/** * */ function contentGenerator($template) { if (!user_allowed_to('manage site')) { return $template; } // create XML with admin panel description $xml = new DOMDocument('1.0', 'utf-8'); $root_node = $xml->createElement('admin-buttons'); $xml->appendChild($root_node); // detect active module_definition. no active module means some content is displayd $root_node->appendChild($xml->createElement('active-module'))->nodeValue = isset($_GET['module']) ? $_GET['module'] : ''; $root_node->appendChild($xml->createElement('cms-settings-phantom'))->nodeValue = self::CMS_SETTINGS_MODULE_PHANTOM; $root_node->appendChild($xml->createElement('active-page'))->nodeValue = isset($_GET['p_id']) ? $_GET['p_id'] : ''; $root_node->appendChild($xml->createElement('edit-mode'))->nodeValue = isset($_GET['edit']) ? 'yes' : 'no'; $root_node->appendChild($xml->createElement('show-config-link'))->nodeValue = empty($_GET['module']) || empty(CMS::$cache[$_GET['module']]['config']['config']) ? 'no' : 'yes'; // get all modules' admin buttons, where exists foreach (CMS::$cache as $module_name => $module) { if (in_array($module_name, CMS::$R['modules_apply_order']) && isset($module['config']['admin_caption']) && $module['config']['admin_caption'] > '') { $root_node->appendChild($button_node = $xml->createElement('button')); $button_node->appendChild($xml->createElement('caption'))->nodeValue = $module['config']['admin_caption']; $button_node->appendChild($xml->createElement('module-name'))->nodeValue = $module_name; } } // if any module requests admin part, replace all the content with module's admin code and add CSS/JS // otherwise, display page editorial buttons // TAG_TODO move them to content module if (isset($_GET['module']) && isset(CMS::$cache[$_GET['module']]) && isset($_GET['action']) && $_GET['action'] == 'manage') { $module_name = $_GET['module']; module_init($module_name); $module = CMS::$cache[$module_name]; // replace content $template = preg_replace('~<body(.*?)>.*</body>~smui', '<body$1><div class="admin-content">' . $module['object']->AdminGenerator() . '</div></body>', $template, 1); $template = preg_replace(macro_regexp('page_title'), 'администрирование: "' . CMS::$cache[$_GET['module']]['config']['comment'] . '"', $template, 1); // remove user's CSS from template $template = preg_replace('~<link[^>]*rel="stylesheet"[^>]*href="(\\./|)userfiles[^">]*"[^>]*>~', '', $template); $template = preg_replace('~<link[^>]*href="(\\./|)userfiles[^">]*"[^>]*rel="stylesheet"[^>]*>~', '', $template); // also add module's admin CSSes and scripts add_CSS(get_array_value($module['config'], 'admin_css', array()), MODULES_DIR . $module_name . '/'); add_JS(get_array_value($module['config'], 'admin_js', array()), MODULES_DIR . $module_name . '/'); } // add button box to the template $admin_box_html = XSLTransform($xml->saveXML($root_node), __DIR__ . '/admin_box.xsl'); $template = preg_replace('~<body(.*?)>~', '<body$1>' . $admin_box_html, $template, 1); return $template; }
function create_module_help_links() { ini_set('include_path', './PEAR'); include_once 'lib/cms.php'; include_once 'lib/common.php'; include_once 'lib/module_base_class.php'; include_once 'lib/xml_to_array.php'; global $modules_apply_order; // usort($modules_apply_order, 'module_sorter'); $result = ''; foreach ($modules_apply_order as $module) { if (module_init($module)) { $link = MODULES_DIR . $module . '/help/help.html'; if (file_exists($link)) { $caption = CMS::$cache[$module]['config']['comment']; $result .= '<a class="big-link" href="./help.php?path=' . $module . '" alt="' . $module . '">' . $caption . ' (' . $module . ')</a><br />'; } } } return $result; }
/** * AJAX! * */ function AJAXHandler() { $input_filter = array('id' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^-?[0-9]+$~ui')), 'action' => array('filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '~^[a-zA-Z0-9\\_\\-]+$~ui'))); $_INPUT = get_filtered_input($input_filter, array(FILTER_GET_BY_LIST)); // default responce $response = 'unknown function'; switch ($_INPUT['action']) { // add/edit dialog case 'edit_elem': if (!user_allowed_to('manage news')) { terminate('Forbidden', '', 403); } // what to edit if ($_INPUT['id'] == '') { return 'bad ID'; } module_init('menu'); // get element description $q = CMS::$DB->query("select id, caption, link, page, streams, summary from `{$this->CONFIG['table']}` where id={$_INPUT['id']}"); $row = $q->fetch(PDO::FETCH_ASSOC); $row['id'] = $_INPUT['id']; $xml = array_to_xml($row, array('news-edit-data')); // add pages list $xml->documentElement->appendChild($xml->importNode(aliasCatchersAsXML(array('root' => 'page-list'))->documentElement, true)); return XSLTransform($xml->saveXML($xml->documentElement), __DIR__ . '/edit.xsl'); break; } return $response; }
* @param mixed $test_only_this force test only one directory and return false if not mached * @return array|false directory description if anything found, false if not */ private function getUserFolderParams($filename, $test_only_this = false) { $userfiles_dirs = $this->getDirectoriesDescription(); foreach ($userfiles_dirs as $type => $dir) { // full regexp may be either full path or only filename // full-path version needed for editing and deleting $dir_path_regexp_mod = preg_replace('~([./\\\\])~', '\\\\$1', $dir['dir']); $regexp = "~^(|{$dir_path_regexp_mod}){$dir['regexp_filename']}\$~ui"; if (preg_match($regexp, $filename) && ($test_only_this === false || $test_only_this == $type)) { return $dir; } } return false; } /** * Creates list of manageable directories - from common list in common.php and module config * * @return array directories definition structure, refer lib/common.php for the sample */
die(mysql_error()); } // Connect to session session_start(); // Escape all http parameters $esc_get = array(); foreach ($_GET as $k => $v) { $esc_get[$k] = mysql_real_escape_string($v); } $esc_post = array(); foreach ($_POST as $k => $v) { $esc_post[$k] = mysql_real_escape_string($v); } // Initialize error array if (empty($_SESSION['errorList'])) { $_SESSION['errorList'] = array(); } // Initialize message array if (empty($_SESSION['messageList'])) { $_SESSION['messageList'] = array(); } // Initialize member filter array if (empty($_SESSION['member_filter'])) { $_SESSION['member_filter'] = array(); } // Initialize the sytlesheet and script list $core_stylesheets = array(); $core_scripts = array(); // Initialize module system module_init();
/** * SMS.ru notification service responder * */ private function parseNotificatorMessage($data) { if (!is_array($data)) { return false; } module_init('db'); $DB = CMS::$cache['db']->DB; $DB->exec('begin transaction'); $statement = $DB->prepare("update sms set status_text = :status_text where sms_id = :sms_id"); foreach ($data as $string) { $result = preg_split('~[\\x0A\\x0D]+~smui', $string); if (!is_array($result)) { continue; } if ($result[0] == 'sms_status' && preg_match('~^[0-9]+\\-[0-9]+$~', $result[1]) && preg_match('~^[0-9]+$~', $result[2])) { $statement->bindValue(':sms_id', $result[1]); $statement->bindValue(':status_text', $result[2] . ' ' . isset(self::$status_messages[$result[2]]) ? self::$status_messages[$result[2]] : '*** неизвестный статус ***'); $statement->execute(); if ($result[2] == '103') { $delivered = date('Y.m.d H:i:s'); $DB->exec("update sms set delivered = '{$delivered}' where sms_id = '{$result[1]}'"); } } } $DB->exec('commit transaction'); }
require_once 'lib/security.php'; login_logout(); logthis('security applied'); // check input for intersected keys if (count(array_intersect_key($_POST, $_GET)) > 0) { terminate('POST and GET has duplicate keys', 'POST and GET has duplicate keys', 403); } // AJAX-proxy mode: just call special function and return its output, skipping normal flow if ($module_name = isset($_POST['ajaxproxy']) ? $_POST['ajaxproxy'] : (isset($_GET['ajaxproxy']) ? $_GET['ajaxproxy'] : false)) { module_init($module_name); echo CMS::$cache[$module_name]['object']->AJAXHandler(); terminate(); } // init modules foreach ($modules_apply_order as $module_name) { module_init($module_name); } // well, this is main template, we will transform it $template = file_get_contents('userfiles/template/template.html'); // immediately add core libraries and stylesheets to ensure their minimal priority add_JS(array('lib/jquery.js', 'lib/jquery-ui.js', 'lib/jquery.tablesorter.min.js', 'tinymce/tinymce.min.js', 'tinymce/jquery.tinymce.min.js', 'lib/lib.js')); add_CSS(array('lib/jquery-ui.css', 'lib/tablesorter.css', 'lib/bootstrap.min.css', 'lib/core.css')); // first loop: add modules' CSS and JS links foreach ($modules_apply_order as $module_name) { // check if module OK if (!isset(CMS::$cache[$module_name])) { logthis('module description not loaded: ' . $module_name, ZLogger::LOG_LEVEL_WARNING); continue; } // also module may be disabled if (get_array_value(CMS::$cache[$module_name]['config'], 'disabled', false) === true) {