function test_tokenizer() { foreach ( $this->html_strs as $html_str ) { $t = new HTMLTokenizer( $html_str ); $tokens = $t->parse(); $new_str = (string)$tokens; $this->assert_identical( $html_str, $new_str, "<br>" . Utils::htmlspecialchars( $html_str ) . "<br>" . Utils::htmlspecialchars( $new_str ) ); } }
public function test_autop() { $data = $this->autop_data_provider(); foreach ($data as $index => $datum) { $result = trim($datum['want']) === trim(Format::autop($datum['in'])) ? true : false; if (!$result) { $this->output(sprintf('<h2>Test %s</h2><br><strong>Input:</strong><br><textarea>%s</textarea><br><strong>Expected:</strong><br><textarea>%s</textarea><br><strong>Got:</strong><br><textarea>%s</textarea>', $index, Utils::htmlspecialchars($datum['in']), Utils::htmlspecialchars($datum['want']), Utils::htmlspecialchars(Format::autop($datum['in'])))); } $this->assert_true($result, sprintf("Output does not match desired output in %s", $index)); } }
public function test_autop() { $data = $this->autop_data_provider(); foreach( $data as $index => $datum ) { $this->assert_equal( trim( $datum['want'] ), trim( Format::autop( $datum['in'] ) ), sprintf( 'Test %d<br><strong>Expected:</strong><br>%s<br><strong>Got:</strong><br> %s', $index, nl2br( Utils::htmlspecialchars( $datum['want'] ) ), nl2br( Utils::htmlspecialchars( Format::autop( $datum['in'] ) ) ) ) ); } }
public function get(Theme $theme) { $checkboxes = $this->options; $control = $this; if (!is_array($control->value)) { $control->value = array(); } array_walk($checkboxes, function (&$item, $key) use($control) { $item = array('label' => Utils::htmlspecialchars($item), 'id' => Utils::slugify($control->get_id() . '-' . $key), 'checked' => in_array($key, $control->value) ? 'checked="checked"' : ''); }); $this->vars['checkboxes'] = $checkboxes; $this->settings['ignore_name'] = true; return parent::get($theme); }
/** * Convert a token to a string * * @param array $token The token to convert * @param bool $escape Whether to escape the string that is returned * @return string The string representation of the token */ public static function token_to_string(array $token, $escape = true) { switch ($token['type']) { case HTMLTokenizer::NODE_TYPE_TEXT: return $escape ? Utils::htmlspecialchars(html_entity_decode($token['value'], ENT_QUOTES, 'UTF-8')) : $token['value']; break; case HTMLTokenizer::NODE_TYPE_ELEMENT_OPEN: case HTMLTokenizer::NODE_TYPE_ELEMENT_EMPTY: $out = '<' . $token['name']; if (isset($token['attrs']) && is_array($token['attrs'])) { foreach ($token['attrs'] as $attr => $attrval) { $out .= " {$attr}=\""; if ($escape) { $out .= Utils::htmlspecialchars(html_entity_decode($attrval, ENT_QUOTES, 'UTF-8')); } else { $out .= html_entity_decode($attrval, ENT_QUOTES, 'UTF-8'); } $out .= '"'; } } $out .= '>'; break; case HTMLTokenizer::NODE_TYPE_ELEMENT_CLOSE: $out = "</{$token['name']}>"; break; case HTMLTokenizer::NODE_TYPE_PI: $out = "<?{$token['name']}{$token['value']}>"; break; case HTMLTokenizer::NODE_TYPE_COMMENT: $out = "<!--{$token['value']}-->"; break; case HTMLTokenizer::NODE_TYPE_CDATA_SECTION: $out = "<![CDATA[{$token['value']}]]>"; break; case HTMLTokenizer::NODE_TYPE_STATEMENT: $out = "<!{$token['name']}"; if (!empty($token['value'])) { $out .= " {$token['value']}"; } $out .= ">"; break; } return $out; }
</option> <?php } ?> </optgroup> <?php } else { ?> <option value="<?php echo $opts_key; ?> "<?php echo in_array($opts_key, (array) $value) ? ' selected' : ''; ?> ><?php echo Utils::htmlspecialchars($opts_val); ?> </option> <?php } } ?> </select> <?php if ($message != '') { ?> <p class="error"><?php echo $message; ?> </p> <?php
<div class="area_drop"> <?php $area = (string) $area['name']; if (isset($blocks_areas[$scopeid]) && is_array($blocks_areas[$scopeid]) && isset($blocks_areas[$scopeid][$area]) && is_array($blocks_areas[$scopeid][$area])) { ?> <?php foreach ($blocks_areas[$scopeid][$area] as $block) { ?> <div class="area_block"><h3 class="block_instance_<?php echo $block->id; ?> "><?php echo $block->title; ?> <small><?php echo Utils::htmlspecialchars($block->type); ?> </small></h3></div> <?php } ?> <?php } ?> </div> </div> <?php } ?> </div> <div class="delete_drop"><span><?php
/** * Create a list of html element attributes from an associative array * * @param array $attrs An associative array of parameters * @param integer $quote_flag Sets what quotes and doublequotes are escaped * @param string $encoding The encoding of the passed string * @param boolean $decode Whether or not to unescape any html entities first * @param boolean $double_encode Whether or not to double escape any html entities * @return string The parameters turned into a string of tag attributes */ public static function html_attr($attrs, $quote_flag = ENT_COMPAT, $encoding = 'UTF-8', $decode = true, $double_encode = true) { $out = ''; foreach ($attrs as $key => $value) { $value = is_array($value) ? implode(' ', $value) : $value; if ($value != '') { $out .= ($out == '' ? '' : ' ') . $key . '="' . Utils::htmlspecialchars($value, $quote_flag, $encoding, $decode, $double_encode) . '"'; } } return $out; }
/** * Output the Atom entry for a specific slug * * @param string $slug The slug to get the entry for */ public function get_entry( $slug ) { $params['slug'] = $slug; $params['status'] = $this->is_auth() ? 'any' : Post::status( 'published' ); if ( $post = Post::get( $params ) ) { // Assign alternate link. $alternate = URL::get( 'display_entry', $post, false ); $self = URL::get( 'atom_entry', $post, false ); $id = isset( $params['slug'] ) ? $params['slug'] : 'atom_entry'; $user = User::get_by_id( $post->user_id ); $title = ( $this->is_auth() ) ? $post->title : $post->title_atom; $content = ( $this->is_auth() ) ? Utils::htmlspecialchars( $post->content ) : Utils::htmlspecialchars( $post->content_atom ); // Build the namespaces, plugins can alter it to override or insert their own. $namespaces = array( 'default' => 'http://www.w3.org/2005/Atom' ); $namespaces = Plugins::filter( 'atom_get_entry_namespaces', $namespaces ); $namespaces = array_map( create_function( '$value,$key', 'return ( ( $key == "default" ) ? "xmlns" : "xmlns:" . $key ) . "=\"" . $value ."\"";' ), $namespaces, array_keys( $namespaces ) ); $namespaces = implode( ' ', $namespaces ); $xml = new SimpleXMLElement( '<entry ' . $namespaces . '></entry>' ); $entry = $xml; $entry_title = $entry->title = $title; $entry_author = $entry->addChild( 'author' ); $author_name = $entry_author->addChild( 'name', $user->displayname ); $entry_link = $xml->addChild( 'link' ); $entry_link->addAttribute( 'rel', 'alternate' ); $entry_link->addAttribute( 'href', $post->permalink ); $entry_link = $entry->addChild( 'link' ); $entry_link->addAttribute( 'rel', 'edit' ); $entry_link->addAttribute( 'href', URL::get( 'atom_entry', "slug={$post->slug}" ) ); $entry_id = $entry->addChild( 'id', $post->guid ); $entry_updated = $entry->addChild( 'updated', $post->updated->get( 'c' ) ); $entry_edited = $entry->addChild( 'app:edited', $post->modified->get( 'c' ), 'http://www.w3.org/2007/app' ); $entry_published = $entry->addChild( 'published', $post->pubdate->get( 'c' ) ); foreach ( $post->tags as $tag ) { $entry_category = $entry->addChild( 'category' ); $entry_category->addAttribute( 'term', $tag->term ); } $entry_content = $entry->addChild( 'content', $content ); $entry_content->addAttribute( 'type', 'html' ); Plugins::act( 'atom_get_entry', $xml, $post, $this->handler_vars ); $xml = $xml->asXML(); ob_clean(); header( 'Content-Type: application/atom+xml' ); print $this->tidy_xml( $xml ); } }
public function form_publish_success(FormUI $form) { // var_dump( $form->post->storage); $user = User::identify(); // Get the Post object from the hidden 'post' control on the form /** @var Post $post */ $post = $form->post->storage; // Do some permission checks // @todo REFACTOR: These probably don't work and should be refactored to use validators on the form fields instead // sorry, we just don't allow changing posts you don't have rights to if ($post->id != 0 && !ACL::access_check($post->get_access(), 'edit')) { Session::error(_t('You don\'t have permission to edit that post')); $this->get_blank(); } // sorry, we just don't allow changing content types to types you don't have rights to $type = 'post_' . Post::type_name($form->content_type->value); if ($form->content_type->value != $post->content_type && ($user->cannot($type) || !$user->can_any(array('own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit')))) { Session::error(_t('Changing content types is not allowed')); // @todo This isn't ideal at all, since it loses all of the changes... Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); exit; } // If we're creating a new post... if ($post->id == 0) { // check the user can create new posts of the set type. $type = 'post_' . Post::type_name($form->content_type->value); if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'create') && !ACL::user_can($user, $type, 'create')) { Session::error(_t('Creating that post type is denied')); Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); exit; } // Only the original author is associated with a new post $post->user_id = $user->id; } else { // check the user can create new posts of the set type. $type = 'post_' . Post::type_name($form->content_type->value); if (!ACL::access_check($post->get_access(), 'edit')) { Session::error(_t('Editing that post type is denied')); Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); exit; } // Verify that the post hasn't already been updated since the form was loaded if ($post->modified != $form->modified->value) { Session::notice(_t('The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars($post->title))))); Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); exit; } // Prevent a published post from having its slug zeroed if ($form->newslug->value == '' && $post->status == Post::status('published')) { Session::notice(_t('A post slug cannot be empty. Keeping old slug.')); $form->newslug->value = $form->slug->value; } } // if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set if ($post->status != Post::status('published') && $form->status->value == Post::status('published') && HabariDateTime::date_create($form->pubdate->value)->int == $form->updated->value) { $post->pubdate = HabariDateTime::date_create(); } else { $post->pubdate = HabariDateTime::date_create($form->pubdate->value); } // Minor updates are when the user has checked the minor update box and the post isn't in draft or new $minor = $form->minor_edit->value && $post->status != Post::status('draft') && $post->id != 0; // Don't try to update form values that have been removed by plugins, // look for these fields before committing their values to the post $expected = array('title' => 'title', 'tags' => 'tags', 'content' => 'content', 'slug' => 'newslug', 'content_type' => 'content_type', 'status' => 'status'); // var_dump($form->$field); // exit; foreach ($expected as $field => $control) { if (isset($form->{$field})) { //var_dump( $form->$control->value); // exit; //echo $field."----------".$control; $post->{$field} = $form->{$control}->value; // $post->title = '新的的標題1111'; // $post->tags = '標籤1111'; // $post->content = '我的文章內容測試'; // $post->slug = '我的文章內容測試-1'; // // $post->content_type = 'kkk-2'; // $post->status = 2; // print_r($post); // echo "<br/>"; // print_r($post->$field); // echo "<br/>"; // exit; } } // $post->insert(); // exit; // This seems cheesy $post->info->comments_disabled = !$form->comments_enabled->value; // var_dump($post->info->comments_disabled); // var_dump($form->comments_enabled->value); // exit; // This plugin hook allows changes to be made to the post object prior to its save to the database Plugins::act('publish_post', $post, $form); // Insert or Update if ($post->id == 0) { $post->insert(); } else { $post->update($minor); } // Calling $form->save() calls ->save() on any controls that might have been added to the form by plugins $form->save(); $permalink = $post->status != Post::status('published') ? $post->permalink . '?preview=1' : $post->permalink; Session::notice(_t('The post %1$s has been saved as %2$s.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars($post->title)), Post::status_name($post->status)))); Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); }
echo $instance->id; ?> "><?php echo Utils::htmlspecialchars($instance->title); ?> <small><?php echo Utils::htmlspecialchars($instance->type); ?> </small></h3> <ul> <li><a href="#" onclick="var i = $('<iframe src=\'<?php echo URL::get('admin', array('page' => 'configure_block', 'blockid' => $instance->id)); ?> \' style=\'width:600px;height:300px;\'></iframe>'); i.dialog({bgiframe:true,height:300,width:778,modal:true,dialogClass:'jqueryui',draggable:false,title:'Configure Block: <?php echo Utils::htmlspecialchars($instance->title); ?> (<?php echo Utils::htmlspecialchars($instance->type); ?> )'});i.css('width','768px');return false;">configure</a></li> <li><a href="#" onclick="delete_block(<?php echo $instance->id; ?> );return false;">delete</a></li> </ul> </div> <?php } ?> </div>
<div class="container"> <label for="<?php echo $id; ?> " class="incontent <?php echo $class; ?> "><?php echo $caption; ?> </label> <input type="text" name="<?php echo $field; ?> " id="<?php echo $id; ?> " class="styledformelement text <?php echo $class; ?> " value="<?php echo Utils::htmlspecialchars($value); ?> " <?php echo isset($tabindex) ? ' tabindex="' . $tabindex . '"' : ''; ?> > <?php $control->errors_out('<li>%s</li>', '<ul class="error">%s</ul>'); ?> </div>
/** * Produce the control for display * @param Theme $theme The theme that will be used to render the template * @return string The output of the template */ public function get(Theme $theme) { // The theme needs to have the control templates added $this->prep_theme($theme); // Start a var stack so that we can roll back to prior theme var values $theme->start_buffer(); // Assign all of the vars to the theme foreach ($this->vars as $k => $v) { $theme->assign($k, $v); } // Put the value of the control into the theme if (is_string($this->value) && $this->get_setting('escape_value', true)) { $use_value = Utils::htmlspecialchars($this->value, ENT_COMPAT, 'UTF-8', false); } else { $use_value = $this->value; } $theme->value = $use_value; // If there are errors, add an error class to the control if ($this->has_errors) { $this->add_class('_has_error'); } // Assign the control and its attributes into the theme $theme->_control = $this; $theme->_name = $this->name; $theme->_settings = $this->settings; $theme->_properties = $this->properties; $properties = is_array($this->properties) ? $this->properties : array(); if (!isset($this->settings['ignore_name'])) { $properties = array_merge(array('name' => $this->input_name()), $properties); } if (!isset($this->settings['internal_value'])) { $properties = array_merge(array('value' => $this->get_setting('html_value', $use_value)), $properties); } if (!$this->is_enabled()) { $properties['disabled'] = 'disabled'; } if ($id = $this->get_id(false)) { $properties['id'] = $id; } $theme->_attributes = Utils::html_attr($properties, ENT_COMPAT, 'UTF-8', false, false); if (isset($this->settings['template_attributes'])) { $_template_attributes = array(); foreach ($this->settings['template_attributes'] as $target => $set) { $_template_attributes[$target] = Utils::html_attr($set, ENT_COMPAT, 'UTF-8', false, false); } $theme->_template_attributes = $_template_attributes; } // Do rendering $output = $this->get_setting('prefix_html', ''); if (isset($this->settings['content'])) { // Allow descendants to override the content produced entirely if (is_callable($this->settings['content'])) { $content_fn = $this->settings['content']; $output .= $content_fn($this); } else { $output .= $this->settings['content']; } } if (!isset($this->settings['norender'])) { // Allow descendants to skip rendering the template for this control if (isset($this->settings['template_html'])) { // template_html can be a closure, and if so, it is called here and its value is used as the output if (is_callable($this->settings['template_html'])) { $output .= $this->settings['template_html']($theme, $this); } else { $output .= $this->settings['template_html']; } } else { $output .= $theme->display_fallback($this->get_template(), 'fetch'); } } // Is there help text? Output it, if so. if (isset($this->helptext) && !empty($this->helptext)) { $output .= $this->wrap_by($this->get_setting('wrap_help', '<div class="helptext">%s</div>'), $this->helptext); } $output .= $this->get_setting('postfix_html', ''); // If there are errors, wrap this control in an error div to display the errors. if (count($this->errors) > 0) { $output = $this->error_wrap($output, $this->errors); } else { $output = $this->wrap_by($this->get_setting('wrap', '%s'), $output, $this); } // Roll back the var stack we've been using for this control $theme->end_buffer(); return $output; }
<?php if (!$user->info->authenticate_time) { $last_login_message = _t('has not logged in yet'); } else { $last_login_message = _t('was last seen %1$s at %2$s'); $last_login_message = sprintf($last_login_message, '<strong>' . date(DateTime::get_default_date_format(), strtotime($user->info->authenticate_time)) . '</strong>', '<strong>' . date(DateTime::get_default_time_format(), strtotime($user->info->authenticate_time)) . '</strong>'); } $message_bits = array(); $post_statuses = Post::list_post_statuses(); unset($post_statuses[array_search('any', $post_statuses)]); foreach ($post_statuses as $status_name => $status_id) { $status_name = Plugins::filter('post_status_display', $status_name); $count = Posts::count_by_author($user->id, $status_id); if ($count > 0) { $message = '<strong><a href="' . Utils::htmlspecialchars(URL::get('admin', array('page' => 'posts', 'user_id' => $user->id, 'type' => Post::type('any'), 'status' => $status_id))) . '">'; $message .= _n(_t('%1$d %2$s post', array($count, $status_name)), _t('%1$d %2$s posts', array($count, $status_name)), $count); $message .= '</a></strong>'; $message_bits[] = $message; } } if (!empty($message_bits)) { $string = _t('%1$s and currently has %2$s', array($last_login_message, Format::and_list($message_bits))); } else { $string = $last_login_message; } echo $string; ?> </span> </div>
Plugins::act('theme_loginform_before'); ?> <form method="post" action="<?php URL::out('auth', array('page' => 'login')); ?> "> <p> <label for="habari_username" class="incontent abovecontent"><?php _e('Name'); ?> </label><input type="text" name="habari_username" id="habari_username"<?php if (isset($habari_username)) { ?> value="<?php echo Utils::htmlspecialchars($habari_username); ?> "<?php } ?> placeholder="<?php _e('name'); ?> " class="styledformelement"> </p> <p> <label for="habari_password" class="incontent abovecontent"><?php _e('Password'); ?> </label><input type="password" name="habari_password" id="habari_password" placeholder="<?php _e('password');
<div class="container navigator"> <span class="older pct10"><a href="#" onclick="timeline.skipLoupeLeft();return false">« <?php _e('Older'); ?> </a></span> <span class="currentposition pct15 minor"><?php _e('no results'); ?> </span> <span class="search pct50"> <input id="search" type="search" placeholder="<?php _e('Type and wait to search'); ?> " value="<?php echo Utils::htmlspecialchars($search_args); ?> "> </span> <div class="filters pct15"> <ul class="dropbutton special_search"> <?php foreach ($special_searches as $text => $term) { ?> <li><a href="#<?php echo $term; ?> " title="<?php printf(_t('Filter results for \'%s\''), $text); ?> "><?php
/** * Respond to the user selecting the confirm action * */ public function action_plugin_ui_confirm() { $flickr = new Flickr(); if ( !isset( $_SESSION['flickr_frob'] ) ){ $auth_url = URL::get( 'admin', array( 'page' => 'plugins', 'configure' => $this->plugin_id(), 'configaction' => 'authorize' ) ) . '#plugin_options'; echo '<p>' . _t( 'Either you have already authorized Habari to access your flickr account, or you have not yet done so. Please ' ). '<a href="' . $auth_url . '">' . _t( 'try again' ) . '</a></p>'; } else{ $token = $flickr->getToken( $_SESSION['flickr_frob'] ); if ( isset( $token->auth->perms ) ){ Options::set( 'flickr_token_' . User::identify()->id, '' . $token->auth->token ); echo '<p>' . _t( 'Your authorization was set successfully.' ) . '</p>'; } else{ echo '<p>' . _t( 'There was a problem with your authorization:' ) . '</p>'; echo Utils::htmlspecialchars( $token->asXML() ); } unset( $_SESSION['flickr_frob'] ); } }
<?php if ( !defined( 'HABARI_PATH' ) ) { die('No direct access'); } ?> <div<?php echo ($class) ? ' class="' . $class . '"' : ''?><?php echo ($id) ? ' id="' . $id . '"' : ''?>> <?php if ($message != '') : ?> <p class="error"><?php echo $message; ?></p> <?php endif; ?> <p><?php echo $this->caption; ?></p> <?php if (!is_array($value)) { $value = array($value); } $i = 0; foreach($value as $value_1) : $i++; if ( $value_1 ) : ?> <input type="text" name="<?php echo $field; ?>[]" id="<?php echo $field . '_' . $i; ?>" value="<?php echo Utils::htmlspecialchars($value_1); ?>"> <label for="<?php echo $field . '_' . $i; ?>"><a href="#" onclick="return controls.textmulti.remove(this);">[<?php _e('remove'); ?>]</a></label> <?php endif; endforeach; ?> <a href="#" onclick="return controls.textmulti.add(this, '<?php echo $field; ?>');">[<?php _e('add'); ?>]</a> </div>
echo $tag->id; ?> ]" id="checkbox_ids[<?php echo $tag->id; ?> ]"></span><label for="checkbox_ids[<?php echo $tag->id; ?> ]"><?php echo $tag->term_display; ?> </label><span class="count"><a href="<?php URL::out('admin', array('page' => 'posts', 'search' => 'tag:' . $tag->tag_text_searchable)); ?> " title="<?php echo Utils::htmlspecialchars(_t('Manage posts tagged %1$s', array($tag->term_display))); ?> "><?php echo $tag->count; ?> </a></span> </li> <?php } } else { ?> <div class="message none"> <p><?php _e('No tags could be found to match the query criteria.'); ?> </p>
die('No direct access'); } ?> <div<?php echo $control->parameter_map(array('class', 'id' => 'name')); ?> > <span class="pct25"><label <?php echo $control->parameter_map(array('title' => array('label_title', 'title'), 'for' => 'field')); ?> ><?php echo $this->caption; ?> </label></span> <span class="pct25"><input <?php echo $control->parameter_map(array('title' => array('control_title', 'title'), 'tabindex', 'size', 'maxlength', 'type', 'placeholder', 'autocomplete', 'disabled', 'readonly', 'id' => 'field', 'name' => 'field'), array('value' => Utils::htmlspecialchars($value))); ?> ></span> <?php if (!empty($helptext)) { ?> <span class="pct40 helptext"><?php echo $helptext; ?> </span> <?php } ?> <?php $control->errors_out('<p class="error">%s</p>'); ?>
<?php include 'header.php'; ?> <form action="" method="post"> <input type="hidden" name="locale" value="<?php echo Utils::htmlspecialchars($locale); ?> "> <div class="installstep ready"> <h2>.htaccess<a href="#" class="help-me">(<?php _e('help'); ?> )</a></h2> <div class="options"> <div class="inputfield"> <?php printf(_t('Your <b>.htaccess</b> file is not writable. In order to secure your SQLite database, please paste the following into <b>%s</b>:'), HABARI_PATH . '/.htaccess'); ?> <br /> <textarea class="config"><?php echo $sqlite_contents; ?> </textarea> <div class="help"> <?php _e('Your SQLite database is a file on your server like any other file. You can enhance it\'s security by including a section in your .htaccess file that disallows access to it by readers on the web. Habari is not able to write this section in your .htaccess file automatically, so you must add this section yourself to gain the enhanced security it offers you.'); ?> <a onclick="this.target='_blank';" href="<?php
/** * Deletes a post from the database. */ public function post_delete_post() { $extract = $this->handler_vars->filter_keys('id', 'nonce', 'timestamp', 'digest'); foreach ($extract as $key => $value) { ${$key} = $value; } $okay = TRUE; if (empty($id) || empty($nonce) || empty($timestamp) || empty($digest)) { $okay = FALSE; } $wsse = Utils::WSSE($nonce, $timestamp); if ($digest != $wsse['digest']) { $okay = FALSE; } $post = Post::get(array('id' => $id, 'status' => Post::status('any'))); if (!ACL::access_check($post->get_access(), 'delete')) { $okay = FALSE; } if (!$okay) { Utils::redirect(URL::get('admin', 'page=posts&type=' . Post::status('any'))); } $post->delete(); Session::notice(sprintf(_t('Deleted the %1$s titled "%2$s".'), Post::type_name($post->content_type), Utils::htmlspecialchars($post->title))); Utils::redirect(URL::get('admin', 'page=posts&type=' . Post::status('any'))); }
/** * Display the login form * * @param string $name Pre-fill the name field with this name */ protected function login_form($name) { // Display the login form. $this->theme = Themes::create(); if (!$this->theme->template_exists('login')) { $this->theme = Themes::create('admin', 'RawPHPEngine', Site::get_dir('admin_theme', TRUE)); $this->theme->assign('admin_page', 'login'); } $request = new StdClass(); foreach (URL::get_active_rules() as $rule) { $request->{$rule->name} = $rule->name == URL::get_matched_rule()->name; } if (isset($this->handler_vars['error'])) { $this->theme->assign('error', Utils::htmlspecialchars($this->handler_vars['error'])); } $this->theme->assign('request', $request); $this->theme->assign('habari_username', htmlentities($name, ENT_QUOTES, 'UTF-8')); $this->display('login'); return TRUE; }
<p><?php echo $control->caption; ?> </p> <?php if (!is_array($control->value)) { $value = array($control->value); } $i = 0; foreach ($value as $value_1) { $i++; if ($value_1) { ?> <span class="textmulti_item"> <input <?php echo $control->parameter_map(array('tabindex', 'size', 'maxlength', 'autocomplete', 'disabled', 'readonly'), array('name' => $control->field . '[]', 'id' => $control->field . '_' . $i, 'value' => Utils::htmlspecialchars($value_1))); ?> > <a href="#" onclick="return controls.textmulti.remove( this );" title="<?php _e('remove'); ?> " class="textmulti_remove opa50">[<?php _e('remove'); ?> ]</a></span> <?php } } ?> <a href="#" onclick="return controls.textmulti.add(this, '<?php echo $field; ?>
public function form_publish_success( FormUI $form ) { $post_id = 0; if ( isset( $this->handler_vars['id'] ) ) { $post_id = intval( $this->handler_vars['id'] ); } // If an id has been passed in, we're updating an existing post, otherwise we're creating one if ( 0 !== $post_id ) { $post = Post::get( array( 'id' => $post_id, 'status' => Post::status( 'any' ) ) ); // Verify that the post hasn't already been updated since the form was loaded if ( $post->modified != $form->modified->value ) { Session::notice( _t( 'The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array( sprintf( '<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars( $post->title ) ) ) ) ); Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) ); exit; } // REFACTOR: this is duplicated in the insert code below, move it outside of the conditions // Don't try to update form values that have been removed by plugins $expected = array('title', 'tags', 'content'); foreach ( $expected as $field ) { if ( isset( $form->$field ) ) { $post->$field = $form->$field->value; } } if ( $form->newslug->value == '' && $post->status == Post::status( 'published' ) ) { Session::notice( _t( 'A post slug cannot be empty. Keeping old slug.' ) ); } elseif ( $form->newslug->value != $form->slug->value ) { $post->slug = $form->newslug->value; } // REFACTOR: the permissions checks should go before any of this other logic // sorry, we just don't allow changing posts you don't have rights to if ( ! ACL::access_check( $post->get_access(), 'edit' ) ) { Session::error( _t( 'You don\'t have permission to edit that post' ) ); $this->get_blank(); } // sorry, we just don't allow changing content types to types you don't have rights to $user = User::identify(); $type = 'post_' . Post::type_name( $form->content_type->value ); if ( $form->content_type->value != $post->content_type && ( $user->cannot( $type ) || ! $user->can_any( array( 'own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit' ) ) ) ) { Session::error( _t( 'Changing content types is not allowed' ) ); $this->get_blank(); } $post->content_type = $form->content_type->value; // if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set if ( ( $post->status != Post::status( 'published' ) ) && ( $form->status->value == Post::status( 'published' ) ) && ( HabariDateTime::date_create( $form->pubdate->value )->int == $form->updated->value ) ) { $post->pubdate = HabariDateTime::date_create(); } // else let the user change the publication date. // If previously published and the new date is in the future, the post will be unpublished and scheduled. Any other status, and the post will just get the new pubdate. // This will result in the post being scheduled for future publication if the date/time is in the future and the new status is published. else { $post->pubdate = HabariDateTime::date_create( $form->pubdate->value ); } $minor = $form->minor_edit->value && ( $post->status != Post::status( 'draft' ) ); $post->status = $form->status->value; } else { // REFACTOR: don't do this here, it's duplicated in Post::create() $post = new Post(); // check the user can create new posts of the set type. $user = User::identify(); $type = 'post_' . Post::type_name( $form->content_type->value ); if ( ACL::user_cannot( $user, $type ) || ( ! ACL::user_can( $user, 'post_any', 'create' ) && ! ACL::user_can( $user, $type, 'create' ) ) ) { Session::error( _t( 'Creating that post type is denied' ) ); $this->get_blank(); } // REFACTOR: why is this on_success here? We don't even display a form $form->on_success( array( $this, 'form_publish_success' ) ); if ( HabariDateTime::date_create( $form->pubdate->value )->int != $form->updated->value ) { $post->pubdate = HabariDateTime::date_create( $form->pubdate->value ); } $postdata = array( 'slug' => $form->newslug->value, 'user_id' => User::identify()->id, 'pubdate' => $post->pubdate, 'status' => $form->status->value, 'content_type' => $form->content_type->value, ); // Don't try to add form values that have been removed by plugins $expected = array( 'title', 'tags', 'content' ); foreach ( $expected as $field ) { if ( isset( $form->$field ) ) { $postdata[$field] = $form->$field->value; } } $minor = false; // REFACTOR: consider using new Post( $postdata ) instead and call ->insert() manually $post = Post::create( $postdata ); } $post->info->comments_disabled = !$form->comments_enabled->value; // REFACTOR: admin should absolutely not have a hook for this here Plugins::act( 'publish_post', $post, $form ); // REFACTOR: we should not have to update a post we just created, this should be moved to the post-update functionality above and only called if changes have been made // alternately, perhaps call ->update() or ->insert() as appropriate here, so things that apply to each operation (like comments_disabled) can still be included once outside the conditions above $post->update( $minor ); $permalink = ( $post->status != Post::status( 'published' ) ) ? $post->permalink . '?preview=1' : $post->permalink; Session::notice( sprintf( _t( 'The post %1$s has been saved as %2$s.' ), sprintf( '<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars( $post->title ) ), Post::status_name( $post->status ) ) ); Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) ); }
} ?> </span></span> <span class="ip pct10 minor"><span><?php echo long2ip($log->ip); ?> </span></span> <span class="module pct10 minor"><span><?php echo $log->module; ?> </span></span> <span class="type pct10 minor"><span><?php echo $log->type; ?> </span></span> <span class="severity pct10 minor"><span><?php echo $log->severity; ?> </span></span> <span class="message pct25 minor less"><span><?php echo Utils::truncate(Utils::htmlspecialchars($log->message), 40, false); ?> </span></span> <span class="message pct25 minor more"><span><?php echo Utils::htmlspecialchars($log->message); ?> </span></span> </div> <?php }
<?php } ?> <?php Plugins::act('comment_info', $comment); ?> <p class="comment-type"><?php echo Plugins::filter('comment_type_display', $comment->typename, 'singular'); ?> </p> </div> <span class="content pct75"><?php if (MultiByte::valid_data($comment->content)) { echo nl2br(Utils::htmlspecialchars($comment->content)); } else { _e('this post contains text in an invalid encoding'); } ?> </span> </div> </div> <?php } } else { ?> <div class="message none"> <p><?php _e('No comments could be found to match the query criteria.');
/** * Create a list of html element attributes from an associative array * * @param array $attrs An associative array of parameters * @return string The parameters turned into a string of tag attributes */ public static function html_attr($attrs) { $out = ''; foreach ($attrs as $key => $value) { $value = is_array($value) ? implode(' ', $value) : $value; if ($value != '') { $out .= ($out == '' ? '' : ' ') . $key . '="' . Utils::htmlspecialchars($value) . '"'; } } return $out; }
</div> </div> </div> <form method="post" name="moderation" action="<?php URL::out('admin', array('page' => 'comments', 'status' => $status)); ?> "> <input type="hidden" name="search" value="<?php echo Utils::htmlspecialchars($search); ?> "> <input type="hidden" name="status" value="<?php echo Utils::htmlspecialchars($status); ?> "> <input type="hidden" id="nonce" name="nonce" value="<?php echo $wsse['nonce']; ?> "> <input type="hidden" id="timestamp" name="timestamp" value="<?php echo $wsse['timestamp']; ?> "> <input type="hidden" id="PasswordDigest" name="PasswordDigest" value="<?php echo $wsse['digest']; ?> ">
<div class="<?php echo $field; ?> "> <button type="submit" id="<?php echo $field; ?> " tabindex="<?php echo $tabindex; ?> "><?php _e(Utils::htmlspecialchars($caption)); ?> </button> </div>