1
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 5
* Version 1.0.2 (Coblynau)
1
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
class template {
+ − 16
var $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list, $named_theme_list, $default_theme, $default_style, $plugin_blocks, $namespace_string, $style_list, $theme_loaded;
30
+ − 17
+ − 18
/**
+ − 19
* Set to true if the site is disabled and thus a message needs to be shown. This should ONLY be changed by common.php.
+ − 20
* @var bool
+ − 21
* @access private
+ − 22
*/
+ − 23
+ − 24
var $site_disabled = false;
+ − 25
53
+ − 26
/**
+ − 27
* One of the absolute best parts of Enano :-P
+ − 28
* @var string
+ − 29
*/
+ − 30
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
diff
changeset
+ − 31
var $fading_button = '';
53
+ − 32
1
+ − 33
function __construct()
+ − 34
{
+ − 35
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 36
dc_here('template: initializing all class variables');
+ − 37
$this->tpl_bool = Array();
+ − 38
$this->tpl_strings = Array();
+ − 39
$this->sidebar_extra = '';
+ − 40
$this->toolbar_menu = '';
+ − 41
$this->additional_headers = '';
+ − 42
$this->plugin_blocks = Array();
+ − 43
$this->theme_loaded = false;
+ − 44
201
+ − 45
$this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto 5px auto;">
87
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
diff
changeset
+ − 46
<a href="http://enanocms.org/" onclick="window.open(this.href); return false;"><img style="border-width: 0;" alt=" " src="'.scriptPath.'/images/about-powered-enano.png" onmouseover="domOpacity(this, 100, 0, 500);" onmouseout="domOpacity(this, 0, 100, 500);" /></a>
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
diff
changeset
+ − 47
</div>';
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
diff
changeset
+ − 48
1
+ − 49
$this->theme_list = Array();
+ − 50
$this->named_theme_list = Array();
+ − 51
$e = $db->sql_query('SELECT theme_id,theme_name,enabled,default_style FROM '.table_prefix.'themes WHERE enabled=1 ORDER BY theme_order;');
+ − 52
if(!$e) $db->_die('The list of themes could not be selected.');
+ − 53
for($i=0;$i < $db->numrows(); $i++)
+ − 54
{
+ − 55
$this->theme_list[$i] = $db->fetchrow();
+ − 56
$this->named_theme_list[$this->theme_list[$i]['theme_id']] = $this->theme_list[$i];
+ − 57
}
+ − 58
$db->free_result();
+ − 59
$this->default_theme = $this->theme_list[0]['theme_id'];
+ − 60
$dir = ENANO_ROOT.'/themes/'.$this->default_theme.'/css/';
+ − 61
$list = Array();
+ − 62
// Open a known directory, and proceed to read its contents
+ − 63
if (is_dir($dir)) {
+ − 64
if ($dh = opendir($dir)) {
+ − 65
while (($file = readdir($dh)) !== false) {
+ − 66
if(preg_match('#^(.*?)\.css$#i', $file) && $file != '_printable.css') {
+ − 67
$list[] = substr($file, 0, strlen($file)-4);
+ − 68
}
+ − 69
}
+ − 70
closedir($dh);
+ − 71
}
+ − 72
}
+ − 73
+ − 74
$def = ENANO_ROOT.'/themes/'.$this->default_theme.'/css/'.$this->named_theme_list[$this->default_theme]['default_style'];
+ − 75
if(file_exists($def))
+ − 76
{
+ − 77
$this->default_style = substr($this->named_theme_list[$this->default_theme]['default_style'], 0, strlen($this->named_theme_list[$this->default_theme]['default_style'])-4);
+ − 78
} else {
+ − 79
$this->default_style = $list[0];
+ − 80
}
+ − 81
+ − 82
$this->style_list = $list;
+ − 83
+ − 84
}
+ − 85
function template()
+ − 86
{
+ − 87
$this->__construct();
+ − 88
}
+ − 89
function sidebar_widget($t, $h)
+ − 90
{
+ − 91
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 92
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 93
{
+ − 94
$this->load_theme($session->theme, $session->style);
+ − 95
}
+ − 96
if(!$this->sidebar_widgets)
+ − 97
$this->sidebar_widgets = '';
+ − 98
$tplvars = $this->extract_vars('elements.tpl');
+ − 99
$parser = $this->makeParserText($tplvars['sidebar_section_raw']);
+ − 100
$parser->assign_vars(Array('TITLE'=>$t,'CONTENT'=>$h));
+ − 101
$this->plugin_blocks[$t] = $h;
+ − 102
$this->sidebar_widgets .= $parser->run();
+ − 103
}
+ − 104
function add_header($html)
+ − 105
{
+ − 106
$this->additional_headers .= "\n" . $html;
+ − 107
}
+ − 108
function get_css($s = false)
+ − 109
{
+ − 110
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 111
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 112
$this->load_theme($session->theme, $session->style);
+ − 113
$path = ( $s ) ? 'css/'.$s : 'css/'.$this->style.'.css';
+ − 114
if ( !file_exists(ENANO_ROOT . '/themes/' . $this->theme . '/' . $path) )
+ − 115
{
+ − 116
echo "/* WARNING: Falling back to default file because file $path does not exist */\n";
+ − 117
$path = 'css/' . $this->style_list[0] . '.css';
+ − 118
}
+ − 119
return $this->process_template($path);
+ − 120
}
+ − 121
function load_theme($name = false, $css = false)
+ − 122
{
+ − 123
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 124
$this->theme = ( $name ) ? $name : $session->theme;
+ − 125
$this->style = ( $css ) ? $css : $session->style;
+ − 126
if ( !$this->theme )
+ − 127
{
+ − 128
$this->theme = $this->theme_list[0]['theme_id'];
+ − 129
$this->style = substr($this->theme_list[0]['default_style'], 0, strlen($this->theme_list[0]['default_style'])-4);
+ − 130
}
+ − 131
$this->theme_loaded = true;
+ − 132
}
+ − 133
+ − 134
function init_vars()
+ − 135
{
+ − 136
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 137
global $email;
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 138
global $lang;
1
+ − 139
+ − 140
dc_here("template: initializing all variables");
+ − 141
+ − 142
if(!$this->theme || !$this->style)
+ − 143
{
+ − 144
$this->load_theme();
+ − 145
}
+ − 146
+ − 147
if(defined('ENANO_TEMPLATE_LOADED'))
+ − 148
{
+ − 149
dc_here('template: access denied to call template::init_vars(), bailing out');
+ − 150
die_semicritical('Illegal call', '<p>$template->load_theme was called multiple times, this is not supposed to happen. Exiting with fatal error.</p>');
+ − 151
}
+ − 152
+ − 153
define('ENANO_TEMPLATE_LOADED', '');
+ − 154
+ − 155
$tplvars = $this->extract_vars('elements.tpl');
+ − 156
+ − 157
dc_here('template: setting all template vars');
+ − 158
+ − 159
if(isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE'))
+ − 160
{
+ − 161
$this->add_header('
+ − 162
<!--[if lt IE 7]>
+ − 163
<script language="JavaScript">
+ − 164
function correctPNG() // correctly handle PNG transparency in Win IE 5.5 & 6.
+ − 165
{
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 166
var arVersion = navigator.appVersion.split("MSIE");
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 167
var version = parseFloat(arVersion[1]);
1
+ − 168
if (version >= 5.5 && typeof(document.body.filters) == "object")
+ − 169
{
+ − 170
for(var i=0; i<document.images.length; i++)
+ − 171
{
+ − 172
var img = document.images[i];
+ − 173
continue;
+ − 174
var imgName = img.src.toUpperCase();
+ − 175
if (imgName.substring(imgName.length-3, imgName.length) == "PNG")
+ − 176
{
+ − 177
var imgID = (img.id) ? "id=\'" + img.id + "\' " : "";
+ − 178
var imgClass = (img.className) ? "class=\'" + img.className + "\' " : "";
+ − 179
var imgTitle = (img.title) ? "title=\'" + img.title + "\' " : "title=\'" + img.alt + "\' ";
+ − 180
var imgStyle = "display:inline-block;" + img.style.cssText;
+ − 181
if (img.align == "left") imgStyle = "float:left;" + imgStyle;
+ − 182
if (img.align == "right") imgStyle = "float:right;" + imgStyle;
+ − 183
if (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle;
+ − 184
var strNewHTML = "<span " + imgID + imgClass + imgTitle + " style=\\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";" + "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader" + "(src=\\\'" + img.src + "\\\', sizingMethod=\'scale\');\\"></span>";
+ − 185
img.outerHTML = strNewHTML;
+ − 186
i = i-1;
+ − 187
}
+ − 188
}
+ − 189
}
+ − 190
}
+ − 191
window.attachEvent("onload", correctPNG);
+ − 192
</script>
+ − 193
<![endif]-->
+ − 194
');
+ − 195
}
+ − 196
+ − 197
// Get the "article" button text (depends on namespace)
+ − 198
switch($paths->namespace) {
+ − 199
case "Article":
+ − 200
default:
+ − 201
$ns = 'article';
+ − 202
break;
+ − 203
case "Admin":
+ − 204
$ns = 'administration page';
+ − 205
break;
+ − 206
case "System":
+ − 207
$ns = 'system message';
+ − 208
break;
+ − 209
case "File":
+ − 210
$ns = 'uploaded file';
+ − 211
break;
+ − 212
case "Help":
+ − 213
$ns = 'documentation page';
+ − 214
break;
+ − 215
case "User":
+ − 216
$ns = 'user page';
+ − 217
break;
+ − 218
case "Special":
+ − 219
$ns = 'special page';
+ − 220
break;
+ − 221
case "Template":
+ − 222
$ns = 'template';
+ − 223
break;
+ − 224
case "Project":
+ − 225
$ns = 'project page';
+ − 226
break;
+ − 227
case "Category":
+ − 228
$ns = 'category';
+ − 229
break;
+ − 230
}
+ − 231
$this->namespace_string = $ns;
+ − 232
$code = $plugins->setHook('page_type_string_set');
+ − 233
foreach ( $code as $cmd )
+ − 234
{
+ − 235
eval($cmd);
+ − 236
}
+ − 237
$ns =& $this->namespace_string;
+ − 238
+ − 239
// Initialize the toolbar
+ − 240
$tb = '';
+ − 241
+ − 242
// Create "xx page" button
+ − 243
+ − 244
$btn_selected = ( isset($tplvars['toolbar_button_selected'])) ? $tplvars['toolbar_button_selected'] : $tplvars['toolbar_button'];
+ − 245
$parser = $this->makeParserText($btn_selected);
+ − 246
+ − 247
$parser->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 248
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxReset()); return false; }" title="View the page contents, all of the page contents, and nothing but the page contents (alt-a)" accesskey="a"',
1
+ − 249
'PARENTFLAGS' => 'id="mdgToolbar_article"',
+ − 250
'HREF' => makeUrl($paths->page, null, true),
+ − 251
'TEXT' => $this->namespace_string
+ − 252
));
+ − 253
+ − 254
$tb .= $parser->run();
+ − 255
+ − 256
$button = $this->makeParserText($tplvars['toolbar_button']);
+ − 257
+ − 258
// Page toolbar
+ − 259
// Comments button
+ − 260
if ( $session->get_permissions('read') && getConfig('enable_comments')=='1' && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $paths->cpage['comments_on'] == 1 )
+ − 261
{
+ − 262
+ − 263
$e = $db->sql_query('SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\';');
+ − 264
if ( !$e )
+ − 265
{
+ − 266
$db->_die();
+ − 267
}
+ − 268
$nc = $db->numrows();
+ − 269
$nu = 0;
+ − 270
$na = 0;
+ − 271
+ − 272
while ( $r = $db->fetchrow() )
+ − 273
{
+ − 274
if ( !$r['approved'] )
+ − 275
{
+ − 276
$nu++;
+ − 277
}
+ − 278
else
+ − 279
{
+ − 280
$na++;
+ − 281
}
+ − 282
}
+ − 283
+ − 284
$db->free_result();
+ − 285
$n = ( $session->get_permissions('mod_comments') ) ? (string)$nc : (string)$na;
+ − 286
if ( $session->get_permissions('mod_comments') && $nu > 0 )
+ − 287
{
+ − 288
$n .= ' total/'.$nu.' unapp.';
+ − 289
}
+ − 290
+ − 291
$button->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 292
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxComments()); return false; }" title="View the comments that other users have posted about this page (alt-c)" accesskey="c"',
1
+ − 293
'PARENTFLAGS' => 'id="mdgToolbar_discussion"',
+ − 294
'HREF' => makeUrl($paths->page, 'do=comments', true),
+ − 295
'TEXT' => 'discussion ('.$n.')',
+ − 296
));
+ − 297
+ − 298
$tb .= $button->run();
+ − 299
}
+ − 300
// Edit button
+ − 301
if($session->get_permissions('read') && ($paths->namespace != 'Special' && $paths->namespace != 'Admin') && ( $session->get_permissions('edit_page') && ( ( $paths->page_protected && $session->get_permissions('even_when_protected') ) || !$paths->page_protected ) ) )
+ − 302
{
+ − 303
$button->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 304
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxEditor()); return false; }" title="Edit the contents of this page (alt-e)" accesskey="e"',
1
+ − 305
'PARENTFLAGS' => 'id="mdgToolbar_edit"',
+ − 306
'HREF' => makeUrl($paths->page, 'do=edit', true),
+ − 307
'TEXT' => 'edit this page'
+ − 308
));
+ − 309
$tb .= $button->run();
+ − 310
// View source button
+ − 311
}
+ − 312
else if($session->get_permissions('view_source') && ( !$session->get_permissions('edit_page') || !$session->get_permissions('even_when_protected') && $paths->page_protected ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin')
+ − 313
{
+ − 314
$button->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 315
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxViewSource()); return false; }" title="View the source code (wiki markup) that this page uses (alt-e)" accesskey="e"',
1
+ − 316
'PARENTFLAGS' => 'id="mdgToolbar_edit"',
+ − 317
'HREF' => makeUrl($paths->page, 'do=viewsource', true),
+ − 318
'TEXT' => 'view source'
+ − 319
));
+ − 320
$tb .= $button->run();
+ − 321
}
+ − 322
// History button
+ − 323
if ( $session->get_permissions('read') /* && $paths->wiki_mode */ && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('history_view') )
+ − 324
{
+ − 325
$button->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 326
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxHistory()); return false; }" title="View a log of actions taken on this page (alt-h)" accesskey="h"',
1
+ − 327
'PARENTFLAGS' => 'id="mdgToolbar_history"',
+ − 328
'HREF' => makeUrl($paths->page, 'do=history', true),
+ − 329
'TEXT' => 'history'
+ − 330
));
+ − 331
$tb .= $button->run();
+ − 332
}
+ − 333
+ − 334
$menubtn = $this->makeParserText($tplvars['toolbar_menu_button']);
+ − 335
+ − 336
// Additional actions menu
+ − 337
// Rename button
+ − 338
if ( $session->get_permissions('read') && $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 339
{
+ − 340
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 341
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxRename()); return false; }" title="Change the display name of this page (alt-r)" accesskey="r"',
1
+ − 342
'HREF' => makeUrl($paths->page, 'do=rename', true),
+ − 343
'TEXT' => 'rename',
+ − 344
));
+ − 345
$this->toolbar_menu .= $menubtn->run();
+ − 346
}
+ − 347
+ − 348
// Vote-to-delete button
+ − 349
if ( $paths->wiki_mode && $session->get_permissions('vote_delete') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin')
+ − 350
{
+ − 351
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 352
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDelVote()); return false; }" title="Vote to have this page deleted (alt-d)" accesskey="d"',
1
+ − 353
'HREF' => makeUrl($paths->page, 'do=delvote', true),
+ − 354
'TEXT' => 'vote to delete this page',
+ − 355
));
+ − 356
$this->toolbar_menu .= $menubtn->run();
+ − 357
}
+ − 358
+ − 359
// Clear-votes button
+ − 360
if ( $session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0)
+ − 361
{
+ − 362
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 363
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxResetDelVotes()); return false; }" title="Vote to have this page deleted (alt-y)" accesskey="y"',
1
+ − 364
'HREF' => makeUrl($paths->page, 'do=resetvotes', true),
+ − 365
'TEXT' => 'reset deletion votes',
+ − 366
));
+ − 367
$this->toolbar_menu .= $menubtn->run();
+ − 368
}
+ − 369
+ − 370
// Printable page button
+ − 371
if ( $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 372
{
+ − 373
$menubtn->assign_vars(array(
+ − 374
'FLAGS' => 'title="View a version of this page that is suitable for printing"',
+ − 375
'HREF' => makeUrl($paths->page, 'printable=yes', true),
+ − 376
'TEXT' => 'view printable version',
+ − 377
));
+ − 378
$this->toolbar_menu .= $menubtn->run();
+ − 379
}
+ − 380
+ − 381
// Protect button
+ − 382
if($session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('protect'))
+ − 383
{
+ − 384
+ − 385
$label = $this->makeParserText($tplvars['toolbar_label']);
+ − 386
$label->assign_vars(array('TEXT' => 'protection:'));
+ − 387
$t0 = $label->run();
+ − 388
+ − 389
$ctmp = '';
+ − 390
if ( $paths->cpage['protected'] == 1 )
+ − 391
{
+ − 392
$ctmp=' style="text-decoration: underline;"';
+ − 393
}
+ − 394
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 395
'FLAGS' => 'accesskey="i" onclick="if ( !KILL_SWITCH ) { ajaxProtect(1); return false; }" id="protbtn_1" title="Prevents all non-administrators from editing this page. [alt-i]"'.$ctmp,
1
+ − 396
'HREF' => makeUrl($paths->page, 'do=protect&level=1', true),
+ − 397
'TEXT' => 'on'
+ − 398
));
+ − 399
$t1 = $menubtn->run();
+ − 400
+ − 401
$ctmp = '';
+ − 402
if ( $paths->cpage['protected'] == 0 )
+ − 403
{
+ − 404
$ctmp=' style="text-decoration: underline;"';
+ − 405
}
+ − 406
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 407
'FLAGS' => 'accesskey="o" onclick="if ( !KILL_SWITCH ) { ajaxProtect(0); return false; }" id="protbtn_0" title="Allows everyone to edit this page. [alt-o]"'.$ctmp,
1
+ − 408
'HREF' => makeUrl($paths->page, 'do=protect&level=0', true),
+ − 409
'TEXT' => 'off'
+ − 410
));
+ − 411
$t2 = $menubtn->run();
+ − 412
+ − 413
$ctmp = '';
+ − 414
if ( $paths->cpage['protected'] == 2 )
+ − 415
{
+ − 416
$ctmp = ' style="text-decoration: underline;"';
+ − 417
}
+ − 418
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 419
'FLAGS' => 'accesskey="p" onclick="if ( !KILL_SWITCH ) { ajaxProtect(2); return false; }" id="protbtn_2" title="Allows only users who have been registered for 4 days to edit this page. [alt-p]"'.$ctmp,
1
+ − 420
'HREF' => makeUrl($paths->page, 'do=protect&level=2', true),
+ − 421
'TEXT' => 'semi'
+ − 422
));
+ − 423
$t3 = $menubtn->run();
+ − 424
+ − 425
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0">
+ − 426
<tr>
+ − 427
<td>'.$t0.'</td>
+ − 428
<td>'.$t1.'</td>
+ − 429
<td>'.$t2.'</td>
+ − 430
<td>'.$t3.'</td>
+ − 431
</tr>
+ − 432
</table>';
+ − 433
}
+ − 434
+ − 435
// Wiki mode button
+ − 436
if($session->get_permissions('read') && $paths->page_exists && $session->get_permissions('set_wiki_mode') && $paths->namespace != 'Special' && $paths->namespace != 'Admin')
+ − 437
{
+ − 438
// label at start
+ − 439
$label = $this->makeParserText($tplvars['toolbar_label']);
+ − 440
$label->assign_vars(array('TEXT' => 'page wiki mode:'));
+ − 441
$t0 = $label->run();
+ − 442
+ − 443
// on button
+ − 444
$ctmp = '';
+ − 445
if ( $paths->cpage['wiki_mode'] == 1 )
+ − 446
{
+ − 447
$ctmp = ' style="text-decoration: underline;"';
+ − 448
}
+ − 449
$menubtn->assign_vars(array(
102
+ − 450
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(1); return false; }" id="wikibtn_1" title="Forces wiki functions to be allowed on this page."'. */ $ctmp,
1
+ − 451
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=1', true),
+ − 452
'TEXT' => 'on'
+ − 453
));
+ − 454
$t1 = $menubtn->run();
+ − 455
+ − 456
// off button
+ − 457
$ctmp = '';
+ − 458
if ( $paths->cpage['wiki_mode'] == 0 )
+ − 459
{
+ − 460
$ctmp=' style="text-decoration: underline;"';
+ − 461
}
+ − 462
$menubtn->assign_vars(array(
102
+ − 463
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(0); return false; }" id="wikibtn_0" title="Forces wiki functions to be disabled on this page."'. */ $ctmp,
1
+ − 464
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=0', true),
+ − 465
'TEXT' => 'off'
+ − 466
));
+ − 467
$t2 = $menubtn->run();
+ − 468
+ − 469
// global button
+ − 470
$ctmp = '';
+ − 471
if ( $paths->cpage['wiki_mode'] == 2 )
+ − 472
{
+ − 473
$ctmp=' style="text-decoration: underline;"';
+ − 474
}
+ − 475
$menubtn->assign_vars(array(
102
+ − 476
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(2); return false; }" id="wikibtn_2" title="Causes this page to use the global wiki mode setting (default)"'. */ $ctmp,
1
+ − 477
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=2', true),
+ − 478
'TEXT' => 'global'
+ − 479
));
+ − 480
$t3 = $menubtn->run();
+ − 481
+ − 482
// Tack it onto the list of buttons that are already there...
+ − 483
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0">
+ − 484
<tr>
+ − 485
<td>'.$t0.'</td>
+ − 486
<td>'.$t1.'</td>
+ − 487
<td>'.$t2.'</td>
+ − 488
<td>'.$t3.'</td>
+ − 489
</tr>
+ − 490
</table>';
+ − 491
}
+ − 492
+ − 493
// Clear logs button
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 494
if ( $session->get_permissions('read') && $session->get_permissions('clear_logs') && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
1
+ − 495
{
+ − 496
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 497
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxClearLogs()); return false; }" title="Remove all edit and action logs for this page from the database. IRREVERSIBLE! (alt-l)" accesskey="l"',
1
+ − 498
'HREF' => makeUrl($paths->page, 'do=flushlogs', true),
+ − 499
'TEXT' => 'clear page logs',
+ − 500
));
+ − 501
$this->toolbar_menu .= $menubtn->run();
+ − 502
}
+ − 503
+ − 504
// Delete page button
+ − 505
if ( $session->get_permissions('read') && $session->get_permissions('delete_page') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 506
{
+ − 507
$s = 'delete this page';
+ − 508
if ( $paths->cpage['delvotes'] == 1 )
+ − 509
{
+ − 510
$s .= ' (<b>'.$paths->cpage['delvotes'].'</b> vote)';
+ − 511
}
+ − 512
else if ( $paths->cpage['delvotes'] > 1 )
+ − 513
{
+ − 514
$s .= ' (<b>'.$paths->cpage['delvotes'].'</b> votes)';
+ − 515
}
+ − 516
+ − 517
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 518
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDeletePage()); return false; }" title="Delete this page. This is always reversible unless the logs are cleared. (alt-k)" accesskey="k"',
1
+ − 519
'HREF' => makeUrl($paths->page, 'do=deletepage', true),
+ − 520
'TEXT' => $s,
+ − 521
));
+ − 522
$this->toolbar_menu .= $menubtn->run();
+ − 523
+ − 524
}
+ − 525
+ − 526
// Password-protect button
+ − 527
if(isset($paths->cpage['password']))
+ − 528
{
+ − 529
if ( $paths->cpage['password'] == '' )
+ − 530
{
+ − 531
$a = $session->get_permissions('password_set');
+ − 532
}
+ − 533
else
+ − 534
{
+ − 535
$a = $session->get_permissions('password_reset');
+ − 536
}
+ − 537
}
+ − 538
else
+ − 539
{
+ − 540
$a = $session->get_permissions('password_set');
+ − 541
}
+ − 542
if ( $a && $session->get_permissions('read') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 543
{
+ − 544
// label at start
+ − 545
$label = $this->makeParserText($tplvars['toolbar_label']);
13
fdd6b9dd42c3
Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php
Dan
diff
changeset
+ − 546
$label->assign_vars(array('TEXT' => 'page password:'));
1
+ − 547
$t0 = $label->run();
+ − 548
+ − 549
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 550
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxSetPassword()); return false; }" title="Require a password in order for this page to be viewed"',
1
+ − 551
'HREF' => '#',
+ − 552
'TEXT' => 'set',
+ − 553
));
+ − 554
$t = $menubtn->run();
+ − 555
+ − 556
$this->toolbar_menu .= '<table border="0" cellspacing="0" cellpadding="0"><tr><td>'.$t0.'</td><td><input type="password" id="mdgPassSetField" size="10" /></td><td>'.$t.'</td></tr></table>';
+ − 557
}
+ − 558
+ − 559
// Manage ACLs button
+ − 560
if($session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN)
+ − 561
{
+ − 562
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 563
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { return ajaxOpenACLManager(); }" title="Manage who can do what with this page (alt-m)" accesskey="m"',
1
+ − 564
'HREF' => makeUrl($paths->page, 'do=aclmanager', true),
+ − 565
'TEXT' => 'manage page access',
+ − 566
));
+ − 567
$this->toolbar_menu .= $menubtn->run();
+ − 568
}
+ − 569
+ − 570
// Administer page button
+ − 571
if ( $session->user_level >= USER_LEVEL_ADMIN && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 572
{
+ − 573
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 574
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxAdminPage()); return false; }" title="Administrative options for this page" accesskey="g"',
1
+ − 575
'HREF' => makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'PageManager', true),
+ − 576
'TEXT' => 'administrative options',
+ − 577
));
+ − 578
$this->toolbar_menu .= $menubtn->run();
+ − 579
}
+ − 580
+ − 581
if ( strlen($this->toolbar_menu) > 0 )
+ − 582
{
+ − 583
$button->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 584
'FLAGS' => 'id="mdgToolbar_moreoptions" onclick="if ( !KILL_SWITCH ) { return false; }" title="Additional options for working with this page"',
1
+ − 585
'PARENTFLAGS' => '',
+ − 586
'HREF' => makeUrl($paths->page, 'do=moreoptions', true),
+ − 587
'TEXT' => 'more options'
+ − 588
));
+ − 589
$tb .= $button->run();
+ − 590
}
+ − 591
+ − 592
$is_opera = (isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'Opera')) ? true : false;
+ − 593
+ − 594
$this->tpl_bool = Array(
+ − 595
'auth_admin'=>$session->user_level >= USER_LEVEL_ADMIN ? true : false,
+ − 596
'user_logged_in'=>$session->user_logged_in,
+ − 597
'opera'=>$is_opera,
+ − 598
);
+ − 599
+ − 600
if($session->sid_super) { $ash = '&auth='.$session->sid_super; $asq = "?auth=".$session->sid_super; $asa = "&auth=".$session->sid_super; $as2 = htmlspecialchars(urlSeparator).'auth='.$session->sid_super; }
+ − 601
else { $asq=''; $asa=''; $as2 = ''; $ash = ''; }
+ − 602
+ − 603
$code = $plugins->setHook('compile_template');
+ − 604
foreach ( $code as $cmd )
+ − 605
{
+ − 606
eval($cmd);
+ − 607
}
+ − 608
+ − 609
// Some additional sidebar processing
+ − 610
if($this->sidebar_extra != '') {
+ − 611
$se = $this->sidebar_extra;
+ − 612
$parser = $this->makeParserText($tplvars['sidebar_section_raw']);
+ − 613
$parser->assign_vars(Array('TITLE'=>'Links','CONTENT'=>$se));
+ − 614
$this->sidebar_extra = $parser->run();
+ − 615
}
+ − 616
+ − 617
$this->sidebar_extra = $this->sidebar_extra.$this->sidebar_widgets;
+ − 618
+ − 619
$this->tpl_bool['fixed_menus'] = false;
+ − 620
/* if($this->sidebar_extra == '') $this->tpl_bool['right_sidebar'] = false;
+ − 621
else */ $this->tpl_bool['right_sidebar'] = true;
+ − 622
+ − 623
$this->tpl_bool['auth_rename'] = ( $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin');
+ − 624
+ − 625
$this->tpl_bool['enable_uploads'] = ( getConfig('enable_uploads') == '1' && $session->get_permissions('upload_files') ) ? true : false;
+ − 626
+ − 627
$this->tpl_bool['stupid_mode'] = false;
+ − 628
163
+ − 629
$this->tpl_bool['in_admin'] = ( ( $paths->cpage['urlname_nons'] == 'Administration' && $paths->namespace == 'Special' ) || $paths->namespace == 'Admin' );
1
+ − 630
+ − 631
$p = ( isset($_GET['printable']) ) ? '/printable' : '';
+ − 632
+ − 633
// Add the e-mail address client code to the header
+ − 634
$this->add_header($email->jscode());
+ − 635
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 636
// Add language file
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 637
$lang_uri = makeUrlNS('Special', 'LangExportJSON/' . $lang->lang_id, false, true);
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 638
$this->add_header("<script type=\"text/javascript\" src=\"$lang_uri\"></script>");
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 639
1
+ − 640
// Generate the code for the Log out and Change theme sidebar buttons
+ − 641
// Once again, the new template parsing system can be used here
+ − 642
+ − 643
$parser = $this->makeParserText($tplvars['sidebar_button']);
+ − 644
+ − 645
$parser->assign_vars(Array(
+ − 646
'HREF'=>makeUrlNS('Special', 'Logout'),
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 647
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"',
1
+ − 648
'TEXT'=>'Log out',
+ − 649
));
+ − 650
+ − 651
$logout_link = $parser->run();
+ − 652
+ − 653
$parser->assign_vars(Array(
+ − 654
'HREF'=>makeUrlNS('Special', 'Login/' . $paths->page),
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 655
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxStartLogin(); return false; }"',
1
+ − 656
'TEXT'=>'Log in',
+ − 657
));
+ − 658
+ − 659
$login_link = $parser->run();
+ − 660
+ − 661
$parser->assign_vars(Array(
+ − 662
'HREF'=>makeUrlNS('Special', 'ChangeStyle/'.$paths->page),
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 663
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxChangeStyle(); return false; }"',
1
+ − 664
'TEXT'=>'Change theme',
+ − 665
));
+ − 666
+ − 667
$theme_link = $parser->run();
+ − 668
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 669
$parser->assign_vars(Array(
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 670
'HREF'=>makeUrlNS('Special', 'Administration'),
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 671
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { void(ajaxStartAdminLogin()); return false; }"',
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 672
'TEXT'=>'Administration',
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 673
));
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 674
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 675
$admin_link = $parser->run();
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 676
1
+ − 677
$SID = ($session->sid_super) ? $session->sid_super : '';
+ − 678
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 679
$urlname_clean = str_replace('\'', '\\\'', str_replace('\\', '\\\\', dirtify_page_id($paths->fullpage)));
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 680
$urlname_clean = strtr( $urlname_clean, array( '<' => '<', '>' => '>' ) );
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 681
22
+ − 682
$urlname_jssafe = sanitize_page_id($paths->fullpage);
+ − 683
1
+ − 684
// Generate the dynamic javascript vars
+ − 685
$js_dynamic = ' <script type="text/javascript">// <![CDATA[
+ − 686
// This section defines some basic and very important variables that are used later in the static Javascript library.
+ − 687
// SKIN DEVELOPERS: The template variable for this code block is {JS_DYNAMIC_VARS}. This MUST be inserted BEFORE the tag that links to the main Javascript lib.
22
+ − 688
var title=\''. $urlname_jssafe .'\';
1
+ − 689
var page_exists='. ( ( $paths->page_exists) ? 'true' : 'false' ) .';
+ − 690
var scriptPath=\''. scriptPath .'\';
+ − 691
var contentPath=\''.contentPath.'\';
+ − 692
var ENANO_SID =\'' . $SID . '\';
+ − 693
var auth_level=' . $session->auth_level . ';
+ − 694
var USER_LEVEL_GUEST = ' . USER_LEVEL_GUEST . ';
+ − 695
var USER_LEVEL_MEMBER = ' . USER_LEVEL_MEMBER . ';
+ − 696
var USER_LEVEL_CHPREF = ' . USER_LEVEL_CHPREF . ';
+ − 697
var USER_LEVEL_MOD = ' . USER_LEVEL_MOD . ';
+ − 698
var USER_LEVEL_ADMIN = ' . USER_LEVEL_ADMIN . ';
+ − 699
var editNotice = \'' . ( (getConfig('wiki_edit_notice')=='1') ? str_replace("\n", "\\\n", RenderMan::render(getConfig('wiki_edit_notice_text'))) : '' ) . '\';
+ − 700
var prot = ' . ( ($paths->page_protected && !$session->get_permissions('even_when_protected')) ? 'true' : 'false' ) .'; // No, hacking this var won\'t work, it\'s re-checked on the server
+ − 701
var ENANO_SPECIAL_CREATEPAGE = \''. makeUrl($paths->nslist['Special'].'CreatePage') .'\';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 702
var ENANO_CREATEPAGE_PARAMS = \'_do=&pagename='. $urlname_clean .'&namespace=' . $paths->namespace . '\';
1
+ − 703
var ENANO_SPECIAL_CHANGESTYLE = \''. makeUrlNS('Special', 'ChangeStyle') .'\';
+ − 704
var namespace_list = new Array();
+ − 705
var AES_BITS = '.AES_BITS.';
+ − 706
var AES_BLOCKSIZE = '.AES_BLOCKSIZE.';
+ − 707
var pagepass = \''. ( ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '' ) .'\';
+ − 708
var ENANO_THEME_LIST = \'';
+ − 709
foreach($this->theme_list as $t) {
+ − 710
if($t['enabled'])
+ − 711
{
+ − 712
$js_dynamic .= '<option value="'.$t['theme_id'].'"';
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 713
// if($t['theme_id'] == $session->theme) $js_dynamic .= ' selected="selected"';
1
+ − 714
$js_dynamic .= '>'.$t['theme_name'].'</option>';
+ − 715
}
+ − 716
}
+ − 717
$js_dynamic .= '\';
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 718
var ENANO_CURRENT_THEME = \''. $session->theme .'\';
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 719
var ENANO_LANG_ID = ' . $lang->lang_id . ';';
1
+ − 720
foreach($paths->nslist as $k => $c)
+ − 721
{
+ − 722
$js_dynamic .= "namespace_list['{$k}'] = '$c';";
+ − 723
}
+ − 724
$js_dynamic .= "\n //]]>\n </script>";
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 725
1
+ − 726
$tpl_strings = Array(
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 727
'PAGE_NAME'=>htmlspecialchars($paths->cpage['name']),
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 728
'PAGE_URLNAME'=> $urlname_clean,
40
+ − 729
'SITE_NAME'=>htmlspecialchars(getConfig('site_name')),
1
+ − 730
'USERNAME'=>$session->username,
40
+ − 731
'SITE_DESC'=>htmlspecialchars(getConfig('site_desc')),
1
+ − 732
'TOOLBAR'=>$tb,
+ − 733
'SCRIPTPATH'=>scriptPath,
+ − 734
'CONTENTPATH'=>contentPath,
+ − 735
'ADMIN_SID_QUES'=>$asq,
+ − 736
'ADMIN_SID_AMP'=>$asa,
+ − 737
'ADMIN_SID_AMP_HTML'=>$ash,
+ − 738
'ADMIN_SID_AUTO'=>$as2,
114
47393c6619ea
Nothing special, just syncing to Scribus, several bugs have been found with GET forms and a fix is in the works
Dan
diff
changeset
+ − 739
'ADMIN_SID_RAW'=> ( is_string($session->sid_super) ? $session->sid_super : '' ),
1
+ − 740
'ADDITIONAL_HEADERS'=>$this->additional_headers,
91
+ − 741
'COPYRIGHT'=>RenderMan::parse_internal_links(getConfig('copyright_notice')),
1
+ − 742
'TOOLBAR_EXTRAS'=>$this->toolbar_menu,
+ − 743
'REQUEST_URI'=>$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'],
+ − 744
'STYLE_LINK'=>makeUrlNS('Special', 'CSS'.$p, null, true), //contentPath.$paths->nslist['Special'].'CSS' . $p,
+ − 745
'LOGIN_LINK'=>$login_link,
+ − 746
'LOGOUT_LINK'=>$logout_link,
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 747
'ADMIN_LINK'=>$admin_link,
1
+ − 748
'THEME_LINK'=>$theme_link,
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 749
'SEARCH_ACTION'=>makeUrlNS('Special', 'Search'),
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 750
'INPUT_TITLE'=>( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->nslist[$paths->namespace] . $paths->cpage['urlname_nons'] ) . '" />' : ''),
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 751
'INPUT_AUTH'=>( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : ''),
1
+ − 752
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme,
+ − 753
'THEME_ID'=>$this->theme,
+ − 754
'STYLE_ID'=>$this->style,
+ − 755
'JS_DYNAMIC_VARS'=>$js_dynamic,
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 756
'UNREAD_PMS'=>$session->unread_pms,
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 757
'URL_ABOUT_ENANO' => makeUrlNS('Special', 'About_Enano', '', true)
1
+ − 758
);
+ − 759
+ − 760
foreach ( $paths->nslist as $ns_id => $ns_prefix )
+ − 761
{
+ − 762
$tpl_strings[ 'NS_' . strtoupper($ns_id) ] = $ns_prefix;
+ − 763
}
+ − 764
+ − 765
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings);
+ − 766
list($this->tpl_strings['SIDEBAR_LEFT'], $this->tpl_strings['SIDEBAR_RIGHT'], $min) = $this->fetch_sidebar();
+ − 767
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != $min) ? true : false;
+ − 768
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != $min) ? true : false;
+ − 769
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 770
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 771
$code = $plugins->setHook('template_var_init_end');
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 772
foreach ( $code as $cmd )
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 773
{
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 774
eval($cmd);
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 775
}
1
+ − 776
}
+ − 777
+ − 778
function header($simple = false)
+ − 779
{
+ − 780
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 781
ob_start();
+ − 782
+ − 783
if(!$this->theme_loaded)
+ − 784
{
+ − 785
$this->load_theme($session->theme, $session->style);
+ − 786
}
+ − 787
+ − 788
$headers_sent = true;
+ − 789
dc_here('template: generating and sending the page header');
+ − 790
if(!defined('ENANO_HEADERS_SENT'))
+ − 791
define('ENANO_HEADERS_SENT', '');
174
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 792
if ( !$this->no_headers )
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 793
{
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 794
$header = ( $simple ) ?
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 795
$this->process_template('simple-header.tpl') :
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 796
$this->process_template('header.tpl');
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 797
echo $header;
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 798
}
1
+ − 799
if ( !$simple && $session->user_logged_in && $session->unread_pms > 0 )
+ − 800
{
+ − 801
echo $this->notify_unread_pms();
+ − 802
}
+ − 803
if ( !$simple && $session->sw_timed_out )
+ − 804
{
+ − 805
$login_link = makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, true);
+ − 806
echo '<div class="usermessage">';
+ − 807
echo '<b>Your administrative session has timed out.</b> <a href="' . $login_link . '">Log in again</a>';
+ − 808
echo '</div>';
+ − 809
}
30
+ − 810
if ( $this->site_disabled && $session->user_level >= USER_LEVEL_ADMIN && ( $paths->page != $paths->nslist['Special'] . 'Administration' ) )
+ − 811
{
+ − 812
$admin_link = makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'GeneralConfig', true);
+ − 813
echo '<div class="usermessage"><b>The site is currently disabled and thus is only accessible to administrators.</b><br />
+ − 814
You can re-enable the site through the <a href="' . $admin_link . '">administration panel</a>.
+ − 815
</div>';
+ − 816
}
1
+ − 817
}
+ − 818
function footer($simple = false)
+ − 819
{
+ − 820
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 821
dc_here('template: generating and sending the page footer');
+ − 822
if(!$this->no_headers) {
+ − 823
+ − 824
if(!defined('ENANO_HEADERS_SENT'))
+ − 825
$this->header();
+ − 826
+ − 827
global $_starttime;
+ − 828
if(isset($_GET['sqldbg']) && $session->get_permissions('mod_misc'))
+ − 829
{
+ − 830
echo '<h3>Query list as requested on URI</h3><pre style="margin-left: 1em">';
+ − 831
echo $db->sql_backtrace();
+ − 832
echo '</pre>';
+ − 833
}
+ − 834
+ − 835
$f = microtime_float();
+ − 836
$f = $f - $_starttime;
+ − 837
$f = round($f, 4);
+ − 838
$dbg = 'Time: '.$f.'s | Queries: '.$db->num_queries;
+ − 839
$t = ( $simple ) ? $this->process_template('simple-footer.tpl') : $this->process_template('footer.tpl');
+ − 840
$t = str_replace('[[Stats]]', $dbg, $t);
+ − 841
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+ − 842
$t = str_replace('[[GenTime]]', (string)$f, $t);
+ − 843
echo $t;
+ − 844
+ − 845
ob_end_flush();
+ − 846
}
+ − 847
else return '';
+ − 848
}
+ − 849
function getHeader()
+ − 850
{
+ − 851
$headers_sent = true;
+ − 852
dc_here('template: generating and sending the page header');
+ − 853
if(!defined('ENANO_HEADERS_SENT'))
+ − 854
define('ENANO_HEADERS_SENT', '');
+ − 855
if(!$this->no_headers) return $this->process_template('header.tpl');
+ − 856
}
+ − 857
function getFooter()
+ − 858
{
+ − 859
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 860
dc_here('template: generating and sending the page footer');
+ − 861
if(!$this->no_headers) {
+ − 862
global $_starttime;
+ − 863
$t = '';
+ − 864
+ − 865
if(isset($_GET['sqldbg']) && $session->get_permissions('mod_misc'))
+ − 866
{
+ − 867
$t .= '<h3>Query list as requested on URI</h3><pre style="margin-left: 1em">';
+ − 868
$t .= $db->sql_backtrace();
+ − 869
$t .= '</pre>';
+ − 870
}
+ − 871
+ − 872
$f = microtime_float();
+ − 873
$f = $f - $_starttime;
+ − 874
$f = round($f, 4);
+ − 875
$dbg = 'Time: '.$f.'s | Queries: '.$db->num_queries;
+ − 876
$t.= $this->process_template('footer.tpl');
+ − 877
$t = str_replace('[[Stats]]', $dbg, $t);
+ − 878
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+ − 879
$t = str_replace('[[GenTime]]', (string)$f, $t);
+ − 880
return $t;
+ − 881
}
+ − 882
else return '';
+ − 883
}
+ − 884
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 885
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 886
* Compiles and executes a template based on the current variables and booleans. Loads
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 887
* the theme and initializes variables if needed. This mostly just calls child functions.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 888
* @param string File to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 889
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 890
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 891
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 892
function process_template($file)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 893
{
1
+ − 894
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 895
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 896
{
+ − 897
$this->load_theme();
+ − 898
$this->init_vars();
+ − 899
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 900
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 901
$compiled = $this->compile_template($file);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 902
return eval($compiled);
1
+ − 903
}
+ − 904
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 905
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 906
* Loads variables from the specified template file. Returns an associative array containing the variables.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 907
* @param string Template file to process (elements.tpl)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 908
* @return array
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 909
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 910
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 911
function extract_vars($file)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 912
{
1
+ − 913
global $db, $session, $paths, $template, $plugins; // Common objects
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 914
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 915
// Sometimes this function gets called before the theme is loaded
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 916
// This is a bad coding practice so this function will always be picky.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 917
if ( !$this->theme )
1
+ − 918
{
+ − 919
die('$template->extract_vars(): theme not yet loaded, so we can\'t open template files yet...this is a bug and should be reported.<br /><br />Backtrace, most recent call first:<pre>'.enano_debug_print_backtrace(true).'</pre>');
+ − 920
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 921
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 922
// Full pathname of template file
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 923
$tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $file;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 924
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 925
// Make sure the template even exists
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 926
if ( !is_file($tpl_file_fullpath) )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 927
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 928
die_semicritical('Cannot find template file',
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 929
'<p>The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 930
the current theme.</p>
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 931
<p>Additional debugging information:<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 932
<b>Theme currently in use: </b>' . $this->theme . '<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 933
<b>Requested file: </b>' . $file . '
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 934
</p>');
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 935
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 936
// Retrieve file contents
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 937
$text = file_get_contents($tpl_file_fullpath);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 938
if ( !$text )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 939
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 940
return false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 941
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 942
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 943
// Get variables, regular expressions FTW
1
+ − 944
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches);
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 945
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 946
// Initialize return values
1
+ − 947
$tplvars = Array();
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 948
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 949
// Loop through each match, setting $tplvars[ $first_subpattern ] to $second_subpattern
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 950
for ( $i = 0; $i < sizeof($matches[1]); $i++ )
1
+ − 951
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 952
$tplvars[ $matches[1][$i] ] = $matches[2][$i];
1
+ − 953
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 954
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 955
// All done!
1
+ − 956
return $tplvars;
+ − 957
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 958
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 959
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 960
* Compiles a block of template code.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 961
* @param string The text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 962
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 963
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 964
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 965
function compile_tpl_code($text)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 966
{
205
+ − 967
global $db, $session, $paths, $template, $plugins; // Common objects
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 968
// A random seed used to salt tags
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 969
$seed = md5 ( microtime() . mt_rand() );
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 970
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 971
// Strip out PHP sections
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 972
preg_match_all('/<\?php(.+?)\?>/is', $text, $php_matches);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 973
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 974
foreach ( $php_matches[0] as $i => $match )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 975
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 976
// Substitute the PHP section with a random tag
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 977
$tag = "{PHP:$i:$seed}";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 978
$text = str_replace_once($match, $tag, $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 979
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 980
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 981
// Escape slashes and single quotes in template code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 982
$text = str_replace('\\', '\\\\', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 983
$text = str_replace('\'', '\\\'', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 984
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 985
// Initialize the PHP compiled code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 986
$text = 'ob_start(); echo \''.$text.'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 987
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 988
##
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 989
## Main rules
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 990
##
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 991
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 992
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 993
// Conditionals
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 994
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 995
205
+ − 996
$keywords = array('BEGIN', 'BEGINNOT', 'IFSET', 'IFPLUGIN');
+ − 997
$code = $plugins->setHook('template_compile_logic_keyword');
+ − 998
foreach ( $code as $cmd )
+ − 999
{
+ − 1000
eval($cmd);
+ − 1001
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1002
205
+ − 1003
$keywords = implode('|', $keywords);
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1004
205
+ − 1005
// Matches
+ − 1006
// 1 2 3 4 56 7 8
+ − 1007
$regexp = '/(<!-- ('. $keywords .') ([A-z0-9_-]+) -->)(.*)((<!-- BEGINELSE \\3 -->)(.*))?(<!-- END \\3 -->)/isU';
+ − 1008
+ − 1009
/*
+ − 1010
The way this works is: match all blocks using the standard form with a different keyword in the block each time,
+ − 1011
and replace them with appropriate PHP logic. Plugin-extensible now. :-)
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1012
205
+ − 1013
The while-loop is to bypass what is apparently a PCRE bug. It's hackish but it works. Properly written plugins should only need
+ − 1014
to compile templates (using this method) once for each time the template file is changed.
+ − 1015
*/
+ − 1016
while ( preg_match($regexp, $text) )
+ − 1017
{
+ − 1018
preg_match_all($regexp, $text, $matches);
+ − 1019
for ( $i = 0; $i < count($matches[0]); $i++ )
+ − 1020
{
+ − 1021
$start_tag =& $matches[1][$i];
+ − 1022
$type =& $matches[2][$i];
+ − 1023
$test =& $matches[3][$i];
+ − 1024
$particle_true =& $matches[4][$i];
+ − 1025
$else_tag =& $matches[6][$i];
+ − 1026
$particle_else =& $matches[7][$i];
+ − 1027
$end_tag =& $matches[8][$i];
+ − 1028
+ − 1029
switch($type)
+ − 1030
{
+ − 1031
case 'BEGIN':
+ − 1032
$cond = "isset(\$this->tpl_bool['$test']) && \$this->tpl_bool['$test']";
+ − 1033
break;
+ − 1034
case 'BEGINNOT':
+ − 1035
$cond = "!isset(\$this->tpl_bool['$test']) || ( isset(\$this->tpl_bool['$test']) && !\$this->tpl_bool['$test'] )";
+ − 1036
break;
+ − 1037
case 'IFPLUGIN':
+ − 1038
$cond = "getConfig('plugin_$test') == '1'";
+ − 1039
break;
+ − 1040
case 'IFSET':
+ − 1041
$cond = "isset(\$this->tpl_strings['$test'])";
+ − 1042
break;
+ − 1043
default:
+ − 1044
$code = $plugins->setHook('template_compile_logic_cond');
+ − 1045
foreach ( $code as $cmd )
+ − 1046
{
+ − 1047
eval($cmd);
+ − 1048
}
+ − 1049
break;
+ − 1050
}
+ − 1051
+ − 1052
if ( !isset($cond) || ( isset($cond) && !is_string($cond) ) )
+ − 1053
continue;
+ − 1054
+ − 1055
$tag_complete = <<<TPLCODE
+ − 1056
';
+ − 1057
/* START OF CONDITION: $type ($test) */
+ − 1058
if ( $cond )
+ − 1059
{
+ − 1060
echo '$particle_true';
+ − 1061
/* ELSE OF CONDITION: $type ($test) */
+ − 1062
}
+ − 1063
else
+ − 1064
{
+ − 1065
echo '$particle_else';
+ − 1066
/* END OF CONDITION: $type ($test) */
+ − 1067
}
+ − 1068
echo '
+ − 1069
TPLCODE;
+ − 1070
+ − 1071
$text = str_replace_once($matches[0][$i], $tag_complete, $text);
+ − 1072
+ − 1073
}
+ − 1074
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1075
205
+ − 1076
// For debugging ;-)
+ − 1077
// die("<pre><?php\n" . htmlspecialchars($text."\n\n".print_r($matches,true)) . "\n\n?></pre>");
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1078
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1079
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1080
// Data substitution/variables
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1081
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1082
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1083
// System messages
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1084
$text = preg_replace('/<!-- SYSMSG ([A-z0-9\._-]+?) -->/is', '\' . $this->tplWikiFormat($pages->sysMsg(\'\\1\')) . \'', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1085
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1086
// Template variables
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1087
$text = preg_replace('/\{([A-z0-9_-]+?)\}/is', '\' . $this->tpl_strings[\'\\1\'] . \'', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1088
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1089
// Reinsert PHP
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1090
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1091
foreach ( $php_matches[1] as $i => $match )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1092
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1093
// Substitute the random tag with the "real" PHP code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1094
$tag = "{PHP:$i:$seed}";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1095
$text = str_replace_once($tag, "'; $match echo '", $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1096
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1097
205
+ − 1098
// echo('<pre>' . htmlspecialchars($text) . '</pre>');
+ − 1099
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1100
return $text;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1101
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1102
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1103
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1104
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1105
* Compiles the contents of a given template file, possibly using a cached copy, and returns the compiled code.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1106
* @param string Filename of template (header.tpl)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1107
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1108
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1109
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1110
function compile_template($filename)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1111
{
1
+ − 1112
global $db, $session, $paths, $template, $plugins; // Common objects
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1113
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1114
// Full path to template file
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1115
$tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $filename;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1116
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1117
// Make sure the file exists
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1118
if ( !is_file($tpl_file_fullpath) )
1
+ − 1119
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1120
die_semicritical('Cannot find template file',
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1121
'<p>The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1122
the current theme.</p>
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1123
<p>Additional debugging information:<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1124
<b>Theme currently in use: </b>' . $this->theme . '<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1125
<b>Requested file: </b>' . $file . '
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1126
</p>');
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1127
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1128
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1129
// Check for cached copy
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1130
// This will make filenames in the pattern of theme-file.tpl.php
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1131
$cache_file = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $filename) . '.php';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1132
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1133
// Only use cached copy if caching is enabled
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1134
// (it is enabled by default I think)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1135
if ( file_exists($cache_file) && getConfig('cache_thumbs') == '1' )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1136
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1137
// Cache files are auto-generated, but otherwise are normal PHP files
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1138
include($cache_file);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1139
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1140
// Fetch content of the ORIGINAL
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1141
$text = file_get_contents($tpl_file_fullpath);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1142
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1143
// $md5 will be set by the cached file
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1144
// This makes sure that a cached copy of the template is used only if its MD5
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1145
// matches the MD5 of the file that the compiled file was compiled from.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1146
if ( isset($md5) && $md5 == md5($text) )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1147
{
1
+ − 1148
return str_replace('\\"', '"', $tpl_text);
+ − 1149
}
+ − 1150
}
+ − 1151
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1152
// We won't use the cached copy here
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1153
$text = file_get_contents($tpl_file_fullpath);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1154
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1155
// This will be used later when writing the cached file
1
+ − 1156
$md5 = md5($text);
+ − 1157
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1158
// Preprocessing and checks complete - compile the code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1159
$text = $this->compile_tpl_code($text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1160
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1161
// Perhaps caching is enabled and the admin has changed the template?
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1162
if ( is_writable( ENANO_ROOT . '/cache/' ) && getConfig('cache_thumbs') == '1' )
1
+ − 1163
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1164
$h = fopen($cache_file, 'w');
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1165
if ( !$h )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1166
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1167
// Couldn't open the file - silently ignore and return
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1168
return $text;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1169
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1170
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1171
// Escape the compiled code so it can be eval'ed
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1172
$text_escaped = addslashes($text);
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1173
$notice = <<<EOF
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1174
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1175
/*
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1176
* NOTE: This file was automatically generated by Enano and is based on compiled code. Do not edit this file.
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1177
* If you edit this file, any changes you make will be lost the next time the associated source template file is edited.
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1178
*/
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1179
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1180
EOF;
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1181
// This is really just a normal PHP file that sets a variable or two and exits.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1182
// $tpl_text actually will contain the compiled code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1183
fwrite($h, '<?php ' . $notice . ' $md5 = \'' . $md5 . '\'; $tpl_text = \'' . $text_escaped . '\'; ?>');
1
+ − 1184
fclose($h);
+ − 1185
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1186
1
+ − 1187
return $text; //('<pre>'.htmlspecialchars($text).'</pre>');
+ − 1188
}
+ − 1189
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1190
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1191
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1192
* Compiles (parses) some template code with the current master set of variables and booleans.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1193
* @param string Text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1194
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1195
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1196
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1197
function compile_template_text($text)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1198
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1199
// this might do something else in the future, possibly cache large templates
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1200
return $this->compile_tpl_code($text);
1
+ − 1201
}
+ − 1202
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1203
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1204
* For convenience - compiles AND parses some template code.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1205
* @param string Text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1206
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1207
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1208
1
+ − 1209
function parse($text)
+ − 1210
{
+ − 1211
$text = $this->compile_template_text($text);
+ − 1212
return eval($text);
+ − 1213
}
+ − 1214
+ − 1215
// Steps to turn this:
+ − 1216
// [[Project:Community Portal]]
+ − 1217
// into this:
+ − 1218
// <a href="/Project:Community_Portal">Community Portal</a>
+ − 1219
// Must be done WITHOUT creating eval'ed code!!!
+ − 1220
+ − 1221
// 1. preg_replace \[\[([a-zA-Z0-9 -_:]*?)\]\] with <a href="'.contentPath.'\\1">\\1</a>
+ − 1222
// 2. preg_match_all <a href="'.preg_quote(contentPath).'([a-zA-Z0-9 -_:]*?)">
+ − 1223
// 3. For each match, replace matches with identifiers
+ − 1224
// 4. For each match, str_replace ' ' with '_'
+ − 1225
// 5. For each match, str_replace match_id:random_val with $matches[$match_id]
+ − 1226
+ − 1227
// The template language is really a miniature programming language; with variables, conditionals, everything!
+ − 1228
// So you can implement custom logic into your sidebar if you wish.
+ − 1229
// "Real" PHP support coming soon :-D
+ − 1230
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1231
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1232
* Takes a blob of HTML with the specially formatted template-oriented wikitext and formats it. Does not use eval().
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1233
* This function butchers every coding standard in Enano and should eventually be rewritten. The fact is that the
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1234
* code _works_ and does a good job of checking for errors and cleanly complaining about them.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1235
* @param string Text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1236
* @param bool Ignored for backwards compatibility
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1237
* @param string File to get variables for sidebar data from
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1238
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1239
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1240
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1241
function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl')
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1242
{
1
+ − 1243
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1244
$filter_links = false;
+ − 1245
$tplvars = $this->extract_vars($filename);
+ − 1246
if($session->sid_super) $as = htmlspecialchars(urlSeparator).'auth='.$session->sid_super;
+ − 1247
else $as = '';
+ − 1248
error_reporting(E_ALL);
+ − 1249
$random_id = sha1(microtime().''); // A temp value
+ − 1250
+ − 1251
/*
+ − 1252
* PREPROCESSOR
+ − 1253
*/
+ − 1254
+ − 1255
// Variables
+ − 1256
+ − 1257
preg_match_all('#\$([A-Z_-]+)\$#', $message, $links);
+ − 1258
$links = $links[1];
+ − 1259
+ − 1260
for($i=0;$i<sizeof($links);$i++)
+ − 1261
{
+ − 1262
$message = str_replace('$'.$links[$i].'$', $this->tpl_strings[$links[$i]], $message);
+ − 1263
}
+ − 1264
+ − 1265
// Conditionals
+ − 1266
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1267
preg_match_all('#\{if ([A-Za-z0-9_ \(\)&\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links);
1
+ − 1268
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1269
// Temporary exception from coding standards - using tab length of 4 here for clarity
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1270
for ( $i = 0; $i < sizeof($links[1]); $i++ )
1
+ − 1271
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1272
$condition =& $links[1][$i];
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1273
$message = str_replace('{if '.$condition.'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message);
1
+ − 1274
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1275
// Time for some manual parsing...
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1276
$chk = false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1277
$current_id = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1278
$prn_level = 0;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1279
// Used to keep track of where we are in the conditional
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1280
// Object of the game: turn {if this && ( that OR !something_else )} ... {/if} into if( ( isset($this->tpl_bool['that']) && $this->tpl_bool['that'] ) && ...
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1281
// Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1282
$in_var_now = true;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1283
$in_var_last = false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1284
$current_var = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1285
$current_var_start_pos = 0;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1286
$current_var_end_pos = 0;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1287
$j = -1;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1288
$condition = $condition . ' ';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1289
$d = strlen($condition);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1290
while($j < $d)
1
+ − 1291
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1292
$j++;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1293
$in_var_last = $in_var_now;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1294
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1295
$char = substr($condition, $j, 1);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1296
$in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1297
if(!$in_var_last && $in_var_now)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1298
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1299
$current_var_start_pos = $j;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1300
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1301
if($in_var_last && !$in_var_now)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1302
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1303
$current_var_end_pos = $j;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1304
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1305
if($in_var_now)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1306
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1307
$current_var .= $char;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1308
continue;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1309
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1310
// OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1311
if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9')
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1312
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1313
// XSS attack! Bail out
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1314
$errmsg = '<p><b>Error:</b> Syntax error (possibly XSS attack) caught in template code:</p>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1315
$errmsg .= '<pre>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1316
$errmsg .= '{if '.htmlspecialchars($condition).'}';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1317
$errmsg .= "\n ";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1318
for ( $k = 0; $k < $j; $k++ )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1319
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1320
$errmsg .= " ";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1321
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1322
// Show position of error
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1323
$errmsg .= '<span style="color: red;">^</span>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1324
$errmsg .= '</pre>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1325
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $errmsg, $message);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1326
continue 2;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1327
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1328
if($current_var != '')
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1329
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1330
$cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1331
$cvt = substr($condition, 0, $current_var_start_pos) . $cd . substr($condition, $current_var_end_pos, strlen($condition));
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1332
$j = $j + strlen($cd) - strlen($current_var);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1333
$current_var = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1334
$condition = $cvt;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1335
$d = strlen($condition);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1336
}
1
+ − 1337
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1338
$condition = substr($condition, 0, strlen($condition)-1);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1339
$condition = '$chk = ( '.$condition.' ) ? true : false;';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1340
eval($condition);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1341
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1342
if($chk)
1
+ − 1343
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1344
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}'));
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1345
else $c = $links[2][$i];
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1346
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
1
+ − 1347
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1348
else
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1349
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1350
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i]));
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1351
else $c = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1352
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1353
}
1
+ − 1354
}
+ − 1355
+ − 1356
preg_match_all('#\{!if ([A-Za-z_-]*)\}(.*?)\{\/if\}#is', $message, $links);
+ − 1357
+ − 1358
for($i=0;$i<sizeof($links[1]);$i++)
+ − 1359
{
+ − 1360
$message = str_replace('{!if '.$links[1][$i].'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message);
+ − 1361
if(isset($this->tpl_bool[$links[1][$i]]) && $this->tpl_bool[$links[1][$i]]) {
+ − 1362
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i]));
+ − 1363
else $c = '';
+ − 1364
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
+ − 1365
} else {
+ − 1366
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}'));
+ − 1367
else $c = $links[2][$i];
+ − 1368
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
+ − 1369
}
+ − 1370
}
+ − 1371
+ − 1372
/*
+ − 1373
* HTML RENDERER
+ − 1374
*/
+ − 1375
+ − 1376
// Images
+ − 1377
$j = preg_match_all('#\[\[:'.$paths->nslist['File'].'([\w\s0-9_\(\)!@%\^\+\|\.-]+?)\]\]#is', $message, $matchlist);
+ − 1378
$matches = Array();
+ − 1379
$matches['images'] = $matchlist[1];
+ − 1380
for($i=0;$i<sizeof($matchlist[1]);$i++)
+ − 1381
{
+ − 1382
if(isPage($paths->nslist['File'].$matches['images'][$i]))
+ − 1383
{
+ − 1384
$message = str_replace('[[:'.$paths->nslist['File'].$matches['images'][$i].']]',
+ − 1385
'<img alt="'.$matches['images'][$i].'" style="border: 0" src="'.makeUrlNS('Special', 'DownloadFile/'.$matches['images'][$i]).'" />',
+ − 1386
$message);
+ − 1387
}
+ − 1388
}
+ − 1389
+ − 1390
// Internal links
+ − 1391
+ − 1392
$text_parser = $this->makeParserText($tplvars['sidebar_button']);
+ − 1393
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1394
preg_match_all("#\[\[([^\|\]\n\a\r\t]*?)\]\]#is", $message, $il);
1
+ − 1395
for($i=0;$i<sizeof($il[1]);$i++)
+ − 1396
{
+ − 1397
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true);
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1398
$text_parser->assign_vars(Array(
1
+ − 1399
'HREF' => $href,
+ − 1400
'FLAGS' => '',
+ − 1401
'TEXT' => $il[1][$i]
+ − 1402
));
+ − 1403
$message = str_replace("[[{$il[1][$i]}]]", $text_parser->run(), $message);
+ − 1404
}
+ − 1405
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1406
preg_match_all('#\[\[([^\|\]\n\a\r\t]*?)\|([^\]\r\n\a\t]*?)\]\]#is', $message, $il);
1
+ − 1407
for($i=0;$i<sizeof($il[1]);$i++)
+ − 1408
{
+ − 1409
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true);
+ − 1410
$text_parser->assign_vars(Array(
+ − 1411
'HREF' => $href,
+ − 1412
'FLAGS' => '',
+ − 1413
'TEXT' => $il[2][$i]
+ − 1414
));
+ − 1415
$message = str_replace("[[{$il[1][$i]}|{$il[2][$i]}]]", $text_parser->run(), $message);
+ − 1416
}
+ − 1417
+ − 1418
// External links
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1419
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?) ([^\]]+)\\]#', '<a href="\\1://\\2">\\3</a><br style="display: none;" />', $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1420
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', '<a href="\\1://\\2">\\1://\\2</a><br style="display: none;" />', $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1421
165
+ − 1422
preg_match_all('/\[((https?|ftp|irc):\/\/([^@\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?) ([^\]]+)\]/is', $message, $ext_link);
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1423
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1424
for ( $i = 0; $i < count($ext_link[0]); $i++ )
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1425
{
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1426
$text_parser->assign_vars(Array(
165
+ − 1427
'HREF' => $ext_link[1][$i],
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1428
'FLAGS' => '',
165
+ − 1429
'TEXT' => $ext_link[16][$i]
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1430
));
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1431
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1432
}
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1433
165
+ − 1434
preg_match_all('/\[((https?|ftp|irc):\/\/([^@\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?)\]/is', $message, $ext_link);
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1435
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1436
for ( $i = 0; $i < count($ext_link[0]); $i++ )
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1437
{
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1438
$text_parser->assign_vars(Array(
165
+ − 1439
'HREF' => $ext_link[1][$i],
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1440
'FLAGS' => '',
165
+ − 1441
'TEXT' => htmlspecialchars($ext_link[1][$i])
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1442
));
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1443
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1444
}
1
+ − 1445
+ − 1446
$parser1 = $this->makeParserText($tplvars['sidebar_section']);
+ − 1447
$parser2 = $this->makeParserText($tplvars['sidebar_section_raw']);
+ − 1448
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 1449
preg_match_all('#\{slider(2|)=([^\}]*?)\}(.*?)\{\/slider(2|)\}#is', $message, $sb);
1
+ − 1450
+ − 1451
// Modified to support the sweet new template var system
+ − 1452
for($i=0;$i<sizeof($sb[1]);$i++)
+ − 1453
{
+ − 1454
$p = ($sb[1][$i] == '2') ? $parser2 : $parser1;
+ − 1455
$p->assign_vars(Array('TITLE'=>$sb[2][$i],'CONTENT'=>$sb[3][$i]));
+ − 1456
$message = str_replace("{slider{$sb[1][$i]}={$sb[2][$i]}}{$sb[3][$i]}{/slider{$sb[4][$i]}}", $p->run(), $message);
+ − 1457
}
+ − 1458
+ − 1459
/*
+ − 1460
Extras ;-)
+ − 1461
$message = preg_replace('##is', '', $message);
+ − 1462
$message = preg_replace('##is', '', $message);
+ − 1463
$message = preg_replace('##is', '', $message);
+ − 1464
$message = preg_replace('##is', '', $message);
+ − 1465
$message = preg_replace('##is', '', $message);
+ − 1466
*/
+ − 1467
+ − 1468
//die('<pre>'.htmlspecialchars($message).'</pre>');
+ − 1469
//eval($message); exit;
+ − 1470
return $message;
+ − 1471
}
+ − 1472
+ − 1473
/**
+ − 1474
* Print a text field that auto-completes a username entered into it.
+ − 1475
* @param string $name - the name of the form field
+ − 1476
* @return string
+ − 1477
*/
+ − 1478
+ − 1479
function username_field($name, $value = false)
+ − 1480
{
+ − 1481
$randomid = md5( time() . microtime() . mt_rand() );
208
+ − 1482
$text = '<input name="'.$name.'" onkeyup="new AutofillUsername(this);" autocomplete="off" type="text" size="30" id="userfield_'.$randomid.'"';
1
+ − 1483
if($value) $text .= ' value="'.$value.'"';
+ − 1484
$text .= ' />';
+ − 1485
return $text;
+ − 1486
}
+ − 1487
+ − 1488
/**
+ − 1489
* Print a text field that auto-completes a page name entered into it.
+ − 1490
* @param string $name - the name of the form field
+ − 1491
* @return string
+ − 1492
*/
+ − 1493
+ − 1494
function pagename_field($name, $value = false)
+ − 1495
{
+ − 1496
$randomid = md5( time() . microtime() . mt_rand() );
+ − 1497
$text = '<input name="'.$name.'" onkeyup="ajaxPageNameComplete(this)" type="text" size="30" id="pagefield_'.$randomid.'"';
+ − 1498
if($value) $text .= ' value="'.$value.'"';
+ − 1499
$text .= ' />';
+ − 1500
$text .= '<script type="text/javascript">
+ − 1501
var inp = document.getElementById(\'pagefield_' . $randomid . '\');
+ − 1502
var f = get_parent_form(inp);
+ − 1503
if ( f )
+ − 1504
{
+ − 1505
if ( typeof(f.onsubmit) != \'function\' )
+ − 1506
{
+ − 1507
f.onsubmit = function() {
+ − 1508
if ( !submitAuthorized )
+ − 1509
{
+ − 1510
return false;
+ − 1511
}
+ − 1512
}
+ − 1513
}
+ − 1514
}</script>';
+ − 1515
return $text;
+ − 1516
}
+ − 1517
+ − 1518
/**
+ − 1519
* Sends a textarea that can be converted to and from a TinyMCE widget on the fly.
+ − 1520
* @param string The name of the form element
+ − 1521
* @param string The initial content. Optional, defaults to blank
+ − 1522
* @param int Rows in textarea
+ − 1523
* @param int Columns in textarea
+ − 1524
* @return string HTML and Javascript code.
+ − 1525
*/
+ − 1526
+ − 1527
function tinymce_textarea($name, $content = '', $rows = 20, $cols = 60)
+ − 1528
{
+ − 1529
$randomid = md5(microtime() . mt_rand());
+ − 1530
$html = '';
+ − 1531
$html .= '<textarea name="' . $name . '" rows="'.$rows.'" cols="'.$cols.'" style="width: 100%;" id="toggleMCEroot_'.$randomid.'">' . $content . '</textarea>';
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1532
$html .= '<div style="float: right; display: table;" id="mceSwitchAgent_' . $randomid . '">text editor | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">graphical editor</a></div>';
1
+ − 1533
$html .= '<script type="text/javascript">
+ − 1534
// <![CDATA[
+ − 1535
function toggleMCE_'.$randomid.'()
+ − 1536
{
+ − 1537
var the_obj = document.getElementById(\'toggleMCEroot_' . $randomid . '\');
+ − 1538
var panel = document.getElementById(\'mceSwitchAgent_' . $randomid . '\');
+ − 1539
if ( the_obj.dnIsMCE == "yes" )
+ − 1540
{
+ − 1541
$dynano(the_obj).destroyMCE();
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1542
panel.innerHTML = \'text editor | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">graphical editor</a>\';
1
+ − 1543
}
+ − 1544
else
+ − 1545
{
+ − 1546
$dynano(the_obj).switchToMCE();
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1547
panel.innerHTML = \'<a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">text editor</a> | graphical editor\';
1
+ − 1548
}
+ − 1549
}
+ − 1550
// ]]>
+ − 1551
</script>';
+ − 1552
return $html;
+ − 1553
}
+ − 1554
+ − 1555
/**
+ − 1556
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;)
+ − 1557
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class.
+ − 1558
* @param $filename the filename of the template to be parsed
+ − 1559
* @return object
+ − 1560
*/
+ − 1561
+ − 1562
function makeParser($filename)
+ − 1563
{
+ − 1564
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1565
$filename = ENANO_ROOT.'/themes/'.$template->theme.'/'.$filename;
+ − 1566
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist');
+ − 1567
$code = file_get_contents($filename);
+ − 1568
$parser = new templateIndividual($code);
+ − 1569
return $parser;
+ − 1570
}
+ − 1571
+ − 1572
/**
+ − 1573
* Same as $template->makeParser(), but takes a string instead of a filename.
+ − 1574
* @param $text the text to parse
+ − 1575
* @return object
+ − 1576
*/
+ − 1577
+ − 1578
function makeParserText($code)
+ − 1579
{
+ − 1580
$parser = new templateIndividual($code);
+ − 1581
return $parser;
+ − 1582
}
+ − 1583
+ − 1584
/**
+ − 1585
* Fetch the HTML for a plugin-added sidebar block
+ − 1586
* @param $name the plugin name
+ − 1587
* @return string
+ − 1588
*/
+ − 1589
+ − 1590
function fetch_block($id)
+ − 1591
{
+ − 1592
if(isset($this->plugin_blocks[$id])) return $this->plugin_blocks[$id];
+ − 1593
else return false;
+ − 1594
}
+ − 1595
+ − 1596
/**
+ − 1597
* Fetches the contents of both sidebars.
+ − 1598
* @return array - key 0 is left, key 1 is right
+ − 1599
* @example list($left, $right) = $template->fetch_sidebar();
+ − 1600
*/
+ − 1601
+ − 1602
function fetch_sidebar()
+ − 1603
{
+ − 1604
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1605
+ − 1606
$left = '';
+ − 1607
$right = '';
+ − 1608
+ − 1609
if ( !$this->fetch_block('Links') )
+ − 1610
$this->initLinksWidget();
+ − 1611
+ − 1612
$q = $db->sql_query('SELECT item_id,sidebar_id,block_name,block_type,block_content FROM '.table_prefix.'sidebar WHERE item_enabled=1 ORDER BY sidebar_id ASC, item_order ASC;');
+ − 1613
if(!$q) $db->_die('The sidebar text data could not be selected.');
+ − 1614
+ − 1615
$vars = $this->extract_vars('elements.tpl');
+ − 1616
+ − 1617
if(isset($vars['sidebar_top']))
+ − 1618
{
+ − 1619
$left .= $this->parse($vars['sidebar_top']);
+ − 1620
$right .= $this->parse($vars['sidebar_top']);
+ − 1621
}
+ − 1622
while($row = $db->fetchrow())
+ − 1623
{
+ − 1624
switch($row['block_type'])
+ − 1625
{
+ − 1626
case BLOCK_WIKIFORMAT:
+ − 1627
default:
+ − 1628
$parser = $this->makeParserText($vars['sidebar_section']);
+ − 1629
$c = RenderMan::render($row['block_content']);
+ − 1630
break;
+ − 1631
case BLOCK_TEMPLATEFORMAT:
+ − 1632
$parser = $this->makeParserText($vars['sidebar_section']);
+ − 1633
$c = $this->tplWikiFormat($row['block_content']);
+ − 1634
break;
+ − 1635
case BLOCK_HTML:
+ − 1636
$parser = $this->makeParserText($vars['sidebar_section_raw']);
+ − 1637
$c = $row['block_content'];
+ − 1638
break;
+ − 1639
case BLOCK_PHP:
+ − 1640
$parser = $this->makeParserText($vars['sidebar_section_raw']);
+ − 1641
ob_start();
+ − 1642
@eval($row['block_content']);
+ − 1643
$c = ob_get_contents();
+ − 1644
ob_end_clean();
+ − 1645
break;
+ − 1646
case BLOCK_PLUGIN:
+ − 1647
$parser = $this->makeParserText($vars['sidebar_section_raw']);
+ − 1648
$c = (gettype($this->fetch_block($row['block_content'])) == 'string') ? $this->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 1649
break;
+ − 1650
}
+ − 1651
$parser->assign_vars(Array( 'TITLE'=>$this->tplWikiFormat($row['block_name']), 'CONTENT'=>$c ));
+ − 1652
if ($row['sidebar_id'] == SIDEBAR_LEFT ) $left .= $parser->run();
+ − 1653
elseif($row['sidebar_id'] == SIDEBAR_RIGHT) $right .= $parser->run();
+ − 1654
unset($parser);
+ − 1655
}
+ − 1656
$db->free_result();
+ − 1657
if(isset($vars['sidebar_bottom']))
+ − 1658
{
+ − 1659
$left .= $this->parse($vars['sidebar_bottom']);
+ − 1660
$right .= $this->parse($vars['sidebar_bottom']);
+ − 1661
}
+ − 1662
$min = '';
+ − 1663
if(isset($vars['sidebar_top']))
+ − 1664
{
+ − 1665
$min .= $this->parse($vars['sidebar_top']);
+ − 1666
}
+ − 1667
if(isset($vars['sidebar_bottom']))
+ − 1668
{
+ − 1669
$min .= $this->parse($vars['sidebar_bottom']);
+ − 1670
}
+ − 1671
return Array($left, $right, $min);
+ − 1672
}
+ − 1673
+ − 1674
function initLinksWidget()
+ − 1675
{
+ − 1676
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1677
// SourceForge/W3C buttons
+ − 1678
$ob = Array();
27
dd659f6ba891
Converting all tables on new installations to UTF-8; this may break MySQL 4.0 compatibility; several minor cosmetic fixes; set Powered button under Links to "on" by default
Dan
diff
changeset
+ − 1679
$admintitle = ( $session->user_level >= USER_LEVEL_ADMIN ) ? 'title="You may disable this button in the admin panel under General Configuration."' : '';
1
+ − 1680
if(getConfig('sflogo_enabled')=='1')
+ − 1681
{
203
+ − 1682
$sflogo_secure = ( isset($_SERVER['HTTPS']) ) ? 'https' : 'http';
+ − 1683
$ob[] = '<a style="text-align: center;" href="http://sourceforge.net/" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border-width: 0px;" alt="SourceForge.net Logo" src="' . $sflogo_secure . '://sflogo.sourceforge.net/sflogo.php?group_id='.getConfig('sflogo_groupid').'&type='.getConfig('sflogo_type').'" /></a>';
1
+ − 1684
}
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1685
if(getConfig('w3c_v32') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 3.2" src="http://www.w3.org/Icons/valid-html32" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1686
if(getConfig('w3c_v40') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.0" src="http://www.w3.org/Icons/valid-html40" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1687
if(getConfig('w3c_v401') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.01" src="http://www.w3.org/Icons/valid-html401" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1688
if(getConfig('w3c_vxhtml10')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.0" src="http://www.w3.org/Icons/valid-xhtml10" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1689
if(getConfig('w3c_vxhtml11')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.1" src="http://www.w3.org/Icons/valid-xhtml11" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1690
if(getConfig('w3c_vcss') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid CSS" src="http://www.w3.org/Icons/valid-css" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1691
if(getConfig('dbd_button') =='1') $ob[] = '<a style="text-align: center;" href="http://www.defectivebydesign.org/join/button" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="DRM technology restricts what you can do with your computer" src="http://defectivebydesign.org/sites/nodrm.civicactions.net/files/images/dbd_sm_btn.gif" /><br /><small>Protect your freedom >></small></a>';
1
+ − 1692
+ − 1693
$code = $plugins->setHook('links_widget');
+ − 1694
foreach ( $code as $cmd )
+ − 1695
{
+ − 1696
eval($cmd);
+ − 1697
}
+ − 1698
71
+ − 1699
if(count($ob) > 0 || getConfig('powered_btn') == '1') $sb_links = '<div style="text-align: center; padding: 5px 0;">'. ( ( getConfig('powered_btn') == '1' ) ? $this->fading_button : '' ) . implode('<br />', $ob).'</div>';
1
+ − 1700
else $sb_links = '';
+ − 1701
+ − 1702
$this->sidebar_widget('Links', $sb_links);
+ − 1703
}
+ − 1704
+ − 1705
/**
+ − 1706
* Builds a box showing unread private messages.
+ − 1707
*/
+ − 1708
+ − 1709
function notify_unread_pms()
+ − 1710
{
+ − 1711
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1712
if ( ( $paths->cpage['urlname_nons'] == 'PrivateMessages' || $paths->cpage['urlname_nons'] == 'Preferences' ) && $paths->namespace == 'Special' )
+ − 1713
{
+ − 1714
return '';
+ − 1715
}
+ − 1716
$ob = '<div class="usermessage">'."\n";
+ − 1717
$s = ( $session->unread_pms == 1 ) ? '' : 's';
+ − 1718
$ob .= " <b>You have $session->unread_pms <a href=" . '"' . makeUrlNS('Special', 'PrivateMessages' ) . '"' . ">unread private message$s</a>.</b><br />\n Messages: ";
+ − 1719
$q = $db->sql_query('SELECT message_id,message_from,subject,date FROM '.table_prefix.'privmsgs WHERE message_to=\'' . $session->username . '\' AND message_read=0 ORDER BY date DESC;');
+ − 1720
if ( !$q )
+ − 1721
$db->_die();
+ − 1722
$messages = array();
+ − 1723
while ( $row = $db->fetchrow() )
+ − 1724
{
+ − 1725
$messages[] = '<a href="' . makeUrlNS('Special', 'PrivateMessages/View/' . $row['message_id']) . '" title="Sent ' . date('F d, Y h:i a', $row['date']) . ' by ' . $row['message_from'] . '">' . $row['subject'] . '</a>';
+ − 1726
}
+ − 1727
$ob .= implode(",\n " , $messages)."\n";
+ − 1728
$ob .= '</div>'."\n";
+ − 1729
return $ob;
+ − 1730
}
+ − 1731
+ − 1732
} // class template
+ − 1733
+ − 1734
/**
+ − 1735
* Handles parsing of an individual template file. Instances should only be created through $template->makeParser(). To use:
+ − 1736
* - Call $template->makeParser(template file name) - file name should be something.tpl, css/whatever.css, etc.
+ − 1737
* - Make an array of strings you want the template to access. $array['STRING'] would be referenced in the template like {STRING}
+ − 1738
* - Make an array of boolean values. These can be used for conditionals in the template (<!-- IF something --> whatever <!-- ENDIF something -->)
+ − 1739
* - Call assign_vars() to pass the strings to the template parser. Same thing with assign_bool().
+ − 1740
* - Call run() to parse the template and get your fully compiled HTML.
+ − 1741
* @access private
+ − 1742
*/
+ − 1743
+ − 1744
class templateIndividual extends template {
+ − 1745
var $tpl_strings, $tpl_bool, $tpl_code;
+ − 1746
var $compiled = false;
+ − 1747
/**
+ − 1748
* Constructor.
+ − 1749
*/
+ − 1750
function __construct($text)
+ − 1751
{
+ − 1752
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1753
$this->tpl_code = $text;
+ − 1754
$this->tpl_strings = $template->tpl_strings;
+ − 1755
$this->tpl_bool = $template->tpl_bool;
+ − 1756
}
+ − 1757
/**
+ − 1758
* PHP 4 constructor.
+ − 1759
*/
+ − 1760
function templateIndividual($text)
+ − 1761
{
+ − 1762
$this->__construct($text);
+ − 1763
}
+ − 1764
/**
+ − 1765
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file.
+ − 1766
* @param $vars array
+ − 1767
*/
+ − 1768
function assign_vars($vars)
+ − 1769
{
+ − 1770
$this->tpl_strings = array_merge($this->tpl_strings, $vars);
+ − 1771
}
+ − 1772
/**
+ − 1773
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements.
+ − 1774
* @param $vars array
+ − 1775
*/
+ − 1776
function assign_bool($vars)
+ − 1777
{
+ − 1778
$this->tpl_bool = array_merge($this->tpl_bool, $vars);
+ − 1779
}
+ − 1780
/**
+ − 1781
* Compiles and executes the template code.
+ − 1782
* @return string
+ − 1783
*/
+ − 1784
function run()
+ − 1785
{
+ − 1786
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1787
if(!$this->compiled)
+ − 1788
{
+ − 1789
$this->tpl_code = $this->compile_template_text($this->tpl_code);
+ − 1790
$this->compiled = true;
+ − 1791
}
+ − 1792
return eval($this->tpl_code);
+ − 1793
}
+ − 1794
}
+ − 1795
+ − 1796
/**
+ − 1797
* A version of the template compiler that does not rely at all on the other parts of Enano. Used during installation and for showing
+ − 1798
* "critical error" messages. ** REQUIRES ** the Oxygen theme.
+ − 1799
*/
+ − 1800
+ − 1801
class template_nodb {
+ − 1802
var $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list;
+ − 1803
function __construct() {
+ − 1804
+ − 1805
$this->tpl_bool = Array();
+ − 1806
$this->tpl_strings = Array();
+ − 1807
$this->sidebar_extra = '';
+ − 1808
$this->sidebar_widgets = '';
+ − 1809
$this->toolbar_menu = '';
+ − 1810
$this->additional_headers = '';
+ − 1811
+ − 1812
$this->theme_list = Array(Array(
+ − 1813
'theme_id'=>'oxygen',
+ − 1814
'theme_name'=>'Oxygen',
+ − 1815
'theme_order'=>1,
+ − 1816
'enabled'=>1,
+ − 1817
));
+ − 1818
}
+ − 1819
function template() {
+ − 1820
$this->__construct();
+ − 1821
}
+ − 1822
function get_css($s = false) {
+ − 1823
if($s)
+ − 1824
return $this->process_template('css/'.$s);
+ − 1825
else
+ − 1826
return $this->process_template('css/'.$this->style.'.css');
+ − 1827
}
+ − 1828
function load_theme($name, $css, $auto_init = true) {
+ − 1829
$this->theme = $name;
+ − 1830
$this->style = $css;
+ − 1831
+ − 1832
$this->tpl_strings['SCRIPTPATH'] = scriptPath;
+ − 1833
if ( $auto_init )
+ − 1834
$this->init_vars();
+ − 1835
}
+ − 1836
function init_vars()
+ − 1837
{
+ − 1838
global $sideinfo;
+ − 1839
global $this_page;
+ − 1840
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1841
$tplvars = $this->extract_vars('elements.tpl');
+ − 1842
$tb = '';
+ − 1843
// Get the "article" button text (depends on namespace)
+ − 1844
if(defined('IN_ENANO_INSTALL')) $ns = 'installation page';
+ − 1845
else $ns = 'system error page';
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1846
$t = str_replace('{FLAGS}', 'onclick="if ( !KILL_SWITCH ) { return false; }" title="Hey! A button that doesn\'t do anything. Clever..." accesskey="a"', $tplvars['toolbar_button']);
1
+ − 1847
$t = str_replace('{HREF}', '#', $t);
+ − 1848
$t = str_replace('{TEXT}', $ns, $t);
+ − 1849
$tb .= $t;
+ − 1850
+ − 1851
// Page toolbar
+ − 1852
+ − 1853
$this->tpl_bool = Array(
+ − 1854
'auth_admin'=>true,
+ − 1855
'user_logged_in'=>true,
+ − 1856
'right_sidebar'=>false,
+ − 1857
);
+ − 1858
$this->tpl_bool['in_sidebar_admin'] = false;
+ − 1859
+ − 1860
$this->tpl_bool['auth_rename'] = false;
+ − 1861
+ − 1862
$asq = $asa = '';
+ − 1863
+ − 1864
$this->tpl_bool['fixed_menus'] = false;
+ − 1865
$slink = defined('IN_ENANO_INSTALL') ? scriptPath.'/install.php?mode=css' : makeUrlNS('Special', 'CSS');
+ − 1866
+ − 1867
$title = ( is_object($paths) ) ? $paths->page : 'Critical error';
+ − 1868
+ − 1869
// The rewritten template engine will process all required vars during the load_template stage instead of (cough) re-processing everything each time around.
+ − 1870
$tpl_strings = Array(
+ − 1871
'PAGE_NAME'=>$this_page,
+ − 1872
'PAGE_URLNAME'=>'Null',
+ − 1873
'SITE_NAME'=>'Enano Installation',
+ − 1874
'USERNAME'=>'admin',
+ − 1875
'SITE_DESC'=>'Install Enano on your server.',
+ − 1876
'TOOLBAR'=>$tb,
+ − 1877
'SCRIPTPATH'=>scriptPath,
+ − 1878
'CONTENTPATH'=>contentPath,
+ − 1879
'ADMIN_SID_QUES'=>$asq,
+ − 1880
'ADMIN_SID_AMP'=>$asa,
+ − 1881
'ADMIN_SID_AMP_HTML'=>'',
+ − 1882
'ADDITIONAL_HEADERS'=>'<style type="text/css">div.pagenav { border-top: 1px solid #CCC; padding-top: 7px; margin-top: 10px; }</style>',
+ − 1883
'SIDEBAR_EXTRA'=>'',
+ − 1884
'COPYRIGHT'=>'Enano and all of its code, graphics, and more code is copyright © 2006 Dan Fuhry.<br />This program is Free Software; see the file "GPL" included with this package for details.',
+ − 1885
'TOOLBAR_EXTRAS'=>'',
125
+ − 1886
'REQUEST_URI'=>( isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '' ).$_SERVER['REQUEST_URI'],
1
+ − 1887
'STYLE_LINK'=>$slink,
+ − 1888
'LOGOUT_LINK'=>'',
+ − 1889
'THEME_LINK'=>'',
+ − 1890
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme,
+ − 1891
'THEME_ID'=>$this->theme,
+ − 1892
'STYLE_ID'=>$this->style,
+ − 1893
'JS_DYNAMIC_VARS'=>'<script type="text/javascript">var title="'. $title .'"; var scriptPath="'.scriptPath.'"; var ENANO_SID=""; var AES_BITS='.AES_BITS.'; var AES_BLOCKSIZE=' . AES_BLOCKSIZE . '; var pagepass=\'\';</script>',
+ − 1894
'SIDEBAR_RIGHT'=>'',
+ − 1895
);
+ − 1896
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings);
+ − 1897
+ − 1898
$sidebar = ( gettype($sideinfo) == 'string' ) ? $sideinfo : '';
+ − 1899
if($sidebar != '')
+ − 1900
{
+ − 1901
if(isset($tplvars['sidebar_top']))
+ − 1902
{
+ − 1903
$text = $this->makeParserText($tplvars['sidebar_top']);
+ − 1904
$top = $text->run();
+ − 1905
} else {
+ − 1906
$top = '';
+ − 1907
}
+ − 1908
$p = $this->makeParserText($tplvars['sidebar_section']);
+ − 1909
$p->assign_vars(Array(
+ − 1910
'TITLE'=>'Installation progress',
+ − 1911
'CONTENT'=>$sidebar,
+ − 1912
));
+ − 1913
$sidebar = $p->run();
+ − 1914
if(isset($tplvars['sidebar_bottom']))
+ − 1915
{
+ − 1916
$text = $this->makeParserText($tplvars['sidebar_bottom']);
+ − 1917
$bottom = $text->run();
+ − 1918
} else {
+ − 1919
$bottom = '';
+ − 1920
}
+ − 1921
$sidebar = $top . $sidebar . $bottom;
+ − 1922
}
+ − 1923
$this->tpl_strings['SIDEBAR_LEFT'] = $sidebar;
+ − 1924
+ − 1925
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != '') ? true : false;
+ − 1926
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != '') ? true : false;
+ − 1927
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility
+ − 1928
$this->tpl_bool['stupid_mode'] = true;
+ − 1929
}
+ − 1930
function header()
+ − 1931
{
+ − 1932
if(!$this->no_headers) echo $this->process_template('header.tpl');
+ − 1933
}
+ − 1934
function footer()
+ − 1935
{
+ − 1936
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1937
if(!$this->no_headers) {
+ − 1938
global $_starttime;
91
+ − 1939
1
+ − 1940
$f = microtime(true);
+ − 1941
$f = $f - $_starttime;
+ − 1942
$f = round($f, 4);
+ − 1943
if(defined('IN_ENANO_INSTALL')) $nq = 'N/A';
+ − 1944
else $nq = $db->num_queries;
+ − 1945
if($nq == 0) $nq = 'N/A';
+ − 1946
$dbg = 'Time: '.$f.'s | Queries: '.$nq;
+ − 1947
$t = $this->process_template('footer.tpl');
+ − 1948
$t = str_replace('[[Stats]]', $dbg, $t);
98
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 1949
if ( is_object($db) )
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 1950
{
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 1951
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 1952
}
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 1953
else
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 1954
{
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 1955
$t = str_replace('[[NumQueries]]', '0', $t);
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 1956
}
91
+ − 1957
$t = str_replace('[[GenTime]]', (string)$f, $t);
+ − 1958
1
+ − 1959
echo $t;
+ − 1960
}
+ − 1961
else return '';
+ − 1962
}
+ − 1963
function getHeader()
+ − 1964
{
+ − 1965
if(!$this->no_headers) return $this->process_template('header.tpl');
+ − 1966
else return '';
+ − 1967
}
+ − 1968
function getFooter()
+ − 1969
{
+ − 1970
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1971
if(!$this->no_headers) {
+ − 1972
global $_starttime;
+ − 1973
$f = microtime(true);
+ − 1974
$f = $f - $_starttime;
+ − 1975
$f = round($f, 4);
+ − 1976
if(defined('IN_ENANO_INSTALL')) $nq = 'N/A';
+ − 1977
else $nq = $db->num_queries;
+ − 1978
if($nq == 0) $nq = 'N/A';
+ − 1979
$dbg = 'Time: '.$f.'s | Queries: '.$nq;
+ − 1980
if($nq == 0) $nq = 'N/A';
+ − 1981
$t = $this->process_template('footer.tpl');
+ − 1982
$t = str_replace('[[Stats]]', $dbg, $t);
+ − 1983
return $t;
+ − 1984
}
+ − 1985
else return '';
+ − 1986
}
+ − 1987
+ − 1988
function process_template($file) {
+ − 1989
+ − 1990
eval($this->compile_template($file));
+ − 1991
return $tpl_code;
+ − 1992
}
+ − 1993
+ − 1994
function extract_vars($file) {
+ − 1995
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1996
if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file)) die('Cannot find '.$file.' file for style "'.$this->theme.'", exiting');
+ − 1997
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file);
+ − 1998
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches);
+ − 1999
$tplvars = Array();
+ − 2000
for($i=0;$i<sizeof($matches[1]);$i++)
+ − 2001
{
+ − 2002
$tplvars[$matches[1][$i]] = $matches[2][$i];
+ − 2003
}
+ − 2004
return $tplvars;
+ − 2005
}
+ − 2006
function compile_template($text) {
+ − 2007
global $sideinfo;
+ − 2008
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text);
+ − 2009
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection
+ − 2010
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;';
+ − 2011
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2012
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text);
+ − 2013
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text);
+ − 2014
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;">Enano critical error page</a></div></div>', $text);
+ − 2015
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text);
+ − 2016
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2017
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text);
+ − 2018
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text);
+ − 2019
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text);
+ − 2020
return $text; //('<pre>'.htmlspecialchars($text).'</pre>');
+ − 2021
}
+ − 2022
+ − 2023
function compile_template_text($text) {
+ − 2024
global $sideinfo;
+ − 2025
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection
+ − 2026
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;';
+ − 2027
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2028
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text);
+ − 2029
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text);
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2030
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;>Enano critical error page</a></div></div>', $text);
1
+ − 2031
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text);
+ − 2032
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2033
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text);
+ − 2034
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text);
+ − 2035
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text);
+ − 2036
return $text; //('<pre>'.htmlspecialchars($text).'</pre>');
+ − 2037
}
+ − 2038
+ − 2039
/**
+ − 2040
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;)
+ − 2041
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class.
+ − 2042
* @param $filename the filename of the template to be parsed
+ − 2043
* @return object
+ − 2044
*/
+ − 2045
+ − 2046
function makeParser($filename)
+ − 2047
{
+ − 2048
$filename = ENANO_ROOT.'/themes/'.$this->theme.'/'.$filename;
+ − 2049
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist');
+ − 2050
$code = file_get_contents($filename);
+ − 2051
$parser = new templateIndividualSafe($code, $this);
+ − 2052
return $parser;
+ − 2053
}
+ − 2054
+ − 2055
/**
+ − 2056
* Same as $template->makeParser(), but takes a string instead of a filename.
+ − 2057
* @param $text the text to parse
+ − 2058
* @return object
+ − 2059
*/
+ − 2060
+ − 2061
function makeParserText($code)
+ − 2062
{
+ − 2063
$parser = new templateIndividualSafe($code, $this);
+ − 2064
return $parser;
+ − 2065
}
+ − 2066
+ − 2067
} // class template_nodb
+ − 2068
+ − 2069
/**
+ − 2070
* Identical to templateIndividual, except extends template_nodb instead of template
+ − 2071
* @see class template
+ − 2072
*/
+ − 2073
+ − 2074
class templateIndividualSafe extends template_nodb {
+ − 2075
var $tpl_strings, $tpl_bool, $tpl_code;
+ − 2076
var $compiled = false;
+ − 2077
/**
+ − 2078
* Constructor.
+ − 2079
*/
+ − 2080
function __construct($text, $parent)
+ − 2081
{
+ − 2082
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2083
$this->tpl_code = $text;
+ − 2084
$this->tpl_strings = $parent->tpl_strings;
+ − 2085
$this->tpl_bool = $parent->tpl_bool;
+ − 2086
}
+ − 2087
/**
+ − 2088
* PHP 4 constructor.
+ − 2089
*/
+ − 2090
function templateIndividual($text)
+ − 2091
{
+ − 2092
$this->__construct($text);
+ − 2093
}
+ − 2094
/**
+ − 2095
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file.
+ − 2096
* @param $vars array
+ − 2097
*/
+ − 2098
function assign_vars($vars)
+ − 2099
{
+ − 2100
if(is_array($this->tpl_strings))
+ − 2101
$this->tpl_strings = array_merge($this->tpl_strings, $vars);
+ − 2102
else
+ − 2103
$this->tpl_strings = $vars;
+ − 2104
}
+ − 2105
/**
+ − 2106
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements.
+ − 2107
* @param $vars array
+ − 2108
*/
+ − 2109
function assign_bool($vars)
+ − 2110
{
+ − 2111
$this->tpl_bool = array_merge($this->tpl_bool, $vars);
+ − 2112
}
+ − 2113
/**
+ − 2114
* Compiles and executes the template code.
+ − 2115
* @return string
+ − 2116
*/
+ − 2117
function run()
+ − 2118
{
+ − 2119
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2120
if(!$this->compiled)
+ − 2121
{
+ − 2122
$this->tpl_code = $this->compile_template_text($this->tpl_code);
+ − 2123
$this->compiled = true;
+ − 2124
}
+ − 2125
return eval($this->tpl_code);
+ − 2126
}
+ − 2127
}
+ − 2128
+ − 2129
?>