diff -r 3351055b467e -r 673a1b6712fa plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Fri Jul 30 14:37:05 2010 -0400 +++ b/plugins/SpecialAdmin.php Fri Jul 30 14:39:04 2010 -0400 @@ -30,7 +30,6 @@ global $paths; register_special_page('Administration', 'specialpage_administration'); - register_special_page('EditSidebar', 'specialpage_manage_sidebar'); } $plugins->attachHook('base_classes_initted', 'SpecialAdmin_include();'); @@ -2011,6 +2010,7 @@ $template->preload_js('jquery-ui'); $template->preload_js('autofill'); $template->preload_js('admin-menu'); + $template->add_header(''); $output->header(); @@ -2214,505 +2214,485 @@ } } -function page_Special_EditSidebar() +function page_Admin_EditSidebar() { global $db, $session, $paths, $template, $plugins; // Common objects global $lang; global $cache; - if($session->auth_level < USER_LEVEL_ADMIN) + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false); - exit; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; } - else + + if ( isset($_GET['update_order']) ) { - if ( isset($_GET['update_order']) ) + header('Content-type: text/javascript'); + $order = @$_POST['order']; + try { - header('Content-type: text/javascript'); - $order = @$_POST['order']; - try - { - $order = enano_json_decode($order); - } - catch ( Zend_Json_Exception $e ) - { - return print enano_json_encode(array( - 'mode' => 'error', - 'error' => 'bad order' - )); - } - - foreach ( $order as $sidebar_id => $blocks ) - { - foreach ( $blocks as $order => $block_id ) - { - $sbid = intval($sidebar_id); - $order = intval($order); - $block_id = intval($block_id); - $q = $db->sql_query('UPDATE ' . table_prefix . "sidebar SET sidebar_id = $sbid, item_order = $order WHERE item_id = $block_id;"); - if ( !$q ) - $db->die_json(); - } - } - + $order = enano_json_decode($order); + } + catch ( Zend_Json_Exception $e ) + { return print enano_json_encode(array( - 'mode' => 'success' + 'mode' => 'error', + 'error' => 'bad order' )); } - $template->preload_js(array('l10n', 'jquery', 'jquery-ui')); - $template->add_header(''); - - $template->header(); - - if(isset($_POST['save'])) + foreach ( $order as $sidebar_id => $blocks ) { - // Write the new block order to the database - // The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... - // Anyone know a better way to do this? - $q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); - if ( !$q ) - { - $db->_die('The sidebar order data could not be selected.'); - } - $orders = Array(); - while($row = $db->fetchrow()) + foreach ( $blocks as $order => $block_id ) { - $orders[] = Array( - count($orders), - $row['item_id'], - $row['sidebar_id'], - ); - } - $db->free_result(); - - // We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. - $ol = explode(',', $_POST['order_left']); - $odr = explode(',', $_POST['order_right']); - $om = array_merge($ol, $odr); - unset($ol, $odr); - $queries = Array(); - foreach($orders as $k => $v) - { - $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.intval($om[$k]).' WHERE item_id='.intval($v[1]).';'; - } - foreach($queries as $sql) - { - $q = $db->sql_query($sql); - if(!$q) - { - $t = $db->get_error(); - echo $t; - $template->footer(); - exit; - } + $sbid = intval($sidebar_id); + $order = intval($order); + $block_id = intval($block_id); + $q = $db->sql_query('UPDATE ' . table_prefix . "sidebar SET sidebar_id = $sbid, item_order = $order WHERE item_id = $block_id;"); + if ( !$q ) + $db->die_json(); } - $cache->purge('anon_sidebar'); - echo '
' . $lang->get('sbedit_msg_order_update_success') . '
'; } - elseif(isset($_POST['create'])) + + return print enano_json_encode(array( + 'mode' => 'success' + )); + } + + // $template->preload_js(array('l10n', 'jquery', 'jquery-ui')); + // $template->add_header(''); + + // $template->header(); + + if(isset($_POST['save'])) + { + // Write the new block order to the database + // The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... + // Anyone know a better way to do this? + $q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); + if ( !$q ) { - switch((int)$_POST['type']) - { - case BLOCK_WIKIFORMAT: - $content = $_POST['wikiformat_content']; - break; - case BLOCK_TEMPLATEFORMAT: - $content = $_POST['templateformat_content']; - break; - case BLOCK_HTML: - $content = $_POST['html_content']; - break; - case BLOCK_PHP: - $content = $_POST['php_content']; - break; - case BLOCK_PLUGIN: - $content = $_POST['plugin_id']; - break; - } - - if ( defined('ENANO_DEMO_MODE') ) + $db->_die('The sidebar order data could not be selected.'); + } + $orders = Array(); + while($row = $db->fetchrow()) + { + $orders[] = Array( + count($orders), + $row['item_id'], + $row['sidebar_id'], + ); + } + $db->free_result(); + + // We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. + $ol = explode(',', $_POST['order_left']); + $odr = explode(',', $_POST['order_right']); + $om = array_merge($ol, $odr); + unset($ol, $odr); + $queries = Array(); + foreach($orders as $k => $v) + { + $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.intval($om[$k]).' WHERE item_id='.intval($v[1]).';'; + } + foreach($queries as $sql) + { + $q = $db->sql_query($sql); + if(!$q) { - // Sanitize the HTML - $content = sanitize_html($content, true); - } - - if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) - { - echo '
' . $lang->get('sbedit_err_demo_php_disable') . '
'; - $_POST['php_content'] = '?><Nulled>'; - $content = $_POST['php_content']; - } - - // Get the value of item_order - - $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.intval($_POST['sidebar_id']).';'); - if(!$q) $db->_die('The order number could not be selected'); - $io = $db->numrows(); - - $db->free_result(); - - $q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; - $result = $db->sql_query($q); - if(!$result) - { - echo $db->get_error(); - $template->footer(); + $t = $db->get_error(); + echo $t; + exit; } + } + $cache->purge('anon_sidebar'); + echo '
' . $lang->get('sbedit_msg_order_update_success') . '
'; + } + elseif(isset($_POST['create'])) + { + switch((int)$_POST['type']) + { + case BLOCK_WIKIFORMAT: + $content = $_POST['wikiformat_content']; + break; + case BLOCK_TEMPLATEFORMAT: + $content = $_POST['templateformat_content']; + break; + case BLOCK_HTML: + $content = $_POST['html_content']; + break; + case BLOCK_PHP: + $content = $_POST['php_content']; + break; + case BLOCK_PLUGIN: + $content = $_POST['plugin_id']; + break; + } - $cache->purge('anon_sidebar'); - echo '
' . $lang->get('sbedit_msg_item_added') . '
'; - + if ( defined('ENANO_DEMO_MODE') ) + { + // Sanitize the HTML + $content = sanitize_html($content, true); + } + + if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) + { + echo '
' . $lang->get('sbedit_err_demo_php_disable') . '
'; + $_POST['php_content'] = '?><Nulled>'; + $content = $_POST['php_content']; } - if(isset($_GET['action']) && isset($_GET['id'])) + // Get the value of item_order + + $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.intval($_POST['sidebar_id']).';'); + if(!$q) $db->_die('The order number could not be selected'); + $io = $db->numrows(); + + $db->free_result(); + + $q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; + $result = $db->sql_query($q); + if(!$result) + { + echo $db->get_error(); + + exit; + } + + $cache->purge('anon_sidebar'); + echo '
' . $lang->get('sbedit_msg_item_added') . '
'; + + } + + if(isset($_GET['action']) && isset($_GET['id'])) + { + if(!preg_match('#^([0-9]*)$#', $_GET['id'])) + { + echo '
Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection
'; + } + switch($_GET['action']) { - if(!preg_match('#^([0-9]*)$#', $_GET['id'])) - { - echo '
Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection
'; - } - switch($_GET['action']) - { - case 'new': - ?> - + case 'new': + ?> + + + +

+ get('sbedit_create_intro'); ?> +

+

+ +

+ +

+ + get('sbedit_field_block_title'); ?>
+ get('sbedit_field_block_sidebar'); ?> + -

+

+
+ get('sbedit_field_wikitext'); ?>

- get('sbedit_create_intro'); ?> +

+
+ +
+ get('sbedit_field_tplcode'); ?>

- +

+
+ +
+ get('sbedit_field_html'); ?> +

+ +

+
+ +
+ +

get('sbedit_field_php_disabled'); ?>

+ + get('sbedit_field_php'); ?>

- - get('sbedit_field_block_title'); ?>
- get('sbedit_field_block_sidebar'); ?> - - + +

+ +
+ +
+ get('sbedit_field_plugin'); ?> +

+

- -
- get('sbedit_field_wikitext'); ?> -

- -

-
- -
- get('sbedit_field_tplcode'); ?> -

- -

-
- -
- get('sbedit_field_html'); ?> -

- -

-
- -
- -

get('sbedit_field_php_disabled'); ?>

- - get('sbedit_field_php'); ?> - -

- -

- -
- -
- get('sbedit_field_plugin'); ?> -

- -

-
- -

- -   - - -

- - +
+ +

+ +   + + +

- - - footer(); - return; + if(divs[i].id != 'blocktype_') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500); + } + }); + + + purge('anon_sidebar'); + if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) + { + echo '
$_GET[\'side\'] contained an SQL injection attempt
'; break; - case 'move': - $cache->purge('anon_sidebar'); - if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) - { - echo '
$_GET[\'side\'] contained an SQL injection attempt
'; - break; - } - $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$query) - { - echo $db->get_error(); - $template->footer(); - exit; - } - echo '
' . $lang->get('sbedit_msg_block_moved') . '
'; - break; - case 'delete': - $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-) - if(!$query) - { - echo $db->get_error(); - $template->footer(); - exit; - } - $cache->purge('anon_sidebar'); - if(isset($_GET['ajax'])) - { - die('GOOD'); - } - echo '
' . $lang->get('sbedit_msg_block_deleted') . '
'; - break; - case 'disenable'; - $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - $r = $db->fetchrow(); - $db->free_result(); - $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; - $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - if(isset($_GET['ajax'])) - { - die('GOOD'); - } - break; - case 'rename'; - $newname = $db->escape($_POST['newname']); - $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - if(isset($_GET['ajax'])) - { - die('GOOD'); - } - break; - case 'getsource': - $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - $r = $db->fetchrow(); - $db->free_result(); - $cache->purge('anon_sidebar'); + } + $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$query) + { + echo $db->get_error(); + + exit; + } + echo '
' . $lang->get('sbedit_msg_block_moved') . '
'; + break; + case 'delete': + $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-) + if(!$query) + { + echo $db->get_error(); + + exit; + } + $cache->purge('anon_sidebar'); + if(isset($_GET['ajax'])) + { + die('GOOD'); + } + echo '
' . $lang->get('sbedit_msg_block_deleted') . '
'; + break; + case 'disenable'; + $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + + exit; + } + $r = $db->fetchrow(); + $db->free_result(); + $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; + $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); - if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); - die($r['block_content']); - break; - case 'save': - if ( defined('ENANO_DEMO_MODE') ) - { - $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; - exit; - } - $row = $db->fetchrow(); - if ( $row['block_type'] == BLOCK_PHP ) - { - $_POST['content'] = '?><Nulled>'; - } - else - { - $_POST['content'] = sanitize_html($_POST['content'], true); - } - } - $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';'); + exit; + } + if(isset($_GET['ajax'])) + { + die('GOOD'); + } + break; + case 'rename'; + $newname = $db->escape($_POST['newname']); + $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + + exit; + } + if(isset($_GET['ajax'])) + { + die('GOOD'); + } + break; + case 'getsource': + $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + + exit; + } + $r = $db->fetchrow(); + $db->free_result(); + $cache->purge('anon_sidebar'); + + if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); + die($r['block_content']); + break; + case 'save': + if ( defined('ENANO_DEMO_MODE') ) + { + $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); if(!$q) { echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; exit; } - echo 'GOOD'; - return; - - break; - } - } - - ?> -

- get('sbedit_header_msg', array( 'create_link' => makeUrlNS('Special', 'EditSidebar', 'action=new&id=0', true) )); ?> -

- sql_query('SELECT item_id, sidebar_id, block_name, block_type, block_content, item_enabled FROM ' . table_prefix . "sidebar ORDER BY sidebar_id ASC, item_order ASC;"); - if ( !$q ) - $db->_die(); - - $switched_to_right = false; - - echo '
'; - while ( $row = $db->fetchrow() ) - { - if ( $row['sidebar_id'] == SIDEBAR_RIGHT && !$switched_to_right ) - { - echo ''; - $switched_to_right = true; - } - $disabled_class = ( $row['item_enabled'] ) ? '' : ' disabled'; - echo '
-
- ' . htmlspecialchars($template->compile_template_text_post($row['block_name'])) . ' - -
'; - ?> -
- extract_vars('toolbar.tpl'); - $parser_start = $template->makeParserText($toolbarvars['toolbar_vert_start']); - echo $parser_start->run(); + $row = $db->fetchrow(); + if ( $row['block_type'] == BLOCK_PHP ) + { + $_POST['content'] = '?><Nulled>'; + } + else + { + $_POST['content'] = sanitize_html($_POST['content'], true); + } + } + $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; + exit; + } + echo 'GOOD'; + return; - $button = $template->makeParserText($toolbarvars['toolbar_vert_button']); - $label = $template->makeParserText($toolbarvars['toolbar_vert_label']); - - $type = ''; - switch($row['block_type']) - { - case BLOCK_WIKIFORMAT: $type .= $lang->get('sbedit_block_type_wiki'); break; - case BLOCK_TEMPLATEFORMAT: $type .= $lang->get('sbedit_block_type_tpl'); break; - case BLOCK_HTML: $type .= $lang->get('sbedit_block_type_html'); break; - case BLOCK_PHP: $type .= $lang->get('sbedit_block_type_php'); break; - case BLOCK_PLUGIN: $type .= $lang->get('sbedit_block_type_plugin'); break; - default: $type .= '$&#@'; break; - } - $type .= ''; - if ( $row['block_type'] == BLOCK_PLUGIN ) - { - $type .= ': ' . $lang->get($row['block_content']); - } - - $label->assign_vars(array( - 'TITLE' => $type - )); - echo $label->run(); - - // edit - if ( $row['block_type'] != BLOCK_PLUGIN ) - { - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_edit'), - 'FLAGS' => 'href="#" onclick="sbedit_open_editor(this); return false;"', - 'IMAGE' => cdnPath . '/images/edit.png' - )); - echo $button->run(); - } - - // delete + break; + } + } + + ?> +

+ get('sbedit_header_msg', array( 'create_link' => makeUrlNS('Admin', 'EditSidebar', 'action=new&id=0', true) )); ?> +

+ sql_query('SELECT item_id, sidebar_id, block_name, block_type, block_content, item_enabled FROM ' . table_prefix . "sidebar ORDER BY sidebar_id ASC, item_order ASC;"); + if ( !$q ) + $db->_die(); + + $switched_to_right = false; + + echo '
'; + while ( $row = $db->fetchrow() ) + { + if ( $row['sidebar_id'] == SIDEBAR_RIGHT && !$switched_to_right ) + { + echo ''; + $switched_to_right = true; + } + $disabled_class = ( $row['item_enabled'] ) ? '' : ' disabled'; + echo '
+
+ ' . htmlspecialchars($template->compile_template_text_post($row['block_name'])) . ' + +
'; + ?> +
+ extract_vars('toolbar.tpl'); + $parser_start = $template->makeParserText($toolbarvars['toolbar_vert_start']); + echo $parser_start->run(); + + $button = $template->makeParserText($toolbarvars['toolbar_vert_button']); + $label = $template->makeParserText($toolbarvars['toolbar_vert_label']); + + $type = ''; + switch($row['block_type']) + { + case BLOCK_WIKIFORMAT: $type .= $lang->get('sbedit_block_type_wiki'); break; + case BLOCK_TEMPLATEFORMAT: $type .= $lang->get('sbedit_block_type_tpl'); break; + case BLOCK_HTML: $type .= $lang->get('sbedit_block_type_html'); break; + case BLOCK_PHP: $type .= $lang->get('sbedit_block_type_php'); break; + case BLOCK_PLUGIN: $type .= $lang->get('sbedit_block_type_plugin'); break; + default: $type .= '$&#@'; break; + } + $type .= ''; + if ( $row['block_type'] == BLOCK_PLUGIN ) + { + $type .= ': ' . $lang->get($row['block_content']); + } + + $label->assign_vars(array( + 'TITLE' => $type + )); + echo $label->run(); + + // edit + if ( $row['block_type'] != BLOCK_PLUGIN ) + { $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_delete'), - 'FLAGS' => 'href="#" onclick="sbedit_delete_block(this); return false;"', - 'IMAGE' => cdnPath . '/images/delete.png' + 'TITLE' => $lang->get('sbedit_tip_edit'), + 'FLAGS' => 'href="#" onclick="sbedit_open_editor(this); return false;"', + 'IMAGE' => cdnPath . '/images/edit.png' )); echo $button->run(); - - // rename - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_rename'), - 'FLAGS' => 'href="#" onclick="sbedit_rename_block(this); return false;"', - 'IMAGE' => cdnPath . '/images/rename.png' - )); - echo $button->run(); - - // disenable - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_disenable'), - 'FLAGS' => 'href="#" onclick="sbedit_disenable_block(this); return false;"', - 'IMAGE' => cdnPath . '/images/disenable.png' - )); - echo $button->run(); - - $parser_end = $template->makeParserText($toolbarvars['toolbar_vert_end']); - echo $parser_end->run(); - ?> -
- '; - } - - if ( !$switched_to_right ) - echo '
'; - - echo '
'; + } + + // delete + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_delete'), + 'FLAGS' => 'href="#" onclick="sbedit_delete_block(this); return false;"', + 'IMAGE' => cdnPath . '/images/delete.png' + )); + echo $button->run(); + + // rename + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_rename'), + 'FLAGS' => 'href="#" onclick="sbedit_rename_block(this); return false;"', + 'IMAGE' => cdnPath . '/images/rename.png' + )); + echo $button->run(); + + // disenable + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_disenable'), + 'FLAGS' => 'href="#" onclick="sbedit_disenable_block(this); return false;"', + 'IMAGE' => cdnPath . '/images/disenable.png' + )); + echo $button->run(); + + $parser_end = $template->makeParserText($toolbarvars['toolbar_vert_end']); + echo $parser_end->run(); + ?> +
+ '; } - $template->footer(); -} - -?> \ No newline at end of file + if ( !$switched_to_right ) + echo '
'; + + echo '
'; +} \ No newline at end of file