function Finder()
{
global $page, $config, $dataDir;
$page->head .= "\n" . '<link rel="stylesheet" type="text/css" media="screen" href="' . common::GetDir('/include/thirdparty/finder/css/finder.css') . '">';
$page->head .= "\n" . '<link rel="stylesheet" type="text/css" media="screen" href="' . common::GetDir('/include/thirdparty/finder/style.css') . '">';
$page->head .= "\n" . '<script type="text/javascript" src="' . common::GetDir('/include/thirdparty/finder/js/finder.js') . '"></script>';
$page->head .= "\n" . '<script type="text/javascript" src="' . common::GetDir('/include/thirdparty/finder/config.js') . '"></script>';
echo '<div id="finder"></div>';
common::LoadComponents('selectable,draggable,droppable,resizable,dialog,slider,button');
//get the finder language
$language = $config['langeditor'];
if ($language == 'inherit') {
$language = $config['language'];
}
$lang_file = '/include/thirdparty/finder/js/i18n/' . $language . '.js';
$lang_full = $dataDir . $lang_file;
if (file_exists($lang_full)) {
$page->head .= "\n" . '<script type="text/javascript" src="' . common::GetDir($lang_file) . '"></script>';
} else {
$language = 'en';
}
$this->finder_opts['lang'] = $language;
$this->finder_opts['customData']['verified'] = common::new_nonce('post', true);
$this->finder_opts['uiOptions'] = array('toolbar' => array(array('back', 'forward', 'up', 'reload'), array('home', 'netmount'), array('mkdir', 'upload'), array('open', 'download', 'getfile'), array('info'), array('quicklook'), array('copy', 'cut', 'paste'), array('rm'), array('duplicate', 'rename', 'edit', 'resize'), array('extract', 'archive'), array('search'), array('view', 'sort'), array('help')), 'tree' => array('openRootOnLoad' => true, 'syncTree' => true), 'navbar' => array('minWidth' => 150, 'maxWidth' => 500), 'cwd' => array('oldSchool' => false));
$this->FinderPrep();
$this->finder_opts = gpPlugin::Filter('FinderOptionsClient', array($this->finder_opts));
gpSettingsOverride('finder_options_client', $this->finder_opts);
$page->head_script .= "\n" . 'var finder_opts = ' . json_encode($this->finder_opts) . ';';
}
public static function getStuff()
{
$config = self::getConfig();
if (common::LoggedIn()) {
if ($config['wysiwygEnabled']) {
global $addonPathCode, $page;
require_once $addonPathCode . "/Renderer.php";
$renderer = new Renderer($config, $addonPathCode . "/lib/parsedown");
print $renderer->render($_REQUEST['content']);
//haha, very secure. NOT!
$nonce_str = 'EasyMark4Life!';
//TODO: sanitize $config stuff
//"stuff" is defined in edit.js
print "<script>";
print "var nonceStr = '" . $nonce_str . "';";
print "var postNonce = '" . common::new_nonce('post', true) . "';";
print "setTimeout(stuff, " . htmlspecialchars($config['wysiwygDelay']) . "*1000);";
print "</script>";
// cleanup old page object
unset($page);
}
} else {
print "Have to be logged in to use this feature";
}
}
function LoginForm()
{
global $langmessage;
$_REQUEST += array('file' => '');
echo '<div id="loginform">';
echo '<div id="login_timeout" class="nodisplay">Log in Timeout: ' . common::Link('Admin', 'Reload to continue...') . '</div>';
echo '<form action="' . common::GetUrl('Admin') . '" method="post" id="login_form">';
echo '<input type="hidden" name="file" value="' . htmlspecialchars($_REQUEST['file']) . '">';
//for redirection
echo '<div>';
echo '<input type="hidden" name="cmd" value="login" />';
echo '<input type="hidden" name="login_nonce" value="' . htmlspecialchars(common::new_nonce('login_nonce', true, 300)) . '" />';
echo '</div>';
echo '<p class="login_text">';
echo '<input type="text" name="username" value="' . htmlspecialchars($_POST['username']) . '" placeholder="' . htmlspecialchars($langmessage['username']) . '" />';
echo '<input type="hidden" name="user_sha" value="" />';
echo '</p>';
echo '<p class="login_text">';
echo '<input type="password" class="password" name="password" value="" placeholder="' . htmlspecialchars($langmessage['password']) . '"/>';
echo '<input type="hidden" name="pass_md5" value="" />';
echo '<input type="hidden" name="pass_sha" value="" />';
echo '<input type="hidden" name="pass_sha512" value="" />';
echo '</p>';
echo '<p>';
echo '<input type="submit" class="login_submit" value="' . $langmessage['login'] . '" />';
echo ' ';
echo common::Link('', $langmessage['cancel']);
echo '</p>';
echo '<p>';
echo '<label>';
echo '<input type="checkbox" name="remember" ' . $this->checked('remember') . '/> ';
echo '<span>' . $langmessage['remember_me'] . '</span>';
echo '</label> ';
echo '<label>';
echo '<input type="checkbox" name="encrypted" ' . $this->checked('encrypted') . '/> ';
echo '<span>' . $langmessage['send_encrypted'] . '</span>';
echo '</label>';
echo '</p>';
echo '<div>';
echo '<label>';
$url = common::GetUrl('Admin', 'cmd=forgotten');
echo sprintf($langmessage['forgotten_password'], $url);
echo '</label>';
echo '</div>';
echo '</form>';
echo '</div>';
}
private function renderContent()
{
if (common::LoggedIn()) {
if ($this->settings['wysiwygEnabled']) {
global $addonPathCode, $page;
require_once $addonPathCode . "/Renderer.php";
$renderer = new Renderer($this->settings, $addonPathCode . "/lib/parsedown");
print $renderer->render($_REQUEST['content']);
//haha, very secure. NOT!
$nonce_str = 'EasyMark4Life!';
//TODO: sanitize $config stuff
//"getPostResponseEasyMark" is defined in edit.js
print "<script>";
print "var postNonce = '" . common::new_nonce('post', true) . "';";
print "setTimeout(gp_editor.getPostResponseEasyMark, " . htmlspecialchars($this->settings['wysiwygDelay']) . "*1000);";
print "</script>";
// cleanup old page object
unset($page);
}
} else {
print "Have to be logged in to use this feature";
}
}
/**
* Prepare and output any inline Javascript for the current page
* @static
*/
static function GetHead_InlineJS()
{
global $page, $linkPrefix, $GP_INLINE_VARS;
ob_start();
if (gpdebugjs) {
if (is_string(gpdebugjs)) {
$GP_INLINE_VARS['debugjs'] = 'send';
} else {
$GP_INLINE_VARS['debugjs'] = true;
}
}
if (common::LoggedIn()) {
$GP_INLINE_VARS += array('isadmin' => true, 'gpBLink' => common::HrefEncode($linkPrefix, false), 'post_nonce' => common::new_nonce('post', true));
gpsession::GPUIVars();
}
if (count($GP_INLINE_VARS) > 0) {
echo 'var ';
$comma = '';
foreach ($GP_INLINE_VARS as $key => $value) {
echo $comma . $key . '=' . json_encode($value);
$comma = ',';
}
echo ';';
}
$inline = ob_get_clean();
if (!empty($inline)) {
echo "\n<script>\n" . $inline . "\n</script>";
}
ob_start();
echo $page->head_script;
if (!empty($page->jQueryCode)) {
echo '$(function(){';
echo $page->jQueryCode;
echo '});';
}
$inline = ob_get_clean();
$inline = ltrim($inline);
if (!empty($inline)) {
echo "\n<script>\n" . $inline . "\n</script>\n";
}
}
static function GetUrl($href = '', $query = '', $ampersands = true, $nonce_action = false)
{
global $linkPrefix, $config;
$filtered = gpPlugin::Filter('GetUrl', array(array($href, $query)));
if (is_array($filtered)) {
list($href, $query) = $filtered;
}
$href = common::SpecialHref($href);
//home page link
if (isset($config['homepath']) && $href == $config['homepath']) {
$href = $linkPrefix;
if (!$_SERVER['gp_rewrite']) {
$href = common::DirName($href);
}
$href = rtrim($href, '/') . '/';
} else {
$href = $linkPrefix . '/' . ltrim($href, '/');
}
$query = common::QueryEncode($query, $ampersands);
if ($nonce_action) {
$nonce = common::new_nonce($nonce_action);
if (!empty($query)) {
$query .= '&';
//in the cases where $ampersands is false, nonces are not used
}
$query .= '_gpnonce=' . $nonce;
}
if (!empty($query)) {
$query = '?' . ltrim($query, '?');
}
return common::HrefEncode($href, $ampersands) . $query;
}
function LoginForm()
{
global $langmessage, $gp_index, $page;
$page->head .= "\n<script type=\"text/javascript\">var IE_LT_8 = false;</script><!--[if lt IE 8]>\n<script type=\"text/javascript\">IE_LT_8=true;</script>\n<![endif]-->";
$page->head_js[] = '/include/js/login.js';
$page->head_js[] = '/include/js/md5_sha.js';
$page->css_admin[] = '/include/css/login.css';
$_POST += array('username' => '');
$page->admin_js = true;
includeFile('tool/sessions.php');
gpsession::cookie('g', 2);
$action = 'Admin_Main';
if (isset($_REQUEST['file']) && isset($gp_index[$_REQUEST['file']])) {
$action = $_REQUEST['file'];
}
echo '<div class="req_script nodisplay" id="login_container">';
echo '<div id="browser_warning" class="nodisplay">';
echo '<div><b>' . $langmessage['Browser Warning'] . '</b></div>';
echo '<p>';
echo $langmessage['Browser !Supported'];
echo '</p>';
echo '<p>';
echo '<a href="http://www.mozilla.com/">Firefox</a>';
echo '<a href="http://www.google.com/chrome">Chrome</a>';
echo '<a href="http://www.apple.com/safari">Safari</a>';
echo '<a href="http://www.microsoft.com/windows/internet-explorer/default.aspx">Explorer</a>';
echo '</p>';
echo '</div>';
echo '<div id="loginform">';
echo '<p><b>' . $langmessage['LOGIN_REQUIRED'] . '</b></p>';
echo '<div id="login_timeout" class="nodisplay">Log in Timeout: ' . common::Link('Admin_Main', 'Reload to continue...') . '</div>';
echo '<form action="' . common::GetUrl($action) . '" method="post" id="login_form">';
echo '<div>';
echo '<input type="hidden" name="cmd" value="login" />';
if (isset($_REQUEST['file']) && isset($gp_index[$_REQUEST['file']])) {
echo '<input type="hidden" name="file" value="' . htmlspecialchars($_REQUEST['file']) . '" />';
}
echo '<input type="hidden" name="login_nonce" value="' . htmlspecialchars(common::new_nonce('login_nonce', true, 300)) . '" />';
echo '</div>';
echo '<label>';
echo $langmessage['username'];
echo '<input type="text" class="login_text" name="username" value="' . htmlspecialchars($_POST['username']) . '" />';
echo '<input type="hidden" name="user_sha" value="" />';
echo '</label>';
echo '<label>';
echo $langmessage['password'];
echo '<input type="password" class="login_text password" name="password" value="" />';
echo '<input type="hidden" name="pass_md5" value="" />';
echo '<input type="hidden" name="pass_sha" value="" />';
echo '</label>';
echo '<input type="submit" class="login_submit" name="aa" value="' . $langmessage['login'] . '" />';
echo '<p>';
echo '<label>';
echo '<input type="checkbox" name="remember" ' . $this->checked('remember') . '/> ';
echo '<span>' . $langmessage['remember_me'] . '</span>';
echo '</label> ';
echo '<label>';
echo '<input type="checkbox" name="encrypted" ' . $this->checked('encrypted') . '/> ';
echo '<span>' . $langmessage['send_encrypted'] . '</span>';
echo '</label>';
echo '</p>';
echo '<p>';
echo '<label>';
$url = common::GetUrl('Admin', 'cmd=forgotten');
echo sprintf($langmessage['forgotten_password'], $url);
echo '</label>';
echo '</p>';
echo '</form>';
echo '</div>';
echo '</div>';
echo '<div class="without_script" id="javascript_warning">';
echo '<p><b>' . $langmessage['JAVASCRIPT_REQ'] . '</b></p>';
echo '<p>';
echo $langmessage['INCOMPAT_BROWSER'];
echo ' ';
echo $langmessage['MODERN_BROWSER'];
echo '</p>';
echo '</div>';
}
/**
* Perform admin only changes to the content buffer
*
*/
function AdminBuffer($buffer)
{
global $gp_random, $wbErrorBuffer, $gp_admin_html;
$nonce = common::new_nonce('post', true);
// Add a generic admin nonce field to each post form
// Admin nonces are also added with javascript if needed
$count = preg_match_all('#<form[^<>]+method=[\'"]post[\'"][^<>]+>#i', $buffer, $matches);
if ($count) {
$matches[0] = array_unique($matches[0]);
foreach ($matches[0] as $match) {
//make sure it's a local action
if (preg_match('#action=[\'"]([^\'"]+)[\'"]#i', $match, $sub_matches)) {
$action = $sub_matches[1];
if (substr($action, 0, 2) === '//') {
continue;
} elseif (strpos($action, '://')) {
continue;
}
}
$replacement = $match . '<span class="nodisplay"><input type="hidden" name="verified" value="' . $nonce . '"/></span>';
$buffer = str_replace($match, $replacement, $buffer);
}
}
//add error notice if there was a fatal error
if (!gpdebug && function_exists('error_get_last')) {
//check for fatal error
$fatal_errors = array(E_ERROR, E_PARSE);
$last_error = error_get_last();
if (is_array($last_error) && in_array($last_error['type'], $fatal_errors)) {
showError($last_error['type'], $last_error['message'], $last_error['file'], $last_error['line'], false);
$buffer .= '<p>An error occurred while generating this page.<p> ' . '<p>If you are the site administrator, you can troubleshoot the problem turning debugging "on" or bypass it by enabling safe mode.</p>' . '<p>More information is available in the <a href="http://docs.gpeasy.com/Main/Troubleshooting">gpEasy documentation</a>.</p>' . common::ErrorBuffer(true, false);
}
}
//add $gp_admin_html to the document
if (strlen($gp_admin_html)) {
$pos = false;
$pos_admin_html = strpos($buffer, 'id="gp_admin_html"');
$pos_body = strpos($buffer, '<body');
if ($pos_admin_html !== false) {
$pos = $pos_admin_html;
} elseif ($pos_body !== false) {
$gp_admin_html = '<div id="gp_admin_html" class="a2">' . $gp_admin_html . '</div>';
$pos = $pos_body;
}
if ($pos !== false) {
$pos = strpos($buffer, '>', $pos);
$buffer = substr_replace($buffer, $gp_admin_html, $pos + 1, 0);
}
}
return $buffer;
}
/**
* Output single comment
*
*/
private function OutputComment($key, $comment)
{
global $langmessage;
echo '<div class="comment_area">';
echo '<p class="name">';
if (SimpleBlogCommon::$data['commenter_website'] == 'nofollow' && !empty($comment['website'])) {
echo '<b><a href="' . $comment['website'] . '" rel="nofollow">' . $comment['name'] . '</a></b>';
} elseif (SimpleBlogCommon::$data['commenter_website'] == 'link' && !empty($comment['website'])) {
echo '<b><a href="' . $comment['website'] . '">' . $comment['name'] . '</a></b>';
} else {
echo '<b>' . $comment['name'] . '</b>';
}
echo ' ';
echo '<span>';
echo strftime(SimpleBlogCommon::$data['strftime_format'], $comment['time']);
echo '</span>';
if (common::LoggedIn()) {
echo ' ';
$attr = 'class="delete gpconfirm" title="' . $langmessage['delete_confirm'] . '" name="postlink" data-nonce= "' . common::new_nonce('post', true) . '"';
echo SimpleBlogCommon::PostLink($this->post_id, $langmessage['delete'], 'cmd=delete_comment&comment_index=' . $key, $attr);
}
echo '</p>';
echo '<p class="comment">';
echo $comment['comment'];
echo '</p>';
echo '</div>';
}
/**
* Perform admin only changes to the content buffer
* This will happen before gpOutput::BufferOut()
*
*/
static function AdminBuffer($buffer)
{
global $wbErrorBuffer, $gp_admin_html;
//check for html document
$html_doc = true;
if (strpos($buffer, '<!-- get_head_placeholder ' . gp_random . ' -->') === false) {
$html_doc = false;
}
// Add a generic admin nonce field to each post form
// Admin nonces are also added with javascript if needed
$count = preg_match_all('#<form[^<>]*method=[\'"]post[\'"][^<>]*>#i', $buffer, $matches);
if ($count) {
$nonce = common::new_nonce('post', true);
$matches[0] = array_unique($matches[0]);
foreach ($matches[0] as $match) {
//make sure it's a local action
if (preg_match('#action=[\'"]([^\'"]+)[\'"]#i', $match, $sub_matches)) {
$action = $sub_matches[1];
if (substr($action, 0, 2) === '//') {
continue;
} elseif (strpos($action, '://')) {
continue;
}
}
$replacement = '<span class="nodisplay"><input type="hidden" name="verified" value="' . $nonce . '"/></span>';
$pos = strpos($buffer, $match) + strlen($match);
$buffer = substr_replace($buffer, $replacement, $pos, 0);
}
}
//add $gp_admin_html to the document
$pos_body = strpos($buffer, '</body');
if ($html_doc && $pos_body) {
$buffer = substr_replace($buffer, "\n<div id=\"gp_admin_html\">" . $gp_admin_html . gpOutput::$editlinks . "</div><div id=\"gp_admin_fixed\"></div>\n", $pos_body, 0);
}
return $buffer;
}
/**
* Show the comment form
*
*/
function CommentForm($showCaptcha = false)
{
$_POST += array('name' => '', 'website' => 'http://', 'comment' => '');
echo '<div class="easy_comment_form">';
echo '<h3>';
echo gpOutput::GetAddonText('Leave Comment');
echo '</h3>';
echo '<form method="post" action="' . common::GetUrl($this->current_title) . '">';
echo '<table>';
echo '<tr>';
echo '<td>';
echo '<div>';
echo gpOutput::GetAddonText('Name');
echo '</div>';
echo '<input type="text" name="name" class="text" value="' . htmlspecialchars($_POST['name']) . '" />';
echo '</td>';
echo '</tr>';
if (!empty($this->config['commenter_website'])) {
echo '<tr>';
echo '<td>';
echo '<div>';
echo gpOutput::GetAddonText('Website');
echo '</div>';
echo '<input type="text" name="website" class="text" value="' . htmlspecialchars($_POST['website']) . '" />';
echo '</td>';
echo '</tr>';
}
echo '<tr>';
echo '<td>';
echo '<div>';
echo gpOutput::GetAddonText('Comment');
echo '</div>';
echo '<textarea name="comment" cols="30" rows="7" >';
echo htmlspecialchars($_POST['comment']);
echo '</textarea>';
echo '</td>';
echo '</tr>';
if ($this->config['comment_captcha'] && gp_recaptcha::isActive()) {
echo '<tr>';
echo '<td>';
echo '<div>';
echo gpOutput::GetAddonText('captcha');
echo '</div>';
gp_recaptcha::Form();
echo '</td></tr>';
}
echo '<tr>';
echo '<td>';
echo '<input type="hidden" name="nonce" value="' . htmlspecialchars(common::new_nonce('easy_comments:' . count($this->comment_data), true)) . '" />';
echo '<input type="hidden" name="cmd" value="easy_comment_add" />';
$html = '<input type="submit" name="" class="submit" value="%s" />';
echo gpOutput::GetAddonText('Add Comment', $html);
echo '</td>';
echo '</tr>';
echo '</table>';
echo '</form>';
echo '</div>';
}
/**
* Prepare and output any inline Javascript for the current page
* @static
*/
function GetHead_InlineJS()
{
global $page, $linkPrefix;
ob_start();
if (gpdebugjs) {
echo 'var debugjs=true;';
}
if (common::LoggedIn()) {
echo 'var isadmin=true';
echo ',gpBLink="' . common::HrefEncode($linkPrefix) . '"';
//here because of index.php
gpsession::GPUIVars();
if (!admin_tools::CanRemoteInstall()) {
echo ',gpRem=false';
}
echo ',post_nonce="' . common::new_nonce('post', true) . '"';
echo ';';
gpOutput::GP_STYLES();
}
echo $page->head_script;
if (!empty($page->jQueryCode)) {
echo '$(function(){';
echo $page->jQueryCode;
echo '});';
}
$inline = ob_get_clean();
if (!empty($inline)) {
echo "\n<script type=\"text/javascript\">/* <![CDATA[ */\n";
echo $inline;
echo "\n/* ]]> */</script>";
}
}
function GetUrl($href = '', $query = '', $ampersands = true, $nonce_action = false)
{
global $linkPrefix, $config, $gp_index;
//translate special pages from key to title
if (!isset($gp_index[$href]) && strpos($href, 'Special_') === 0 && ($index_title = common::IndexToTitle(strtolower($href)))) {
$href = $index_title;
}
//home page link
if (isset($config['homepath']) && $href == $config['homepath']) {
$href = '';
}
//redirects won't work with &
$href = $linkPrefix . '/' . ltrim($href, '/');
if ($ampersands) {
$href = common::Ampersands($href);
$query = common::Ampersands($query);
}
if ($nonce_action) {
$nonce = common::new_nonce($nonce_action);
if (!empty($query)) {
$query .= '&';
//in the cases where $ampersands is false, nonces are not used
}
$query .= '_gpnonce=' . $nonce;
}
if (!empty($query)) {
$query = '?' . ltrim($query, '?');
}
return common::HrefEncode($href) . $query;
}
function ShowForm()
{
global $page, $langmessage, $config;
$attr = '';
if ($this->sent) {
$attr = ' readonly="readonly" ';
}
$_GET += array('name' => '', 'email' => '', 'subject' => '', 'message' => '');
$_POST += array('name' => $_GET['name'], 'email' => $_GET['email'], 'subject' => $_GET['subject'], 'message' => $_GET['message']);
$require_email =& $config['require_email'];
echo '<form class="contactform" action="' . common::GetUrl($page->title) . '" method="post">';
//nonce fields
echo '<div style="display:none !important">';
echo '<input type="hidden" name="contact_nonce" value="' . htmlspecialchars(common::new_nonce('contact_post', true)) . '" />';
echo '<input type="text" name="contact_void" value="" />';
echo '</div>';
echo '<label for="contact_name"><span class="title">';
echo gpOutput::ReturnText('your_name');
echo '</span><input id="contact_name" class="input text" type="text" name="name" value="' . htmlspecialchars($_POST['name']) . '" ' . $attr . ' />';
echo '</label>';
echo '<label for="contact_email"><span class="title">';
echo gpOutput::ReturnText('your_email');
if (strpos($require_email, 'email') !== false) {
echo '*';
}
echo '</span><input id="contact_email" class="input text" type="text" name="email" value="' . htmlspecialchars($_POST['email']) . '" ' . $attr . '/>';
echo '</label>';
echo '<label for="contact_subject"><span class="title">';
echo gpOutput::ReturnText('subject');
if (strpos($require_email, 'none') === false) {
echo '*';
}
echo '</span><input id="contact_subject" class="input text" type="text" name="subject" value="' . htmlspecialchars($_POST['subject']) . '" ' . $attr . '/>';
echo '</label>';
echo '<label for="contact_message">';
echo gpOutput::ReturnText('message');
if (strpos($require_email, 'none') === false) {
echo '*';
}
echo '</label>';
echo '<textarea id="contact_message" name="message" ' . $attr . ' rows="10" cols="10">';
echo htmlspecialchars($_POST['message']);
echo '</textarea>';
gpPlugin::Action('contact_form_pre_captcha');
if (!$this->sent && gp_recaptcha::isActive()) {
echo '<div class="captchaForm">';
echo gpOutput::ReturnText('captcha');
gp_recaptcha::Form();
echo '</div>';
}
if ($this->sent) {
echo gpOutput::ReturnText('message_sent', '%s', 'message_sent');
} else {
echo '<input type="hidden" name="cmd" value="gp_send_message" />';
$key = 'send_message';
$text = gpOutput::SelectText($key);
if (gpOutput::ShowEditLink('Admin_Theme_Content')) {
$query = 'cmd=edittext&key=' . urlencode($key);
echo gpOutput::EditAreaLink($edit_index, 'Admin_Theme_Content', $langmessage['edit'], $query, ' title="' . $key . '" data-cmd="gpabox" ');
echo '<input type="submit" class="submit editable_area" id="ExtraEditArea' . $edit_index . '" name="aaa" value="' . $text . '" />';
} else {
echo '<input type="submit" class="submit" name="aaa" value="' . $text . '" />';
}
}
echo '</form>';
}
