1
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 5
* Version 1.0.2 (Coblynau)
1
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
class template {
+ − 16
var $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list, $named_theme_list, $default_theme, $default_style, $plugin_blocks, $namespace_string, $style_list, $theme_loaded;
30
+ − 17
+ − 18
/**
+ − 19
* Set to true if the site is disabled and thus a message needs to be shown. This should ONLY be changed by common.php.
+ − 20
* @var bool
+ − 21
* @access private
+ − 22
*/
+ − 23
+ − 24
var $site_disabled = false;
+ − 25
53
+ − 26
/**
+ − 27
* One of the absolute best parts of Enano :-P
+ − 28
* @var string
+ − 29
*/
+ − 30
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
diff
changeset
+ − 31
var $fading_button = '';
53
+ − 32
1
+ − 33
function __construct()
+ − 34
{
+ − 35
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 36
$this->tpl_bool = Array();
+ − 37
$this->tpl_strings = Array();
+ − 38
$this->sidebar_extra = '';
+ − 39
$this->toolbar_menu = '';
+ − 40
$this->additional_headers = '';
+ − 41
$this->plugin_blocks = Array();
+ − 42
$this->theme_loaded = false;
+ − 43
201
+ − 44
$this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto 5px auto;">
87
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
diff
changeset
+ − 45
<a href="http://enanocms.org/" onclick="window.open(this.href); return false;"><img style="border-width: 0;" alt=" " src="'.scriptPath.'/images/about-powered-enano.png" onmouseover="domOpacity(this, 100, 0, 500);" onmouseout="domOpacity(this, 0, 100, 500);" /></a>
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
diff
changeset
+ − 46
</div>';
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
diff
changeset
+ − 47
1
+ − 48
$this->theme_list = Array();
+ − 49
$this->named_theme_list = Array();
+ − 50
$e = $db->sql_query('SELECT theme_id,theme_name,enabled,default_style FROM '.table_prefix.'themes WHERE enabled=1 ORDER BY theme_order;');
+ − 51
if(!$e) $db->_die('The list of themes could not be selected.');
+ − 52
for($i=0;$i < $db->numrows(); $i++)
+ − 53
{
+ − 54
$this->theme_list[$i] = $db->fetchrow();
+ − 55
$this->named_theme_list[$this->theme_list[$i]['theme_id']] = $this->theme_list[$i];
+ − 56
}
+ − 57
$db->free_result();
+ − 58
$this->default_theme = $this->theme_list[0]['theme_id'];
+ − 59
$dir = ENANO_ROOT.'/themes/'.$this->default_theme.'/css/';
+ − 60
$list = Array();
+ − 61
// Open a known directory, and proceed to read its contents
+ − 62
if (is_dir($dir)) {
+ − 63
if ($dh = opendir($dir)) {
+ − 64
while (($file = readdir($dh)) !== false) {
+ − 65
if(preg_match('#^(.*?)\.css$#i', $file) && $file != '_printable.css') {
+ − 66
$list[] = substr($file, 0, strlen($file)-4);
+ − 67
}
+ − 68
}
+ − 69
closedir($dh);
+ − 70
}
+ − 71
}
+ − 72
+ − 73
$def = ENANO_ROOT.'/themes/'.$this->default_theme.'/css/'.$this->named_theme_list[$this->default_theme]['default_style'];
+ − 74
if(file_exists($def))
+ − 75
{
+ − 76
$this->default_style = substr($this->named_theme_list[$this->default_theme]['default_style'], 0, strlen($this->named_theme_list[$this->default_theme]['default_style'])-4);
+ − 77
} else {
+ − 78
$this->default_style = $list[0];
+ − 79
}
+ − 80
+ − 81
$this->style_list = $list;
+ − 82
+ − 83
}
+ − 84
function template()
+ − 85
{
+ − 86
$this->__construct();
+ − 87
}
+ − 88
function sidebar_widget($t, $h)
+ − 89
{
+ − 90
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 91
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 92
{
+ − 93
$this->load_theme($session->theme, $session->style);
+ − 94
}
+ − 95
if(!$this->sidebar_widgets)
+ − 96
$this->sidebar_widgets = '';
+ − 97
$tplvars = $this->extract_vars('elements.tpl');
+ − 98
$parser = $this->makeParserText($tplvars['sidebar_section_raw']);
+ − 99
$parser->assign_vars(Array('TITLE'=>$t,'CONTENT'=>$h));
+ − 100
$this->plugin_blocks[$t] = $h;
+ − 101
$this->sidebar_widgets .= $parser->run();
+ − 102
}
+ − 103
function add_header($html)
+ − 104
{
+ − 105
$this->additional_headers .= "\n" . $html;
+ − 106
}
+ − 107
function get_css($s = false)
+ − 108
{
+ − 109
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 110
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 111
$this->load_theme($session->theme, $session->style);
+ − 112
$path = ( $s ) ? 'css/'.$s : 'css/'.$this->style.'.css';
+ − 113
if ( !file_exists(ENANO_ROOT . '/themes/' . $this->theme . '/' . $path) )
+ − 114
{
+ − 115
echo "/* WARNING: Falling back to default file because file $path does not exist */\n";
+ − 116
$path = 'css/' . $this->style_list[0] . '.css';
+ − 117
}
+ − 118
return $this->process_template($path);
+ − 119
}
+ − 120
function load_theme($name = false, $css = false)
+ − 121
{
+ − 122
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 123
$this->theme = ( $name ) ? $name : $session->theme;
+ − 124
$this->style = ( $css ) ? $css : $session->style;
+ − 125
if ( !$this->theme )
+ − 126
{
+ − 127
$this->theme = $this->theme_list[0]['theme_id'];
+ − 128
$this->style = substr($this->theme_list[0]['default_style'], 0, strlen($this->theme_list[0]['default_style'])-4);
+ − 129
}
+ − 130
$this->theme_loaded = true;
+ − 131
}
+ − 132
+ − 133
function init_vars()
+ − 134
{
+ − 135
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 136
global $email;
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 137
global $lang;
1
+ − 138
+ − 139
if(!$this->theme || !$this->style)
+ − 140
{
+ − 141
$this->load_theme();
+ − 142
}
+ − 143
+ − 144
if(defined('ENANO_TEMPLATE_LOADED'))
+ − 145
{
+ − 146
die_semicritical('Illegal call', '<p>$template->load_theme was called multiple times, this is not supposed to happen. Exiting with fatal error.</p>');
+ − 147
}
+ − 148
+ − 149
define('ENANO_TEMPLATE_LOADED', '');
+ − 150
+ − 151
$tplvars = $this->extract_vars('elements.tpl');
+ − 152
+ − 153
if(isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE'))
+ − 154
{
+ − 155
$this->add_header('
+ − 156
<!--[if lt IE 7]>
+ − 157
<script language="JavaScript">
+ − 158
function correctPNG() // correctly handle PNG transparency in Win IE 5.5 & 6.
+ − 159
{
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 160
var arVersion = navigator.appVersion.split("MSIE");
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 161
var version = parseFloat(arVersion[1]);
1
+ − 162
if (version >= 5.5 && typeof(document.body.filters) == "object")
+ − 163
{
+ − 164
for(var i=0; i<document.images.length; i++)
+ − 165
{
+ − 166
var img = document.images[i];
+ − 167
continue;
+ − 168
var imgName = img.src.toUpperCase();
+ − 169
if (imgName.substring(imgName.length-3, imgName.length) == "PNG")
+ − 170
{
+ − 171
var imgID = (img.id) ? "id=\'" + img.id + "\' " : "";
+ − 172
var imgClass = (img.className) ? "class=\'" + img.className + "\' " : "";
+ − 173
var imgTitle = (img.title) ? "title=\'" + img.title + "\' " : "title=\'" + img.alt + "\' ";
+ − 174
var imgStyle = "display:inline-block;" + img.style.cssText;
+ − 175
if (img.align == "left") imgStyle = "float:left;" + imgStyle;
+ − 176
if (img.align == "right") imgStyle = "float:right;" + imgStyle;
+ − 177
if (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle;
+ − 178
var strNewHTML = "<span " + imgID + imgClass + imgTitle + " style=\\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";" + "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader" + "(src=\\\'" + img.src + "\\\', sizingMethod=\'scale\');\\"></span>";
+ − 179
img.outerHTML = strNewHTML;
+ − 180
i = i-1;
+ − 181
}
+ − 182
}
+ − 183
}
+ − 184
}
+ − 185
window.attachEvent("onload", correctPNG);
+ − 186
</script>
+ − 187
<![endif]-->
+ − 188
');
+ − 189
}
+ − 190
+ − 191
// Get the "article" button text (depends on namespace)
+ − 192
switch($paths->namespace) {
+ − 193
case "Article":
+ − 194
default:
211
+ − 195
$ns = $lang->get('onpage_lbl_page_article');
1
+ − 196
break;
+ − 197
case "Admin":
211
+ − 198
$ns = $lang->get('onpage_lbl_page_admin');
1
+ − 199
break;
+ − 200
case "System":
211
+ − 201
$ns = $lang->get('onpage_lbl_page_system');
1
+ − 202
break;
+ − 203
case "File":
211
+ − 204
$ns = $lang->get('onpage_lbl_page_file');
1
+ − 205
break;
+ − 206
case "Help":
211
+ − 207
$ns = $lang->get('onpage_lbl_page_help');
1
+ − 208
break;
+ − 209
case "User":
211
+ − 210
$ns = $lang->get('onpage_lbl_page_user');
1
+ − 211
break;
+ − 212
case "Special":
211
+ − 213
$ns = $lang->get('onpage_lbl_page_special');
1
+ − 214
break;
+ − 215
case "Template":
211
+ − 216
$ns = $lang->get('onpage_lbl_page_template');
1
+ − 217
break;
+ − 218
case "Project":
211
+ − 219
$ns = $lang->get('onpage_lbl_page_project');
1
+ − 220
break;
+ − 221
case "Category":
211
+ − 222
$ns = $lang->get('onpage_lbl_page_category');
1
+ − 223
break;
312
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 224
case "Anonymous":
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 225
$ns = 'external page';
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 226
break;
1
+ − 227
}
+ − 228
$this->namespace_string = $ns;
211
+ − 229
unset($ns);
1
+ − 230
$code = $plugins->setHook('page_type_string_set');
+ − 231
foreach ( $code as $cmd )
+ − 232
{
+ − 233
eval($cmd);
+ − 234
}
+ − 235
$ns =& $this->namespace_string;
+ − 236
+ − 237
// Initialize the toolbar
+ − 238
$tb = '';
+ − 239
+ − 240
// Create "xx page" button
+ − 241
+ − 242
$btn_selected = ( isset($tplvars['toolbar_button_selected'])) ? $tplvars['toolbar_button_selected'] : $tplvars['toolbar_button'];
+ − 243
$parser = $this->makeParserText($btn_selected);
+ − 244
312
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 245
if ( true || !$paths->anonymous_page )
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 246
{
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 247
$parser->assign_vars(array(
313
+ − 248
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxReset()); return false; }" title="' . $lang->get('onpage_tip_article') . '" accesskey="a"',
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 249
'PARENTFLAGS' => 'id="mdgToolbar_article"',
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 250
'HREF' => makeUrl($paths->page, null, true),
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 251
'TEXT' => $this->namespace_string
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 252
));
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 253
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 254
$tb .= $parser->run();
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 255
}
1
+ − 256
+ − 257
$button = $this->makeParserText($tplvars['toolbar_button']);
+ − 258
+ − 259
// Page toolbar
+ − 260
// Comments button
+ − 261
if ( $session->get_permissions('read') && getConfig('enable_comments')=='1' && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $paths->cpage['comments_on'] == 1 )
+ − 262
{
+ − 263
+ − 264
$e = $db->sql_query('SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\';');
+ − 265
if ( !$e )
+ − 266
{
+ − 267
$db->_die();
+ − 268
}
+ − 269
$nc = $db->numrows();
+ − 270
$nu = 0;
+ − 271
$na = 0;
+ − 272
+ − 273
while ( $r = $db->fetchrow() )
+ − 274
{
+ − 275
if ( !$r['approved'] )
+ − 276
{
+ − 277
$nu++;
+ − 278
}
+ − 279
else
+ − 280
{
+ − 281
$na++;
+ − 282
}
+ − 283
}
+ − 284
+ − 285
$db->free_result();
+ − 286
$n = ( $session->get_permissions('mod_comments') ) ? (string)$nc : (string)$na;
+ − 287
if ( $session->get_permissions('mod_comments') && $nu > 0 )
+ − 288
{
211
+ − 289
$subst = array(
+ − 290
'num_comments' => $nc,
+ − 291
'num_unapp' => $nu
+ − 292
);
+ − 293
$btn_text = $lang->get('onpage_btn_discussion_unapp', $subst);
+ − 294
}
+ − 295
else
+ − 296
{
+ − 297
$subst = array(
+ − 298
'num_comments' => $nc
+ − 299
);
+ − 300
$btn_text = $lang->get('onpage_btn_discussion', $subst);
1
+ − 301
}
+ − 302
+ − 303
$button->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 304
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxComments()); return false; }" title="' . $lang->get('onpage_tip_comments') . '" accesskey="c"',
1
+ − 305
'PARENTFLAGS' => 'id="mdgToolbar_discussion"',
+ − 306
'HREF' => makeUrl($paths->page, 'do=comments', true),
211
+ − 307
'TEXT' => $btn_text,
1
+ − 308
));
+ − 309
+ − 310
$tb .= $button->run();
+ − 311
}
+ − 312
// Edit button
+ − 313
if($session->get_permissions('read') && ($paths->namespace != 'Special' && $paths->namespace != 'Admin') && ( $session->get_permissions('edit_page') && ( ( $paths->page_protected && $session->get_permissions('even_when_protected') ) || !$paths->page_protected ) ) )
+ − 314
{
+ − 315
$button->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 316
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxEditor()); return false; }" title="' . $lang->get('onpage_tip_edit') . '" accesskey="e"',
1
+ − 317
'PARENTFLAGS' => 'id="mdgToolbar_edit"',
+ − 318
'HREF' => makeUrl($paths->page, 'do=edit', true),
211
+ − 319
'TEXT' => $lang->get('onpage_btn_edit')
1
+ − 320
));
+ − 321
$tb .= $button->run();
+ − 322
// View source button
+ − 323
}
+ − 324
else if($session->get_permissions('view_source') && ( !$session->get_permissions('edit_page') || !$session->get_permissions('even_when_protected') && $paths->page_protected ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin')
+ − 325
{
+ − 326
$button->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 327
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxViewSource()); return false; }" title="' . $lang->get('onpage_tip_viewsource') . '" accesskey="e"',
1
+ − 328
'PARENTFLAGS' => 'id="mdgToolbar_edit"',
+ − 329
'HREF' => makeUrl($paths->page, 'do=viewsource', true),
211
+ − 330
'TEXT' => $lang->get('onpage_btn_viewsource')
1
+ − 331
));
+ − 332
$tb .= $button->run();
+ − 333
}
+ − 334
// History button
+ − 335
if ( $session->get_permissions('read') /* && $paths->wiki_mode */ && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('history_view') )
+ − 336
{
+ − 337
$button->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 338
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxHistory()); return false; }" title="' . $lang->get('onpage_tip_history') . '" accesskey="h"',
1
+ − 339
'PARENTFLAGS' => 'id="mdgToolbar_history"',
+ − 340
'HREF' => makeUrl($paths->page, 'do=history', true),
211
+ − 341
'TEXT' => $lang->get('onpage_btn_history')
1
+ − 342
));
+ − 343
$tb .= $button->run();
+ − 344
}
+ − 345
+ − 346
$menubtn = $this->makeParserText($tplvars['toolbar_menu_button']);
+ − 347
+ − 348
// Additional actions menu
+ − 349
// Rename button
+ − 350
if ( $session->get_permissions('read') && $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 351
{
+ − 352
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 353
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxRename()); return false; }" title="' . $lang->get('onpage_tip_rename') . '" accesskey="r"',
1
+ − 354
'HREF' => makeUrl($paths->page, 'do=rename', true),
211
+ − 355
'TEXT' => $lang->get('onpage_btn_rename'),
1
+ − 356
));
+ − 357
$this->toolbar_menu .= $menubtn->run();
+ − 358
}
+ − 359
+ − 360
// Vote-to-delete button
+ − 361
if ( $paths->wiki_mode && $session->get_permissions('vote_delete') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin')
+ − 362
{
+ − 363
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 364
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDelVote()); return false; }" title="' . $lang->get('onpage_tip_delvote') . '" accesskey="d"',
1
+ − 365
'HREF' => makeUrl($paths->page, 'do=delvote', true),
211
+ − 366
'TEXT' => $lang->get('onpage_btn_votedelete'),
1
+ − 367
));
+ − 368
$this->toolbar_menu .= $menubtn->run();
+ − 369
}
+ − 370
+ − 371
// Clear-votes button
+ − 372
if ( $session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0)
+ − 373
{
+ − 374
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 375
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxResetDelVotes()); return false; }" title="' . $lang->get('onpage_tip_resetvotes') . '" accesskey="y"',
1
+ − 376
'HREF' => makeUrl($paths->page, 'do=resetvotes', true),
211
+ − 377
'TEXT' => $lang->get('onpage_btn_votedelete_reset'),
1
+ − 378
));
+ − 379
$this->toolbar_menu .= $menubtn->run();
+ − 380
}
+ − 381
+ − 382
// Printable page button
+ − 383
if ( $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 384
{
+ − 385
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 386
'FLAGS' => 'title="' . $lang->get('onpage_tip_printable') . '"',
1
+ − 387
'HREF' => makeUrl($paths->page, 'printable=yes', true),
211
+ − 388
'TEXT' => $lang->get('onpage_btn_printable'),
1
+ − 389
));
+ − 390
$this->toolbar_menu .= $menubtn->run();
+ − 391
}
+ − 392
+ − 393
// Protect button
+ − 394
if($session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('protect'))
+ − 395
{
+ − 396
+ − 397
$label = $this->makeParserText($tplvars['toolbar_label']);
211
+ − 398
$label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_protect')));
1
+ − 399
$t0 = $label->run();
+ − 400
+ − 401
$ctmp = '';
+ − 402
if ( $paths->cpage['protected'] == 1 )
+ − 403
{
+ − 404
$ctmp=' style="text-decoration: underline;"';
+ − 405
}
+ − 406
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 407
'FLAGS' => 'accesskey="i" onclick="if ( !KILL_SWITCH ) { ajaxProtect(1); return false; }" id="protbtn_1" title="' . $lang->get('onpage_tip_protect_on') . '"'.$ctmp,
1
+ − 408
'HREF' => makeUrl($paths->page, 'do=protect&level=1', true),
211
+ − 409
'TEXT' => $lang->get('onpage_btn_protect_on')
1
+ − 410
));
+ − 411
$t1 = $menubtn->run();
+ − 412
+ − 413
$ctmp = '';
+ − 414
if ( $paths->cpage['protected'] == 0 )
+ − 415
{
+ − 416
$ctmp=' style="text-decoration: underline;"';
+ − 417
}
+ − 418
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 419
'FLAGS' => 'accesskey="o" onclick="if ( !KILL_SWITCH ) { ajaxProtect(0); return false; }" id="protbtn_0" title="' . $lang->get('onpage_tip_protect_off') . '"'.$ctmp,
1
+ − 420
'HREF' => makeUrl($paths->page, 'do=protect&level=0', true),
211
+ − 421
'TEXT' => $lang->get('onpage_btn_protect_off')
1
+ − 422
));
+ − 423
$t2 = $menubtn->run();
+ − 424
+ − 425
$ctmp = '';
+ − 426
if ( $paths->cpage['protected'] == 2 )
+ − 427
{
+ − 428
$ctmp = ' style="text-decoration: underline;"';
+ − 429
}
+ − 430
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 431
'FLAGS' => 'accesskey="p" onclick="if ( !KILL_SWITCH ) { ajaxProtect(2); return false; }" id="protbtn_2" title="' . $lang->get('onpage_tip_protect_semi') . '"'.$ctmp,
1
+ − 432
'HREF' => makeUrl($paths->page, 'do=protect&level=2', true),
211
+ − 433
'TEXT' => $lang->get('onpage_btn_protect_semi')
1
+ − 434
));
+ − 435
$t3 = $menubtn->run();
+ − 436
+ − 437
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0">
+ − 438
<tr>
+ − 439
<td>'.$t0.'</td>
+ − 440
<td>'.$t1.'</td>
+ − 441
<td>'.$t2.'</td>
+ − 442
<td>'.$t3.'</td>
+ − 443
</tr>
+ − 444
</table>';
+ − 445
}
+ − 446
+ − 447
// Wiki mode button
+ − 448
if($session->get_permissions('read') && $paths->page_exists && $session->get_permissions('set_wiki_mode') && $paths->namespace != 'Special' && $paths->namespace != 'Admin')
+ − 449
{
+ − 450
// label at start
+ − 451
$label = $this->makeParserText($tplvars['toolbar_label']);
211
+ − 452
$label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_wikimode')));
1
+ − 453
$t0 = $label->run();
+ − 454
+ − 455
// on button
+ − 456
$ctmp = '';
+ − 457
if ( $paths->cpage['wiki_mode'] == 1 )
+ − 458
{
+ − 459
$ctmp = ' style="text-decoration: underline;"';
+ − 460
}
+ − 461
$menubtn->assign_vars(array(
102
+ − 462
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(1); return false; }" id="wikibtn_1" title="Forces wiki functions to be allowed on this page."'. */ $ctmp,
1
+ − 463
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=1', true),
211
+ − 464
'TEXT' => $lang->get('onpage_btn_wikimode_on')
1
+ − 465
));
+ − 466
$t1 = $menubtn->run();
+ − 467
+ − 468
// off button
+ − 469
$ctmp = '';
+ − 470
if ( $paths->cpage['wiki_mode'] == 0 )
+ − 471
{
+ − 472
$ctmp=' style="text-decoration: underline;"';
+ − 473
}
+ − 474
$menubtn->assign_vars(array(
102
+ − 475
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(0); return false; }" id="wikibtn_0" title="Forces wiki functions to be disabled on this page."'. */ $ctmp,
1
+ − 476
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=0', true),
211
+ − 477
'TEXT' => $lang->get('onpage_btn_wikimode_off')
1
+ − 478
));
+ − 479
$t2 = $menubtn->run();
+ − 480
+ − 481
// global button
+ − 482
$ctmp = '';
+ − 483
if ( $paths->cpage['wiki_mode'] == 2 )
+ − 484
{
+ − 485
$ctmp=' style="text-decoration: underline;"';
+ − 486
}
+ − 487
$menubtn->assign_vars(array(
102
+ − 488
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(2); return false; }" id="wikibtn_2" title="Causes this page to use the global wiki mode setting (default)"'. */ $ctmp,
1
+ − 489
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=2', true),
211
+ − 490
'TEXT' => $lang->get('onpage_btn_wikimode_global')
1
+ − 491
));
+ − 492
$t3 = $menubtn->run();
+ − 493
+ − 494
// Tack it onto the list of buttons that are already there...
+ − 495
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0">
+ − 496
<tr>
+ − 497
<td>'.$t0.'</td>
+ − 498
<td>'.$t1.'</td>
+ − 499
<td>'.$t2.'</td>
+ − 500
<td>'.$t3.'</td>
+ − 501
</tr>
+ − 502
</table>';
+ − 503
}
+ − 504
+ − 505
// Clear logs button
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 506
if ( $session->get_permissions('read') && $session->get_permissions('clear_logs') && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
1
+ − 507
{
+ − 508
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 509
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxClearLogs()); return false; }" title="' . $lang->get('onpage_tip_flushlogs') . '" accesskey="l"',
1
+ − 510
'HREF' => makeUrl($paths->page, 'do=flushlogs', true),
211
+ − 511
'TEXT' => $lang->get('onpage_btn_clearlogs'),
1
+ − 512
));
+ − 513
$this->toolbar_menu .= $menubtn->run();
+ − 514
}
+ − 515
+ − 516
// Delete page button
+ − 517
if ( $session->get_permissions('read') && $session->get_permissions('delete_page') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 518
{
211
+ − 519
$s = $lang->get('onpage_btn_deletepage');
1
+ − 520
if ( $paths->cpage['delvotes'] == 1 )
+ − 521
{
211
+ − 522
$subst = array(
+ − 523
'num_votes' => $paths->cpage['delvotes'],
+ − 524
'plural' => ''
+ − 525
);
+ − 526
$s .= $lang->get('onpage_btn_deletepage_votes', $subst);
1
+ − 527
}
+ − 528
else if ( $paths->cpage['delvotes'] > 1 )
+ − 529
{
211
+ − 530
$subst = array(
+ − 531
'num_votes' => $paths->cpage['delvotes'],
+ − 532
'plural' => $lang->get('meta_plural')
+ − 533
);
+ − 534
$s .= $lang->get('onpage_btn_deletepage_votes', $subst);
1
+ − 535
}
+ − 536
+ − 537
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 538
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDeletePage()); return false; }" title="Delete this page. This is always reversible unless the logs are cleared. (alt-k)" accesskey="k"',
1
+ − 539
'HREF' => makeUrl($paths->page, 'do=deletepage', true),
+ − 540
'TEXT' => $s,
+ − 541
));
+ − 542
$this->toolbar_menu .= $menubtn->run();
+ − 543
+ − 544
}
+ − 545
+ − 546
// Password-protect button
+ − 547
if(isset($paths->cpage['password']))
+ − 548
{
+ − 549
if ( $paths->cpage['password'] == '' )
+ − 550
{
+ − 551
$a = $session->get_permissions('password_set');
+ − 552
}
+ − 553
else
+ − 554
{
+ − 555
$a = $session->get_permissions('password_reset');
+ − 556
}
+ − 557
}
+ − 558
else
+ − 559
{
+ − 560
$a = $session->get_permissions('password_set');
+ − 561
}
+ − 562
if ( $a && $session->get_permissions('read') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 563
{
+ − 564
// label at start
+ − 565
$label = $this->makeParserText($tplvars['toolbar_label']);
211
+ − 566
$label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_password')));
1
+ − 567
$t0 = $label->run();
+ − 568
+ − 569
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 570
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxSetPassword()); return false; }" title="' . $lang->get('onpage_tip_password') . '"',
1
+ − 571
'HREF' => '#',
211
+ − 572
'TEXT' => $lang->get('onpage_btn_password_set'),
1
+ − 573
));
+ − 574
$t = $menubtn->run();
+ − 575
+ − 576
$this->toolbar_menu .= '<table border="0" cellspacing="0" cellpadding="0"><tr><td>'.$t0.'</td><td><input type="password" id="mdgPassSetField" size="10" /></td><td>'.$t.'</td></tr></table>';
+ − 577
}
+ − 578
+ − 579
// Manage ACLs button
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 580
if ( !$paths->anonymous_page && ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN ) )
1
+ − 581
{
+ − 582
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 583
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { return ajaxOpenACLManager(); }" title="' . $lang->get('onpage_tip_aclmanager') . '" accesskey="m"',
1
+ − 584
'HREF' => makeUrl($paths->page, 'do=aclmanager', true),
211
+ − 585
'TEXT' => $lang->get('onpage_btn_acl'),
1
+ − 586
));
+ − 587
$this->toolbar_menu .= $menubtn->run();
+ − 588
}
+ − 589
+ − 590
// Administer page button
+ − 591
if ( $session->user_level >= USER_LEVEL_ADMIN && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 592
{
+ − 593
$menubtn->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 594
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxAdminPage()); return false; }" title="Administrative options for this page" accesskey="g"',
1
+ − 595
'HREF' => makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'PageManager', true),
211
+ − 596
'TEXT' => $lang->get('onpage_btn_admin'),
1
+ − 597
));
+ − 598
$this->toolbar_menu .= $menubtn->run();
+ − 599
}
+ − 600
+ − 601
if ( strlen($this->toolbar_menu) > 0 )
+ − 602
{
+ − 603
$button->assign_vars(array(
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 604
'FLAGS' => 'id="mdgToolbar_moreoptions" onclick="if ( !KILL_SWITCH ) { return false; }" title="Additional options for working with this page"',
1
+ − 605
'PARENTFLAGS' => '',
+ − 606
'HREF' => makeUrl($paths->page, 'do=moreoptions', true),
211
+ − 607
'TEXT' => $lang->get('onpage_btn_moreoptions')
1
+ − 608
));
+ − 609
$tb .= $button->run();
+ − 610
}
+ − 611
+ − 612
$is_opera = (isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'Opera')) ? true : false;
+ − 613
+ − 614
$this->tpl_bool = Array(
+ − 615
'auth_admin'=>$session->user_level >= USER_LEVEL_ADMIN ? true : false,
+ − 616
'user_logged_in'=>$session->user_logged_in,
+ − 617
'opera'=>$is_opera,
+ − 618
);
+ − 619
+ − 620
if($session->sid_super) { $ash = '&auth='.$session->sid_super; $asq = "?auth=".$session->sid_super; $asa = "&auth=".$session->sid_super; $as2 = htmlspecialchars(urlSeparator).'auth='.$session->sid_super; }
+ − 621
else { $asq=''; $asa=''; $as2 = ''; $ash = ''; }
+ − 622
+ − 623
$code = $plugins->setHook('compile_template');
+ − 624
foreach ( $code as $cmd )
+ − 625
{
+ − 626
eval($cmd);
+ − 627
}
+ − 628
+ − 629
// Some additional sidebar processing
+ − 630
if($this->sidebar_extra != '') {
+ − 631
$se = $this->sidebar_extra;
+ − 632
$parser = $this->makeParserText($tplvars['sidebar_section_raw']);
+ − 633
$parser->assign_vars(Array('TITLE'=>'Links','CONTENT'=>$se));
+ − 634
$this->sidebar_extra = $parser->run();
+ − 635
}
+ − 636
+ − 637
$this->sidebar_extra = $this->sidebar_extra.$this->sidebar_widgets;
+ − 638
+ − 639
$this->tpl_bool['fixed_menus'] = false;
+ − 640
/* if($this->sidebar_extra == '') $this->tpl_bool['right_sidebar'] = false;
+ − 641
else */ $this->tpl_bool['right_sidebar'] = true;
+ − 642
+ − 643
$this->tpl_bool['auth_rename'] = ( $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin');
+ − 644
+ − 645
$this->tpl_bool['enable_uploads'] = ( getConfig('enable_uploads') == '1' && $session->get_permissions('upload_files') ) ? true : false;
+ − 646
+ − 647
$this->tpl_bool['stupid_mode'] = false;
+ − 648
163
+ − 649
$this->tpl_bool['in_admin'] = ( ( $paths->cpage['urlname_nons'] == 'Administration' && $paths->namespace == 'Special' ) || $paths->namespace == 'Admin' );
1
+ − 650
+ − 651
$p = ( isset($_GET['printable']) ) ? '/printable' : '';
+ − 652
+ − 653
// Add the e-mail address client code to the header
+ − 654
$this->add_header($email->jscode());
+ − 655
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 656
// Add language file
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 657
$lang_uri = makeUrlNS('Special', 'LangExportJSON/' . $lang->lang_id, false, true);
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 658
$this->add_header("<script type=\"text/javascript\" src=\"$lang_uri\"></script>");
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 659
1
+ − 660
// Generate the code for the Log out and Change theme sidebar buttons
+ − 661
// Once again, the new template parsing system can be used here
+ − 662
+ − 663
$parser = $this->makeParserText($tplvars['sidebar_button']);
+ − 664
+ − 665
$parser->assign_vars(Array(
+ − 666
'HREF'=>makeUrlNS('Special', 'Logout'),
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 667
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"',
215
+ − 668
'TEXT'=>$lang->get('sidebar_btn_logout'),
1
+ − 669
));
+ − 670
+ − 671
$logout_link = $parser->run();
+ − 672
+ − 673
$parser->assign_vars(Array(
+ − 674
'HREF'=>makeUrlNS('Special', 'Login/' . $paths->page),
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 675
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxStartLogin(); return false; }"',
215
+ − 676
'TEXT'=>$lang->get('sidebar_btn_login'),
1
+ − 677
));
+ − 678
+ − 679
$login_link = $parser->run();
+ − 680
+ − 681
$parser->assign_vars(Array(
+ − 682
'HREF'=>makeUrlNS('Special', 'ChangeStyle/'.$paths->page),
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 683
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxChangeStyle(); return false; }"',
215
+ − 684
'TEXT'=>$lang->get('sidebar_btn_changestyle'),
1
+ − 685
));
+ − 686
+ − 687
$theme_link = $parser->run();
+ − 688
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 689
$parser->assign_vars(Array(
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 690
'HREF'=>makeUrlNS('Special', 'Administration'),
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 691
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { void(ajaxStartAdminLogin()); return false; }"',
215
+ − 692
'TEXT'=>$lang->get('sidebar_btn_administration'),
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 693
));
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 694
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 695
$admin_link = $parser->run();
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 696
1
+ − 697
$SID = ($session->sid_super) ? $session->sid_super : '';
+ − 698
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 699
$urlname_clean = str_replace('\'', '\\\'', str_replace('\\', '\\\\', dirtify_page_id($paths->fullpage)));
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 700
$urlname_clean = strtr( $urlname_clean, array( '<' => '<', '>' => '>' ) );
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 701
22
+ − 702
$urlname_jssafe = sanitize_page_id($paths->fullpage);
+ − 703
1
+ − 704
// Generate the dynamic javascript vars
+ − 705
$js_dynamic = ' <script type="text/javascript">// <![CDATA[
+ − 706
// This section defines some basic and very important variables that are used later in the static Javascript library.
+ − 707
// SKIN DEVELOPERS: The template variable for this code block is {JS_DYNAMIC_VARS}. This MUST be inserted BEFORE the tag that links to the main Javascript lib.
22
+ − 708
var title=\''. $urlname_jssafe .'\';
1
+ − 709
var page_exists='. ( ( $paths->page_exists) ? 'true' : 'false' ) .';
+ − 710
var scriptPath=\''. scriptPath .'\';
+ − 711
var contentPath=\''.contentPath.'\';
+ − 712
var ENANO_SID =\'' . $SID . '\';
+ − 713
var auth_level=' . $session->auth_level . ';
+ − 714
var USER_LEVEL_GUEST = ' . USER_LEVEL_GUEST . ';
+ − 715
var USER_LEVEL_MEMBER = ' . USER_LEVEL_MEMBER . ';
+ − 716
var USER_LEVEL_CHPREF = ' . USER_LEVEL_CHPREF . ';
+ − 717
var USER_LEVEL_MOD = ' . USER_LEVEL_MOD . ';
+ − 718
var USER_LEVEL_ADMIN = ' . USER_LEVEL_ADMIN . ';
+ − 719
var editNotice = \'' . ( (getConfig('wiki_edit_notice')=='1') ? str_replace("\n", "\\\n", RenderMan::render(getConfig('wiki_edit_notice_text'))) : '' ) . '\';
+ − 720
var prot = ' . ( ($paths->page_protected && !$session->get_permissions('even_when_protected')) ? 'true' : 'false' ) .'; // No, hacking this var won\'t work, it\'s re-checked on the server
+ − 721
var ENANO_SPECIAL_CREATEPAGE = \''. makeUrl($paths->nslist['Special'].'CreatePage') .'\';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 722
var ENANO_CREATEPAGE_PARAMS = \'_do=&pagename='. $urlname_clean .'&namespace=' . $paths->namespace . '\';
1
+ − 723
var ENANO_SPECIAL_CHANGESTYLE = \''. makeUrlNS('Special', 'ChangeStyle') .'\';
+ − 724
var namespace_list = new Array();
+ − 725
var AES_BITS = '.AES_BITS.';
+ − 726
var AES_BLOCKSIZE = '.AES_BLOCKSIZE.';
+ − 727
var pagepass = \''. ( ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '' ) .'\';
+ − 728
var ENANO_THEME_LIST = \'';
+ − 729
foreach($this->theme_list as $t) {
+ − 730
if($t['enabled'])
+ − 731
{
+ − 732
$js_dynamic .= '<option value="'.$t['theme_id'].'"';
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 733
// if($t['theme_id'] == $session->theme) $js_dynamic .= ' selected="selected"';
1
+ − 734
$js_dynamic .= '>'.$t['theme_name'].'</option>';
+ − 735
}
+ − 736
}
+ − 737
$js_dynamic .= '\';
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 738
var ENANO_CURRENT_THEME = \''. $session->theme .'\';
212
30b857a6b811
Reworked comment system to not use HACKISH FIXES; AJAX comment framework is completely localized now
Dan
diff
changeset
+ − 739
var ENANO_LANG_ID = ' . $lang->lang_id . ';
30b857a6b811
Reworked comment system to not use HACKISH FIXES; AJAX comment framework is completely localized now
Dan
diff
changeset
+ − 740
var ENANO_PAGE_TYPE = "' . addslashes($this->namespace_string) . '";';
1
+ − 741
foreach($paths->nslist as $k => $c)
+ − 742
{
+ − 743
$js_dynamic .= "namespace_list['{$k}'] = '$c';";
+ − 744
}
+ − 745
$js_dynamic .= "\n //]]>\n </script>";
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 746
1
+ − 747
$tpl_strings = Array(
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 748
'PAGE_NAME'=>htmlspecialchars($paths->cpage['name']),
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 749
'PAGE_URLNAME'=> $urlname_clean,
40
+ − 750
'SITE_NAME'=>htmlspecialchars(getConfig('site_name')),
1
+ − 751
'USERNAME'=>$session->username,
40
+ − 752
'SITE_DESC'=>htmlspecialchars(getConfig('site_desc')),
1
+ − 753
'TOOLBAR'=>$tb,
+ − 754
'SCRIPTPATH'=>scriptPath,
+ − 755
'CONTENTPATH'=>contentPath,
+ − 756
'ADMIN_SID_QUES'=>$asq,
+ − 757
'ADMIN_SID_AMP'=>$asa,
+ − 758
'ADMIN_SID_AMP_HTML'=>$ash,
+ − 759
'ADMIN_SID_AUTO'=>$as2,
114
47393c6619ea
Nothing special, just syncing to Scribus, several bugs have been found with GET forms and a fix is in the works
Dan
diff
changeset
+ − 760
'ADMIN_SID_RAW'=> ( is_string($session->sid_super) ? $session->sid_super : '' ),
1
+ − 761
'ADDITIONAL_HEADERS'=>$this->additional_headers,
91
+ − 762
'COPYRIGHT'=>RenderMan::parse_internal_links(getConfig('copyright_notice')),
1
+ − 763
'TOOLBAR_EXTRAS'=>$this->toolbar_menu,
+ − 764
'REQUEST_URI'=>$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'],
+ − 765
'STYLE_LINK'=>makeUrlNS('Special', 'CSS'.$p, null, true), //contentPath.$paths->nslist['Special'].'CSS' . $p,
+ − 766
'LOGIN_LINK'=>$login_link,
+ − 767
'LOGOUT_LINK'=>$logout_link,
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 768
'ADMIN_LINK'=>$admin_link,
1
+ − 769
'THEME_LINK'=>$theme_link,
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 770
'SEARCH_ACTION'=>makeUrlNS('Special', 'Search'),
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 771
'INPUT_TITLE'=>( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->nslist[$paths->namespace] . $paths->cpage['urlname_nons'] ) . '" />' : ''),
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 772
'INPUT_AUTH'=>( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : ''),
1
+ − 773
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme,
+ − 774
'THEME_ID'=>$this->theme,
+ − 775
'STYLE_ID'=>$this->style,
+ − 776
'JS_DYNAMIC_VARS'=>$js_dynamic,
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 777
'UNREAD_PMS'=>$session->unread_pms,
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 778
'URL_ABOUT_ENANO' => makeUrlNS('Special', 'About_Enano', '', true),
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 779
'REPORT_URI' => makeUrl($paths->page, 'do=sql_report', true)
1
+ − 780
);
+ − 781
+ − 782
foreach ( $paths->nslist as $ns_id => $ns_prefix )
+ − 783
{
+ − 784
$tpl_strings[ 'NS_' . strtoupper($ns_id) ] = $ns_prefix;
+ − 785
}
+ − 786
+ − 787
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings);
+ − 788
list($this->tpl_strings['SIDEBAR_LEFT'], $this->tpl_strings['SIDEBAR_RIGHT'], $min) = $this->fetch_sidebar();
+ − 789
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != $min) ? true : false;
+ − 790
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != $min) ? true : false;
+ − 791
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 792
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 793
$code = $plugins->setHook('template_var_init_end');
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 794
foreach ( $code as $cmd )
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 795
{
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 796
eval($cmd);
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 797
}
1
+ − 798
}
+ − 799
+ − 800
function header($simple = false)
+ − 801
{
+ − 802
global $db, $session, $paths, $template, $plugins; // Common objects
215
+ − 803
global $lang;
+ − 804
1
+ − 805
ob_start();
+ − 806
+ − 807
if(!$this->theme_loaded)
+ − 808
{
+ − 809
$this->load_theme($session->theme, $session->style);
+ − 810
}
+ − 811
+ − 812
$headers_sent = true;
+ − 813
if(!defined('ENANO_HEADERS_SENT'))
+ − 814
define('ENANO_HEADERS_SENT', '');
174
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 815
if ( !$this->no_headers )
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 816
{
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 817
$header = ( $simple ) ?
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 818
$this->process_template('simple-header.tpl') :
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 819
$this->process_template('header.tpl');
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 820
echo $header;
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 821
}
1
+ − 822
if ( !$simple && $session->user_logged_in && $session->unread_pms > 0 )
+ − 823
{
+ − 824
echo $this->notify_unread_pms();
+ − 825
}
+ − 826
if ( !$simple && $session->sw_timed_out )
+ − 827
{
+ − 828
$login_link = makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, true);
+ − 829
echo '<div class="usermessage">';
215
+ − 830
echo $lang->get('user_msg_elev_timed_out', array( 'login_link' => $login_link ));
1
+ − 831
echo '</div>';
+ − 832
}
30
+ − 833
if ( $this->site_disabled && $session->user_level >= USER_LEVEL_ADMIN && ( $paths->page != $paths->nslist['Special'] . 'Administration' ) )
+ − 834
{
+ − 835
$admin_link = makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'GeneralConfig', true);
+ − 836
echo '<div class="usermessage"><b>The site is currently disabled and thus is only accessible to administrators.</b><br />
+ − 837
You can re-enable the site through the <a href="' . $admin_link . '">administration panel</a>.
+ − 838
</div>';
+ − 839
}
1
+ − 840
}
+ − 841
function footer($simple = false)
+ − 842
{
+ − 843
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 844
if(!$this->no_headers) {
+ − 845
+ − 846
if(!defined('ENANO_HEADERS_SENT'))
+ − 847
$this->header();
+ − 848
+ − 849
global $_starttime;
+ − 850
if(isset($_GET['sqldbg']) && $session->get_permissions('mod_misc'))
+ − 851
{
+ − 852
echo '<h3>Query list as requested on URI</h3><pre style="margin-left: 1em">';
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 853
echo htmlspecialchars($db->sql_backtrace());
1
+ − 854
echo '</pre>';
+ − 855
}
+ − 856
+ − 857
$f = microtime_float();
+ − 858
$f = $f - $_starttime;
+ − 859
$f = round($f, 4);
+ − 860
$dbg = 'Time: '.$f.'s | Queries: '.$db->num_queries;
+ − 861
$t = ( $simple ) ? $this->process_template('simple-footer.tpl') : $this->process_template('footer.tpl');
+ − 862
$t = str_replace('[[Stats]]', $dbg, $t);
+ − 863
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+ − 864
$t = str_replace('[[GenTime]]', (string)$f, $t);
+ − 865
echo $t;
+ − 866
+ − 867
ob_end_flush();
+ − 868
}
+ − 869
else return '';
+ − 870
}
+ − 871
function getHeader()
+ − 872
{
+ − 873
$headers_sent = true;
+ − 874
if(!defined('ENANO_HEADERS_SENT'))
+ − 875
define('ENANO_HEADERS_SENT', '');
+ − 876
if(!$this->no_headers) return $this->process_template('header.tpl');
+ − 877
}
+ − 878
function getFooter()
+ − 879
{
+ − 880
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 881
if(!$this->no_headers) {
+ − 882
global $_starttime;
+ − 883
$t = '';
+ − 884
+ − 885
if(isset($_GET['sqldbg']) && $session->get_permissions('mod_misc'))
+ − 886
{
+ − 887
$t .= '<h3>Query list as requested on URI</h3><pre style="margin-left: 1em">';
+ − 888
$t .= $db->sql_backtrace();
+ − 889
$t .= '</pre>';
+ − 890
}
+ − 891
+ − 892
$f = microtime_float();
+ − 893
$f = $f - $_starttime;
+ − 894
$f = round($f, 4);
+ − 895
$dbg = 'Time: '.$f.'s | Queries: '.$db->num_queries;
+ − 896
$t.= $this->process_template('footer.tpl');
+ − 897
$t = str_replace('[[Stats]]', $dbg, $t);
+ − 898
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+ − 899
$t = str_replace('[[GenTime]]', (string)$f, $t);
+ − 900
return $t;
+ − 901
}
+ − 902
else return '';
+ − 903
}
+ − 904
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 905
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 906
* Compiles and executes a template based on the current variables and booleans. Loads
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 907
* the theme and initializes variables if needed. This mostly just calls child functions.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 908
* @param string File to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 909
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 910
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 911
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 912
function process_template($file)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 913
{
1
+ − 914
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 915
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 916
{
+ − 917
$this->load_theme();
+ − 918
$this->init_vars();
+ − 919
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 920
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 921
$compiled = $this->compile_template($file);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 922
return eval($compiled);
1
+ − 923
}
+ − 924
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 925
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 926
* Loads variables from the specified template file. Returns an associative array containing the variables.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 927
* @param string Template file to process (elements.tpl)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 928
* @return array
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 929
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 930
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 931
function extract_vars($file)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 932
{
1
+ − 933
global $db, $session, $paths, $template, $plugins; // Common objects
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 934
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 935
// Sometimes this function gets called before the theme is loaded
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 936
// This is a bad coding practice so this function will always be picky.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 937
if ( !$this->theme )
1
+ − 938
{
+ − 939
die('$template->extract_vars(): theme not yet loaded, so we can\'t open template files yet...this is a bug and should be reported.<br /><br />Backtrace, most recent call first:<pre>'.enano_debug_print_backtrace(true).'</pre>');
+ − 940
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 941
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 942
// Full pathname of template file
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 943
$tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $file;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 944
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 945
// Make sure the template even exists
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 946
if ( !is_file($tpl_file_fullpath) )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 947
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 948
die_semicritical('Cannot find template file',
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 949
'<p>The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 950
the current theme.</p>
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 951
<p>Additional debugging information:<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 952
<b>Theme currently in use: </b>' . $this->theme . '<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 953
<b>Requested file: </b>' . $file . '
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 954
</p>');
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 955
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 956
// Retrieve file contents
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 957
$text = file_get_contents($tpl_file_fullpath);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 958
if ( !$text )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 959
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 960
return false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 961
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 962
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 963
// Get variables, regular expressions FTW
1
+ − 964
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches);
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 965
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 966
// Initialize return values
1
+ − 967
$tplvars = Array();
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 968
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 969
// Loop through each match, setting $tplvars[ $first_subpattern ] to $second_subpattern
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 970
for ( $i = 0; $i < sizeof($matches[1]); $i++ )
1
+ − 971
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 972
$tplvars[ $matches[1][$i] ] = $matches[2][$i];
1
+ − 973
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 974
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 975
// All done!
1
+ − 976
return $tplvars;
+ − 977
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 978
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 979
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 980
* Compiles a block of template code.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 981
* @param string The text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 982
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 983
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 984
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 985
function compile_tpl_code($text)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 986
{
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 987
global $db, $session, $paths, $template, $plugins; // Common objects
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 988
// A random seed used to salt tags
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 989
$seed = md5 ( microtime() . mt_rand() );
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 990
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 991
// Strip out PHP sections
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 992
preg_match_all('/<\?php(.+?)\?>/is', $text, $php_matches);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 993
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 994
foreach ( $php_matches[0] as $i => $match )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 995
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 996
// Substitute the PHP section with a random tag
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 997
$tag = "{PHP:$i:$seed}";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 998
$text = str_replace_once($match, $tag, $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 999
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1000
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1001
// Escape slashes and single quotes in template code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1002
$text = str_replace('\\', '\\\\', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1003
$text = str_replace('\'', '\\\'', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1004
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1005
// Initialize the PHP compiled code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1006
$text = 'ob_start(); echo \''.$text.'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1007
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1008
##
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1009
## Main rules
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1010
##
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1011
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1012
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1013
// Conditionals
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1014
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1015
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1016
$keywords = array('BEGIN', 'BEGINNOT', 'IFSET', 'IFPLUGIN');
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1017
$code = $plugins->setHook('template_compile_logic_keyword');
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1018
foreach ( $code as $cmd )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1019
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1020
eval($cmd);
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1021
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1022
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1023
$keywords = implode('|', $keywords);
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1024
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1025
// Matches
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1026
// 1 2 3 4 56 7 8
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1027
$regexp = '/(<!-- ('. $keywords .') ([A-z0-9_-]+) -->)(.*)((<!-- BEGINELSE \\3 -->)(.*))?(<!-- END \\3 -->)/isU';
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1028
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1029
/*
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1030
The way this works is: match all blocks using the standard form with a different keyword in the block each time,
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1031
and replace them with appropriate PHP logic. Plugin-extensible now. :-)
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1032
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1033
The while-loop is to bypass what is apparently a PCRE bug. It's hackish but it works. Properly written plugins should only need
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1034
to compile templates (using this method) once for each time the template file is changed.
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1035
*/
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1036
while ( preg_match($regexp, $text) )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1037
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1038
preg_match_all($regexp, $text, $matches);
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1039
for ( $i = 0; $i < count($matches[0]); $i++ )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1040
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1041
$start_tag =& $matches[1][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1042
$type =& $matches[2][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1043
$test =& $matches[3][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1044
$particle_true =& $matches[4][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1045
$else_tag =& $matches[6][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1046
$particle_else =& $matches[7][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1047
$end_tag =& $matches[8][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1048
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1049
switch($type)
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1050
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1051
case 'BEGIN':
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1052
$cond = "isset(\$this->tpl_bool['$test']) && \$this->tpl_bool['$test']";
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1053
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1054
case 'BEGINNOT':
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1055
$cond = "!isset(\$this->tpl_bool['$test']) || ( isset(\$this->tpl_bool['$test']) && !\$this->tpl_bool['$test'] )";
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1056
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1057
case 'IFPLUGIN':
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1058
$cond = "getConfig('plugin_$test') == '1'";
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1059
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1060
case 'IFSET':
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1061
$cond = "isset(\$this->tpl_strings['$test'])";
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1062
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1063
default:
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1064
$code = $plugins->setHook('template_compile_logic_cond');
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1065
foreach ( $code as $cmd )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1066
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1067
eval($cmd);
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1068
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1069
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1070
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1071
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1072
if ( !isset($cond) || ( isset($cond) && !is_string($cond) ) )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1073
continue;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1074
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1075
$tag_complete = <<<TPLCODE
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1076
';
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1077
/* START OF CONDITION: $type ($test) */
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1078
if ( $cond )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1079
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1080
echo '$particle_true';
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1081
/* ELSE OF CONDITION: $type ($test) */
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1082
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1083
else
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1084
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1085
echo '$particle_else';
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1086
/* END OF CONDITION: $type ($test) */
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1087
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1088
echo '
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1089
TPLCODE;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1090
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1091
$text = str_replace_once($matches[0][$i], $tag_complete, $text);
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1092
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1093
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1094
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1095
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1096
// For debugging ;-)
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1097
// die("<pre><?php\n" . htmlspecialchars($text."\n\n".print_r($matches,true)) . "\n\n?></pre>");
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1098
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1099
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1100
// Data substitution/variables
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1101
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1102
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1103
// System messages
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1104
$text = preg_replace('/<!-- SYSMSG ([A-z0-9\._-]+?) -->/is', '\' . $this->tplWikiFormat($pages->sysMsg(\'\\1\')) . \'', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1105
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1106
// Template variables
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1107
$text = preg_replace('/\{([A-z0-9_-]+?)\}/is', '\' . $this->tpl_strings[\'\\1\'] . \'', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1108
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1109
// Reinsert PHP
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1110
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1111
foreach ( $php_matches[1] as $i => $match )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1112
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1113
// Substitute the random tag with the "real" PHP code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1114
$tag = "{PHP:$i:$seed}";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1115
$text = str_replace_once($tag, "'; $match echo '", $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1116
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1117
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1118
// echo('<pre>' . htmlspecialchars($text) . '</pre>');
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1119
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1120
return $text;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1121
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1122
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1123
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1124
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1125
* Compiles the contents of a given template file, possibly using a cached copy, and returns the compiled code.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1126
* @param string Filename of template (header.tpl)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1127
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1128
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1129
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1130
function compile_template($filename)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1131
{
1
+ − 1132
global $db, $session, $paths, $template, $plugins; // Common objects
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1133
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1134
// Full path to template file
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1135
$tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $filename;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1136
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1137
// Make sure the file exists
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1138
if ( !is_file($tpl_file_fullpath) )
1
+ − 1139
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1140
die_semicritical('Cannot find template file',
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1141
'<p>The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1142
the current theme.</p>
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1143
<p>Additional debugging information:<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1144
<b>Theme currently in use: </b>' . $this->theme . '<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1145
<b>Requested file: </b>' . $file . '
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1146
</p>');
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1147
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1148
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1149
// Check for cached copy
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1150
// This will make filenames in the pattern of theme-file.tpl.php
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1151
$cache_file = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $filename) . '.php';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1152
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1153
// Only use cached copy if caching is enabled
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1154
// (it is enabled by default I think)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1155
if ( file_exists($cache_file) && getConfig('cache_thumbs') == '1' )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1156
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1157
// Cache files are auto-generated, but otherwise are normal PHP files
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1158
include($cache_file);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1159
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1160
// Fetch content of the ORIGINAL
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1161
$text = file_get_contents($tpl_file_fullpath);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1163
// $md5 will be set by the cached file
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1164
// This makes sure that a cached copy of the template is used only if its MD5
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1165
// matches the MD5 of the file that the compiled file was compiled from.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1166
if ( isset($md5) && $md5 == md5($text) )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1167
{
211
+ − 1168
return $this->compile_template_text_post(str_replace('\\"', '"', $tpl_text));
1
+ − 1169
}
+ − 1170
}
+ − 1171
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1172
// We won't use the cached copy here
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1173
$text = file_get_contents($tpl_file_fullpath);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1174
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1175
// This will be used later when writing the cached file
1
+ − 1176
$md5 = md5($text);
+ − 1177
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1178
// Preprocessing and checks complete - compile the code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1179
$text = $this->compile_tpl_code($text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1180
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1181
// Perhaps caching is enabled and the admin has changed the template?
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1182
if ( is_writable( ENANO_ROOT . '/cache/' ) && getConfig('cache_thumbs') == '1' )
1
+ − 1183
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1184
$h = fopen($cache_file, 'w');
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1185
if ( !$h )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1186
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1187
// Couldn't open the file - silently ignore and return
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1188
return $text;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1189
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1190
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1191
// Escape the compiled code so it can be eval'ed
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1192
$text_escaped = addslashes($text);
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1193
$notice = <<<EOF
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1194
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1195
/*
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1196
* NOTE: This file was automatically generated by Enano and is based on compiled code. Do not edit this file.
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1197
* If you edit this file, any changes you make will be lost the next time the associated source template file is edited.
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1198
*/
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1199
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1200
EOF;
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1201
// This is really just a normal PHP file that sets a variable or two and exits.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1202
// $tpl_text actually will contain the compiled code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1203
fwrite($h, '<?php ' . $notice . ' $md5 = \'' . $md5 . '\'; $tpl_text = \'' . $text_escaped . '\'; ?>');
1
+ − 1204
fclose($h);
+ − 1205
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1206
211
+ − 1207
return $this->compile_template_text_post($text); //('<pre>'.htmlspecialchars($text).'</pre>');
1
+ − 1208
}
+ − 1209
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1210
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1211
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1212
* Compiles (parses) some template code with the current master set of variables and booleans.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1213
* @param string Text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1214
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1215
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1216
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1217
function compile_template_text($text)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1218
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1219
// this might do something else in the future, possibly cache large templates
211
+ − 1220
return $this->compile_template_text_post($this->compile_tpl_code($text));
1
+ − 1221
}
+ − 1222
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1223
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1224
* For convenience - compiles AND parses some template code.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1225
* @param string Text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1226
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1227
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1228
1
+ − 1229
function parse($text)
+ − 1230
{
+ − 1231
$text = $this->compile_template_text($text);
211
+ − 1232
$text = $this->compile_template_text_post($text);
1
+ − 1233
return eval($text);
+ − 1234
}
+ − 1235
211
+ − 1236
/**
+ − 1237
* Post-processor for template code. Basically what this does is it localizes {lang:foo} blocks.
+ − 1238
* @param string Mostly-processed TPL code
+ − 1239
* @return string
+ − 1240
*/
+ − 1241
+ − 1242
function compile_template_text_post($text)
+ − 1243
{
+ − 1244
global $lang;
+ − 1245
preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $text, $matches);
+ − 1246
foreach ( $matches[1] as $i => $string_id )
+ − 1247
{
+ − 1248
$string = $lang->get($string_id);
+ − 1249
$string = str_replace('\\', '\\\\', $string);
+ − 1250
$string = str_replace('\'', '\\\'', $string);
+ − 1251
$text = str_replace_once($matches[0][$i], $string, $text);
+ − 1252
}
+ − 1253
return $text;
+ − 1254
}
+ − 1255
1
+ − 1256
// Steps to turn this:
+ − 1257
// [[Project:Community Portal]]
+ − 1258
// into this:
+ − 1259
// <a href="/Project:Community_Portal">Community Portal</a>
+ − 1260
// Must be done WITHOUT creating eval'ed code!!!
+ − 1261
+ − 1262
// 1. preg_replace \[\[([a-zA-Z0-9 -_:]*?)\]\] with <a href="'.contentPath.'\\1">\\1</a>
+ − 1263
// 2. preg_match_all <a href="'.preg_quote(contentPath).'([a-zA-Z0-9 -_:]*?)">
+ − 1264
// 3. For each match, replace matches with identifiers
+ − 1265
// 4. For each match, str_replace ' ' with '_'
+ − 1266
// 5. For each match, str_replace match_id:random_val with $matches[$match_id]
+ − 1267
+ − 1268
// The template language is really a miniature programming language; with variables, conditionals, everything!
+ − 1269
// So you can implement custom logic into your sidebar if you wish.
+ − 1270
// "Real" PHP support coming soon :-D
+ − 1271
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1272
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1273
* Takes a blob of HTML with the specially formatted template-oriented wikitext and formats it. Does not use eval().
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1274
* This function butchers every coding standard in Enano and should eventually be rewritten. The fact is that the
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1275
* code _works_ and does a good job of checking for errors and cleanly complaining about them.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1276
* @param string Text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1277
* @param bool Ignored for backwards compatibility
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1278
* @param string File to get variables for sidebar data from
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1279
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1280
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1281
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1282
function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl')
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1283
{
1
+ − 1284
global $db, $session, $paths, $template, $plugins; // Common objects
215
+ − 1285
global $lang;
+ − 1286
1
+ − 1287
$filter_links = false;
+ − 1288
$tplvars = $this->extract_vars($filename);
+ − 1289
if($session->sid_super) $as = htmlspecialchars(urlSeparator).'auth='.$session->sid_super;
+ − 1290
else $as = '';
+ − 1291
error_reporting(E_ALL);
+ − 1292
$random_id = sha1(microtime().''); // A temp value
+ − 1293
+ − 1294
/*
+ − 1295
* PREPROCESSOR
+ − 1296
*/
+ − 1297
+ − 1298
// Variables
+ − 1299
+ − 1300
preg_match_all('#\$([A-Z_-]+)\$#', $message, $links);
+ − 1301
$links = $links[1];
+ − 1302
+ − 1303
for($i=0;$i<sizeof($links);$i++)
+ − 1304
{
+ − 1305
$message = str_replace('$'.$links[$i].'$', $this->tpl_strings[$links[$i]], $message);
+ − 1306
}
+ − 1307
+ − 1308
// Conditionals
+ − 1309
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1310
preg_match_all('#\{if ([A-Za-z0-9_ \(\)&\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links);
1
+ − 1311
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1312
// Temporary exception from coding standards - using tab length of 4 here for clarity
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1313
for ( $i = 0; $i < sizeof($links[1]); $i++ )
1
+ − 1314
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1315
$condition =& $links[1][$i];
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1316
$message = str_replace('{if '.$condition.'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message);
1
+ − 1317
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1318
// Time for some manual parsing...
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1319
$chk = false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1320
$current_id = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1321
$prn_level = 0;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1322
// Used to keep track of where we are in the conditional
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1323
// Object of the game: turn {if this && ( that OR !something_else )} ... {/if} into if( ( isset($this->tpl_bool['that']) && $this->tpl_bool['that'] ) && ...
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1324
// Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1325
$in_var_now = true;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1326
$in_var_last = false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1327
$current_var = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1328
$current_var_start_pos = 0;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1329
$current_var_end_pos = 0;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1330
$j = -1;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1331
$condition = $condition . ' ';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1332
$d = strlen($condition);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1333
while($j < $d)
1
+ − 1334
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1335
$j++;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1336
$in_var_last = $in_var_now;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1337
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1338
$char = substr($condition, $j, 1);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1339
$in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1340
if(!$in_var_last && $in_var_now)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1341
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1342
$current_var_start_pos = $j;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1343
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1344
if($in_var_last && !$in_var_now)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1345
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1346
$current_var_end_pos = $j;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1347
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1348
if($in_var_now)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1349
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1350
$current_var .= $char;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1351
continue;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1352
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1353
// OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1354
if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9')
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1355
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1356
// XSS attack! Bail out
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1357
$errmsg = '<p><b>Error:</b> Syntax error (possibly XSS attack) caught in template code:</p>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1358
$errmsg .= '<pre>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1359
$errmsg .= '{if '.htmlspecialchars($condition).'}';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1360
$errmsg .= "\n ";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1361
for ( $k = 0; $k < $j; $k++ )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1362
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1363
$errmsg .= " ";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1364
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1365
// Show position of error
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1366
$errmsg .= '<span style="color: red;">^</span>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1367
$errmsg .= '</pre>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1368
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $errmsg, $message);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1369
continue 2;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1370
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1371
if($current_var != '')
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1372
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1373
$cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1374
$cvt = substr($condition, 0, $current_var_start_pos) . $cd . substr($condition, $current_var_end_pos, strlen($condition));
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1375
$j = $j + strlen($cd) - strlen($current_var);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1376
$current_var = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1377
$condition = $cvt;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1378
$d = strlen($condition);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1379
}
1
+ − 1380
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1381
$condition = substr($condition, 0, strlen($condition)-1);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1382
$condition = '$chk = ( '.$condition.' ) ? true : false;';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1383
eval($condition);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1384
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1385
if($chk)
1
+ − 1386
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1387
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}'));
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1388
else $c = $links[2][$i];
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1389
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
1
+ − 1390
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1391
else
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1392
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1393
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i]));
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1394
else $c = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1395
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1396
}
1
+ − 1397
}
+ − 1398
+ − 1399
preg_match_all('#\{!if ([A-Za-z_-]*)\}(.*?)\{\/if\}#is', $message, $links);
+ − 1400
+ − 1401
for($i=0;$i<sizeof($links[1]);$i++)
+ − 1402
{
+ − 1403
$message = str_replace('{!if '.$links[1][$i].'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message);
+ − 1404
if(isset($this->tpl_bool[$links[1][$i]]) && $this->tpl_bool[$links[1][$i]]) {
+ − 1405
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i]));
+ − 1406
else $c = '';
+ − 1407
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
+ − 1408
} else {
+ − 1409
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}'));
+ − 1410
else $c = $links[2][$i];
+ − 1411
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
+ − 1412
}
+ − 1413
}
+ − 1414
215
+ − 1415
preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $message, $matches);
+ − 1416
foreach ( $matches[1] as $i => $string_id )
+ − 1417
{
+ − 1418
$string = $lang->get($string_id);
+ − 1419
$string = str_replace('\\', '\\\\', $string);
+ − 1420
$string = str_replace('\'', '\\\'', $string);
+ − 1421
$message = str_replace_once($matches[0][$i], $string, $message);
+ − 1422
}
+ − 1423
1
+ − 1424
/*
+ − 1425
* HTML RENDERER
+ − 1426
*/
+ − 1427
+ − 1428
// Images
+ − 1429
$j = preg_match_all('#\[\[:'.$paths->nslist['File'].'([\w\s0-9_\(\)!@%\^\+\|\.-]+?)\]\]#is', $message, $matchlist);
+ − 1430
$matches = Array();
+ − 1431
$matches['images'] = $matchlist[1];
+ − 1432
for($i=0;$i<sizeof($matchlist[1]);$i++)
+ − 1433
{
+ − 1434
if(isPage($paths->nslist['File'].$matches['images'][$i]))
+ − 1435
{
+ − 1436
$message = str_replace('[[:'.$paths->nslist['File'].$matches['images'][$i].']]',
+ − 1437
'<img alt="'.$matches['images'][$i].'" style="border: 0" src="'.makeUrlNS('Special', 'DownloadFile/'.$matches['images'][$i]).'" />',
+ − 1438
$message);
+ − 1439
}
+ − 1440
}
+ − 1441
+ − 1442
// Internal links
+ − 1443
+ − 1444
$text_parser = $this->makeParserText($tplvars['sidebar_button']);
+ − 1445
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1446
preg_match_all("#\[\[([^\|\]\n\a\r\t]*?)\]\]#is", $message, $il);
1
+ − 1447
for($i=0;$i<sizeof($il[1]);$i++)
+ − 1448
{
+ − 1449
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true);
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1450
$text_parser->assign_vars(Array(
1
+ − 1451
'HREF' => $href,
+ − 1452
'FLAGS' => '',
+ − 1453
'TEXT' => $il[1][$i]
+ − 1454
));
+ − 1455
$message = str_replace("[[{$il[1][$i]}]]", $text_parser->run(), $message);
+ − 1456
}
+ − 1457
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1458
preg_match_all('#\[\[([^\|\]\n\a\r\t]*?)\|([^\]\r\n\a\t]*?)\]\]#is', $message, $il);
1
+ − 1459
for($i=0;$i<sizeof($il[1]);$i++)
+ − 1460
{
+ − 1461
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true);
+ − 1462
$text_parser->assign_vars(Array(
+ − 1463
'HREF' => $href,
+ − 1464
'FLAGS' => '',
+ − 1465
'TEXT' => $il[2][$i]
+ − 1466
));
+ − 1467
$message = str_replace("[[{$il[1][$i]}|{$il[2][$i]}]]", $text_parser->run(), $message);
+ − 1468
}
+ − 1469
+ − 1470
// External links
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1471
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?) ([^\]]+)\\]#', '<a href="\\1://\\2">\\3</a><br style="display: none;" />', $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1472
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', '<a href="\\1://\\2">\\1://\\2</a><br style="display: none;" />', $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1473
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
diff
changeset
+ − 1474
preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?) ([^\]]+)\]/is', $message, $ext_link);
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
diff
changeset
+ − 1475
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
diff
changeset
+ − 1476
// die('<pre>' . htmlspecialchars( print_r($ext_link, true) ) . '</pre>');
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1477
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1478
for ( $i = 0; $i < count($ext_link[0]); $i++ )
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1479
{
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1480
$text_parser->assign_vars(Array(
165
+ − 1481
'HREF' => $ext_link[1][$i],
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1482
'FLAGS' => '',
165
+ − 1483
'TEXT' => $ext_link[16][$i]
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1484
));
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1485
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1486
}
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1487
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
diff
changeset
+ − 1488
preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?)\]/is', $message, $ext_link);
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1489
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1490
for ( $i = 0; $i < count($ext_link[0]); $i++ )
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1491
{
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1492
$text_parser->assign_vars(Array(
165
+ − 1493
'HREF' => $ext_link[1][$i],
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1494
'FLAGS' => '',
165
+ − 1495
'TEXT' => htmlspecialchars($ext_link[1][$i])
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1496
));
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1497
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1498
}
1
+ − 1499
+ − 1500
$parser1 = $this->makeParserText($tplvars['sidebar_section']);
+ − 1501
$parser2 = $this->makeParserText($tplvars['sidebar_section_raw']);
+ − 1502
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 1503
preg_match_all('#\{slider(2|)=([^\}]*?)\}(.*?)\{\/slider(2|)\}#is', $message, $sb);
1
+ − 1504
+ − 1505
// Modified to support the sweet new template var system
+ − 1506
for($i=0;$i<sizeof($sb[1]);$i++)
+ − 1507
{
+ − 1508
$p = ($sb[1][$i] == '2') ? $parser2 : $parser1;
+ − 1509
$p->assign_vars(Array('TITLE'=>$sb[2][$i],'CONTENT'=>$sb[3][$i]));
+ − 1510
$message = str_replace("{slider{$sb[1][$i]}={$sb[2][$i]}}{$sb[3][$i]}{/slider{$sb[4][$i]}}", $p->run(), $message);
+ − 1511
}
+ − 1512
+ − 1513
/*
+ − 1514
Extras ;-)
+ − 1515
$message = preg_replace('##is', '', $message);
+ − 1516
$message = preg_replace('##is', '', $message);
+ − 1517
$message = preg_replace('##is', '', $message);
+ − 1518
$message = preg_replace('##is', '', $message);
+ − 1519
$message = preg_replace('##is', '', $message);
+ − 1520
*/
+ − 1521
+ − 1522
//die('<pre>'.htmlspecialchars($message).'</pre>');
+ − 1523
//eval($message); exit;
+ − 1524
return $message;
+ − 1525
}
+ − 1526
+ − 1527
/**
+ − 1528
* Print a text field that auto-completes a username entered into it.
+ − 1529
* @param string $name - the name of the form field
+ − 1530
* @return string
+ − 1531
*/
+ − 1532
+ − 1533
function username_field($name, $value = false)
+ − 1534
{
+ − 1535
$randomid = md5( time() . microtime() . mt_rand() );
184
+ − 1536
$text = '<input name="'.$name.'" onkeyup="new AutofillUsername(this);" autocomplete="off" type="text" size="30" id="userfield_'.$randomid.'"';
1
+ − 1537
if($value) $text .= ' value="'.$value.'"';
+ − 1538
$text .= ' />';
+ − 1539
return $text;
+ − 1540
}
+ − 1541
+ − 1542
/**
+ − 1543
* Print a text field that auto-completes a page name entered into it.
+ − 1544
* @param string $name - the name of the form field
+ − 1545
* @return string
+ − 1546
*/
+ − 1547
+ − 1548
function pagename_field($name, $value = false)
+ − 1549
{
+ − 1550
$randomid = md5( time() . microtime() . mt_rand() );
+ − 1551
$text = '<input name="'.$name.'" onkeyup="ajaxPageNameComplete(this)" type="text" size="30" id="pagefield_'.$randomid.'"';
+ − 1552
if($value) $text .= ' value="'.$value.'"';
+ − 1553
$text .= ' />';
+ − 1554
$text .= '<script type="text/javascript">
+ − 1555
var inp = document.getElementById(\'pagefield_' . $randomid . '\');
+ − 1556
var f = get_parent_form(inp);
+ − 1557
if ( f )
+ − 1558
{
+ − 1559
if ( typeof(f.onsubmit) != \'function\' )
+ − 1560
{
+ − 1561
f.onsubmit = function() {
+ − 1562
if ( !submitAuthorized )
+ − 1563
{
+ − 1564
return false;
+ − 1565
}
+ − 1566
}
+ − 1567
}
+ − 1568
}</script>';
+ − 1569
return $text;
+ − 1570
}
+ − 1571
+ − 1572
/**
+ − 1573
* Sends a textarea that can be converted to and from a TinyMCE widget on the fly.
+ − 1574
* @param string The name of the form element
+ − 1575
* @param string The initial content. Optional, defaults to blank
+ − 1576
* @param int Rows in textarea
+ − 1577
* @param int Columns in textarea
+ − 1578
* @return string HTML and Javascript code.
+ − 1579
*/
+ − 1580
+ − 1581
function tinymce_textarea($name, $content = '', $rows = 20, $cols = 60)
+ − 1582
{
+ − 1583
$randomid = md5(microtime() . mt_rand());
+ − 1584
$html = '';
+ − 1585
$html .= '<textarea name="' . $name . '" rows="'.$rows.'" cols="'.$cols.'" style="width: 100%;" id="toggleMCEroot_'.$randomid.'">' . $content . '</textarea>';
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1586
$html .= '<div style="float: right; display: table;" id="mceSwitchAgent_' . $randomid . '">text editor | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">graphical editor</a></div>';
1
+ − 1587
$html .= '<script type="text/javascript">
+ − 1588
// <![CDATA[
+ − 1589
function toggleMCE_'.$randomid.'()
+ − 1590
{
+ − 1591
var the_obj = document.getElementById(\'toggleMCEroot_' . $randomid . '\');
+ − 1592
var panel = document.getElementById(\'mceSwitchAgent_' . $randomid . '\');
+ − 1593
if ( the_obj.dnIsMCE == "yes" )
+ − 1594
{
+ − 1595
$dynano(the_obj).destroyMCE();
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1596
panel.innerHTML = \'text editor | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">graphical editor</a>\';
1
+ − 1597
}
+ − 1598
else
+ − 1599
{
+ − 1600
$dynano(the_obj).switchToMCE();
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1601
panel.innerHTML = \'<a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">text editor</a> | graphical editor\';
1
+ − 1602
}
+ − 1603
}
+ − 1604
// ]]>
+ − 1605
</script>';
+ − 1606
return $html;
+ − 1607
}
+ − 1608
+ − 1609
/**
+ − 1610
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;)
+ − 1611
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class.
+ − 1612
* @param $filename the filename of the template to be parsed
+ − 1613
* @return object
+ − 1614
*/
+ − 1615
+ − 1616
function makeParser($filename)
+ − 1617
{
+ − 1618
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1619
$filename = ENANO_ROOT.'/themes/'.$template->theme.'/'.$filename;
+ − 1620
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist');
+ − 1621
$code = file_get_contents($filename);
+ − 1622
$parser = new templateIndividual($code);
+ − 1623
return $parser;
+ − 1624
}
+ − 1625
+ − 1626
/**
+ − 1627
* Same as $template->makeParser(), but takes a string instead of a filename.
+ − 1628
* @param $text the text to parse
+ − 1629
* @return object
+ − 1630
*/
+ − 1631
+ − 1632
function makeParserText($code)
+ − 1633
{
+ − 1634
$parser = new templateIndividual($code);
+ − 1635
return $parser;
+ − 1636
}
+ − 1637
+ − 1638
/**
+ − 1639
* Fetch the HTML for a plugin-added sidebar block
+ − 1640
* @param $name the plugin name
+ − 1641
* @return string
+ − 1642
*/
+ − 1643
+ − 1644
function fetch_block($id)
+ − 1645
{
+ − 1646
if(isset($this->plugin_blocks[$id])) return $this->plugin_blocks[$id];
+ − 1647
else return false;
+ − 1648
}
+ − 1649
+ − 1650
/**
+ − 1651
* Fetches the contents of both sidebars.
+ − 1652
* @return array - key 0 is left, key 1 is right
+ − 1653
* @example list($left, $right) = $template->fetch_sidebar();
+ − 1654
*/
+ − 1655
+ − 1656
function fetch_sidebar()
+ − 1657
{
+ − 1658
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1659
+ − 1660
$left = '';
+ − 1661
$right = '';
+ − 1662
+ − 1663
if ( !$this->fetch_block('Links') )
+ − 1664
$this->initLinksWidget();
+ − 1665
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1666
$q = $db->sql_query('SELECT item_id,sidebar_id,block_name,block_type,block_content FROM '.table_prefix.'sidebar' . "\n"
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1667
. ' WHERE item_enabled=1 ORDER BY sidebar_id ASC, item_order ASC;');
1
+ − 1668
if(!$q) $db->_die('The sidebar text data could not be selected.');
+ − 1669
+ − 1670
$vars = $this->extract_vars('elements.tpl');
+ − 1671
+ − 1672
if(isset($vars['sidebar_top']))
+ − 1673
{
+ − 1674
$left .= $this->parse($vars['sidebar_top']);
+ − 1675
$right .= $this->parse($vars['sidebar_top']);
+ − 1676
}
+ − 1677
while($row = $db->fetchrow())
+ − 1678
{
+ − 1679
switch($row['block_type'])
+ − 1680
{
+ − 1681
case BLOCK_WIKIFORMAT:
+ − 1682
default:
+ − 1683
$parser = $this->makeParserText($vars['sidebar_section']);
+ − 1684
$c = RenderMan::render($row['block_content']);
+ − 1685
break;
+ − 1686
case BLOCK_TEMPLATEFORMAT:
+ − 1687
$parser = $this->makeParserText($vars['sidebar_section']);
+ − 1688
$c = $this->tplWikiFormat($row['block_content']);
+ − 1689
break;
+ − 1690
case BLOCK_HTML:
+ − 1691
$parser = $this->makeParserText($vars['sidebar_section_raw']);
+ − 1692
$c = $row['block_content'];
+ − 1693
break;
+ − 1694
case BLOCK_PHP:
+ − 1695
$parser = $this->makeParserText($vars['sidebar_section_raw']);
+ − 1696
ob_start();
+ − 1697
@eval($row['block_content']);
+ − 1698
$c = ob_get_contents();
+ − 1699
ob_end_clean();
+ − 1700
break;
+ − 1701
case BLOCK_PLUGIN:
+ − 1702
$parser = $this->makeParserText($vars['sidebar_section_raw']);
+ − 1703
$c = (gettype($this->fetch_block($row['block_content'])) == 'string') ? $this->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 1704
break;
+ − 1705
}
+ − 1706
$parser->assign_vars(Array( 'TITLE'=>$this->tplWikiFormat($row['block_name']), 'CONTENT'=>$c ));
+ − 1707
if ($row['sidebar_id'] == SIDEBAR_LEFT ) $left .= $parser->run();
+ − 1708
elseif($row['sidebar_id'] == SIDEBAR_RIGHT) $right .= $parser->run();
+ − 1709
unset($parser);
+ − 1710
}
+ − 1711
$db->free_result();
+ − 1712
if(isset($vars['sidebar_bottom']))
+ − 1713
{
+ − 1714
$left .= $this->parse($vars['sidebar_bottom']);
+ − 1715
$right .= $this->parse($vars['sidebar_bottom']);
+ − 1716
}
+ − 1717
$min = '';
+ − 1718
if(isset($vars['sidebar_top']))
+ − 1719
{
+ − 1720
$min .= $this->parse($vars['sidebar_top']);
+ − 1721
}
+ − 1722
if(isset($vars['sidebar_bottom']))
+ − 1723
{
+ − 1724
$min .= $this->parse($vars['sidebar_bottom']);
+ − 1725
}
+ − 1726
return Array($left, $right, $min);
+ − 1727
}
+ − 1728
+ − 1729
function initLinksWidget()
+ − 1730
{
+ − 1731
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1732
// SourceForge/W3C buttons
+ − 1733
$ob = Array();
27
dd659f6ba891
Converting all tables on new installations to UTF-8; this may break MySQL 4.0 compatibility; several minor cosmetic fixes; set Powered button under Links to "on" by default
Dan
diff
changeset
+ − 1734
$admintitle = ( $session->user_level >= USER_LEVEL_ADMIN ) ? 'title="You may disable this button in the admin panel under General Configuration."' : '';
1
+ − 1735
if(getConfig('sflogo_enabled')=='1')
+ − 1736
{
203
+ − 1737
$sflogo_secure = ( isset($_SERVER['HTTPS']) ) ? 'https' : 'http';
+ − 1738
$ob[] = '<a style="text-align: center;" href="http://sourceforge.net/" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border-width: 0px;" alt="SourceForge.net Logo" src="' . $sflogo_secure . '://sflogo.sourceforge.net/sflogo.php?group_id='.getConfig('sflogo_groupid').'&type='.getConfig('sflogo_type').'" /></a>';
1
+ − 1739
}
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1740
if(getConfig('w3c_v32') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 3.2" src="http://www.w3.org/Icons/valid-html32" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1741
if(getConfig('w3c_v40') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.0" src="http://www.w3.org/Icons/valid-html40" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1742
if(getConfig('w3c_v401') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.01" src="http://www.w3.org/Icons/valid-html401" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1743
if(getConfig('w3c_vxhtml10')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.0" src="http://www.w3.org/Icons/valid-xhtml10" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1744
if(getConfig('w3c_vxhtml11')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.1" src="http://www.w3.org/Icons/valid-xhtml11" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1745
if(getConfig('w3c_vcss') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid CSS" src="http://www.w3.org/Icons/valid-css" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1746
if(getConfig('dbd_button') =='1') $ob[] = '<a style="text-align: center;" href="http://www.defectivebydesign.org/join/button" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="DRM technology restricts what you can do with your computer" src="http://defectivebydesign.org/sites/nodrm.civicactions.net/files/images/dbd_sm_btn.gif" /><br /><small>Protect your freedom >></small></a>';
1
+ − 1747
+ − 1748
$code = $plugins->setHook('links_widget');
+ − 1749
foreach ( $code as $cmd )
+ − 1750
{
+ − 1751
eval($cmd);
+ − 1752
}
+ − 1753
71
+ − 1754
if(count($ob) > 0 || getConfig('powered_btn') == '1') $sb_links = '<div style="text-align: center; padding: 5px 0;">'. ( ( getConfig('powered_btn') == '1' ) ? $this->fading_button : '' ) . implode('<br />', $ob).'</div>';
1
+ − 1755
else $sb_links = '';
+ − 1756
+ − 1757
$this->sidebar_widget('Links', $sb_links);
+ − 1758
}
+ − 1759
+ − 1760
/**
+ − 1761
* Builds a box showing unread private messages.
+ − 1762
*/
+ − 1763
+ − 1764
function notify_unread_pms()
+ − 1765
{
+ − 1766
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1767
if ( ( $paths->cpage['urlname_nons'] == 'PrivateMessages' || $paths->cpage['urlname_nons'] == 'Preferences' ) && $paths->namespace == 'Special' )
+ − 1768
{
+ − 1769
return '';
+ − 1770
}
+ − 1771
$ob = '<div class="usermessage">'."\n";
+ − 1772
$s = ( $session->unread_pms == 1 ) ? '' : 's';
+ − 1773
$ob .= " <b>You have $session->unread_pms <a href=" . '"' . makeUrlNS('Special', 'PrivateMessages' ) . '"' . ">unread private message$s</a>.</b><br />\n Messages: ";
+ − 1774
$q = $db->sql_query('SELECT message_id,message_from,subject,date FROM '.table_prefix.'privmsgs WHERE message_to=\'' . $session->username . '\' AND message_read=0 ORDER BY date DESC;');
+ − 1775
if ( !$q )
+ − 1776
$db->_die();
+ − 1777
$messages = array();
+ − 1778
while ( $row = $db->fetchrow() )
+ − 1779
{
+ − 1780
$messages[] = '<a href="' . makeUrlNS('Special', 'PrivateMessages/View/' . $row['message_id']) . '" title="Sent ' . date('F d, Y h:i a', $row['date']) . ' by ' . $row['message_from'] . '">' . $row['subject'] . '</a>';
+ − 1781
}
+ − 1782
$ob .= implode(",\n " , $messages)."\n";
+ − 1783
$ob .= '</div>'."\n";
+ − 1784
return $ob;
+ − 1785
}
+ − 1786
+ − 1787
} // class template
+ − 1788
+ − 1789
/**
+ − 1790
* Handles parsing of an individual template file. Instances should only be created through $template->makeParser(). To use:
+ − 1791
* - Call $template->makeParser(template file name) - file name should be something.tpl, css/whatever.css, etc.
+ − 1792
* - Make an array of strings you want the template to access. $array['STRING'] would be referenced in the template like {STRING}
+ − 1793
* - Make an array of boolean values. These can be used for conditionals in the template (<!-- IF something --> whatever <!-- ENDIF something -->)
+ − 1794
* - Call assign_vars() to pass the strings to the template parser. Same thing with assign_bool().
+ − 1795
* - Call run() to parse the template and get your fully compiled HTML.
+ − 1796
* @access private
+ − 1797
*/
+ − 1798
+ − 1799
class templateIndividual extends template {
+ − 1800
var $tpl_strings, $tpl_bool, $tpl_code;
+ − 1801
var $compiled = false;
+ − 1802
/**
+ − 1803
* Constructor.
+ − 1804
*/
+ − 1805
function __construct($text)
+ − 1806
{
+ − 1807
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1808
$this->tpl_code = $text;
+ − 1809
$this->tpl_strings = $template->tpl_strings;
+ − 1810
$this->tpl_bool = $template->tpl_bool;
+ − 1811
}
+ − 1812
/**
+ − 1813
* PHP 4 constructor.
+ − 1814
*/
+ − 1815
function templateIndividual($text)
+ − 1816
{
+ − 1817
$this->__construct($text);
+ − 1818
}
+ − 1819
/**
+ − 1820
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file.
+ − 1821
* @param $vars array
+ − 1822
*/
+ − 1823
function assign_vars($vars)
+ − 1824
{
+ − 1825
$this->tpl_strings = array_merge($this->tpl_strings, $vars);
+ − 1826
}
+ − 1827
/**
+ − 1828
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements.
+ − 1829
* @param $vars array
+ − 1830
*/
+ − 1831
function assign_bool($vars)
+ − 1832
{
+ − 1833
$this->tpl_bool = array_merge($this->tpl_bool, $vars);
+ − 1834
}
+ − 1835
/**
+ − 1836
* Compiles and executes the template code.
+ − 1837
* @return string
+ − 1838
*/
+ − 1839
function run()
+ − 1840
{
+ − 1841
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1842
if(!$this->compiled)
+ − 1843
{
+ − 1844
$this->tpl_code = $this->compile_template_text($this->tpl_code);
+ − 1845
$this->compiled = true;
+ − 1846
}
+ − 1847
return eval($this->tpl_code);
+ − 1848
}
+ − 1849
}
+ − 1850
+ − 1851
/**
+ − 1852
* A version of the template compiler that does not rely at all on the other parts of Enano. Used during installation and for showing
+ − 1853
* "critical error" messages. ** REQUIRES ** the Oxygen theme.
+ − 1854
*/
+ − 1855
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1856
class template_nodb
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1857
{
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1858
var $fading_button, $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list;
1
+ − 1859
function __construct() {
+ − 1860
+ − 1861
$this->tpl_bool = Array();
+ − 1862
$this->tpl_strings = Array();
+ − 1863
$this->sidebar_extra = '';
+ − 1864
$this->sidebar_widgets = '';
+ − 1865
$this->toolbar_menu = '';
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1866
$this->additional_headers = '<style type="text/css">div.pagenav { border-top: 1px solid #CCC; padding-top: 7px; margin-top: 10px; }</style>';
1
+ − 1867
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1868
$this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto 5px auto;">
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1869
<a href="http://enanocms.org/" onclick="window.open(this.href); return false;"><img style="border-width: 0;" alt=" " src="'.scriptPath.'/images/about-powered-enano.png" onmouseover="domOpacity(this, 100, 0, 500);" onmouseout="domOpacity(this, 0, 100, 500);" /></a>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1870
</div>';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1871
1
+ − 1872
$this->theme_list = Array(Array(
+ − 1873
'theme_id'=>'oxygen',
+ − 1874
'theme_name'=>'Oxygen',
+ − 1875
'theme_order'=>1,
+ − 1876
'enabled'=>1,
+ − 1877
));
+ − 1878
}
+ − 1879
function template() {
+ − 1880
$this->__construct();
+ − 1881
}
+ − 1882
function get_css($s = false) {
+ − 1883
if($s)
+ − 1884
return $this->process_template('css/'.$s);
+ − 1885
else
+ − 1886
return $this->process_template('css/'.$this->style.'.css');
+ − 1887
}
+ − 1888
function load_theme($name, $css, $auto_init = true) {
+ − 1889
$this->theme = $name;
+ − 1890
$this->style = $css;
+ − 1891
+ − 1892
$this->tpl_strings['SCRIPTPATH'] = scriptPath;
+ − 1893
if ( $auto_init )
+ − 1894
$this->init_vars();
+ − 1895
}
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1896
function add_header($html)
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1897
{
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1898
$this->additional_headers .= "\n<!-- ----------------------------------------------------------- -->\n\n " . $html;
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1899
}
1
+ − 1900
function init_vars()
+ − 1901
{
+ − 1902
global $sideinfo;
+ − 1903
global $this_page;
243
+ − 1904
global $lang;
1
+ − 1905
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1906
$tplvars = $this->extract_vars('elements.tpl');
+ − 1907
$tb = '';
+ − 1908
// Get the "article" button text (depends on namespace)
243
+ − 1909
if(defined('IN_ENANO_INSTALL')) $ns = $lang->get('meta_btn_article');
1
+ − 1910
else $ns = 'system error page';
243
+ − 1911
$t = str_replace('{FLAGS}', 'onclick="return false;" title="Hey! A button that doesn\'t do anything. Clever..." accesskey="a"', $tplvars['toolbar_button']);
1
+ − 1912
$t = str_replace('{HREF}', '#', $t);
+ − 1913
$t = str_replace('{TEXT}', $ns, $t);
+ − 1914
$tb .= $t;
+ − 1915
+ − 1916
// Page toolbar
+ − 1917
+ − 1918
$this->tpl_bool = Array(
+ − 1919
'auth_admin'=>true,
+ − 1920
'user_logged_in'=>true,
+ − 1921
'right_sidebar'=>false,
+ − 1922
);
+ − 1923
$this->tpl_bool['in_sidebar_admin'] = false;
+ − 1924
+ − 1925
$this->tpl_bool['auth_rename'] = false;
+ − 1926
+ − 1927
$asq = $asa = '';
+ − 1928
+ − 1929
$this->tpl_bool['fixed_menus'] = false;
+ − 1930
$slink = defined('IN_ENANO_INSTALL') ? scriptPath.'/install.php?mode=css' : makeUrlNS('Special', 'CSS');
+ − 1931
+ − 1932
$title = ( is_object($paths) ) ? $paths->page : 'Critical error';
+ − 1933
243
+ − 1934
$headers = '<style type="text/css">div.pagenav { border-top: 1px solid #CCC; padding-top: 7px; margin-top: 10px; }</style>';
244
+ − 1935
+ − 1936
$js_dynamic = '';
243
+ − 1937
if ( defined('IN_ENANO_INSTALL') )
+ − 1938
{
244
+ − 1939
$js_dynamic .= '<script type="text/javascript" src="install.php?mode=langjs"></script>';
243
+ − 1940
}
244
+ − 1941
$js_dynamic .= '<script type="text/javascript">var title="'. $title .'"; var scriptPath="'.scriptPath.'"; var ENANO_SID=""; var AES_BITS='.AES_BITS.'; var AES_BLOCKSIZE=' . AES_BLOCKSIZE . '; var pagepass=\'\'; var ENANO_LANG_ID = 1;</script>';
243
+ − 1942
1
+ − 1943
// The rewritten template engine will process all required vars during the load_template stage instead of (cough) re-processing everything each time around.
+ − 1944
$tpl_strings = Array(
+ − 1945
'PAGE_NAME'=>$this_page,
+ − 1946
'PAGE_URLNAME'=>'Null',
243
+ − 1947
'SITE_NAME'=>$lang->get('meta_site_name'),
1
+ − 1948
'USERNAME'=>'admin',
243
+ − 1949
'SITE_DESC'=>$lang->get('meta_site_desc'),
1
+ − 1950
'TOOLBAR'=>$tb,
+ − 1951
'SCRIPTPATH'=>scriptPath,
+ − 1952
'CONTENTPATH'=>contentPath,
+ − 1953
'ADMIN_SID_QUES'=>$asq,
+ − 1954
'ADMIN_SID_AMP'=>$asa,
+ − 1955
'ADMIN_SID_AMP_HTML'=>'',
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1956
'ADDITIONAL_HEADERS'=>$this->additional_headers,
1
+ − 1957
'SIDEBAR_EXTRA'=>'',
243
+ − 1958
'COPYRIGHT'=>$lang->get('meta_enano_copyright'),
1
+ − 1959
'TOOLBAR_EXTRAS'=>'',
125
+ − 1960
'REQUEST_URI'=>( isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '' ).$_SERVER['REQUEST_URI'],
1
+ − 1961
'STYLE_LINK'=>$slink,
+ − 1962
'LOGOUT_LINK'=>'',
+ − 1963
'THEME_LINK'=>'',
+ − 1964
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme,
+ − 1965
'THEME_ID'=>$this->theme,
+ − 1966
'STYLE_ID'=>$this->style,
244
+ − 1967
'JS_DYNAMIC_VARS'=>$js_dynamic,
1
+ − 1968
'SIDEBAR_RIGHT'=>'',
287
+ − 1969
'REPORT_URI' => ''
1
+ − 1970
);
+ − 1971
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings);
+ − 1972
+ − 1973
$sidebar = ( gettype($sideinfo) == 'string' ) ? $sideinfo : '';
+ − 1974
if($sidebar != '')
+ − 1975
{
+ − 1976
if(isset($tplvars['sidebar_top']))
+ − 1977
{
+ − 1978
$text = $this->makeParserText($tplvars['sidebar_top']);
+ − 1979
$top = $text->run();
+ − 1980
} else {
+ − 1981
$top = '';
+ − 1982
}
+ − 1983
$p = $this->makeParserText($tplvars['sidebar_section']);
+ − 1984
$p->assign_vars(Array(
243
+ − 1985
'TITLE'=>$lang->get('meta_sidebar_heading'),
1
+ − 1986
'CONTENT'=>$sidebar,
+ − 1987
));
+ − 1988
$sidebar = $p->run();
+ − 1989
if(isset($tplvars['sidebar_bottom']))
+ − 1990
{
+ − 1991
$text = $this->makeParserText($tplvars['sidebar_bottom']);
+ − 1992
$bottom = $text->run();
+ − 1993
} else {
+ − 1994
$bottom = '';
+ − 1995
}
+ − 1996
$sidebar = $top . $sidebar . $bottom;
+ − 1997
}
+ − 1998
$this->tpl_strings['SIDEBAR_LEFT'] = $sidebar;
+ − 1999
+ − 2000
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != '') ? true : false;
+ − 2001
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != '') ? true : false;
+ − 2002
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility
+ − 2003
$this->tpl_bool['stupid_mode'] = true;
+ − 2004
}
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2005
function header($simple = false)
1
+ − 2006
{
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2007
$filename = ( $simple ) ? 'simple-header.tpl' : 'header.tpl';
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2008
if ( !$this->no_headers )
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2009
{
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2010
echo $this->process_template($filename);
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2011
}
1
+ − 2012
}
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2013
function footer($simple = false)
1
+ − 2014
{
+ − 2015
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2016
if(!$this->no_headers) {
+ − 2017
global $_starttime;
91
+ − 2018
1
+ − 2019
$f = microtime(true);
+ − 2020
$f = $f - $_starttime;
+ − 2021
$f = round($f, 4);
+ − 2022
if(defined('IN_ENANO_INSTALL')) $nq = 'N/A';
+ − 2023
else $nq = $db->num_queries;
+ − 2024
if($nq == 0) $nq = 'N/A';
+ − 2025
$dbg = 'Time: '.$f.'s | Queries: '.$nq;
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2026
$filename = ( $simple ) ? 'simple-footer.tpl' : 'footer.tpl';
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2027
$t = $this->process_template($filename);
1
+ − 2028
$t = str_replace('[[Stats]]', $dbg, $t);
98
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2029
if ( is_object($db) )
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2030
{
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2031
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2032
}
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2033
else
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2034
{
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2035
$t = str_replace('[[NumQueries]]', '0', $t);
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2036
}
91
+ − 2037
$t = str_replace('[[GenTime]]', (string)$f, $t);
+ − 2038
1
+ − 2039
echo $t;
+ − 2040
}
+ − 2041
else return '';
+ − 2042
}
+ − 2043
function getHeader()
+ − 2044
{
+ − 2045
if(!$this->no_headers) return $this->process_template('header.tpl');
+ − 2046
else return '';
+ − 2047
}
+ − 2048
function getFooter()
+ − 2049
{
+ − 2050
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2051
if(!$this->no_headers) {
+ − 2052
global $_starttime;
+ − 2053
$f = microtime(true);
+ − 2054
$f = $f - $_starttime;
+ − 2055
$f = round($f, 4);
+ − 2056
if(defined('IN_ENANO_INSTALL')) $nq = 'N/A';
+ − 2057
else $nq = $db->num_queries;
+ − 2058
if($nq == 0) $nq = 'N/A';
+ − 2059
$dbg = 'Time: '.$f.'s | Queries: '.$nq;
+ − 2060
if($nq == 0) $nq = 'N/A';
+ − 2061
$t = $this->process_template('footer.tpl');
+ − 2062
$t = str_replace('[[Stats]]', $dbg, $t);
+ − 2063
return $t;
+ − 2064
}
+ − 2065
else return '';
+ − 2066
}
+ − 2067
+ − 2068
function process_template($file) {
+ − 2069
+ − 2070
eval($this->compile_template($file));
+ − 2071
return $tpl_code;
+ − 2072
}
+ − 2073
+ − 2074
function extract_vars($file) {
+ − 2075
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2076
if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file)) die('Cannot find '.$file.' file for style "'.$this->theme.'", exiting');
+ − 2077
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file);
+ − 2078
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches);
+ − 2079
$tplvars = Array();
+ − 2080
for($i=0;$i<sizeof($matches[1]);$i++)
+ − 2081
{
+ − 2082
$tplvars[$matches[1][$i]] = $matches[2][$i];
+ − 2083
}
+ − 2084
return $tplvars;
+ − 2085
}
+ − 2086
function compile_template($text) {
+ − 2087
global $sideinfo;
+ − 2088
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text);
+ − 2089
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection
+ − 2090
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;';
+ − 2091
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2092
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text);
+ − 2093
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text);
+ − 2094
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;">Enano critical error page</a></div></div>', $text);
+ − 2095
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text);
+ − 2096
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2097
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text);
+ − 2098
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text);
+ − 2099
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text);
+ − 2100
return $text; //('<pre>'.htmlspecialchars($text).'</pre>');
+ − 2101
}
+ − 2102
+ − 2103
function compile_template_text($text) {
+ − 2104
global $sideinfo;
+ − 2105
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection
+ − 2106
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;';
+ − 2107
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2108
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text);
+ − 2109
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text);
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2110
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;>Enano critical error page</a></div></div>', $text);
1
+ − 2111
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text);
+ − 2112
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2113
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text);
+ − 2114
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text);
+ − 2115
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text);
+ − 2116
return $text; //('<pre>'.htmlspecialchars($text).'</pre>');
+ − 2117
}
+ − 2118
+ − 2119
/**
+ − 2120
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;)
+ − 2121
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class.
+ − 2122
* @param $filename the filename of the template to be parsed
+ − 2123
* @return object
+ − 2124
*/
+ − 2125
+ − 2126
function makeParser($filename)
+ − 2127
{
+ − 2128
$filename = ENANO_ROOT.'/themes/'.$this->theme.'/'.$filename;
+ − 2129
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist');
+ − 2130
$code = file_get_contents($filename);
+ − 2131
$parser = new templateIndividualSafe($code, $this);
+ − 2132
return $parser;
+ − 2133
}
+ − 2134
+ − 2135
/**
+ − 2136
* Same as $template->makeParser(), but takes a string instead of a filename.
+ − 2137
* @param $text the text to parse
+ − 2138
* @return object
+ − 2139
*/
+ − 2140
+ − 2141
function makeParserText($code)
+ − 2142
{
+ − 2143
$parser = new templateIndividualSafe($code, $this);
+ − 2144
return $parser;
+ − 2145
}
+ − 2146
+ − 2147
} // class template_nodb
+ − 2148
+ − 2149
/**
+ − 2150
* Identical to templateIndividual, except extends template_nodb instead of template
+ − 2151
* @see class template
+ − 2152
*/
+ − 2153
+ − 2154
class templateIndividualSafe extends template_nodb {
+ − 2155
var $tpl_strings, $tpl_bool, $tpl_code;
+ − 2156
var $compiled = false;
+ − 2157
/**
+ − 2158
* Constructor.
+ − 2159
*/
+ − 2160
function __construct($text, $parent)
+ − 2161
{
+ − 2162
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2163
$this->tpl_code = $text;
+ − 2164
$this->tpl_strings = $parent->tpl_strings;
+ − 2165
$this->tpl_bool = $parent->tpl_bool;
+ − 2166
}
+ − 2167
/**
+ − 2168
* PHP 4 constructor.
+ − 2169
*/
+ − 2170
function templateIndividual($text)
+ − 2171
{
+ − 2172
$this->__construct($text);
+ − 2173
}
+ − 2174
/**
+ − 2175
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file.
+ − 2176
* @param $vars array
+ − 2177
*/
+ − 2178
function assign_vars($vars)
+ − 2179
{
+ − 2180
if(is_array($this->tpl_strings))
+ − 2181
$this->tpl_strings = array_merge($this->tpl_strings, $vars);
+ − 2182
else
+ − 2183
$this->tpl_strings = $vars;
+ − 2184
}
+ − 2185
/**
+ − 2186
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements.
+ − 2187
* @param $vars array
+ − 2188
*/
+ − 2189
function assign_bool($vars)
+ − 2190
{
+ − 2191
$this->tpl_bool = array_merge($this->tpl_bool, $vars);
+ − 2192
}
+ − 2193
/**
+ − 2194
* Compiles and executes the template code.
+ − 2195
* @return string
+ − 2196
*/
+ − 2197
function run()
+ − 2198
{
+ − 2199
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2200
if(!$this->compiled)
+ − 2201
{
+ − 2202
$this->tpl_code = $this->compile_template_text($this->tpl_code);
+ − 2203
$this->compiled = true;
+ − 2204
}
+ − 2205
return eval($this->tpl_code);
+ − 2206
}
+ − 2207
}
+ − 2208
+ − 2209
?>