author | Dan |
Thu, 06 Mar 2008 23:31:28 -0500 (2008-03-07) | |
changeset 485 | 7134d4bf7a23 |
parent 484 | 340c81fdd350 |
child 488 | 5560ff856dd7 |
permissions | -rw-r--r-- |
1 | 1 |
<?php |
2 |
||
3 |
/* |
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
411 | 5 |
* Version 1.1.2 (Caoineag alpha 2) |
1 | 6 |
* Copyright (C) 2006-2007 Dan Fuhry |
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
14 |
||
15 |
class template { |
|
16 |
var $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list, $named_theme_list, $default_theme, $default_style, $plugin_blocks, $namespace_string, $style_list, $theme_loaded; |
|
30 | 17 |
|
18 |
/** |
|
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
19 |
* The list of themes that are critical for Enano operation. This doesn't include oxygen which |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
20 |
* remains a user theme. By default this is admin and printable which have to be loaded on demand. |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
21 |
* @var array |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
22 |
*/ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
23 |
|
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
24 |
var $system_themes = array('admin', 'printable'); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
25 |
|
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
26 |
/** |
30 | 27 |
* Set to true if the site is disabled and thus a message needs to be shown. This should ONLY be changed by common.php. |
28 |
* @var bool |
|
29 |
* @access private |
|
30 |
*/ |
|
31 |
||
32 |
var $site_disabled = false; |
|
33 |
||
53 | 34 |
/** |
35 |
* One of the absolute best parts of Enano :-P |
|
36 |
* @var string |
|
37 |
*/ |
|
38 |
||
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
parents:
53
diff
changeset
|
39 |
var $fading_button = ''; |
53 | 40 |
|
1 | 41 |
function __construct() |
42 |
{ |
|
43 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
44 |
$this->tpl_bool = Array(); |
|
45 |
$this->tpl_strings = Array(); |
|
46 |
$this->sidebar_extra = ''; |
|
47 |
$this->toolbar_menu = ''; |
|
48 |
$this->additional_headers = ''; |
|
49 |
$this->plugin_blocks = Array(); |
|
50 |
$this->theme_loaded = false; |
|
51 |
||
201
2303ef648290
[minor] added bottom margin for enanocms.org fading button
Dan
parents:
189
diff
changeset
|
52 |
$this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto 5px auto;"> |
371
dc6026376919
Improved compatibility with PostgreSQL and fixed a number of installer bugs; fixed missing "meta" category declaration in language files
Dan
parents:
370
diff
changeset
|
53 |
<a style="background-image: none; padding-right: 0;" href="http://enanocms.org/" onclick="window.open(this.href); return false;"><img style="border-width: 0;" alt=" " src="'.scriptPath.'/images/about-powered-enano.png" onmouseover="domOpacity(this, 100, 0, 500);" onmouseout="domOpacity(this, 0, 100, 500);" /></a> |
87
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
parents:
86
diff
changeset
|
54 |
</div>'; |
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
parents:
53
diff
changeset
|
55 |
|
1 | 56 |
$this->theme_list = Array(); |
57 |
$this->named_theme_list = Array(); |
|
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
58 |
|
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
59 |
$q = $db->sql_query('SELECT theme_id, theme_name, enabled, default_style, group_policy, group_list FROM ' . table_prefix . 'themes;'); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
60 |
if ( !$q ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
61 |
$db->_die('template.php selecting theme list'); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
62 |
|
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
63 |
$i = 0; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
64 |
while ( $row = $db->fetchrow() ) |
1 | 65 |
{ |
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
66 |
$this->theme_list[$i] = $row; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
67 |
$i++; |
1 | 68 |
} |
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
69 |
// List out all CSS files for this theme |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
70 |
foreach ( $this->theme_list as $i => &$theme ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
71 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
72 |
$theme['css'] = array(); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
73 |
$dir = ENANO_ROOT . "/themes/{$theme['theme_id']}/css"; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
74 |
if ( $dh = @opendir($dir) ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
75 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
76 |
while ( ( $file = @readdir($dh) ) !== false ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
77 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
78 |
if ( preg_match('/\.css$/', $file) ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
79 |
$theme['css'][] = preg_replace('/\.css$/', '', $file); |
1 | 80 |
} |
81 |
closedir($dh); |
|
82 |
} |
|
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
83 |
// No CSS files? If so, nuke it. |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
84 |
if ( count($theme['css']) < 1 ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
85 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
86 |
unset($this->theme_list[$i]); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
87 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
88 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
89 |
$this->theme_list = array_values($this->theme_list); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
90 |
// Create associative array of themes |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
91 |
foreach ( $this->theme_list as $i => &$theme ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
92 |
$this->named_theme_list[ $theme['theme_id'] ] =& $this->theme_list[$i]; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
93 |
|
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
94 |
$this->default_theme = ( $_ = getConfig('theme_default') ) ? $_ : $this->theme_list[0]['theme_id']; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
95 |
// Come up with the default style. If the CSS file specified in default_style exists, we're good, just |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
96 |
// use that. Otherwise, use the first stylesheet that comes to mind. |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
97 |
$df_data =& $this->named_theme_list[ $this->default_theme ]; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
98 |
$this->default_style = ( in_array($df_data['default_style'], $df_data['css']) ) ? $df_data['default_style'] : $df_data['css'][0]; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
99 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
100 |
|
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
101 |
/** |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
102 |
* Systematically deletes themes if they're blocked by theme security settings. Called when session->start() finishes. |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
103 |
*/ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
104 |
|
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
105 |
function process_theme_acls() |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
106 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
107 |
global $db, $session, $paths, $template, $plugins; // Common objects |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
108 |
|
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
109 |
// For each theme, check ACLs and delete from RAM if not authorized |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
110 |
foreach ( $this->theme_list as $i => $theme ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
111 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
112 |
if ( !$theme['group_list'] ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
113 |
continue; |
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents:
471
diff
changeset
|
114 |
if ( $theme['theme_id'] === getConfig('theme_default') ) |
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents:
471
diff
changeset
|
115 |
continue; |
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
116 |
switch ( $theme['group_policy'] ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
117 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
118 |
case 'allow_all': |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
119 |
// Unconditionally allowed |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
120 |
continue; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
121 |
break; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
122 |
case 'whitelist': |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
123 |
// If we're not on the list, off to the left please |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
124 |
$list = enano_json_decode($theme['group_list']); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
125 |
$allowed = false; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
126 |
foreach ( $list as $acl ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
127 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
128 |
if ( !preg_match('/^(u|g):([0-9]+)$/', $acl, $match) ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
129 |
// Invalid list entry, silently allow (maybe not a good idea but |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
130 |
// really, these things are checked before they're inserted) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
131 |
continue 2; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
132 |
$mode = $match[1]; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
133 |
$id = intval($match[2]); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
134 |
switch ( $mode ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
135 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
136 |
case 'u': |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
137 |
$allowed = ( $id == $session->user_id ); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
138 |
if ( $allowed ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
139 |
break 2; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
140 |
break; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
141 |
case 'g': |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
142 |
$allowed = ( isset($session->groups[$id]) ); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
143 |
if ( $allowed ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
144 |
break 2; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
145 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
146 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
147 |
if ( !$allowed ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
148 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
149 |
unset($this->theme_list[$i]); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
150 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
151 |
break; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
152 |
case 'blacklist': |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
153 |
// If we're ON the list, off to the left please |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
154 |
$list = enano_json_decode($theme['group_list']); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
155 |
$allowed = true; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
156 |
foreach ( $list as $acl ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
157 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
158 |
if ( !preg_match('/^(u|g):([0-9]+)$/', $acl, $match) ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
159 |
// Invalid list entry, silently allow (maybe not a good idea but |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
160 |
// really, these things are checked before they're inserted) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
161 |
continue 2; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
162 |
$mode = $match[1]; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
163 |
$id = intval($match[2]); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
164 |
switch ( $mode ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
165 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
166 |
case 'u': |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
167 |
$allowed = ( $id != $session->user_id ); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
168 |
if ( !$allowed ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
169 |
break 2; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
170 |
break; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
171 |
case 'g': |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
172 |
$allowed = ( !isset($session->groups[$id]) ); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
173 |
if ( !$allowed ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
174 |
break 2; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
175 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
176 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
177 |
if ( !$allowed ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
178 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
179 |
unset($this->theme_list[$i]); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
180 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
181 |
break; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
182 |
} |
1 | 183 |
} |
184 |
||
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
185 |
$this->theme_list = array_values($this->theme_list); |
1 | 186 |
|
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
187 |
// Rebuild associative theme list |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
188 |
$this->named_theme_list = array(); |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
189 |
foreach ( $this->theme_list as $i => &$theme ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
190 |
$this->named_theme_list[ $theme['theme_id'] ] =& $this->theme_list[$i]; |
1 | 191 |
} |
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
192 |
|
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
193 |
function sidebar_widget($t, $h, $use_normal_section = false) |
1 | 194 |
{ |
195 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
196 |
if(!defined('ENANO_TEMPLATE_LOADED')) |
|
197 |
{ |
|
198 |
$this->load_theme($session->theme, $session->style); |
|
199 |
} |
|
200 |
if(!$this->sidebar_widgets) |
|
201 |
$this->sidebar_widgets = ''; |
|
202 |
$tplvars = $this->extract_vars('elements.tpl'); |
|
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
203 |
|
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
204 |
if ( $use_normal_section ) |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
205 |
{ |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
206 |
$parser = $this->makeParserText($tplvars['sidebar_section']); |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
207 |
} |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
208 |
else |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
209 |
{ |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
210 |
$parser = $this->makeParserText($tplvars['sidebar_section_raw']); |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
211 |
} |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
212 |
|
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
213 |
$parser->assign_vars(Array('TITLE' => '{TITLE}','CONTENT' => $h)); |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
214 |
$this->plugin_blocks[$t] = $parser->run(); |
1 | 215 |
$this->sidebar_widgets .= $parser->run(); |
216 |
} |
|
217 |
function add_header($html) |
|
218 |
{ |
|
219 |
$this->additional_headers .= "\n" . $html; |
|
220 |
} |
|
221 |
function get_css($s = false) |
|
222 |
{ |
|
223 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
224 |
if(!defined('ENANO_TEMPLATE_LOADED')) |
|
225 |
$this->load_theme($session->theme, $session->style); |
|
226 |
$path = ( $s ) ? 'css/'.$s : 'css/'.$this->style.'.css'; |
|
227 |
if ( !file_exists(ENANO_ROOT . '/themes/' . $this->theme . '/' . $path) ) |
|
228 |
{ |
|
229 |
echo "/* WARNING: Falling back to default file because file $path does not exist */\n"; |
|
230 |
$path = 'css/' . $this->style_list[0] . '.css'; |
|
231 |
} |
|
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
232 |
return '<enano:no-opt>' . $this->process_template($path) . '</enano:no-opt>'; |
1 | 233 |
} |
234 |
function load_theme($name = false, $css = false) |
|
235 |
{ |
|
236 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
237 |
$this->theme = ( $name ) ? $name : $session->theme; |
|
238 |
$this->style = ( $css ) ? $css : $session->style; |
|
239 |
if ( !$this->theme ) |
|
240 |
{ |
|
241 |
$this->theme = $this->theme_list[0]['theme_id']; |
|
468
194a19711346
Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents:
458
diff
changeset
|
242 |
$this->style = preg_replace('/\.css$/', '', $this->theme_list[0]['default_style']); |
1 | 243 |
} |
471
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
244 |
// Make sure we're allowed to use this theme. |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
245 |
if ( ( |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
246 |
// If it was removed, it's probably blocked by an ACL, or it was uninstalled |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
247 |
!isset($this->named_theme_list[$this->theme]) || |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
248 |
// Check if the theme is disabled |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
249 |
( isset($this->named_theme_list[$this->theme]) && $this->named_theme_list[$this->theme]['enabled'] == 0 ) ) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
250 |
// Above all, if it's a system theme, don't inhibit the loading process. |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
251 |
&& !in_array($this->theme, $this->system_themes) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
252 |
) |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
253 |
{ |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
254 |
// No, something is preventing it - fall back to site default |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
255 |
$this->theme = $this->default_theme; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
256 |
|
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
257 |
// Come up with the default style. If the CSS file specified in default_style exists, we're good, just |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
258 |
// use that. Otherwise, use the first stylesheet that comes to mind. |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
259 |
$df_data =& $this->named_theme_list[ $this->theme ]; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
260 |
$this->style = ( in_array($df_data['default_style'], $df_data['css']) ) ? $df_data['default_style'] : $df_data['css'][0]; |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
261 |
} |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
262 |
// The list of styles for the currently selected theme |
7906fb190fc1
Implemented all security features on theme disabling and ACLs; added clean_key mode to login API to clean unused encryption keys
Dan
parents:
468
diff
changeset
|
263 |
$this->style_list =& $this->named_theme_list[ $this->theme ]['css']; |
1 | 264 |
$this->theme_loaded = true; |
265 |
} |
|
266 |
||
267 |
function init_vars() |
|
268 |
{ |
|
269 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
270 |
global $email; |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
208
diff
changeset
|
271 |
global $lang; |
1 | 272 |
|
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
273 |
profiler_log("template: starting var init"); |
1 | 274 |
|
275 |
if(!$this->theme || !$this->style) |
|
276 |
{ |
|
277 |
$this->load_theme(); |
|
278 |
} |
|
279 |
||
280 |
if(defined('ENANO_TEMPLATE_LOADED')) |
|
281 |
{ |
|
282 |
die_semicritical('Illegal call', '<p>$template->load_theme was called multiple times, this is not supposed to happen. Exiting with fatal error.</p>'); |
|
283 |
} |
|
284 |
||
285 |
define('ENANO_TEMPLATE_LOADED', ''); |
|
286 |
||
287 |
$tplvars = $this->extract_vars('elements.tpl'); |
|
288 |
||
289 |
if(isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) |
|
290 |
{ |
|
291 |
$this->add_header(' |
|
292 |
<!--[if lt IE 7]> |
|
293 |
<script language="JavaScript"> |
|
294 |
function correctPNG() // correctly handle PNG transparency in Win IE 5.5 & 6. |
|
295 |
{ |
|
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents:
85
diff
changeset
|
296 |
var arVersion = navigator.appVersion.split("MSIE"); |
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents:
85
diff
changeset
|
297 |
var version = parseFloat(arVersion[1]); |
1 | 298 |
if (version >= 5.5 && typeof(document.body.filters) == "object") |
299 |
{ |
|
300 |
for(var i=0; i<document.images.length; i++) |
|
301 |
{ |
|
302 |
var img = document.images[i]; |
|
303 |
continue; |
|
304 |
var imgName = img.src.toUpperCase(); |
|
305 |
if (imgName.substring(imgName.length-3, imgName.length) == "PNG") |
|
306 |
{ |
|
307 |
var imgID = (img.id) ? "id=\'" + img.id + "\' " : ""; |
|
308 |
var imgClass = (img.className) ? "class=\'" + img.className + "\' " : ""; |
|
309 |
var imgTitle = (img.title) ? "title=\'" + img.title + "\' " : "title=\'" + img.alt + "\' "; |
|
310 |
var imgStyle = "display:inline-block;" + img.style.cssText; |
|
311 |
if (img.align == "left") imgStyle = "float:left;" + imgStyle; |
|
312 |
if (img.align == "right") imgStyle = "float:right;" + imgStyle; |
|
313 |
if (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle; |
|
314 |
var strNewHTML = "<span " + imgID + imgClass + imgTitle + " style=\\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";" + "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader" + "(src=\\\'" + img.src + "\\\', sizingMethod=\'scale\');\\"></span>"; |
|
315 |
img.outerHTML = strNewHTML; |
|
316 |
i = i-1; |
|
317 |
} |
|
318 |
} |
|
319 |
} |
|
320 |
} |
|
321 |
window.attachEvent("onload", correctPNG); |
|
322 |
</script> |
|
323 |
<![endif]--> |
|
324 |
'); |
|
325 |
} |
|
326 |
||
327 |
// Get the "article" button text (depends on namespace) |
|
328 |
switch($paths->namespace) { |
|
329 |
case "Article": |
|
330 |
default: |
|
211 | 331 |
$ns = $lang->get('onpage_lbl_page_article'); |
1 | 332 |
break; |
333 |
case "Admin": |
|
211 | 334 |
$ns = $lang->get('onpage_lbl_page_admin'); |
1 | 335 |
break; |
336 |
case "System": |
|
211 | 337 |
$ns = $lang->get('onpage_lbl_page_system'); |
1 | 338 |
break; |
339 |
case "File": |
|
211 | 340 |
$ns = $lang->get('onpage_lbl_page_file'); |
1 | 341 |
break; |
342 |
case "Help": |
|
211 | 343 |
$ns = $lang->get('onpage_lbl_page_help'); |
1 | 344 |
break; |
345 |
case "User": |
|
211 | 346 |
$ns = $lang->get('onpage_lbl_page_user'); |
1 | 347 |
break; |
348 |
case "Special": |
|
211 | 349 |
$ns = $lang->get('onpage_lbl_page_special'); |
1 | 350 |
break; |
351 |
case "Template": |
|
211 | 352 |
$ns = $lang->get('onpage_lbl_page_template'); |
1 | 353 |
break; |
354 |
case "Project": |
|
211 | 355 |
$ns = $lang->get('onpage_lbl_page_project'); |
1 | 356 |
break; |
357 |
case "Category": |
|
211 | 358 |
$ns = $lang->get('onpage_lbl_page_category'); |
1 | 359 |
break; |
312
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
parents:
311
diff
changeset
|
360 |
case "Anonymous": |
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
parents:
311
diff
changeset
|
361 |
$ns = 'external page'; |
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
parents:
311
diff
changeset
|
362 |
break; |
1 | 363 |
} |
364 |
$this->namespace_string = $ns; |
|
211 | 365 |
unset($ns); |
1 | 366 |
$code = $plugins->setHook('page_type_string_set'); |
367 |
foreach ( $code as $cmd ) |
|
368 |
{ |
|
369 |
eval($cmd); |
|
370 |
} |
|
371 |
$ns =& $this->namespace_string; |
|
372 |
||
373 |
// Initialize the toolbar |
|
374 |
$tb = ''; |
|
375 |
||
376 |
// Create "xx page" button |
|
377 |
||
378 |
$btn_selected = ( isset($tplvars['toolbar_button_selected'])) ? $tplvars['toolbar_button_selected'] : $tplvars['toolbar_button']; |
|
379 |
$parser = $this->makeParserText($btn_selected); |
|
380 |
||
312
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
parents:
311
diff
changeset
|
381 |
if ( true || !$paths->anonymous_page ) |
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
382 |
{ |
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
383 |
$parser->assign_vars(array( |
313 | 384 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxReset()); return false; }" title="' . $lang->get('onpage_tip_article') . '" accesskey="a"', |
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
385 |
'PARENTFLAGS' => 'id="mdgToolbar_article"', |
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
386 |
'HREF' => makeUrl($paths->page, null, true), |
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
387 |
'TEXT' => $this->namespace_string |
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
388 |
)); |
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
389 |
|
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
390 |
$tb .= $parser->run(); |
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
391 |
} |
1 | 392 |
|
393 |
$button = $this->makeParserText($tplvars['toolbar_button']); |
|
394 |
||
395 |
// Page toolbar |
|
396 |
// Comments button |
|
397 |
if ( $session->get_permissions('read') && getConfig('enable_comments')=='1' && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $paths->cpage['comments_on'] == 1 ) |
|
398 |
{ |
|
399 |
||
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
320
diff
changeset
|
400 |
$e = $db->sql_query('SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$paths->page_id.'\' AND namespace=\''.$paths->namespace.'\';'); |
1 | 401 |
if ( !$e ) |
402 |
{ |
|
403 |
$db->_die(); |
|
404 |
} |
|
405 |
$nc = $db->numrows(); |
|
406 |
$nu = 0; |
|
407 |
$na = 0; |
|
408 |
||
409 |
while ( $r = $db->fetchrow() ) |
|
410 |
{ |
|
411 |
if ( !$r['approved'] ) |
|
412 |
{ |
|
413 |
$nu++; |
|
414 |
} |
|
415 |
else |
|
416 |
{ |
|
417 |
$na++; |
|
418 |
} |
|
419 |
} |
|
420 |
||
421 |
$db->free_result(); |
|
422 |
$n = ( $session->get_permissions('mod_comments') ) ? (string)$nc : (string)$na; |
|
423 |
if ( $session->get_permissions('mod_comments') && $nu > 0 ) |
|
424 |
{ |
|
211 | 425 |
$subst = array( |
426 |
'num_comments' => $nc, |
|
427 |
'num_unapp' => $nu |
|
428 |
); |
|
429 |
$btn_text = $lang->get('onpage_btn_discussion_unapp', $subst); |
|
430 |
} |
|
431 |
else |
|
432 |
{ |
|
433 |
$subst = array( |
|
434 |
'num_comments' => $nc |
|
435 |
); |
|
436 |
$btn_text = $lang->get('onpage_btn_discussion', $subst); |
|
1 | 437 |
} |
438 |
||
439 |
$button->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
440 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxComments()); return false; }" title="' . $lang->get('onpage_tip_comments') . '" accesskey="c"', |
1 | 441 |
'PARENTFLAGS' => 'id="mdgToolbar_discussion"', |
442 |
'HREF' => makeUrl($paths->page, 'do=comments', true), |
|
211 | 443 |
'TEXT' => $btn_text, |
1 | 444 |
)); |
445 |
||
446 |
$tb .= $button->run(); |
|
447 |
} |
|
448 |
// Edit button |
|
446
27f5ac58992c
Removed all PostgreSQL support from the installer as per http://enanocms.org/News:1200114064; installer support for Postgres is available in the 1.1 branch now
Dan
parents:
444
diff
changeset
|
449 |
if($session->get_permissions('read') && ($paths->namespace != 'Special' && $paths->namespace != 'Admin' && $paths->namespace != 'Anonymous') && ( $session->get_permissions('edit_page') && ( ( $paths->page_protected && $session->get_permissions('even_when_protected') ) || !$paths->page_protected ) ) ) |
1 | 450 |
{ |
451 |
$button->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
452 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxEditor()); return false; }" title="' . $lang->get('onpage_tip_edit') . '" accesskey="e"', |
1 | 453 |
'PARENTFLAGS' => 'id="mdgToolbar_edit"', |
454 |
'HREF' => makeUrl($paths->page, 'do=edit', true), |
|
211 | 455 |
'TEXT' => $lang->get('onpage_btn_edit') |
1 | 456 |
)); |
457 |
$tb .= $button->run(); |
|
458 |
// View source button |
|
459 |
} |
|
349
fdaf9070566c
More progress on the installer. At this point it can install and import the language, but does not rename config files. Still much work to be done, most notably localization and creation of MySQL users and databases.
Dan
parents:
345
diff
changeset
|
460 |
else if($session->get_permissions('view_source') && ( !$session->get_permissions('edit_page') || !$session->get_permissions('even_when_protected') && $paths->page_protected ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $paths->namespace != 'Anonymous') |
1 | 461 |
{ |
462 |
$button->assign_vars(array( |
|
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents:
326
diff
changeset
|
463 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxEditor()); return false; }" title="' . $lang->get('onpage_tip_viewsource') . '" accesskey="e"', |
1 | 464 |
'PARENTFLAGS' => 'id="mdgToolbar_edit"', |
465 |
'HREF' => makeUrl($paths->page, 'do=viewsource', true), |
|
211 | 466 |
'TEXT' => $lang->get('onpage_btn_viewsource') |
1 | 467 |
)); |
468 |
$tb .= $button->run(); |
|
469 |
} |
|
470 |
// History button |
|
471 |
if ( $session->get_permissions('read') /* && $paths->wiki_mode */ && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('history_view') ) |
|
472 |
{ |
|
473 |
$button->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
474 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxHistory()); return false; }" title="' . $lang->get('onpage_tip_history') . '" accesskey="h"', |
1 | 475 |
'PARENTFLAGS' => 'id="mdgToolbar_history"', |
476 |
'HREF' => makeUrl($paths->page, 'do=history', true), |
|
211 | 477 |
'TEXT' => $lang->get('onpage_btn_history') |
1 | 478 |
)); |
479 |
$tb .= $button->run(); |
|
480 |
} |
|
481 |
||
482 |
$menubtn = $this->makeParserText($tplvars['toolbar_menu_button']); |
|
483 |
||
484 |
// Additional actions menu |
|
485 |
// Rename button |
|
486 |
if ( $session->get_permissions('read') && $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
487 |
{ |
|
488 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
489 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxRename()); return false; }" title="' . $lang->get('onpage_tip_rename') . '" accesskey="r"', |
1 | 490 |
'HREF' => makeUrl($paths->page, 'do=rename', true), |
211 | 491 |
'TEXT' => $lang->get('onpage_btn_rename'), |
1 | 492 |
)); |
493 |
$this->toolbar_menu .= $menubtn->run(); |
|
494 |
} |
|
495 |
||
496 |
// Vote-to-delete button |
|
497 |
if ( $paths->wiki_mode && $session->get_permissions('vote_delete') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin') |
|
498 |
{ |
|
499 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
500 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDelVote()); return false; }" title="' . $lang->get('onpage_tip_delvote') . '" accesskey="d"', |
1 | 501 |
'HREF' => makeUrl($paths->page, 'do=delvote', true), |
211 | 502 |
'TEXT' => $lang->get('onpage_btn_votedelete'), |
1 | 503 |
)); |
504 |
$this->toolbar_menu .= $menubtn->run(); |
|
505 |
} |
|
506 |
||
507 |
// Clear-votes button |
|
508 |
if ( $session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0) |
|
509 |
{ |
|
510 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
511 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxResetDelVotes()); return false; }" title="' . $lang->get('onpage_tip_resetvotes') . '" accesskey="y"', |
1 | 512 |
'HREF' => makeUrl($paths->page, 'do=resetvotes', true), |
211 | 513 |
'TEXT' => $lang->get('onpage_btn_votedelete_reset'), |
1 | 514 |
)); |
515 |
$this->toolbar_menu .= $menubtn->run(); |
|
516 |
} |
|
517 |
||
518 |
// Printable page button |
|
519 |
if ( $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
520 |
{ |
|
521 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
522 |
'FLAGS' => 'title="' . $lang->get('onpage_tip_printable') . '"', |
1 | 523 |
'HREF' => makeUrl($paths->page, 'printable=yes', true), |
211 | 524 |
'TEXT' => $lang->get('onpage_btn_printable'), |
1 | 525 |
)); |
526 |
$this->toolbar_menu .= $menubtn->run(); |
|
527 |
} |
|
528 |
||
529 |
// Protect button |
|
530 |
if($session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('protect')) |
|
531 |
{ |
|
532 |
||
533 |
$label = $this->makeParserText($tplvars['toolbar_label']); |
|
211 | 534 |
$label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_protect'))); |
1 | 535 |
$t0 = $label->run(); |
536 |
||
537 |
$ctmp = ''; |
|
538 |
if ( $paths->cpage['protected'] == 1 ) |
|
539 |
{ |
|
540 |
$ctmp=' style="text-decoration: underline;"'; |
|
541 |
} |
|
542 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
543 |
'FLAGS' => 'accesskey="i" onclick="if ( !KILL_SWITCH ) { ajaxProtect(1); return false; }" id="protbtn_1" title="' . $lang->get('onpage_tip_protect_on') . '"'.$ctmp, |
1 | 544 |
'HREF' => makeUrl($paths->page, 'do=protect&level=1', true), |
211 | 545 |
'TEXT' => $lang->get('onpage_btn_protect_on') |
1 | 546 |
)); |
547 |
$t1 = $menubtn->run(); |
|
548 |
||
549 |
$ctmp = ''; |
|
550 |
if ( $paths->cpage['protected'] == 0 ) |
|
551 |
{ |
|
552 |
$ctmp=' style="text-decoration: underline;"'; |
|
553 |
} |
|
554 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
555 |
'FLAGS' => 'accesskey="o" onclick="if ( !KILL_SWITCH ) { ajaxProtect(0); return false; }" id="protbtn_0" title="' . $lang->get('onpage_tip_protect_off') . '"'.$ctmp, |
1 | 556 |
'HREF' => makeUrl($paths->page, 'do=protect&level=0', true), |
211 | 557 |
'TEXT' => $lang->get('onpage_btn_protect_off') |
1 | 558 |
)); |
559 |
$t2 = $menubtn->run(); |
|
560 |
||
561 |
$ctmp = ''; |
|
562 |
if ( $paths->cpage['protected'] == 2 ) |
|
563 |
{ |
|
564 |
$ctmp = ' style="text-decoration: underline;"'; |
|
565 |
} |
|
566 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
567 |
'FLAGS' => 'accesskey="p" onclick="if ( !KILL_SWITCH ) { ajaxProtect(2); return false; }" id="protbtn_2" title="' . $lang->get('onpage_tip_protect_semi') . '"'.$ctmp, |
1 | 568 |
'HREF' => makeUrl($paths->page, 'do=protect&level=2', true), |
211 | 569 |
'TEXT' => $lang->get('onpage_btn_protect_semi') |
1 | 570 |
)); |
571 |
$t3 = $menubtn->run(); |
|
572 |
||
573 |
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0"> |
|
574 |
<tr> |
|
575 |
<td>'.$t0.'</td> |
|
576 |
<td>'.$t1.'</td> |
|
577 |
<td>'.$t2.'</td> |
|
578 |
<td>'.$t3.'</td> |
|
579 |
</tr> |
|
580 |
</table>'; |
|
581 |
} |
|
582 |
||
583 |
// Wiki mode button |
|
584 |
if($session->get_permissions('read') && $paths->page_exists && $session->get_permissions('set_wiki_mode') && $paths->namespace != 'Special' && $paths->namespace != 'Admin') |
|
585 |
{ |
|
586 |
// label at start |
|
587 |
$label = $this->makeParserText($tplvars['toolbar_label']); |
|
211 | 588 |
$label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_wikimode'))); |
1 | 589 |
$t0 = $label->run(); |
590 |
||
591 |
// on button |
|
592 |
$ctmp = ''; |
|
593 |
if ( $paths->cpage['wiki_mode'] == 1 ) |
|
594 |
{ |
|
595 |
$ctmp = ' style="text-decoration: underline;"'; |
|
596 |
} |
|
597 |
$menubtn->assign_vars(array( |
|
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
98
diff
changeset
|
598 |
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(1); return false; }" id="wikibtn_1" title="Forces wiki functions to be allowed on this page."'. */ $ctmp, |
1 | 599 |
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=1', true), |
211 | 600 |
'TEXT' => $lang->get('onpage_btn_wikimode_on') |
1 | 601 |
)); |
602 |
$t1 = $menubtn->run(); |
|
603 |
||
604 |
// off button |
|
605 |
$ctmp = ''; |
|
606 |
if ( $paths->cpage['wiki_mode'] == 0 ) |
|
607 |
{ |
|
608 |
$ctmp=' style="text-decoration: underline;"'; |
|
609 |
} |
|
610 |
$menubtn->assign_vars(array( |
|
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
98
diff
changeset
|
611 |
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(0); return false; }" id="wikibtn_0" title="Forces wiki functions to be disabled on this page."'. */ $ctmp, |
1 | 612 |
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=0', true), |
211 | 613 |
'TEXT' => $lang->get('onpage_btn_wikimode_off') |
1 | 614 |
)); |
615 |
$t2 = $menubtn->run(); |
|
616 |
||
617 |
// global button |
|
618 |
$ctmp = ''; |
|
619 |
if ( $paths->cpage['wiki_mode'] == 2 ) |
|
620 |
{ |
|
621 |
$ctmp=' style="text-decoration: underline;"'; |
|
622 |
} |
|
623 |
$menubtn->assign_vars(array( |
|
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
98
diff
changeset
|
624 |
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(2); return false; }" id="wikibtn_2" title="Causes this page to use the global wiki mode setting (default)"'. */ $ctmp, |
1 | 625 |
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=2', true), |
211 | 626 |
'TEXT' => $lang->get('onpage_btn_wikimode_global') |
1 | 627 |
)); |
628 |
$t3 = $menubtn->run(); |
|
629 |
||
630 |
// Tack it onto the list of buttons that are already there... |
|
631 |
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0"> |
|
632 |
<tr> |
|
633 |
<td>'.$t0.'</td> |
|
634 |
<td>'.$t1.'</td> |
|
635 |
<td>'.$t2.'</td> |
|
636 |
<td>'.$t3.'</td> |
|
637 |
</tr> |
|
638 |
</table>'; |
|
639 |
} |
|
640 |
||
641 |
// Clear logs button |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
642 |
if ( $session->get_permissions('read') && $session->get_permissions('clear_logs') && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
1 | 643 |
{ |
644 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
645 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxClearLogs()); return false; }" title="' . $lang->get('onpage_tip_flushlogs') . '" accesskey="l"', |
1 | 646 |
'HREF' => makeUrl($paths->page, 'do=flushlogs', true), |
211 | 647 |
'TEXT' => $lang->get('onpage_btn_clearlogs'), |
1 | 648 |
)); |
649 |
$this->toolbar_menu .= $menubtn->run(); |
|
650 |
} |
|
651 |
||
652 |
// Delete page button |
|
653 |
if ( $session->get_permissions('read') && $session->get_permissions('delete_page') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
654 |
{ |
|
211 | 655 |
$s = $lang->get('onpage_btn_deletepage'); |
1 | 656 |
if ( $paths->cpage['delvotes'] == 1 ) |
657 |
{ |
|
211 | 658 |
$subst = array( |
659 |
'num_votes' => $paths->cpage['delvotes'], |
|
660 |
'plural' => '' |
|
661 |
); |
|
662 |
$s .= $lang->get('onpage_btn_deletepage_votes', $subst); |
|
1 | 663 |
} |
664 |
else if ( $paths->cpage['delvotes'] > 1 ) |
|
665 |
{ |
|
211 | 666 |
$subst = array( |
667 |
'num_votes' => $paths->cpage['delvotes'], |
|
668 |
'plural' => $lang->get('meta_plural') |
|
669 |
); |
|
670 |
$s .= $lang->get('onpage_btn_deletepage_votes', $subst); |
|
1 | 671 |
} |
672 |
||
673 |
$menubtn->assign_vars(array( |
|
314
474f8be55943
Localized remainder of on-page tools and parts of PageProcess
Dan
parents:
313
diff
changeset
|
674 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDeletePage()); return false; }" title="' . $lang->get('onpage_tip_deletepage') . '" accesskey="k"', |
1 | 675 |
'HREF' => makeUrl($paths->page, 'do=deletepage', true), |
676 |
'TEXT' => $s, |
|
677 |
)); |
|
678 |
$this->toolbar_menu .= $menubtn->run(); |
|
679 |
||
680 |
} |
|
681 |
||
682 |
// Password-protect button |
|
683 |
if(isset($paths->cpage['password'])) |
|
684 |
{ |
|
685 |
if ( $paths->cpage['password'] == '' ) |
|
686 |
{ |
|
687 |
$a = $session->get_permissions('password_set'); |
|
688 |
} |
|
689 |
else |
|
690 |
{ |
|
691 |
$a = $session->get_permissions('password_reset'); |
|
692 |
} |
|
693 |
} |
|
694 |
else |
|
695 |
{ |
|
696 |
$a = $session->get_permissions('password_set'); |
|
697 |
} |
|
698 |
if ( $a && $session->get_permissions('read') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
699 |
{ |
|
700 |
// label at start |
|
701 |
$label = $this->makeParserText($tplvars['toolbar_label']); |
|
211 | 702 |
$label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_password'))); |
1 | 703 |
$t0 = $label->run(); |
704 |
||
705 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
706 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxSetPassword()); return false; }" title="' . $lang->get('onpage_tip_password') . '"', |
1 | 707 |
'HREF' => '#', |
211 | 708 |
'TEXT' => $lang->get('onpage_btn_password_set'), |
1 | 709 |
)); |
710 |
$t = $menubtn->run(); |
|
711 |
||
712 |
$this->toolbar_menu .= '<table border="0" cellspacing="0" cellpadding="0"><tr><td>'.$t0.'</td><td><input type="password" id="mdgPassSetField" size="10" /></td><td>'.$t.'</td></tr></table>'; |
|
713 |
} |
|
714 |
||
715 |
// Manage ACLs button |
|
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
parents:
287
diff
changeset
|
716 |
if ( !$paths->anonymous_page && ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN ) ) |
1 | 717 |
{ |
718 |
$menubtn->assign_vars(array( |
|
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
parents:
248
diff
changeset
|
719 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { return ajaxOpenACLManager(); }" title="' . $lang->get('onpage_tip_aclmanager') . '" accesskey="m"', |
1 | 720 |
'HREF' => makeUrl($paths->page, 'do=aclmanager', true), |
211 | 721 |
'TEXT' => $lang->get('onpage_btn_acl'), |
1 | 722 |
)); |
723 |
$this->toolbar_menu .= $menubtn->run(); |
|
724 |
} |
|
725 |
||
726 |
// Administer page button |
|
727 |
if ( $session->user_level >= USER_LEVEL_ADMIN && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
728 |
{ |
|
729 |
$menubtn->assign_vars(array( |
|
314
474f8be55943
Localized remainder of on-page tools and parts of PageProcess
Dan
parents:
313
diff
changeset
|
730 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxAdminPage()); return false; }" title="' . $lang->get('onpage_tip_adminoptions') . '" accesskey="g"', |
1 | 731 |
'HREF' => makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'PageManager', true), |
211 | 732 |
'TEXT' => $lang->get('onpage_btn_admin'), |
1 | 733 |
)); |
734 |
$this->toolbar_menu .= $menubtn->run(); |
|
735 |
} |
|
736 |
||
737 |
if ( strlen($this->toolbar_menu) > 0 ) |
|
738 |
{ |
|
739 |
$button->assign_vars(array( |
|
314
474f8be55943
Localized remainder of on-page tools and parts of PageProcess
Dan
parents:
313
diff
changeset
|
740 |
'FLAGS' => 'id="mdgToolbar_moreoptions" onclick="if ( !KILL_SWITCH ) { return false; }" title="' . $lang->get('onpage_tip_moreoptions') . '"', |
1 | 741 |
'PARENTFLAGS' => '', |
742 |
'HREF' => makeUrl($paths->page, 'do=moreoptions', true), |
|
211 | 743 |
'TEXT' => $lang->get('onpage_btn_moreoptions') |
1 | 744 |
)); |
745 |
$tb .= $button->run(); |
|
746 |
} |
|
747 |
||
748 |
$is_opera = (isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'Opera')) ? true : false; |
|
749 |
||
750 |
$this->tpl_bool = Array( |
|
751 |
'auth_admin'=>$session->user_level >= USER_LEVEL_ADMIN ? true : false, |
|
752 |
'user_logged_in'=>$session->user_logged_in, |
|
753 |
'opera'=>$is_opera, |
|
754 |
); |
|
755 |
||
756 |
if($session->sid_super) { $ash = '&auth='.$session->sid_super; $asq = "?auth=".$session->sid_super; $asa = "&auth=".$session->sid_super; $as2 = htmlspecialchars(urlSeparator).'auth='.$session->sid_super; } |
|
757 |
else { $asq=''; $asa=''; $as2 = ''; $ash = ''; } |
|
758 |
||
759 |
$code = $plugins->setHook('compile_template'); |
|
760 |
foreach ( $code as $cmd ) |
|
761 |
{ |
|
762 |
eval($cmd); |
|
763 |
} |
|
764 |
||
765 |
// Some additional sidebar processing |
|
766 |
if($this->sidebar_extra != '') { |
|
767 |
$se = $this->sidebar_extra; |
|
768 |
$parser = $this->makeParserText($tplvars['sidebar_section_raw']); |
|
769 |
$parser->assign_vars(Array('TITLE'=>'Links','CONTENT'=>$se)); |
|
770 |
$this->sidebar_extra = $parser->run(); |
|
771 |
} |
|
772 |
||
773 |
$this->sidebar_extra = $this->sidebar_extra.$this->sidebar_widgets; |
|
774 |
||
775 |
$this->tpl_bool['fixed_menus'] = false; |
|
776 |
/* if($this->sidebar_extra == '') $this->tpl_bool['right_sidebar'] = false; |
|
777 |
else */ $this->tpl_bool['right_sidebar'] = true; |
|
778 |
||
779 |
$this->tpl_bool['auth_rename'] = ( $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin'); |
|
780 |
||
781 |
$this->tpl_bool['enable_uploads'] = ( getConfig('enable_uploads') == '1' && $session->get_permissions('upload_files') ) ? true : false; |
|
782 |
||
783 |
$this->tpl_bool['stupid_mode'] = false; |
|
784 |
||
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
320
diff
changeset
|
785 |
$this->tpl_bool['in_admin'] = ( ( $paths->page_id == 'Administration' && $paths->namespace == 'Special' ) || $paths->namespace == 'Admin' ); |
1 | 786 |
|
787 |
$p = ( isset($_GET['printable']) ) ? '/printable' : ''; |
|
788 |
||
789 |
// Add the e-mail address client code to the header |
|
790 |
$this->add_header($email->jscode()); |
|
791 |
||
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
208
diff
changeset
|
792 |
// Add language file |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
208
diff
changeset
|
793 |
$lang_uri = makeUrlNS('Special', 'LangExportJSON/' . $lang->lang_id, false, true); |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
208
diff
changeset
|
794 |
$this->add_header("<script type=\"text/javascript\" src=\"$lang_uri\"></script>"); |
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
208
diff
changeset
|
795 |
|
1 | 796 |
// Generate the code for the Log out and Change theme sidebar buttons |
797 |
// Once again, the new template parsing system can be used here |
|
798 |
||
799 |
$parser = $this->makeParserText($tplvars['sidebar_button']); |
|
800 |
||
801 |
$parser->assign_vars(Array( |
|
802 |
'HREF'=>makeUrlNS('Special', 'Logout'), |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
803 |
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"', |
215 | 804 |
'TEXT'=>$lang->get('sidebar_btn_logout'), |
1 | 805 |
)); |
806 |
||
807 |
$logout_link = $parser->run(); |
|
808 |
||
809 |
$parser->assign_vars(Array( |
|
810 |
'HREF'=>makeUrlNS('Special', 'Login/' . $paths->page), |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
811 |
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxStartLogin(); return false; }"', |
215 | 812 |
'TEXT'=>$lang->get('sidebar_btn_login'), |
1 | 813 |
)); |
814 |
||
815 |
$login_link = $parser->run(); |
|
816 |
||
817 |
$parser->assign_vars(Array( |
|
818 |
'HREF'=>makeUrlNS('Special', 'ChangeStyle/'.$paths->page), |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
819 |
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxChangeStyle(); return false; }"', |
215 | 820 |
'TEXT'=>$lang->get('sidebar_btn_changestyle'), |
1 | 821 |
)); |
822 |
||
823 |
$theme_link = $parser->run(); |
|
824 |
||
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
825 |
$parser->assign_vars(Array( |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
826 |
'HREF'=>makeUrlNS('Special', 'Administration'), |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
827 |
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { void(ajaxStartAdminLogin()); return false; }"', |
215 | 828 |
'TEXT'=>$lang->get('sidebar_btn_administration'), |
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
829 |
)); |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
830 |
|
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
831 |
$admin_link = $parser->run(); |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
832 |
|
1 | 833 |
$SID = ($session->sid_super) ? $session->sid_super : ''; |
834 |
||
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
835 |
$urlname_clean = str_replace('\'', '\\\'', str_replace('\\', '\\\\', dirtify_page_id($paths->fullpage))); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
836 |
$urlname_clean = strtr( $urlname_clean, array( '<' => '<', '>' => '>' ) ); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
837 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
838 |
$urlname_jssafe = sanitize_page_id($paths->fullpage); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
839 |
|
1 | 840 |
// Generate the dynamic javascript vars |
841 |
$js_dynamic = ' <script type="text/javascript">// <![CDATA[ |
|
842 |
// This section defines some basic and very important variables that are used later in the static Javascript library. |
|
843 |
// SKIN DEVELOPERS: The template variable for this code block is {JS_DYNAMIC_VARS}. This MUST be inserted BEFORE the tag that links to the main Javascript lib. |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
844 |
var title=\''. $urlname_jssafe .'\'; |
1 | 845 |
var page_exists='. ( ( $paths->page_exists) ? 'true' : 'false' ) .'; |
846 |
var scriptPath=\''. scriptPath .'\'; |
|
847 |
var contentPath=\''.contentPath.'\'; |
|
848 |
var ENANO_SID =\'' . $SID . '\'; |
|
436
242353360e37
Added support for Diffie-Hellman key exchange during login. w00t!
Dan
parents:
419
diff
changeset
|
849 |
var user_level=' . $session->user_level . '; |
1 | 850 |
var auth_level=' . $session->auth_level . '; |
851 |
var USER_LEVEL_GUEST = ' . USER_LEVEL_GUEST . '; |
|
852 |
var USER_LEVEL_MEMBER = ' . USER_LEVEL_MEMBER . '; |
|
853 |
var USER_LEVEL_CHPREF = ' . USER_LEVEL_CHPREF . '; |
|
854 |
var USER_LEVEL_MOD = ' . USER_LEVEL_MOD . '; |
|
855 |
var USER_LEVEL_ADMIN = ' . USER_LEVEL_ADMIN . '; |
|
856 |
var editNotice = \'' . ( (getConfig('wiki_edit_notice')=='1') ? str_replace("\n", "\\\n", RenderMan::render(getConfig('wiki_edit_notice_text'))) : '' ) . '\'; |
|
857 |
var prot = ' . ( ($paths->page_protected && !$session->get_permissions('even_when_protected')) ? 'true' : 'false' ) .'; // No, hacking this var won\'t work, it\'s re-checked on the server |
|
858 |
var ENANO_SPECIAL_CREATEPAGE = \''. makeUrl($paths->nslist['Special'].'CreatePage') .'\'; |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
859 |
var ENANO_CREATEPAGE_PARAMS = \'_do=&pagename='. $urlname_clean .'&namespace=' . $paths->namespace . '\'; |
1 | 860 |
var ENANO_SPECIAL_CHANGESTYLE = \''. makeUrlNS('Special', 'ChangeStyle') .'\'; |
861 |
var namespace_list = new Array(); |
|
862 |
var AES_BITS = '.AES_BITS.'; |
|
863 |
var AES_BLOCKSIZE = '.AES_BLOCKSIZE.'; |
|
864 |
var pagepass = \''. ( ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '' ) .'\'; |
|
865 |
var ENANO_THEME_LIST = \''; |
|
866 |
foreach($this->theme_list as $t) { |
|
867 |
if($t['enabled']) |
|
868 |
{ |
|
869 |
$js_dynamic .= '<option value="'.$t['theme_id'].'"'; |
|
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
27
diff
changeset
|
870 |
// if($t['theme_id'] == $session->theme) $js_dynamic .= ' selected="selected"'; |
1 | 871 |
$js_dynamic .= '>'.$t['theme_name'].'</option>'; |
872 |
} |
|
873 |
} |
|
874 |
$js_dynamic .= '\'; |
|
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
parents:
208
diff
changeset
|
875 |
var ENANO_CURRENT_THEME = \''. $session->theme .'\'; |
212
30b857a6b811
Reworked comment system to not use HACKISH FIXES; AJAX comment framework is completely localized now
Dan
parents:
211
diff
changeset
|
876 |
var ENANO_LANG_ID = ' . $lang->lang_id . '; |
30b857a6b811
Reworked comment system to not use HACKISH FIXES; AJAX comment framework is completely localized now
Dan
parents:
211
diff
changeset
|
877 |
var ENANO_PAGE_TYPE = "' . addslashes($this->namespace_string) . '";'; |
1 | 878 |
foreach($paths->nslist as $k => $c) |
879 |
{ |
|
880 |
$js_dynamic .= "namespace_list['{$k}'] = '$c';"; |
|
881 |
} |
|
882 |
$js_dynamic .= "\n //]]>\n </script>"; |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
883 |
|
1 | 884 |
$tpl_strings = Array( |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
885 |
'PAGE_NAME'=>htmlspecialchars($paths->cpage['name']), |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
886 |
'PAGE_URLNAME'=> $urlname_clean, |
40
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
36
diff
changeset
|
887 |
'SITE_NAME'=>htmlspecialchars(getConfig('site_name')), |
1 | 888 |
'USERNAME'=>$session->username, |
40
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
36
diff
changeset
|
889 |
'SITE_DESC'=>htmlspecialchars(getConfig('site_desc')), |
1 | 890 |
'TOOLBAR'=>$tb, |
891 |
'SCRIPTPATH'=>scriptPath, |
|
892 |
'CONTENTPATH'=>contentPath, |
|
893 |
'ADMIN_SID_QUES'=>$asq, |
|
894 |
'ADMIN_SID_AMP'=>$asa, |
|
895 |
'ADMIN_SID_AMP_HTML'=>$ash, |
|
896 |
'ADMIN_SID_AUTO'=>$as2, |
|
114
47393c6619ea
Nothing special, just syncing to Scribus, several bugs have been found with GET forms and a fix is in the works
Dan
parents:
102
diff
changeset
|
897 |
'ADMIN_SID_RAW'=> ( is_string($session->sid_super) ? $session->sid_super : '' ), |
1 | 898 |
'ADDITIONAL_HEADERS'=>$this->additional_headers, |
91 | 899 |
'COPYRIGHT'=>RenderMan::parse_internal_links(getConfig('copyright_notice')), |
1 | 900 |
'TOOLBAR_EXTRAS'=>$this->toolbar_menu, |
901 |
'REQUEST_URI'=>$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], |
|
902 |
'STYLE_LINK'=>makeUrlNS('Special', 'CSS'.$p, null, true), //contentPath.$paths->nslist['Special'].'CSS' . $p, |
|
903 |
'LOGIN_LINK'=>$login_link, |
|
904 |
'LOGOUT_LINK'=>$logout_link, |
|
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
905 |
'ADMIN_LINK'=>$admin_link, |
1 | 906 |
'THEME_LINK'=>$theme_link, |
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents:
114
diff
changeset
|
907 |
'SEARCH_ACTION'=>makeUrlNS('Special', 'Search'), |
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
320
diff
changeset
|
908 |
'INPUT_TITLE'=>( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->nslist[$paths->namespace] . $paths->page_id ) . '" />' : ''), |
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents:
114
diff
changeset
|
909 |
'INPUT_AUTH'=>( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : ''), |
1 | 910 |
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme, |
911 |
'THEME_ID'=>$this->theme, |
|
912 |
'STYLE_ID'=>$this->style, |
|
913 |
'JS_DYNAMIC_VARS'=>$js_dynamic, |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
73
diff
changeset
|
914 |
'UNREAD_PMS'=>$session->unread_pms, |
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
276
diff
changeset
|
915 |
'URL_ABOUT_ENANO' => makeUrlNS('Special', 'About_Enano', '', true), |
315
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
parents:
312
diff
changeset
|
916 |
'REPORT_URI' => makeUrl($paths->fullpage, 'do=sql_report', true) |
1 | 917 |
); |
918 |
||
919 |
foreach ( $paths->nslist as $ns_id => $ns_prefix ) |
|
920 |
{ |
|
921 |
$tpl_strings[ 'NS_' . strtoupper($ns_id) ] = $ns_prefix; |
|
922 |
} |
|
923 |
||
924 |
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings); |
|
925 |
list($this->tpl_strings['SIDEBAR_LEFT'], $this->tpl_strings['SIDEBAR_RIGHT'], $min) = $this->fetch_sidebar(); |
|
926 |
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != $min) ? true : false; |
|
927 |
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != $min) ? true : false; |
|
928 |
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility |
|
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
parents:
115
diff
changeset
|
929 |
|
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
parents:
115
diff
changeset
|
930 |
$code = $plugins->setHook('template_var_init_end'); |
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
parents:
115
diff
changeset
|
931 |
foreach ( $code as $cmd ) |
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
parents:
115
diff
changeset
|
932 |
{ |
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
parents:
115
diff
changeset
|
933 |
eval($cmd); |
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
parents:
115
diff
changeset
|
934 |
} |
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
935 |
|
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
936 |
profiler_log("template: finished var init"); |
1 | 937 |
} |
938 |
||
939 |
function header($simple = false) |
|
940 |
{ |
|
941 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
215 | 942 |
global $lang; |
943 |
||
1 | 944 |
ob_start(); |
945 |
||
946 |
if(!$this->theme_loaded) |
|
947 |
{ |
|
948 |
$this->load_theme($session->theme, $session->style); |
|
949 |
} |
|
950 |
||
951 |
$headers_sent = true; |
|
952 |
if(!defined('ENANO_HEADERS_SENT')) |
|
953 |
define('ENANO_HEADERS_SENT', ''); |
|
174
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
parents:
165
diff
changeset
|
954 |
if ( !$this->no_headers ) |
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
parents:
165
diff
changeset
|
955 |
{ |
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
parents:
165
diff
changeset
|
956 |
$header = ( $simple ) ? |
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
parents:
165
diff
changeset
|
957 |
$this->process_template('simple-header.tpl') : |
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
parents:
165
diff
changeset
|
958 |
$this->process_template('header.tpl'); |
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
parents:
165
diff
changeset
|
959 |
echo $header; |
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
parents:
165
diff
changeset
|
960 |
} |
1 | 961 |
if ( !$simple && $session->user_logged_in && $session->unread_pms > 0 ) |
962 |
{ |
|
963 |
echo $this->notify_unread_pms(); |
|
964 |
} |
|
965 |
if ( !$simple && $session->sw_timed_out ) |
|
966 |
{ |
|
967 |
$login_link = makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, true); |
|
968 |
echo '<div class="usermessage">'; |
|
215 | 969 |
echo $lang->get('user_msg_elev_timed_out', array( 'login_link' => $login_link )); |
1 | 970 |
echo '</div>'; |
971 |
} |
|
30 | 972 |
if ( $this->site_disabled && $session->user_level >= USER_LEVEL_ADMIN && ( $paths->page != $paths->nslist['Special'] . 'Administration' ) ) |
973 |
{ |
|
974 |
$admin_link = makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'GeneralConfig', true); |
|
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
975 |
echo '<div class="usermessage"><b>' . $lang->get('page_sitedisabled_admin_msg_title') . '</b><br /> |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
976 |
' . $lang->get('page_sitedisabled_admin_msg_body', array('admin_link' => $admin_link)) . ' |
30 | 977 |
</div>'; |
978 |
} |
|
1 | 979 |
} |
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
980 |
|
1 | 981 |
function footer($simple = false) |
982 |
{ |
|
396
3289e4dcb4b8
Fixed some stray undefined-variable problems revealed as a result of testing on Windows Server '03, IIS6, PHP/FastCGI, and PostgreSQL 8.2.5.
Dan
parents:
391
diff
changeset
|
983 |
echo $this->getFooter($simple); |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
984 |
ob_end_flush(); |
1 | 985 |
} |
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
parents:
371
diff
changeset
|
986 |
|
1 | 987 |
function getHeader() |
988 |
{ |
|
989 |
$headers_sent = true; |
|
990 |
if(!defined('ENANO_HEADERS_SENT')) |
|
991 |
define('ENANO_HEADERS_SENT', ''); |
|
992 |
if(!$this->no_headers) return $this->process_template('header.tpl'); |
|
993 |
} |
|
396
3289e4dcb4b8
Fixed some stray undefined-variable problems revealed as a result of testing on Windows Server '03, IIS6, PHP/FastCGI, and PostgreSQL 8.2.5.
Dan
parents:
391
diff
changeset
|
994 |
function getFooter($simple = false) |
1 | 995 |
{ |
996 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
997 |
global $lang; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
998 |
if ( !$this->no_headers ) |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
999 |
{ |
1 | 1000 |
|
1001 |
if(!defined('ENANO_HEADERS_SENT')) |
|
1002 |
$this->header(); |
|
1003 |
||
1004 |
global $_starttime; |
|
1005 |
if(isset($_GET['sqldbg']) && $session->get_permissions('mod_misc')) |
|
1006 |
{ |
|
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1007 |
echo '<h3>' . $lang->get('page_heading_sql_list') . '</h3><pre style="margin-left: 1em">'; |
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
1008 |
echo htmlspecialchars($db->sql_backtrace()); |
1 | 1009 |
echo '</pre>'; |
1010 |
} |
|
1011 |
||
1012 |
$t = ( $simple ) ? $this->process_template('simple-footer.tpl') : $this->process_template('footer.tpl'); |
|
1013 |
||
1014 |
$f = microtime_float(); |
|
1015 |
$f = $f - $_starttime; |
|
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents:
411
diff
changeset
|
1016 |
$f = round($f, 2); |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1017 |
|
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1018 |
$t_loc = $lang->get('page_msg_stats_gentime_short', array('time' => $f)); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1019 |
$t_loc_long = $lang->get('page_msg_stats_gentime_long', array('time' => $f)); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1020 |
$q_loc = '<a href="' . $this->tpl_strings['REPORT_URI'] . '">' . $lang->get('page_msg_stats_sql', array('nq' => $db->num_queries)) . '</a>'; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1021 |
$dbg = $t_loc; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1022 |
$dbg_long = $t_loc_long; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1023 |
if ( $session->user_level >= USER_LEVEL_ADMIN ) |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1024 |
{ |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1025 |
$dbg .= " | $q_loc"; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1026 |
$dbg_long .= " | $q_loc"; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1027 |
} |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1028 |
|
1 | 1029 |
$t = str_replace('[[Stats]]', $dbg, $t); |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1030 |
$t = str_replace('[[StatsLong]]', $dbg_long, $t); |
1 | 1031 |
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t); |
1032 |
$t = str_replace('[[GenTime]]', (string)$f, $t); |
|
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1033 |
$t = str_replace('[[NumQueriesLoc]]', $q_loc, $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1034 |
$t = str_replace('[[GenTimeLoc]]', $t_loc, $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1035 |
$t = str_replace('[[EnanoPoweredLink]]', $lang->get('page_enano_powered', array('about_uri' => $this->tpl_strings['URL_ABOUT_ENANO'])), $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1036 |
$t = str_replace('[[EnanoPoweredLinkLong]]', $lang->get('page_enano_powered_long', array('about_uri' => $this->tpl_strings['URL_ABOUT_ENANO'])), $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1037 |
|
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1038 |
if ( defined('ENANO_DEBUG') ) |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1039 |
$t = str_replace('</body>', '<div id="profile" style="margin: 10px;">' . profiler_make_html() . '</div></body>', $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1040 |
|
1 | 1041 |
return $t; |
1042 |
} |
|
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1043 |
else |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1044 |
{ |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1045 |
return ''; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1046 |
} |
1 | 1047 |
} |
1048 |
||
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1049 |
/** |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1050 |
* Compiles and executes a template based on the current variables and booleans. Loads |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1051 |
* the theme and initializes variables if needed. This mostly just calls child functions. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1052 |
* @param string File to process |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1053 |
* @return string |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1054 |
*/ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1055 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1056 |
function process_template($file) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1057 |
{ |
1 | 1058 |
global $db, $session, $paths, $template, $plugins; // Common objects |
1059 |
if(!defined('ENANO_TEMPLATE_LOADED')) |
|
1060 |
{ |
|
1061 |
$this->load_theme(); |
|
1062 |
$this->init_vars(); |
|
1063 |
} |
|
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1064 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1065 |
$compiled = $this->compile_template($file); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1066 |
return eval($compiled); |
1 | 1067 |
} |
1068 |
||
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1069 |
/** |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1070 |
* Loads variables from the specified template file. Returns an associative array containing the variables. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1071 |
* @param string Template file to process (elements.tpl) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1072 |
* @return array |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1073 |
*/ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1074 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1075 |
function extract_vars($file) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1076 |
{ |
1 | 1077 |
global $db, $session, $paths, $template, $plugins; // Common objects |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1078 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1079 |
// Sometimes this function gets called before the theme is loaded |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1080 |
// This is a bad coding practice so this function will always be picky. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1081 |
if ( !$this->theme ) |
1 | 1082 |
{ |
1083 |
die('$template->extract_vars(): theme not yet loaded, so we can\'t open template files yet...this is a bug and should be reported.<br /><br />Backtrace, most recent call first:<pre>'.enano_debug_print_backtrace(true).'</pre>'); |
|
1084 |
} |
|
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1085 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1086 |
// Full pathname of template file |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1087 |
$tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $file; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1088 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1089 |
// Make sure the template even exists |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1090 |
if ( !is_file($tpl_file_fullpath) ) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1091 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1092 |
die_semicritical('Cannot find template file', |
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents:
471
diff
changeset
|
1093 |
'<p>The template parser was asked to load the file "' . htmlspecialchars($tpl_file_fullpath) . '", but that file couldn\'t be found in the directory for |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1094 |
the current theme.</p> |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1095 |
<p>Additional debugging information:<br /> |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1096 |
<b>Theme currently in use: </b>' . $this->theme . '<br /> |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1097 |
<b>Requested file: </b>' . $file . ' |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1098 |
</p>'); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1099 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1100 |
// Retrieve file contents |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1101 |
$text = file_get_contents($tpl_file_fullpath); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1102 |
if ( !$text ) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1103 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1104 |
return false; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1105 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1106 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1107 |
// Get variables, regular expressions FTW |
1 | 1108 |
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches); |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1109 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1110 |
// Initialize return values |
1 | 1111 |
$tplvars = Array(); |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1112 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1113 |
// Loop through each match, setting $tplvars[ $first_subpattern ] to $second_subpattern |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1114 |
for ( $i = 0; $i < sizeof($matches[1]); $i++ ) |
1 | 1115 |
{ |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1116 |
$tplvars[ $matches[1][$i] ] = $matches[2][$i]; |
1 | 1117 |
} |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1118 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1119 |
// All done! |
1 | 1120 |
return $tplvars; |
1121 |
} |
|
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1122 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1123 |
/** |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1124 |
* Compiles a block of template code. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1125 |
* @param string The text to process |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1126 |
* @return string |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1127 |
*/ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1128 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1129 |
function compile_tpl_code($text) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1130 |
{ |
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1131 |
global $db, $session, $paths, $template, $plugins; // Common objects |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1132 |
// A random seed used to salt tags |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1133 |
$seed = md5 ( microtime() . mt_rand() ); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1134 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1135 |
// Strip out PHP sections |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1136 |
preg_match_all('/<\?php(.+?)\?>/is', $text, $php_matches); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1137 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1138 |
foreach ( $php_matches[0] as $i => $match ) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1139 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1140 |
// Substitute the PHP section with a random tag |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1141 |
$tag = "{PHP:$i:$seed}"; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1142 |
$text = str_replace_once($match, $tag, $text); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1143 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1144 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1145 |
// Escape slashes and single quotes in template code |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1146 |
$text = str_replace('\\', '\\\\', $text); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1147 |
$text = str_replace('\'', '\\\'', $text); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1148 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1149 |
// Initialize the PHP compiled code |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1150 |
$text = 'ob_start(); echo \''.$text.'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;'; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1151 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1152 |
## |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1153 |
## Main rules |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1154 |
## |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1155 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1156 |
// |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1157 |
// Conditionals |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1158 |
// |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1159 |
|
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1160 |
$keywords = array('BEGIN', 'BEGINNOT', 'IFSET', 'IFPLUGIN'); |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1161 |
$code = $plugins->setHook('template_compile_logic_keyword'); |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1162 |
foreach ( $code as $cmd ) |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1163 |
{ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1164 |
eval($cmd); |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1165 |
} |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1166 |
|
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1167 |
$keywords = implode('|', $keywords); |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1168 |
|
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1169 |
// Matches |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
1170 |
// 1 2 3 4 56 7 8 |
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1171 |
$regexp = '/(<!-- ('. $keywords .') ([A-z0-9_-]+) -->)(.*)((<!-- BEGINELSE \\3 -->)(.*))?(<!-- END \\3 -->)/isU'; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1172 |
|
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1173 |
/* |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1174 |
The way this works is: match all blocks using the standard form with a different keyword in the block each time, |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1175 |
and replace them with appropriate PHP logic. Plugin-extensible now. :-) |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1176 |
|
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1177 |
The while-loop is to bypass what is apparently a PCRE bug. It's hackish but it works. Properly written plugins should only need |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1178 |
to compile templates (using this method) once for each time the template file is changed. |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1179 |
*/ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1180 |
while ( preg_match($regexp, $text) ) |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1181 |
{ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1182 |
preg_match_all($regexp, $text, $matches); |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1183 |
for ( $i = 0; $i < count($matches[0]); $i++ ) |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1184 |
{ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1185 |
$start_tag =& $matches[1][$i]; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1186 |
$type =& $matches[2][$i]; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1187 |
$test =& $matches[3][$i]; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1188 |
$particle_true =& $matches[4][$i]; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1189 |
$else_tag =& $matches[6][$i]; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1190 |
$particle_else =& $matches[7][$i]; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1191 |
$end_tag =& $matches[8][$i]; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1192 |
|
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1193 |
switch($type) |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1194 |
{ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1195 |
case 'BEGIN': |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1196 |
$cond = "isset(\$this->tpl_bool['$test']) && \$this->tpl_bool['$test']"; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1197 |
break; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1198 |
case 'BEGINNOT': |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1199 |
$cond = "!isset(\$this->tpl_bool['$test']) || ( isset(\$this->tpl_bool['$test']) && !\$this->tpl_bool['$test'] )"; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1200 |
break; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1201 |
case 'IFPLUGIN': |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1202 |
$cond = "getConfig('plugin_$test') == '1'"; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1203 |
break; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1204 |
case 'IFSET': |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1205 |
$cond = "isset(\$this->tpl_strings['$test'])"; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1206 |
break; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1207 |
default: |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1208 |
$code = $plugins->setHook('template_compile_logic_cond'); |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1209 |
foreach ( $code as $cmd ) |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1210 |
{ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1211 |
eval($cmd); |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1212 |
} |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1213 |
break; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1214 |
} |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1215 |
|
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1216 |
if ( !isset($cond) || ( isset($cond) && !is_string($cond) ) ) |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1217 |
continue; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1218 |
|
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1219 |
$tag_complete = <<<TPLCODE |
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
276
diff
changeset
|
1220 |
'; |
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1221 |
/* START OF CONDITION: $type ($test) */ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1222 |
if ( $cond ) |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1223 |
{ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1224 |
echo '$particle_true'; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1225 |
/* ELSE OF CONDITION: $type ($test) */ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1226 |
} |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1227 |
else |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1228 |
{ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1229 |
echo '$particle_else'; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1230 |
/* END OF CONDITION: $type ($test) */ |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1231 |
} |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1232 |
echo ' |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1233 |
TPLCODE; |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1234 |
|
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1235 |
$text = str_replace_once($matches[0][$i], $tag_complete, $text); |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1236 |
|
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1237 |
} |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1238 |
} |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1239 |
|
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1240 |
// For debugging ;-) |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1241 |
// die("<pre><?php\n" . htmlspecialchars($text."\n\n".print_r($matches,true)) . "\n\n?></pre>"); |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1242 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1243 |
// |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1244 |
// Data substitution/variables |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1245 |
// |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1246 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1247 |
// System messages |
452
b6faa6d6ade2
Fixed case where HTML comments were getting stripped when opening tag not followed by whitespace (<!--foo--> was stripped, <!-- foo --> was not, neither is stripped now)
Dan
parents:
446
diff
changeset
|
1248 |
$text = preg_replace('/<!-- SYSMSG ([A-z0-9\._-]+?) -->/is', '\' . $template->tplWikiFormat($paths->sysMsg(\'\\1\')) . \'', $text); |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1249 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1250 |
// Template variables |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1251 |
$text = preg_replace('/\{([A-z0-9_-]+?)\}/is', '\' . $this->tpl_strings[\'\\1\'] . \'', $text); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1252 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1253 |
// Reinsert PHP |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1254 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1255 |
foreach ( $php_matches[1] as $i => $match ) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1256 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1257 |
// Substitute the random tag with the "real" PHP code |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1258 |
$tag = "{PHP:$i:$seed}"; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1259 |
$text = str_replace_once($tag, "'; $match echo '", $text); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1260 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1261 |
|
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1262 |
// echo('<pre>' . htmlspecialchars($text) . '</pre>'); |
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
parents:
184
diff
changeset
|
1263 |
|
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1264 |
return $text; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1265 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1266 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1267 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1268 |
/** |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1269 |
* Compiles the contents of a given template file, possibly using a cached copy, and returns the compiled code. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1270 |
* @param string Filename of template (header.tpl) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1271 |
* @return string |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1272 |
*/ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1273 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1274 |
function compile_template($filename) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1275 |
{ |
1 | 1276 |
global $db, $session, $paths, $template, $plugins; // Common objects |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1277 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1278 |
// Full path to template file |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1279 |
$tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $filename; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1280 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1281 |
// Make sure the file exists |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1282 |
if ( !is_file($tpl_file_fullpath) ) |
1 | 1283 |
{ |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1284 |
die_semicritical('Cannot find template file', |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1285 |
'<p>The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1286 |
the current theme.</p> |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1287 |
<p>Additional debugging information:<br /> |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1288 |
<b>Theme currently in use: </b>' . $this->theme . '<br /> |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1289 |
<b>Requested file: </b>' . $file . ' |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1290 |
</p>'); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1291 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1292 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1293 |
// Check for cached copy |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1294 |
// This will make filenames in the pattern of theme-file.tpl.php |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1295 |
$cache_file = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $filename) . '.php'; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1296 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1297 |
// Only use cached copy if caching is enabled |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1298 |
// (it is enabled by default I think) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1299 |
if ( file_exists($cache_file) && getConfig('cache_thumbs') == '1' ) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1300 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1301 |
// Cache files are auto-generated, but otherwise are normal PHP files |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1302 |
include($cache_file); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1303 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1304 |
// Fetch content of the ORIGINAL |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1305 |
$text = file_get_contents($tpl_file_fullpath); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1306 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1307 |
// $md5 will be set by the cached file |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1308 |
// This makes sure that a cached copy of the template is used only if its MD5 |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1309 |
// matches the MD5 of the file that the compiled file was compiled from. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1310 |
if ( isset($md5) && $md5 == md5($text) ) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1311 |
{ |
211 | 1312 |
return $this->compile_template_text_post(str_replace('\\"', '"', $tpl_text)); |
1 | 1313 |
} |
1314 |
} |
|
1315 |
||
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1316 |
// We won't use the cached copy here |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1317 |
$text = file_get_contents($tpl_file_fullpath); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1318 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1319 |
// This will be used later when writing the cached file |
1 | 1320 |
$md5 = md5($text); |
1321 |
||
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1322 |
// Preprocessing and checks complete - compile the code |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1323 |
$text = $this->compile_tpl_code($text); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1324 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1325 |
// Perhaps caching is enabled and the admin has changed the template? |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1326 |
if ( is_writable( ENANO_ROOT . '/cache/' ) && getConfig('cache_thumbs') == '1' ) |
1 | 1327 |
{ |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1328 |
$h = fopen($cache_file, 'w'); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1329 |
if ( !$h ) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1330 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1331 |
// Couldn't open the file - silently ignore and return |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1332 |
return $text; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1333 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1334 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1335 |
// Escape the compiled code so it can be eval'ed |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1336 |
$text_escaped = addslashes($text); |
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
125
diff
changeset
|
1337 |
$notice = <<<EOF |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
125
diff
changeset
|
1338 |
|
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
125
diff
changeset
|
1339 |
/* |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
125
diff
changeset
|
1340 |
* NOTE: This file was automatically generated by Enano and is based on compiled code. Do not edit this file. |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
125
diff
changeset
|
1341 |
* If you edit this file, any changes you make will be lost the next time the associated source template file is edited. |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
125
diff
changeset
|
1342 |
*/ |
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
125
diff
changeset
|
1343 |
|
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
parents:
125
diff
changeset
|
1344 |
EOF; |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1345 |
// This is really just a normal PHP file that sets a variable or two and exits. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1346 |
// $tpl_text actually will contain the compiled code |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1347 |
fwrite($h, '<?php ' . $notice . ' $md5 = \'' . $md5 . '\'; $tpl_text = \'' . $text_escaped . '\'; ?>'); |
1 | 1348 |
fclose($h); |
1349 |
} |
|
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1350 |
|
211 | 1351 |
return $this->compile_template_text_post($text); //('<pre>'.htmlspecialchars($text).'</pre>'); |
1 | 1352 |
} |
1353 |
||
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1354 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1355 |
/** |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1356 |
* Compiles (parses) some template code with the current master set of variables and booleans. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1357 |
* @param string Text to process |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1358 |
* @return string |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1359 |
*/ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1360 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1361 |
function compile_template_text($text) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1362 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1363 |
// this might do something else in the future, possibly cache large templates |
211 | 1364 |
return $this->compile_template_text_post($this->compile_tpl_code($text)); |
1 | 1365 |
} |
1366 |
||
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1367 |
/** |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1368 |
* For convenience - compiles AND parses some template code. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1369 |
* @param string Text to process |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1370 |
* @return string |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1371 |
*/ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1372 |
|
1 | 1373 |
function parse($text) |
1374 |
{ |
|
1375 |
$text = $this->compile_template_text($text); |
|
211 | 1376 |
$text = $this->compile_template_text_post($text); |
1 | 1377 |
return eval($text); |
1378 |
} |
|
1379 |
||
211 | 1380 |
/** |
1381 |
* Post-processor for template code. Basically what this does is it localizes {lang:foo} blocks. |
|
1382 |
* @param string Mostly-processed TPL code |
|
1383 |
* @return string |
|
1384 |
*/ |
|
1385 |
||
1386 |
function compile_template_text_post($text) |
|
1387 |
{ |
|
1388 |
global $lang; |
|
1389 |
preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $text, $matches); |
|
1390 |
foreach ( $matches[1] as $i => $string_id ) |
|
1391 |
{ |
|
1392 |
$string = $lang->get($string_id); |
|
1393 |
$string = str_replace('\\', '\\\\', $string); |
|
1394 |
$string = str_replace('\'', '\\\'', $string); |
|
1395 |
$text = str_replace_once($matches[0][$i], $string, $text); |
|
1396 |
} |
|
1397 |
return $text; |
|
1398 |
} |
|
1399 |
||
1 | 1400 |
// Steps to turn this: |
1401 |
// [[Project:Community Portal]] |
|
1402 |
// into this: |
|
1403 |
// <a href="/Project:Community_Portal">Community Portal</a> |
|
1404 |
// Must be done WITHOUT creating eval'ed code!!! |
|
1405 |
||
1406 |
// 1. preg_replace \[\[([a-zA-Z0-9 -_:]*?)\]\] with <a href="'.contentPath.'\\1">\\1</a> |
|
1407 |
// 2. preg_match_all <a href="'.preg_quote(contentPath).'([a-zA-Z0-9 -_:]*?)"> |
|
1408 |
// 3. For each match, replace matches with identifiers |
|
1409 |
// 4. For each match, str_replace ' ' with '_' |
|
1410 |
// 5. For each match, str_replace match_id:random_val with $matches[$match_id] |
|
1411 |
||
1412 |
// The template language is really a miniature programming language; with variables, conditionals, everything! |
|
1413 |
// So you can implement custom logic into your sidebar if you wish. |
|
1414 |
// "Real" PHP support coming soon :-D |
|
1415 |
||
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1416 |
/** |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1417 |
* Takes a blob of HTML with the specially formatted template-oriented wikitext and formats it. Does not use eval(). |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1418 |
* This function butchers every coding standard in Enano and should eventually be rewritten. The fact is that the |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1419 |
* code _works_ and does a good job of checking for errors and cleanly complaining about them. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1420 |
* @param string Text to process |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1421 |
* @param bool Ignored for backwards compatibility |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1422 |
* @param string File to get variables for sidebar data from |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1423 |
* @return string |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1424 |
*/ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1425 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1426 |
function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl') |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1427 |
{ |
1 | 1428 |
global $db, $session, $paths, $template, $plugins; // Common objects |
215 | 1429 |
global $lang; |
1430 |
||
1 | 1431 |
$filter_links = false; |
1432 |
$tplvars = $this->extract_vars($filename); |
|
1433 |
if($session->sid_super) $as = htmlspecialchars(urlSeparator).'auth='.$session->sid_super; |
|
1434 |
else $as = ''; |
|
1435 |
error_reporting(E_ALL); |
|
1436 |
$random_id = sha1(microtime().''); // A temp value |
|
1437 |
||
1438 |
/* |
|
1439 |
* PREPROCESSOR |
|
1440 |
*/ |
|
1441 |
||
1442 |
// Variables |
|
1443 |
||
1444 |
preg_match_all('#\$([A-Z_-]+)\$#', $message, $links); |
|
1445 |
$links = $links[1]; |
|
1446 |
||
1447 |
for($i=0;$i<sizeof($links);$i++) |
|
1448 |
{ |
|
1449 |
$message = str_replace('$'.$links[$i].'$', $this->tpl_strings[$links[$i]], $message); |
|
1450 |
} |
|
1451 |
||
1452 |
// Conditionals |
|
1453 |
||
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1454 |
preg_match_all('#\{if ([A-Za-z0-9_ \(\)&\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links); |
1 | 1455 |
|
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1456 |
// Temporary exception from coding standards - using tab length of 4 here for clarity |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1457 |
for ( $i = 0; $i < sizeof($links[1]); $i++ ) |
1 | 1458 |
{ |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1459 |
$condition =& $links[1][$i]; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1460 |
$message = str_replace('{if '.$condition.'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message); |
1 | 1461 |
|
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1462 |
// Time for some manual parsing... |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1463 |
$chk = false; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1464 |
$current_id = ''; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1465 |
$prn_level = 0; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1466 |
// Used to keep track of where we are in the conditional |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1467 |
// Object of the game: turn {if this && ( that OR !something_else )} ... {/if} into if( ( isset($this->tpl_bool['that']) && $this->tpl_bool['that'] ) && ... |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1468 |
// Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1469 |
$in_var_now = true; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1470 |
$in_var_last = false; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1471 |
$current_var = ''; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1472 |
$current_var_start_pos = 0; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1473 |
$current_var_end_pos = 0; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1474 |
$j = -1; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1475 |
$condition = $condition . ' '; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1476 |
$d = strlen($condition); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1477 |
while($j < $d) |
1 | 1478 |
{ |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1479 |
$j++; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1480 |
$in_var_last = $in_var_now; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1481 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1482 |
$char = substr($condition, $j, 1); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1483 |
$in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1484 |
if(!$in_var_last && $in_var_now) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1485 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1486 |
$current_var_start_pos = $j; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1487 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1488 |
if($in_var_last && !$in_var_now) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1489 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1490 |
$current_var_end_pos = $j; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1491 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1492 |
if($in_var_now) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1493 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1494 |
$current_var .= $char; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1495 |
continue; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1496 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1497 |
// OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete. |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1498 |
if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9') |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1499 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1500 |
// XSS attack! Bail out |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1501 |
$errmsg = '<p><b>Error:</b> Syntax error (possibly XSS attack) caught in template code:</p>'; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1502 |
$errmsg .= '<pre>'; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1503 |
$errmsg .= '{if '.htmlspecialchars($condition).'}'; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1504 |
$errmsg .= "\n "; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1505 |
for ( $k = 0; $k < $j; $k++ ) |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1506 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1507 |
$errmsg .= " "; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1508 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1509 |
// Show position of error |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1510 |
$errmsg .= '<span style="color: red;">^</span>'; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1511 |
$errmsg .= '</pre>'; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1512 |
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $errmsg, $message); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1513 |
continue 2; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1514 |
} |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1515 |
if($current_var != '') |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1516 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1517 |
$cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )'; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1518 |
$cvt = substr($condition, 0, $current_var_start_pos) . $cd . substr($condition, $current_var_end_pos, strlen($condition)); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1519 |
$j = $j + strlen($cd) - strlen($current_var); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1520 |
$current_var = ''; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1521 |
$condition = $cvt; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1522 |
$d = strlen($condition); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1523 |
} |
1 | 1524 |
} |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1525 |
$condition = substr($condition, 0, strlen($condition)-1); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1526 |
$condition = '$chk = ( '.$condition.' ) ? true : false;'; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1527 |
eval($condition); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1528 |
|
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1529 |
if($chk) |
1 | 1530 |
{ |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1531 |
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}')); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1532 |
else $c = $links[2][$i]; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1533 |
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); |
1 | 1534 |
} |
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1535 |
else |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1536 |
{ |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1537 |
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i])); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1538 |
else $c = ''; |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1539 |
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); |
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
parents:
142
diff
changeset
|
1540 |
} |
1 | 1541 |
} |
1542 |
||
1543 |
preg_match_all('#\{!if ([A-Za-z_-]*)\}(.*?)\{\/if\}#is', $message, $links); |
|
1544 |
||
1545 |
for($i=0;$i<sizeof($links[1]);$i++) |
|
1546 |
{ |
|
1547 |
$message = str_replace('{!if '.$links[1][$i].'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message); |
|
1548 |
if(isset($this->tpl_bool[$links[1][$i]]) && $this->tpl_bool[$links[1][$i]]) { |
|
1549 |
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i])); |
|
1550 |
else $c = ''; |
|
1551 |
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); |
|
1552 |
} else { |
|
1553 |
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}')); |
|
1554 |
else $c = $links[2][$i]; |
|
1555 |
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); |
|
1556 |
} |
|
1557 |
} |
|
1558 |
||
215 | 1559 |
preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $message, $matches); |
1560 |
foreach ( $matches[1] as $i => $string_id ) |
|
1561 |
{ |
|
1562 |
$string = $lang->get($string_id); |
|
1563 |
$string = str_replace('\\', '\\\\', $string); |
|
1564 |
$string = str_replace('\'', '\\\'', $string); |
|
1565 |
$message = str_replace_once($matches[0][$i], $string, $message); |
|
1566 |
} |
|
1567 |
||
1 | 1568 |
/* |
1569 |
* HTML RENDERER |
|
1570 |
*/ |
|
1571 |
||
1572 |
// Images |
|
1573 |
$j = preg_match_all('#\[\[:'.$paths->nslist['File'].'([\w\s0-9_\(\)!@%\^\+\|\.-]+?)\]\]#is', $message, $matchlist); |
|
1574 |
$matches = Array(); |
|
1575 |
$matches['images'] = $matchlist[1]; |
|
1576 |
for($i=0;$i<sizeof($matchlist[1]);$i++) |
|
1577 |
{ |
|
1578 |
if(isPage($paths->nslist['File'].$matches['images'][$i])) |
|
1579 |
{ |
|
1580 |
$message = str_replace('[[:'.$paths->nslist['File'].$matches['images'][$i].']]', |
|
1581 |
'<img alt="'.$matches['images'][$i].'" style="border: 0" src="'.makeUrlNS('Special', 'DownloadFile/'.$matches['images'][$i]).'" />', |
|
1582 |
$message); |
|
1583 |
} |
|
1584 |
} |
|
1585 |
||
1586 |
// Internal links |
|
1587 |
||
1588 |
$text_parser = $this->makeParserText($tplvars['sidebar_button']); |
|
1589 |
||
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
128
diff
changeset
|
1590 |
preg_match_all("#\[\[([^\|\]\n\a\r\t]*?)\]\]#is", $message, $il); |
1 | 1591 |
for($i=0;$i<sizeof($il[1]);$i++) |
1592 |
{ |
|
1593 |
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true); |
|
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1594 |
$text_parser->assign_vars(Array( |
1 | 1595 |
'HREF' => $href, |
1596 |
'FLAGS' => '', |
|
1597 |
'TEXT' => $il[1][$i] |
|
1598 |
)); |
|
1599 |
$message = str_replace("[[{$il[1][$i]}]]", $text_parser->run(), $message); |
|
1600 |
} |
|
1601 |
||
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
parents:
128
diff
changeset
|
1602 |
preg_match_all('#\[\[([^\|\]\n\a\r\t]*?)\|([^\]\r\n\a\t]*?)\]\]#is', $message, $il); |
1 | 1603 |
for($i=0;$i<sizeof($il[1]);$i++) |
1604 |
{ |
|
1605 |
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true); |
|
1606 |
$text_parser->assign_vars(Array( |
|
1607 |
'HREF' => $href, |
|
1608 |
'FLAGS' => '', |
|
1609 |
'TEXT' => $il[2][$i] |
|
1610 |
)); |
|
1611 |
$message = str_replace("[[{$il[1][$i]}|{$il[2][$i]}]]", $text_parser->run(), $message); |
|
1612 |
} |
|
1613 |
||
1614 |
// External links |
|
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1615 |
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?) ([^\]]+)\\]#', '<a href="\\1://\\2">\\3</a><br style="display: none;" />', $message); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1616 |
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', '<a href="\\1://\\2">\\1://\\2</a><br style="display: none;" />', $message); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1617 |
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
203
diff
changeset
|
1618 |
preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?) ([^\]]+)\]/is', $message, $ext_link); |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
203
diff
changeset
|
1619 |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
203
diff
changeset
|
1620 |
// die('<pre>' . htmlspecialchars( print_r($ext_link, true) ) . '</pre>'); |
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1621 |
|
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1622 |
for ( $i = 0; $i < count($ext_link[0]); $i++ ) |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1623 |
{ |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1624 |
$text_parser->assign_vars(Array( |
165
199599eca89e
Fixed external links in tplWikiFormat to use my monster HTTP request regex
Dan
parents:
163
diff
changeset
|
1625 |
'HREF' => $ext_link[1][$i], |
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1626 |
'FLAGS' => '', |
165
199599eca89e
Fixed external links in tplWikiFormat to use my monster HTTP request regex
Dan
parents:
163
diff
changeset
|
1627 |
'TEXT' => $ext_link[16][$i] |
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1628 |
)); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1629 |
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1630 |
} |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1631 |
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
203
diff
changeset
|
1632 |
preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?)\]/is', $message, $ext_link); |
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1633 |
|
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1634 |
for ( $i = 0; $i < count($ext_link[0]); $i++ ) |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1635 |
{ |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1636 |
$text_parser->assign_vars(Array( |
165
199599eca89e
Fixed external links in tplWikiFormat to use my monster HTTP request regex
Dan
parents:
163
diff
changeset
|
1637 |
'HREF' => $ext_link[1][$i], |
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1638 |
'FLAGS' => '', |
165
199599eca89e
Fixed external links in tplWikiFormat to use my monster HTTP request regex
Dan
parents:
163
diff
changeset
|
1639 |
'TEXT' => htmlspecialchars($ext_link[1][$i]) |
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1640 |
)); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1641 |
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1642 |
} |
1 | 1643 |
|
1644 |
$parser1 = $this->makeParserText($tplvars['sidebar_section']); |
|
1645 |
$parser2 = $this->makeParserText($tplvars['sidebar_section_raw']); |
|
1646 |
||
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
1647 |
preg_match_all('#\{slider(2|)=([^\}]*?)\}(.*?)\{\/slider(2|)\}#is', $message, $sb); |
1 | 1648 |
|
1649 |
// Modified to support the sweet new template var system |
|
1650 |
for($i=0;$i<sizeof($sb[1]);$i++) |
|
1651 |
{ |
|
1652 |
$p = ($sb[1][$i] == '2') ? $parser2 : $parser1; |
|
1653 |
$p->assign_vars(Array('TITLE'=>$sb[2][$i],'CONTENT'=>$sb[3][$i])); |
|
1654 |
$message = str_replace("{slider{$sb[1][$i]}={$sb[2][$i]}}{$sb[3][$i]}{/slider{$sb[4][$i]}}", $p->run(), $message); |
|
1655 |
} |
|
1656 |
||
1657 |
/* |
|
1658 |
Extras ;-) |
|
1659 |
$message = preg_replace('##is', '', $message); |
|
1660 |
$message = preg_replace('##is', '', $message); |
|
1661 |
$message = preg_replace('##is', '', $message); |
|
1662 |
$message = preg_replace('##is', '', $message); |
|
1663 |
$message = preg_replace('##is', '', $message); |
|
1664 |
*/ |
|
1665 |
||
1666 |
//die('<pre>'.htmlspecialchars($message).'</pre>'); |
|
1667 |
//eval($message); exit; |
|
1668 |
return $message; |
|
1669 |
} |
|
1670 |
||
1671 |
/** |
|
1672 |
* Print a text field that auto-completes a username entered into it. |
|
1673 |
* @param string $name - the name of the form field |
|
1674 |
* @return string |
|
1675 |
*/ |
|
1676 |
||
1677 |
function username_field($name, $value = false) |
|
1678 |
{ |
|
1679 |
$randomid = md5( time() . microtime() . mt_rand() ); |
|
184
d74ff822acc9
Replaced autocompleting username with a much more efficient algorithm and caching system
Dan
parents:
174
diff
changeset
|
1680 |
$text = '<input name="'.$name.'" onkeyup="new AutofillUsername(this);" autocomplete="off" type="text" size="30" id="userfield_'.$randomid.'"'; |
1 | 1681 |
if($value) $text .= ' value="'.$value.'"'; |
1682 |
$text .= ' />'; |
|
1683 |
return $text; |
|
1684 |
} |
|
1685 |
||
1686 |
/** |
|
1687 |
* Print a text field that auto-completes a page name entered into it. |
|
1688 |
* @param string $name - the name of the form field |
|
1689 |
* @return string |
|
1690 |
*/ |
|
1691 |
||
1692 |
function pagename_field($name, $value = false) |
|
1693 |
{ |
|
1694 |
$randomid = md5( time() . microtime() . mt_rand() ); |
|
1695 |
$text = '<input name="'.$name.'" onkeyup="ajaxPageNameComplete(this)" type="text" size="30" id="pagefield_'.$randomid.'"'; |
|
1696 |
if($value) $text .= ' value="'.$value.'"'; |
|
1697 |
$text .= ' />'; |
|
1698 |
$text .= '<script type="text/javascript"> |
|
1699 |
var inp = document.getElementById(\'pagefield_' . $randomid . '\'); |
|
1700 |
var f = get_parent_form(inp); |
|
1701 |
if ( f ) |
|
1702 |
{ |
|
1703 |
if ( typeof(f.onsubmit) != \'function\' ) |
|
1704 |
{ |
|
1705 |
f.onsubmit = function() { |
|
1706 |
if ( !submitAuthorized ) |
|
1707 |
{ |
|
1708 |
return false; |
|
1709 |
} |
|
1710 |
} |
|
1711 |
} |
|
1712 |
}</script>'; |
|
1713 |
return $text; |
|
1714 |
} |
|
1715 |
||
1716 |
/** |
|
1717 |
* Sends a textarea that can be converted to and from a TinyMCE widget on the fly. |
|
1718 |
* @param string The name of the form element |
|
1719 |
* @param string The initial content. Optional, defaults to blank |
|
1720 |
* @param int Rows in textarea |
|
1721 |
* @param int Columns in textarea |
|
1722 |
* @return string HTML and Javascript code. |
|
1723 |
*/ |
|
1724 |
||
1725 |
function tinymce_textarea($name, $content = '', $rows = 20, $cols = 60) |
|
1726 |
{ |
|
370
b251818286b1
Localized registration errors and activation/COPPA e-mails
Dan
parents:
355
diff
changeset
|
1727 |
global $lang; |
1 | 1728 |
$randomid = md5(microtime() . mt_rand()); |
1729 |
$html = ''; |
|
1730 |
$html .= '<textarea name="' . $name . '" rows="'.$rows.'" cols="'.$cols.'" style="width: 100%;" id="toggleMCEroot_'.$randomid.'">' . $content . '</textarea>'; |
|
370
b251818286b1
Localized registration errors and activation/COPPA e-mails
Dan
parents:
355
diff
changeset
|
1731 |
$html .= '<div style="float: right; display: table;" id="mceSwitchAgent_' . $randomid . '">' . $lang->get('etc_tinymce_btn_text') . ' | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">' . $lang->get('etc_tinymce_btn_graphical') . '</a></div>'; |
1 | 1732 |
$html .= '<script type="text/javascript"> |
1733 |
// <![CDATA[ |
|
1734 |
function toggleMCE_'.$randomid.'() |
|
1735 |
{ |
|
1736 |
var the_obj = document.getElementById(\'toggleMCEroot_' . $randomid . '\'); |
|
1737 |
var panel = document.getElementById(\'mceSwitchAgent_' . $randomid . '\'); |
|
370
b251818286b1
Localized registration errors and activation/COPPA e-mails
Dan
parents:
355
diff
changeset
|
1738 |
var text_editor = $lang.get("etc_tinymce_btn_text"); |
b251818286b1
Localized registration errors and activation/COPPA e-mails
Dan
parents:
355
diff
changeset
|
1739 |
var graphical_editor = $lang.get("etc_tinymce_btn_graphical"); |
1 | 1740 |
if ( the_obj.dnIsMCE == "yes" ) |
1741 |
{ |
|
1742 |
$dynano(the_obj).destroyMCE(); |
|
370
b251818286b1
Localized registration errors and activation/COPPA e-mails
Dan
parents:
355
diff
changeset
|
1743 |
panel.innerHTML = text_editor + \' | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">\' + graphical_editor + \'</a>\'; |
1 | 1744 |
} |
1745 |
else |
|
1746 |
{ |
|
1747 |
$dynano(the_obj).switchToMCE(); |
|
370
b251818286b1
Localized registration errors and activation/COPPA e-mails
Dan
parents:
355
diff
changeset
|
1748 |
panel.innerHTML = \'<a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">\' + text_editor + \'</a> | \' + graphical_editor; |
1 | 1749 |
} |
1750 |
} |
|
1751 |
// ]]> |
|
1752 |
</script>'; |
|
1753 |
return $html; |
|
1754 |
} |
|
1755 |
||
1756 |
/** |
|
1757 |
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;) |
|
1758 |
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class. |
|
1759 |
* @param $filename the filename of the template to be parsed |
|
1760 |
* @return object |
|
1761 |
*/ |
|
1762 |
||
1763 |
function makeParser($filename) |
|
1764 |
{ |
|
1765 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1766 |
$filename = ENANO_ROOT.'/themes/'.$template->theme.'/'.$filename; |
|
1767 |
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist'); |
|
1768 |
$code = file_get_contents($filename); |
|
1769 |
$parser = new templateIndividual($code); |
|
1770 |
return $parser; |
|
1771 |
} |
|
1772 |
||
1773 |
/** |
|
1774 |
* Same as $template->makeParser(), but takes a string instead of a filename. |
|
1775 |
* @param $text the text to parse |
|
1776 |
* @return object |
|
1777 |
*/ |
|
1778 |
||
1779 |
function makeParserText($code) |
|
1780 |
{ |
|
1781 |
$parser = new templateIndividual($code); |
|
1782 |
return $parser; |
|
1783 |
} |
|
1784 |
||
1785 |
/** |
|
1786 |
* Fetch the HTML for a plugin-added sidebar block |
|
1787 |
* @param $name the plugin name |
|
1788 |
* @return string |
|
1789 |
*/ |
|
1790 |
||
1791 |
function fetch_block($id) |
|
1792 |
{ |
|
1793 |
if(isset($this->plugin_blocks[$id])) return $this->plugin_blocks[$id]; |
|
1794 |
else return false; |
|
1795 |
} |
|
1796 |
||
1797 |
/** |
|
1798 |
* Fetches the contents of both sidebars. |
|
1799 |
* @return array - key 0 is left, key 1 is right |
|
1800 |
* @example list($left, $right) = $template->fetch_sidebar(); |
|
1801 |
*/ |
|
1802 |
||
1803 |
function fetch_sidebar() |
|
1804 |
{ |
|
1805 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1806 |
||
1807 |
$left = ''; |
|
1808 |
$right = ''; |
|
1809 |
||
1810 |
if ( !$this->fetch_block('Links') ) |
|
1811 |
$this->initLinksWidget(); |
|
1812 |
||
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
276
diff
changeset
|
1813 |
$q = $db->sql_query('SELECT item_id,sidebar_id,block_name,block_type,block_content FROM '.table_prefix.'sidebar' . "\n" |
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
276
diff
changeset
|
1814 |
. ' WHERE item_enabled=1 ORDER BY sidebar_id ASC, item_order ASC;'); |
1 | 1815 |
if(!$q) $db->_die('The sidebar text data could not be selected.'); |
1816 |
||
1817 |
$vars = $this->extract_vars('elements.tpl'); |
|
1818 |
||
1819 |
if(isset($vars['sidebar_top'])) |
|
1820 |
{ |
|
1821 |
$left .= $this->parse($vars['sidebar_top']); |
|
1822 |
$right .= $this->parse($vars['sidebar_top']); |
|
1823 |
} |
|
1824 |
while($row = $db->fetchrow()) |
|
1825 |
{ |
|
1826 |
switch($row['block_type']) |
|
1827 |
{ |
|
1828 |
case BLOCK_WIKIFORMAT: |
|
1829 |
default: |
|
1830 |
$parser = $this->makeParserText($vars['sidebar_section']); |
|
1831 |
$c = RenderMan::render($row['block_content']); |
|
1832 |
break; |
|
1833 |
case BLOCK_TEMPLATEFORMAT: |
|
1834 |
$parser = $this->makeParserText($vars['sidebar_section']); |
|
1835 |
$c = $this->tplWikiFormat($row['block_content']); |
|
1836 |
break; |
|
1837 |
case BLOCK_HTML: |
|
1838 |
$parser = $this->makeParserText($vars['sidebar_section_raw']); |
|
1839 |
$c = $row['block_content']; |
|
1840 |
break; |
|
1841 |
case BLOCK_PHP: |
|
1842 |
$parser = $this->makeParserText($vars['sidebar_section_raw']); |
|
1843 |
ob_start(); |
|
1844 |
@eval($row['block_content']); |
|
1845 |
$c = ob_get_contents(); |
|
1846 |
ob_end_clean(); |
|
1847 |
break; |
|
1848 |
case BLOCK_PLUGIN: |
|
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
1849 |
$parser = $this->makeParserText('{CONTENT}'); |
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents:
471
diff
changeset
|
1850 |
$c = (gettype($this->fetch_block($row['block_content'])) == 'string') ? $this->fetch_block($row['block_content']) : /* This used to say "can't find plugin block" but I think it's more friendly to just silently hide it. */ ''; |
1 | 1851 |
break; |
1852 |
} |
|
1853 |
$parser->assign_vars(Array( 'TITLE'=>$this->tplWikiFormat($row['block_name']), 'CONTENT'=>$c )); |
|
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
1854 |
$run = $parser->run(); |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
1855 |
if ( $row['block_type'] == BLOCK_PLUGIN ) |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
1856 |
{ |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
1857 |
$run = str_replace('{TITLE}', $this->tplWikiFormat($row['block_name']), $run); |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
1858 |
} |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
1859 |
if ($row['sidebar_id'] == SIDEBAR_LEFT ) $left .= $run; |
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents:
413
diff
changeset
|
1860 |
elseif($row['sidebar_id'] == SIDEBAR_RIGHT) $right .= $run; |
1 | 1861 |
unset($parser); |
1862 |
} |
|
1863 |
$db->free_result(); |
|
1864 |
if(isset($vars['sidebar_bottom'])) |
|
1865 |
{ |
|
1866 |
$left .= $this->parse($vars['sidebar_bottom']); |
|
1867 |
$right .= $this->parse($vars['sidebar_bottom']); |
|
1868 |
} |
|
1869 |
$min = ''; |
|
1870 |
if(isset($vars['sidebar_top'])) |
|
1871 |
{ |
|
1872 |
$min .= $this->parse($vars['sidebar_top']); |
|
1873 |
} |
|
1874 |
if(isset($vars['sidebar_bottom'])) |
|
1875 |
{ |
|
1876 |
$min .= $this->parse($vars['sidebar_bottom']); |
|
1877 |
} |
|
1878 |
return Array($left, $right, $min); |
|
1879 |
} |
|
1880 |
||
1881 |
function initLinksWidget() |
|
1882 |
{ |
|
1883 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1884 |
// SourceForge/W3C buttons |
|
1885 |
$ob = Array(); |
|
27
dd659f6ba891
Converting all tables on new installations to UTF-8; this may break MySQL 4.0 compatibility; several minor cosmetic fixes; set Powered button under Links to "on" by default
Dan
parents:
22
diff
changeset
|
1886 |
$admintitle = ( $session->user_level >= USER_LEVEL_ADMIN ) ? 'title="You may disable this button in the admin panel under General Configuration."' : ''; |
1 | 1887 |
if(getConfig('sflogo_enabled')=='1') |
1888 |
{ |
|
203 | 1889 |
$sflogo_secure = ( isset($_SERVER['HTTPS']) ) ? 'https' : 'http'; |
1890 |
$ob[] = '<a style="text-align: center;" href="http://sourceforge.net/" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border-width: 0px;" alt="SourceForge.net Logo" src="' . $sflogo_secure . '://sflogo.sourceforge.net/sflogo.php?group_id='.getConfig('sflogo_groupid').'&type='.getConfig('sflogo_type').'" /></a>'; |
|
1 | 1891 |
} |
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1892 |
if(getConfig('w3c_v32') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 3.2" src="http://www.w3.org/Icons/valid-html32" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1893 |
if(getConfig('w3c_v40') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.0" src="http://www.w3.org/Icons/valid-html40" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1894 |
if(getConfig('w3c_v401') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.01" src="http://www.w3.org/Icons/valid-html401" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1895 |
if(getConfig('w3c_vxhtml10')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.0" src="http://www.w3.org/Icons/valid-xhtml10" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1896 |
if(getConfig('w3c_vxhtml11')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.1" src="http://www.w3.org/Icons/valid-xhtml11" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1897 |
if(getConfig('w3c_vcss') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid CSS" src="http://www.w3.org/Icons/valid-css" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1898 |
if(getConfig('dbd_button') =='1') $ob[] = '<a style="text-align: center;" href="http://www.defectivebydesign.org/join/button" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="DRM technology restricts what you can do with your computer" src="http://defectivebydesign.org/sites/nodrm.civicactions.net/files/images/dbd_sm_btn.gif" /><br /><small>Protect your freedom >></small></a>'; |
1 | 1899 |
|
1900 |
$code = $plugins->setHook('links_widget'); |
|
1901 |
foreach ( $code as $cmd ) |
|
1902 |
{ |
|
1903 |
eval($cmd); |
|
1904 |
} |
|
1905 |
||
71 | 1906 |
if(count($ob) > 0 || getConfig('powered_btn') == '1') $sb_links = '<div style="text-align: center; padding: 5px 0;">'. ( ( getConfig('powered_btn') == '1' ) ? $this->fading_button : '' ) . implode('<br />', $ob).'</div>'; |
1 | 1907 |
else $sb_links = ''; |
1908 |
||
1909 |
$this->sidebar_widget('Links', $sb_links); |
|
1910 |
} |
|
1911 |
||
1912 |
/** |
|
1913 |
* Builds a box showing unread private messages. |
|
1914 |
*/ |
|
1915 |
||
1916 |
function notify_unread_pms() |
|
1917 |
{ |
|
1918 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
322
5f1cd51bf1be
Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents:
320
diff
changeset
|
1919 |
if ( ( $paths->page_id == 'PrivateMessages' || $paths->page_id == 'Preferences' ) && $paths->namespace == 'Special' ) |
1 | 1920 |
{ |
1921 |
return ''; |
|
1922 |
} |
|
1923 |
$ob = '<div class="usermessage">'."\n"; |
|
1924 |
$s = ( $session->unread_pms == 1 ) ? '' : 's'; |
|
1925 |
$ob .= " <b>You have $session->unread_pms <a href=" . '"' . makeUrlNS('Special', 'PrivateMessages' ) . '"' . ">unread private message$s</a>.</b><br />\n Messages: "; |
|
1926 |
$q = $db->sql_query('SELECT message_id,message_from,subject,date FROM '.table_prefix.'privmsgs WHERE message_to=\'' . $session->username . '\' AND message_read=0 ORDER BY date DESC;'); |
|
1927 |
if ( !$q ) |
|
1928 |
$db->_die(); |
|
1929 |
$messages = array(); |
|
1930 |
while ( $row = $db->fetchrow() ) |
|
1931 |
{ |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
335
diff
changeset
|
1932 |
$messages[] = '<a href="' . makeUrlNS('Special', 'PrivateMessages/View/' . $row['message_id']) . '" title="Sent ' . enano_date('F d, Y h:i a', $row['date']) . ' by ' . $row['message_from'] . '">' . $row['subject'] . '</a>'; |
1 | 1933 |
} |
1934 |
$ob .= implode(",\n " , $messages)."\n"; |
|
1935 |
$ob .= '</div>'."\n"; |
|
1936 |
return $ob; |
|
1937 |
} |
|
1938 |
||
1939 |
} // class template |
|
1940 |
||
1941 |
/** |
|
1942 |
* Handles parsing of an individual template file. Instances should only be created through $template->makeParser(). To use: |
|
1943 |
* - Call $template->makeParser(template file name) - file name should be something.tpl, css/whatever.css, etc. |
|
1944 |
* - Make an array of strings you want the template to access. $array['STRING'] would be referenced in the template like {STRING} |
|
1945 |
* - Make an array of boolean values. These can be used for conditionals in the template (<!-- IF something --> whatever <!-- ENDIF something -->) |
|
1946 |
* - Call assign_vars() to pass the strings to the template parser. Same thing with assign_bool(). |
|
1947 |
* - Call run() to parse the template and get your fully compiled HTML. |
|
1948 |
* @access private |
|
1949 |
*/ |
|
1950 |
||
1951 |
class templateIndividual extends template { |
|
1952 |
var $tpl_strings, $tpl_bool, $tpl_code; |
|
1953 |
var $compiled = false; |
|
1954 |
/** |
|
1955 |
* Constructor. |
|
1956 |
*/ |
|
1957 |
function __construct($text) |
|
1958 |
{ |
|
1959 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1960 |
$this->tpl_code = $text; |
|
1961 |
$this->tpl_strings = $template->tpl_strings; |
|
1962 |
$this->tpl_bool = $template->tpl_bool; |
|
1963 |
} |
|
1964 |
/** |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
335
diff
changeset
|
1965 |
* PHP 4 constructor. Deprecated in 1.1.x. |
1 | 1966 |
*/ |
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
335
diff
changeset
|
1967 |
/* |
1 | 1968 |
function templateIndividual($text) |
1969 |
{ |
|
1970 |
$this->__construct($text); |
|
1971 |
} |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
335
diff
changeset
|
1972 |
*/ |
1 | 1973 |
/** |
1974 |
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file. |
|
1975 |
* @param $vars array |
|
1976 |
*/ |
|
1977 |
function assign_vars($vars) |
|
1978 |
{ |
|
1979 |
$this->tpl_strings = array_merge($this->tpl_strings, $vars); |
|
1980 |
} |
|
1981 |
/** |
|
1982 |
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements. |
|
1983 |
* @param $vars array |
|
1984 |
*/ |
|
1985 |
function assign_bool($vars) |
|
1986 |
{ |
|
1987 |
$this->tpl_bool = array_merge($this->tpl_bool, $vars); |
|
1988 |
} |
|
1989 |
/** |
|
1990 |
* Compiles and executes the template code. |
|
1991 |
* @return string |
|
1992 |
*/ |
|
1993 |
function run() |
|
1994 |
{ |
|
1995 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1996 |
if(!$this->compiled) |
|
1997 |
{ |
|
1998 |
$this->tpl_code = $this->compile_template_text($this->tpl_code); |
|
1999 |
$this->compiled = true; |
|
2000 |
} |
|
2001 |
return eval($this->tpl_code); |
|
2002 |
} |
|
2003 |
} |
|
2004 |
||
2005 |
/** |
|
2006 |
* A version of the template compiler that does not rely at all on the other parts of Enano. Used during installation and for showing |
|
2007 |
* "critical error" messages. ** REQUIRES ** the Oxygen theme. |
|
2008 |
*/ |
|
2009 |
||
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
276
diff
changeset
|
2010 |
class template_nodb |
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
parents:
276
diff
changeset
|
2011 |
{ |
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
parents:
272
diff
changeset
|
2012 |
var $fading_button, $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list; |
1 | 2013 |
function __construct() { |
2014 |
||
2015 |
$this->tpl_bool = Array(); |
|
2016 |
$this->tpl_strings = Array(); |
|
2017 |
$this->sidebar_extra = ''; |
|
2018 |
$this->sidebar_widgets = ''; |
|
2019 |
$this->toolbar_menu = ''; |
|
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2020 |
$this->additional_headers = '<style type="text/css">div.pagenav { border-top: 1px solid #CCC; padding-top: 7px; margin-top: 10px; }</style>'; |
1 | 2021 |
|
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
parents:
272
diff
changeset
|
2022 |
$this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto 5px auto;"> |
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
parents:
272
diff
changeset
|
2023 |
<a href="http://enanocms.org/" onclick="window.open(this.href); return false;"><img style="border-width: 0;" alt=" " src="'.scriptPath.'/images/about-powered-enano.png" onmouseover="domOpacity(this, 100, 0, 500);" onmouseout="domOpacity(this, 0, 100, 500);" /></a> |
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
parents:
272
diff
changeset
|
2024 |
</div>'; |
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
parents:
272
diff
changeset
|
2025 |
|
1 | 2026 |
$this->theme_list = Array(Array( |
2027 |
'theme_id'=>'oxygen', |
|
2028 |
'theme_name'=>'Oxygen', |
|
2029 |
'theme_order'=>1, |
|
2030 |
'enabled'=>1, |
|
2031 |
)); |
|
2032 |
} |
|
2033 |
function template() { |
|
2034 |
$this->__construct(); |
|
2035 |
} |
|
2036 |
function get_css($s = false) { |
|
2037 |
if($s) |
|
2038 |
return $this->process_template('css/'.$s); |
|
2039 |
else |
|
2040 |
return $this->process_template('css/'.$this->style.'.css'); |
|
2041 |
} |
|
2042 |
function load_theme($name, $css, $auto_init = true) { |
|
2043 |
$this->theme = $name; |
|
2044 |
$this->style = $css; |
|
2045 |
||
2046 |
$this->tpl_strings['SCRIPTPATH'] = scriptPath; |
|
2047 |
if ( $auto_init ) |
|
2048 |
$this->init_vars(); |
|
2049 |
} |
|
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2050 |
function add_header($html) |
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2051 |
{ |
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2052 |
$this->additional_headers .= "\n<!-- ----------------------------------------------------------- -->\n\n " . $html; |
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2053 |
} |
1 | 2054 |
function init_vars() |
2055 |
{ |
|
2056 |
global $sideinfo; |
|
2057 |
global $this_page; |
|
243
a7d0f2711df1
Installer localization started. Welcome, License, and SysReqs pages are fully localized.
Dan
parents:
231
diff
changeset
|
2058 |
global $lang; |
1 | 2059 |
global $db, $session, $paths, $template, $plugins; // Common objects |
2060 |
$tplvars = $this->extract_vars('elements.tpl'); |
|
2061 |
$tb = ''; |
|
2062 |
// Get the "article" button text (depends on namespace) |
|
355
d15e4411ef65
Fixed a coupla minor bugs with the template_nodb class wrongly referencing $lang
Dan
parents:
349
diff
changeset
|
2063 |
if(defined('IN_ENANO_INSTALL') && is_object($lang)) $ns = $lang->get('meta_btn_article'); |
1 | 2064 |
else $ns = 'system error page'; |
243
a7d0f2711df1
Installer localization started. Welcome, License, and SysReqs pages are fully localized.
Dan
parents:
231
diff
changeset
|
2065 |
$t = str_replace('{FLAGS}', 'onclick="return false;" title="Hey! A button that doesn\'t do anything. Clever..." accesskey="a"', $tplvars['toolbar_button']); |
1 | 2066 |
$t = str_replace('{HREF}', '#', $t); |
2067 |
$t = str_replace('{TEXT}', $ns, $t); |
|
2068 |
$tb .= $t; |
|
2069 |
||
2070 |
// Page toolbar |
|
2071 |
||
2072 |
$this->tpl_bool = Array( |
|
2073 |
'auth_admin'=>true, |
|
2074 |
'user_logged_in'=>true, |
|
2075 |
'right_sidebar'=>false, |
|
2076 |
); |
|
2077 |
$this->tpl_bool['in_sidebar_admin'] = false; |
|
2078 |
||
2079 |
$this->tpl_bool['auth_rename'] = false; |
|
2080 |
||
2081 |
$asq = $asa = ''; |
|
2082 |
||
2083 |
$this->tpl_bool['fixed_menus'] = false; |
|
2084 |
$slink = defined('IN_ENANO_INSTALL') ? scriptPath.'/install.php?mode=css' : makeUrlNS('Special', 'CSS'); |
|
2085 |
||
2086 |
$title = ( is_object($paths) ) ? $paths->page : 'Critical error'; |
|
2087 |
||
243
a7d0f2711df1
Installer localization started. Welcome, License, and SysReqs pages are fully localized.
Dan
parents:
231
diff
changeset
|
2088 |
$headers = '<style type="text/css">div.pagenav { border-top: 1px solid #CCC; padding-top: 7px; margin-top: 10px; }</style>'; |
244
09f8a9a03ccf
Localized installer database info page and finished localizing sysreqs page
Dan
parents:
243
diff
changeset
|
2089 |
|
09f8a9a03ccf
Localized installer database info page and finished localizing sysreqs page
Dan
parents:
243
diff
changeset
|
2090 |
$js_dynamic = ''; |
243
a7d0f2711df1
Installer localization started. Welcome, License, and SysReqs pages are fully localized.
Dan
parents:
231
diff
changeset
|
2091 |
if ( defined('IN_ENANO_INSTALL') ) |
a7d0f2711df1
Installer localization started. Welcome, License, and SysReqs pages are fully localized.
Dan
parents:
231
diff
changeset
|
2092 |
{ |
244
09f8a9a03ccf
Localized installer database info page and finished localizing sysreqs page
Dan
parents:
243
diff
changeset
|
2093 |
$js_dynamic .= '<script type="text/javascript" src="install.php?mode=langjs"></script>'; |
243
a7d0f2711df1
Installer localization started. Welcome, License, and SysReqs pages are fully localized.
Dan
parents:
231
diff
changeset
|
2094 |
} |
244
09f8a9a03ccf
Localized installer database info page and finished localizing sysreqs page
Dan
parents:
243
diff
changeset
|
2095 |
$js_dynamic .= '<script type="text/javascript">var title="'. $title .'"; var scriptPath="'.scriptPath.'"; var ENANO_SID=""; var AES_BITS='.AES_BITS.'; var AES_BLOCKSIZE=' . AES_BLOCKSIZE . '; var pagepass=\'\'; var ENANO_LANG_ID = 1;</script>'; |
243
a7d0f2711df1
Installer localization started. Welcome, License, and SysReqs pages are fully localized.
Dan
parents:
231
diff
changeset
|
2096 |
|
1 | 2097 |
// The rewritten template engine will process all required vars during the load_template stage instead of (cough) re-processing everything each time around. |
2098 |
$tpl_strings = Array( |
|
2099 |
'PAGE_NAME'=>$this_page, |
|
2100 |
'PAGE_URLNAME'=>'Null', |
|
355
d15e4411ef65
Fixed a coupla minor bugs with the template_nodb class wrongly referencing $lang
Dan
parents:
349
diff
changeset
|
2101 |
'SITE_NAME'=> ( defined('IN_ENANO_INSTALL') && is_object($lang) ) ? $lang->get('meta_site_name') : 'Critical error', |
1 | 2102 |
'USERNAME'=>'admin', |
355
d15e4411ef65
Fixed a coupla minor bugs with the template_nodb class wrongly referencing $lang
Dan
parents:
349
diff
changeset
|
2103 |
'SITE_DESC'=>( defined('IN_ENANO_INSTALL') && is_object($lang) ) ? $lang->get('meta_site_desc') : 'This site is experiencing a problem and cannot load.', |
1 | 2104 |
'TOOLBAR'=>$tb, |
2105 |
'SCRIPTPATH'=>scriptPath, |
|
2106 |
'CONTENTPATH'=>contentPath, |
|
2107 |
'ADMIN_SID_QUES'=>$asq, |
|
2108 |
'ADMIN_SID_AMP'=>$asa, |
|
2109 |
'ADMIN_SID_AMP_HTML'=>'', |
|
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2110 |
'ADDITIONAL_HEADERS'=>$this->additional_headers, |
1 | 2111 |
'SIDEBAR_EXTRA'=>'', |
355
d15e4411ef65
Fixed a coupla minor bugs with the template_nodb class wrongly referencing $lang
Dan
parents:
349
diff
changeset
|
2112 |
'COPYRIGHT'=>( defined('IN_ENANO_INSTALL') && is_object($lang) ) ? $lang->get('meta_enano_copyright') : ( defined('ENANO_CONFIG_FETCHED') ? getConfig('copyright_notice') : '' ), |
1 | 2113 |
'TOOLBAR_EXTRAS'=>'', |
125
fb31c951d3a2
Fixed some rather major bugs in the registration system, this will need a release followup
Dan
parents:
118
diff
changeset
|
2114 |
'REQUEST_URI'=>( isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '' ).$_SERVER['REQUEST_URI'], |
1 | 2115 |
'STYLE_LINK'=>$slink, |
2116 |
'LOGOUT_LINK'=>'', |
|
2117 |
'THEME_LINK'=>'', |
|
2118 |
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme, |
|
2119 |
'THEME_ID'=>$this->theme, |
|
2120 |
'STYLE_ID'=>$this->style, |
|
244
09f8a9a03ccf
Localized installer database info page and finished localizing sysreqs page
Dan
parents:
243
diff
changeset
|
2121 |
'JS_DYNAMIC_VARS'=>$js_dynamic, |
1 | 2122 |
'SIDEBAR_RIGHT'=>'', |
377
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
parents:
372
diff
changeset
|
2123 |
'REPORT_URI' => '', |
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
parents:
372
diff
changeset
|
2124 |
'URL_ABOUT_ENANO' => 'http://enanocms.org/' |
1 | 2125 |
); |
2126 |
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings); |
|
2127 |
||
2128 |
$sidebar = ( gettype($sideinfo) == 'string' ) ? $sideinfo : ''; |
|
2129 |
if($sidebar != '') |
|
2130 |
{ |
|
2131 |
if(isset($tplvars['sidebar_top'])) |
|
2132 |
{ |
|
2133 |
$text = $this->makeParserText($tplvars['sidebar_top']); |
|
2134 |
$top = $text->run(); |
|
2135 |
} else { |
|
2136 |
$top = ''; |
|
2137 |
} |
|
2138 |
$p = $this->makeParserText($tplvars['sidebar_section']); |
|
2139 |
$p->assign_vars(Array( |
|
243
a7d0f2711df1
Installer localization started. Welcome, License, and SysReqs pages are fully localized.
Dan
parents:
231
diff
changeset
|
2140 |
'TITLE'=>$lang->get('meta_sidebar_heading'), |
1 | 2141 |
'CONTENT'=>$sidebar, |
2142 |
)); |
|
2143 |
$sidebar = $p->run(); |
|
2144 |
if(isset($tplvars['sidebar_bottom'])) |
|
2145 |
{ |
|
2146 |
$text = $this->makeParserText($tplvars['sidebar_bottom']); |
|
2147 |
$bottom = $text->run(); |
|
2148 |
} else { |
|
2149 |
$bottom = ''; |
|
2150 |
} |
|
2151 |
$sidebar = $top . $sidebar . $bottom; |
|
2152 |
} |
|
2153 |
$this->tpl_strings['SIDEBAR_LEFT'] = $sidebar; |
|
2154 |
||
2155 |
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != '') ? true : false; |
|
2156 |
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != '') ? true : false; |
|
2157 |
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility |
|
2158 |
$this->tpl_bool['stupid_mode'] = true; |
|
2159 |
} |
|
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2160 |
function header($simple = false) |
1 | 2161 |
{ |
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2162 |
$filename = ( $simple ) ? 'simple-header.tpl' : 'header.tpl'; |
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2163 |
if ( !$this->no_headers ) |
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2164 |
{ |
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2165 |
echo $this->process_template($filename); |
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2166 |
} |
1 | 2167 |
} |
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
parents:
256
diff
changeset
|
2168 |
function footer($simple = false) |
1 | 2169 |
{ |
2170 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2171 |
global $lang; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2172 |
|
1 | 2173 |
if(!$this->no_headers) { |
2174 |
global $_starttime; |
|
91 | 2175 |
|
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2176 |
$filename = ( $simple ) ? 'simple-footer.tpl' : 'footer.tpl'; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2177 |
$t = $this->process_template($filename); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2178 |
|
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2179 |
$f = microtime_float(); |
1 | 2180 |
$f = $f - $_starttime; |
2181 |
$f = round($f, 4); |
|
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2182 |
|
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2183 |
if ( is_object($lang) ) |
98
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
2184 |
{ |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2185 |
$t_loc = $lang->get('page_msg_stats_gentime_short', array('time' => $f)); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2186 |
$t_loc_long = $lang->get('page_msg_stats_gentime_long', array('time' => $f)); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2187 |
$q_loc = '<a href="' . $this->tpl_strings['REPORT_URI'] . '">' . $lang->get('page_msg_stats_sql', array('nq' => ( is_object($db) ? $db->num_queries : 'N/A' ))) . '</a>'; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2188 |
$dbg = $t_loc; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2189 |
$dbg_long = $t_loc_long; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2190 |
if ( $session->user_level >= USER_LEVEL_ADMIN ) |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2191 |
{ |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2192 |
$dbg .= " | $q_loc"; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2193 |
$dbg_long .= " | $q_loc"; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2194 |
} |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2195 |
$t = str_replace('[[EnanoPoweredLink]]', $lang->get('page_enano_powered', array('about_uri' => $this->tpl_strings['URL_ABOUT_ENANO'])), $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2196 |
$t = str_replace('[[EnanoPoweredLinkLong]]', $lang->get('page_enano_powered_long', array('about_uri' => $this->tpl_strings['URL_ABOUT_ENANO'])), $t); |
98
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
2197 |
} |
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
2198 |
else |
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
2199 |
{ |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2200 |
$t_loc = "Time: {$f}s"; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2201 |
$t_loc_long = "Generated in {$f}sec"; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2202 |
$q_loc = '<a href="' . $this->tpl_strings['REPORT_URI'] . '">' . ( is_object($db) ? "{$db->num_queries} SQL" : 'Queries: N/A' ) . '</a>'; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2203 |
$dbg = $t_loc; |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2204 |
$dbg_long = $t_loc_long; |
484
340c81fdd350
Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
Dan
parents:
472
diff
changeset
|
2205 |
if ( is_object($session) ) |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2206 |
{ |
484
340c81fdd350
Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
Dan
parents:
472
diff
changeset
|
2207 |
if ( $session->user_level >= USER_LEVEL_ADMIN ) |
340c81fdd350
Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
Dan
parents:
472
diff
changeset
|
2208 |
{ |
340c81fdd350
Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
Dan
parents:
472
diff
changeset
|
2209 |
$dbg .= " | $q_loc"; |
340c81fdd350
Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
Dan
parents:
472
diff
changeset
|
2210 |
$dbg_long .= " | $q_loc"; |
340c81fdd350
Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
Dan
parents:
472
diff
changeset
|
2211 |
} |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2212 |
} |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2213 |
$t = str_replace('[[EnanoPoweredLink]]', 'Powered by <a href="http://enanocms.org/" onclick="window.open(this.href); return false;">Enano</a>', $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2214 |
$t = str_replace('[[EnanoPoweredLinkLong]]', 'Website engine powered by <a href="http://enanocms.org/" onclick="window.open(this.href); return false;">Enano</a>', $t); |
98
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
2215 |
} |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2216 |
|
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2217 |
$t = str_replace('[[Stats]]', $dbg, $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2218 |
$t = str_replace('[[StatsLong]]', $dbg_long, $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2219 |
$t = str_replace('[[NumQueries]]', ( is_object($db) ? (string)$db->num_queries : '0' ), $t); |
91 | 2220 |
$t = str_replace('[[GenTime]]', (string)$f, $t); |
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2221 |
$t = str_replace('[[NumQueriesLoc]]', $q_loc, $t); |
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
389
diff
changeset
|
2222 |
$t = str_replace('[[GenTimeLoc]]', $t_loc, $t); |
91 | 2223 |
|
1 | 2224 |
echo $t; |
2225 |
} |
|
2226 |
else return ''; |
|
2227 |
} |
|
2228 |
function getHeader() |
|
2229 |
{ |
|
2230 |
if(!$this->no_headers) return $this->process_template('header.tpl'); |
|
2231 |
else return ''; |
|
2232 |
} |
|
2233 |
function getFooter() |
|
2234 |
{ |
|
2235 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2236 |
if(!$this->no_headers) { |
|
2237 |
global $_starttime; |
|
2238 |
$f = microtime(true); |
|
2239 |
$f = $f - $_starttime; |
|
2240 |
$f = round($f, 4); |
|
2241 |
if(defined('IN_ENANO_INSTALL')) $nq = 'N/A'; |
|
2242 |
else $nq = $db->num_queries; |
|
2243 |
if($nq == 0) $nq = 'N/A'; |
|
2244 |
$dbg = 'Time: '.$f.'s | Queries: '.$nq; |
|
2245 |
if($nq == 0) $nq = 'N/A'; |
|
2246 |
$t = $this->process_template('footer.tpl'); |
|
2247 |
$t = str_replace('[[Stats]]', $dbg, $t); |
|
2248 |
return $t; |
|
2249 |
} |
|
2250 |
else return ''; |
|
2251 |
} |
|
2252 |
||
2253 |
function process_template($file) { |
|
2254 |
||
2255 |
eval($this->compile_template($file)); |
|
2256 |
return $tpl_code; |
|
2257 |
} |
|
2258 |
||
2259 |
function extract_vars($file) { |
|
2260 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2261 |
if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file)) die('Cannot find '.$file.' file for style "'.$this->theme.'", exiting'); |
|
2262 |
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file); |
|
2263 |
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches); |
|
2264 |
$tplvars = Array(); |
|
2265 |
for($i=0;$i<sizeof($matches[1]);$i++) |
|
2266 |
{ |
|
2267 |
$tplvars[$matches[1][$i]] = $matches[2][$i]; |
|
2268 |
} |
|
2269 |
return $tplvars; |
|
2270 |
} |
|
2271 |
function compile_template($text) { |
|
2272 |
global $sideinfo; |
|
2273 |
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text); |
|
2274 |
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection |
|
2275 |
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;'; |
|
2276 |
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text); |
|
2277 |
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text); |
|
2278 |
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text); |
|
2279 |
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;">Enano critical error page</a></div></div>', $text); |
|
2280 |
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text); |
|
2281 |
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text); |
|
2282 |
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text); |
|
2283 |
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text); |
|
2284 |
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); |
|
2285 |
return $text; //('<pre>'.htmlspecialchars($text).'</pre>'); |
|
2286 |
} |
|
2287 |
||
2288 |
function compile_template_text($text) { |
|
2289 |
global $sideinfo; |
|
2290 |
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection |
|
2291 |
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;'; |
|
2292 |
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text); |
|
2293 |
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text); |
|
2294 |
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text); |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
2295 |
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;>Enano critical error page</a></div></div>', $text); |
1 | 2296 |
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text); |
2297 |
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text); |
|
2298 |
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text); |
|
2299 |
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text); |
|
2300 |
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); |
|
2301 |
return $text; //('<pre>'.htmlspecialchars($text).'</pre>'); |
|
2302 |
} |
|
2303 |
||
2304 |
/** |
|
2305 |
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;) |
|
2306 |
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class. |
|
2307 |
* @param $filename the filename of the template to be parsed |
|
2308 |
* @return object |
|
2309 |
*/ |
|
2310 |
||
2311 |
function makeParser($filename) |
|
2312 |
{ |
|
2313 |
$filename = ENANO_ROOT.'/themes/'.$this->theme.'/'.$filename; |
|
2314 |
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist'); |
|
2315 |
$code = file_get_contents($filename); |
|
2316 |
$parser = new templateIndividualSafe($code, $this); |
|
2317 |
return $parser; |
|
2318 |
} |
|
2319 |
||
2320 |
/** |
|
2321 |
* Same as $template->makeParser(), but takes a string instead of a filename. |
|
2322 |
* @param $text the text to parse |
|
2323 |
* @return object |
|
2324 |
*/ |
|
2325 |
||
2326 |
function makeParserText($code) |
|
2327 |
{ |
|
2328 |
$parser = new templateIndividualSafe($code, $this); |
|
2329 |
return $parser; |
|
2330 |
} |
|
2331 |
||
2332 |
} // class template_nodb |
|
2333 |
||
2334 |
/** |
|
2335 |
* Identical to templateIndividual, except extends template_nodb instead of template |
|
2336 |
* @see class template |
|
2337 |
*/ |
|
2338 |
||
2339 |
class templateIndividualSafe extends template_nodb { |
|
2340 |
var $tpl_strings, $tpl_bool, $tpl_code; |
|
2341 |
var $compiled = false; |
|
2342 |
/** |
|
2343 |
* Constructor. |
|
2344 |
*/ |
|
2345 |
function __construct($text, $parent) |
|
2346 |
{ |
|
2347 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2348 |
$this->tpl_code = $text; |
|
2349 |
$this->tpl_strings = $parent->tpl_strings; |
|
2350 |
$this->tpl_bool = $parent->tpl_bool; |
|
2351 |
} |
|
2352 |
/** |
|
2353 |
* PHP 4 constructor. |
|
2354 |
*/ |
|
2355 |
function templateIndividual($text) |
|
2356 |
{ |
|
2357 |
$this->__construct($text); |
|
2358 |
} |
|
2359 |
/** |
|
2360 |
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file. |
|
2361 |
* @param $vars array |
|
2362 |
*/ |
|
2363 |
function assign_vars($vars) |
|
2364 |
{ |
|
2365 |
if(is_array($this->tpl_strings)) |
|
2366 |
$this->tpl_strings = array_merge($this->tpl_strings, $vars); |
|
2367 |
else |
|
2368 |
$this->tpl_strings = $vars; |
|
2369 |
} |
|
2370 |
/** |
|
2371 |
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements. |
|
2372 |
* @param $vars array |
|
2373 |
*/ |
|
2374 |
function assign_bool($vars) |
|
2375 |
{ |
|
2376 |
$this->tpl_bool = array_merge($this->tpl_bool, $vars); |
|
2377 |
} |
|
2378 |
/** |
|
2379 |
* Compiles and executes the template code. |
|
2380 |
* @return string |
|
2381 |
*/ |
|
2382 |
function run() |
|
2383 |
{ |
|
2384 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
2385 |
if(!$this->compiled) |
|
2386 |
{ |
|
2387 |
$this->tpl_code = $this->compile_template_text($this->tpl_code); |
|
2388 |
$this->compiled = true; |
|
2389 |
} |
|
2390 |
return eval($this->tpl_code); |
|
2391 |
} |
|
2392 |
} |
|
2393 |
||
2394 |
?> |