/**
* for retrocompatibility with old AdminTab, old index.php
*
* @return void
*/
function runAdminTab($tab, $ajaxMode = false)
{
$ajaxMode = (bool) $ajaxMode;
require_once _PS_ADMIN_DIR_ . '/init.php';
$cookie = Context::getContext()->cookie;
if (empty($tab) && !sizeof($_POST)) {
$tab = 'AdminDashboard';
$_POST['tab'] = $tab;
$_POST['token'] = Tools::getAdminTokenLite($tab);
}
// $tab = $_REQUEST['tab'];
if ($adminObj = checkingTab($tab)) {
Context::getContext()->controller = $adminObj;
// init is different for new tabs (AdminController) and old tabs (AdminTab)
if ($adminObj instanceof AdminController) {
if ($ajaxMode) {
$adminObj->ajax = true;
}
$adminObj->path = dirname($_SERVER["PHP_SELF"]);
$adminObj->run();
} else {
if (!$ajaxMode) {
require_once _PS_ADMIN_DIR_ . '/header.inc.php';
}
$isoUser = Context::getContext()->language->id;
$tabs = array();
$tabs = Tab::recursiveTab($adminObj->id, $tabs);
$tabs = array_reverse($tabs);
$bread = '';
foreach ($tabs as $key => $item) {
$bread .= ' <img src="../img/admin/separator_breadcrumb.png" style="margin-right:5px" alt=">" />';
if (count($tabs) - 1 > $key) {
$bread .= '<a href="?tab=' . $item['class_name'] . '&token=' . Tools::getAdminToken($item['class_name'] . intval($item['id_tab']) . (int) Context::getContext()->employee->id) . '">';
}
$bread .= $item['name'];
if (count($tabs) - 1 > $key) {
$bread .= '</a>';
}
}
if (!$ajaxMode && Shop::isFeatureActive() && Shop::getContext() != Shop::CONTEXT_ALL && Context::getContext()->controller->multishop_context != Shop::CONTEXT_ALL) {
echo '<div class="multishop_info">';
if (Shop::getContext() == Shop::CONTEXT_GROUP) {
$shop_group = new ShopGroup((int) Shop::getContextShopGroupID());
printf(Translate::getAdminTranslation('You are configuring your store for group shop %s'), '<b>' . $shop_group->name . '</b>');
} elseif (Shop::getContext() == Shop::CONTEXT_SHOP) {
printf(Translate::getAdminTranslation('You are configuring your store for shop %s'), '<b>' . Context::getContext()->shop->name . '</b>');
}
echo '</div>';
}
if (Validate::isLoadedObject($adminObj)) {
if ($adminObj->checkToken()) {
if ($ajaxMode) {
// the differences with index.php is here
$adminObj->ajaxPreProcess();
$action = Tools::getValue('action');
// no need to use displayConf() here
if (!empty($action) && method_exists($adminObj, 'ajaxProcess' . Tools::toCamelCase($action))) {
$adminObj->{'ajaxProcess' . Tools::toCamelCase($action)}();
} else {
$adminObj->ajaxProcess();
}
// @TODO We should use a displayAjaxError
$adminObj->displayErrors();
if (!empty($action) && method_exists($adminObj, 'displayAjax' . Tools::toCamelCase($action))) {
$adminObj->{'displayAjax' . $action}();
} else {
$adminObj->displayAjax();
}
} else {
/* Filter memorization */
if (isset($_POST) && !empty($_POST) && isset($adminObj->table)) {
foreach ($_POST as $key => $value) {
if (is_array($adminObj->table)) {
foreach ($adminObj->table as $table) {
if (strncmp($key, $table . 'Filter_', 7) === 0 || strncmp($key, 'submitFilter', 12) === 0) {
$cookie->{$key} = !is_array($value) ? $value : serialize($value);
}
}
} elseif (strncmp($key, $adminObj->table . 'Filter_', 7) === 0 || strncmp($key, 'submitFilter', 12) === 0) {
$cookie->{$key} = !is_array($value) ? $value : serialize($value);
}
}
}
if (isset($_GET) && !empty($_GET) && isset($adminObj->table)) {
foreach ($_GET as $key => $value) {
if (is_array($adminObj->table)) {
foreach ($adminObj->table as $table) {
if (strncmp($key, $table . 'OrderBy', 7) === 0 || strncmp($key, $table . 'Orderway', 8) === 0) {
$cookie->{$key} = $value;
}
}
} elseif (strncmp($key, $adminObj->table . 'OrderBy', 7) === 0 || strncmp($key, $adminObj->table . 'Orderway', 12) === 0) {
$cookie->{$key} = $value;
}
}
}
$adminObj->displayConf();
$adminObj->postProcess();
$adminObj->displayErrors();
$adminObj->display();
include _PS_ADMIN_DIR_ . '/footer.inc.php';
}
} else {
if ($ajaxMode) {
// If this is an XSS attempt, then we should only display a simple, secure page
if (ob_get_level() && ob_get_length() > 0) {
ob_clean();
}
// ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17)
$url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}' . $adminObj->token . '$2', $_SERVER['REQUEST_URI']);
if (false === strpos($url, '?token=') && false === strpos($url, '&token=')) {
$url .= '&token=' . $adminObj->token;
}
// we can display the correct url
// die(Tools::jsonEncode(array(Translate::getAdminTranslation('Invalid security token'),$url)));
die(Tools::jsonEncode(Translate::getAdminTranslation('Invalid security token')));
} else {
// If this is an XSS attempt, then we should only display a simple, secure page
if (ob_get_level() && ob_get_length() > 0) {
ob_clean();
}
// ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17)
$url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}' . $adminObj->token . '$2', $_SERVER['REQUEST_URI']);
if (false === strpos($url, '?token=') && false === strpos($url, '&token=')) {
$url .= '&token=' . $adminObj->token;
}
$message = Translate::getAdminTranslation('Invalid security token');
echo '<html><head><title>' . $message . '</title></head><body style="font-family:Arial,Verdana,Helvetica,sans-serif;background-color:#EC8686">
<div style="background-color:#FAE2E3;border:1px solid #000000;color:#383838;font-weight:700;line-height:20px;margin:0 0 10px;padding:10px 15px;width:500px">
<img src="../img/admin/error2.png" style="margin:-4px 5px 0 0;vertical-align:middle">
' . $message . '
</div>';
echo '<a href="' . htmlentities($url) . '" method="get" style="float:left;margin:10px">
<input type="button" value="' . Tools::htmlentitiesUTF8(Translate::getAdminTranslation('I understand the risks and I really want to display this page')) . '" style="height:30px;margin-top:5px" />
</a>
<a href="index.php" method="get" style="float:left;margin:10px">
<input type="button" value="' . Tools::htmlentitiesUTF8(Translate::getAdminTranslation('Take me out of here!')) . '" style="height:40px" />
</a>
</body></html>';
die;
}
}
}
}
}
}
* @version Release: $Revision: 6594 $
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* International Registered Trademark & Property of PrestaShop SA
*/
define('_PS_ADMIN_DIR_', getcwd());
define('PS_ADMIN_DIR', _PS_ADMIN_DIR_);
// Retro-compatibility
include PS_ADMIN_DIR . '/../config/config.inc.php';
include PS_ADMIN_DIR . '/functions.php';
include PS_ADMIN_DIR . '/header.inc.php';
if (empty($tab) and !sizeof($_POST)) {
$tab = 'AdminHome';
$_POST['tab'] = 'AdminHome';
$_POST['token'] = Tools::getAdminTokenLite($tab);
}
if ($id_tab = checkingTab($tab)) {
$isoUser = Language::getIsoById(intval($cookie->id_lang));
$tabs = array();
recursiveTab($id_tab);
$tabs = array_reverse($tabs);
$bread = '';
foreach ($tabs as $key => $item) {
$bread .= ' <img src="../img/admin/separator_breadcrum.png" style="margin-right:5px" />
' . (sizeof($tabs) - 1 > $key ? '<a href="?tab=' . $item['class_name'] . '&token=' . Tools::getAdminToken($item['class_name'] . intval($item['id_tab']) . intval($cookie->id_employee)) . '">' : '') . '
' . $item['name'] . (sizeof($tabs) - 1 > $key ? '</a>' : '');
}
echo '<script type="text/javascript">
$(function() {
$.ajax({
type: \'POST\',
