echo '</div>';
if (isset($_GET['id']) && admin_query::plugin_exists($_GET['id'])) {
$info = admin_query::plugin_infos($_GET['id']);
$directory = dirname($info->main_file);
if (empty($_GET['page'])) {
$page = DIRECTORY_SEPARATOR . basename($info->main_file);
} else {
if (file_exists(DIR . '/' . UPDIR . '/' . $directory . '/' . str_replace(array('../', './', '..\\', '.\\'), '', $_GET['page']))) {
$page = $_GET['page'];
} else {
$page = DIRECTORY_SEPARATOR . basename($info->main_file);
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && check_csrf($_POST['csrf'], 'plugins_csrf')) {
if (isset($_POST['text'])) {
if (actions::edit_plugin_page($directory, array('page' => $page, 'text' => $_POST['text']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
$csrf = $_SESSION['plugins_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
' . sprintf($LANG['plugin_editor_title'], $info->name) . '
<form action="#" method="GET" autocomplete="off" style="float: right;">
<input type="hidden" name="route" value="plugins.php" />
<input type="hidden" name="action" value="editor" />
<input type="hidden" name="id" value="' . htmlspecialchars($_GET['id']) . '" />
