function test_tokenizer()
{
foreach ( $this->html_strs as $html_str ) {
$t = new HTMLTokenizer( $html_str );
$tokens = $t->parse();
$new_str = (string)$tokens;
$this->assert_identical( $html_str, $new_str, "<br>" . Utils::htmlspecialchars( $html_str ) . "<br>" . Utils::htmlspecialchars( $new_str ) );
}
}
public function test_autop()
{
$data = $this->autop_data_provider();
foreach ($data as $index => $datum) {
$result = trim($datum['want']) === trim(Format::autop($datum['in'])) ? true : false;
if (!$result) {
$this->output(sprintf('<h2>Test %s</h2><br><strong>Input:</strong><br><textarea>%s</textarea><br><strong>Expected:</strong><br><textarea>%s</textarea><br><strong>Got:</strong><br><textarea>%s</textarea>', $index, Utils::htmlspecialchars($datum['in']), Utils::htmlspecialchars($datum['want']), Utils::htmlspecialchars(Format::autop($datum['in']))));
}
$this->assert_true($result, sprintf("Output does not match desired output in %s", $index));
}
}
public function test_autop()
{
$data = $this->autop_data_provider();
foreach( $data as $index => $datum ) {
$this->assert_equal( trim( $datum['want'] ), trim( Format::autop( $datum['in'] ) ),
sprintf( 'Test %d<br><strong>Expected:</strong><br>%s<br><strong>Got:</strong><br> %s',
$index,
nl2br( Utils::htmlspecialchars( $datum['want'] ) ),
nl2br( Utils::htmlspecialchars( Format::autop( $datum['in'] ) ) )
)
);
}
}
public function get(Theme $theme)
{
$checkboxes = $this->options;
$control = $this;
if (!is_array($control->value)) {
$control->value = array();
}
array_walk($checkboxes, function (&$item, $key) use($control) {
$item = array('label' => Utils::htmlspecialchars($item), 'id' => Utils::slugify($control->get_id() . '-' . $key), 'checked' => in_array($key, $control->value) ? 'checked="checked"' : '');
});
$this->vars['checkboxes'] = $checkboxes;
$this->settings['ignore_name'] = true;
return parent::get($theme);
}
/**
* Convert a token to a string
*
* @param array $token The token to convert
* @param bool $escape Whether to escape the string that is returned
* @return string The string representation of the token
*/
public static function token_to_string(array $token, $escape = true)
{
switch ($token['type']) {
case HTMLTokenizer::NODE_TYPE_TEXT:
return $escape ? Utils::htmlspecialchars(html_entity_decode($token['value'], ENT_QUOTES, 'UTF-8')) : $token['value'];
break;
case HTMLTokenizer::NODE_TYPE_ELEMENT_OPEN:
case HTMLTokenizer::NODE_TYPE_ELEMENT_EMPTY:
$out = '<' . $token['name'];
if (isset($token['attrs']) && is_array($token['attrs'])) {
foreach ($token['attrs'] as $attr => $attrval) {
$out .= " {$attr}=\"";
if ($escape) {
$out .= Utils::htmlspecialchars(html_entity_decode($attrval, ENT_QUOTES, 'UTF-8'));
} else {
$out .= html_entity_decode($attrval, ENT_QUOTES, 'UTF-8');
}
$out .= '"';
}
}
$out .= '>';
break;
case HTMLTokenizer::NODE_TYPE_ELEMENT_CLOSE:
$out = "</{$token['name']}>";
break;
case HTMLTokenizer::NODE_TYPE_PI:
$out = "<?{$token['name']}{$token['value']}>";
break;
case HTMLTokenizer::NODE_TYPE_COMMENT:
$out = "<!--{$token['value']}-->";
break;
case HTMLTokenizer::NODE_TYPE_CDATA_SECTION:
$out = "<![CDATA[{$token['value']}]]>";
break;
case HTMLTokenizer::NODE_TYPE_STATEMENT:
$out = "<!{$token['name']}";
if (!empty($token['value'])) {
$out .= " {$token['value']}";
}
$out .= ">";
break;
}
return $out;
}
</option>
<?php
}
?>
</optgroup>
<?php
} else {
?>
<option value="<?php
echo $opts_key;
?>
"<?php
echo in_array($opts_key, (array) $value) ? ' selected' : '';
?>
><?php
echo Utils::htmlspecialchars($opts_val);
?>
</option>
<?php
}
}
?>
</select>
<?php
if ($message != '') {
?>
<p class="error"><?php
echo $message;
?>
</p>
<?php
<div class="area_drop">
<?php
$area = (string) $area['name'];
if (isset($blocks_areas[$scopeid]) && is_array($blocks_areas[$scopeid]) && isset($blocks_areas[$scopeid][$area]) && is_array($blocks_areas[$scopeid][$area])) {
?>
<?php
foreach ($blocks_areas[$scopeid][$area] as $block) {
?>
<div class="area_block"><h3 class="block_instance_<?php
echo $block->id;
?>
"><?php
echo $block->title;
?>
<small><?php
echo Utils::htmlspecialchars($block->type);
?>
</small></h3></div>
<?php
}
?>
<?php
}
?>
</div>
</div>
<?php
}
?>
</div>
<div class="delete_drop"><span><?php
/**
* Create a list of html element attributes from an associative array
*
* @param array $attrs An associative array of parameters
* @param integer $quote_flag Sets what quotes and doublequotes are escaped
* @param string $encoding The encoding of the passed string
* @param boolean $decode Whether or not to unescape any html entities first
* @param boolean $double_encode Whether or not to double escape any html entities
* @return string The parameters turned into a string of tag attributes
*/
public static function html_attr($attrs, $quote_flag = ENT_COMPAT, $encoding = 'UTF-8', $decode = true, $double_encode = true)
{
$out = '';
foreach ($attrs as $key => $value) {
$value = is_array($value) ? implode(' ', $value) : $value;
if ($value != '') {
$out .= ($out == '' ? '' : ' ') . $key . '="' . Utils::htmlspecialchars($value, $quote_flag, $encoding, $decode, $double_encode) . '"';
}
}
return $out;
}
/**
* Output the Atom entry for a specific slug
*
* @param string $slug The slug to get the entry for
*/
public function get_entry( $slug )
{
$params['slug'] = $slug;
$params['status'] = $this->is_auth() ? 'any' : Post::status( 'published' );
if ( $post = Post::get( $params ) ) {
// Assign alternate link.
$alternate = URL::get( 'display_entry', $post, false );
$self = URL::get( 'atom_entry', $post, false );
$id = isset( $params['slug'] ) ? $params['slug'] : 'atom_entry';
$user = User::get_by_id( $post->user_id );
$title = ( $this->is_auth() ) ? $post->title : $post->title_atom;
$content = ( $this->is_auth() ) ? Utils::htmlspecialchars( $post->content ) : Utils::htmlspecialchars( $post->content_atom );
// Build the namespaces, plugins can alter it to override or insert their own.
$namespaces = array( 'default' => 'http://www.w3.org/2005/Atom' );
$namespaces = Plugins::filter( 'atom_get_entry_namespaces', $namespaces );
$namespaces = array_map( create_function( '$value,$key', 'return ( ( $key == "default" ) ? "xmlns" : "xmlns:" . $key ) . "=\"" . $value ."\"";' ), $namespaces, array_keys( $namespaces ) );
$namespaces = implode( ' ', $namespaces );
$xml = new SimpleXMLElement( '<entry ' . $namespaces . '></entry>' );
$entry = $xml;
$entry_title = $entry->title = $title;
$entry_author = $entry->addChild( 'author' );
$author_name = $entry_author->addChild( 'name', $user->displayname );
$entry_link = $xml->addChild( 'link' );
$entry_link->addAttribute( 'rel', 'alternate' );
$entry_link->addAttribute( 'href', $post->permalink );
$entry_link = $entry->addChild( 'link' );
$entry_link->addAttribute( 'rel', 'edit' );
$entry_link->addAttribute( 'href', URL::get( 'atom_entry', "slug={$post->slug}" ) );
$entry_id = $entry->addChild( 'id', $post->guid );
$entry_updated = $entry->addChild( 'updated', $post->updated->get( 'c' ) );
$entry_edited = $entry->addChild( 'app:edited', $post->modified->get( 'c' ), 'http://www.w3.org/2007/app' );
$entry_published = $entry->addChild( 'published', $post->pubdate->get( 'c' ) );
foreach ( $post->tags as $tag ) {
$entry_category = $entry->addChild( 'category' );
$entry_category->addAttribute( 'term', $tag->term );
}
$entry_content = $entry->addChild( 'content', $content );
$entry_content->addAttribute( 'type', 'html' );
Plugins::act( 'atom_get_entry', $xml, $post, $this->handler_vars );
$xml = $xml->asXML();
ob_clean();
header( 'Content-Type: application/atom+xml' );
print $this->tidy_xml( $xml );
}
}
public function form_publish_success(FormUI $form)
{
// var_dump( $form->post->storage);
$user = User::identify();
// Get the Post object from the hidden 'post' control on the form
/** @var Post $post */
$post = $form->post->storage;
// Do some permission checks
// @todo REFACTOR: These probably don't work and should be refactored to use validators on the form fields instead
// sorry, we just don't allow changing posts you don't have rights to
if ($post->id != 0 && !ACL::access_check($post->get_access(), 'edit')) {
Session::error(_t('You don\'t have permission to edit that post'));
$this->get_blank();
}
// sorry, we just don't allow changing content types to types you don't have rights to
$type = 'post_' . Post::type_name($form->content_type->value);
if ($form->content_type->value != $post->content_type && ($user->cannot($type) || !$user->can_any(array('own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit')))) {
Session::error(_t('Changing content types is not allowed'));
// @todo This isn't ideal at all, since it loses all of the changes...
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// If we're creating a new post...
if ($post->id == 0) {
// check the user can create new posts of the set type.
$type = 'post_' . Post::type_name($form->content_type->value);
if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'create') && !ACL::user_can($user, $type, 'create')) {
Session::error(_t('Creating that post type is denied'));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// Only the original author is associated with a new post
$post->user_id = $user->id;
} else {
// check the user can create new posts of the set type.
$type = 'post_' . Post::type_name($form->content_type->value);
if (!ACL::access_check($post->get_access(), 'edit')) {
Session::error(_t('Editing that post type is denied'));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// Verify that the post hasn't already been updated since the form was loaded
if ($post->modified != $form->modified->value) {
Session::notice(_t('The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars($post->title)))));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// Prevent a published post from having its slug zeroed
if ($form->newslug->value == '' && $post->status == Post::status('published')) {
Session::notice(_t('A post slug cannot be empty. Keeping old slug.'));
$form->newslug->value = $form->slug->value;
}
}
// if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set
if ($post->status != Post::status('published') && $form->status->value == Post::status('published') && HabariDateTime::date_create($form->pubdate->value)->int == $form->updated->value) {
$post->pubdate = HabariDateTime::date_create();
} else {
$post->pubdate = HabariDateTime::date_create($form->pubdate->value);
}
// Minor updates are when the user has checked the minor update box and the post isn't in draft or new
$minor = $form->minor_edit->value && $post->status != Post::status('draft') && $post->id != 0;
// Don't try to update form values that have been removed by plugins,
// look for these fields before committing their values to the post
$expected = array('title' => 'title', 'tags' => 'tags', 'content' => 'content', 'slug' => 'newslug', 'content_type' => 'content_type', 'status' => 'status');
// var_dump($form->$field);
// exit;
foreach ($expected as $field => $control) {
if (isset($form->{$field})) {
//var_dump( $form->$control->value);
// exit;
//echo $field."----------".$control;
$post->{$field} = $form->{$control}->value;
// $post->title = '新的的標題1111';
// $post->tags = '標籤1111';
// $post->content = '我的文章內容測試';
// $post->slug = '我的文章內容測試-1';
// // $post->content_type = 'kkk-2';
// $post->status = 2;
// print_r($post);
// echo "<br/>";
// print_r($post->$field);
// echo "<br/>";
// exit;
}
}
// $post->insert();
// exit;
// This seems cheesy
$post->info->comments_disabled = !$form->comments_enabled->value;
// var_dump($post->info->comments_disabled);
// var_dump($form->comments_enabled->value);
// exit;
// This plugin hook allows changes to be made to the post object prior to its save to the database
Plugins::act('publish_post', $post, $form);
// Insert or Update
if ($post->id == 0) {
$post->insert();
} else {
$post->update($minor);
}
// Calling $form->save() calls ->save() on any controls that might have been added to the form by plugins
$form->save();
$permalink = $post->status != Post::status('published') ? $post->permalink . '?preview=1' : $post->permalink;
Session::notice(_t('The post %1$s has been saved as %2$s.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars($post->title)), Post::status_name($post->status))));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
}
echo $instance->id;
?>
"><?php
echo Utils::htmlspecialchars($instance->title);
?>
<small><?php
echo Utils::htmlspecialchars($instance->type);
?>
</small></h3>
<ul>
<li><a href="#" onclick="var i = $('<iframe src=\'<?php
echo URL::get('admin', array('page' => 'configure_block', 'blockid' => $instance->id));
?>
\' style=\'width:600px;height:300px;\'></iframe>'); i.dialog({bgiframe:true,height:300,width:778,modal:true,dialogClass:'jqueryui',draggable:false,title:'Configure Block: <?php
echo Utils::htmlspecialchars($instance->title);
?>
(<?php
echo Utils::htmlspecialchars($instance->type);
?>
)'});i.css('width','768px');return false;">configure</a></li>
<li><a href="#" onclick="delete_block(<?php
echo $instance->id;
?>
);return false;">delete</a></li>
</ul>
</div>
<?php
}
?>
</div>
<div class="container">
<label for="<?php
echo $id;
?>
" class="incontent <?php
echo $class;
?>
"><?php
echo $caption;
?>
</label>
<input type="text" name="<?php
echo $field;
?>
" id="<?php
echo $id;
?>
" class="styledformelement text <?php
echo $class;
?>
" value="<?php
echo Utils::htmlspecialchars($value);
?>
" <?php
echo isset($tabindex) ? ' tabindex="' . $tabindex . '"' : '';
?>
>
<?php
$control->errors_out('<li>%s</li>', '<ul class="error">%s</ul>');
?>
</div>
/**
* Produce the control for display
* @param Theme $theme The theme that will be used to render the template
* @return string The output of the template
*/
public function get(Theme $theme)
{
// The theme needs to have the control templates added
$this->prep_theme($theme);
// Start a var stack so that we can roll back to prior theme var values
$theme->start_buffer();
// Assign all of the vars to the theme
foreach ($this->vars as $k => $v) {
$theme->assign($k, $v);
}
// Put the value of the control into the theme
if (is_string($this->value) && $this->get_setting('escape_value', true)) {
$use_value = Utils::htmlspecialchars($this->value, ENT_COMPAT, 'UTF-8', false);
} else {
$use_value = $this->value;
}
$theme->value = $use_value;
// If there are errors, add an error class to the control
if ($this->has_errors) {
$this->add_class('_has_error');
}
// Assign the control and its attributes into the theme
$theme->_control = $this;
$theme->_name = $this->name;
$theme->_settings = $this->settings;
$theme->_properties = $this->properties;
$properties = is_array($this->properties) ? $this->properties : array();
if (!isset($this->settings['ignore_name'])) {
$properties = array_merge(array('name' => $this->input_name()), $properties);
}
if (!isset($this->settings['internal_value'])) {
$properties = array_merge(array('value' => $this->get_setting('html_value', $use_value)), $properties);
}
if (!$this->is_enabled()) {
$properties['disabled'] = 'disabled';
}
if ($id = $this->get_id(false)) {
$properties['id'] = $id;
}
$theme->_attributes = Utils::html_attr($properties, ENT_COMPAT, 'UTF-8', false, false);
if (isset($this->settings['template_attributes'])) {
$_template_attributes = array();
foreach ($this->settings['template_attributes'] as $target => $set) {
$_template_attributes[$target] = Utils::html_attr($set, ENT_COMPAT, 'UTF-8', false, false);
}
$theme->_template_attributes = $_template_attributes;
}
// Do rendering
$output = $this->get_setting('prefix_html', '');
if (isset($this->settings['content'])) {
// Allow descendants to override the content produced entirely
if (is_callable($this->settings['content'])) {
$content_fn = $this->settings['content'];
$output .= $content_fn($this);
} else {
$output .= $this->settings['content'];
}
}
if (!isset($this->settings['norender'])) {
// Allow descendants to skip rendering the template for this control
if (isset($this->settings['template_html'])) {
// template_html can be a closure, and if so, it is called here and its value is used as the output
if (is_callable($this->settings['template_html'])) {
$output .= $this->settings['template_html']($theme, $this);
} else {
$output .= $this->settings['template_html'];
}
} else {
$output .= $theme->display_fallback($this->get_template(), 'fetch');
}
}
// Is there help text? Output it, if so.
if (isset($this->helptext) && !empty($this->helptext)) {
$output .= $this->wrap_by($this->get_setting('wrap_help', '<div class="helptext">%s</div>'), $this->helptext);
}
$output .= $this->get_setting('postfix_html', '');
// If there are errors, wrap this control in an error div to display the errors.
if (count($this->errors) > 0) {
$output = $this->error_wrap($output, $this->errors);
} else {
$output = $this->wrap_by($this->get_setting('wrap', '%s'), $output, $this);
}
// Roll back the var stack we've been using for this control
$theme->end_buffer();
return $output;
}
<?php
if (!$user->info->authenticate_time) {
$last_login_message = _t('has not logged in yet');
} else {
$last_login_message = _t('was last seen %1$s at %2$s');
$last_login_message = sprintf($last_login_message, '<strong>' . date(DateTime::get_default_date_format(), strtotime($user->info->authenticate_time)) . '</strong>', '<strong>' . date(DateTime::get_default_time_format(), strtotime($user->info->authenticate_time)) . '</strong>');
}
$message_bits = array();
$post_statuses = Post::list_post_statuses();
unset($post_statuses[array_search('any', $post_statuses)]);
foreach ($post_statuses as $status_name => $status_id) {
$status_name = Plugins::filter('post_status_display', $status_name);
$count = Posts::count_by_author($user->id, $status_id);
if ($count > 0) {
$message = '<strong><a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'posts', 'user_id' => $user->id, 'type' => Post::type('any'), 'status' => $status_id))) . '">';
$message .= _n(_t('%1$d %2$s post', array($count, $status_name)), _t('%1$d %2$s posts', array($count, $status_name)), $count);
$message .= '</a></strong>';
$message_bits[] = $message;
}
}
if (!empty($message_bits)) {
$string = _t('%1$s and currently has %2$s', array($last_login_message, Format::and_list($message_bits)));
} else {
$string = $last_login_message;
}
echo $string;
?>
</span>
</div>
Plugins::act('theme_loginform_before');
?>
<form method="post" action="<?php
URL::out('auth', array('page' => 'login'));
?>
">
<p>
<label for="habari_username" class="incontent abovecontent"><?php
_e('Name');
?>
</label><input type="text" name="habari_username" id="habari_username"<?php
if (isset($habari_username)) {
?>
value="<?php
echo Utils::htmlspecialchars($habari_username);
?>
"<?php
}
?>
placeholder="<?php
_e('name');
?>
" class="styledformelement">
</p>
<p>
<label for="habari_password" class="incontent abovecontent"><?php
_e('Password');
?>
</label><input type="password" name="habari_password" id="habari_password" placeholder="<?php
_e('password');
<div class="container navigator">
<span class="older pct10"><a href="#" onclick="timeline.skipLoupeLeft();return false">« <?php
_e('Older');
?>
</a></span>
<span class="currentposition pct15 minor"><?php
_e('no results');
?>
</span>
<span class="search pct50">
<input id="search" type="search" placeholder="<?php
_e('Type and wait to search');
?>
" value="<?php
echo Utils::htmlspecialchars($search_args);
?>
">
</span>
<div class="filters pct15">
<ul class="dropbutton special_search">
<?php
foreach ($special_searches as $text => $term) {
?>
<li><a href="#<?php
echo $term;
?>
" title="<?php
printf(_t('Filter results for \'%s\''), $text);
?>
"><?php
/**
* Respond to the user selecting the confirm action
*
*/
public function action_plugin_ui_confirm()
{
$flickr = new Flickr();
if ( !isset( $_SESSION['flickr_frob'] ) ){
$auth_url = URL::get( 'admin', array( 'page' => 'plugins', 'configure' => $this->plugin_id(), 'configaction' => 'authorize' ) ) . '#plugin_options';
echo '<p>' . _t( 'Either you have already authorized Habari to access your flickr account, or you have not yet done so. Please ' ). '<a href="' . $auth_url . '">' . _t( 'try again' ) . '</a></p>';
}
else{
$token = $flickr->getToken( $_SESSION['flickr_frob'] );
if ( isset( $token->auth->perms ) ){
Options::set( 'flickr_token_' . User::identify()->id, '' . $token->auth->token );
echo '<p>' . _t( 'Your authorization was set successfully.' ) . '</p>';
}
else{
echo '<p>' . _t( 'There was a problem with your authorization:' ) . '</p>';
echo Utils::htmlspecialchars( $token->asXML() );
}
unset( $_SESSION['flickr_frob'] );
}
}
<?php if ( !defined( 'HABARI_PATH' ) ) { die('No direct access'); } ?>
<div<?php echo ($class) ? ' class="' . $class . '"' : ''?><?php echo ($id) ? ' id="' . $id . '"' : ''?>>
<?php if ($message != '') : ?>
<p class="error"><?php echo $message; ?></p>
<?php endif; ?>
<p><?php echo $this->caption; ?></p>
<?php
if (!is_array($value)) {
$value = array($value);
}
$i = 0;
foreach($value as $value_1) :
$i++;
if ( $value_1 ) :
?>
<input type="text" name="<?php echo $field; ?>[]" id="<?php echo $field . '_' . $i; ?>" value="<?php echo Utils::htmlspecialchars($value_1); ?>"> <label for="<?php echo $field . '_' . $i; ?>"><a href="#" onclick="return controls.textmulti.remove(this);">[<?php _e('remove'); ?>]</a></label>
<?php
endif;
endforeach;
?>
<a href="#" onclick="return controls.textmulti.add(this, '<?php echo $field; ?>');">[<?php _e('add'); ?>]</a>
</div>
echo $tag->id;
?>
]" id="checkbox_ids[<?php
echo $tag->id;
?>
]"></span><label for="checkbox_ids[<?php
echo $tag->id;
?>
]"><?php
echo $tag->term_display;
?>
</label><span class="count"><a href="<?php
URL::out('admin', array('page' => 'posts', 'search' => 'tag:' . $tag->tag_text_searchable));
?>
" title="<?php
echo Utils::htmlspecialchars(_t('Manage posts tagged %1$s', array($tag->term_display)));
?>
"><?php
echo $tag->count;
?>
</a></span>
</li>
<?php
}
} else {
?>
<div class="message none">
<p><?php
_e('No tags could be found to match the query criteria.');
?>
</p>
die('No direct access');
}
?>
<div<?php
echo $control->parameter_map(array('class', 'id' => 'name'));
?>
>
<span class="pct25"><label <?php
echo $control->parameter_map(array('title' => array('label_title', 'title'), 'for' => 'field'));
?>
><?php
echo $this->caption;
?>
</label></span>
<span class="pct25"><input <?php
echo $control->parameter_map(array('title' => array('control_title', 'title'), 'tabindex', 'size', 'maxlength', 'type', 'placeholder', 'autocomplete', 'disabled', 'readonly', 'id' => 'field', 'name' => 'field'), array('value' => Utils::htmlspecialchars($value)));
?>
></span>
<?php
if (!empty($helptext)) {
?>
<span class="pct40 helptext"><?php
echo $helptext;
?>
</span>
<?php
}
?>
<?php
$control->errors_out('<p class="error">%s</p>');
?>
<?php
include 'header.php';
?>
<form action="" method="post">
<input type="hidden" name="locale" value="<?php
echo Utils::htmlspecialchars($locale);
?>
">
<div class="installstep ready">
<h2>.htaccess<a href="#" class="help-me">(<?php
_e('help');
?>
)</a></h2>
<div class="options">
<div class="inputfield">
<?php
printf(_t('Your <b>.htaccess</b> file is not writable. In order to secure your SQLite database, please paste the following into <b>%s</b>:'), HABARI_PATH . '/.htaccess');
?>
<br />
<textarea class="config"><?php
echo $sqlite_contents;
?>
</textarea>
<div class="help">
<?php
_e('Your SQLite database is a file on your server like any other file. You can enhance it\'s security by including a section in your .htaccess file that disallows access to it by readers on the web. Habari is not able to write this section in your .htaccess file automatically, so you must add this section yourself to gain the enhanced security it offers you.');
?>
<a onclick="this.target='_blank';" href="<?php
/**
* Deletes a post from the database.
*/
public function post_delete_post()
{
$extract = $this->handler_vars->filter_keys('id', 'nonce', 'timestamp', 'digest');
foreach ($extract as $key => $value) {
${$key} = $value;
}
$okay = TRUE;
if (empty($id) || empty($nonce) || empty($timestamp) || empty($digest)) {
$okay = FALSE;
}
$wsse = Utils::WSSE($nonce, $timestamp);
if ($digest != $wsse['digest']) {
$okay = FALSE;
}
$post = Post::get(array('id' => $id, 'status' => Post::status('any')));
if (!ACL::access_check($post->get_access(), 'delete')) {
$okay = FALSE;
}
if (!$okay) {
Utils::redirect(URL::get('admin', 'page=posts&type=' . Post::status('any')));
}
$post->delete();
Session::notice(sprintf(_t('Deleted the %1$s titled "%2$s".'), Post::type_name($post->content_type), Utils::htmlspecialchars($post->title)));
Utils::redirect(URL::get('admin', 'page=posts&type=' . Post::status('any')));
}
/**
* Display the login form
*
* @param string $name Pre-fill the name field with this name
*/
protected function login_form($name)
{
// Display the login form.
$this->theme = Themes::create();
if (!$this->theme->template_exists('login')) {
$this->theme = Themes::create('admin', 'RawPHPEngine', Site::get_dir('admin_theme', TRUE));
$this->theme->assign('admin_page', 'login');
}
$request = new StdClass();
foreach (URL::get_active_rules() as $rule) {
$request->{$rule->name} = $rule->name == URL::get_matched_rule()->name;
}
if (isset($this->handler_vars['error'])) {
$this->theme->assign('error', Utils::htmlspecialchars($this->handler_vars['error']));
}
$this->theme->assign('request', $request);
$this->theme->assign('habari_username', htmlentities($name, ENT_QUOTES, 'UTF-8'));
$this->display('login');
return TRUE;
}
<p><?php
echo $control->caption;
?>
</p>
<?php
if (!is_array($control->value)) {
$value = array($control->value);
}
$i = 0;
foreach ($value as $value_1) {
$i++;
if ($value_1) {
?>
<span class="textmulti_item">
<input <?php
echo $control->parameter_map(array('tabindex', 'size', 'maxlength', 'autocomplete', 'disabled', 'readonly'), array('name' => $control->field . '[]', 'id' => $control->field . '_' . $i, 'value' => Utils::htmlspecialchars($value_1)));
?>
> <a href="#" onclick="return controls.textmulti.remove( this );" title="<?php
_e('remove');
?>
" class="textmulti_remove opa50">[<?php
_e('remove');
?>
]</a></span>
<?php
}
}
?>
<a href="#" onclick="return controls.textmulti.add(this, '<?php
echo $field;
?>
public function form_publish_success( FormUI $form )
{
$post_id = 0;
if ( isset( $this->handler_vars['id'] ) ) {
$post_id = intval( $this->handler_vars['id'] );
}
// If an id has been passed in, we're updating an existing post, otherwise we're creating one
if ( 0 !== $post_id ) {
$post = Post::get( array( 'id' => $post_id, 'status' => Post::status( 'any' ) ) );
// Verify that the post hasn't already been updated since the form was loaded
if ( $post->modified != $form->modified->value ) {
Session::notice( _t( 'The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array( sprintf( '<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars( $post->title ) ) ) ) );
Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) );
exit;
}
// REFACTOR: this is duplicated in the insert code below, move it outside of the conditions
// Don't try to update form values that have been removed by plugins
$expected = array('title', 'tags', 'content');
foreach ( $expected as $field ) {
if ( isset( $form->$field ) ) {
$post->$field = $form->$field->value;
}
}
if ( $form->newslug->value == '' && $post->status == Post::status( 'published' ) ) {
Session::notice( _t( 'A post slug cannot be empty. Keeping old slug.' ) );
}
elseif ( $form->newslug->value != $form->slug->value ) {
$post->slug = $form->newslug->value;
}
// REFACTOR: the permissions checks should go before any of this other logic
// sorry, we just don't allow changing posts you don't have rights to
if ( ! ACL::access_check( $post->get_access(), 'edit' ) ) {
Session::error( _t( 'You don\'t have permission to edit that post' ) );
$this->get_blank();
}
// sorry, we just don't allow changing content types to types you don't have rights to
$user = User::identify();
$type = 'post_' . Post::type_name( $form->content_type->value );
if ( $form->content_type->value != $post->content_type && ( $user->cannot( $type ) || ! $user->can_any( array( 'own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit' ) ) ) ) {
Session::error( _t( 'Changing content types is not allowed' ) );
$this->get_blank();
}
$post->content_type = $form->content_type->value;
// if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set
if ( ( $post->status != Post::status( 'published' ) )
&& ( $form->status->value == Post::status( 'published' ) )
&& ( HabariDateTime::date_create( $form->pubdate->value )->int == $form->updated->value )
) {
$post->pubdate = HabariDateTime::date_create();
}
// else let the user change the publication date.
// If previously published and the new date is in the future, the post will be unpublished and scheduled. Any other status, and the post will just get the new pubdate.
// This will result in the post being scheduled for future publication if the date/time is in the future and the new status is published.
else {
$post->pubdate = HabariDateTime::date_create( $form->pubdate->value );
}
$minor = $form->minor_edit->value && ( $post->status != Post::status( 'draft' ) );
$post->status = $form->status->value;
}
else {
// REFACTOR: don't do this here, it's duplicated in Post::create()
$post = new Post();
// check the user can create new posts of the set type.
$user = User::identify();
$type = 'post_' . Post::type_name( $form->content_type->value );
if ( ACL::user_cannot( $user, $type ) || ( ! ACL::user_can( $user, 'post_any', 'create' ) && ! ACL::user_can( $user, $type, 'create' ) ) ) {
Session::error( _t( 'Creating that post type is denied' ) );
$this->get_blank();
}
// REFACTOR: why is this on_success here? We don't even display a form
$form->on_success( array( $this, 'form_publish_success' ) );
if ( HabariDateTime::date_create( $form->pubdate->value )->int != $form->updated->value ) {
$post->pubdate = HabariDateTime::date_create( $form->pubdate->value );
}
$postdata = array(
'slug' => $form->newslug->value,
'user_id' => User::identify()->id,
'pubdate' => $post->pubdate,
'status' => $form->status->value,
'content_type' => $form->content_type->value,
);
// Don't try to add form values that have been removed by plugins
$expected = array( 'title', 'tags', 'content' );
foreach ( $expected as $field ) {
if ( isset( $form->$field ) ) {
$postdata[$field] = $form->$field->value;
}
}
$minor = false;
// REFACTOR: consider using new Post( $postdata ) instead and call ->insert() manually
$post = Post::create( $postdata );
}
$post->info->comments_disabled = !$form->comments_enabled->value;
// REFACTOR: admin should absolutely not have a hook for this here
Plugins::act( 'publish_post', $post, $form );
// REFACTOR: we should not have to update a post we just created, this should be moved to the post-update functionality above and only called if changes have been made
// alternately, perhaps call ->update() or ->insert() as appropriate here, so things that apply to each operation (like comments_disabled) can still be included once outside the conditions above
$post->update( $minor );
$permalink = ( $post->status != Post::status( 'published' ) ) ? $post->permalink . '?preview=1' : $post->permalink;
Session::notice( sprintf( _t( 'The post %1$s has been saved as %2$s.' ), sprintf( '<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars( $post->title ) ), Post::status_name( $post->status ) ) );
Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) );
}
}
?>
</span></span>
<span class="ip pct10 minor"><span><?php
echo long2ip($log->ip);
?>
</span></span>
<span class="module pct10 minor"><span><?php
echo $log->module;
?>
</span></span>
<span class="type pct10 minor"><span><?php
echo $log->type;
?>
</span></span>
<span class="severity pct10 minor"><span><?php
echo $log->severity;
?>
</span></span>
<span class="message pct25 minor less"><span><?php
echo Utils::truncate(Utils::htmlspecialchars($log->message), 40, false);
?>
</span></span>
<span class="message pct25 minor more"><span><?php
echo Utils::htmlspecialchars($log->message);
?>
</span></span>
</div>
<?php
}
<?php
}
?>
<?php
Plugins::act('comment_info', $comment);
?>
<p class="comment-type"><?php
echo Plugins::filter('comment_type_display', $comment->typename, 'singular');
?>
</p>
</div>
<span class="content pct75"><?php
if (MultiByte::valid_data($comment->content)) {
echo nl2br(Utils::htmlspecialchars($comment->content));
} else {
_e('this post contains text in an invalid encoding');
}
?>
</span>
</div>
</div>
<?php
}
} else {
?>
<div class="message none">
<p><?php
_e('No comments could be found to match the query criteria.');
/**
* Create a list of html element attributes from an associative array
*
* @param array $attrs An associative array of parameters
* @return string The parameters turned into a string of tag attributes
*/
public static function html_attr($attrs)
{
$out = '';
foreach ($attrs as $key => $value) {
$value = is_array($value) ? implode(' ', $value) : $value;
if ($value != '') {
$out .= ($out == '' ? '' : ' ') . $key . '="' . Utils::htmlspecialchars($value) . '"';
}
}
return $out;
}
</div>
</div>
</div>
<form method="post" name="moderation" action="<?php
URL::out('admin', array('page' => 'comments', 'status' => $status));
?>
">
<input type="hidden" name="search" value="<?php
echo Utils::htmlspecialchars($search);
?>
">
<input type="hidden" name="status" value="<?php
echo Utils::htmlspecialchars($status);
?>
">
<input type="hidden" id="nonce" name="nonce" value="<?php
echo $wsse['nonce'];
?>
">
<input type="hidden" id="timestamp" name="timestamp" value="<?php
echo $wsse['timestamp'];
?>
">
<input type="hidden" id="PasswordDigest" name="PasswordDigest" value="<?php
echo $wsse['digest'];
?>
">
<div class="<?php echo $field; ?> "> <button type="submit" id="<?php echo $field; ?> " tabindex="<?php echo $tabindex; ?> "><?php _e(Utils::htmlspecialchars($caption)); ?> </button> </div>
