author | Dan |
Wed, 29 Aug 2007 18:23:37 -0400 | |
changeset 108 | 1c7f59df9474 |
parent 102 | d807dcd7aed7 |
child 114 | 47393c6619ea |
permissions | -rw-r--r-- |
1 | 1 |
<?php |
2 |
||
3 |
/* |
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents:
71
diff
changeset
|
5 |
* Version 1.0.1 (Loch Ness) |
1 | 6 |
* Copyright (C) 2006-2007 Dan Fuhry |
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
14 |
||
15 |
class template { |
|
16 |
var $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list, $named_theme_list, $default_theme, $default_style, $plugin_blocks, $namespace_string, $style_list, $theme_loaded; |
|
30 | 17 |
|
18 |
/** |
|
19 |
* Set to true if the site is disabled and thus a message needs to be shown. This should ONLY be changed by common.php. |
|
20 |
* @var bool |
|
21 |
* @access private |
|
22 |
*/ |
|
23 |
||
24 |
var $site_disabled = false; |
|
25 |
||
53 | 26 |
/** |
27 |
* One of the absolute best parts of Enano :-P |
|
28 |
* @var string |
|
29 |
*/ |
|
30 |
||
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
parents:
53
diff
changeset
|
31 |
var $fading_button = ''; |
53 | 32 |
|
1 | 33 |
function __construct() |
34 |
{ |
|
35 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
36 |
dc_here('template: initializing all class variables'); |
|
37 |
$this->tpl_bool = Array(); |
|
38 |
$this->tpl_strings = Array(); |
|
39 |
$this->sidebar_extra = ''; |
|
40 |
$this->toolbar_menu = ''; |
|
41 |
$this->additional_headers = ''; |
|
42 |
$this->plugin_blocks = Array(); |
|
43 |
$this->theme_loaded = false; |
|
44 |
||
87
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
parents:
86
diff
changeset
|
45 |
$this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto;"> |
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
parents:
86
diff
changeset
|
46 |
<a href="http://enanocms.org/" onclick="window.open(this.href); return false;"><img style="border-width: 0;" alt=" " src="'.scriptPath.'/images/about-powered-enano.png" onmouseover="domOpacity(this, 100, 0, 500);" onmouseout="domOpacity(this, 0, 100, 500);" /></a> |
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
parents:
86
diff
changeset
|
47 |
</div>'; |
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
parents:
53
diff
changeset
|
48 |
|
1 | 49 |
$this->theme_list = Array(); |
50 |
$this->named_theme_list = Array(); |
|
51 |
$e = $db->sql_query('SELECT theme_id,theme_name,enabled,default_style FROM '.table_prefix.'themes WHERE enabled=1 ORDER BY theme_order;'); |
|
52 |
if(!$e) $db->_die('The list of themes could not be selected.'); |
|
53 |
for($i=0;$i < $db->numrows(); $i++) |
|
54 |
{ |
|
55 |
$this->theme_list[$i] = $db->fetchrow(); |
|
56 |
$this->named_theme_list[$this->theme_list[$i]['theme_id']] = $this->theme_list[$i]; |
|
57 |
} |
|
58 |
$db->free_result(); |
|
59 |
$this->default_theme = $this->theme_list[0]['theme_id']; |
|
60 |
$dir = ENANO_ROOT.'/themes/'.$this->default_theme.'/css/'; |
|
61 |
$list = Array(); |
|
62 |
// Open a known directory, and proceed to read its contents |
|
63 |
if (is_dir($dir)) { |
|
64 |
if ($dh = opendir($dir)) { |
|
65 |
while (($file = readdir($dh)) !== false) { |
|
66 |
if(preg_match('#^(.*?)\.css$#i', $file) && $file != '_printable.css') { |
|
67 |
$list[] = substr($file, 0, strlen($file)-4); |
|
68 |
} |
|
69 |
} |
|
70 |
closedir($dh); |
|
71 |
} |
|
72 |
} |
|
73 |
||
74 |
$def = ENANO_ROOT.'/themes/'.$this->default_theme.'/css/'.$this->named_theme_list[$this->default_theme]['default_style']; |
|
75 |
if(file_exists($def)) |
|
76 |
{ |
|
77 |
$this->default_style = substr($this->named_theme_list[$this->default_theme]['default_style'], 0, strlen($this->named_theme_list[$this->default_theme]['default_style'])-4); |
|
78 |
} else { |
|
79 |
$this->default_style = $list[0]; |
|
80 |
} |
|
81 |
||
82 |
$this->style_list = $list; |
|
83 |
||
84 |
} |
|
85 |
function template() |
|
86 |
{ |
|
87 |
$this->__construct(); |
|
88 |
} |
|
89 |
function sidebar_widget($t, $h) |
|
90 |
{ |
|
91 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
92 |
if(!defined('ENANO_TEMPLATE_LOADED')) |
|
93 |
{ |
|
94 |
$this->load_theme($session->theme, $session->style); |
|
95 |
} |
|
96 |
if(!$this->sidebar_widgets) |
|
97 |
$this->sidebar_widgets = ''; |
|
98 |
$tplvars = $this->extract_vars('elements.tpl'); |
|
99 |
$parser = $this->makeParserText($tplvars['sidebar_section_raw']); |
|
100 |
$parser->assign_vars(Array('TITLE'=>$t,'CONTENT'=>$h)); |
|
101 |
$this->plugin_blocks[$t] = $h; |
|
102 |
$this->sidebar_widgets .= $parser->run(); |
|
103 |
} |
|
104 |
function add_header($html) |
|
105 |
{ |
|
106 |
$this->additional_headers .= "\n" . $html; |
|
107 |
} |
|
108 |
function get_css($s = false) |
|
109 |
{ |
|
110 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
111 |
if(!defined('ENANO_TEMPLATE_LOADED')) |
|
112 |
$this->load_theme($session->theme, $session->style); |
|
113 |
$path = ( $s ) ? 'css/'.$s : 'css/'.$this->style.'.css'; |
|
114 |
if ( !file_exists(ENANO_ROOT . '/themes/' . $this->theme . '/' . $path) ) |
|
115 |
{ |
|
116 |
echo "/* WARNING: Falling back to default file because file $path does not exist */\n"; |
|
117 |
$path = 'css/' . $this->style_list[0] . '.css'; |
|
118 |
} |
|
119 |
return $this->process_template($path); |
|
120 |
} |
|
121 |
function load_theme($name = false, $css = false) |
|
122 |
{ |
|
123 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
124 |
$this->theme = ( $name ) ? $name : $session->theme; |
|
125 |
$this->style = ( $css ) ? $css : $session->style; |
|
126 |
if ( !$this->theme ) |
|
127 |
{ |
|
128 |
$this->theme = $this->theme_list[0]['theme_id']; |
|
129 |
$this->style = substr($this->theme_list[0]['default_style'], 0, strlen($this->theme_list[0]['default_style'])-4); |
|
130 |
} |
|
131 |
$this->theme_loaded = true; |
|
132 |
} |
|
133 |
||
134 |
function init_vars() |
|
135 |
{ |
|
136 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
137 |
global $email; |
|
138 |
||
139 |
dc_here("template: initializing all variables"); |
|
140 |
||
141 |
if(!$this->theme || !$this->style) |
|
142 |
{ |
|
143 |
$this->load_theme(); |
|
144 |
} |
|
145 |
||
146 |
if(defined('ENANO_TEMPLATE_LOADED')) |
|
147 |
{ |
|
148 |
dc_here('template: access denied to call template::init_vars(), bailing out'); |
|
149 |
die_semicritical('Illegal call', '<p>$template->load_theme was called multiple times, this is not supposed to happen. Exiting with fatal error.</p>'); |
|
150 |
} |
|
151 |
||
152 |
define('ENANO_TEMPLATE_LOADED', ''); |
|
153 |
||
154 |
$tplvars = $this->extract_vars('elements.tpl'); |
|
155 |
||
156 |
dc_here('template: setting all template vars'); |
|
157 |
||
158 |
if(isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) |
|
159 |
{ |
|
160 |
$this->add_header(' |
|
161 |
<!--[if lt IE 7]> |
|
162 |
<script language="JavaScript"> |
|
163 |
function correctPNG() // correctly handle PNG transparency in Win IE 5.5 & 6. |
|
164 |
{ |
|
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents:
85
diff
changeset
|
165 |
var arVersion = navigator.appVersion.split("MSIE"); |
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents:
85
diff
changeset
|
166 |
var version = parseFloat(arVersion[1]); |
1 | 167 |
if (version >= 5.5 && typeof(document.body.filters) == "object") |
168 |
{ |
|
169 |
for(var i=0; i<document.images.length; i++) |
|
170 |
{ |
|
171 |
var img = document.images[i]; |
|
172 |
continue; |
|
173 |
var imgName = img.src.toUpperCase(); |
|
174 |
if (imgName.substring(imgName.length-3, imgName.length) == "PNG") |
|
175 |
{ |
|
176 |
var imgID = (img.id) ? "id=\'" + img.id + "\' " : ""; |
|
177 |
var imgClass = (img.className) ? "class=\'" + img.className + "\' " : ""; |
|
178 |
var imgTitle = (img.title) ? "title=\'" + img.title + "\' " : "title=\'" + img.alt + "\' "; |
|
179 |
var imgStyle = "display:inline-block;" + img.style.cssText; |
|
180 |
if (img.align == "left") imgStyle = "float:left;" + imgStyle; |
|
181 |
if (img.align == "right") imgStyle = "float:right;" + imgStyle; |
|
182 |
if (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle; |
|
183 |
var strNewHTML = "<span " + imgID + imgClass + imgTitle + " style=\\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";" + "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader" + "(src=\\\'" + img.src + "\\\', sizingMethod=\'scale\');\\"></span>"; |
|
184 |
img.outerHTML = strNewHTML; |
|
185 |
i = i-1; |
|
186 |
} |
|
187 |
} |
|
188 |
} |
|
189 |
} |
|
190 |
window.attachEvent("onload", correctPNG); |
|
191 |
</script> |
|
192 |
<![endif]--> |
|
193 |
'); |
|
194 |
} |
|
195 |
||
196 |
// Get the "article" button text (depends on namespace) |
|
197 |
switch($paths->namespace) { |
|
198 |
case "Article": |
|
199 |
default: |
|
200 |
$ns = 'article'; |
|
201 |
break; |
|
202 |
case "Admin": |
|
203 |
$ns = 'administration page'; |
|
204 |
break; |
|
205 |
case "System": |
|
206 |
$ns = 'system message'; |
|
207 |
break; |
|
208 |
case "File": |
|
209 |
$ns = 'uploaded file'; |
|
210 |
break; |
|
211 |
case "Help": |
|
212 |
$ns = 'documentation page'; |
|
213 |
break; |
|
214 |
case "User": |
|
215 |
$ns = 'user page'; |
|
216 |
break; |
|
217 |
case "Special": |
|
218 |
$ns = 'special page'; |
|
219 |
break; |
|
220 |
case "Template": |
|
221 |
$ns = 'template'; |
|
222 |
break; |
|
223 |
case "Project": |
|
224 |
$ns = 'project page'; |
|
225 |
break; |
|
226 |
case "Category": |
|
227 |
$ns = 'category'; |
|
228 |
break; |
|
229 |
} |
|
230 |
$this->namespace_string = $ns; |
|
231 |
$code = $plugins->setHook('page_type_string_set'); |
|
232 |
foreach ( $code as $cmd ) |
|
233 |
{ |
|
234 |
eval($cmd); |
|
235 |
} |
|
236 |
$ns =& $this->namespace_string; |
|
237 |
||
238 |
// Initialize the toolbar |
|
239 |
$tb = ''; |
|
240 |
||
241 |
// Create "xx page" button |
|
242 |
||
243 |
$btn_selected = ( isset($tplvars['toolbar_button_selected'])) ? $tplvars['toolbar_button_selected'] : $tplvars['toolbar_button']; |
|
244 |
$parser = $this->makeParserText($btn_selected); |
|
245 |
||
246 |
$parser->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
247 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxReset()); return false; }" title="View the page contents, all of the page contents, and nothing but the page contents (alt-a)" accesskey="a"', |
1 | 248 |
'PARENTFLAGS' => 'id="mdgToolbar_article"', |
249 |
'HREF' => makeUrl($paths->page, null, true), |
|
250 |
'TEXT' => $this->namespace_string |
|
251 |
)); |
|
252 |
||
253 |
$tb .= $parser->run(); |
|
254 |
||
255 |
$button = $this->makeParserText($tplvars['toolbar_button']); |
|
256 |
||
257 |
// Page toolbar |
|
258 |
// Comments button |
|
259 |
if ( $session->get_permissions('read') && getConfig('enable_comments')=='1' && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $paths->cpage['comments_on'] == 1 ) |
|
260 |
{ |
|
261 |
||
262 |
$e = $db->sql_query('SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\';'); |
|
263 |
if ( !$e ) |
|
264 |
{ |
|
265 |
$db->_die(); |
|
266 |
} |
|
267 |
$nc = $db->numrows(); |
|
268 |
$nu = 0; |
|
269 |
$na = 0; |
|
270 |
||
271 |
while ( $r = $db->fetchrow() ) |
|
272 |
{ |
|
273 |
if ( !$r['approved'] ) |
|
274 |
{ |
|
275 |
$nu++; |
|
276 |
} |
|
277 |
else |
|
278 |
{ |
|
279 |
$na++; |
|
280 |
} |
|
281 |
} |
|
282 |
||
283 |
$db->free_result(); |
|
284 |
$n = ( $session->get_permissions('mod_comments') ) ? (string)$nc : (string)$na; |
|
285 |
if ( $session->get_permissions('mod_comments') && $nu > 0 ) |
|
286 |
{ |
|
287 |
$n .= ' total/'.$nu.' unapp.'; |
|
288 |
} |
|
289 |
||
290 |
$button->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
291 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxComments()); return false; }" title="View the comments that other users have posted about this page (alt-c)" accesskey="c"', |
1 | 292 |
'PARENTFLAGS' => 'id="mdgToolbar_discussion"', |
293 |
'HREF' => makeUrl($paths->page, 'do=comments', true), |
|
294 |
'TEXT' => 'discussion ('.$n.')', |
|
295 |
)); |
|
296 |
||
297 |
$tb .= $button->run(); |
|
298 |
} |
|
299 |
// Edit button |
|
300 |
if($session->get_permissions('read') && ($paths->namespace != 'Special' && $paths->namespace != 'Admin') && ( $session->get_permissions('edit_page') && ( ( $paths->page_protected && $session->get_permissions('even_when_protected') ) || !$paths->page_protected ) ) ) |
|
301 |
{ |
|
302 |
$button->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
303 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxEditor()); return false; }" title="Edit the contents of this page (alt-e)" accesskey="e"', |
1 | 304 |
'PARENTFLAGS' => 'id="mdgToolbar_edit"', |
305 |
'HREF' => makeUrl($paths->page, 'do=edit', true), |
|
306 |
'TEXT' => 'edit this page' |
|
307 |
)); |
|
308 |
$tb .= $button->run(); |
|
309 |
// View source button |
|
310 |
} |
|
311 |
else if($session->get_permissions('view_source') && ( !$session->get_permissions('edit_page') || !$session->get_permissions('even_when_protected') && $paths->page_protected ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin') |
|
312 |
{ |
|
313 |
$button->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
314 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxViewSource()); return false; }" title="View the source code (wiki markup) that this page uses (alt-e)" accesskey="e"', |
1 | 315 |
'PARENTFLAGS' => 'id="mdgToolbar_edit"', |
316 |
'HREF' => makeUrl($paths->page, 'do=viewsource', true), |
|
317 |
'TEXT' => 'view source' |
|
318 |
)); |
|
319 |
$tb .= $button->run(); |
|
320 |
} |
|
321 |
// History button |
|
322 |
if ( $session->get_permissions('read') /* && $paths->wiki_mode */ && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('history_view') ) |
|
323 |
{ |
|
324 |
$button->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
325 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxHistory()); return false; }" title="View a log of actions taken on this page (alt-h)" accesskey="h"', |
1 | 326 |
'PARENTFLAGS' => 'id="mdgToolbar_history"', |
327 |
'HREF' => makeUrl($paths->page, 'do=history', true), |
|
328 |
'TEXT' => 'history' |
|
329 |
)); |
|
330 |
$tb .= $button->run(); |
|
331 |
} |
|
332 |
||
333 |
$menubtn = $this->makeParserText($tplvars['toolbar_menu_button']); |
|
334 |
||
335 |
// Additional actions menu |
|
336 |
// Rename button |
|
337 |
if ( $session->get_permissions('read') && $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
338 |
{ |
|
339 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
340 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxRename()); return false; }" title="Change the display name of this page (alt-r)" accesskey="r"', |
1 | 341 |
'HREF' => makeUrl($paths->page, 'do=rename', true), |
342 |
'TEXT' => 'rename', |
|
343 |
)); |
|
344 |
$this->toolbar_menu .= $menubtn->run(); |
|
345 |
} |
|
346 |
||
347 |
// Vote-to-delete button |
|
348 |
if ( $paths->wiki_mode && $session->get_permissions('vote_delete') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin') |
|
349 |
{ |
|
350 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
351 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDelVote()); return false; }" title="Vote to have this page deleted (alt-d)" accesskey="d"', |
1 | 352 |
'HREF' => makeUrl($paths->page, 'do=delvote', true), |
353 |
'TEXT' => 'vote to delete this page', |
|
354 |
)); |
|
355 |
$this->toolbar_menu .= $menubtn->run(); |
|
356 |
} |
|
357 |
||
358 |
// Clear-votes button |
|
359 |
if ( $session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0) |
|
360 |
{ |
|
361 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
362 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxResetDelVotes()); return false; }" title="Vote to have this page deleted (alt-y)" accesskey="y"', |
1 | 363 |
'HREF' => makeUrl($paths->page, 'do=resetvotes', true), |
364 |
'TEXT' => 'reset deletion votes', |
|
365 |
)); |
|
366 |
$this->toolbar_menu .= $menubtn->run(); |
|
367 |
} |
|
368 |
||
369 |
// Printable page button |
|
370 |
if ( $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
371 |
{ |
|
372 |
$menubtn->assign_vars(array( |
|
373 |
'FLAGS' => 'title="View a version of this page that is suitable for printing"', |
|
374 |
'HREF' => makeUrl($paths->page, 'printable=yes', true), |
|
375 |
'TEXT' => 'view printable version', |
|
376 |
)); |
|
377 |
$this->toolbar_menu .= $menubtn->run(); |
|
378 |
} |
|
379 |
||
380 |
// Protect button |
|
381 |
if($session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('protect')) |
|
382 |
{ |
|
383 |
||
384 |
$label = $this->makeParserText($tplvars['toolbar_label']); |
|
385 |
$label->assign_vars(array('TEXT' => 'protection:')); |
|
386 |
$t0 = $label->run(); |
|
387 |
||
388 |
$ctmp = ''; |
|
389 |
if ( $paths->cpage['protected'] == 1 ) |
|
390 |
{ |
|
391 |
$ctmp=' style="text-decoration: underline;"'; |
|
392 |
} |
|
393 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
394 |
'FLAGS' => 'accesskey="i" onclick="if ( !KILL_SWITCH ) { ajaxProtect(1); return false; }" id="protbtn_1" title="Prevents all non-administrators from editing this page. [alt-i]"'.$ctmp, |
1 | 395 |
'HREF' => makeUrl($paths->page, 'do=protect&level=1', true), |
396 |
'TEXT' => 'on' |
|
397 |
)); |
|
398 |
$t1 = $menubtn->run(); |
|
399 |
||
400 |
$ctmp = ''; |
|
401 |
if ( $paths->cpage['protected'] == 0 ) |
|
402 |
{ |
|
403 |
$ctmp=' style="text-decoration: underline;"'; |
|
404 |
} |
|
405 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
406 |
'FLAGS' => 'accesskey="o" onclick="if ( !KILL_SWITCH ) { ajaxProtect(0); return false; }" id="protbtn_0" title="Allows everyone to edit this page. [alt-o]"'.$ctmp, |
1 | 407 |
'HREF' => makeUrl($paths->page, 'do=protect&level=0', true), |
408 |
'TEXT' => 'off' |
|
409 |
)); |
|
410 |
$t2 = $menubtn->run(); |
|
411 |
||
412 |
$ctmp = ''; |
|
413 |
if ( $paths->cpage['protected'] == 2 ) |
|
414 |
{ |
|
415 |
$ctmp = ' style="text-decoration: underline;"'; |
|
416 |
} |
|
417 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
418 |
'FLAGS' => 'accesskey="p" onclick="if ( !KILL_SWITCH ) { ajaxProtect(2); return false; }" id="protbtn_2" title="Allows only users who have been registered for 4 days to edit this page. [alt-p]"'.$ctmp, |
1 | 419 |
'HREF' => makeUrl($paths->page, 'do=protect&level=2', true), |
420 |
'TEXT' => 'semi' |
|
421 |
)); |
|
422 |
$t3 = $menubtn->run(); |
|
423 |
||
424 |
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0"> |
|
425 |
<tr> |
|
426 |
<td>'.$t0.'</td> |
|
427 |
<td>'.$t1.'</td> |
|
428 |
<td>'.$t2.'</td> |
|
429 |
<td>'.$t3.'</td> |
|
430 |
</tr> |
|
431 |
</table>'; |
|
432 |
} |
|
433 |
||
434 |
// Wiki mode button |
|
435 |
if($session->get_permissions('read') && $paths->page_exists && $session->get_permissions('set_wiki_mode') && $paths->namespace != 'Special' && $paths->namespace != 'Admin') |
|
436 |
{ |
|
437 |
// label at start |
|
438 |
$label = $this->makeParserText($tplvars['toolbar_label']); |
|
439 |
$label->assign_vars(array('TEXT' => 'page wiki mode:')); |
|
440 |
$t0 = $label->run(); |
|
441 |
||
442 |
// on button |
|
443 |
$ctmp = ''; |
|
444 |
if ( $paths->cpage['wiki_mode'] == 1 ) |
|
445 |
{ |
|
446 |
$ctmp = ' style="text-decoration: underline;"'; |
|
447 |
} |
|
448 |
$menubtn->assign_vars(array( |
|
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
98
diff
changeset
|
449 |
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(1); return false; }" id="wikibtn_1" title="Forces wiki functions to be allowed on this page."'. */ $ctmp, |
1 | 450 |
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=1', true), |
451 |
'TEXT' => 'on' |
|
452 |
)); |
|
453 |
$t1 = $menubtn->run(); |
|
454 |
||
455 |
// off button |
|
456 |
$ctmp = ''; |
|
457 |
if ( $paths->cpage['wiki_mode'] == 0 ) |
|
458 |
{ |
|
459 |
$ctmp=' style="text-decoration: underline;"'; |
|
460 |
} |
|
461 |
$menubtn->assign_vars(array( |
|
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
98
diff
changeset
|
462 |
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(0); return false; }" id="wikibtn_0" title="Forces wiki functions to be disabled on this page."'. */ $ctmp, |
1 | 463 |
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=0', true), |
464 |
'TEXT' => 'off' |
|
465 |
)); |
|
466 |
$t2 = $menubtn->run(); |
|
467 |
||
468 |
// global button |
|
469 |
$ctmp = ''; |
|
470 |
if ( $paths->cpage['wiki_mode'] == 2 ) |
|
471 |
{ |
|
472 |
$ctmp=' style="text-decoration: underline;"'; |
|
473 |
} |
|
474 |
$menubtn->assign_vars(array( |
|
102
d807dcd7aed7
[comments] fixed edit button (source wasn't getting filled)
Dan
parents:
98
diff
changeset
|
475 |
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(2); return false; }" id="wikibtn_2" title="Causes this page to use the global wiki mode setting (default)"'. */ $ctmp, |
1 | 476 |
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=2', true), |
477 |
'TEXT' => 'global' |
|
478 |
)); |
|
479 |
$t3 = $menubtn->run(); |
|
480 |
||
481 |
// Tack it onto the list of buttons that are already there... |
|
482 |
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0"> |
|
483 |
<tr> |
|
484 |
<td>'.$t0.'</td> |
|
485 |
<td>'.$t1.'</td> |
|
486 |
<td>'.$t2.'</td> |
|
487 |
<td>'.$t3.'</td> |
|
488 |
</tr> |
|
489 |
</table>'; |
|
490 |
} |
|
491 |
||
492 |
// Clear logs button |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
493 |
if ( $session->get_permissions('read') && $session->get_permissions('clear_logs') && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
1 | 494 |
{ |
495 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
496 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxClearLogs()); return false; }" title="Remove all edit and action logs for this page from the database. IRREVERSIBLE! (alt-l)" accesskey="l"', |
1 | 497 |
'HREF' => makeUrl($paths->page, 'do=flushlogs', true), |
498 |
'TEXT' => 'clear page logs', |
|
499 |
)); |
|
500 |
$this->toolbar_menu .= $menubtn->run(); |
|
501 |
} |
|
502 |
||
503 |
// Delete page button |
|
504 |
if ( $session->get_permissions('read') && $session->get_permissions('delete_page') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
505 |
{ |
|
506 |
$s = 'delete this page'; |
|
507 |
if ( $paths->cpage['delvotes'] == 1 ) |
|
508 |
{ |
|
509 |
$s .= ' (<b>'.$paths->cpage['delvotes'].'</b> vote)'; |
|
510 |
} |
|
511 |
else if ( $paths->cpage['delvotes'] > 1 ) |
|
512 |
{ |
|
513 |
$s .= ' (<b>'.$paths->cpage['delvotes'].'</b> votes)'; |
|
514 |
} |
|
515 |
||
516 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
517 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDeletePage()); return false; }" title="Delete this page. This is always reversible unless the logs are cleared. (alt-k)" accesskey="k"', |
1 | 518 |
'HREF' => makeUrl($paths->page, 'do=deletepage', true), |
519 |
'TEXT' => $s, |
|
520 |
)); |
|
521 |
$this->toolbar_menu .= $menubtn->run(); |
|
522 |
||
523 |
} |
|
524 |
||
525 |
// Password-protect button |
|
526 |
if(isset($paths->cpage['password'])) |
|
527 |
{ |
|
528 |
if ( $paths->cpage['password'] == '' ) |
|
529 |
{ |
|
530 |
$a = $session->get_permissions('password_set'); |
|
531 |
} |
|
532 |
else |
|
533 |
{ |
|
534 |
$a = $session->get_permissions('password_reset'); |
|
535 |
} |
|
536 |
} |
|
537 |
else |
|
538 |
{ |
|
539 |
$a = $session->get_permissions('password_set'); |
|
540 |
} |
|
541 |
if ( $a && $session->get_permissions('read') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
542 |
{ |
|
543 |
// label at start |
|
544 |
$label = $this->makeParserText($tplvars['toolbar_label']); |
|
13
fdd6b9dd42c3
Installer actually works now on dev servers; minor language change in template.php; code cleanliness fix in sessions.php
Dan
parents:
1
diff
changeset
|
545 |
$label->assign_vars(array('TEXT' => 'page password:')); |
1 | 546 |
$t0 = $label->run(); |
547 |
||
548 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
549 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxSetPassword()); return false; }" title="Require a password in order for this page to be viewed"', |
1 | 550 |
'HREF' => '#', |
551 |
'TEXT' => 'set', |
|
552 |
)); |
|
553 |
$t = $menubtn->run(); |
|
554 |
||
555 |
$this->toolbar_menu .= '<table border="0" cellspacing="0" cellpadding="0"><tr><td>'.$t0.'</td><td><input type="password" id="mdgPassSetField" size="10" /></td><td>'.$t.'</td></tr></table>'; |
|
556 |
} |
|
557 |
||
558 |
// Manage ACLs button |
|
559 |
if($session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN) |
|
560 |
{ |
|
561 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
562 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { return ajaxOpenACLManager(); }" title="Manage who can do what with this page (alt-m)" accesskey="m"', |
1 | 563 |
'HREF' => makeUrl($paths->page, 'do=aclmanager', true), |
564 |
'TEXT' => 'manage page access', |
|
565 |
)); |
|
566 |
$this->toolbar_menu .= $menubtn->run(); |
|
567 |
} |
|
568 |
||
569 |
// Administer page button |
|
570 |
if ( $session->user_level >= USER_LEVEL_ADMIN && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) |
|
571 |
{ |
|
572 |
$menubtn->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
573 |
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxAdminPage()); return false; }" title="Administrative options for this page" accesskey="g"', |
1 | 574 |
'HREF' => makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'PageManager', true), |
575 |
'TEXT' => 'administrative options', |
|
576 |
)); |
|
577 |
$this->toolbar_menu .= $menubtn->run(); |
|
578 |
} |
|
579 |
||
580 |
if ( strlen($this->toolbar_menu) > 0 ) |
|
581 |
{ |
|
582 |
$button->assign_vars(array( |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
583 |
'FLAGS' => 'id="mdgToolbar_moreoptions" onclick="if ( !KILL_SWITCH ) { return false; }" title="Additional options for working with this page"', |
1 | 584 |
'PARENTFLAGS' => '', |
585 |
'HREF' => makeUrl($paths->page, 'do=moreoptions', true), |
|
586 |
'TEXT' => 'more options' |
|
587 |
)); |
|
588 |
$tb .= $button->run(); |
|
589 |
} |
|
590 |
||
591 |
$is_opera = (isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'Opera')) ? true : false; |
|
592 |
||
593 |
$this->tpl_bool = Array( |
|
594 |
'auth_admin'=>$session->user_level >= USER_LEVEL_ADMIN ? true : false, |
|
595 |
'user_logged_in'=>$session->user_logged_in, |
|
596 |
'opera'=>$is_opera, |
|
597 |
); |
|
598 |
||
599 |
if($session->sid_super) { $ash = '&auth='.$session->sid_super; $asq = "?auth=".$session->sid_super; $asa = "&auth=".$session->sid_super; $as2 = htmlspecialchars(urlSeparator).'auth='.$session->sid_super; } |
|
600 |
else { $asq=''; $asa=''; $as2 = ''; $ash = ''; } |
|
601 |
||
602 |
$code = $plugins->setHook('compile_template'); |
|
603 |
foreach ( $code as $cmd ) |
|
604 |
{ |
|
605 |
eval($cmd); |
|
606 |
} |
|
607 |
||
608 |
// Some additional sidebar processing |
|
609 |
if($this->sidebar_extra != '') { |
|
610 |
$se = $this->sidebar_extra; |
|
611 |
$parser = $this->makeParserText($tplvars['sidebar_section_raw']); |
|
612 |
$parser->assign_vars(Array('TITLE'=>'Links','CONTENT'=>$se)); |
|
613 |
$this->sidebar_extra = $parser->run(); |
|
614 |
} |
|
615 |
||
616 |
$this->sidebar_extra = $this->sidebar_extra.$this->sidebar_widgets; |
|
617 |
||
618 |
$this->tpl_bool['fixed_menus'] = false; |
|
619 |
/* if($this->sidebar_extra == '') $this->tpl_bool['right_sidebar'] = false; |
|
620 |
else */ $this->tpl_bool['right_sidebar'] = true; |
|
621 |
||
622 |
$this->tpl_bool['auth_rename'] = ( $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin'); |
|
623 |
||
624 |
$this->tpl_bool['enable_uploads'] = ( getConfig('enable_uploads') == '1' && $session->get_permissions('upload_files') ) ? true : false; |
|
625 |
||
626 |
$this->tpl_bool['stupid_mode'] = false; |
|
627 |
||
628 |
if($paths->page == $paths->nslist['Special'].'Administration') $this->tpl_bool['in_admin'] = true; |
|
629 |
else $this->tpl_bool['in_admin'] = false; |
|
630 |
||
631 |
$p = ( isset($_GET['printable']) ) ? '/printable' : ''; |
|
632 |
||
633 |
// Add the e-mail address client code to the header |
|
634 |
$this->add_header($email->jscode()); |
|
635 |
||
636 |
// Generate the code for the Log out and Change theme sidebar buttons |
|
637 |
// Once again, the new template parsing system can be used here |
|
638 |
||
639 |
$parser = $this->makeParserText($tplvars['sidebar_button']); |
|
640 |
||
641 |
$parser->assign_vars(Array( |
|
642 |
'HREF'=>makeUrlNS('Special', 'Logout'), |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
643 |
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"', |
1 | 644 |
'TEXT'=>'Log out', |
645 |
)); |
|
646 |
||
647 |
$logout_link = $parser->run(); |
|
648 |
||
649 |
$parser->assign_vars(Array( |
|
650 |
'HREF'=>makeUrlNS('Special', 'Login/' . $paths->page), |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
651 |
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxStartLogin(); return false; }"', |
1 | 652 |
'TEXT'=>'Log in', |
653 |
)); |
|
654 |
||
655 |
$login_link = $parser->run(); |
|
656 |
||
657 |
$parser->assign_vars(Array( |
|
658 |
'HREF'=>makeUrlNS('Special', 'ChangeStyle/'.$paths->page), |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
659 |
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxChangeStyle(); return false; }"', |
1 | 660 |
'TEXT'=>'Change theme', |
661 |
)); |
|
662 |
||
663 |
$theme_link = $parser->run(); |
|
664 |
||
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
665 |
$parser->assign_vars(Array( |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
666 |
'HREF'=>makeUrlNS('Special', 'Administration'), |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
667 |
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { void(ajaxStartAdminLogin()); return false; }"', |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
668 |
'TEXT'=>'Administration', |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
669 |
)); |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
670 |
|
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
671 |
$admin_link = $parser->run(); |
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
672 |
|
1 | 673 |
$SID = ($session->sid_super) ? $session->sid_super : ''; |
674 |
||
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
675 |
$urlname_clean = str_replace('\'', '\\\'', str_replace('\\', '\\\\', dirtify_page_id($paths->fullpage))); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
676 |
$urlname_clean = strtr( $urlname_clean, array( '<' => '<', '>' => '>' ) ); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
677 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
678 |
$urlname_jssafe = sanitize_page_id($paths->fullpage); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
679 |
|
1 | 680 |
// Generate the dynamic javascript vars |
681 |
$js_dynamic = ' <script type="text/javascript">// <![CDATA[ |
|
682 |
// This section defines some basic and very important variables that are used later in the static Javascript library. |
|
683 |
// SKIN DEVELOPERS: The template variable for this code block is {JS_DYNAMIC_VARS}. This MUST be inserted BEFORE the tag that links to the main Javascript lib. |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
684 |
var title=\''. $urlname_jssafe .'\'; |
1 | 685 |
var page_exists='. ( ( $paths->page_exists) ? 'true' : 'false' ) .'; |
686 |
var scriptPath=\''. scriptPath .'\'; |
|
687 |
var contentPath=\''.contentPath.'\'; |
|
688 |
var ENANO_SID =\'' . $SID . '\'; |
|
689 |
var auth_level=' . $session->auth_level . '; |
|
690 |
var USER_LEVEL_GUEST = ' . USER_LEVEL_GUEST . '; |
|
691 |
var USER_LEVEL_MEMBER = ' . USER_LEVEL_MEMBER . '; |
|
692 |
var USER_LEVEL_CHPREF = ' . USER_LEVEL_CHPREF . '; |
|
693 |
var USER_LEVEL_MOD = ' . USER_LEVEL_MOD . '; |
|
694 |
var USER_LEVEL_ADMIN = ' . USER_LEVEL_ADMIN . '; |
|
695 |
var editNotice = \'' . ( (getConfig('wiki_edit_notice')=='1') ? str_replace("\n", "\\\n", RenderMan::render(getConfig('wiki_edit_notice_text'))) : '' ) . '\'; |
|
696 |
var prot = ' . ( ($paths->page_protected && !$session->get_permissions('even_when_protected')) ? 'true' : 'false' ) .'; // No, hacking this var won\'t work, it\'s re-checked on the server |
|
697 |
var ENANO_SPECIAL_CREATEPAGE = \''. makeUrl($paths->nslist['Special'].'CreatePage') .'\'; |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
698 |
var ENANO_CREATEPAGE_PARAMS = \'_do=&pagename='. $urlname_clean .'&namespace=' . $paths->namespace . '\'; |
1 | 699 |
var ENANO_SPECIAL_CHANGESTYLE = \''. makeUrlNS('Special', 'ChangeStyle') .'\'; |
700 |
var namespace_list = new Array(); |
|
701 |
var AES_BITS = '.AES_BITS.'; |
|
702 |
var AES_BLOCKSIZE = '.AES_BLOCKSIZE.'; |
|
703 |
var pagepass = \''. ( ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '' ) .'\'; |
|
704 |
var ENANO_THEME_LIST = \''; |
|
705 |
foreach($this->theme_list as $t) { |
|
706 |
if($t['enabled']) |
|
707 |
{ |
|
708 |
$js_dynamic .= '<option value="'.$t['theme_id'].'"'; |
|
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
27
diff
changeset
|
709 |
// if($t['theme_id'] == $session->theme) $js_dynamic .= ' selected="selected"'; |
1 | 710 |
$js_dynamic .= '>'.$t['theme_name'].'</option>'; |
711 |
} |
|
712 |
} |
|
713 |
$js_dynamic .= '\'; |
|
714 |
var ENANO_CURRENT_THEME = \''. $session->theme .'\';'; |
|
715 |
foreach($paths->nslist as $k => $c) |
|
716 |
{ |
|
717 |
$js_dynamic .= "namespace_list['{$k}'] = '$c';"; |
|
718 |
} |
|
719 |
$js_dynamic .= "\n //]]>\n </script>"; |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
720 |
|
1 | 721 |
$tpl_strings = Array( |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
722 |
'PAGE_NAME'=>htmlspecialchars($paths->cpage['name']), |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
13
diff
changeset
|
723 |
'PAGE_URLNAME'=> $urlname_clean, |
40
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
36
diff
changeset
|
724 |
'SITE_NAME'=>htmlspecialchars(getConfig('site_name')), |
1 | 725 |
'USERNAME'=>$session->username, |
40
723bb7acf914
Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents:
36
diff
changeset
|
726 |
'SITE_DESC'=>htmlspecialchars(getConfig('site_desc')), |
1 | 727 |
'TOOLBAR'=>$tb, |
728 |
'SCRIPTPATH'=>scriptPath, |
|
729 |
'CONTENTPATH'=>contentPath, |
|
730 |
'ADMIN_SID_QUES'=>$asq, |
|
731 |
'ADMIN_SID_AMP'=>$asa, |
|
732 |
'ADMIN_SID_AMP_HTML'=>$ash, |
|
733 |
'ADMIN_SID_AUTO'=>$as2, |
|
734 |
'ADDITIONAL_HEADERS'=>$this->additional_headers, |
|
91 | 735 |
'COPYRIGHT'=>RenderMan::parse_internal_links(getConfig('copyright_notice')), |
1 | 736 |
'TOOLBAR_EXTRAS'=>$this->toolbar_menu, |
737 |
'REQUEST_URI'=>$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], |
|
738 |
'STYLE_LINK'=>makeUrlNS('Special', 'CSS'.$p, null, true), //contentPath.$paths->nslist['Special'].'CSS' . $p, |
|
739 |
'LOGIN_LINK'=>$login_link, |
|
740 |
'LOGOUT_LINK'=>$logout_link, |
|
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
741 |
'ADMIN_LINK'=>$admin_link, |
1 | 742 |
'THEME_LINK'=>$theme_link, |
743 |
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme, |
|
744 |
'THEME_ID'=>$this->theme, |
|
745 |
'STYLE_ID'=>$this->style, |
|
746 |
'JS_DYNAMIC_VARS'=>$js_dynamic, |
|
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
parents:
73
diff
changeset
|
747 |
'UNREAD_PMS'=>$session->unread_pms, |
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
parents:
85
diff
changeset
|
748 |
'URL_ABOUT_ENANO' => makeUrlNS('Special', 'About_Enano', '', true) |
1 | 749 |
); |
750 |
||
751 |
foreach ( $paths->nslist as $ns_id => $ns_prefix ) |
|
752 |
{ |
|
753 |
$tpl_strings[ 'NS_' . strtoupper($ns_id) ] = $ns_prefix; |
|
754 |
} |
|
755 |
||
756 |
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings); |
|
757 |
list($this->tpl_strings['SIDEBAR_LEFT'], $this->tpl_strings['SIDEBAR_RIGHT'], $min) = $this->fetch_sidebar(); |
|
758 |
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != $min) ? true : false; |
|
759 |
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != $min) ? true : false; |
|
760 |
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility |
|
761 |
} |
|
762 |
||
763 |
function header($simple = false) |
|
764 |
{ |
|
765 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
766 |
ob_start(); |
|
767 |
||
768 |
if(!$this->theme_loaded) |
|
769 |
{ |
|
770 |
$this->load_theme($session->theme, $session->style); |
|
771 |
} |
|
772 |
||
773 |
$headers_sent = true; |
|
774 |
dc_here('template: generating and sending the page header'); |
|
775 |
if(!defined('ENANO_HEADERS_SENT')) |
|
776 |
define('ENANO_HEADERS_SENT', ''); |
|
777 |
if(!$this->no_headers) echo ( $simple ) ? $this->process_template('simple-header.tpl') : $this->process_template('header.tpl'); |
|
778 |
if ( !$simple && $session->user_logged_in && $session->unread_pms > 0 ) |
|
779 |
{ |
|
780 |
echo $this->notify_unread_pms(); |
|
781 |
} |
|
782 |
if ( !$simple && $session->sw_timed_out ) |
|
783 |
{ |
|
784 |
$login_link = makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, true); |
|
785 |
echo '<div class="usermessage">'; |
|
786 |
echo '<b>Your administrative session has timed out.</b> <a href="' . $login_link . '">Log in again</a>'; |
|
787 |
echo '</div>'; |
|
788 |
} |
|
30 | 789 |
if ( $this->site_disabled && $session->user_level >= USER_LEVEL_ADMIN && ( $paths->page != $paths->nslist['Special'] . 'Administration' ) ) |
790 |
{ |
|
791 |
$admin_link = makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'GeneralConfig', true); |
|
792 |
echo '<div class="usermessage"><b>The site is currently disabled and thus is only accessible to administrators.</b><br /> |
|
793 |
You can re-enable the site through the <a href="' . $admin_link . '">administration panel</a>. |
|
794 |
</div>'; |
|
795 |
} |
|
1 | 796 |
} |
797 |
function footer($simple = false) |
|
798 |
{ |
|
799 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
800 |
dc_here('template: generating and sending the page footer'); |
|
801 |
if(!$this->no_headers) { |
|
802 |
||
803 |
if(!defined('ENANO_HEADERS_SENT')) |
|
804 |
$this->header(); |
|
805 |
||
806 |
global $_starttime; |
|
807 |
if(isset($_GET['sqldbg']) && $session->get_permissions('mod_misc')) |
|
808 |
{ |
|
809 |
echo '<h3>Query list as requested on URI</h3><pre style="margin-left: 1em">'; |
|
810 |
echo $db->sql_backtrace(); |
|
811 |
echo '</pre>'; |
|
812 |
} |
|
813 |
||
814 |
$f = microtime_float(); |
|
815 |
$f = $f - $_starttime; |
|
816 |
$f = round($f, 4); |
|
817 |
$dbg = 'Time: '.$f.'s | Queries: '.$db->num_queries; |
|
818 |
$t = ( $simple ) ? $this->process_template('simple-footer.tpl') : $this->process_template('footer.tpl'); |
|
819 |
$t = str_replace('[[Stats]]', $dbg, $t); |
|
820 |
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t); |
|
821 |
$t = str_replace('[[GenTime]]', (string)$f, $t); |
|
822 |
echo $t; |
|
823 |
||
824 |
ob_end_flush(); |
|
825 |
} |
|
826 |
else return ''; |
|
827 |
} |
|
828 |
function getHeader() |
|
829 |
{ |
|
830 |
$headers_sent = true; |
|
831 |
dc_here('template: generating and sending the page header'); |
|
832 |
if(!defined('ENANO_HEADERS_SENT')) |
|
833 |
define('ENANO_HEADERS_SENT', ''); |
|
834 |
if(!$this->no_headers) return $this->process_template('header.tpl'); |
|
835 |
} |
|
836 |
function getFooter() |
|
837 |
{ |
|
838 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
839 |
dc_here('template: generating and sending the page footer'); |
|
840 |
if(!$this->no_headers) { |
|
841 |
global $_starttime; |
|
842 |
$t = ''; |
|
843 |
||
844 |
if(isset($_GET['sqldbg']) && $session->get_permissions('mod_misc')) |
|
845 |
{ |
|
846 |
$t .= '<h3>Query list as requested on URI</h3><pre style="margin-left: 1em">'; |
|
847 |
$t .= $db->sql_backtrace(); |
|
848 |
$t .= '</pre>'; |
|
849 |
} |
|
850 |
||
851 |
$f = microtime_float(); |
|
852 |
$f = $f - $_starttime; |
|
853 |
$f = round($f, 4); |
|
854 |
$dbg = 'Time: '.$f.'s | Queries: '.$db->num_queries; |
|
855 |
$t.= $this->process_template('footer.tpl'); |
|
856 |
$t = str_replace('[[Stats]]', $dbg, $t); |
|
857 |
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t); |
|
858 |
$t = str_replace('[[GenTime]]', (string)$f, $t); |
|
859 |
return $t; |
|
860 |
} |
|
861 |
else return ''; |
|
862 |
} |
|
863 |
||
864 |
function process_template($file) { |
|
865 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
866 |
if(!defined('ENANO_TEMPLATE_LOADED')) |
|
867 |
{ |
|
868 |
$this->load_theme(); |
|
869 |
$this->init_vars(); |
|
870 |
} |
|
871 |
eval($this->compile_template($file)); |
|
872 |
return $tpl_code; |
|
873 |
} |
|
874 |
||
875 |
function extract_vars($file) { |
|
876 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
877 |
if(!$this->theme) |
|
878 |
{ |
|
879 |
die('$template->extract_vars(): theme not yet loaded, so we can\'t open template files yet...this is a bug and should be reported.<br /><br />Backtrace, most recent call first:<pre>'.enano_debug_print_backtrace(true).'</pre>'); |
|
880 |
} |
|
881 |
if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file)) die('Cannot find '.$file.' file for style "'.$this->theme.'", exiting'); |
|
882 |
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file); |
|
883 |
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches); |
|
884 |
$tplvars = Array(); |
|
885 |
for($i=0;$i<sizeof($matches[1]);$i++) |
|
886 |
{ |
|
887 |
$tplvars[$matches[1][$i]] = $matches[2][$i]; |
|
888 |
} |
|
889 |
return $tplvars; |
|
890 |
} |
|
891 |
function compile_template($text) { |
|
892 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
893 |
if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text)) die('Cannot find '.$text.' file for style, exiting'); |
|
894 |
$n = $text; |
|
895 |
$tpl_filename = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $n) . '.php'; |
|
896 |
if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text)) die('Cannot find '.$text.' file for style, exiting'); |
|
897 |
if(file_exists($tpl_filename) && getConfig('cache_thumbs')=='1') |
|
898 |
{ |
|
899 |
include($tpl_filename); |
|
900 |
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text); |
|
901 |
if(isset($md5) && $md5 == md5($text)) { |
|
902 |
return str_replace('\\"', '"', $tpl_text); |
|
903 |
} |
|
904 |
} |
|
905 |
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$n); |
|
906 |
||
907 |
$md5 = md5($text); |
|
908 |
||
909 |
$seed = md5 ( microtime() . mt_rand() ); |
|
910 |
preg_match_all("/<\?php(.*?)\?>/is", $text, $m); |
|
911 |
//die('<pre>'.htmlspecialchars(print_r($m, true)).'</pre>'); |
|
912 |
for($i = 0; $i < sizeof($m[1]); $i++) |
|
913 |
{ |
|
914 |
$text = str_replace("<?php{$m[1][$i]}?>", "{PHPCODE:{$i}:{$seed}}", $text); |
|
915 |
} |
|
916 |
//die('<pre>'.htmlspecialchars($text).'</pre>'); |
|
917 |
$text = 'ob_start(); echo \''.str_replace('\'', '\\\'', $text).'\'; $tpl_code = ob_get_contents(); ob_end_clean();'; |
|
918 |
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if(isset($this->tpl_bool[\'\\1\']) && $this->tpl_bool[\'\\1\']) { echo \'', $text); |
|
919 |
$text = preg_replace('#<!-- IFSET (.*?) -->#is', '\'; if(isset($this->tpl_strings[\'\\1\'])) { echo \'', $text); |
|
920 |
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { echo \'', $text); |
|
921 |
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '\'; echo $template->tplWikiFormat($paths->sysMsg(\'\\1\')); echo \'', $text); |
|
922 |
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { echo \'', $text); |
|
923 |
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { echo \'', $text); |
|
924 |
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } echo \'', $text); |
|
925 |
$text = preg_replace('#\{([A-z0-9]*)\}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); |
|
926 |
for($i = 0; $i < sizeof($m[1]); $i++) |
|
927 |
{ |
|
928 |
$text = str_replace("{PHPCODE:{$i}:{$seed}}", "'; {$m[1][$i]} echo '", $text); |
|
929 |
} |
|
930 |
if(is_writable(ENANO_ROOT.'/cache/') && getConfig('cache_thumbs')=='1') |
|
931 |
{ |
|
932 |
//die($tpl_filename); |
|
933 |
$h = fopen($tpl_filename, 'w'); |
|
934 |
if(!$h) return $text; |
|
935 |
$t = addslashes($text); |
|
936 |
fwrite($h, '<?php $md5 = \''.$md5.'\'; $tpl_text = \''.$t.'\'; ?>'); |
|
937 |
fclose($h); |
|
938 |
} |
|
939 |
return $text; //('<pre>'.htmlspecialchars($text).'</pre>'); |
|
940 |
} |
|
941 |
||
942 |
function compile_template_text($text) { |
|
943 |
$seed = md5 ( microtime() . mt_rand() ); |
|
944 |
preg_match_all("/<\?php(.*?)\?>/is", $text, $m); |
|
945 |
//die('<pre>'.htmlspecialchars(print_r($m, true)).'</pre>'); |
|
946 |
for($i = 0; $i < sizeof($m[1]); $i++) |
|
947 |
{ |
|
948 |
$text = str_replace("<?php{$m[1][$i]}?>", "{PHPCODE:{$i}:{$seed}}", $text); |
|
949 |
} |
|
950 |
//die('<pre>'.htmlspecialchars($text).'</pre>'); |
|
951 |
$text = 'ob_start(); echo \''.str_replace('\'', '\\\'', $text).'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;'; |
|
952 |
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if(isset($this->tpl_bool[\'\\1\']) && $this->tpl_bool[\'\\1\']) { echo \'', $text); |
|
953 |
$text = preg_replace('#<!-- IFSET (.*?) -->#is', '\'; if(isset($this->tpl_strings[\'\\1\'])) { echo \'', $text); |
|
954 |
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { echo \'', $text); |
|
955 |
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '\'; echo $template->tplWikiFormat($paths->sysMsg(\'\\1\')); echo \'', $text); |
|
956 |
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { echo \'', $text); |
|
957 |
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { echo \'', $text); |
|
958 |
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } echo \'', $text); |
|
959 |
$text = preg_replace('#\{([A-z0-9]*)\}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); |
|
960 |
for($i = 0; $i < sizeof($m[1]); $i++) |
|
961 |
{ |
|
962 |
$text = str_replace("{PHPCODE:{$i}:{$seed}}", "'; {$m[1][$i]} echo '", $text); |
|
963 |
} |
|
964 |
return $text; //('<pre>'.htmlspecialchars($text).'</pre>'); |
|
965 |
} |
|
966 |
||
967 |
function parse($text) |
|
968 |
{ |
|
969 |
$text = $this->compile_template_text($text); |
|
970 |
return eval($text); |
|
971 |
} |
|
972 |
||
973 |
// Steps to turn this: |
|
974 |
// [[Project:Community Portal]] |
|
975 |
// into this: |
|
976 |
// <a href="/Project:Community_Portal">Community Portal</a> |
|
977 |
// Must be done WITHOUT creating eval'ed code!!! |
|
978 |
||
979 |
// 1. preg_replace \[\[([a-zA-Z0-9 -_:]*?)\]\] with <a href="'.contentPath.'\\1">\\1</a> |
|
980 |
// 2. preg_match_all <a href="'.preg_quote(contentPath).'([a-zA-Z0-9 -_:]*?)"> |
|
981 |
// 3. For each match, replace matches with identifiers |
|
982 |
// 4. For each match, str_replace ' ' with '_' |
|
983 |
// 5. For each match, str_replace match_id:random_val with $matches[$match_id] |
|
984 |
||
985 |
// The template language is really a miniature programming language; with variables, conditionals, everything! |
|
986 |
// So you can implement custom logic into your sidebar if you wish. |
|
987 |
// "Real" PHP support coming soon :-D |
|
988 |
||
989 |
function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl') { |
|
990 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
991 |
$filter_links = false; |
|
992 |
$tplvars = $this->extract_vars($filename); |
|
993 |
if($session->sid_super) $as = htmlspecialchars(urlSeparator).'auth='.$session->sid_super; |
|
994 |
else $as = ''; |
|
995 |
error_reporting(E_ALL); |
|
996 |
$random_id = sha1(microtime().''); // A temp value |
|
997 |
||
998 |
/* |
|
999 |
* PREPROCESSOR |
|
1000 |
*/ |
|
1001 |
||
1002 |
// Variables |
|
1003 |
||
1004 |
preg_match_all('#\$([A-Z_-]+)\$#', $message, $links); |
|
1005 |
$links = $links[1]; |
|
1006 |
||
1007 |
for($i=0;$i<sizeof($links);$i++) |
|
1008 |
{ |
|
1009 |
$message = str_replace('$'.$links[$i].'$', $this->tpl_strings[$links[$i]], $message); |
|
1010 |
} |
|
1011 |
||
1012 |
// Conditionals |
|
1013 |
||
1014 |
preg_match_all('#\{if ([A-Za-z0-9_ &\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links); |
|
1015 |
||
1016 |
for($i=0;$i<sizeof($links[1]);$i++) |
|
1017 |
{ |
|
1018 |
$message = str_replace('{if '.$links[1][$i].'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message); |
|
1019 |
||
1020 |
// Time for some manual parsing... |
|
1021 |
$chk = false; |
|
1022 |
$current_id = ''; |
|
1023 |
$prn_level = 0; |
|
1024 |
// Used to keep track of where we are in the conditional |
|
1025 |
// Object of the game: turn {if this && ( that OR !something_else )} ... {/if} into if( ( isset($this->tpl_bool['that']) && $this->tpl_bool['that'] ) && ... |
|
1026 |
// Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above. |
|
1027 |
$in_var_now = true; |
|
1028 |
$in_var_last = false; |
|
1029 |
$current_var = ''; |
|
1030 |
$current_var_start_pos = 0; |
|
1031 |
$current_var_end_pos = 0; |
|
1032 |
$j = -1; |
|
1033 |
$links[1][$i] = $links[1][$i] . ' '; |
|
1034 |
$d = strlen($links[1][$i]); |
|
1035 |
while($j < $d) |
|
1036 |
{ |
|
1037 |
$j++; |
|
1038 |
$in_var_last = $in_var_now; |
|
1039 |
||
1040 |
$char = substr($links[1][$i], $j, 1); |
|
1041 |
$in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false; |
|
1042 |
if(!$in_var_last && $in_var_now) |
|
1043 |
{ |
|
1044 |
$current_var_start_pos = $j; |
|
1045 |
} |
|
1046 |
if($in_var_last && !$in_var_now) |
|
1047 |
{ |
|
1048 |
$current_var_end_pos = $j; |
|
1049 |
} |
|
1050 |
if($in_var_now) |
|
1051 |
{ |
|
1052 |
$current_var .= $char; |
|
1053 |
continue; |
|
1054 |
} |
|
1055 |
// OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete. |
|
1056 |
if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9') |
|
1057 |
{ |
|
1058 |
// XSS attack! Bail out |
|
1059 |
echo '<p><b>Error:</b> Syntax error (possibly XSS attack) caught in template code:</p>'; |
|
1060 |
echo '<pre>'; |
|
1061 |
echo '{if '.$links[1][$i].'}'; |
|
1062 |
echo "\n "; |
|
1063 |
for($k=0;$k<$j;$k++) echo " "; |
|
1064 |
echo '<span style="color: red;">^</span>'; |
|
1065 |
echo '</pre>'; |
|
1066 |
continue 2; |
|
1067 |
} |
|
1068 |
if($current_var != '') |
|
1069 |
{ |
|
1070 |
$cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )'; |
|
1071 |
$cvt = substr($links[1][$i], 0, $current_var_start_pos) . $cd . substr($links[1][$i], $current_var_end_pos, strlen($links[1][$i])); |
|
1072 |
$j = $j + strlen($cd) - strlen($current_var); |
|
1073 |
$current_var = ''; |
|
1074 |
$links[1][$i] = $cvt; |
|
1075 |
$d = strlen($links[1][$i]); |
|
1076 |
} |
|
1077 |
} |
|
1078 |
$links[1][$i] = substr($links[1][$i], 0, strlen($links[1][$i])-1); |
|
1079 |
$links[1][$i] = '$chk = ( '.$links[1][$i].' ) ? true : false;'; |
|
1080 |
eval($links[1][$i]); |
|
1081 |
||
1082 |
if($chk) { // isset($this->tpl_bool[$links[1][$i]]) && $this->tpl_bool[$links[1][$i]] |
|
1083 |
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}')); |
|
1084 |
else $c = $links[2][$i]; |
|
1085 |
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); |
|
1086 |
} else { |
|
1087 |
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i])); |
|
1088 |
else $c = ''; |
|
1089 |
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); |
|
1090 |
} |
|
1091 |
} |
|
1092 |
||
1093 |
preg_match_all('#\{!if ([A-Za-z_-]*)\}(.*?)\{\/if\}#is', $message, $links); |
|
1094 |
||
1095 |
for($i=0;$i<sizeof($links[1]);$i++) |
|
1096 |
{ |
|
1097 |
$message = str_replace('{!if '.$links[1][$i].'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message); |
|
1098 |
if(isset($this->tpl_bool[$links[1][$i]]) && $this->tpl_bool[$links[1][$i]]) { |
|
1099 |
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i])); |
|
1100 |
else $c = ''; |
|
1101 |
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); |
|
1102 |
} else { |
|
1103 |
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}')); |
|
1104 |
else $c = $links[2][$i]; |
|
1105 |
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); |
|
1106 |
} |
|
1107 |
} |
|
1108 |
||
1109 |
/* |
|
1110 |
* HTML RENDERER |
|
1111 |
*/ |
|
1112 |
||
1113 |
// Images |
|
1114 |
$j = preg_match_all('#\[\[:'.$paths->nslist['File'].'([\w\s0-9_\(\)!@%\^\+\|\.-]+?)\]\]#is', $message, $matchlist); |
|
1115 |
$matches = Array(); |
|
1116 |
$matches['images'] = $matchlist[1]; |
|
1117 |
for($i=0;$i<sizeof($matchlist[1]);$i++) |
|
1118 |
{ |
|
1119 |
if(isPage($paths->nslist['File'].$matches['images'][$i])) |
|
1120 |
{ |
|
1121 |
$message = str_replace('[[:'.$paths->nslist['File'].$matches['images'][$i].']]', |
|
1122 |
'<img alt="'.$matches['images'][$i].'" style="border: 0" src="'.makeUrlNS('Special', 'DownloadFile/'.$matches['images'][$i]).'" />', |
|
1123 |
$message); |
|
1124 |
} |
|
1125 |
} |
|
1126 |
||
1127 |
// Internal links |
|
1128 |
||
1129 |
$text_parser = $this->makeParserText($tplvars['sidebar_button']); |
|
1130 |
||
1131 |
preg_match_all('#\[\[([a-zA-Z0-9 -_]*?)\]\]#is', $message, $il); |
|
1132 |
for($i=0;$i<sizeof($il[1]);$i++) |
|
1133 |
{ |
|
1134 |
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true); |
|
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1135 |
$text_parser->assign_vars(Array( |
1 | 1136 |
'HREF' => $href, |
1137 |
'FLAGS' => '', |
|
1138 |
'TEXT' => $il[1][$i] |
|
1139 |
)); |
|
1140 |
$message = str_replace("[[{$il[1][$i]}]]", $text_parser->run(), $message); |
|
1141 |
} |
|
1142 |
||
1143 |
preg_match_all('#\[\[([a-zA-Z0-9 -_]*?)\|([a-zA-Z0-9!@\#\$%\^&\*\(\)\{\} -_]*?)\]\]#is', $message, $il); |
|
1144 |
for($i=0;$i<sizeof($il[1]);$i++) |
|
1145 |
{ |
|
1146 |
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true); |
|
1147 |
$text_parser->assign_vars(Array( |
|
1148 |
'HREF' => $href, |
|
1149 |
'FLAGS' => '', |
|
1150 |
'TEXT' => $il[2][$i] |
|
1151 |
)); |
|
1152 |
$message = str_replace("[[{$il[1][$i]}|{$il[2][$i]}]]", $text_parser->run(), $message); |
|
1153 |
} |
|
1154 |
||
1155 |
// External links |
|
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1156 |
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?) ([^\]]+)\\]#', '<a href="\\1://\\2">\\3</a><br style="display: none;" />', $message); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1157 |
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', '<a href="\\1://\\2">\\1://\\2</a><br style="display: none;" />', $message); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1158 |
|
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1159 |
preg_match_all('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\ ([^\]]+)]#', $message, $ext_link); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1160 |
|
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1161 |
for ( $i = 0; $i < count($ext_link[0]); $i++ ) |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1162 |
{ |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1163 |
$text_parser->assign_vars(Array( |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1164 |
'HREF' => "{$ext_link[1][$i]}://{$ext_link[2][$i]}", |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1165 |
'FLAGS' => '', |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1166 |
'TEXT' => $ext_link[3][$i] |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1167 |
)); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1168 |
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1169 |
} |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1170 |
|
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1171 |
preg_match_all('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', $message, $ext_link); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1172 |
|
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1173 |
for ( $i = 0; $i < count($ext_link[0]); $i++ ) |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1174 |
{ |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1175 |
$text_parser->assign_vars(Array( |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1176 |
'HREF' => "{$ext_link[1][$i]}://{$ext_link[2][$i]}", |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1177 |
'FLAGS' => '', |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1178 |
'TEXT' => htmlspecialchars("{$ext_link[1][$i]}://{$ext_link[2][$i]}") |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1179 |
)); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1180 |
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message); |
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
parents:
57
diff
changeset
|
1181 |
} |
1 | 1182 |
|
1183 |
$parser1 = $this->makeParserText($tplvars['sidebar_section']); |
|
1184 |
$parser2 = $this->makeParserText($tplvars['sidebar_section_raw']); |
|
1185 |
||
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
parents:
59
diff
changeset
|
1186 |
preg_match_all('#\{slider(2|)=([^\}]*?)\}(.*?)\{\/slider(2|)\}#is', $message, $sb); |
1 | 1187 |
|
1188 |
// Modified to support the sweet new template var system |
|
1189 |
for($i=0;$i<sizeof($sb[1]);$i++) |
|
1190 |
{ |
|
1191 |
$p = ($sb[1][$i] == '2') ? $parser2 : $parser1; |
|
1192 |
$p->assign_vars(Array('TITLE'=>$sb[2][$i],'CONTENT'=>$sb[3][$i])); |
|
1193 |
$message = str_replace("{slider{$sb[1][$i]}={$sb[2][$i]}}{$sb[3][$i]}{/slider{$sb[4][$i]}}", $p->run(), $message); |
|
1194 |
} |
|
1195 |
||
1196 |
/* |
|
1197 |
Extras ;-) |
|
1198 |
$message = preg_replace('##is', '', $message); |
|
1199 |
$message = preg_replace('##is', '', $message); |
|
1200 |
$message = preg_replace('##is', '', $message); |
|
1201 |
$message = preg_replace('##is', '', $message); |
|
1202 |
$message = preg_replace('##is', '', $message); |
|
1203 |
*/ |
|
1204 |
||
1205 |
//die('<pre>'.htmlspecialchars($message).'</pre>'); |
|
1206 |
//eval($message); exit; |
|
1207 |
return $message; |
|
1208 |
} |
|
1209 |
||
1210 |
/** |
|
1211 |
* Print a text field that auto-completes a username entered into it. |
|
1212 |
* @param string $name - the name of the form field |
|
1213 |
* @return string |
|
1214 |
*/ |
|
1215 |
||
1216 |
function username_field($name, $value = false) |
|
1217 |
{ |
|
1218 |
$randomid = md5( time() . microtime() . mt_rand() ); |
|
1219 |
$text = '<input name="'.$name.'" onkeyup="ajaxUserNameComplete(this)" autocomplete="off" type="text" size="30" id="userfield_'.$randomid.'"'; |
|
1220 |
if($value) $text .= ' value="'.$value.'"'; |
|
1221 |
$text .= ' />'; |
|
1222 |
return $text; |
|
1223 |
} |
|
1224 |
||
1225 |
/** |
|
1226 |
* Print a text field that auto-completes a page name entered into it. |
|
1227 |
* @param string $name - the name of the form field |
|
1228 |
* @return string |
|
1229 |
*/ |
|
1230 |
||
1231 |
function pagename_field($name, $value = false) |
|
1232 |
{ |
|
1233 |
$randomid = md5( time() . microtime() . mt_rand() ); |
|
1234 |
$text = '<input name="'.$name.'" onkeyup="ajaxPageNameComplete(this)" type="text" size="30" id="pagefield_'.$randomid.'"'; |
|
1235 |
if($value) $text .= ' value="'.$value.'"'; |
|
1236 |
$text .= ' />'; |
|
1237 |
$text .= '<script type="text/javascript"> |
|
1238 |
var inp = document.getElementById(\'pagefield_' . $randomid . '\'); |
|
1239 |
var f = get_parent_form(inp); |
|
1240 |
if ( f ) |
|
1241 |
{ |
|
1242 |
if ( typeof(f.onsubmit) != \'function\' ) |
|
1243 |
{ |
|
1244 |
f.onsubmit = function() { |
|
1245 |
if ( !submitAuthorized ) |
|
1246 |
{ |
|
1247 |
return false; |
|
1248 |
} |
|
1249 |
} |
|
1250 |
} |
|
1251 |
}</script>'; |
|
1252 |
return $text; |
|
1253 |
} |
|
1254 |
||
1255 |
/** |
|
1256 |
* Sends a textarea that can be converted to and from a TinyMCE widget on the fly. |
|
1257 |
* @param string The name of the form element |
|
1258 |
* @param string The initial content. Optional, defaults to blank |
|
1259 |
* @param int Rows in textarea |
|
1260 |
* @param int Columns in textarea |
|
1261 |
* @return string HTML and Javascript code. |
|
1262 |
*/ |
|
1263 |
||
1264 |
function tinymce_textarea($name, $content = '', $rows = 20, $cols = 60) |
|
1265 |
{ |
|
1266 |
$randomid = md5(microtime() . mt_rand()); |
|
1267 |
$html = ''; |
|
1268 |
$html .= '<textarea name="' . $name . '" rows="'.$rows.'" cols="'.$cols.'" style="width: 100%;" id="toggleMCEroot_'.$randomid.'">' . $content . '</textarea>'; |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1269 |
$html .= '<div style="float: right; display: table;" id="mceSwitchAgent_' . $randomid . '">text editor | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">graphical editor</a></div>'; |
1 | 1270 |
$html .= '<script type="text/javascript"> |
1271 |
// <![CDATA[ |
|
1272 |
function toggleMCE_'.$randomid.'() |
|
1273 |
{ |
|
1274 |
var the_obj = document.getElementById(\'toggleMCEroot_' . $randomid . '\'); |
|
1275 |
var panel = document.getElementById(\'mceSwitchAgent_' . $randomid . '\'); |
|
1276 |
if ( the_obj.dnIsMCE == "yes" ) |
|
1277 |
{ |
|
1278 |
$dynano(the_obj).destroyMCE(); |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1279 |
panel.innerHTML = \'text editor | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">graphical editor</a>\'; |
1 | 1280 |
} |
1281 |
else |
|
1282 |
{ |
|
1283 |
$dynano(the_obj).switchToMCE(); |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1284 |
panel.innerHTML = \'<a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">text editor</a> | graphical editor\'; |
1 | 1285 |
} |
1286 |
} |
|
1287 |
// ]]> |
|
1288 |
</script>'; |
|
1289 |
return $html; |
|
1290 |
} |
|
1291 |
||
1292 |
/** |
|
1293 |
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;) |
|
1294 |
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class. |
|
1295 |
* @param $filename the filename of the template to be parsed |
|
1296 |
* @return object |
|
1297 |
*/ |
|
1298 |
||
1299 |
function makeParser($filename) |
|
1300 |
{ |
|
1301 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1302 |
$filename = ENANO_ROOT.'/themes/'.$template->theme.'/'.$filename; |
|
1303 |
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist'); |
|
1304 |
$code = file_get_contents($filename); |
|
1305 |
$parser = new templateIndividual($code); |
|
1306 |
return $parser; |
|
1307 |
} |
|
1308 |
||
1309 |
/** |
|
1310 |
* Same as $template->makeParser(), but takes a string instead of a filename. |
|
1311 |
* @param $text the text to parse |
|
1312 |
* @return object |
|
1313 |
*/ |
|
1314 |
||
1315 |
function makeParserText($code) |
|
1316 |
{ |
|
1317 |
$parser = new templateIndividual($code); |
|
1318 |
return $parser; |
|
1319 |
} |
|
1320 |
||
1321 |
/** |
|
1322 |
* Fetch the HTML for a plugin-added sidebar block |
|
1323 |
* @param $name the plugin name |
|
1324 |
* @return string |
|
1325 |
*/ |
|
1326 |
||
1327 |
function fetch_block($id) |
|
1328 |
{ |
|
1329 |
if(isset($this->plugin_blocks[$id])) return $this->plugin_blocks[$id]; |
|
1330 |
else return false; |
|
1331 |
} |
|
1332 |
||
1333 |
/** |
|
1334 |
* Fetches the contents of both sidebars. |
|
1335 |
* @return array - key 0 is left, key 1 is right |
|
1336 |
* @example list($left, $right) = $template->fetch_sidebar(); |
|
1337 |
*/ |
|
1338 |
||
1339 |
function fetch_sidebar() |
|
1340 |
{ |
|
1341 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1342 |
||
1343 |
$left = ''; |
|
1344 |
$right = ''; |
|
1345 |
||
1346 |
if ( !$this->fetch_block('Links') ) |
|
1347 |
$this->initLinksWidget(); |
|
1348 |
||
1349 |
$q = $db->sql_query('SELECT item_id,sidebar_id,block_name,block_type,block_content FROM '.table_prefix.'sidebar WHERE item_enabled=1 ORDER BY sidebar_id ASC, item_order ASC;'); |
|
1350 |
if(!$q) $db->_die('The sidebar text data could not be selected.'); |
|
1351 |
||
1352 |
$vars = $this->extract_vars('elements.tpl'); |
|
1353 |
||
1354 |
if(isset($vars['sidebar_top'])) |
|
1355 |
{ |
|
1356 |
$left .= $this->parse($vars['sidebar_top']); |
|
1357 |
$right .= $this->parse($vars['sidebar_top']); |
|
1358 |
} |
|
1359 |
while($row = $db->fetchrow()) |
|
1360 |
{ |
|
1361 |
switch($row['block_type']) |
|
1362 |
{ |
|
1363 |
case BLOCK_WIKIFORMAT: |
|
1364 |
default: |
|
1365 |
$parser = $this->makeParserText($vars['sidebar_section']); |
|
1366 |
$c = RenderMan::render($row['block_content']); |
|
1367 |
break; |
|
1368 |
case BLOCK_TEMPLATEFORMAT: |
|
1369 |
$parser = $this->makeParserText($vars['sidebar_section']); |
|
1370 |
$c = $this->tplWikiFormat($row['block_content']); |
|
1371 |
break; |
|
1372 |
case BLOCK_HTML: |
|
1373 |
$parser = $this->makeParserText($vars['sidebar_section_raw']); |
|
1374 |
$c = $row['block_content']; |
|
1375 |
break; |
|
1376 |
case BLOCK_PHP: |
|
1377 |
$parser = $this->makeParserText($vars['sidebar_section_raw']); |
|
1378 |
ob_start(); |
|
1379 |
@eval($row['block_content']); |
|
1380 |
$c = ob_get_contents(); |
|
1381 |
ob_end_clean(); |
|
1382 |
break; |
|
1383 |
case BLOCK_PLUGIN: |
|
1384 |
$parser = $this->makeParserText($vars['sidebar_section_raw']); |
|
1385 |
$c = (gettype($this->fetch_block($row['block_content'])) == 'string') ? $this->fetch_block($row['block_content']) : 'Can\'t find plugin block'; |
|
1386 |
break; |
|
1387 |
} |
|
1388 |
$parser->assign_vars(Array( 'TITLE'=>$this->tplWikiFormat($row['block_name']), 'CONTENT'=>$c )); |
|
1389 |
if ($row['sidebar_id'] == SIDEBAR_LEFT ) $left .= $parser->run(); |
|
1390 |
elseif($row['sidebar_id'] == SIDEBAR_RIGHT) $right .= $parser->run(); |
|
1391 |
unset($parser); |
|
1392 |
} |
|
1393 |
$db->free_result(); |
|
1394 |
if(isset($vars['sidebar_bottom'])) |
|
1395 |
{ |
|
1396 |
$left .= $this->parse($vars['sidebar_bottom']); |
|
1397 |
$right .= $this->parse($vars['sidebar_bottom']); |
|
1398 |
} |
|
1399 |
$min = ''; |
|
1400 |
if(isset($vars['sidebar_top'])) |
|
1401 |
{ |
|
1402 |
$min .= $this->parse($vars['sidebar_top']); |
|
1403 |
} |
|
1404 |
if(isset($vars['sidebar_bottom'])) |
|
1405 |
{ |
|
1406 |
$min .= $this->parse($vars['sidebar_bottom']); |
|
1407 |
} |
|
1408 |
return Array($left, $right, $min); |
|
1409 |
} |
|
1410 |
||
1411 |
function initLinksWidget() |
|
1412 |
{ |
|
1413 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1414 |
// SourceForge/W3C buttons |
|
1415 |
$ob = Array(); |
|
27
dd659f6ba891
Converting all tables on new installations to UTF-8; this may break MySQL 4.0 compatibility; several minor cosmetic fixes; set Powered button under Links to "on" by default
Dan
parents:
22
diff
changeset
|
1416 |
$admintitle = ( $session->user_level >= USER_LEVEL_ADMIN ) ? 'title="You may disable this button in the admin panel under General Configuration."' : ''; |
1 | 1417 |
if(getConfig('sflogo_enabled')=='1') |
1418 |
{ |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1419 |
$ob[] = '<a style="text-align: center;" href="http://sourceforge.net/" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border-width: 0px;" alt="SourceForge.net Logo" src="http://sflogo.sourceforge.net/sflogo.php?group_id='.getConfig('sflogo_groupid').'&type='.getConfig('sflogo_type').'" /></a>'; |
1 | 1420 |
} |
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1421 |
if(getConfig('w3c_v32') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 3.2" src="http://www.w3.org/Icons/valid-html32" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1422 |
if(getConfig('w3c_v40') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.0" src="http://www.w3.org/Icons/valid-html40" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1423 |
if(getConfig('w3c_v401') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.01" src="http://www.w3.org/Icons/valid-html401" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1424 |
if(getConfig('w3c_vxhtml10')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.0" src="http://www.w3.org/Icons/valid-xhtml10" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1425 |
if(getConfig('w3c_vxhtml11')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.1" src="http://www.w3.org/Icons/valid-xhtml11" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1426 |
if(getConfig('w3c_vcss') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid CSS" src="http://www.w3.org/Icons/valid-css" /></a>'; |
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1427 |
if(getConfig('dbd_button') =='1') $ob[] = '<a style="text-align: center;" href="http://www.defectivebydesign.org/join/button" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="DRM technology restricts what you can do with your computer" src="http://defectivebydesign.org/sites/nodrm.civicactions.net/files/images/dbd_sm_btn.gif" /><br /><small>Protect your freedom >></small></a>'; |
1 | 1428 |
|
1429 |
$code = $plugins->setHook('links_widget'); |
|
1430 |
foreach ( $code as $cmd ) |
|
1431 |
{ |
|
1432 |
eval($cmd); |
|
1433 |
} |
|
1434 |
||
71 | 1435 |
if(count($ob) > 0 || getConfig('powered_btn') == '1') $sb_links = '<div style="text-align: center; padding: 5px 0;">'. ( ( getConfig('powered_btn') == '1' ) ? $this->fading_button : '' ) . implode('<br />', $ob).'</div>'; |
1 | 1436 |
else $sb_links = ''; |
1437 |
||
1438 |
$this->sidebar_widget('Links', $sb_links); |
|
1439 |
} |
|
1440 |
||
1441 |
/** |
|
1442 |
* Builds a box showing unread private messages. |
|
1443 |
*/ |
|
1444 |
||
1445 |
function notify_unread_pms() |
|
1446 |
{ |
|
1447 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1448 |
if ( ( $paths->cpage['urlname_nons'] == 'PrivateMessages' || $paths->cpage['urlname_nons'] == 'Preferences' ) && $paths->namespace == 'Special' ) |
|
1449 |
{ |
|
1450 |
return ''; |
|
1451 |
} |
|
1452 |
$ob = '<div class="usermessage">'."\n"; |
|
1453 |
$s = ( $session->unread_pms == 1 ) ? '' : 's'; |
|
1454 |
$ob .= " <b>You have $session->unread_pms <a href=" . '"' . makeUrlNS('Special', 'PrivateMessages' ) . '"' . ">unread private message$s</a>.</b><br />\n Messages: "; |
|
1455 |
$q = $db->sql_query('SELECT message_id,message_from,subject,date FROM '.table_prefix.'privmsgs WHERE message_to=\'' . $session->username . '\' AND message_read=0 ORDER BY date DESC;'); |
|
1456 |
if ( !$q ) |
|
1457 |
$db->_die(); |
|
1458 |
$messages = array(); |
|
1459 |
while ( $row = $db->fetchrow() ) |
|
1460 |
{ |
|
1461 |
$messages[] = '<a href="' . makeUrlNS('Special', 'PrivateMessages/View/' . $row['message_id']) . '" title="Sent ' . date('F d, Y h:i a', $row['date']) . ' by ' . $row['message_from'] . '">' . $row['subject'] . '</a>'; |
|
1462 |
} |
|
1463 |
$ob .= implode(",\n " , $messages)."\n"; |
|
1464 |
$ob .= '</div>'."\n"; |
|
1465 |
return $ob; |
|
1466 |
} |
|
1467 |
||
1468 |
} // class template |
|
1469 |
||
1470 |
/** |
|
1471 |
* Handles parsing of an individual template file. Instances should only be created through $template->makeParser(). To use: |
|
1472 |
* - Call $template->makeParser(template file name) - file name should be something.tpl, css/whatever.css, etc. |
|
1473 |
* - Make an array of strings you want the template to access. $array['STRING'] would be referenced in the template like {STRING} |
|
1474 |
* - Make an array of boolean values. These can be used for conditionals in the template (<!-- IF something --> whatever <!-- ENDIF something -->) |
|
1475 |
* - Call assign_vars() to pass the strings to the template parser. Same thing with assign_bool(). |
|
1476 |
* - Call run() to parse the template and get your fully compiled HTML. |
|
1477 |
* @access private |
|
1478 |
*/ |
|
1479 |
||
1480 |
class templateIndividual extends template { |
|
1481 |
var $tpl_strings, $tpl_bool, $tpl_code; |
|
1482 |
var $compiled = false; |
|
1483 |
/** |
|
1484 |
* Constructor. |
|
1485 |
*/ |
|
1486 |
function __construct($text) |
|
1487 |
{ |
|
1488 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1489 |
$this->tpl_code = $text; |
|
1490 |
$this->tpl_strings = $template->tpl_strings; |
|
1491 |
$this->tpl_bool = $template->tpl_bool; |
|
1492 |
} |
|
1493 |
/** |
|
1494 |
* PHP 4 constructor. |
|
1495 |
*/ |
|
1496 |
function templateIndividual($text) |
|
1497 |
{ |
|
1498 |
$this->__construct($text); |
|
1499 |
} |
|
1500 |
/** |
|
1501 |
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file. |
|
1502 |
* @param $vars array |
|
1503 |
*/ |
|
1504 |
function assign_vars($vars) |
|
1505 |
{ |
|
1506 |
$this->tpl_strings = array_merge($this->tpl_strings, $vars); |
|
1507 |
} |
|
1508 |
/** |
|
1509 |
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements. |
|
1510 |
* @param $vars array |
|
1511 |
*/ |
|
1512 |
function assign_bool($vars) |
|
1513 |
{ |
|
1514 |
$this->tpl_bool = array_merge($this->tpl_bool, $vars); |
|
1515 |
} |
|
1516 |
/** |
|
1517 |
* Compiles and executes the template code. |
|
1518 |
* @return string |
|
1519 |
*/ |
|
1520 |
function run() |
|
1521 |
{ |
|
1522 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1523 |
if(!$this->compiled) |
|
1524 |
{ |
|
1525 |
$this->tpl_code = $this->compile_template_text($this->tpl_code); |
|
1526 |
$this->compiled = true; |
|
1527 |
} |
|
1528 |
return eval($this->tpl_code); |
|
1529 |
} |
|
1530 |
} |
|
1531 |
||
1532 |
/** |
|
1533 |
* A version of the template compiler that does not rely at all on the other parts of Enano. Used during installation and for showing |
|
1534 |
* "critical error" messages. ** REQUIRES ** the Oxygen theme. |
|
1535 |
*/ |
|
1536 |
||
1537 |
class template_nodb { |
|
1538 |
var $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list; |
|
1539 |
function __construct() { |
|
1540 |
||
1541 |
$this->tpl_bool = Array(); |
|
1542 |
$this->tpl_strings = Array(); |
|
1543 |
$this->sidebar_extra = ''; |
|
1544 |
$this->sidebar_widgets = ''; |
|
1545 |
$this->toolbar_menu = ''; |
|
1546 |
$this->additional_headers = ''; |
|
1547 |
||
1548 |
$this->theme_list = Array(Array( |
|
1549 |
'theme_id'=>'oxygen', |
|
1550 |
'theme_name'=>'Oxygen', |
|
1551 |
'theme_order'=>1, |
|
1552 |
'enabled'=>1, |
|
1553 |
)); |
|
1554 |
} |
|
1555 |
function template() { |
|
1556 |
$this->__construct(); |
|
1557 |
} |
|
1558 |
function get_css($s = false) { |
|
1559 |
if($s) |
|
1560 |
return $this->process_template('css/'.$s); |
|
1561 |
else |
|
1562 |
return $this->process_template('css/'.$this->style.'.css'); |
|
1563 |
} |
|
1564 |
function load_theme($name, $css, $auto_init = true) { |
|
1565 |
$this->theme = $name; |
|
1566 |
$this->style = $css; |
|
1567 |
||
1568 |
$this->tpl_strings['SCRIPTPATH'] = scriptPath; |
|
1569 |
if ( $auto_init ) |
|
1570 |
$this->init_vars(); |
|
1571 |
} |
|
1572 |
function init_vars() |
|
1573 |
{ |
|
1574 |
global $sideinfo; |
|
1575 |
global $this_page; |
|
1576 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1577 |
$tplvars = $this->extract_vars('elements.tpl'); |
|
1578 |
$tb = ''; |
|
1579 |
// Get the "article" button text (depends on namespace) |
|
1580 |
if(defined('IN_ENANO_INSTALL')) $ns = 'installation page'; |
|
1581 |
else $ns = 'system error page'; |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1582 |
$t = str_replace('{FLAGS}', 'onclick="if ( !KILL_SWITCH ) { return false; }" title="Hey! A button that doesn\'t do anything. Clever..." accesskey="a"', $tplvars['toolbar_button']); |
1 | 1583 |
$t = str_replace('{HREF}', '#', $t); |
1584 |
$t = str_replace('{TEXT}', $ns, $t); |
|
1585 |
$tb .= $t; |
|
1586 |
||
1587 |
// Page toolbar |
|
1588 |
||
1589 |
$this->tpl_bool = Array( |
|
1590 |
'auth_admin'=>true, |
|
1591 |
'user_logged_in'=>true, |
|
1592 |
'right_sidebar'=>false, |
|
1593 |
); |
|
1594 |
$this->tpl_bool['in_sidebar_admin'] = false; |
|
1595 |
||
1596 |
$this->tpl_bool['auth_rename'] = false; |
|
1597 |
||
1598 |
$asq = $asa = ''; |
|
1599 |
||
1600 |
$this->tpl_bool['fixed_menus'] = false; |
|
1601 |
$slink = defined('IN_ENANO_INSTALL') ? scriptPath.'/install.php?mode=css' : makeUrlNS('Special', 'CSS'); |
|
1602 |
||
1603 |
$title = ( is_object($paths) ) ? $paths->page : 'Critical error'; |
|
1604 |
||
1605 |
// The rewritten template engine will process all required vars during the load_template stage instead of (cough) re-processing everything each time around. |
|
1606 |
$tpl_strings = Array( |
|
1607 |
'PAGE_NAME'=>$this_page, |
|
1608 |
'PAGE_URLNAME'=>'Null', |
|
1609 |
'SITE_NAME'=>'Enano Installation', |
|
1610 |
'USERNAME'=>'admin', |
|
1611 |
'SITE_DESC'=>'Install Enano on your server.', |
|
1612 |
'TOOLBAR'=>$tb, |
|
1613 |
'SCRIPTPATH'=>scriptPath, |
|
1614 |
'CONTENTPATH'=>contentPath, |
|
1615 |
'ADMIN_SID_QUES'=>$asq, |
|
1616 |
'ADMIN_SID_AMP'=>$asa, |
|
1617 |
'ADMIN_SID_AMP_HTML'=>'', |
|
1618 |
'ADDITIONAL_HEADERS'=>'<style type="text/css">div.pagenav { border-top: 1px solid #CCC; padding-top: 7px; margin-top: 10px; }</style>', |
|
1619 |
'SIDEBAR_EXTRA'=>'', |
|
1620 |
'COPYRIGHT'=>'Enano and all of its code, graphics, and more code is copyright © 2006 Dan Fuhry.<br />This program is Free Software; see the file "GPL" included with this package for details.', |
|
1621 |
'TOOLBAR_EXTRAS'=>'', |
|
1622 |
'REQUEST_URI'=>$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], |
|
1623 |
'STYLE_LINK'=>$slink, |
|
1624 |
'LOGOUT_LINK'=>'', |
|
1625 |
'THEME_LINK'=>'', |
|
1626 |
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme, |
|
1627 |
'THEME_ID'=>$this->theme, |
|
1628 |
'STYLE_ID'=>$this->style, |
|
1629 |
'JS_DYNAMIC_VARS'=>'<script type="text/javascript">var title="'. $title .'"; var scriptPath="'.scriptPath.'"; var ENANO_SID=""; var AES_BITS='.AES_BITS.'; var AES_BLOCKSIZE=' . AES_BLOCKSIZE . '; var pagepass=\'\';</script>', |
|
1630 |
'SIDEBAR_RIGHT'=>'', |
|
1631 |
); |
|
1632 |
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings); |
|
1633 |
||
1634 |
$sidebar = ( gettype($sideinfo) == 'string' ) ? $sideinfo : ''; |
|
1635 |
if($sidebar != '') |
|
1636 |
{ |
|
1637 |
if(isset($tplvars['sidebar_top'])) |
|
1638 |
{ |
|
1639 |
$text = $this->makeParserText($tplvars['sidebar_top']); |
|
1640 |
$top = $text->run(); |
|
1641 |
} else { |
|
1642 |
$top = ''; |
|
1643 |
} |
|
1644 |
$p = $this->makeParserText($tplvars['sidebar_section']); |
|
1645 |
$p->assign_vars(Array( |
|
1646 |
'TITLE'=>'Installation progress', |
|
1647 |
'CONTENT'=>$sidebar, |
|
1648 |
)); |
|
1649 |
$sidebar = $p->run(); |
|
1650 |
if(isset($tplvars['sidebar_bottom'])) |
|
1651 |
{ |
|
1652 |
$text = $this->makeParserText($tplvars['sidebar_bottom']); |
|
1653 |
$bottom = $text->run(); |
|
1654 |
} else { |
|
1655 |
$bottom = ''; |
|
1656 |
} |
|
1657 |
$sidebar = $top . $sidebar . $bottom; |
|
1658 |
} |
|
1659 |
$this->tpl_strings['SIDEBAR_LEFT'] = $sidebar; |
|
1660 |
||
1661 |
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != '') ? true : false; |
|
1662 |
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != '') ? true : false; |
|
1663 |
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility |
|
1664 |
$this->tpl_bool['stupid_mode'] = true; |
|
1665 |
} |
|
1666 |
function header() |
|
1667 |
{ |
|
1668 |
if(!$this->no_headers) echo $this->process_template('header.tpl'); |
|
1669 |
} |
|
1670 |
function footer() |
|
1671 |
{ |
|
1672 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1673 |
if(!$this->no_headers) { |
|
1674 |
global $_starttime; |
|
91 | 1675 |
|
1 | 1676 |
$f = microtime(true); |
1677 |
$f = $f - $_starttime; |
|
1678 |
$f = round($f, 4); |
|
1679 |
if(defined('IN_ENANO_INSTALL')) $nq = 'N/A'; |
|
1680 |
else $nq = $db->num_queries; |
|
1681 |
if($nq == 0) $nq = 'N/A'; |
|
1682 |
$dbg = 'Time: '.$f.'s | Queries: '.$nq; |
|
1683 |
$t = $this->process_template('footer.tpl'); |
|
1684 |
$t = str_replace('[[Stats]]', $dbg, $t); |
|
98
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
1685 |
if ( is_object($db) ) |
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
1686 |
{ |
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
1687 |
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t); |
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
1688 |
} |
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
1689 |
else |
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
1690 |
{ |
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
1691 |
$t = str_replace('[[NumQueries]]', '0', $t); |
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
parents:
91
diff
changeset
|
1692 |
} |
91 | 1693 |
$t = str_replace('[[GenTime]]', (string)$f, $t); |
1694 |
||
1 | 1695 |
echo $t; |
1696 |
} |
|
1697 |
else return ''; |
|
1698 |
} |
|
1699 |
function getHeader() |
|
1700 |
{ |
|
1701 |
if(!$this->no_headers) return $this->process_template('header.tpl'); |
|
1702 |
else return ''; |
|
1703 |
} |
|
1704 |
function getFooter() |
|
1705 |
{ |
|
1706 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1707 |
if(!$this->no_headers) { |
|
1708 |
global $_starttime; |
|
1709 |
$f = microtime(true); |
|
1710 |
$f = $f - $_starttime; |
|
1711 |
$f = round($f, 4); |
|
1712 |
if(defined('IN_ENANO_INSTALL')) $nq = 'N/A'; |
|
1713 |
else $nq = $db->num_queries; |
|
1714 |
if($nq == 0) $nq = 'N/A'; |
|
1715 |
$dbg = 'Time: '.$f.'s | Queries: '.$nq; |
|
1716 |
if($nq == 0) $nq = 'N/A'; |
|
1717 |
$t = $this->process_template('footer.tpl'); |
|
1718 |
$t = str_replace('[[Stats]]', $dbg, $t); |
|
1719 |
return $t; |
|
1720 |
} |
|
1721 |
else return ''; |
|
1722 |
} |
|
1723 |
||
1724 |
function process_template($file) { |
|
1725 |
||
1726 |
eval($this->compile_template($file)); |
|
1727 |
return $tpl_code; |
|
1728 |
} |
|
1729 |
||
1730 |
function extract_vars($file) { |
|
1731 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1732 |
if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file)) die('Cannot find '.$file.' file for style "'.$this->theme.'", exiting'); |
|
1733 |
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file); |
|
1734 |
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches); |
|
1735 |
$tplvars = Array(); |
|
1736 |
for($i=0;$i<sizeof($matches[1]);$i++) |
|
1737 |
{ |
|
1738 |
$tplvars[$matches[1][$i]] = $matches[2][$i]; |
|
1739 |
} |
|
1740 |
return $tplvars; |
|
1741 |
} |
|
1742 |
function compile_template($text) { |
|
1743 |
global $sideinfo; |
|
1744 |
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text); |
|
1745 |
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection |
|
1746 |
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;'; |
|
1747 |
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text); |
|
1748 |
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text); |
|
1749 |
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text); |
|
1750 |
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;">Enano critical error page</a></div></div>', $text); |
|
1751 |
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text); |
|
1752 |
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text); |
|
1753 |
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text); |
|
1754 |
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text); |
|
1755 |
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); |
|
1756 |
return $text; //('<pre>'.htmlspecialchars($text).'</pre>'); |
|
1757 |
} |
|
1758 |
||
1759 |
function compile_template_text($text) { |
|
1760 |
global $sideinfo; |
|
1761 |
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection |
|
1762 |
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;'; |
|
1763 |
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text); |
|
1764 |
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text); |
|
1765 |
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text); |
|
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents:
54
diff
changeset
|
1766 |
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;>Enano critical error page</a></div></div>', $text); |
1 | 1767 |
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text); |
1768 |
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text); |
|
1769 |
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text); |
|
1770 |
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text); |
|
1771 |
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); |
|
1772 |
return $text; //('<pre>'.htmlspecialchars($text).'</pre>'); |
|
1773 |
} |
|
1774 |
||
1775 |
/** |
|
1776 |
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;) |
|
1777 |
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class. |
|
1778 |
* @param $filename the filename of the template to be parsed |
|
1779 |
* @return object |
|
1780 |
*/ |
|
1781 |
||
1782 |
function makeParser($filename) |
|
1783 |
{ |
|
1784 |
$filename = ENANO_ROOT.'/themes/'.$this->theme.'/'.$filename; |
|
1785 |
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist'); |
|
1786 |
$code = file_get_contents($filename); |
|
1787 |
$parser = new templateIndividualSafe($code, $this); |
|
1788 |
return $parser; |
|
1789 |
} |
|
1790 |
||
1791 |
/** |
|
1792 |
* Same as $template->makeParser(), but takes a string instead of a filename. |
|
1793 |
* @param $text the text to parse |
|
1794 |
* @return object |
|
1795 |
*/ |
|
1796 |
||
1797 |
function makeParserText($code) |
|
1798 |
{ |
|
1799 |
$parser = new templateIndividualSafe($code, $this); |
|
1800 |
return $parser; |
|
1801 |
} |
|
1802 |
||
1803 |
} // class template_nodb |
|
1804 |
||
1805 |
/** |
|
1806 |
* Identical to templateIndividual, except extends template_nodb instead of template |
|
1807 |
* @see class template |
|
1808 |
*/ |
|
1809 |
||
1810 |
class templateIndividualSafe extends template_nodb { |
|
1811 |
var $tpl_strings, $tpl_bool, $tpl_code; |
|
1812 |
var $compiled = false; |
|
1813 |
/** |
|
1814 |
* Constructor. |
|
1815 |
*/ |
|
1816 |
function __construct($text, $parent) |
|
1817 |
{ |
|
1818 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1819 |
$this->tpl_code = $text; |
|
1820 |
$this->tpl_strings = $parent->tpl_strings; |
|
1821 |
$this->tpl_bool = $parent->tpl_bool; |
|
1822 |
} |
|
1823 |
/** |
|
1824 |
* PHP 4 constructor. |
|
1825 |
*/ |
|
1826 |
function templateIndividual($text) |
|
1827 |
{ |
|
1828 |
$this->__construct($text); |
|
1829 |
} |
|
1830 |
/** |
|
1831 |
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file. |
|
1832 |
* @param $vars array |
|
1833 |
*/ |
|
1834 |
function assign_vars($vars) |
|
1835 |
{ |
|
1836 |
if(is_array($this->tpl_strings)) |
|
1837 |
$this->tpl_strings = array_merge($this->tpl_strings, $vars); |
|
1838 |
else |
|
1839 |
$this->tpl_strings = $vars; |
|
1840 |
} |
|
1841 |
/** |
|
1842 |
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements. |
|
1843 |
* @param $vars array |
|
1844 |
*/ |
|
1845 |
function assign_bool($vars) |
|
1846 |
{ |
|
1847 |
$this->tpl_bool = array_merge($this->tpl_bool, $vars); |
|
1848 |
} |
|
1849 |
/** |
|
1850 |
* Compiles and executes the template code. |
|
1851 |
* @return string |
|
1852 |
*/ |
|
1853 |
function run() |
|
1854 |
{ |
|
1855 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1856 |
if(!$this->compiled) |
|
1857 |
{ |
|
1858 |
$this->tpl_code = $this->compile_template_text($this->tpl_code); |
|
1859 |
$this->compiled = true; |
|
1860 |
} |
|
1861 |
return eval($this->tpl_code); |
|
1862 |
} |
|
1863 |
} |
|
1864 |
||
1865 |
?> |