function ajaxpreview($params) { global $gCms; $urlext = '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; $config =& $gCms->GetConfig(); $contentops =& $gCms->GetContentOperations(); $content_type = $params['content_type']; $contentops->LoadContentType($content_type); $contentobj = UnserializeObject($params["serialized_content"]); if (strtolower(get_class($contentobj)) != strtolower($content_type)) { copycontentobj($contentobj, $content_type, $params); } updatecontentobj($contentobj, true, $params); $tmpfname = createtmpfname($contentobj); // str_replace is because of stupid windows machines.... when will they die. $_SESSION['cms_preview'] = str_replace('\\', '/', $tmpfname); $tmpvar = substr(str_shuffle(md5($tmpfname)), -3); $url = $config["root_url"] . '/index.php?' . $config['query_var'] . "=__CMS_PREVIEW_PAGE__&r={$tmpvar}"; // temporary $objResponse = new xajaxResponse(); $objResponse->assign("previewframe", "src", $url); $objResponse->assign("serialized_content", "value", SerializeObject($contentobj)); $count = 0; foreach ($contentobj->TabNames() as $tabname) { $objResponse->script("Element.removeClassName('editab" . $count . "', 'active');Element.removeClassName('editab" . $count . "_c', 'active');\$('editab" . $count . "_c').style.display = 'none';"); $count++; } $objResponse->script("Element.addClassName('edittabpreview', 'active');Element.addClassName('edittabpreview_c', 'active');\$('edittabpreview_c').style.display = '';"); return $objResponse; }
$existingtypes = $contentops->ListContentTypes(); $content_type = ""; if (isset($_POST["content_type"])) { $content_type = $_POST["content_type"]; } else { if (isset($existingtypes) && count($existingtypes) > 0) { $content_type = 'content'; } else { $error = "<p>No content types loaded!</p>"; } } $contentobj = ""; if (isset($_POST["serialized_content"])) { $contentops =& $gCms->GetContentOperations(); $contentops->LoadContentType($_POST['orig_content_type']); $contentobj = UnserializeObject($_POST["serialized_content"]); if (strtolower(get_class($contentobj)) != strtolower($content_type)) { #Fill up the existing object with values in form #Create new object #Copy important fields to new object #Put new object on top of old one copycontentobj($contentobj, $content_type); } } #Get current userid and make sure they have permission to add something $userid = get_userid(); $access = check_ownership($userid, $content_id) || check_permission($userid, 'Modify Any Page') || check_permission($userid, 'Manage All Content'); $adminaccess = $access; if (!$access) { $access = check_authorship($userid, $content_id); }