function pluginNews_button($buttons)
{
if (isset($_REQUEST['pluginNews'])) {
XSRFdefender('pluginNews');
processPlugins();
}
$buttons[] = array('enable' => true, 'button_text' => gettext('Plugin Articles'), 'formname' => 'pluginNews_button', 'action' => '?pluginNews=gen', 'icon' => 'images/add.png', 'title' => gettext('Generate plugin articles'), 'alt' => '', 'hidden' => '<input type="hidden" name="pluginNews" value="gen" />', 'rights' => ADMIN_RIGHTS, 'XSRFTag' => 'pluginNews');
return $buttons;
}
function Troubleshooting_button($buttons)
{
if (isset($_REQUEST['Troubleshooting'])) {
XSRFdefender('Troubleshooting');
processTroubleshooting();
}
$buttons[] = array('enable' => true, 'button_text' => gettext('Troubleshooting Articles'), 'formname' => 'Troubleshooting_button', 'action' => '?Troubleshooting=gen', 'icon' => 'images/add.png', 'title' => gettext('Generate Troubleshooting articles'), 'alt' => '', 'hidden' => '<input type="hidden" name="Troubleshooting" value="gen" />', 'rights' => ADMIN_RIGHTS, 'XSRFTag' => 'Troubleshooting');
return $buttons;
}
function filterDoc_button($buttons)
{
if (isset($_REQUEST['filterDoc'])) {
XSRFdefender('filterDoc');
processFilters();
}
$buttons[] = array('enable' => true, 'button_text' => gettext('Filter Doc Gen'), 'formname' => 'filterDoc_button', 'action' => '?filterDoc=gen', 'icon' => 'images/add.png', 'title' => gettext('Generate filter document'), 'alt' => '', 'hidden' => '<input type="hidden" name="filterDoc" value="gen" />', 'rights' => ADMIN_RIGHTS, 'XSRFTag' => 'filterDoc');
return $buttons;
}
if (isset($_GET['publish'])) {
XSRFdefender('update');
$obj = new ZenpageCategory(sanitize($_GET['titlelink']));
$obj->setShow(sanitize_numeric($_GET['publish']));
$obj->save();
}
if (isset($_GET['save'])) {
XSRFdefender('save_categories');
addCategory($reports);
}
if (isset($_GET['id'])) {
$x = $_zp_zenpage->getCategory(sanitize_numeric($_GET['id']));
$result = new ZenpageCategory($x['titlelink']);
} else {
if (isset($_GET['update'])) {
XSRFdefender('update_categories');
$result = updateCategory($reports);
} else {
$result = new ZenpageCategory('');
}
}
printAdminHeader('news', 'categories');
zp_apply_filter('texteditor_config', '', 'zenpage');
printSortableHead();
zenpageJSCSS();
?>
<script type="text/javascript">
//<!-- <![CDATA[
var deleteCategory = "<?php
echo gettext("Are you sure you want to delete this category? THIS CANNOT BE UNDONE!");
?>
$plugin_author = "Malte Müller (acrylian)";
zp_register_filter('admin_utilities_buttons', 'wordpress_import_button');
function wordpress_import_button($buttons)
{
$buttons[] = array('category' => gettext('Admin'), 'enable' => true, 'button_text' => gettext('Wordpress Importer'), 'formname' => 'wordpress_import.php', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/wordpress_import.php', 'icon' => WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/wordpress_import/wpmini-blue.png', 'title' => gettext('An importer for Wordpress posts and pages to Zenpage.'), 'alt' => '', 'hidden' => '', 'rights' => ADMIN_RIGHTS);
return $buttons;
}
} else {
define('OFFSET_PATH', 3);
require_once dirname(dirname(__FILE__)) . '/admin-globals.php';
if (extensionEnabled('zenpage')) {
require_once dirname(dirname(__FILE__)) . '/' . PLUGIN_FOLDER . '/zenpage/admin-functions.php';
}
admin_securityChecks(NULL, currentRelativeURL());
if (isset($_REQUEST['dbname']) || isset($_REQUEST['dbuser']) || isset($_REQUEST['dbpass']) || isset($_REQUEST['dbhost'])) {
XSRFdefender('wordpress');
}
// some extra functions
function wp_query_full_array($sql, $wpconnection)
{
$result = mysqli_query($wpconnection, $sql) or die(gettext("Query failed : ") . mysqli_error($wpconnection));
if ($result) {
$allrows = array();
while ($row = mysqli_fetch_assoc($result)) {
$allrows[] = $row;
}
return $allrows;
} else {
return false;
}
}
query($sql);
$sql = 'DELETE FROM ' . prefix('menu') . ' WHERE `menuset`="' . $menuset . '" AND `sort_order` LIKE "' . $result['sort_order'] . '/%"';
query($sql);
$reports[] = "<p class='messagebox fade-message'>" . gettext('Menu item deleted') . "</p>";
}
}
if (isset($_GET['deletemenuset'])) {
XSRFdefender('delete_menu');
$sql = 'DELETE FROM ' . prefix('menu') . ' WHERE `menuset`=' . db_quote(sanitize($_GET['deletemenuset']));
query($sql);
$_menu_manager_items = array();
$delmsg = "<p class='messagebox fade-message'>" . sprintf(gettext("Menu set '%s' deleted"), html_encode($_GET['deletemenuset'])) . "</p>";
}
// publish or un-publish page by click
if (isset($_GET['publish'])) {
XSRFdefender('update_menu');
publishItem($_GET['id'], $_GET['show'], $menuset);
}
printAdminHeader('menu');
printSortableHead();
?>
</head>
<body>
<?php
printLogoAndLinks();
?>
<div id="main">
<?php
printTabs();
?>
<div id="content">
$sql = '';
unset($_POST['publish_albums']);
foreach ($_POST as $key => $albumid) {
$key = sanitize_numeric(str_replace('sched_', '', $key));
if (is_numeric($key)) {
$sql .= '`id`="' . sanitize_numeric($key) . '" OR ';
}
}
if (!empty($sql)) {
$sql = substr($sql, 0, -4);
$sql = 'UPDATE ' . prefix('albums') . ' SET `show`="1" WHERE ' . $sql;
query($sql);
}
} else {
if (isset($_POST['publish_images'])) {
XSRFdefender('schedule_content');
unset($_POST['publish_images']);
$sql = '';
foreach ($_POST as $action) {
$i = strrpos($action, '_');
$imageid = sanitize_numeric(substr($action, $i + 1));
switch (substr($action, 0, $i)) {
case 'pub':
if (is_numeric($imageid)) {
$sql .= '`id`="' . $imageid . '" OR ';
}
break;
case 'del':
$rowi = query_single_row('SELECT * FROM ' . prefix('images') . ' WHERE `id`=' . $imageid);
$rowa = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $rowi['albumid']);
$album = new Album($gallery, $rowa['folder']);
// we don't want plugins loaded but we are not setup
require_once dirname(__FILE__) . '/admin-globals.php';
// need the class plugins to handle video, etc.
foreach (getEnabledPlugins() as $extension => $plugin) {
if ($plugin['priority'] & CLASS_PLUGIN) {
require_once $plugin['path'];
}
}
require_once dirname(__FILE__) . '/template-functions.php';
if (isset($_REQUEST['album'])) {
$localrights = ALBUM_RIGHTS;
} else {
$localrights = NULL;
}
admin_securityChecks($localrights, $return = currentRelativeURL());
XSRFdefender('refresh');
$imageid = '';
if (isset($_GET['refresh'])) {
if (isset($_GET['id'])) {
$imageid = sanitize_numeric($_GET['id']);
}
$imageid = $_zp_gallery->garbageCollect(true, true, $imageid);
}
if (isset($_GET['prune'])) {
$type = 'prune&';
$title = gettext('Refresh Database');
$finished = gettext('Finished refreshing the database');
$incomplete = gettext('Database refresh is incomplete');
$allset = gettext("We are all set to refresh the database");
$continue = gettext('Continue refreshing the database.');
} else {
* purge options tab
*
* @author Stephen Billard (sbillard)
*
* Copyright 2014 by Stephen L Billard for use in {@link https://github.com/ZenPhoto20/ZenPhoto20 ZenPhoto20}
*
* @package plugins
* @subpackage admin
*/
// force UTF-8 Ø
define('OFFSET_PATH', 1);
require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php';
admin_securityChecks(OPTIONS_RIGHTS, $return = currentRelativeURL());
$xlate = array('plugins' => gettext('User plugins'), 'zp-core/zp-extensions' => gettext('Extensions'), 'themes' => gettext('Themes'));
if (isset($_POST['purge'])) {
XSRFdefender('purgeOptions');
if (isset($_POST['del'])) {
foreach ($_POST['del'] as $owner) {
$sql = 'DELETE FROM ' . prefix('options') . ' WHERE `creator` LIKE ' . db_quote('%' . basename($owner));
$result = query($sql);
if (preg_match('~^' . THEMEFOLDER . '/~', $owner)) {
if ($owner == THEMEFOLDER . '/') {
$where = ' WHERE `creator` = "' . THEMEFOLDER . '/"';
} else {
$where = ' WHERE `creator` LIKE ' . db_quote('%' . basename($owner) . '/themeoptions.php');
}
$sql = 'DELETE FROM ' . prefix('options') . $where;
$result = query($sql);
} else {
purgeOption('zp_plugin_' . stripSuffix(basename($owner)));
}
} else {
$notify = '&migration_error';
}
header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?page=users&subpage=" . $subpage . $notify);
exitZP();
break;
case 'deleteadmin':
XSRFdefender('deleteadmin');
$adminobj = Zenphoto_Authority::newAdministrator(sanitize($_GET['adminuser']), 1);
zp_apply_filter('save_user', '', $adminobj, 'delete');
$adminobj->remove();
header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?page=users&deleted&subpage=" . $subpage);
exitZP();
break;
case 'saveoptions':
XSRFdefender('saveadmin');
$notify = $returntab = $msg = '';
if (isset($_POST['saveadminoptions'])) {
if (isset($_POST['checkForPostTruncation'])) {
if (isset($_POST['alter_enabled']) || sanitize_numeric($_POST['totaladmins']) > 1 || trim(sanitize($_POST['adminuser0'])) != $_zp_current_admin_obj->getUser() || isset($_POST['0-newuser'])) {
if (!$_zp_current_admin_obj->reset) {
admin_securityChecks(ADMIN_RIGHTS, currentRelativeURL());
}
}
$alter = isset($_POST['alter_enabled']);
$nouser = true;
$returntab = $newuser = false;
for ($i = 0; $i < sanitize_numeric($_POST['totaladmins']); $i++) {
$updated = false;
$error = false;
$userobj = NULL;
<?php
/**
*
* Zenphoto site cloner
*
* @package admin
*/
define('OFFSET_PATH', 4);
require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php';
require_once SERVERPATH . '/' . ZENFOLDER . '/reconfigure.php';
admin_securityChecks(NULL, currentRelativeURL());
XSRFdefender('cloneZenphoto');
$msg = array();
$folder = sanitize($_GET['clonePath']);
$path = str_replace(WEBPATH, '/', SERVERPATH);
$newinstall = trim(str_replace($path, '', $folder), '/') . '/';
if (trim($folder, '/') == SERVERPATH) {
$msg[] = gettext('You attempted to clone to the master install.');
$success = false;
} else {
$success = true;
$targets = array(ZENFOLDER => 'dir', USER_PLUGIN_FOLDER => 'dir', 'index.php' => 'file');
$zplist = $_zp_gallery->getThemes();
foreach ($zplist as $theme => $data) {
$targets[THEMEFOLDER . '/' . $theme] = 'dir';
}
foreach (array(internalToFilesystem('charset_tést'), internalToFilesystem('charset.tést')) as $charset) {
if (file_exists(SERVERPATH . '/' . DATA_FOLDER . '/' . $charset)) {
$targets[DATA_FOLDER . '/' . $charset] = 'file';
}
/** clear the RSScache ***********************************************************/
/******************************************************************************/
/** clear the RSScache ***********************************************************/
/******************************************************************************/
case "clear_rss_cache":
XSRFdefender('clear_cache');
clearRSScache();
$class = 'messagebox';
$msg = gettext('RSS cache cleared.');
break;
/** Reset hitcounters ***********************************************************/
/********************************************************************************/
/** Reset hitcounters ***********************************************************/
/********************************************************************************/
case "reset_hitcounters":
XSRFdefender('hitcounter');
query('UPDATE ' . prefix('albums') . ' SET `hitcounter`= 0');
query('UPDATE ' . prefix('images') . ' SET `hitcounter`= 0');
query('UPDATE ' . prefix('news') . ' SET `hitcounter`= 0');
query('UPDATE ' . prefix('pages') . ' SET `hitcounter`= 0');
query('UPDATE ' . prefix('news_categories') . ' SET `hitcounter`= 0');
query('UPDATE ' . prefix('options') . ' SET `value`= 0 WHERE `name` LIKE "Page-Hitcounter-%"');
query("DELETE FROM " . prefix('plugin_storage') . " WHERE `type` = 'rsshitcounter'");
$class = 'messagebox';
$msg = gettext('All hitcounters have been set to zero');
break;
/** check for update ***********************************************************/
/********************************************************************************/
/** check for update ***********************************************************/
/********************************************************************************/
case 'check_for_update':
break;
case 'height':
$size = $height;
$sr = 1;
$sizedwidth = Round($width / $height * $size);
$sizedheight = $size;
break;
}
$args = array($size, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1, NULL);
$imageurl = getImageProcessorURI($args, $albumname, $imagepart);
$iW = round($sizedwidth * 0.9);
$iH = round($sizedheight * 0.9);
$iX = round($sizedwidth * 0.05);
$iY = round($sizedheight * 0.05);
if (isset($_REQUEST['crop'])) {
XSRFdefender('crop');
$cw = $_REQUEST['w'];
$ch = $_REQUEST['h'];
$cx = $_REQUEST['x'];
$cy = $_REQUEST['y'];
$rw = $width / $sizedwidth;
$rh = $height / $sizedheight;
$cw = round($cw * $rw);
$ch = round($ch * $rh);
$cx = round($cx * $rw);
$cy = round($cy * $rh);
//create a new image with the set cropping
$quality = getOption('full_image_quality');
$rotate = false;
if (zp_imageCanRotate()) {
$rotate = getImageRotation($imgpath);
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?saved');
}
exitZP();
case 'deletecomment':
XSRFdefender('deletecomment');
$id = sanitize_numeric($_GET['id']);
$comment = new Comment($id);
$comment->remove();
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?ndeleted=1');
exitZP();
case 'savecomment':
if (!isset($_POST['id'])) {
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php');
exitZP();
}
XSRFdefender('savecomment');
$id = sanitize_numeric($_POST['id']);
$comment = new Comment($id);
if (isset($_POST['name'])) {
$comment->setName(sanitize($_POST['name'], 3));
}
if (isset($_POST['email'])) {
$comment->setEmail(sanitize($_POST['email'], 3));
}
if (isset($_POST['website'])) {
$comment->setWebsite(sanitize($_POST['website'], 3));
}
$comment->setDateTime(sanitize($_POST['date'], 3));
$comment->setComment(sanitize($_POST['comment'], 1));
$comment->setCustomData($_comment_form_save_post = serialize(getCommentAddress(0)));
$comment->save();
$reports[] = $msg;
}
}
}
if (is_AdminEditPage('newscategory')) {
$tab = 'news';
$_GET['tab'] = 'categories';
if (isset($_GET['save'])) {
XSRFdefender('save');
updateCategory($reports, true);
}
if (isset($_GET['titlelink'])) {
$result = new ZenpageCategory(urldecode(sanitize($_GET['titlelink'])));
} else {
if (isset($_GET['update'])) {
XSRFdefender('update');
$result = updateCategory($reports);
} else {
$result = new ZenpageCategory('');
$result->setShow(1);
}
}
}
printAdminHeader($tab, $result->transient ? gettext('add') : gettext('edit'));
zp_apply_filter('texteditor_config', 'zenpage');
zenpageJSCSS();
datepickerJS();
codeblocktabsJS();
?>
<script type="text/javascript">
//<!-- <![CDATA[
} else {
$albumdir = dirname($folder);
}
if ($albumdir != '/' && $albumdir != '.') {
$albumdir = "&album=" . pathurlencode($albumdir);
} else {
$albumdir = '';
}
} else {
$albumdir = '';
}
header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . "/admin-edit.php?page=edit" . $albumdir . "&ndeleted=" . $nd);
exitZP();
break;
case 'newalbum':
XSRFdefender('newalbum');
$name = sanitize($_GET['name']);
$folder = sanitize($_GET['folder']);
$seoname = seoFriendly($name);
if (empty($folder) || $folder == '/' || $folder == '.') {
$albumdir = '';
$folder = $seoname;
} else {
$albumdir = "&album=" . pathurlencode($folder);
$folder = $folder . '/' . $seoname;
}
$uploaddir = $_zp_gallery->albumdir . internalToFilesystem($folder);
if (is_dir($uploaddir)) {
if ($name != $seoname) {
$name .= ' (' . $seoname . ')';
}
}
}
if (isset($_POST['subpage']) && $_POST['subpage'] == 'object' && count($reports) <= 1) {
header('Location: ' . $result->getLink());
exitZP();
}
} else {
$result = $new('');
}
}
if (isset($_GET['save'])) {
XSRFdefender('save');
$result = $update($reports, true);
}
if (isset($_GET['delete'])) {
XSRFdefender('delete');
$msg = deleteZenpageObj('new' . $new(sanitize($_GET['delete']), 'admin-pages.php'));
if (!empty($msg)) {
$reports[] = $msg;
}
}
/*
* Here we should restart if any action processing has occurred to be sure that everything is
* in its proper state. But that would require significant rewrite of the handling and
* reporting code so is impractical. Instead we will presume that all that needs to be restarted
* is the CMS object.
*/
$_zp_CMS = new CMS();
printAdminHeader($tab, $result->transient ? gettext('add') : gettext('edit'));
zp_apply_filter('texteditor_config', 'zenpage');
zenpageJSCSS();
// force UTF-8 Ø
define('OFFSET_PATH', 3);
require_once dirname(dirname(__FILE__)) . '/admin-globals.php';
require_once dirname(dirname(__FILE__)) . '/template-functions.php';
$button_text = gettext('Pre-Cache Images');
$button_hint = gettext('Finds newly uploaded images that have not been cached and creates the cached version. It also refreshes the numbers above. If you have a large number of images in your gallery you might consider using the pre-cache image link for each album to avoid swamping your browser.');
$button_icon = 'images/cache1.png';
$button_rights = ADMIN_RIGHTS;
$button_XSRFTag = 'cache_images';
if (isset($_REQUEST['album'])) {
$localrights = ALBUM_RIGHTS;
} else {
$localrights = NULL;
}
admin_securityChecks($localrights, $return = currentRelativeURL(__FILE__));
XSRFdefender('cache_images');
function loadAlbum($album)
{
global $gallery, $_zp_current_album, $_zp_current_image;
$subalbums = $album->getAlbums();
$started = false;
$tcount = $count = 0;
foreach ($subalbums as $folder) {
$subalbum = new Album($gallery, $folder);
if (!$subalbum->isDynamic()) {
$tcount = $tcount + loadAlbum($subalbum);
}
}
$theme = $gallery->getCurrentTheme();
$id = 0;
$parent = getUrAlbum($album);
}
}
$report = false;
$publish_albums_list = array();
$publish_images_list = array();
if (isset($_POST['set_defaults'])) {
XSRFdefender('publishContent');
$_zp_gallery->setAlbumPublish((int) isset($_POST['album_default']));
$_zp_gallery->setImagePublish((int) isset($_POST['image_default']));
$_zp_gallery->save();
$report = 'defaults';
} else {
if (isset($_POST['publish'])) {
$action = sanitize($_POST['publish']);
unset($_POST['publish']);
XSRFdefender('publishContent');
switch ($action) {
case 'albums':
unset($_POST['checkAllAuto']);
foreach ($_POST as $key => $albumid) {
$album = newAlbum(postIndexDecode($key));
$album->setShow(1);
$album->save();
}
$report = 'albums';
break;
case 'images':
foreach ($_POST as $action) {
$i = strrpos($action, '_');
$imageid = sanitize_numeric(substr($action, $i + 1));
$rowi = query_single_row('SELECT * FROM ' . prefix('images') . ' WHERE `id`=' . $imageid);
$localrights = ALBUM_RIGHTS;
} else {
$localrights = NULL;
}
admin_securityChecks($localrights, $return = currentRelativeURL());
if (isset($_GET['album'])) {
$folder = sanitize($_GET['album']);
$album = newAlbum($folder);
if (!$album->isMyItem(ALBUM_RIGHTS)) {
if (!zp_apply_filter('admin_managed_albums_access', false, $return)) {
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php');
exitZP();
}
}
if (isset($_GET['saved'])) {
XSRFdefender('save_sort');
if (isset($_POST['ids'])) {
// process bulk actions, not individual image actions.
$action = processImageBulkActions($album);
if (!empty($action)) {
$_GET['bulkmessage'] = $action;
}
} else {
parse_str($_POST['sortableList'], $inputArray);
if (isset($inputArray['id'])) {
$orderArray = $inputArray['id'];
if (!empty($orderArray)) {
foreach ($orderArray as $key => $id) {
$sql = 'UPDATE ' . prefix('images') . ' SET `sort_order`=' . db_quote(sprintf('%03u', $key)) . ' WHERE `id`=' . sanitize_numeric($id);
query($sql);
}
<?php
/**
* Bulk enable/disable of plugins
* @package core
*/
// force UTF-8 Ø
define('OFFSET_PATH', 3);
require_once dirname(dirname(dirname($_SERVER['SCRIPT_FILENAME']))) . "/zp-core/admin-globals.php";
admin_securityChecks(ADMIN_RIGHTS, $return = currentRelativeURL());
XSRFdefender('pluginEnabler');
if (isset($_GET['pluginsRemember'])) {
setOption('pluginEnabler_currentset', serialize(array_keys(getEnabledPlugins())));
$report = gettext('Current enabled plugins remembered');
}
if (isset($_GET['pluginsEnable'])) {
$paths = getPluginFiles('*.php');
$pluginlist = array_keys($paths);
switch ($setting = sanitize_numeric($_GET['pluginsEnable'])) {
case 0:
$report = gettext('Plugins disabled');
break;
case 1:
$report = gettext('Zenphoto plugins enabled');
break;
case 2:
$report = gettext('Remembered plugins enabled');
$savedlist = getSerializedArray(getOption('pluginEnabler_currentset'));
break;
case 3:
$report = gettext('All plugins enabled');
$page = 'edit';
$result = NULL;
$reports = array();
if (isset($_GET['id'])) {
$result = getItem(sanitize($_GET['id']));
}
if (isset($_GET['save'])) {
XSRFdefender('update_menu');
if ($_POST['update']) {
$result = updateMenuItem($reports);
} else {
$result = addItem($reports);
}
}
if (isset($_GET['del'])) {
XSRFdefender('delete_menu');
deleteItem($reports);
}
printAdminHeader('menu', is_array($result) && $result['id'] ? gettext('edit') : gettext('add'));
?>
<link rel="stylesheet" href="../zenpage/zenpage.css" type="text/css" />
<?php
$menuset = checkChosenMenuset();
?>
</head>
<body>
<?php
printLogoAndLinks();
?>
<div id="main">
<?php
$themefiles_to_ext[getSuffix($file)][] = $file;
// array(['php']=>array('file.php', 'image.php'),['css']=>array('style.css'))
} else {
unset($themefiles[$file]);
// $themefile will eventually have all editable files and nothing else
}
}
if (isset($_GET['file'])) {
if (!in_array($themedir . '/' . $_GET['file'], $themefiles)) {
$messages['errorbox'][] = gettext('Cannot edit this file!');
}
$file_to_edit = str_replace('\\', '/', SERVERPATH . '/themes/' . internalToFilesystem($theme) . '/' . sanitize($_GET['file']));
}
// Handle POST that updates a file
if (isset($_POST['action']) && $_POST['action'] == 'edit_file' && $file_to_edit && !isset($messages['errorbox'])) {
XSRFdefender('edit_theme');
$file_content = sanitize($_POST['newcontent'], 0);
$theme = urlencode($theme);
if (is_writeable($file_to_edit)) {
//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
$f = @fopen($file_to_edit, 'w+');
if ($f !== FALSE) {
@fwrite($f, $file_content);
fclose($f);
clearstatcache();
$messages['messagebox fade-message'][] = array(gettext('File updated successfully'), 'notebox');
} else {
$messages['messagebox fade-message'][] = array(gettext('Could not write file. Please check its write permissions'), 'notebox');
}
} else {
$messages['errorbox'][] = gettext('Could not write file. Please check its write permissions');
$admins = $_zp_authority->getAdministrators('all');
$ordered = array();
foreach ($admins as $key => $admin) {
if ($admin['valid']) {
$ordered[$key] = $admin['date'];
}
}
asort($ordered);
$adminordered = array();
foreach ($ordered as $key => $user) {
$adminordered[] = $admins[$key];
}
$msg = NULL;
if (isset($_GET['action'])) {
$action = sanitize($_GET['action']);
XSRFdefender($action);
if ($action == 'expiry') {
foreach ($_POST as $key => $action) {
if (strpos($key, 'r_') === 0) {
$userobj = $_zp_authority->getAnAdmin(array('`id`=' => str_replace('r_', '', postIndexDecode($key))));
if ($userobj) {
switch ($action) {
case 'delete':
$userobj->remove();
break;
case 'disable':
$userobj->setValid(2);
$userobj->save();
break;
case 'enable':
$userobj->setValid(1);
}
if (!isset($_GET['page'])) {
if (array_key_exists('options', $zenphoto_tabs)) {
$_GET['page'] = 'options';
} else {
$_GET['page'] = 'users';
// must be a user with no options rights
}
}
$_current_tab = sanitize($_GET['page'], 3);
/* handle posts */
if (isset($_GET['action'])) {
$action = sanitize($_GET['action']);
$themeswitch = false;
if ($action == 'saveoptions') {
XSRFdefender('saveoptions');
$table = NULL;
$notify = '';
$returntab = '';
$themealbum = $themename = NULL;
/* * * General options ** */
if (isset($_POST['savegeneraloptions'])) {
$returntab = "&tab=general";
$tags = strtolower(sanitize($_POST['allowed_tags'], 0));
$test = "(" . $tags . ")";
$a = parseAllowedTags($test);
if ($a) {
setOption('allowed_tags', $tags);
$notify = '';
} else {
$notify = '?tag_parse_error=' . $a;
<?php
/**
* Use this utility to reset your album thumbnails to either "random" or from an ordered field query
*
* @package admin
*/
define('OFFSET_PATH', 3);
require_once dirname(dirname(__FILE__)) . '/admin-globals.php';
require_once dirname(dirname(__FILE__)) . '/template-functions.php';
$buttonlist[] = array('category' => gettext('Database'), 'enable' => true, 'button_text' => gettext('Reset album thumbs'), 'formname' => 'reset_albumthumbs.php', 'action' => 'utilities/reset_albumthumbs.php', 'icon' => 'images/reset.png', 'title' => gettext('Reset album thumbnails to either random or most recent'), 'alt' => '', 'hidden' => '', 'rights' => MANAGE_ALL_ALBUM_RIGHTS | ADMIN_RIGHTS);
admin_securityChecks(MANAGE_ALL_ALBUM_RIGHTS, $return = currentRelativeURL());
if (isset($_REQUEST['thumbtype']) || isset($_REQUEST['thumbselector'])) {
XSRFdefender('reset_thumbs');
}
$buffer = '';
$webpath = WEBPATH . '/' . ZENFOLDER . '/';
$zenphoto_tabs['overview']['subtabs'] = array(gettext('Thumbs') => '');
printAdminHeader('overview', 'thumbs');
echo '</head>';
?>
<body>
<?php
printLogoAndLinks();
?>
<div id="main">
<?php
printTabs();
?>
<div id="content">
if (isset($_GET['action']) && $_GET['action'] == 'clear_rating') {
if (!zp_loggedin(ADMIN_RIGHTS)) {
// prevent nefarious access to this page.
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php?from=' . currentRelativeURL());
exitZP();
}
require_once dirname(dirname(__FILE__)) . '/admin-functions.php';
if (session_id() == '') {
// force session cookie to be secure when in https
if (secureServer()) {
$CookieInfo = session_get_cookie_params();
session_set_cookie_params($CookieInfo['lifetime'], $CookieInfo['path'], $CookieInfo['domain'], TRUE);
}
session_start();
}
XSRFdefender('clear_rating');
query('UPDATE ' . prefix('images') . ' SET total_value=0, total_votes=0, rating=0, used_ips="" ');
query('UPDATE ' . prefix('albums') . ' SET total_value=0, total_votes=0, rating=0, used_ips="" ');
query('UPDATE ' . prefix('news') . ' SET total_value=0, total_votes=0, rating=0, used_ips="" ');
query('UPDATE ' . prefix('pages') . ' SET total_value=0, total_votes=0, rating=0, used_ips="" ');
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php?action=external&msg=' . gettext('All ratings have been set to <em>unrated</em>.'));
exitZP();
}
}
$plugin_is_filter = 5 | ADMIN_PLUGIN | THEME_PLUGIN;
$plugin_description = gettext("Adds several theme functions to enable images, album, news, or pages to be rated by users. ");
$plugin_author = "Stephen Billard (sbillard) and Malte Müller (acrylian)";
$option_interface = 'jquery_rating';
zp_register_filter('edit_album_utilities', 'jquery_rating::optionVoteStatus');
zp_register_filter('save_album_utilities_data', 'jquery_rating::optionVoteStatusSave');
zp_register_filter('admin_utilities_buttons', 'jquery_rating::rating_purgebutton');
<?php
/**
*
* Collects and analyzes searches
*
* @author Stephen Billard (sbillard)
* @package plugins
*/
define('OFFSET_PATH', 4);
require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php';
admin_securityChecks(OVERVIEW_RIGHTS, currentRelativeURL());
if (isset($_GET['reset'])) {
admin_securityChecks(ADMIN_RIGHTS, currentRelativeURL());
XSRFdefender('search_statistics');
$sql = 'DELETE FROM ' . prefix('plugin_storage') . ' WHERE `type`="search_statistics"';
query($sql);
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/search_statistics/search_analysis.php');
exitZP();
}
$zenphoto_tabs['overview']['subtabs'] = array(gettext('Analysis') => '');
printAdminHeader('overview', 'analysis');
echo '</head>';
$sql = 'SELECT * FROM ' . prefix('plugin_storage') . ' WHERE `type`="search_statistics"';
$data = query($sql);
$ip_maxvalue = $criteria_maxvalue = $criteria_maxvalue_f = $terms_maxvalue = 1;
$results_f = $results = $terms = $sites = array();
$bargraphmaxsize = 400;
$maxiterations = array();
$opChars = array('(', ')', '&', '|', '!', ',');
if ($data) {
if (!empty($admin['email']) && $currentadminuser != $admin['user']) {
$button['enable'] = true;
$button['title'] = gettext('A tool to send e-mails to all registered users who have provided an e-mail address.');
break;
}
}
$buttons[] = $button;
return $buttons;
}
} else {
define('OFFSET_PATH', 3);
chdir(dirname(dirname(__FILE__)));
require_once dirname(dirname(__FILE__)) . '/admin-globals.php';
admin_securityChecks(NULL, currentRelativeURL());
if (isset($_GET['sendmail'])) {
XSRFdefender('mailing_list');
}
$admins = $_zp_authority->getAdministrators();
$zenphoto_tabs['overview']['subtabs'] = array(gettext('Mailing') => '');
printAdminHeader('overview', 'Mailing');
?>
</head>
<body>
<?php
printLogoAndLinks();
?>
<div id="main">
<?php
printTabs();
?>
<div id="content">
}
$action = gettext('Checked tags deleted');
break;
case 'assign':
if (count($tags) > 0) {
foreach ($tags as $tag) {
$sql = 'UPDATE ' . prefix('tags') . ' SET `language`=' . db_quote($language) . ' WHERE `name`=' . db_quote($tag);
query($sql);
}
}
break;
}
}
// tag action
if (isset($_GET['rename'])) {
XSRFdefender('tag_rename');
unset($_POST['XSRFToken']);
foreach ($_POST as $key => $newName) {
if (!empty($newName)) {
$newName = sanitize($newName, 3);
$key = substr($key, 2);
// strip off the 'R_'
$key = postIndexDecode(sanitize($key));
$newtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($newName));
$oldtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($key));
if (is_array($newtag)) {
// there is an existing tag of the same name
$existing = $newtag['id'] != $oldtag['id'];
// but maybe it is actually the original in a different case.
} else {
$existing = false;
