trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // end include class.secure.php // prevent this file from being accessed directly if (!(isset($_POST['page_id']) && isset($_POST['section_id']) && isset($_POST['action']) && isset($_POST['mod_dir']) && isset($_POST['edit_file']))) { die(header('Location: index.php')); } // include the and admin wrapper script require LEPTON_PATH . '/modules/admin.php'; // leave if the required module.functions.php file does not exist if (!file_exists(LEPTON_PATH . '/framework/summary.module_edit_css.php')) { echo 'The required file: /framework/summary.module_edit_css.php is missing - script stopped.'; die; } echo function_exists('registerEditArea') ? registerEditArea('code_area', 'css', false) : 'none'; // set default text output if varibles are not defined in the global WB language files $HEADING_CSS_FILE = isset($GLOBALS['TEXT']['HEADING_CSS_FILE']) ? $GLOBALS['TEXT']['HEADING_CSS_FILE'] : 'Actual module file: '; $TXT_EDIT_CSS_FILE = isset($GLOBALS['TEXT']['TXT_EDIT_CSS_FILE']) ? $GLOBALS['TEXT']['TXT_EDIT_CSS_FILE'] : 'Edit the CSS definitions in the textarea below.'; // include functions to edit the optional module CSS files (frontend.css, backend.css) require_once LEPTON_PATH . '/framework/summary.module_edit_css.php'; // check if the module directory is valid $mod_dir = $_POST['mod_dir']; // check if action is: save or edit if ($_POST['action'] == 'save' && mod_file_exists($mod_dir, $_POST['edit_file'])) { /** SAVE THE UPDATED CONTENTS TO THE CSS FILE */ $css_content = ''; if (isset($_POST['css_data']) && strlen($_POST['css_data']) > 0) { $css_content = stripslashes($_POST['css_data']);
/* -------------------------------------------------------- */ // Must include code to stop this file being accessed directly if (defined('WB_PATH') == false) { die('Cannot access ' . basename(__DIR__) . '/' . basename(__FILE__) . ' directly'); } /* -------------------------------------------------------- */ $admintool_link = ADMIN_URL . '/admintools/index.php'; // Get id if (!$droplet_id) { $admin->print_error('IDKEY::' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl); exit; } $modified_when = time(); $modified_by = $admin->ami_group_member('1') ? 1 : $admin->get_user_id(); require_once WB_PATH . '/include/editarea/wb_wrapper_edit_area.php'; echo registerEditArea('contentedit', 'php', true, 'both', true, true, 600, 450, 'search, fullscreen, |, undo, redo, |, select_font,|, highlight, reset_highlight, |, help'); $sOverviewDroplets = $TEXT['LIST_OPTIONS'] . ' ' . $DR_TEXT['DROPLETS']; // Get header and footer $sql = 'SELECT * FROM `' . TABLE_PREFIX . 'mod_droplets` '; $sql .= 'WHERE `id` = ' . $droplet_id; $query_content = $database->query($sql); $fetch_content = $query_content->fetchRow(MYSQLI_ASSOC); $content = htmlspecialchars($fetch_content['code']); ?> <h4 style="margin: 0; border-bottom: 1px solid #DDD; padding-bottom: 5px;"> <a href="<?php echo $admintool_link; ?> " title="<?php echo $HEADING['ADMINISTRATION_TOOLS']; ?>
// Must include code to stop this file being accessed directly if (defined('WB_PATH') == false) { die('Illegale file access /' . basename(__DIR__) . '/' . basename(__FILE__) . ''); } /* -------------------------------------------------------- */ // check if module language file exists for the language set by the user (e.g. DE, EN) $sAddonName = basename(__DIR__); require WB_PATH . '/modules/' . $sAddonName . '/languages/EN.php'; if (file_exists(WB_PATH . '/modules/' . $sAddonName . '/languages/' . LANGUAGE . '.php')) { require WB_PATH . '/modules/' . $sAddonName . '/languages/' . LANGUAGE . '.php'; } $sModulName = basename(__DIR__); if (!$admin->get_permission($sModulName, 'module')) { die($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']); } require WB_PATH . '/include/editarea/wb_wrapper_edit_area.php'; // Setup template object $template = new Template(WB_PATH . '/modules/' . $sAddonName); $template->set_file('page', 'htt/modify.htt'); $template->set_block('page', 'main_block', 'main'); // Get page content $query = "SELECT content FROM `" . TABLE_PREFIX . "mod_code` WHERE `section_id` = '{$section_id}'"; $get_content = $database->query($query); $content = $get_content->fetchRow(MYSQLI_ASSOC); $content = htmlspecialchars($content['content']); // Insert vars $template->set_var(array('PAGE_ID' => $page_id, 'SECTION_ID' => $section_id, 'REGISTER_EDIT_AREA' => function_exists('registerEditArea') ? registerEditArea('content' . $section_id, 'php', false) : '', 'WB_URL' => WB_URL, 'CONTENT' => $content, 'TEXT_SAVE' => $TEXT['SAVE'], 'TEXT_CANCEL' => $TEXT['CANCEL'], 'SECTION' => $section_id, 'FTAN' => $admin->getFTAN())); // Parse template object $template->set_unknowns('keep'); $template->parse('main', 'main_block', false); $template->pparse('output', 'page', false);
* */ if (!defined('WB_PATH')) { require '../../config.php'; } $admin = new admin('Pages', 'pages_intro'); $content = ''; $filename = WB_PATH . PAGES_DIRECTORY . '/intro' . PAGE_EXTENSION; if (file_exists($filename) && filesize($filename) > 0) { $content = file_get_contents($filename); } else { $content = file_get_contents(ADMIN_PATH . '/pages/html.php'); } require_once WB_PATH . '/include/editarea/wb_wrapper_edit_area.php'; $toolbar = 'search, fullscreen, |, undo, redo, |, select_font, syntax_selection,|,word_wrap, highlight, reset_highlight, |,charmap, |, help'; echo registerEditArea('content', 'php', true, 'both', true, true, 600, 450, $toolbar); function show_wysiwyg_editor($name, $id, $content, $width, $height) { echo '<textarea name="' . $name . '" id="' . $id . '" style="width: ' . $width . '; height: ' . $height . ';">' . $content . '</textarea>'; } ?> <form action="intro2.php" method="post"> <?php print $admin->getFTAN(); ?> <input type="hidden" name="page_id" value="{PAGE_ID}" /> <table cellpadding="0" cellspacing="0" border="0" class="form_submit"> <tr> <td colspan="2"> <?php show_wysiwyg_editor('content', 'content', $content, '100%', '500px');
/** * Dialog zum Erstellen und Bearbeiten von Templates fuer Newsletter * * @return STR Dialog */ public function dlgTemplate() { global $dbNewsletterPreview; global $dbNewsletterTemplates; global $newsletterCommands; global $parser; // Bei Fehler sofort wieder raus... if ($this->isError()) { return false; } // Zurueck von der Vorschau? Daten holen... if (isset($_REQUEST[dbKITnewsletterPreview::field_id]) && $_REQUEST[dbKITnewsletterPreview::field_id] != -1) { $where = array(); $where[dbKITnewsletterPreview::field_id] = $_REQUEST[dbKITnewsletterPreview::field_id]; $prev = array(); if (!$dbNewsletterPreview->sqlSelectRecord($where, $prev)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbNewsletterPreview->getError())); return false; } if (count($prev) < 1) { // Datensatz nicht gefunden $this->setError(sprintf(kit_error_item_id, $_REQUEST[self::request_id])); return false; } $prev_array = explode(dbKITnewsletterPreview::array_separator, $prev[0][dbKITnewsletterPreview::field_view]); $preview = array(); foreach ($prev_array as $item) { list($key, $value) = explode(dbKITnewsletterPreview::array_separator_value, $item); $preview[$key] = $value; } foreach ($preview as $key => $value) { $_REQUEST[$key] = $value; } } // Template ID gesetzt? isset($_REQUEST[dbKITnewsletterTemplates::field_id]) ? $template_id = $_REQUEST[dbKITnewsletterTemplates::field_id] : ($template_id = -1); $where = array(); $where[dbKITnewsletterTemplates::field_status] = dbKITnewsletterTemplates::status_active; $templates = array(); if (!$dbNewsletterTemplates->sqlSelectRecord($where, $templates)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbNewsletterTemplates->getError())); return false; } $template_select = sprintf('<option value="-1">%s</option>', kit_text_please_select); foreach ($templates as $item) { $item[dbKITnewsletterTemplates::field_id] == $template_id ? $selected = ' selected="selected"' : ($selected = ''); $template_select .= sprintf('<option value="%s"%s>%s</option>', $item[dbKITnewsletterTemplates::field_id], $selected, $item[dbKITnewsletterTemplates::field_name]); } $template_select = sprintf('<select id="%s" name="%s" onchange="javascript:addSelectToLink(\'%s\',\'%s\');">%s</select>', dbKITnewsletterTemplates::field_id, dbKITnewsletterTemplates::field_id, sprintf('%s&%s=%s%s&%s=', $this->page_link, self::request_action, self::action_template, defined('LEPTON_VERSION') && isset($_GET['leptoken']) ? sprintf('&leptoken=%s', $_GET['leptoken']) : '', dbKITnewsletterTemplates::field_id), dbKITnewsletterTemplates::field_id, $template_select); if ($template_id != -1) { $SQL = sprintf("SELECT * FROM %s WHERE %s='%s'", $dbNewsletterTemplates->getTableName(), dbKITnewsletterTemplates::field_id, $template_id); $tpl = array(); if (!$dbNewsletterTemplates->sqlExec($SQL, $tpl)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbNewsletterTemplates->getError())); return false; } if (count($tpl) < 1) { $this->setError(sprintf(kit_error_newsletter_tpl_id_invalid, $template_id)); return false; } $tpl = $tpl[0]; } else { // neuer Datensatz $tpl = $dbNewsletterTemplates->getFields(); $tpl[dbKITnewsletterTemplates::field_id] = $template_id; $tpl[dbKITnewsletterTemplates::field_status] = dbKITnewsletterTemplates::status_active; } $template_name = sprintf('<input type="text" name="%s" value="%s" />', dbKITnewsletterTemplates::field_name, isset($_REQUEST[dbKITnewsletterTemplates::field_name]) ? $_REQUEST[dbKITnewsletterTemplates::field_name] : $tpl[dbKITnewsletterTemplates::field_name]); $template_desc = sprintf('<textarea name="%s" rows="2">%s</textarea>', dbKITnewsletterTemplates::field_description, isset($_REQUEST[dbKITnewsletterTemplates::field_description]) ? $_REQUEST[dbKITnewsletterTemplates::field_description] : $tpl[dbKITnewsletterTemplates::field_description]); $template_html = sprintf('%s<textarea name="%s" id="%s" rows="20" style="width=98%%;">%s</textarea>', function_exists('registerEditArea') ? registerEditArea(dbKITnewsletterTemplates::field_html, 'html', false, 'both', true, true, 300, 300, 'default') : '', dbKITnewsletterTemplates::field_html, dbKITnewsletterTemplates::field_html, isset($_REQUEST[dbKITnewsletterTemplates::field_html]) ? $_REQUEST[dbKITnewsletterTemplates::field_html] : $tpl[dbKITnewsletterTemplates::field_html]); $template_text = sprintf('<textarea name="%s" rows="20">%s</textarea>', dbKITnewsletterTemplates::field_text, isset($_REQUEST[dbKITnewsletterTemplates::field_text]) ? $_REQUEST[dbKITnewsletterTemplates::field_text] : $tpl[dbKITnewsletterTemplates::field_text]); $template_status = ''; foreach ($dbNewsletterTemplates->status_array as $key => $value) { $key == $tpl[dbKITnewsletterTemplates::field_status] ? $selected = ' selected="selected"' : ($selected = ''); $template_status .= sprintf('<option value="%s"%s>%s</option>', $key, $selected, $value); } $template_status = sprintf('<select name="%s">%s</select>', dbKITnewsletterTemplates::field_status, $template_status); $form_name = 'template_form'; $commands = ''; $cmd_array = $newsletterCommands->cmd_array; ksort($cmd_array); foreach ($cmd_array as $key => $hint) { $commands .= sprintf('<option value="%s" title="%s">%s</option>', $key, $this->lang->translate($hint), $key); } $commands = sprintf('<select name="%s" size="%d" onchange="editAreaLoader.insertTags(\'%s\', this.value, \'\');">%s</select>', self::request_command, count($cmd_array), dbKITnewsletterTemplates::field_html, $commands); // intro oder meldung? if ($this->isMessage()) { $intro = sprintf('<div class="message">%s</div>', $this->getMessage()); } else { $intro = sprintf('<div class="intro">%s</div>', kit_intro_newsletter_template); } $data = array('header' => kit_header_template, 'intro' => $intro, 'form_name' => $form_name, 'form_action' => $this->page_link, 'action_name' => self::request_action, 'action_value' => self::action_template_check, 'preview_name' => dbKITnewsletterPreview::field_id, 'preview_value' => -1, 'tid_name' => dbKITnewsletterTemplates::field_id, 'tid_value' => $template_id, 'template_select_label' => kit_label_newsletter_tpl_select, 'template_select' => $template_select, 'template_name_label' => kit_label_newsletter_tpl_name, 'template_name' => $template_name, 'template_description_label' => kit_label_newsletter_tpl_desc, 'template_description' => $template_desc, 'template_html_label' => kit_label_newsletter_tpl_html, 'template_html' => $template_html, 'template_text_label' => kit_label_newsletter_tpl_text, 'template_text' => $template_text, 'template_status_label' => kit_label_status, 'template_status' => $template_status, 'btn_preview' => $this->lang->translate('Preview'), 'btn_abort' => $this->lang->translate('Abort'), 'abort_location' => $this->page_link, 'header_commands' => kit_label_newsletter_commands, 'intro_commands' => kit_intro_newsletter_commands, 'commands' => $commands); return $parser->get($this->template_path . 'backend.newsletter.template.htt', $data); }
} $filename = dirname(__FILE__) . '/templates/form_' . $template . '.htt'; if (!false == file_put_contents($filename, $data)) { $admin->print_success($TEXT['SUCCESS'], ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } else { $admin->print_error($TEXT['ERROR'], ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } } else { // $template = $admin->add_slashes($_GET['name']); $template = addslashes($_GET['name']); $filename = dirname(__FILE__) . '/templates/form_' . $template . '.htt'; $data = ''; if (file_exists($filename)) { $data = file_get_contents($filename); } echo function_exists('registerEditArea') ? registerEditArea('code_area', 'html') : 'none'; ?> <form name="edit_module_file" action="<?php echo $_SERVER['SCRIPT_NAME']; ?> " method="post" style="margin: 0;"> <input type="hidden" name="page_id" value="<?php echo $page_id; ?> " /> <input type="hidden" name="section_id" value="<?php echo $section_id; ?> " /> <input type="hidden" name="action" value="save" /> <span><?php
/** * edit a droplet **/ function edit_droplet($id) { global $admin, $parser, $database, $MOD_DROPLET, $TEXT; $groups = $admin->get_groups_id(); if ($id == 'new' && !is_allowed('Add_droplets', $groups)) { $admin->print_error($MOD_DROPLET["You don't have the permission to do this"]); } else { if (!is_allowed('Modify_droplets', $groups)) { $admin->print_error($MOD_DROPLET["You dont have the permission to do this"]); } } $problem = NULL; $info = NULL; $problems = array(); if (isset($_POST['cancel'])) { return list_droplets(); } if ($id != 'new') { $query = $database->query("SELECT * FROM " . TABLE_PREFIX . "mod_droplets WHERE id = '{$id}'"); $data = $query->fetchRow(MYSQL_ASSOC); } else { $data = array('name' => '', 'active' => 1, 'description' => '', 'code' => '', 'comments' => ''); } if (isset($_POST['save']) || isset($_POST['save_and_back'])) { // check the code before saving if (!check_syntax(stripslashes($_POST['code']))) { $problem = $MOD_DROPLET['Please check the syntax!']; $data = $_POST; $data['code'] = htmlspecialchars($data['code']); } else { // syntax okay, check fields and save if ($admin->get_post('name') == '') { $problems[] = $MOD_DROPLET['Please enter a name!']; } if ($admin->get_post('code') == '') { $problems[] = $MOD_DROPLET['You have entered no code!']; } if (!count($problems)) { $continue = true; $title = addslashes($admin->get_post('name')); $active = $admin->get_post('active'); $show_wysiwyg = $admin->get_post('show_wysiwyg'); $description = addslashes($admin->get_post('description')); $tags = array('<?php', '?>', '<?'); $content = str_replace($tags, '', $admin->get_post('code')); $comments = addslashes($admin->get_post('comments')); $modified_when = time(); $modified_by = $admin->get_user_id(); if ($id == 'new') { // check for doubles $query = $database->query("SELECT * FROM " . TABLE_PREFIX . "mod_droplets WHERE name = '{$title}'"); if ($query->numRows() > 0) { $problem = $MOD_DROPLET['There is already a droplet with the same name!']; $continue = false; $data = $_POST; $data['code'] = stripslashes($_POST['code']); } else { $code = addslashes($content); // generate query $query = "INSERT INTO " . TABLE_PREFIX . "mod_droplets VALUES " . "(''," . "'{$title}', " . "'{$code}', " . "'{$description}', " . "'{$modified_when}', " . "'{$modified_by}', " . "'{$active}',1,1, '{$show_wysiwyg}', '{$comments}' )"; $result = $database->query($query); if ($database->is_error()) { echo "ERROR: ", $database->get_error(); } } } else { // Update row $database->query("UPDATE " . TABLE_PREFIX . "mod_droplets SET name = '{$title}', active = '{$active}', show_wysiwyg = '{$show_wysiwyg}', description = '{$description}', code = '" . addslashes($content) . "', comments = '{$comments}', modified_when = '{$modified_when}', modified_by = '{$modified_by}' WHERE id = '{$id}'"); // reload Droplet data $query = $database->query("SELECT * FROM " . TABLE_PREFIX . "mod_droplets WHERE id = '{$id}'"); $data = $query->fetchRow(MYSQL_ASSOC); } if ($continue) { // Check if there is a db error if ($database->is_error()) { $problem = $database->get_error(); } else { if ($id == 'new' || isset($_POST['save_and_back'])) { list_droplets($MOD_DROPLET['The Droplet was saved']); return; // should never be reached } else { $info = $MOD_DROPLET['The Droplet was saved']; } } } } else { $problem = implode("<br />", $problems); } } } echo $parser->render('@droplets/edit.lte', array('LANG' => $MOD_DROPLET, 'problem' => $problem, 'info' => $info, 'data' => $data, 'id' => $id, 'name' => $data['name'], 'register_area' => registerEditArea('code'), 'TEXT' => $TEXT)); }