRow($template, $pfdesc, $pffield, '',++$tab,0);
+ }
+ }
?>
-
-
+
+
@@ -3596,17 +3919,24 @@ selector();
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function _templateEditRow(&$template, $description, $name, $help = '', $tabindex = 0, $big = 0) {
static $count = 1;
+ if (!isset($template[$name])) $template[$name] = '';
?>
- error(_ERROR_DUPTEMPLATENAME);
- $name = addslashes($name);
- $desc = addslashes($desc);
+ $name = sql_real_escape_string($name);
+ $desc = sql_real_escape_string($desc);
// 1. Remove all template parts
$query = 'DELETE FROM '.sql_table('template').' WHERE tdesc=' . $templateid;
@@ -3655,6 +3985,9 @@ selector();
$this->addToTemplate($templateid, 'ARCHIVELIST_HEADER', postVar('ARCHIVELIST_HEADER'));
$this->addToTemplate($templateid, 'ARCHIVELIST_LISTITEM', postVar('ARCHIVELIST_LISTITEM'));
$this->addToTemplate($templateid, 'ARCHIVELIST_FOOTER', postVar('ARCHIVELIST_FOOTER'));
+ $this->addToTemplate($templateid, 'BLOGLIST_HEADER', postVar('BLOGLIST_HEADER'));
+ $this->addToTemplate($templateid, 'BLOGLIST_LISTITEM', postVar('BLOGLIST_LISTITEM'));
+ $this->addToTemplate($templateid, 'BLOGLIST_FOOTER', postVar('BLOGLIST_FOOTER'));
$this->addToTemplate($templateid, 'CATLIST_HEADER', postVar('CATLIST_HEADER'));
$this->addToTemplate($templateid, 'CATLIST_LISTITEM', postVar('CATLIST_LISTITEM'));
$this->addToTemplate($templateid, 'CATLIST_FOOTER', postVar('CATLIST_FOOTER'));
@@ -3669,15 +4002,25 @@ selector();
$this->addToTemplate($templateid, 'MEDIA_CODE', postVar('MEDIA_CODE'));
$this->addToTemplate($templateid, 'IMAGE_CODE', postVar('IMAGE_CODE'));
+ $pluginfields = array();
+ $manager->notify('TemplateExtraFields',array('fields'=>&$pluginfields));
+ foreach ($pluginfields as $pfkey=>$pfvalue) {
+ foreach ($pfvalue as $pffield=>$pfdesc) {
+ $this->addToTemplate($templateid, $pffield, postVar($pffield));
+ }
+ }
// jump back to template edit
$this->action_templateedit(_TEMPLATE_UPDATED);
}
+ /**
+ * @todo document this
+ */
function addToTemplate($id, $partname, $content) {
- $partname = addslashes($partname);
- $content = addslashes($content);
+ $partname = sql_real_escape_string($partname);
+ $content = sql_real_escape_string($content);
$id = intval($id);
@@ -3686,10 +4029,13 @@ selector();
$query = 'INSERT INTO '.sql_table('template')." (tdesc, tpartname, tcontent) "
. "VALUES ($id, '$partname', '$content')";
- mysql_query($query) or die("Query error: " . mysql_error());
- return mysql_insert_id();
+ sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error());
+ return sql_insert_id();
}
+ /**
+ * @todo document this
+ */
function action_templatedelete() {
global $member, $manager;
@@ -3707,7 +4053,7 @@ selector();
- ()
+ ()
@@ -3720,6 +4066,9 @@ selector();
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_templatedeleteconfirm() {
global $member, $manager;
@@ -3740,6 +4089,9 @@ selector();
$this->action_templateoverview();
}
+ /**
+ * @todo document this
+ */
function action_templatenew() {
global $member;
@@ -3759,6 +4111,9 @@ selector();
$this->action_templateoverview();
}
+ /**
+ * @todo document this
+ */
function action_templateclone() {
global $member;
@@ -3786,13 +4141,16 @@ selector();
// 3. create clone
// go through parts of old template and add them to the new one
$res = sql_query('SELECT tpartname, tcontent FROM '.sql_table('template').' WHERE tdesc=' . $templateid);
- while ($o = mysql_fetch_object($res)) {
+ while ($o = sql_fetch_object($res)) {
$this->addToTemplate($newid, $o->tpartname, $o->tcontent);
}
$this->action_templateoverview();
}
+ /**
+ * @todo document this
+ */
function action_skinoverview() {
global $member, $manager;
@@ -3837,6 +4195,9 @@ selector();
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_skinnew() {
global $member;
@@ -3856,6 +4217,9 @@ selector();
$this->action_skinoverview();
}
+ /**
+ * @todo document this
+ */
function action_skinedit() {
global $member, $manager;
@@ -3885,7 +4249,33 @@ selector();
-
+ ' . _SKIN_PARTS_SPECIAL . '';
+ echo '
' . "\r\n";
+ echo ' ' . "\r\n";
+ echo ' ' . "\r\n";
+ echo ' ' . "\r\n";
+ echo ' ' . "\r\n";
+ echo ' ' . "\r\n";
+
+ if ($res && sql_num_rows($res) > 0) {
+ echo '
';
+ }
+
+ ?>
+
+
@@ -3916,9 +4306,12 @@ selector();
- pagefoot();
+ pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_skineditgeneral() {
global $member;
@@ -3951,6 +4344,9 @@ selector();
}
+ /**
+ * @todo document this
+ */
function action_skinedittype($msg = '') {
global $member, $manager;
@@ -3959,6 +4355,13 @@ selector();
$member->isAdmin() or $this->disallow();
+ $type = trim($type);
+ $type = strtolower($type);
+
+ if (!isValidShortName($type)) {
+ $this->error(_ERROR_SKIN_PARTS_SPECIAL_FORMAT);
+ }
+
$skin =& new SKIN($skinid);
$friendlyNames = SKIN::getFriendlyNames();
@@ -3967,9 +4370,9 @@ selector();
?>
( )
-
'getName() ?>':
+
'getName()) ?>':
- "._MESSAGE.": $msg";
+ "._MESSAGE.": $msg";
?>
@@ -3983,8 +4386,12 @@ selector();
- (skin type: )
-
+ (skin type: )
+
getContent($type)) ?>
@@ -3992,11 +4399,11 @@ selector();
- (skin type: )
+ (skin type: )
- ";
if (count($actions) != 0) echo ", ";
}
- ?>
-
- Short blog names:
-
' . _SKINEDIT_ALLOWEDBLOGS;
+ $query = 'SELECT bshortname, bname FROM '.sql_table('blog');
showlist($query,'table',array('content'=>'shortblognames'));
- ?>
-
-
- Template names:
- ' . _SKINEDIT_ALLOWEDTEMPLATESS;
+ $query = 'SELECT tdname as name, tddesc as description FROM '.sql_table('template_desc');
showlist($query,'table',array('content'=>'shortnames'));
- ?>
-
-
-
-
-
-
- pagefoot();
+ echo '
';
+ $this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_skinupdate() {
global $member;
@@ -4045,6 +4444,9 @@ selector();
$this->action_skinedittype(_SKIN_UPDATED);
}
+ /**
+ * @todo document this
+ */
function action_skindelete() {
global $member, $manager, $CONF;
@@ -4059,8 +4461,8 @@ selector();
// don't allow deletion of default skins for blogs
$query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;
$r = sql_query($query);
- if ($o = mysql_fetch_object($r))
- $this->error(_ERROR_SKINDEFDELETE . $o->bname);
+ if ($o = sql_fetch_object($r))
+ $this->error(_ERROR_SKINDEFDELETE . htmlspecialchars($o->bname));
$this->pagehead();
@@ -4072,7 +4474,7 @@ selector();
- ()
+ ()
@@ -4085,6 +4487,9 @@ selector();
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_skindeleteconfirm() {
global $member, $CONF, $manager;
@@ -4099,7 +4504,7 @@ selector();
// don't allow deletion of default skins for blogs
$query = 'SELECT bname FROM '.sql_table('blog').' WHERE bdefskin=' . $skinid;
$r = sql_query($query);
- if ($o = mysql_fetch_object($r))
+ if ($o = sql_fetch_object($r))
$this->error(_ERROR_SKINDEFDELETE .$o->bname);
$manager->notify('PreDeleteSkin', array('skinid' => $skinid));
@@ -4115,6 +4520,83 @@ selector();
$this->action_skinoverview();
}
+ /**
+ * @todo document this
+ */
+ function action_skinremovetype() {
+ global $member, $manager, $CONF;
+
+ $skinid = intRequestVar('skinid');
+ $skintype = requestVar('type');
+
+ if (!isValidShortName($skintype)) {
+ $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
+ }
+
+ $member->isAdmin() or $this->disallow();
+
+ // don't allow default skinparts to be deleted
+ if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {
+ $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
+ }
+
+ $this->pagehead();
+
+ $skin =& new SKIN($skinid);
+ $name = $skin->getName();
+ $desc = $skin->getDescription();
+
+ ?>
+
+
+
+ () ()
+
+
+
+
+ addTicketHidden() ?>
+
+
+
+
+ pagefoot();
+ }
+
+ /**
+ * @todo document this
+ */
+ function action_skinremovetypeconfirm() {
+ global $member, $CONF, $manager;
+
+ $skinid = intRequestVar('skinid');
+ $skintype = requestVar('type');
+
+ if (!isValidShortName($skintype)) {
+ $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
+ }
+
+ $member->isAdmin() or $this->disallow();
+
+ // don't allow default skinparts to be deleted
+ if (in_array($skintype, array('index', 'item', 'archivelist', 'archive', 'search', 'error', 'member', 'imagepopup'))) {
+ $this->error(_ERROR_SKIN_PARTS_SPECIAL_DELETE);
+ }
+
+ $manager->notify('PreDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype));
+
+ // delete part
+ sql_query('DELETE FROM '.sql_table('skin').' WHERE sdesc=' . $skinid . ' AND stype=\'' . $skintype . '\'');
+
+ $manager->notify('PostDeleteSkinPart', array('skinid' => $skinid, 'skintype' => $skintype));
+
+ $this->action_skinedit();
+ }
+
+ /**
+ * @todo document this
+ */
function action_skinclone() {
global $member;
@@ -4146,6 +4628,7 @@ selector();
// 3. clone
+ /*
$this->skinclonetype($skin, $newid, 'index');
$this->skinclonetype($skin, $newid, 'item');
$this->skinclonetype($skin, $newid, 'archivelist');
@@ -4154,20 +4637,33 @@ selector();
$this->skinclonetype($skin, $newid, 'error');
$this->skinclonetype($skin, $newid, 'member');
$this->skinclonetype($skin, $newid, 'imagepopup');
+ */
+
+ $query = "SELECT stype FROM " . sql_table('skin') . " WHERE sdesc = " . $skinid;
+ $res = sql_query($query);
+ while ($row = sql_fetch_assoc($res)) {
+ $this->skinclonetype($skin, $newid, $row['stype']);
+ }
$this->action_skinoverview();
}
+ /**
+ * @todo document this
+ */
function skinclonetype($skin, $newid, $type) {
$newid = intval($newid);
$content = $skin->getContent($type);
if ($content) {
- $query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". addslashes($content)."', '". addslashes($type)."')";
+ $query = 'INSERT INTO '.sql_table('skin')." (sdesc, scontent, stype) VALUES ($newid,'". sql_real_escape_string($content)."', '". sql_real_escape_string($type)."')";
sql_query($query);
}
}
+ /**
+ * @todo document this
+ */
function action_settingsedit() {
global $member, $manager, $CONF, $DIR_NUCLEUS, $DIR_MEDIA;
@@ -4239,15 +4735,21 @@ selector();
- $name";
}
}
@@ -4262,7 +4764,7 @@ selector();
input_yesno('DisableSite',$CONF['DisableSite'],10060); ?>
- URL:
+
@@ -4289,7 +4791,7 @@ selector();
input_yesno('DisableJsTools',$CONF['DisableJsTools'],10075); */?>
- ",_SETTINGS_JSTOOLBAR_NONE,"";
$extra = ($CONF['DisableJsTools'] == 2) ? 'selected="selected"' : '';
echo "",_SETTINGS_JSTOOLBAR_SIMPLE," ";
@@ -4311,12 +4813,32 @@ selector();
+
+ input_yesno('DebugVars',$CONF['DebugVars'],10078);
+
+ ?>
+
+
+
+
+
+
+
+
+
- " . _WARNING_NOTADIR . " ";
if (!is_readable($DIR_MEDIA))
echo "" . _WARNING_NOTREADABLE . " ";
@@ -4430,6 +4952,9 @@ selector();
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_settingsupdate() {
global $member, $CONF;
@@ -4441,37 +4966,39 @@ selector();
// save settings
- $this->updateConfig('DefaultBlog', postVar('DefaultBlog'));
- $this->updateConfig('BaseSkin', postVar('BaseSkin'));
- $this->updateConfig('IndexURL', postVar('IndexURL'));
- $this->updateConfig('AdminURL', postVar('AdminURL'));
+ $this->updateConfig('DefaultBlog', postVar('DefaultBlog'));
+ $this->updateConfig('BaseSkin', postVar('BaseSkin'));
+ $this->updateConfig('IndexURL', postVar('IndexURL'));
+ $this->updateConfig('AdminURL', postVar('AdminURL'));
$this->updateConfig('PluginURL', postVar('PluginURL'));
- $this->updateConfig('SkinsURL', postVar('SkinsURL'));
+ $this->updateConfig('SkinsURL', postVar('SkinsURL'));
$this->updateConfig('ActionURL', postVar('ActionURL'));
- $this->updateConfig('Language', postVar('Language'));
- $this->updateConfig('AdminEmail', postVar('AdminEmail'));
+ $this->updateConfig('Language', postVar('Language'));
+ $this->updateConfig('AdminEmail', postVar('AdminEmail'));
$this->updateConfig('SessionCookie', postVar('SessionCookie'));
$this->updateConfig('AllowMemberCreate',postVar('AllowMemberCreate'));
- $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
+ $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
$this->updateConfig('NonmemberMail', postVar('NonmemberMail'));
- $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
- $this->updateConfig('SiteName', postVar('SiteName'));
+ $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
+ $this->updateConfig('SiteName', postVar('SiteName'));
$this->updateConfig('NewMemberCanLogon',postVar('NewMemberCanLogon'));
- $this->updateConfig('DisableSite', postVar('DisableSite'));
- $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
+ $this->updateConfig('DisableSite', postVar('DisableSite'));
+ $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
$this->updateConfig('LastVisit', postVar('LastVisit'));
- $this->updateConfig('MediaURL', postVar('MediaURL'));
- $this->updateConfig('AllowedTypes', postVar('AllowedTypes'));
- $this->updateConfig('AllowUpload', postVar('AllowUpload'));
+ $this->updateConfig('MediaURL', postVar('MediaURL'));
+ $this->updateConfig('AllowedTypes', postVar('AllowedTypes'));
+ $this->updateConfig('AllowUpload', postVar('AllowUpload'));
$this->updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
- $this->updateConfig('MediaPrefix', postVar('MediaPrefix'));
- $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
- $this->updateConfig('DisableJsTools', postVar('DisableJsTools'));
- $this->updateConfig('CookieDomain', postVar('CookieDomain'));
- $this->updateConfig('CookiePath', postVar('CookiePath'));
- $this->updateConfig('CookieSecure', postVar('CookieSecure'));
- $this->updateConfig('URLMode', postVar('URLMode'));
- $this->updateConfig('CookiePrefix', postVar('CookiePrefix'));
+ $this->updateConfig('MediaPrefix', postVar('MediaPrefix'));
+ $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
+ $this->updateConfig('DisableJsTools', postVar('DisableJsTools'));
+ $this->updateConfig('CookieDomain', postVar('CookieDomain'));
+ $this->updateConfig('CookiePath', postVar('CookiePath'));
+ $this->updateConfig('CookieSecure', postVar('CookieSecure'));
+ $this->updateConfig('URLMode', postVar('URLMode'));
+ $this->updateConfig('CookiePrefix', postVar('CookiePrefix'));
+ $this->updateConfig('DebugVars', postVar('DebugVars'));
+ $this->updateConfig('DefaultListSize', postVar('DefaultListSize'));
// load new config and redirect (this way, the new language will be used is necessary)
// note that when changing cookie settings, this redirect might cause the user
@@ -4482,40 +5009,188 @@ selector();
}
+ /**
+ * Give an overview over the used system
+ */
+ function action_systemoverview() {
+ global $member, $nucleus, $CONF;
+
+ $this->pagehead();
+
+ echo '' . _ADMIN_SYSTEMOVERVIEW_HEADING . " \n";
+
+ if ($member->isLoggedIn() && $member->isAdmin()) {
+
+ // Information about the used PHP and MySQL installation
+ echo '' . _ADMIN_SYSTEMOVERVIEW_PHPANDMYSQL . " \n";
+
+ // Version of PHP MySQL
+ echo "\n";
+ echo "\t\n";
+ echo "\t\t" . '' . _ADMIN_SYSTEMOVERVIEW_VERSIONS . " \n";
+ echo "\t \n";
+ echo "\t\t" . '' . _ADMIN_SYSTEMOVERVIEW_PHPVERSION . " \n";
+ echo "\t\t" . '' . phpversion() . " \n";
+ echo "\t \n";
+ echo "\t\t" . '' . _ADMIN_SYSTEMOVERVIEW_MYSQLVERSION . " \n";
+ echo "\t\t" . '' . sql_get_server_info() . ' (' . sql_get_client_info() . ')' . " \n";
+ echo "\t ";
+ echo "
\n";
+
+ // Important PHP settings
+ echo "\n";
+ echo "\t\n";
+ echo "\t\t" . '' . _ADMIN_SYSTEMOVERVIEW_SETTINGS . " \n";
+ echo "\t \n";
+ echo "\t\t" . 'magic_quotes_gpc' . " \n";
+ $mqg = get_magic_quotes_gpc() ? 'On' : 'Off';
+ echo "\t\t" . '' . $mqg . " \n";
+ echo "\t \n";
+ echo "\t\t" . 'magic_quotes_runtime' . " \n";
+ $mqr = get_magic_quotes_runtime() ? 'On' : 'Off';
+ echo "\t\t" . '' . $mqr . " \n";
+ echo "\t \n";
+ echo "\t\t" . 'register_globals' . " \n";
+ $rg = ini_get('register_globals') ? 'On' : 'Off';
+ echo "\t\t" . '' . $rg . " \n";
+ echo "\t ";
+ echo "
\n";
+
+ // Information about GD library
+ $gdinfo = gd_info();
+ echo "\n";
+ echo "\t";
+ echo "\t\t" . '' . _ADMIN_SYSTEMOVERVIEW_GDLIBRALY . " \n";
+ echo "\t \n";
+ foreach ($gdinfo as $key=>$value) {
+ if (is_bool($value)) {
+ $value = $value ? _ADMIN_SYSTEMOVERVIEW_ENABLE : _ADMIN_SYSTEMOVERVIEW_DISABLE;
+ } else {
+ $value = htmlspecialchars($value, ENT_QUOTES);
+ }
+ echo "\t";
+ echo "\t\t" . '' . $key . " \n";
+ echo "\t\t" . '' . $value . " \n";
+ echo "\t \n";
+ }
+ echo "
\n";
+
+ // Check if special modules are loaded
+ ob_start();
+ phpinfo(INFO_MODULES);
+ $im = ob_get_contents();
+ ob_clean();
+ echo "\n";
+ echo "\t";
+ echo "\t\t" . '' . _ADMIN_SYSTEMOVERVIEW_MODULES . " \n";
+ echo "\t \n";
+ echo "\t\t" . 'mod_rewrite' . " \n";
+ $modrewrite = (strstr($im, 'mod_rewrite') != '') ?
+ _ADMIN_SYSTEMOVERVIEW_ENABLE :
+ _ADMIN_SYSTEMOVERVIEW_DISABLE;
+ echo "\t\t" . '' . $modrewrite . " \n";
+ echo "\t \n";
+ echo "
\n";
+
+ // Information about the used Nucleus CMS
+ echo '' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSYSTEM . " \n";
+ global $nucleus;
+ $nv = getNucleusVersion() / 100 . '(' . $nucleus['version'] . ')';
+ $np = getNucleusPatchLevel();
+ echo "\n";
+ echo "\t";
+ echo "\t\t" . 'Nucleus CMS' . " \n";
+ echo "\t \n";
+ echo "\t\t" . '' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSVERSION . " \n";
+ echo "\t\t" . '' . $nv . " \n";
+ echo "\t \n";
+ echo "\t\t" . '' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSPATCHLEVEL . " \n";
+ echo "\t\t" . '' . $np . " \n";
+ echo "\t \n";
+ echo "
\n";
+
+ // Important settings of the installation
+ echo "\n";
+ echo "\t";
+ echo "\t\t" . '' . _ADMIN_SYSTEMOVERVIEW_NUCLEUSSETTINGS . " \n";
+ echo "\t \n";
+ echo "\t\t" . '' . '$CONF[' . "'Self'] \n";
+ echo "\t\t" . '' . $CONF['Self'] . " \n";
+ echo "\t \n";
+ echo "\t\t" . '' . '$CONF[' . "'ItemURL'] \n";
+ echo "\t\t" . '' . $CONF['ItemURL'] . " \n";
+ echo "\t \n";
+ echo "\t\t" . '' . '$CONF[' . "'alertOnHeadersSent'] \n";
+ $ohs = $CONF['alertOnHeadersSent'] ?
+ _ADMIN_SYSTEMOVERVIEW_ENABLE :
+ _ADMIN_SYSTEMOVERVIEW_DISABLE;
+ echo "\t\t" . '' . $ohs . " \n";
+ echo "\t \n";
+ echo "
\n";
+
+ // Link to the online version test at the Nucleus CMS website
+ echo '' . _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK . " \n";
+ if ($nucleus['codename'] != '') {
+ $codenamestring = ' "' . $nucleus['codename'] . '"';
+ } else {
+ $codenamestring = '';
+ }
+ echo _ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_TXT;
+ $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());
+ echo '';
+ echo 'Nucleus CMS ' . $nv . $codenamestring;
+ echo ' ';
+ //echo ' ';
+ }
+ else {
+ echo _ADMIN_SYSTEMOVERVIEW_NOT_ADMIN;
+ }
+
+ $this->pagefoot();
+ }
+ /**
+ * @todo document this
+ */
function updateConfig($name, $val) {
- $name = addslashes($name);
- $val = trim(addslashes($val));
+ $name = sql_real_escape_string($name);
+ $val = trim(sql_real_escape_string($val));
$query = 'UPDATE '.sql_table('config')
. " SET value='$val'"
. " WHERE name='$name'";
- mysql_query($query) or die("Query error: " . mysql_error());
- return mysql_insert_id();
+ sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error());
+ return sql_insert_id();
}
/**
- * Error message
- */
+ * Error message
+ * @param string $msg message that will be shown
+ */
function error($msg) {
$this->pagehead();
?>
Error!
- ";
echo ""._BACK." ";
$this->pagefoot();
exit;
}
+ /**
+ * @todo document this
+ */
function disallow() {
ACTIONLOG::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
$this->error(_ERROR_DISALLOWED);
}
-
+ /**
+ * @todo document this
+ */
function pagehead($extrahead = '') {
global $member, $nucleus, $CONF, $manager;
@@ -4531,8 +5206,9 @@ selector();
?>
-
+ >
+
- Admin
+
- isLoggedIn())
+ isLoggedIn())
echo _LOGGEDINAS . ' ' . $member->getDisplayName()
." -
" . _LOGOUT. " "
. "
" . _ADMINHOME . " - ";
@@ -4566,14 +5243,28 @@ selector();
echo '
(';
- if ($member->isLoggedIn() && $member->isAdmin())
- echo '
Nucleus CMS ', $nucleus['version'], ' ';
- else
- echo 'Nucleus CMS ' , $nucleus['version'];
+ $codenamestring = ($nucleus['codename']!='')? ' "'.$nucleus['codename'].'"':'';
+
+ if ($member->isLoggedIn() && $member->isAdmin()) {
+ $checkURL = sprintf(_ADMIN_SYSTEMOVERVIEW_VERSIONCHECK_URL, getNucleusVersion(), getNucleusPatchLevel());
+ echo '
Nucleus CMS ' . $nucleus['version'] . $codenamestring . ' ';
+ $newestVersion = getLatestVersion();
+ $newestCompare = str_replace('/','.',$newestVersion);
+ $newestCompare = intval($newestCompare);
+ $currentVersion = str_replace(array('/','v'),array('.',''),$nucleus['version']);
+ if ($newestVersion && version_compare($newestCompare,$currentVersion) > 0) {
+ echo '
'._ADMIN_SYSTEMOVERVIEW_LATESTVERSION_TEXT.$newestVersion.' ';
+ }
+ } else {
+ echo 'Nucleus CMS ' . $nucleus['version'] . $codenamestring;
+ }
echo ')';
echo '
';
}
+ /**
+ * @todo document this
+ */
function pagefoot() {
global $action, $member, $manager;
@@ -4591,19 +5282,19 @@ selector();
-
+
-
+
+
-
- Bookmarklet
+
- Bookmarklet ã¨ã¯ãã¯ãªãã¯1åã§è¨äºã®æ稿ãã§ããã·ã¹ãã ã§ãã ãã® Bookmarklet ãã¤ã³ã¹ãã¼ã«ããã¨ããã©ã¦ã¶ã®ãã¼ã«ãã¼ã®'add to weblog'ãã¿ã³ãå©ç¨å¯è½ã¨ãªããNucleusã®æ°è¦ã¢ã¤ãã ã®è¿½å ã¦ã£ã³ãã¦ããããã¢ãããã¾ããä»»æã®Webãã¼ã¸ãéããç¶æ
ã§ãã®ãã¿ã³ãæ¼ãã°ããã®Webãã¼ã¸ã®ã¿ã¤ãã«ã¨ããã®ãã¼ã¸ã¸ã®ãªã³ã¯ã¿ã°ããã§ã«åãè¾¼ã¾ããç¶æ
ã§ã¢ã¤ãã 追å ã¦ã£ã³ãã¦ãéããããã«ããã®ãã¼ã¸å
ã«å¼ç¨ãããæãé¸æããç¶æ
ã§ããã°ãã®å¼ç¨æãèªåçã«å¼ç¨ãã¾ãã
+
- Bookmarklet
+
- ä¸ã®ãªã³ã¯é¨åãããæ°ã«å
¥ãããããã¯ãã¼ã«ãã¼ã«ãã©ãã°ã§ãã¾ãã(ãã®åã«ãã¹ããã¦ã¿ããå ´åã¯åç´ã«ä¸ã®ãªã³ã¯ãã¯ãªãã¯ãã¦ã¿ã¦ãã ãã)
+
- Add to getShortName()?> (ã»ã¨ãã©ã®ãã©ã¦ã¶ã§åä½ãã¾ã)
+ ' . sprintf(_BOOKMARKLET_ANCHOR, htmlspecialchars($blog->getName(), ENT_QUOTES)) . '' . _BOOKMARKLET_BMARKFOLLOW; ?>
- å³ã¯ãªãã¯ã¡ãã¥ã¼ã«ã¤ã³ã¹ãã¼ã« (Windowsã§IE使ç¨æ)
+
addTicketToUrl($url);
?>
- ãããã¯å³ã¯ãªãã¯ã¡ãã¥ã¼ ã«ã¤ã³ã¹ãã¼ã«ãããã¨ãã§ãã¾ã (ãéãããé¸æããã°ç´æ¥ã¬ã¸ã¹ããªã«ç»é²ãã¾ã)
+ ' . _BOOKMARKLET_RIGHTLABEL . '' . _BOOKMARKLET_RIGHTTEXT2; ?>
- ãã®ã¤ã³ã¹ãã¼ã«ããå³ã¯ãªãã¯ã¡ãã¥ã¼ã表示ããããã«ã¯IEã®åèµ·åãå¿
è¦ã§ãã
+
- ã¢ã³ã¤ã³ã¹ãã¼ã«
+
- ããæ°ã«å
¥ãããããã¯ãã¼ã«ãã¼ããæ¶ãã«ã¯ãåã«åé¤ããã ãã§ãã
+
-
+
- å³ã¯ãªãã¯ã¡ãã¥ã¼ããæ¶ãããæã¯ã以ä¸ã®æé ãè¸ãã§ãã ãã:
+
- ã¹ã¿ã¼ãã¡ãã¥ã¼ããããã¡ã¤ã«ãæå®ãã¦å®è¡...ããé¸æ
- "regedit" ã¨å
¥å
- "OK" ãã¿ã³ãæ¼ã
- "\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt" ãããªã¼ã®ä¸ããæ¤ç´¢
- "add to weblog" ã¨ã³ããªãåé¤
+
+
+
+
+
blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
+ $banBlogName = htmlspecialchars($blog->getName(), ENT_QUOTES);
$this->pagehead();
?>
@@ -4880,7 +5586,8 @@ selector();
- Only blog 'getName())?>'
+
+
@@ -4898,6 +5605,9 @@ selector();
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_banlistdeleteconfirm() {
global $member, $manager;
@@ -4941,10 +5651,16 @@ selector();
}
+ /**
+ * @todo document this
+ */
function action_banlistnewfromitem() {
$this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid')));
}
+ /**
+ * @todo document this
+ */
function action_banlistnew($blogid = '') {
global $member, $manager;
@@ -4969,16 +5685,23 @@ selector();
- An example : "134.58.253.193" will only block one computer, while "134.58.253" will block 256 IP addresses, including the one from the first example.
+
+
-
-
+
+
- Custom:
-
+
+
+ ";
echo " ";
}
@@ -5012,18 +5735,21 @@ selector();
- pagefoot();
+ pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_banlistadd() {
global $member;
- $blogid = intPostVar('blogid');
- $allblogs = postVar('allblogs');
- $iprange = postVar('iprange');
+ $blogid = intPostVar('blogid');
+ $allblogs = postVar('allblogs');
+ $iprange = postVar('iprange');
if ($iprange == "custom")
$iprange = postVar('customiprange');
- $reason = postVar('reason');
+ $reason = postVar('reason');
$member->blogAdminRights($blogid) or $this->disallow();
@@ -5048,6 +5774,9 @@ selector();
}
+ /**
+ * @todo document this
+ */
function action_clearactionlog() {
global $member;
@@ -5058,6 +5787,9 @@ selector();
$this->action_manage(_MSG_ACTIONLOGCLEARED);
}
+ /**
+ * @todo document this
+ */
function action_backupoverview() {
global $member, $manager;
@@ -5104,9 +5836,12 @@ selector();
- pagefoot();
+ pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_backupcreate() {
global $member, $DIR_LIBS;
@@ -5121,11 +5856,14 @@ selector();
// (creating/restoring dumps might take a while)
@set_time_limit(1200);
- do_backup($useGzip);
+ $bu = new Backup();
+ $bu->do_backup($useGzip);
exit;
}
-
+ /**
+ * @todo document this
+ */
function action_backuprestore() {
global $member, $DIR_LIBS;
@@ -5140,18 +5878,21 @@ selector();
// (creating/restoring dumps might take a while)
@set_time_limit(1200);
- $message = do_restore();
+ $bu = new Backup();
+ $message = $bu->do_restore();
if ($message != '')
$this->error($message);
$this->pagehead();
?>
- pagefoot();
+ pagefoot();
}
-
+ /**
+ * @todo document this
+ */
function action_pluginlist() {
global $member, $manager;
@@ -5164,7 +5905,7 @@ selector();
echo '' , _PLUGS_TITLE_MANAGE , ' ', help('plugins'), ' ';
- echo '' , _PLUGS_TITLE_INSTALLED , ' ';
+ echo '' , _PLUGS_TITLE_INSTALLED , ' ', helplink('getplugins'), _PLUGS_TITLE_GETPLUGINS, ' ';
$query = 'SELECT * FROM '.sql_table('plugin').' ORDER BY porder ASC';
@@ -5185,22 +5926,31 @@ selector();
-
- 0) {
+
+ if (sizeof($candidates) > 0)
+ {
?>
@@ -5210,20 +5960,29 @@ selector();
addTicketHidden() ?>
- ',htmlspecialchars($name),'';
+ ',htmlspecialchars($name),'';
+ }
?>
- ',_PLUGS_NOCANDIDATES,'';
}
$this->pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_pluginhelp() {
global $member, $manager, $DIR_PLUGINS, $CONF;
@@ -5257,7 +6016,9 @@ selector();
$this->pagefoot();
}
-
+ /**
+ * @todo document this
+ */
function action_pluginadd() {
global $member, $manager, $DIR_PLUGINS;
@@ -5269,26 +6030,11 @@ selector();
if ($manager->pluginInstalled($name))
$this->error(_ERROR_DUPPLUGIN);
if (!checkPlugin($name))
- $this->error(_ERROR_PLUGFILEERROR . ' (' . $name . ')');
-
- // check if the plugin dependency is met
- $plugin =& $manager->getPlugin($name);
- $pluginList = $plugin->getPluginDep();
- foreach ($pluginList as $pluginName)
- {
-
- $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
- if (mysql_num_rows($res) == 0)
- {
- // uninstall plugin again...
- $this->deleteOnePlugin($plugin->getID());
-
- $this->error(_ERROR_INSREQPLUGIN . $pluginName);
- }
- }
+ $this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')');
// get number of currently installed plugins
- $numCurrent = mysql_num_rows(sql_query('SELECT * FROM '.sql_table('plugin')));
+ $res = sql_query('SELECT * FROM '.sql_table('plugin'));
+ $numCurrent = sql_num_rows($res);
// plugin will be added as last one in the list
$newOrder = $numCurrent + 1;
@@ -5301,21 +6047,21 @@ selector();
);
// do this before calling getPlugin (in case the plugin id is used there)
- $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.addslashes($name).'")';
+ $query = 'INSERT INTO '.sql_table('plugin').' (porder, pfile) VALUES ('.$newOrder.',"'.sql_real_escape_string($name).'")';
sql_query($query);
- $iPid = mysql_insert_id();
-
- // need to update the plugin object's pid since we didn't have it above when it's first create....
- $plugin->plugid = $iPid;
+ $iPid = sql_insert_id();
$manager->clearCachedInfo('installedPlugins');
- // call the install method of the plugin
+ // Load the plugin for condition checking and instalation
+ $plugin =& $manager->getPlugin($name);
+
+ // check if it got loaded (could have failed)
if (!$plugin)
{
sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid='. intval($iPid));
$manager->clearCachedInfo('installedPlugins');
- $this->error('Plugin could not be loaded, or does not support certain features that are required for it to run on your Nucleus installation (you might want to check the actionlog for more info)');
+ $this->error(_ERROR_PLUGIN_LOAD);
}
// check if plugin needs a newer Nucleus version
@@ -5325,7 +6071,7 @@ selector();
$this->deleteOnePlugin($plugin->getID());
// ...and show error
- $this->error(_ERROR_NUCLEUSVERSIONREQ . $plugin->getMinNucleusVersion());
+ $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion()));
}
// check if plugin needs a newer Nucleus version
@@ -5335,9 +6081,24 @@ selector();
$this->deleteOnePlugin($plugin->getID());
// ...and show error
- $this->error(_ERROR_NUCLEUSVERSIONREQ . $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel());
+ $this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars( $plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel() ) );
}
+ $pluginList = $plugin->getPluginDep();
+ foreach ($pluginList as $pluginName)
+ {
+
+ $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
+ if (sql_num_rows($res) == 0)
+ {
+ // uninstall plugin again...
+ $this->deleteOnePlugin($plugin->getID());
+
+ $this->error(sprintf(_ERROR_INSREQPLUGIN, htmlspecialchars($pluginName, ENT_QUOTES)));
+ }
+ }
+
+ // call the install method of the plugin
$plugin->install();
$manager->notify(
@@ -5351,8 +6112,11 @@ selector();
$this->action_pluginupdate();
}
+ /**
+ * @todo document this
+ */
function action_pluginupdate() {
- global $member, $manager;
+ global $member, $manager, $CONF;
// check if allowed
$member->isAdmin() or $this->disallow();
@@ -5362,20 +6126,24 @@ selector();
// loop over all installed plugins
$res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin'));
- while($o = mysql_fetch_object($res)) {
+ while($o = sql_fetch_object($res)) {
$pid = $o->pid;
$plug =& $manager->getPlugin($o->pfile);
if ($plug)
{
$eventList = $plug->getEventList();
foreach ($eventList as $eventName)
- sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.addslashes($eventName).'\')');
+ sql_query('INSERT INTO '.sql_table('plugin_event').' (pid, event) VALUES ('.$pid.', \''.sql_real_escape_string($eventName).'\')');
}
}
- $this->action_pluginlist();
+ redirect($CONF['AdminURL'] . '?action=pluginlist');
+// $this->action_pluginlist();
}
+ /**
+ * @todo document this
+ */
function action_plugindelete() {
global $member, $manager;
@@ -5399,11 +6167,15 @@ selector();
- pagefoot();
+ pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_plugindeleteconfirm() {
- global $member, $manager;
+ global $member, $manager, $CONF;
// check if allowed
$member->isAdmin() or $this->disallow();
@@ -5415,9 +6187,13 @@ selector();
$this->error($error);
}
- $this->action_pluginlist();
+ redirect($CONF['AdminURL'] . '?action=pluginlist');
+// $this->action_pluginlist();
}
+ /**
+ * @todo document this
+ */
function deleteOnePlugin($pid, $callUninstall = 0) {
global $manager;
@@ -5428,15 +6204,15 @@ selector();
$name = quickQuery('SELECT pfile as result FROM '.sql_table('plugin').' WHERE pid='.$pid);
- // call the unInstall method of the plugin
+/* // call the unInstall method of the plugin
if ($callUninstall) {
$plugin =& $manager->getPlugin($name);
if ($plugin) $plugin->unInstall();
- }
+ }*/
// check dependency before delete
$res = sql_query('SELECT pfile FROM '.sql_table('plugin'));
- while($o = mysql_fetch_object($res)) {
+ while($o = sql_fetch_object($res)) {
$plug =& $manager->getPlugin($o->pfile);
if ($plug)
{
@@ -5445,7 +6221,7 @@ selector();
{
if ($name == $depName)
{
- return _ERROR_DELREQPLUGIN . $o->pfile;
+ return sprintf(_ERROR_DELREQPLUGIN, $o->pfile);
}
}
}
@@ -5453,6 +6229,12 @@ selector();
$manager->notify('PreDeletePlugin', array('plugid' => $pid));
+ // call the unInstall method of the plugin
+ if ($callUninstall) {
+ $plugin =& $manager->getPlugin($name);
+ if ($plugin) $plugin->unInstall();
+ }
+
// delete all subscriptions
sql_query('DELETE FROM '.sql_table('plugin_event').' WHERE pid=' . $pid);
@@ -5460,7 +6242,7 @@ selector();
// get OIDs from plugin_option_desc
$res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid);
$aOIDs = array();
- while ($o = mysql_fetch_object($res)) {
+ while ($o = sql_fetch_object($res)) {
array_push($aOIDs, $o->oid);
}
@@ -5470,7 +6252,8 @@ selector();
sql_query('DELETE FROM '.sql_table('plugin_option').' WHERE oid in ('.implode(',',$aOIDs).')');
// update order numbers
- $o = mysql_fetch_object(sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid));
+ $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid=' . $pid);
+ $o = sql_fetch_object($res);
sql_query('UPDATE '.sql_table('plugin').' SET porder=(porder - 1) WHERE porder>'.$o->porder);
// delete row
@@ -5482,8 +6265,11 @@ selector();
return '';
}
+ /**
+ * @todo document this
+ */
function action_pluginup() {
- global $member, $manager;
+ global $member, $manager, $CONF;
// check if allowed
$member->isAdmin() or $this->disallow();
@@ -5494,7 +6280,8 @@ selector();
$this->error(_ERROR_NOSUCHPLUGIN);
// 1. get old order number
- $o = mysql_fetch_object(sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid));
+ $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);
+ $o = sql_fetch_object($res);
$oldOrder = $o->porder;
// 2. calculate new order number
@@ -5504,11 +6291,16 @@ selector();
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);
- $this->action_pluginlist();
+ //$this->action_pluginlist();
+ // To avoid showing ticket in the URL, redirect to pluginlist, instead.
+ redirect($CONF['AdminURL'] . '?action=pluginlist');
}
+ /**
+ * @todo document this
+ */
function action_plugindown() {
- global $member, $manager;
+ global $member, $manager, $CONF;
// check if allowed
$member->isAdmin() or $this->disallow();
@@ -5518,10 +6310,12 @@ selector();
$this->error(_ERROR_NOSUCHPLUGIN);
// 1. get old order number
- $o = mysql_fetch_object(sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid));
+ $res = sql_query('SELECT porder FROM '.sql_table('plugin').' WHERE pid='.$plugid);
+ $o = sql_fetch_object($res);
$oldOrder = $o->porder;
- $maxOrder = mysql_num_rows(sql_query('SELECT * FROM '.sql_table('plugin')));
+ $res = sql_query('SELECT * FROM '.sql_table('plugin'));
+ $maxOrder = sql_num_rows($res);
// 2. calculate new order number
$newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder;
@@ -5530,9 +6324,14 @@ selector();
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$oldOrder.' WHERE porder='.$newOrder);
sql_query('UPDATE '.sql_table('plugin').' SET porder='.$newOrder.' WHERE pid='.$plugid);
- $this->action_pluginlist();
+ //$this->action_pluginlist();
+ // To avoid showing ticket in the URL, redirect to pluginlist, instead.
+ redirect($CONF['AdminURL'] . '?action=pluginlist');
}
+ /**
+ * @todo document this
+ */
function action_pluginoptions($message = '') {
global $member, $manager;
@@ -5544,12 +6343,13 @@ selector();
$this->error(_ERROR_NOSUCHPLUGIN);
$extrahead = '';
+ $pluginName = htmlspecialchars(getPluginNameFromPid($pid), ENT_QUOTES);
$this->pagehead($extrahead);
?>
()
- Options for
+
@@ -5566,7 +6366,7 @@ selector();
$aOIDs = array();
$query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ' WHERE ocontext=\'global\' and opid=' . $pid . ' ORDER BY oid ASC';
$r = sql_query($query);
- while ($o = mysql_fetch_object($r)) {
+ while ($o = sql_fetch_object($r)) {
array_push($aOIDs, $o->oid);
$aOptions[$o->oid] = array(
'oid' => $o->oid,
@@ -5581,7 +6381,7 @@ selector();
// fill out actual values
if (count($aOIDs) > 0) {
$r = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE oid in ('.implode(',',$aOIDs).')');
- while ($o = mysql_fetch_object($r))
+ while ($o = sql_fetch_object($r))
$aOptions[$o->oid]['value'] = $o->ovalue;
}
@@ -5596,12 +6396,15 @@ selector();
?>
- pagefoot();
+ pagefoot();
}
+ /**
+ * @todo document this
+ */
function action_pluginoptionsupdate() {
global $member, $manager;
@@ -5621,23 +6424,24 @@ selector();
}
/**
- * @static
- */
+ * @static
+ * @todo document this
+ */
function _insertPluginOptions($context, $contextid = 0) {
// get all current values for this contextid
// (note: this might contain doubles for overlapping contextids)
$aIdToValue = array();
$res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));
- while ($o = mysql_fetch_object($res)) {
+ while ($o = sql_fetch_object($res)) {
$aIdToValue[$o->oid] = $o->ovalue;
}
// get list of oids per pid
$query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin')
- . ' WHERE opid=pid and ocontext=\''.addslashes($context).'\' ORDER BY porder, oid ASC';
+ . ' WHERE opid=pid and ocontext=\''.sql_real_escape_string($context).'\' ORDER BY porder, oid ASC';
$res = sql_query($query);
$aOptions = array();
- while ($o = mysql_fetch_object($res)) {
+ while ($o = sql_fetch_object($res)) {
if (in_array($o->oid, array_keys($aIdToValue)))
$value = $aIdToValue[$o->oid];
else
@@ -5667,906 +6471,54 @@ selector();
// new plugin?
if ($iPrevPid != $aOption['pid']) {
$iPrevPid = $aOption['pid'];
-
- echo ' Options for ', htmlspecialchars($aOption['pfile']),' ';
+ if (!defined('_PLUGIN_OPTIONS_TITLE')) {
+ define('_PLUGIN_OPTIONS_TITLE', 'Options for %s');
+ }
+ echo ''.sprintf(_PLUGIN_OPTIONS_TITLE, htmlspecialchars($aOption['pfile'], ENT_QUOTES)).' ';
+ }
+
+ $meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']);
+ if (@$meta['access'] != 'hidden') {
+ echo '';
+ listplug_plugOptionRow($aOption);
+ echo ' ';
}
-
- echo '';
- listplug_plugOptionRow($aOption);
- echo ' ';
-
}
-
-
}
- /* helper functions to create option forms etc. */
- function input_yesno($name, $checkedval,$tabindex = 0, $value1 = 1, $value2 = 0, $yesval = _YES, $noval = _NO) {
+ /**
+ * Helper functions to create option forms etc.
+ * @todo document parameters
+ */
+ function input_yesno($name, $checkedval,$tabindex = 0, $value1 = 1, $value2 = 0, $yesval = _YES, $noval = _NO, $isAdmin = 0) {
$id = htmlspecialchars($name);
$id = str_replace('[','-',$id);
$id = str_replace(']','-',$id);
$id1 = $id . htmlspecialchars($value1);
$id2 = $id . htmlspecialchars($value2);
- echo '' . $yesval . ' ';
echo ' ';
- echo '' . $noval . ' ';
}
-
-
} // class ADMIN
-class ENCAPSULATE {
- /**
- * Uses $call to call a function using parameters $params
- * This function should return the amount of entries shown.
- * When entries are show, batch operation handlers are shown too.
- * When no entries were shown, $errormsg is used to display an error
- *
- * Passes on the amount of results found (for further encapsulation)
- */
- function doEncapsulate($call, $params, $errorMessage = 'No entries') {
- // start output buffering
- ob_start();
-
- $nbOfRows = call_user_func_array($call, $params);
-
- // get list contents and stop buffering
- $list = ob_get_contents();
- ob_end_clean();
-
- if ($nbOfRows > 0) {
- $this->showHead();
- echo $list;
- $this->showFoot();
- } else {
- echo $errorMessage;
- }
-
- return $nbOfRows;
- }
-}
-
-
-/**
- * A class used to encapsulate a list of some sort inside next/prev buttons
- */
-class NAVLIST extends ENCAPSULATE {
-
- function NAVLIST($action, $start, $amount, $minamount, $maxamount, $blogid, $search, $itemid) {
- $this->action = $action;
- $this->start = $start;
- $this->amount = $amount;
- $this->minamount = $minamount;
- $this->maxamount = $maxamount;
- $this->blogid = $blogid;
- $this->search = $search;
- $this->itemid = $itemid;
- }
-
- function showBatchList($batchtype, $query, $type, $template, $errorMessage = _LISTS_NOMORE) {
- $batch =& new BATCH($batchtype);
-
- $this->doEncapsulate(
- array(&$batch, 'showlist'),
- array(&$query, $type, $template),
- $errorMessage
- );
-
- }
-
-
- function showHead() {
- $this->showNavigation();
- }
- function showFoot() {
- $this->showNavigation();
- }
-
- /**
- * Displays a next/prev bar for long tables
- */
- function showNavigation() {
- $action = $this->action;
- $start = $this->start;
- $amount = $this->amount;
- $minamount = $this->minamount;
- $maxamount = $this->maxamount;
- $blogid = $this->blogid;
- $search = $this->search;
- $itemid = $this->itemid;
-
- $prev = $start - $amount;
- if ($prev < $minamount) $prev=$minamount;
-
- // maxamount not used yet
- // if ($start + $amount <= $maxamount)
- $next = $start + $amount;
- // else
- // $next = $start;
-
- ?>
-
- type = $type;
- }
-
- function showHead() {
- ?>
-
- showOperationList();
- }
-
- function showFoot() {
- $this->showOperationList();
- ?>
-
-
-
-
-
- type) {
- case 'item':
- $options = array(
- 'delete' => _BATCH_ITEM_DELETE,
- 'move' => _BATCH_ITEM_MOVE
- );
- break;
- case 'member':
- $options = array(
- 'delete' => _BATCH_MEMBER_DELETE,
- 'setadmin' => _BATCH_MEMBER_SET_ADM,
- 'unsetadmin' => _BATCH_MEMBER_UNSET_ADM
- );
- break;
- case 'team':
- $options = array(
- 'delete' => _BATCH_TEAM_DELETE,
- 'setadmin' => _BATCH_TEAM_SET_ADM,
- 'unsetadmin' => _BATCH_TEAM_UNSET_ADM,
- );
- break;
- case 'category':
- $options = array(
- 'delete' => _BATCH_CAT_DELETE,
- 'move' => _BATCH_CAT_MOVE,
- );
- break;
- case 'comment':
- $options = array(
- 'delete' => _BATCH_COMMENT_DELETE,
- );
- break;
- }
- foreach ($options as $option => $label) {
- echo '',$label,' ';
- }
- ?>
-
-
- addTicketHidden();
-
- // add hidden fields for 'team' and 'comment' batchlists
- if ($this->type == 'team')
- {
- echo '
';
- }
- if ($this->type == 'comment')
- {
- echo '
';
- }
-
- echo '
';
- ?>(
-
-
-
- )
-
- doEncapsulate( 'showlist',
- array($query, $type, $template),
- $errorMessage
- );
- }
-
-}
-
-
-
-// can take either an array of objects, or an SQL query
-function showlist($query, $type, $template) {
-
- if (is_array($query)) {
- if (sizeof($query) == 0)
- return 0;
-
- call_user_func('listplug_' . $type, $template, 'HEAD');
-
- foreach ($query as $currentObj) {
- $template['current'] = $currentObj;
- call_user_func('listplug_' . $type, $template, 'BODY');
- }
-
- call_user_func('listplug_' . $type, $template, 'FOOT');
-
- return sizeof($query);
-
- } else {
- $res = sql_query($query);
-
- // don't do anything if there are no results
- $numrows = mysql_num_rows($res);
- if ($numrows == 0)
- return 0;
-
- call_user_func('listplug_' . $type, $template, 'HEAD');
-
- while($template['current'] = mysql_fetch_object($res))
- call_user_func('listplug_' . $type, $template, 'BODY');
-
- call_user_func('listplug_' . $type, $template, 'FOOT');
-
- mysql_free_result($res);
-
- // return amount of results
- return $numrows;
- }
-}
-
-function listplug_select($template, $type) {
- switch($type) {
- case 'HEAD':
- echo '';
-
- // add extra row if needed
- if ($template['extra']) {
- echo '',$template['extra'],' ';
- }
-
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo 'value)
- echo ' selected="selected" ';
- if ($template['shorten'] > 0) {
- echo ' title="'. htmlspecialchars($current->text).'"';
- $current->text = shorten($current->text, $template['shorten'], $template['shortenel']);
- }
- echo '>' . htmlspecialchars($current->text) . ' ';
- break;
- case 'FOOT':
- echo ' ';
- break;
- }
-}
-
-function listplug_table($template, $type) {
- switch($type) {
- case 'HEAD':
- echo "";
- echo "";
- // print head
- call_user_func("listplug_table_" . $template['content'] , $template, 'HEAD');
- echo " ";
- break;
- case 'BODY':
- // print tabletype specific thingies
- echo "";
- call_user_func("listplug_table_" . $template['content'] , $template, 'BODY');
- echo " ";
- break;
- case 'FOOT':
- call_user_func("listplug_table_" . $template['content'] , $template, 'FOOT');
- echo "
";
- break;
- }
-}
-
-function listplug_table_memberlist($template, $type) {
- switch($type) {
- case 'HEAD':
- echo '' . _LIST_MEMBER_NAME . ' ' . _LIST_MEMBER_RNAME . ' ' . _LIST_MEMBER_URL . ' ' . _LIST_MEMBER_ADMIN;
- help('superadmin');
- echo " " . _LIST_MEMBER_LOGIN;
- help('canlogin');
- echo " " . _LISTS_ACTIONS. " ";
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo '';
- $id = listplug_nextBatchId();
- echo ' ';
- echo '';
- echo "", htmlspecialchars($current->mname), " ";
- echo ' ';
- echo ' ';
- echo '', htmlspecialchars($current->mrealname), ' ';
- echo "$current->murl ";
- echo '', ($current->madmin ? _YES : _NO),' ';
- echo '', ($current->mcanlogin ? _YES : _NO), ' ';
- echo ""._LISTS_EDIT." ";
- echo ""._LISTS_DELETE." ";
- break;
- }
-}
-
-function listplug_table_teamlist($template, $type) {
- global $manager;
- switch($type) {
- case 'HEAD':
- echo ""._LIST_MEMBER_NAME." "._LIST_MEMBER_RNAME." "._LIST_TEAM_ADMIN;
- help('teamadmin');
- echo " "._LISTS_ACTIONS." ";
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo '';
- $id = listplug_nextBatchId();
- echo ' ';
- echo '';
- echo "", htmlspecialchars($current->mname), " ";
- echo ' ';
- echo ' ';
- echo '', htmlspecialchars($current->mrealname), ' ';
- echo '', ($current->tadmin ? _YES : _NO) , ' ';
- echo ""._LISTS_DELETE." ";
-
- $url = 'index.php?action=teamchangeadmin&memberid=' . intval($current->tmember) . '&blogid=' . intval($current->tblog);
- $url = $manager->addTicketToUrl($url);
- echo ""._LIST_TEAM_CHADMIN." ";
- break;
- }
-}
-
-function encode_desc(&$data)
- { //_$to_entities = get_html_translation_table(HTML_ENTITIES);
- $to_entities = get_html_translation_table(HTML_SPECIALCHARS);
- $from_entities = array_flip($to_entities);
- $data = str_replace(' ','\n',$data); //hack
- $data = strtr($data,$from_entities);
- $data = strtr($data,$to_entities);
- $data = str_replace('\n',' ',$data); //hack
- return $data;
- }
-
-function listplug_table_pluginlist($template, $type) {
- global $manager;
- switch($type) {
- case 'HEAD':
- echo ''._LISTS_INFO.' '._LISTS_DESC.' ';
- echo ''._LISTS_ACTIONS.' ';
- break;
- case 'BODY':
- $current = $template['current'];
-
- $plug =& $manager->getPlugin($current->pfile);
- if ($plug) {
- echo '';
- echo '' , htmlspecialchars($plug->getName()) , ' ';
- echo _LIST_PLUGS_AUTHOR, ' ' , htmlspecialchars($plug->getAuthor()) , ' ';
- echo _LIST_PLUGS_VER, ' ' , htmlspecialchars($plug->getVersion()) , ' ';
- if ($plug->getURL())
- echo '',_LIST_PLUGS_SITE,' ';
- echo ' ';
- echo '';
- echo _LIST_PLUGS_DESC .' '. encode_desc($plug->getDescription());
- if (sizeof($plug->getEventList()) > 0) {
- echo ' ',_LIST_PLUGS_SUBS,' ',htmlspecialchars(implode($plug->getEventList(),', '));
- // check the database to see if it is up-to-date and notice the user if not
- }
- if (!$plug->subscribtionListIsUptodate()) {
- echo '',_LIST_PLUG_SUBS_NEEDUPDATE,' ';
- }
- if (sizeof($plug->getPluginDep()) > 0)
- echo ' ',_LIST_PLUGS_DEP,' ',htmlspecialchars(implode($plug->getPluginDep(),', '));
- echo ' ';
- } else {
- echo 'Error: plugin file ',htmlspecialchars($current->pfile),'.php could not be loaded, or it has been set inactive because it does not support some features (check the actionlog for more info) ';
- }
- echo '';
-
- $baseUrl = 'index.php?plugid=' . intval($current->pid) . '&action=';
- $url = $manager->addTicketToUrl($baseUrl . 'pluginup');
- echo "",_LIST_PLUGS_UP," ";
- $url = $manager->addTicketToUrl($baseUrl . 'plugindown');
- echo "",_LIST_PLUGS_DOWN," ";
- echo "",_LIST_PLUGS_UNINSTALL," ";
- if ($plug && ($plug->hasAdminArea() > 0))
- echo "",_LIST_PLUGS_ADMIN," ";
- if ($plug && ($plug->supportsFeature('HelpPage') > 0))
- echo "",_LIST_PLUGS_HELP," ";
- if (quickQuery('SELECT COUNT(*) AS result FROM '.sql_table('plugin_option_desc').' WHERE ocontext=\'global\' and opid='.$current->pid) > 0)
- echo "",_LIST_PLUGS_OPTIONS," ";
- echo ' ';
- break;
- }
-}
-
-function listplug_table_plugoptionlist($template, $type) {
- global $manager;
- switch($type) {
- case 'HEAD':
- echo ''._LISTS_INFO.' '._LISTS_VALUE.' ';
- break;
- case 'BODY':
- $current = $template['current'];
- listplug_plugOptionRow($current);
- break;
- case 'FOOT':
- ?>
-
-
-
-
-
-
- ',htmlspecialchars($current['description']?$current['description']:$current['name']),'';
- echo '';
- switch($current['type']) {
- case 'yesno':
- ADMIN::input_yesno($varname, $current['value'], 0, 'yes', 'no');
- break;
- case 'password':
- echo ' ';
- break;
- case 'select':
- echo '';
- $aOptions = NucleusPlugin::getOptionSelectValues($current['typeinfo']);
- $aOptions = explode('|', $aOptions);
- for ($i=0; $i<(count($aOptions)-1); $i+=2) {
- echo ''.htmlspecialchars($aOptions[$i]).' ';
- }
- echo ' ';
- break;
- case 'textarea':
- //$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
- echo '',htmlspecialchars($current['value']),' ';
- break;
- case 'text':
- default:
- //$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
-
- echo ' ';
- }
- echo $current['extra'];
- echo ' ';
- }
-}
-
-function listplug_table_itemlist($template, $type) {
- switch($type) {
- case 'HEAD':
- echo ""._LIST_ITEM_INFO." "._LIST_ITEM_CONTENT." "._LISTS_ACTIONS." ";
- break;
- case 'BODY':
- $current = $template['current'];
- $current->itime = strtotime($current->itime); // string -> unix timestamp
-
- if ($current->idraft == 1)
- $cssclass = "class='draft'";
-
- // (can't use offset time since offsets might vary between blogs)
- if ($current->itime > $template['now'])
- $cssclass = "class='future'";
-
- echo "",_LIST_ITEM_BLOG,' ', htmlspecialchars($current->bshortname);
- echo " ",_LIST_ITEM_CAT,' ', htmlspecialchars($current->cname);
- echo " ",_LIST_ITEM_AUTHOR, ' ', htmlspecialchars($current->mname);
- echo " ",_LIST_ITEM_DATE," " . date("Y-m-d",$current->itime);
- echo " ",_LIST_ITEM_TIME," " . date("H:i",$current->itime);
- echo " ";
- echo "";
-
- $id = listplug_nextBatchId();
-
- echo ' ';
- echo '';
- echo "" . htmlspecialchars(strip_tags($current->ititle)) . " ";
- echo ' ';
- echo " ";
-
-
- $current->ibody = strip_tags($current->ibody);
- $current->ibody = htmlspecialchars(shorten($current->ibody,300,'...'));
-
- echo "$current->ibody ";
- echo "";
- echo ""._LISTS_EDIT." ";
- echo ""._LISTS_COMMENTS." ";
- echo ""._LISTS_MOVE." ";
- echo ""._LISTS_DELETE." ";
- echo " ";
- break;
- }
-}
-
-// for batch operations: generates the index numbers for checkboxes
-function listplug_nextBatchId() {
- static $id = 0;
- return $id++;
-}
-
-function listplug_table_commentlist($template, $type) {
- switch($type) {
- case 'HEAD':
- echo ""._LISTS_INFO." "._LIST_COMMENT." "._LISTS_ACTIONS." ";
- break;
- case 'BODY':
- $current = $template['current'];
- $current->ctime = strtotime($current->ctime); // string -> unix timestamp
-
- echo '';
- echo date("Y-m-d@H:i",$current->ctime);
- echo ' ';
- if ($current->mname)
- echo htmlspecialchars($current->mname) ,' ', _LIST_COMMENTS_MEMBER;
- else
- echo htmlspecialchars($current->cuser);
- echo ' ';
-
-
- $current->cbody = strip_tags($current->cbody);
- $current->cbody = htmlspecialchars(shorten($current->cbody, 300, '...'));
-
- echo '';
- $id = listplug_nextBatchId();
- echo ' ';
- echo '';
- echo $current->cbody;
- echo ' ';
- echo ' ';
-
- echo ""._LISTS_EDIT." ";
- echo ""._LISTS_DELETE." ";
- if ($template['canAddBan'])
- echo ""._LIST_COMMENT_BANIP." ";
- break;
- }
-}
-
-
-function listplug_table_bloglist($template, $type) {
- switch($type) {
- case 'HEAD':
- echo "" . _NAME . " " ._LISTS_ACTIONS. " ";
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo " " . htmlspecialchars($current->bname) . " ";
- echo "" . _BLOGLIST_ADD . " ";
- echo "". _BLOGLIST_EDIT." ";
- echo "". _BLOGLIST_COMMENTS." ";
- echo "". _BLOGLIST_BMLET . " ";
-
- if ($current->tadmin == 1) {
- echo "" ._BLOGLIST_SETTINGS. " ";
- echo "". _BLOGLIST_BANS." ";
- }
-
- if ($template['superadmin']) {
- echo "" ._BLOGLIST_DELETE. " ";
- }
-
-
-
- break;
- }
-}
-
-function listplug_table_shortblognames($template, $type) {
- switch($type) {
- case 'HEAD':
- echo "" . _NAME . " " . _NAME. " ";
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo '' , htmlspecialchars($current->bshortname) , ' ';
- echo '' , htmlspecialchars($current->bname) , ' ';
-
- break;
- }
-}
-
-function listplug_table_shortnames($template, $type) {
- switch($type) {
- case 'HEAD':
- echo "" . _NAME . " " . _LISTS_DESC. " ";
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo '' , htmlspecialchars($current->name) , ' ';
- echo '' , htmlspecialchars($current->description) , ' ';
-
- break;
- }
-}
-
-
-function listplug_table_categorylist($template, $type) {
- switch($type) {
- case 'HEAD':
- echo ""._LISTS_NAME." "._LISTS_DESC." "._LISTS_ACTIONS." ";
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo '';
- $id = listplug_nextBatchId();
- echo ' ';
- echo '';
- echo htmlspecialchars($current->cname);
- echo ' ';
- echo ' ';
-
- echo '', htmlspecialchars($current->cdesc), ' ';
- echo ""._LISTS_DELETE." ";
- echo ""._LISTS_EDIT." ";
-
- break;
- }
-}
-
-
-function listplug_table_templatelist($template, $type) {
- global $manager;
- switch($type) {
- case 'HEAD':
- echo ""._LISTS_NAME." "._LISTS_DESC." "._LISTS_ACTIONS." ";
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo "" , htmlspecialchars($current->tdname), " ";
- echo "" , htmlspecialchars($current->tddesc), " ";
- echo ""._LISTS_EDIT." ";
-
- $url = $manager->addTicketToUrl('index.php?action=templateclone&templateid=' . intval($current->tdnumber));
- echo ""._LISTS_CLONE." ";
- echo ""._LISTS_DELETE." ";
-
- break;
- }
-}
-
-function listplug_table_skinlist($template, $type) {
- global $CONF, $DIR_SKINS, $manager;
- switch($type) {
- case 'HEAD':
- echo ""._LISTS_NAME." "._LISTS_DESC." "._LISTS_ACTIONS." ";
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo '';
-
- // use a special style for the default skin
- if ($current->sdnumber == $CONF['BaseSkin']) {
- echo '',htmlspecialchars($current->sdname),' ';
- } else {
- echo htmlspecialchars($current->sdname);
- }
-
- echo ' ';
- echo _LISTS_TYPE ,': ' , htmlspecialchars($current->sdtype);
- echo ' ', _LIST_SKINS_INCMODE , ' ' , (($current->sdincmode=='skindir') ?_PARSER_INCMODE_SKINDIR:_PARSER_INCMODE_NORMAL);
- if ($current->sdincpref) echo ' ' , _LIST_SKINS_INCPREFIX , ' ', htmlspecialchars($current->sdincpref);
-
- // add preview image when present
- if ($current->sdincpref && @file_exists($DIR_SKINS . $current->sdincpref . 'preview.png'))
- {
- echo ' ';
-
- $hasEnlargement = @file_exists($DIR_SKINS . $current->sdincpref . 'preview-large.png');
- if ($hasEnlargement)
- echo '';
-
- echo ' ';
-
- if ($hasEnlargement)
- echo ' ';
-
- if (@file_exists($DIR_SKINS . $current->sdincpref . 'readme.html'))
- {
- echo 'Readme ';
- }
-
-
- }
-
- echo " ";
-
-
- echo "" , htmlspecialchars($current->sddesc);
- // show list of defined parts
- $r = sql_query('SELECT stype FROM '.sql_table('skin').' WHERE sdesc='.$current->sdnumber . ' ORDER BY stype');
- $types = array();
- while ($o = mysql_fetch_object($r))
- array_push($types,$o->stype);
- if (sizeof($types) > 0) {
- $friendlyNames = SKIN::getFriendlyNames();
- for ($i=0;$i' . helpHtml('skinpart'.$type) . ' ' . htmlspecialchars($friendlyNames[$type]) . " ";
- }
- echo ' ',_LIST_SKINS_DEFINED,' ';
- }
- echo " ";
- echo ""._LISTS_EDIT." ";
-
- $url = $manager->addTicketToUrl('index.php?action=skinclone&skinid=' . intval($current->sdnumber));
- echo ""._LISTS_CLONE." ";
- echo ""._LISTS_DELETE." ";
-
- break;
- }
-}
-
-function listplug_table_draftlist($template, $type) {
- switch($type) {
- case 'HEAD':
- echo ""._LISTS_BLOG." "._LISTS_TITLE." "._LISTS_ACTIONS." ";
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo '', htmlspecialchars($current->bshortname) , ' ';
- echo '', htmlspecialchars(strip_tags($current->ititle)) , ' ';
- echo ""._LISTS_EDIT." ";
- echo ""._LISTS_DELETE." ";
-
- break;
- }
-}
-
-
-function listplug_table_actionlist($template, $type) {
- switch($type) {
- case 'HEAD':
- echo ''._LISTS_TIME.' '._LIST_ACTION_MSG.' ';
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo '' , htmlspecialchars($current->timestamp), ' ';
- echo '' , htmlspecialchars($current->message), ' ';
-
- break;
- }
-}
-
-function listplug_table_banlist($template, $type) {
- switch($type) {
- case 'HEAD':
- echo ''._LIST_BAN_IPRANGE.' '. _LIST_BAN_REASON.' '._LISTS_ACTIONS.' ';
- break;
- case 'BODY':
- $current = $template['current'];
-
- echo '' , htmlspecialchars($current->iprange) , ' ';
- echo '' , htmlspecialchars($current->reason) , ' ';
- echo "",_LISTS_DELETE," ";
- break;
- }
-}
-
-/**
- * Returns the Javascript code for a bookmarklet that works on most modern browsers
- *
- * @param blogid
- */
-function getBookmarklet($blogid) {
- global $CONF;
-
- // normal
- $document = 'document';
- $bookmarkletline = "javascript:Q='';x=".$document.";y=window;if(x.selection){Q=x.selection.createRange().text;}else if(y.getSelection){Q=y.getSelection();}else if(x.getSelection){Q=x.getSelection();}wingm=window.open('";
- $bookmarkletline .= $CONF['AdminURL'] . "bookmarklet.php?blogid=$blogid";
- $bookmarkletline .="&logtext='+escape(Q)+'&loglink='+escape(x.location.href)+'&loglinktitle='+escape(x.title),'nucleusbm','scrollbars=yes,width=600,height=500,left=10,top=10,status=yes,resizable=yes');wingm.focus();";
-
- return $bookmarkletline;
-}
-
-
-?>
+?>
\ No newline at end of file