*/ $oPluginAdmin = new PluginAdmin('LinkList'); $pluginUrl = $oPluginAdmin->plugin->getAdminURL(); switch ($oPluginAdmin->plugin->getOption('sel_edit')) { case 'siteadmin': $flg_edit = $member->isAdmin(); break; case 'blogadmin': $flg_edit = $oPluginAdmin->plugin->_isBlogAdmin(); break; case 'blogteam': $flg_edit = $oPluginAdmin->plugin->_isBlogTeam(); break; } if (!($member->isLoggedIn() and $flg_edit)) { $oPluginAdmin->start(); echo '<p>' . _ERROR_DISALLOWED . '</p>'; $oPluginAdmin->end(); exit; } $oPluginAdmin->plugin->init_grp(true); $oPluginAdmin->start("\n<script type='text/javascript' src='../../javascript/numbercheck.js'></script>\n<script type='text/javascript'>\n<!--\n\nfunction confirm_check(message) {\n if( confirm(message) ){\n sent = true;\n return true;\n }\n else {\n return false;\n }\n}\n\n// -->\n</script>\n<style type='text/css'>\n<!--\np.message {\n\tfont-weight: bold;\n\tcolor: #c00;\n}\nform.button {\n\tdisplay: inline;\n}\ntable.group {\n\tmargin: 5px 0;\n}\ntable.group td {\n\tbackground-color: #ddd;\n}\ntable.link {\n\tmargin: 0;\n}\ntable.link th {\n\t/*background-color: #ddd;*/\n}\ntable.link td.stripe {\n\tbackground-color: #eee;\n}\n-->\n</style>\n"); echo "<h2>" . _LINKLIST_ADMIN_STR1 . "</h2>"; $action = requestVar('action'); $actions = array('index', 'detail', 'add', 'modify', 'quickmod', 'delete', 'dbupdate'); if (in_array($action, $actions)) { if (!$manager->checkTicket()) { echo '<p class="error">Error: ' . _ERROR_BADTICKET . '</p>'; } else { call_user_func('_linklist_' . $action); }
$strRel = '../../../'; include $strRel . 'config.php'; if (!$member->isAdmin()) { doError('Insufficient Permissions.'); } include_libs('PLUGINADMIN.php'); // some functions function SE_unlockLogin($login) { sql_query("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'"); } // checks // create the admin area page $oPluginAdmin = new PluginAdmin('SecurityEnforcer'); // add styles to the <HEAD> $oPluginAdmin->start(''); // if form to unlock is posted if (postVar('action') == 'unlock') { if (!$manager->checkTicket()) { doError('Invalid Ticket'); } $logins = postVar('unlock'); $message = ''; if (is_array($logins)) { foreach ($logins as $entity) { SE_unlockLogin($entity); $message .= '<br />' . $entity . _SECURITYENFORCER_ADMIN_UNLOCKED; } } } $plug =& $oPluginAdmin->plugin;
private function showAdmin($type) { global $CONF, $DIR_LIBS, $DIR_MEDIA, $manager; $type = (string) $type; if (!class_exists('PLUGINADMIN', FALSE)) { include $DIR_LIBS . 'PLUGINADMIN.php'; } $oPluginAdmin = new PluginAdmin('Thumbnail'); $oPluginAdmin->start(); echo "<h2>NP_Thumbnail</h2>\n"; if ($this->getOption('save_thumb') === 'no') { echo '<p>' . $this->t(_NP_THUMBNAIL_14) . "</p>\n"; $oPluginAdmin->end(); return; } $logs = array(); if ($type == 'clear') { if ($this->getOption('save_thumb') == 'filesystem') { $logs = MediaUtils::purgeDir($DIR_MEDIA, self::$thumbdir . '/'); } } echo "<p>" . $this->t(_NP_THUMBNAIL_15, array(self::$thumbdir)) . "<br />\n"; echo $this->t(_NP_THUMBNAIL_16, array(self::$max_sync)) . "<br />\n"; echo $this->t(_NP_THUMBNAIL_17) . "</p>\n"; if ($type == 'sync') { $maxwidth = $this->getOption('maxwidth'); $maxheight = $this->getOption('maxheight'); if ($this->getOption('save_thumb') == 'filesystem') { echo "<h3>" . $this->t(_NP_THUMBNAIL_22) . "</h3>\n"; if (self::syncFilesystem($DIR_MEDIA, self::$thumbdir, $maxwidth, $maxheight)) { echo "<p>何かのエラーメッセージ</p>\n"; } } } $media = MediaUtils::getMediaList($DIR_MEDIA); $elected = array(); $rejected = array(); foreach ($media as $medium) { if (!array_key_exists($medium->mime, MediaUtils::$image_mime)) { continue; } if (file_exists($DIR_MEDIA . self::getThumbPath($medium))) { $rejected[] =& $medium; continue; } else { $elected[] =& $medium; continue; } } $total_media = count($media); $total_elected = count($elected); $total_rejected = count($rejected); $total_images = count($rejected) + $total_elected; /* * NOTICE: NP_Improvededia with eachblogdir option rewrite * global variables of "DIR_MEDIA" and "$CONF['MediaURL']" * in its initializing process. * (I realized it a bad behavior but there is no other way...) * Here are based on its rewriting system. * (Apr. 06, 2011) */ if ($manager->pluginInstalled('NP_ImprovedMedia')) { $NP_ImprovedMedia =& $manager->getPlugin('NP_ImprovedMedia'); if ($NP_ImprovedMedia->getOption('IM_EACHBLOGDIR') == 'yes') { echo "<form method=\"post\" action=\"{$CONF['ActionURL']}?action=plugin&name=Thumbnail\" enctype=\"application/x-www-form-urlencoded\">\n"; echo "<p>\n"; echo "<label for=\"blogid\">" . $this->t(_NP_THUMBNAIL_18) . "</label>\n"; echo "<select name=\"blogid\" id=\"blogid\"onchange=\"return form.submit()\">\n"; foreach (MediaUtils::$blogs as $blogid => $bshortname) { if ($blogid == MediaUtils::$blogid) { echo "<option value=\"{$blogid}\" selected=\"selected\">{$bshortname}</option>\n"; } else { echo "<option value=\"{$blogid}\">{$bshortname}</option>\n"; } } echo "</select>\n"; echo "<input type=\"hidden\" id=\"admin\" name=\"type\" value=\"admin\">\n"; echo "</p>\n"; echo "</form>\n"; } } echo "<form method=\"post\" action=\"{$CONF['ActionURL']}?action=plugin&name=Thumbnail\" enctype=\"application/x-www-form-urlencoded\">\n"; echo "<ul>\n"; echo "<li>" . $this->t(_NP_THUMBNAIL_19, array($total_media)) . "</li>\n"; echo "<li>" . $this->t(_NP_THUMBNAIL_20, array($total_images)) . "</li>\n"; echo "<li>" . $this->t(_NP_THUMBNAIL_21, array($total_rejected)) . "</li>\n"; echo "</ul>\n"; echo "<p>\n"; echo '<input type="hidden" name="blogid" value="' . MediaUtils::$blogid . '">' . "\n"; echo "<input type=\"submit\" name=\"type\" value=\"sync\">\n"; echo "<input type=\"submit\" name=\"type\" value=\"clear\">\n"; echo "</p>\n"; if ($logs) { echo "<h3>" . $this->t(_NP_THUMBNAIL_22) . "</h3>\n"; echo "<ul>\n"; foreach ($logs as $log) { echo "<li>{$log}</li>\n"; } echo "</ul>\n"; } echo "</form>\n"; $oPluginAdmin->end(); return; }
$pbl_config = array(); $oPluginAdmin->start(); echo "<p>" . _ERROR_DISALLOWED . "</p>"; $oPluginAdmin->end(); exit; } if (isset($_GET['page'])) { $action = $_GET['page']; } if (isset($_POST['page'])) { $action = $_POST['page']; } // Okay; we are allowed. let's go // create the admin area page $oPluginAdmin = new PluginAdmin('SpamBayes'); $oPluginAdmin->start(); $action = requestVar('page'); if ($action == 'clearlog') { $filter = requestVar('filter') ? requestVar('filter') : 'all'; $filtertype = requestVar('filtertype') ? requestVar('filtertype') : 'all'; $ipp = requestVar('ipp') ? requestVar('ipp') : 10; $keyword = requestVar('keyword'); $oPluginAdmin->plugin->spambayes->nbs->clearlog($filter, $filtertype, $keyword, $ipp); $action = 'log'; // reset values to no filter; otherwise the view will be empty if ($_REQUEST['amount'] != 'cp') { $_REQUEST['filter'] = 'all'; $_REQUEST['filtertype'] = 'all'; $_REQUEST['keyword'] = ''; } }
/** * Check ticket when not checked in plugin's admin page * to avoid CSRF. * Also avoid the access to plugin/index.php by guest user. */ function ticketForPlugin() { global $CONF, $DIR_PLUGINS, $member, $ticketforplugin; /* initialize */ $ticketforplugin = array(); $ticketforplugin['ticket'] = FALSE; /* Check if using plugin's php file. */ if ($p_translated = serverVar('PATH_TRANSLATED')) { if (!file_exists($p_translated)) { $p_translated = ''; } } if (!$p_translated) { $p_translated = serverVar('SCRIPT_FILENAME'); if (!file_exists($p_translated)) { header("HTTP/1.0 404 Not Found"); exit(''); } } $p_translated = str_replace('\\', '/', $p_translated); $d_plugins = str_replace('\\', '/', $DIR_PLUGINS); if (strpos($p_translated, $d_plugins) !== 0) { return; // This isn't plugin php file. } /* Solve the plugin php file or admin directory */ $phppath = substr($p_translated, strlen($d_plugins)); $phppath = preg_replace('#^/#', '', $phppath); // Remove the first "/" if exists. $path = preg_replace('#^NP_(.*)\\.php$#', '$1', $phppath); // Remove the first "NP_" and the last ".php" if exists. $path = preg_replace('#^([^/]*)/(.*)$#', '$1', $path); // Remove the "/" and beyond. /* Solve the plugin name. */ $plugins = array(); $query = 'SELECT `pfile` FROM ' . sql_table('plugin'); $res = sql_query($query); while ($row = sql_fetch_row($res)) { $name = substr($row[0], 3); $plugins[strtolower($name)] = $name; } sql_free_result($res); if ($plugins[$path]) { $plugin_name = $plugins[$path]; } else { if (in_array($path, $plugins)) { $plugin_name = $path; } else { header("HTTP/1.0 404 Not Found"); exit(''); } } /* Return if not index.php */ if ($phppath != strtolower($plugin_name) . '/' && $phppath != strtolower($plugin_name) . '/index.php') { return; } /* Exit if not logged in. */ if (!$member->isLoggedIn()) { exit(_GFUNCTIONS_YOU_AERNT_LOGGEDIN); } global $manager, $DIR_LIBS, $DIR_LANG, $HTTP_GET_VARS, $HTTP_POST_VARS; /* Check if this feature is needed (ie, if "$manager->checkTicket()" is not included in the script). */ if (!($p_translated = serverVar('PATH_TRANSLATED'))) { $p_translated = serverVar('SCRIPT_FILENAME'); } if ($file = @file($p_translated)) { $prevline = ''; foreach ($file as $line) { if (preg_match('/[\\$]manager([\\s]*)[\\-]>([\\s]*)checkTicket([\\s]*)[\\(]/i', $prevline . $line)) { return; } $prevline = $line; } } /* Show a form if not valid ticket */ if ((strstr(serverVar('REQUEST_URI'), '?') || serverVar('QUERY_STRING') || strtoupper(serverVar('REQUEST_METHOD')) == 'POST') && !$manager->checkTicket()) { if (!class_exists('PluginAdmin')) { $language = getLanguageName(); # replaced ereg_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0 # original ereg_replace: ereg_replace( '[\\|/]', '', $language) . '.php') # important note that '\' must be matched with '\\\\' in preg* expressions include $DIR_LANG . preg_replace('#[\\\\|/]#', '', $language) . '.php'; include $DIR_LIBS . 'PLUGINADMIN.php'; } $oPluginAdmin = new PluginAdmin($plugin_name); $oPluginAdmin->start(); echo '<p>' . _ERROR_BADTICKET . "</p>\n"; /* Show the form to confirm action */ // PHP 4.0.x support $get = isset($_GET) ? $_GET : $HTTP_GET_VARS; $post = isset($_POST) ? $_POST : $HTTP_POST_VARS; // Resolve URI and QUERY_STRING if ($uri = serverVar('REQUEST_URI')) { list($uri, $qstring) = explode('?', $uri); } else { if (!($uri = serverVar('PHP_SELF'))) { $uri = serverVar('SCRIPT_NAME'); } $qstring = serverVar('QUERY_STRING'); } if ($qstring) { $qstring = '?' . $qstring; } echo '<p>' . _SETTINGS_UPDATE . ' : ' . _QMENU_PLUGINS . ' <span style="color:red;">' . htmlspecialchars($plugin_name) . "</span> ?</p>\n"; switch (strtoupper(serverVar('REQUEST_METHOD'))) { case 'POST': echo '<form method="POST" action="' . htmlspecialchars($uri . $qstring) . '">'; $manager->addTicketHidden(); _addInputTags($post); break; case 'GET': echo '<form method="GET" action="' . htmlspecialchars($uri) . '">'; $manager->addTicketHidden(); _addInputTags($get); default: break; } echo '<input type="submit" value="' . _YES . '" /> '; echo '<input type="button" value="' . _NO . '" onclick="history.back(); return false;" />'; echo "</form>\n"; $oPluginAdmin->end(); exit; } /* Create new ticket */ $ticket = $manager->addTicketToUrl(''); $ticketforplugin['ticket'] = substr($ticket, strpos($ticket, 'ticket=') + 7); }
.badbehavior .e {background-color: #ccccff; font-weight: bold; color: #000000;} .badbehavior .h {background-color: #9999cc; font-weight: bold; color: #000000;} .badbehavior .v {background-color: #cccccc; color: #000000;} .badbehavior .vr {background-color: #cccccc; text-align: right; color: #000000;} .badbehavior hr {width: 600px; background-color: #cccccc; border: 0px; height: 1px; color: #000000;} </style>'; // if your 'plugin' directory is not in the default location, // edit this variable to point to your site directory // (where config.php is) $strRel = '../../../'; $plugname = "NP_BadBehavior"; include $strRel . 'config.php'; include $DIR_LIBS . 'PLUGINADMIN.php'; // create the admin area page $oPluginAdmin = new PluginAdmin('BadBehavior'); $oPluginAdmin->start($newhead); if ($member->isLoggedIn() && $member->canLogin()) { $admin = 1; } else { echo 'You are not logged in.'; $oPluginAdmin->end(); exit; } global $CONF, $manager; // $manager->checkTicket(); $action_url = $CONF['ActionURL']; $thispage = $CONF['PluginURL'] . "badbehavior/index.php"; $adminpage = $CONF['AdminURL']; $thisquerystring = serverVar('QUERY_STRING'); $toplink = '<p class="center"><a href="' . $thispage . '?' . $thisquerystring . '#sitop" alt="Return to Top of Page">-top-</a></p>' . "\n"; $showlist = strtolower(trim(requestVar('showlist')));