Ejemplo n.º 1
0
 public static function render_page_finished()
 {
     if (self::$page_denied) {
         self::$page_denied = false;
         $null = ob_get_clean();
         // remove page content.
         echo self::$page_denied_message;
         self::$page_denied_message = '';
     } else {
         if (self::$process_editable_page) {
             module_debug::log(array('title' => 'Page Editable', 'file' => 'includes/plugin_security/security.php', 'data' => "User doesn't have edit permissions, time to remove all form elements."));
             self::$process_editable_page = false;
             $editable_content = ob_get_clean();
             //ob_clean();
             //$editable_content = preg_replace('#</?form[^>]*>#imsU','',$editable_content);
             //$editable_content = preg_replace('#<input[^>]*type="submit"[^>]*>#imsU','',$editable_content);
             //$editable_content = preg_replace('#<input[^>]*type="button"[^>]*>#imsU','',$editable_content);
             //$editable_content = preg_replace('#<input[^>]*type="radio"[^>]*>#imsU','',$editable_content);
             //$editable_content = preg_replace('#<input[^>]*type="hidden"[^>]*>#imsU','',$editable_content);
             // check if this is bad: disabling script. eg: file edit screen.
             //$editable_content = preg_replace('#<script[^>]*>.*</script>#imsU','',$editable_content);
             $editable_content = preg_replace('#<a[^>]+ui-icon-help[^>]*>[^<]*</a>#imsU', '', $editable_content);
             $editable_content = preg_replace('#<span[^>]class="button"[^>]*>.*</span>#imsU', '', $editable_content);
             if (preg_match_all('#<input[^>]*type="text"[^>]*>#imsU', $editable_content, $matches)) {
                 foreach ($matches[0] as $match) {
                     if (strpos($match, 'no_permissions') === false) {
                         $replace_with = '';
                         if (preg_match('#value="([^"]*)"#imsU', $match, $value)) {
                             $replace_with = $value[1];
                         }
                         $editable_content = preg_replace('#' . preg_quote($match, '#') . '#msU', $replace_with, $editable_content);
                     }
                 }
             }
             if (preg_match_all('#<input[^>]*type="checkbox"[^>]*>#imsU', $editable_content, $matches)) {
                 foreach ($matches[0] as $match) {
                     if (!strpos($match, 'disabled=')) {
                         if (strpos($match, 'no_permissions') === false) {
                             $replace_with = str_replace('type=', 'disabled="disabled" type=', $match);
                             $editable_content = preg_replace('#' . preg_quote($match, '#') . '#msU', $replace_with, $editable_content);
                         }
                     }
                 }
             }
             if (preg_match_all('#<textarea[^>]*>(.*)</textarea>#imsU', $editable_content, $matches)) {
                 foreach ($matches[0] as $match_key => $match) {
                     if (strpos($match, 'no_permissions') === false) {
                         $replace_with = $matches[1][$match_key];
                         $editable_content = preg_replace('#' . preg_quote($match, '#') . '#msU', $replace_with, $editable_content);
                     }
                 }
             }
             if (preg_match_all('#<select[^>]*>.*</select>#imsU', $editable_content, $matches)) {
                 foreach ($matches[0] as $match_key => $match) {
                     if (strpos($match, 'no_permissions') === false) {
                         // find out which <option> is selected.
                         $replace_with = '';
                         if (preg_match('#<option[^>]*selected[^>]*>(.*)</option>#imsU', $match, $options)) {
                             $replace_with = $options[1];
                         }
                         $editable_content = str_replace($match, $replace_with, $editable_content);
                         //$editable_content = preg_replace('#'.preg_quote($match,'#').'#msU',$replace_with,$editable_content);
                     }
                 }
             }
             // remove all input elements that do not have a class of "no_permissions"
             if (preg_match_all('#<input[^>]*>#imsU', $editable_content, $matches)) {
                 foreach ($matches[0] as $match) {
                     if (strpos($match, 'no_permissions') === false && strpos($match, 'type="text"') === false) {
                         $editable_content = preg_replace('#' . preg_quote($match, '#') . '#imsU', '', $editable_content);
                     }
                 }
             }
             echo $editable_content;
         }
     }
 }