--- a/includes/clientside/sbedit.js Mon Jan 21 17:38:57 2008 -0500
+++ b/includes/clientside/sbedit.js Mon Jan 21 18:33:44 2008 -0500
@@ -71,7 +71,7 @@
thediv.style.margin = '0';
if(ajax.responseText == 'HOUSTON_WE_HAVE_A_PLUGIN')
{
- thediv.innerHTML = '<h3>This block cannot be edited.</h3><p>This is a plugin block, and cannot be edited.</p><p><a href="#" onclick="this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode); return false;">close</a></p>';
+ thediv.innerHTML = '<h3>' + $lang.get('sbedit_msg_cant_edit_plugin_title') + '</h3><p>' + $lang.get('sbedit_msg_cant_edit_plugin_body', { close_link: 'a href="#" onclick="this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode); return false;"' }) + '</p>';
}
else
{
@@ -82,7 +82,7 @@
thediv.appendChild(ta);
b = document.createElement('br');
thediv.appendChild(b);
- thediv.innerHTML += '<a href="#" onclick="ajaxSaveBlock(this, \''+id+'\'); return false;">save</a> | <a href="#" onclick="if(confirm(\'Do you really want to discard your changes?\')) this.parentNode.parentNode.removeChild(this.parentNode); return false;">cancel</a>';
+ thediv.innerHTML += '<a href="#" onclick="ajaxSaveBlock(this, \''+id+'\'); return false;">' + $lang.get('sbedit_btn_edit_save') + '</a> | <a href="#" onclick="if(confirm(\'' + $lang.get('sbedit_msg_discard_confirm') + '\')) this.parentNode.parentNode.removeChild(this.parentNode); return false;">' + $lang.get('sbedit_btn_edit_cancel') + '</a>';
}
body = document.getElementsByTagName('body');
body = body[0];
--- a/language/english/admin.json Mon Jan 21 17:38:57 2008 -0500
+++ b/language/english/admin.json Mon Jan 21 18:33:44 2008 -0500
@@ -14,7 +14,7 @@
categories: [
'adm', 'acl', 'adminusers',
'acphome', 'acpgc', 'acpup', 'acpft', 'acppl', 'acppm', 'acped', 'acpdb', 'acppg', 'acpum', 'acpug', 'acpcp', 'acpmm', 'acpsl', 'acpbc',
- 'acplo',
+ 'acplo', 'sbedit',
],
strings: {
meta: {
@@ -36,6 +36,7 @@
acpsl: 'ACP: Security log',
acpbc: 'ACP: Ban control',
acplo: 'ACP: Logout page',
+ sbedit: 'Sidebar editor',
},
adm: {
cat_general: 'General',
@@ -762,6 +763,67 @@
acplo: {
heading_main: 'You have now been logged out of the administration panel.',
msg_logout_complete: 'You will continue to be logged into the website, but you will need to re-authenticate before you can access the administration panel again.</p><p>Return to the <a href="%mainpage_link%">Main Page</a>.',
+ },
+ sbedit: {
+ msg_order_update_success: 'The sidebar order information was updated successfully.',
+ err_demo_php_disable: 'Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.',
+ msg_item_added: 'The item was added.',
+
+ create_intro: 'What type of block should this be?',
+ block_type_wiki: 'Wiki-formatted block',
+ block_type_tpl: 'Template-formatted block (old pre-beta 3 behavior)',
+ block_type_html: 'Raw HTML block',
+ block_type_php: 'PHP code block (danger, Will Robinson!)',
+ block_type_plugin: 'Use code from a plugin',
+ field_block_title: 'Block title:',
+ field_block_sidebar: 'Which sidebar:',
+ field_block_sidebar_left: 'Left',
+ field_block_sidebar_right: 'Right',
+ field_wikitext: 'Wikitext:',
+ field_tplcode: 'Template code:',
+ field_html: 'HTML to place inside the sidebar:',
+ field_php_disabled: 'Creating PHP blocks in demo mode is disabled for security reasons.',
+ field_php: '<p>
+ <b>WARNING:</b> If you don\'t know what you\'re doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here.
+ ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type.
+ </p>
+ <p>
+ <span style="color: red;">
+ It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save.
+ </span> You have been warned.
+ </p>
+ <p>
+ Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script.
+ </p>
+ <p>
+ The standard <?php and ?> tags work here. Don\'t use an initial "<?php" or it will cause a parse error.
+ </p>
+ <p>
+ PHP code:
+ </p>',
+ field_plugin: 'Plugin:',
+ btn_create_block: 'Create new block',
+
+ msg_block_moved: 'Item moved.',
+ msg_block_deleted: 'Item deleted.',
+ msg_plugin_not_loaded: 'Plugin isn\'t loaded',
+ note_block_unnamed: 'Unnamed',
+ hint_rename: 'Double-click to rename this block',
+ note_block_disabled: '(disabled)',
+ tip_disenable: 'Enable or disable this block',
+ tip_edit: 'Edit the contents of this block',
+ tip_delete: 'Permanently delete this block',
+ tip_move: 'Move this block to the other sidebar',
+ msg_delete_confirm: 'Do you really want to delete this block?',
+ btn_revert: 'Revert',
+ btn_create_new_stage1: 'Create new block',
+ btn_main_page: 'Main Page',
+ msg_cant_edit_plugin_title: 'This block cannot be edited.',
+ msg_cant_edit_plugin_body: 'This is a plugin block, and cannot be edited. <%close_link%>Close</a>',
+ btn_edit_save: 'save',
+ btn_edit_cancel: 'cancel',
+ msg_discard_confirm: 'Do you really want to discard your changes?',
+ msg_discard_order_confirm: 'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.',
}
}
};
--- a/plugins/SpecialAdmin.php Mon Jan 21 17:38:57 2008 -0500
+++ b/plugins/SpecialAdmin.php Mon Jan 21 18:33:44 2008 -0500
@@ -2296,10 +2296,6 @@
$template->add_header('<script type="text/javascript" src="'.scriptPath.'/includes/clientside/sbedit.js"></script>');
$template->add_header('<link rel="stylesheet" type="text/css" href="'.scriptPath.'/includes/clientside/dbx.css" />');
- // Knock the sidebars dead to keep javascript in plugins from interfering
- $template->tpl_strings['SIDEBAR_LEFT'] = '';
- $template->tpl_strings['SIDEBAR_RIGHT'] = '';
-
$template->load_theme('oxygen', 'bleu');
$template->init_vars();
@@ -2334,7 +2330,7 @@
$queries = Array();
foreach($orders as $k => $v)
{
- $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.$om[$k].' WHERE item_id='.$v[1].';';
+ $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.intval($om[$k]).' WHERE item_id='.intval($v[1]).';';
}
foreach($queries as $sql)
{
@@ -2347,7 +2343,7 @@
exit;
}
}
- echo '<div class="info-box" style="margin: 10px 0;">The sidebar order information was updated successfully.</div>';
+ echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_order_update_success') . '</div>';
}
elseif(isset($_POST['create']))
{
@@ -2378,14 +2374,14 @@
if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP )
{
- echo '<div class="error-box" style="margin: 10px 0 10px 0;">Adding PHP code blocks in the Enano administration demo has been disabled for security reasons.</div>';
+ echo '<div class="error-box" style="margin: 10px 0 10px 0;">' . $lang->get('sbedit_err_demo_php_disable') . '</div>';
$_POST['php_content'] = '?><Nulled>';
$content = $_POST['php_content'];
}
// Get the value of item_order
- $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.$db->escape($_POST['sidebar_id']).';');
+ $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.intval($_POST['sidebar_id']).';');
if(!$q) $db->_die('The order number could not be selected');
$io = $db->numrows();
@@ -2400,7 +2396,7 @@
exit;
}
- echo '<div class="info-box" style="margin: 10px 0;">The item was added.</div>';
+ echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_item_added') . '</div>';
}
@@ -2434,28 +2430,32 @@
<form action="<?php echo makeUrl($paths->page); ?>" method="post">
<p>
- What type of block should this be?
+ <?php echo $lang->get('sbedit_create_intro'); ?>
</p>
<p>
<select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?>
- <option value="<?php echo BLOCK_WIKIFORMAT; ?>">Wiki-formatted block</option>
- <option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>">Template-formatted block (old pre-beta 3 behavior)</option>
- <option value="<?php echo BLOCK_HTML; ?>">Raw HTML block</option>
- <option value="<?php echo BLOCK_PHP; ?>">PHP code block (danger, Will Robinson!)</option>
- <option value="<?php echo BLOCK_PLUGIN; ?>">Use code from a plugin</option>
+ <option value="<?php echo BLOCK_WIKIFORMAT; ?>"><?php echo $lang->get('sbedit_block_type_wiki'); ?></option>
+ <option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>"><?php echo $lang->get('sbedit_block_type_tpl'); ?></option>
+ <option value="<?php echo BLOCK_HTML; ?>"><?php echo $lang->get('sbedit_block_type_html'); ?></option>
+ <option value="<?php echo BLOCK_PHP; ?>"><?php echo $lang->get('sbedit_block_type_php'); ?></option>
+ <option value="<?php echo BLOCK_PLUGIN; ?>"><?php echo $lang->get('sbedit_block_type_plugin'); ?></option>
</select>
</p>
<p>
- Block title: <input name="title" type="text" size="40" /><br />
- Which sidebar: <select name="sidebar_id"><option value="<?php echo SIDEBAR_LEFT; ?>">Left</option><option value="<?php echo SIDEBAR_RIGHT; ?>">Right</option></select>
+ <?php echo $lang->get('sbedit_field_block_title'); ?> <input name="title" type="text" size="40" /><br />
+ <?php echo $lang->get('sbedit_field_block_sidebar'); ?>
+ <select name="sidebar_id">
+ <option value="<?php echo SIDEBAR_LEFT; ?>"><?php echo $lang->get('sbedit_field_block_sidebar_left'); ?></option>
+ <option value="<?php echo SIDEBAR_RIGHT; ?>"><?php echo $lang->get('sbedit_field_block_sidebar_right'); ?></option>
+ </select>
</p>
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>">
<p>
- Wikitext:
+ <?php echo $lang->get('sbedit_field_wikitext'); ?>
</p>
<p>
<textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea>
@@ -2464,7 +2464,7 @@
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>">
<p>
- Template code:
+ <?php echo $lang->get('sbedit_field_tplcode'); ?>
</p>
<p>
<textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea>
@@ -2473,7 +2473,7 @@
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>">
<p>
- HTML to place inside the sidebar:
+ <?php echo $lang->get('sbedit_field_html'); ?>
</p>
<p>
<textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea>
@@ -2482,26 +2482,10 @@
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>">
<?php if ( defined('ENANO_DEMO_MODE') ) { ?>
- <p>Creating PHP blocks in demo mode is disabled for security reasons.</p>
+ <p><?php echo $lang->get('sbedit_field_php_disabled'); ?></p>
<?php } else { ?>
- <p>
- <b>WARNING:</b> If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here.
- ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type.
- </p>
- <p>
- <span style="color: red;">
- It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like <a href="http://www.jedit.org">jEdit</a>) to check your syntax before you hit save.
- </span> You have been warned.
- </p>
- <p>
- Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script.
- </p>
- <p>
- The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error.
- </p>
- <p>
- PHP code:
- </p>
+ <?php echo $lang->get('sbedit_field_php'); ?>
+
<p>
<textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea>
</p>
@@ -2510,7 +2494,7 @@
<div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>">
<p>
- Plugin:
+ <?php echo $lang->get('sbedit_field_plugin'); ?>
</p>
<p>
<select name="plugin_id">
@@ -2526,8 +2510,8 @@
<p>
- <input type="submit" name="create" value="Create new block" style="font-weight: bold;" />
- <input type="submit" name="cancel" value="Cancel" />
+ <input type="submit" name="create" value="<?php echo $lang->get('sbedit_btn_create_block'); ?>" style="font-weight: bold;" />
+ <input type="submit" name="cancel" value="<?php echo $lang->get('etc_cancel'); ?>" />
</p>
@@ -2558,7 +2542,7 @@
$template->footer();
exit;
}
- echo '<div class="info-box" style="margin: 10px 0;">Item moved.</div>';
+ echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_block_moved') . '</div>';
break;
case 'delete':
$query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-)
@@ -2573,7 +2557,7 @@
ob_end_clean();
die('GOOD');
}
- echo '<div class="error-box" style="margin: 10px 0;">Item deleted.</div>';
+ echo '<div class="error-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_block_deleted') . '</div>';
break;
case 'disenable';
$q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';');
@@ -2683,7 +2667,7 @@
$c = preg_replace('#<a (.*?)>(.*?)</a>#is', '<a href="#" onclick="return false;">\\2</a>', $c);
break;
case BLOCK_PLUGIN:
- $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : $lang->get('sbedit_msg_plugin_not_loaded');
break;
}
die('var status = \'GOOD\'; var content = unescape(\''.hexencode($c).'\');');
@@ -2700,11 +2684,11 @@
$parser->assign_vars(Array(
'HREF'=>'#',
'FLAGS'=>'onclick="return false;"',
- 'TEXT'=>'Change theme'
+ 'TEXT' => $lang->get('sidebar_btn_changestyle')
));
$template->tpl_strings['THEME_LINK'] = $parser->run();
$parser->assign_vars(Array(
- 'TEXT'=>'Log out',
+ 'TEXT' => $lang->get('sidebar_btn_logout'),
));
$template->tpl_strings['LOGOUT_LINK'] = $parser->run();
@@ -2763,20 +2747,20 @@
break;
case BLOCK_PLUGIN:
$parser = $template->makeParserText($vars['sidebar_section_raw']);
- $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : $lang->get('sbedit_msg_plugin_not_loaded');
break;
}
$block_name = $row['block_name']; // $template->tplWikiFormat($row['block_name']);
if ( empty($block_name) )
- $block_name = '<Unnamed>';
- $t = '<span title="Double-click to rename this block" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>';
- if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">(disabled)</span>';
- else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">(disabled)</span>';
+ $block_name = '<' . $lang->get('sbedit_note_block_unnamed') . '>';
+ $t = '<span title="' . $lang->get('sbedit_hint_rename') . '" id="sbrename_' . $row['item_id'] . '" ondblclick="ajaxRenameSidebarStage1(this, \''.$row['item_id'].'\'); return false;">' . $block_name . '</span>';
+ if($row['item_enabled'] == 0) $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red;">' . $lang->get('sbedit_note_block_disabled') . '</span>';
+ else $t .= ' <span id="disabled_'.$row['item_id'].'" style="color: red; display: none;">' . $lang->get('sbedit_note_block_disabled') . '</span>';
$side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT;
- $tb = '<a title="Enable or disable this block" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="Enable/disable this block" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
- <a title="Edit the contents of this block" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="Edit this block" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>
- <a title="Permanently delete this block" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'Do you really want to delete this block?\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="Delete this block" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a>
- <a title="Move this block to the other sidebar" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="Move this block" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>';
+ $tb = '<a title="' . $lang->get('sbedit_tip_disenable') . '" href="'.makeUrl($paths->page, 'action=disenable&id='.$row['item_id'].'' , true).'" onclick="ajaxDisenableBlock(\''.$row['item_id'].'\'); return false;" ><img alt="' . $lang->get('sbedit_tip_disenable') . '" style="border-width: 0;" src="'.scriptPath.'/images/disenable.png" /></a>
+ <a title="' . $lang->get('sbedit_tip_edit') . '" href="'.makeUrl($paths->page, 'action=edit&id='.$row['item_id'].'' , true).'" onclick="ajaxEditBlock(\''.$row['item_id'].'\', this); return false;"><img alt="' . $lang->get('sbedit_tip_edit') . '" style="border-width: 0;" src="'.scriptPath.'/images/edit.png" /></a>
+ <a title="' . $lang->get('sbedit_tip_delete') . '" href="'.makeUrl($paths->page, 'action=delete&id='.$row['item_id'].'' , true).'" onclick="if(confirm(\'' . $lang->get('sbedit_msg_delete_confirm') . '\')) { ajaxDeleteBlock(\''.$row['item_id'].'\', this); } return false;"><img alt="' . $lang->get('sbedit_tip_delete') . '" style="border-width: 0;" src="'.scriptPath.'/images/delete.png" /></a>
+ <a title="' . $lang->get('sbedit_tip_move') . '" href="'.makeUrl($paths->page, 'action=move&id='.$row['item_id'].'&side='.$side, true).'"><img alt="' . $lang->get('sbedit_tip_move') . '" style="border-width: 0;" src="'.scriptPath.'/images/move.png" /></a>';
$as = '';
$ae = ' '.$tb;
$parser->assign_vars(Array('CONTENT'=>$c,'TITLE'=>$t,'ADMIN_START'=>$as,'ADMIN_END'=>$ae));
@@ -2794,10 +2778,10 @@
echo "<input type='hidden' id='divOrder_Right' name='order_right' value='{$order}' />";
echo '
<div style="margin: 0 auto 0 auto; text-align: center;">
- <input type="submit" name="save" style="font-weight: bold;" value="Save changes" />
- <input type="submit" name="revert" style="font-weight: normal;" value="Revert" onclick="return confirm(\'Do you really want to revert your changes?\nNote: this does not revert edits or deletions, those are saved as soon as you confirm the action.\')" />
+ <input type="submit" name="save" style="font-weight: bold;" value="' . $lang->get('etc_save_changes') . '" />
+ <input type="submit" name="revert" style="font-weight: normal;" value="' . $lang->get('sbedit_btn_revert') . '" onclick="return confirm($lang.get(\'sbedit_msg_discard_order_confirm\'))" />
<br />
- <a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">Create new block</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">Main Page</a>
+ <a href="'.makeUrl($paths->page, 'action=new&id=0', true).'">' . $lang->get('sbedit_btn_create_new_stage1') . '</a> | <a href="'.makeUrl(getConfig('main_page'), false, true).'">' . $lang->get('sbedit_btn_main_page') . '</a>
</div>
</form>
';