# HG changeset patch # User Dan # Date 1280515144 14400 # Node ID 673a1b6712fa3c13385d9871634d70cf35d53b83 # Parent 3351055b467e583fee9d9533f62d141ede8dae60 Moved sidebar editor into the admin CP. Icon still needs to be added, no Internet right now to go find one. Also fixed a few template related things. diff -r 3351055b467e -r 673a1b6712fa includes/clientside/sbedit.js --- a/includes/clientside/sbedit.js Fri Jul 30 14:37:05 2010 -0400 +++ b/includes/clientside/sbedit.js Fri Jul 30 14:39:04 2010 -0400 @@ -18,8 +18,25 @@ }); }; +addOnloadHook(function() + { + attachHook('admin_page_onload', 'sbedit_conditional_init(t, qs);'); + }); + +// if the page was loaded directly this will be used instead addOnloadHook(sbedit_load); +function sbedit_conditional_init(t, qs) +{ + if ( t != namespace_list.Admin + 'EditSidebar' ) + return false; + + if ( qs == '&action=new&id=0' ) + setType(document.getElementById('sbedit_create_select_type')); + else + sbedit_load(); +} + function serialize_sidebar() { var columns = {}; @@ -84,7 +101,7 @@ var whitey = whiteOutElement(this); $(this).append(''); $(this).append('

' + $lang.get('etc_save_changes') + ' | ' + $lang.get('etc_cancel') + '

'); - $.get(makeUrlNS('Special', 'EditSidebar', 'action=getsource&noheaders&id=' + item_id), {}, function(response, statustext) + $.get(makeUrlNS('Admin', 'EditSidebar', 'action=getsource&noheaders&id=' + item_id), {}, function(response, statustext) { $('textarea', box).val(response); $(whitey).remove(); @@ -100,7 +117,7 @@ var box = a.parentNode.parentNode; var parent = document.getElementById('block:' + $(box).attr('enano:item_id')); var whitey = whiteOutElement(box); - $.post(makeUrlNS('Special', 'EditSidebar', 'noheaders&action=save&id=' + $(box).attr('enano:item_id')), { content: $('textarea', box).attr('value') }, function(response, statustext) + $.post(makeUrlNS('Admin', 'EditSidebar', 'noheaders&action=save&id=' + $(box).attr('enano:item_id')), { content: $('textarea', box).attr('value') }, function(response, statustext) { whiteOutReportSuccess(whitey); setTimeout(function() @@ -187,7 +204,7 @@ var id = parseInt($(parent).attr('id').replace(/^block:/, '')); var whitey = whiteOutElement(parent); - $.get(makeUrlNS('Special', 'EditSidebar', 'action=delete&ajax=true&noheaders&id=' + id), function(response, statustext) + $.get(makeUrlNS('Admin', 'EditSidebar', 'action=delete&ajax=true&noheaders&id=' + id), function(response, statustext) { if ( response == 'GOOD' ) { @@ -223,7 +240,7 @@ var whitey = whiteOutElement(this.parentNode); var me = this; var id = parseInt($(parent).attr('id').replace(/^block:/, '')); - $.post(makeUrlNS('Special', 'EditSidebar', 'ajax&noheaders&action=rename&id='+id), { newname: $(this).attr('value') }, function(response, statustext) + $.post(makeUrlNS('Admin', 'EditSidebar', 'ajax&noheaders&action=rename&id='+id), { newname: $(this).attr('value') }, function(response, statustext) { if ( response == 'GOOD' ) { @@ -256,7 +273,7 @@ { var parent = sbedit_get_parent(a); var whitey = whiteOutElement(parent); - $.get(makeUrlNS('Special', 'EditSidebar', 'action=disenable&ajax=true&noheaders&id=' + parseInt($(parent).attr('id').replace(/^block:/, ''))), {}, function(response, statustext) + $.get(makeUrlNS('Admin', 'EditSidebar', 'action=disenable&ajax=true&noheaders&id=' + parseInt($(parent).attr('id').replace(/^block:/, ''))), {}, function(response, statustext) { if ( response == 'GOOD' ) { @@ -301,7 +318,7 @@ unsetAjaxLoading(); return false; } - $.post(makeUrlNS('Special', 'EditSidebar', 'update_order'), { order: ser }, function(response, statustext) + $.post(makeUrlNS('Admin', 'EditSidebar', 'update_order'), { order: ser }, function(response, statustext) { var msg = document.createElement('div'); $(msg) @@ -319,3 +336,17 @@ }, 'json'); } +function setType(input) +{ + val = input.value; + if(!val) + { + return false; + } + var divs = getElementsByClassName(document, 'div', 'sbadd_block'); + for(var i in divs) + { + if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block'; + else divs[i].style.display = 'none'; + } +} diff -r 3351055b467e -r 673a1b6712fa includes/paths.php --- a/includes/paths.php Fri Jul 30 14:37:05 2010 -0400 +++ b/includes/paths.php Fri Jul 30 14:39:04 2010 -0400 @@ -97,6 +97,7 @@ $this->addAdminNode('adm_cat_content', 'adm_page_pg_groups', 'PageGroups', array(4, 3)); $this->addAdminNode('adm_cat_appearance', 'adm_page_themes', 'ThemeManager', array(4, 4)); $this->addAdminNode('adm_cat_appearance', 'adm_page_plugins', 'PluginManager', array(2, 4)); + $this->addAdminNode('adm_cat_appearance', 'adm_page_editsidebar', 'EditSidebar' ); $this->addAdminNode('adm_cat_appearance', 'adm_page_db_backup', 'DBBackup', array(1, 2)); $this->addAdminNode('adm_cat_appearance', 'adm_page_lang_manager', 'LangManager', array(1, 3)); $this->addAdminNode('adm_cat_appearance', 'adm_page_cache_manager', 'CacheManager', array(3, 1)); diff -r 3351055b467e -r 673a1b6712fa includes/template.php --- a/includes/template.php Fri Jul 30 14:37:05 2010 -0400 +++ b/includes/template.php Fri Jul 30 14:39:04 2010 -0400 @@ -417,6 +417,8 @@ function set_page($page_id_or_pp, $namespace = false) { + global $paths; + if ( is_object($page_id_or_pp) && get_class($page_id_or_pp) === 'PageProcessor' ) { $this->page_initted = false; @@ -442,6 +444,9 @@ { return false; } + $this->assign_vars(array( + 'PAGE_URLNAME' => $paths->get_pathskey($this->page_id, $this->namespace) + )); return true; } @@ -699,13 +704,8 @@ $admin_link = $parser->run(); - $parser->assign_vars(Array( - 'HREF'=>makeUrlNS('Special', 'EditSidebar'), - 'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { void(ajaxLoginNavTo(\'Special\', \'EditSidebar\', ' . USER_LEVEL_ADMIN . ')); return false; }"', - 'TEXT'=>$lang->get('sidebar_btn_editsidebar'), - )); - - $sidebar_link = $parser->run(); + // We're leaving this in for now, just blanked out, to avoid compatibility issues. + $sidebar_link = ''; $this->assign_vars(array( 'ADMIN_LINK' => $admin_link, @@ -2830,6 +2830,7 @@ global $db, $session, $paths, $template, $plugins; // Common objects $this->tpl_code = $text; $this->tpl_strings = $template->tpl_strings; + // echo 'templateIndividual init. Using strings: 
' . htmlspecialchars(print_r($this->tpl_strings, true)) . '
'; $this->tpl_bool = $template->tpl_bool; } /** diff -r 3351055b467e -r 673a1b6712fa language/english/admin.json --- a/language/english/admin.json Fri Jul 30 14:37:05 2010 -0400 +++ b/language/english/admin.json Fri Jul 30 14:39:04 2010 -0400 @@ -62,6 +62,7 @@ page_themes: 'Manage themes', page_plugins: 'Manage plugins', + page_editsidebar: 'Edit sidebar', page_db_backup: 'Backup database', page_lang_manager: 'Language manager', page_cache_manager: 'Cache settings', @@ -1165,7 +1166,7 @@ msg_logout_complete: 'You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.

Return to the Main Page.', }, sbedit: { - header_msg: 'This control panel allows you to organize the sidebars, the collections of links and dynamic blocks that provide navigation for your site. Drag and drop blocks to move them between the left and right sidebars; changes will be saved automatically. Red blocks are disabled. This panel only works if you have Javascript enabled and working in your browser. Create a new block.', + header_msg: 'This control panel allows you to organize the sidebars, the collections of links and dynamic blocks that provide navigation for your site. Drag and drop blocks to move them between the left and right sidebars; changes will be saved automatically. Red blocks are disabled. This panel only works if you have Javascript enabled and working in your browser. Create a new block.', msg_order_update_success: 'The sidebar order information was updated successfully.', err_demo_php_disable: 'Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.', diff -r 3351055b467e -r 673a1b6712fa plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Fri Jul 30 14:37:05 2010 -0400 +++ b/plugins/SpecialAdmin.php Fri Jul 30 14:39:04 2010 -0400 @@ -30,7 +30,6 @@ global $paths; register_special_page('Administration', 'specialpage_administration'); - register_special_page('EditSidebar', 'specialpage_manage_sidebar'); } $plugins->attachHook('base_classes_initted', 'SpecialAdmin_include();'); @@ -2011,6 +2010,7 @@ $template->preload_js('jquery-ui'); $template->preload_js('autofill'); $template->preload_js('admin-menu'); + $template->add_header(''); $output->header(); @@ -2214,505 +2214,485 @@ } } -function page_Special_EditSidebar() +function page_Admin_EditSidebar() { global $db, $session, $paths, $template, $plugins; // Common objects global $lang; global $cache; - if($session->auth_level < USER_LEVEL_ADMIN) + if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) { - redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false); - exit; + $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); + echo '

' . $lang->get('adm_err_not_auth_title') . '

'; + echo '

' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '

'; + return; } - else + + if ( isset($_GET['update_order']) ) { - if ( isset($_GET['update_order']) ) + header('Content-type: text/javascript'); + $order = @$_POST['order']; + try { - header('Content-type: text/javascript'); - $order = @$_POST['order']; - try - { - $order = enano_json_decode($order); - } - catch ( Zend_Json_Exception $e ) - { - return print enano_json_encode(array( - 'mode' => 'error', - 'error' => 'bad order' - )); - } - - foreach ( $order as $sidebar_id => $blocks ) - { - foreach ( $blocks as $order => $block_id ) - { - $sbid = intval($sidebar_id); - $order = intval($order); - $block_id = intval($block_id); - $q = $db->sql_query('UPDATE ' . table_prefix . "sidebar SET sidebar_id = $sbid, item_order = $order WHERE item_id = $block_id;"); - if ( !$q ) - $db->die_json(); - } - } - + $order = enano_json_decode($order); + } + catch ( Zend_Json_Exception $e ) + { return print enano_json_encode(array( - 'mode' => 'success' + 'mode' => 'error', + 'error' => 'bad order' )); } - $template->preload_js(array('l10n', 'jquery', 'jquery-ui')); - $template->add_header(''); - - $template->header(); - - if(isset($_POST['save'])) + foreach ( $order as $sidebar_id => $blocks ) { - // Write the new block order to the database - // The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... - // Anyone know a better way to do this? - $q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); - if ( !$q ) - { - $db->_die('The sidebar order data could not be selected.'); - } - $orders = Array(); - while($row = $db->fetchrow()) + foreach ( $blocks as $order => $block_id ) { - $orders[] = Array( - count($orders), - $row['item_id'], - $row['sidebar_id'], - ); - } - $db->free_result(); - - // We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. - $ol = explode(',', $_POST['order_left']); - $odr = explode(',', $_POST['order_right']); - $om = array_merge($ol, $odr); - unset($ol, $odr); - $queries = Array(); - foreach($orders as $k => $v) - { - $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.intval($om[$k]).' WHERE item_id='.intval($v[1]).';'; - } - foreach($queries as $sql) - { - $q = $db->sql_query($sql); - if(!$q) - { - $t = $db->get_error(); - echo $t; - $template->footer(); - exit; - } + $sbid = intval($sidebar_id); + $order = intval($order); + $block_id = intval($block_id); + $q = $db->sql_query('UPDATE ' . table_prefix . "sidebar SET sidebar_id = $sbid, item_order = $order WHERE item_id = $block_id;"); + if ( !$q ) + $db->die_json(); } - $cache->purge('anon_sidebar'); - echo '
' . $lang->get('sbedit_msg_order_update_success') . '
'; } - elseif(isset($_POST['create'])) + + return print enano_json_encode(array( + 'mode' => 'success' + )); + } + + // $template->preload_js(array('l10n', 'jquery', 'jquery-ui')); + // $template->add_header(''); + + // $template->header(); + + if(isset($_POST['save'])) + { + // Write the new block order to the database + // The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... + // Anyone know a better way to do this? + $q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); + if ( !$q ) { - switch((int)$_POST['type']) - { - case BLOCK_WIKIFORMAT: - $content = $_POST['wikiformat_content']; - break; - case BLOCK_TEMPLATEFORMAT: - $content = $_POST['templateformat_content']; - break; - case BLOCK_HTML: - $content = $_POST['html_content']; - break; - case BLOCK_PHP: - $content = $_POST['php_content']; - break; - case BLOCK_PLUGIN: - $content = $_POST['plugin_id']; - break; - } - - if ( defined('ENANO_DEMO_MODE') ) + $db->_die('The sidebar order data could not be selected.'); + } + $orders = Array(); + while($row = $db->fetchrow()) + { + $orders[] = Array( + count($orders), + $row['item_id'], + $row['sidebar_id'], + ); + } + $db->free_result(); + + // We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. + $ol = explode(',', $_POST['order_left']); + $odr = explode(',', $_POST['order_right']); + $om = array_merge($ol, $odr); + unset($ol, $odr); + $queries = Array(); + foreach($orders as $k => $v) + { + $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.intval($om[$k]).' WHERE item_id='.intval($v[1]).';'; + } + foreach($queries as $sql) + { + $q = $db->sql_query($sql); + if(!$q) { - // Sanitize the HTML - $content = sanitize_html($content, true); - } - - if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) - { - echo '
' . $lang->get('sbedit_err_demo_php_disable') . '
'; - $_POST['php_content'] = '?><Nulled>'; - $content = $_POST['php_content']; - } - - // Get the value of item_order - - $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.intval($_POST['sidebar_id']).';'); - if(!$q) $db->_die('The order number could not be selected'); - $io = $db->numrows(); - - $db->free_result(); - - $q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; - $result = $db->sql_query($q); - if(!$result) - { - echo $db->get_error(); - $template->footer(); + $t = $db->get_error(); + echo $t; + exit; } + } + $cache->purge('anon_sidebar'); + echo '
' . $lang->get('sbedit_msg_order_update_success') . '
'; + } + elseif(isset($_POST['create'])) + { + switch((int)$_POST['type']) + { + case BLOCK_WIKIFORMAT: + $content = $_POST['wikiformat_content']; + break; + case BLOCK_TEMPLATEFORMAT: + $content = $_POST['templateformat_content']; + break; + case BLOCK_HTML: + $content = $_POST['html_content']; + break; + case BLOCK_PHP: + $content = $_POST['php_content']; + break; + case BLOCK_PLUGIN: + $content = $_POST['plugin_id']; + break; + } - $cache->purge('anon_sidebar'); - echo '
' . $lang->get('sbedit_msg_item_added') . '
'; - + if ( defined('ENANO_DEMO_MODE') ) + { + // Sanitize the HTML + $content = sanitize_html($content, true); + } + + if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) + { + echo '
' . $lang->get('sbedit_err_demo_php_disable') . '
'; + $_POST['php_content'] = '?><Nulled>'; + $content = $_POST['php_content']; } - if(isset($_GET['action']) && isset($_GET['id'])) + // Get the value of item_order + + $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.intval($_POST['sidebar_id']).';'); + if(!$q) $db->_die('The order number could not be selected'); + $io = $db->numrows(); + + $db->free_result(); + + $q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; + $result = $db->sql_query($q); + if(!$result) + { + echo $db->get_error(); + + exit; + } + + $cache->purge('anon_sidebar'); + echo '
' . $lang->get('sbedit_msg_item_added') . '
'; + + } + + if(isset($_GET['action']) && isset($_GET['id'])) + { + if(!preg_match('#^([0-9]*)$#', $_GET['id'])) + { + echo '
Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection
'; + } + switch($_GET['action']) { - if(!preg_match('#^([0-9]*)$#', $_GET['id'])) - { - echo '
Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection
'; - } - switch($_GET['action']) - { - case 'new': - ?> - + case 'new': + ?> + + + +

+ get('sbedit_create_intro'); ?> +

+

+ +

+ +

+ + get('sbedit_field_block_title'); ?>
+ get('sbedit_field_block_sidebar'); ?> + -

+

+
+ get('sbedit_field_wikitext'); ?>

- get('sbedit_create_intro'); ?> +

+
+ +
+ get('sbedit_field_tplcode'); ?>

- +

+
+ +
+ get('sbedit_field_html'); ?> +

+ +

+
+ +
+ +

get('sbedit_field_php_disabled'); ?>

+ + get('sbedit_field_php'); ?>

- - get('sbedit_field_block_title'); ?>
- get('sbedit_field_block_sidebar'); ?> - - + +

+ +
+ +
+ get('sbedit_field_plugin'); ?> +

+

- -
- get('sbedit_field_wikitext'); ?> -

- -

-
- -
- get('sbedit_field_tplcode'); ?> -

- -

-
- -
- get('sbedit_field_html'); ?> -

- -

-
- -
- -

get('sbedit_field_php_disabled'); ?>

- - get('sbedit_field_php'); ?> - -

- -

- -
- -
- get('sbedit_field_plugin'); ?> -

- -

-
- -

- -   - - -

- - +
+ +

+ +   + + +

- - - footer(); - return; + if(divs[i].id != 'blocktype_') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500); + } + }); + + + purge('anon_sidebar'); + if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) + { + echo '
$_GET[\'side\'] contained an SQL injection attempt
'; break; - case 'move': - $cache->purge('anon_sidebar'); - if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) - { - echo '
$_GET[\'side\'] contained an SQL injection attempt
'; - break; - } - $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$query) - { - echo $db->get_error(); - $template->footer(); - exit; - } - echo '
' . $lang->get('sbedit_msg_block_moved') . '
'; - break; - case 'delete': - $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-) - if(!$query) - { - echo $db->get_error(); - $template->footer(); - exit; - } - $cache->purge('anon_sidebar'); - if(isset($_GET['ajax'])) - { - die('GOOD'); - } - echo '
' . $lang->get('sbedit_msg_block_deleted') . '
'; - break; - case 'disenable'; - $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - $r = $db->fetchrow(); - $db->free_result(); - $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; - $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - if(isset($_GET['ajax'])) - { - die('GOOD'); - } - break; - case 'rename'; - $newname = $db->escape($_POST['newname']); - $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - if(isset($_GET['ajax'])) - { - die('GOOD'); - } - break; - case 'getsource': - $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - exit; - } - $r = $db->fetchrow(); - $db->free_result(); - $cache->purge('anon_sidebar'); + } + $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$query) + { + echo $db->get_error(); + + exit; + } + echo '
' . $lang->get('sbedit_msg_block_moved') . '
'; + break; + case 'delete': + $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-) + if(!$query) + { + echo $db->get_error(); + + exit; + } + $cache->purge('anon_sidebar'); + if(isset($_GET['ajax'])) + { + die('GOOD'); + } + echo '
' . $lang->get('sbedit_msg_block_deleted') . '
'; + break; + case 'disenable'; + $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + + exit; + } + $r = $db->fetchrow(); + $db->free_result(); + $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; + $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); - if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); - die($r['block_content']); - break; - case 'save': - if ( defined('ENANO_DEMO_MODE') ) - { - $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); - if(!$q) - { - echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; - exit; - } - $row = $db->fetchrow(); - if ( $row['block_type'] == BLOCK_PHP ) - { - $_POST['content'] = '?><Nulled>'; - } - else - { - $_POST['content'] = sanitize_html($_POST['content'], true); - } - } - $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';'); + exit; + } + if(isset($_GET['ajax'])) + { + die('GOOD'); + } + break; + case 'rename'; + $newname = $db->escape($_POST['newname']); + $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + + exit; + } + if(isset($_GET['ajax'])) + { + die('GOOD'); + } + break; + case 'getsource': + $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo $db->get_error(); + + exit; + } + $r = $db->fetchrow(); + $db->free_result(); + $cache->purge('anon_sidebar'); + + if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); + die($r['block_content']); + break; + case 'save': + if ( defined('ENANO_DEMO_MODE') ) + { + $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); if(!$q) { echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; exit; } - echo 'GOOD'; - return; - - break; - } - } - - ?> -

- get('sbedit_header_msg', array( 'create_link' => makeUrlNS('Special', 'EditSidebar', 'action=new&id=0', true) )); ?> -

- sql_query('SELECT item_id, sidebar_id, block_name, block_type, block_content, item_enabled FROM ' . table_prefix . "sidebar ORDER BY sidebar_id ASC, item_order ASC;"); - if ( !$q ) - $db->_die(); - - $switched_to_right = false; - - echo '
'; - while ( $row = $db->fetchrow() ) - { - if ( $row['sidebar_id'] == SIDEBAR_RIGHT && !$switched_to_right ) - { - echo ''; - $switched_to_right = true; - } - $disabled_class = ( $row['item_enabled'] ) ? '' : ' disabled'; - echo '
-
- ' . htmlspecialchars($template->compile_template_text_post($row['block_name'])) . ' - -
'; - ?> -
- extract_vars('toolbar.tpl'); - $parser_start = $template->makeParserText($toolbarvars['toolbar_vert_start']); - echo $parser_start->run(); + $row = $db->fetchrow(); + if ( $row['block_type'] == BLOCK_PHP ) + { + $_POST['content'] = '?><Nulled>'; + } + else + { + $_POST['content'] = sanitize_html($_POST['content'], true); + } + } + $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';'); + if(!$q) + { + echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; + exit; + } + echo 'GOOD'; + return; - $button = $template->makeParserText($toolbarvars['toolbar_vert_button']); - $label = $template->makeParserText($toolbarvars['toolbar_vert_label']); - - $type = ''; - switch($row['block_type']) - { - case BLOCK_WIKIFORMAT: $type .= $lang->get('sbedit_block_type_wiki'); break; - case BLOCK_TEMPLATEFORMAT: $type .= $lang->get('sbedit_block_type_tpl'); break; - case BLOCK_HTML: $type .= $lang->get('sbedit_block_type_html'); break; - case BLOCK_PHP: $type .= $lang->get('sbedit_block_type_php'); break; - case BLOCK_PLUGIN: $type .= $lang->get('sbedit_block_type_plugin'); break; - default: $type .= '$&#@'; break; - } - $type .= ''; - if ( $row['block_type'] == BLOCK_PLUGIN ) - { - $type .= ': ' . $lang->get($row['block_content']); - } - - $label->assign_vars(array( - 'TITLE' => $type - )); - echo $label->run(); - - // edit - if ( $row['block_type'] != BLOCK_PLUGIN ) - { - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_edit'), - 'FLAGS' => 'href="#" onclick="sbedit_open_editor(this); return false;"', - 'IMAGE' => cdnPath . '/images/edit.png' - )); - echo $button->run(); - } - - // delete + break; + } + } + + ?> +

+ get('sbedit_header_msg', array( 'create_link' => makeUrlNS('Admin', 'EditSidebar', 'action=new&id=0', true) )); ?> +

+ sql_query('SELECT item_id, sidebar_id, block_name, block_type, block_content, item_enabled FROM ' . table_prefix . "sidebar ORDER BY sidebar_id ASC, item_order ASC;"); + if ( !$q ) + $db->_die(); + + $switched_to_right = false; + + echo '
'; + while ( $row = $db->fetchrow() ) + { + if ( $row['sidebar_id'] == SIDEBAR_RIGHT && !$switched_to_right ) + { + echo ''; + $switched_to_right = true; + } + $disabled_class = ( $row['item_enabled'] ) ? '' : ' disabled'; + echo '
+
+ ' . htmlspecialchars($template->compile_template_text_post($row['block_name'])) . ' + +
'; + ?> +
+ extract_vars('toolbar.tpl'); + $parser_start = $template->makeParserText($toolbarvars['toolbar_vert_start']); + echo $parser_start->run(); + + $button = $template->makeParserText($toolbarvars['toolbar_vert_button']); + $label = $template->makeParserText($toolbarvars['toolbar_vert_label']); + + $type = ''; + switch($row['block_type']) + { + case BLOCK_WIKIFORMAT: $type .= $lang->get('sbedit_block_type_wiki'); break; + case BLOCK_TEMPLATEFORMAT: $type .= $lang->get('sbedit_block_type_tpl'); break; + case BLOCK_HTML: $type .= $lang->get('sbedit_block_type_html'); break; + case BLOCK_PHP: $type .= $lang->get('sbedit_block_type_php'); break; + case BLOCK_PLUGIN: $type .= $lang->get('sbedit_block_type_plugin'); break; + default: $type .= '$&#@'; break; + } + $type .= ''; + if ( $row['block_type'] == BLOCK_PLUGIN ) + { + $type .= ': ' . $lang->get($row['block_content']); + } + + $label->assign_vars(array( + 'TITLE' => $type + )); + echo $label->run(); + + // edit + if ( $row['block_type'] != BLOCK_PLUGIN ) + { $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_delete'), - 'FLAGS' => 'href="#" onclick="sbedit_delete_block(this); return false;"', - 'IMAGE' => cdnPath . '/images/delete.png' + 'TITLE' => $lang->get('sbedit_tip_edit'), + 'FLAGS' => 'href="#" onclick="sbedit_open_editor(this); return false;"', + 'IMAGE' => cdnPath . '/images/edit.png' )); echo $button->run(); - - // rename - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_rename'), - 'FLAGS' => 'href="#" onclick="sbedit_rename_block(this); return false;"', - 'IMAGE' => cdnPath . '/images/rename.png' - )); - echo $button->run(); - - // disenable - $button->assign_vars(array( - 'TITLE' => $lang->get('sbedit_tip_disenable'), - 'FLAGS' => 'href="#" onclick="sbedit_disenable_block(this); return false;"', - 'IMAGE' => cdnPath . '/images/disenable.png' - )); - echo $button->run(); - - $parser_end = $template->makeParserText($toolbarvars['toolbar_vert_end']); - echo $parser_end->run(); - ?> -
- '; - } - - if ( !$switched_to_right ) - echo '
'; - - echo '
'; + } + + // delete + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_delete'), + 'FLAGS' => 'href="#" onclick="sbedit_delete_block(this); return false;"', + 'IMAGE' => cdnPath . '/images/delete.png' + )); + echo $button->run(); + + // rename + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_rename'), + 'FLAGS' => 'href="#" onclick="sbedit_rename_block(this); return false;"', + 'IMAGE' => cdnPath . '/images/rename.png' + )); + echo $button->run(); + + // disenable + $button->assign_vars(array( + 'TITLE' => $lang->get('sbedit_tip_disenable'), + 'FLAGS' => 'href="#" onclick="sbedit_disenable_block(this); return false;"', + 'IMAGE' => cdnPath . '/images/disenable.png' + )); + echo $button->run(); + + $parser_end = $template->makeParserText($toolbarvars['toolbar_vert_end']); + echo $parser_end->run(); + ?> +
+ '; } - $template->footer(); -} - -?> \ No newline at end of file + if ( !$switched_to_right ) + echo '
'; + + echo '
'; +} \ No newline at end of file diff -r 3351055b467e -r 673a1b6712fa themes/admin/toolbar.tpl --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/themes/admin/toolbar.tpl Fri Jul 30 14:39:04 2010 -0400 @@ -0,0 +1,62 @@ + + + +
+ +
+ + + +
+ +
+ diff -r 3351055b467e -r 673a1b6712fa themes/enanium/header.tpl --- a/themes/enanium/header.tpl Fri Jul 30 14:37:05 2010 -0400 +++ b/themes/enanium/header.tpl Fri Jul 30 14:39:04 2010 -0400 @@ -90,7 +90,6 @@
  • {lang:specialpage_member_list}
    • - {SIDEBAR_LINK} {ADMIN_LINK} diff -r 3351055b467e -r 673a1b6712fa themes/stpatty/css-extra/structure.css --- a/themes/stpatty/css-extra/structure.css Fri Jul 30 14:37:05 2010 -0400 +++ b/themes/stpatty/css-extra/structure.css Fri Jul 30 14:39:04 2010 -0400 @@ -54,8 +54,7 @@ } /* Footer */ div.footer { - min-height: 40px; - padding: 10px; + padding: 10px 10px 7px 10px; background-repeat: repeat-x; }