/** * Upgrade.php can be protected for admins only or with a security code * * @return void */ function security_tools_protect_upgrade() { $setting = elgg_get_plugin_setting("secure_upgrade", "security_tools"); // default the upgrade is protected if ($setting == "no") { return; } $pass = false; // check for a security code $code = get_input("code"); if (!empty($code)) { $pass = security_tools_validate_upgrade_code($code); } if (!$pass) { elgg_admin_gatekeeper(); } }
function river_addon_river_page_handler($page) { global $CONFIG; $param = 'friends'; elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); // make a URL segment available in page handler script $page_type = elgg_extract(0, $page, $param); $page_type = preg_replace('[\\W]', '', $page_type); if ($page_type == 'owner') { elgg_gatekeeper(); $page_username = elgg_extract(1, $page, ''); if ($page_username == elgg_get_logged_in_user_entity()->username) { $page_type = 'mine'; } else { elgg_admin_gatekeeper(); set_input('subject_username', $page_username); } } set_input('page_type', $page_type); require_once "{$CONFIG->path}pages/river.php"; return true; }
<?php $plugin_id = get_input('plugin_id'); $plugin = elgg_get_plugin_from_id($plugin_id); $filename = get_input('filename'); elgg_admin_gatekeeper(); _elgg_admin_add_plugin_settings_menu(); elgg_unregister_css('elgg'); elgg_load_js('elgg.admin'); elgg_load_js('jquery.jeditable'); elgg_load_library('elgg:markdown'); $error = false; if (!$plugin) { $error = elgg_echo('admin:plugins:markdown:unknown_plugin'); $body = elgg_view_layout('admin', array('content' => $error, 'title' => $error)); echo elgg_view_page($error, $body, 'admin'); return true; } $text_files = $plugin->getAvailableTextFiles(); if (!array_key_exists($filename, $text_files)) { $error = elgg_echo('admin:plugins:markdown:unknown_file'); } $file = $text_files[$filename]; $file_contents = file_get_contents($file); if (!$file_contents) { $error = elgg_echo('admin:plugins:markdown:unknown_file'); } if ($error) { $title = $error; $body = elgg_view_layout('admin', array('content' => $error, 'title' => $title)); echo elgg_view_page($title, $body, 'admin');
/** * Alias of elgg_admin_gatekeeper() * * Used at the top of a page to mark it as logged in admin or siteadmin only. * * @return void */ function admin_gatekeeper() { elgg_admin_gatekeeper(); }
/** * Formats and serves out markdown files from plugins. * * URLs in format like admin_plugin_text_file/<plugin_id>/filename.ext * * The only valid files are: * * README.txt * * CHANGES.txt * * INSTALL.txt * * COPYRIGHT.txt * * LICENSE.txt * * @param array $pages * @return bool * @access private */ function _elgg_admin_markdown_page_handler($pages) { elgg_admin_gatekeeper(); _elgg_admin_add_plugin_settings_menu(); elgg_set_context('admin'); elgg_unregister_css('elgg'); elgg_load_js('elgg.admin'); elgg_load_js('jquery.jeditable'); elgg_load_library('elgg:markdown'); $plugin_id = elgg_extract(0, $pages); $plugin = elgg_get_plugin_from_id($plugin_id); $filename = elgg_extract(1, $pages); $error = false; if (!$plugin) { $error = elgg_echo('admin:plugins:markdown:unknown_plugin'); $body = elgg_view_layout('admin', array('content' => $error, 'title' => $error)); echo elgg_view_page($error, $body, 'admin'); return true; } $text_files = $plugin->getAvailableTextFiles(); if (!array_key_exists($filename, $text_files)) { $error = elgg_echo('admin:plugins:markdown:unknown_file'); } $file = $text_files[$filename]; $file_contents = file_get_contents($file); if (!$file_contents) { $error = elgg_echo('admin:plugins:markdown:unknown_file'); } if ($error) { $title = $error; $body = elgg_view_layout('admin', array('content' => $error, 'title' => $title)); echo elgg_view_page($title, $body, 'admin'); return true; } $title = $plugin->getManifest()->getName() . ": {$filename}"; $text = Markdown($file_contents); $body = elgg_view_layout('admin', array('content' => '<div class="elgg-markdown">' . $text . '</div>', 'title' => $title)); echo elgg_view_page($title, $body, 'admin'); return true; }
/** * Handle admin pages. Expects corresponding views as admin/section/subsection * * @param array $page Array of pages * * @return bool * @access private */ function _elgg_admin_page_handler($page) { elgg_admin_gatekeeper(); _elgg_admin_add_plugin_settings_menu(); elgg_set_context('admin'); elgg_unregister_css('elgg'); elgg_require_js('elgg/admin'); elgg_load_js('jquery.jeditable'); // default to dashboard if (!isset($page[0]) || empty($page[0])) { $page = array('dashboard'); } // was going to fix this in the page_handler() function but // it's commented to explicitly return a string if there's a trailing / if (empty($page[count($page) - 1])) { array_pop($page); } $vars = array('page' => $page); // special page for plugin settings since we create the form for them if ($page[0] == 'plugin_settings') { if (isset($page[1]) && (elgg_view_exists("settings/{$page[1]}/edit") || elgg_view_exists("plugins/{$page[1]}/settings"))) { $view = 'admin/plugin_settings'; $plugin = elgg_get_plugin_from_id($page[1]); $vars['plugin'] = $plugin; $title = elgg_echo("admin:{$page[0]}"); } else { forward('', '404'); } } else { $view = 'admin/' . implode('/', $page); $title = elgg_echo("admin:{$page[0]}"); if (count($page) > 1) { $title .= ' : ' . elgg_echo('admin:' . implode(':', $page)); } } // gets content and prevents direct access to 'components' views if ($page[0] == 'components' || !($content = elgg_view($view, $vars))) { $title = elgg_echo('admin:unknown_section'); $content = elgg_echo('admin:unknown_section'); } $body = elgg_view_layout('admin', array('content' => $content, 'title' => $title)); echo elgg_view_page($title, $body, 'admin'); return true; }
/** * Take over the groups page handler in some cases * * @param string $hook the name of the hook * @param string $type the type of the hook * @param array $return_value current return value * @param null $params supplied params * * @return void|false */ public static function groups($hook, $type, $return_value, $params) { if (empty($return_value) || !is_array($return_value)) { return; } $resource_loaded = false; $page = elgg_extract('segments', $return_value); switch (elgg_extract(0, $page, 'all')) { case 'all': // prepare tab listing settings group_tools_prepare_listing_settings(); break; case 'suggested': echo elgg_view_resource('group_tools/groups/suggested'); $resource_loaded = true; break; case 'requests': $subpage = elgg_extract('2', $page); if (empty($subpage)) { break; } $guid = elgg_extract('1', $page); if (elgg_view_exists("resources/groups/requests/{$subpage}")) { elgg_push_breadcrumb(elgg_echo('groups'), "groups/all"); echo elgg_view_resource("groups/requests/{$subpage}", ['guid' => $guid]); $resource_loaded = true; } break; case 'mail': echo elgg_view_resource('group_tools/groups/mail', ['group_guid' => (int) elgg_extract('1', $page)]); $resource_loaded = true; break; case 'group_invite_autocomplete': echo elgg_view_resource('group_tools/groups/group_invite_autocomplete'); $resource_loaded = true; break; case 'add': if (group_tools_is_group_creation_limited()) { elgg_admin_gatekeeper(); } break; case 'related': $guid = elgg_extract('1', $page); echo elgg_view_resource('group_tools/groups/related', ['guid' => $guid]); $resource_loaded = true; break; default: // check if we have an old group profile link if (isset($page[0]) && is_numeric($page[0])) { $group = get_entity($page[0]); if ($group instanceof ElggGroup) { register_error(elgg_echo('changebookmark')); forward($group->getURL()); } } break; } // did we want this page? if ($resource_loaded) { // done by resource view return false; } }
/** * Dispatches blog pages. * URLs take the form of * All blogs: blog/all * User's blogs: blog/owner/<username> * Friends' blog: blog/friends/<username> * User's archives: blog/archives/<username>/<time_start>/<time_stop> * Blog post: blog/view/<guid>/<title> * New post: blog/add/<guid> * Edit post: blog/edit/<guid>/<revision> * Preview post: blog/preview/<guid> * Group blog: blog/group/<guid>/all * * Title is ignored * * @todo no archives for all blogs or friends * * @param array $page * @return bool */ function page_handler($page) { elgg_load_library('elgg:blog'); // push all blogs breadcrumb elgg_push_breadcrumb(elgg_echo('blog:blogs'), "blog/all"); if (!isset($page[0])) { $page[0] = 'all'; } $page_type = $page[0]; switch ($page_type) { case 'owner': $user = get_user_by_username($page[1]); if (!$user || !$user->isAdmin()) { forward('', '404'); } $params = blog_get_page_content_list($user->guid); if (!elgg_is_admin_logged_in()) { elgg_unregister_menu_item('title', 'add'); } $params['filter'] = false; // no need for all/mine/friends anymore break; case 'archive': $user = get_user_by_username($page[1]); if (!$user || !$user->isAdmin()) { forward('', '404'); } $params = blog_get_page_content_archive($user->guid, $page[2], $page[3]); break; case 'view': $params = blog_get_page_content_read($page[1]); break; case 'add': elgg_admin_gatekeeper(); $params = blog_get_page_content_edit($page_type, $page[1]); break; case 'edit': elgg_admin_gatekeeper(); $params = blog_get_page_content_edit($page_type, $page[1], $page[2]); break; case 'group': $group_blogs = (int) elgg_get_plugin_setting('group_blog', PLUGIN_ID); if (!$group_blogs) { forward('', '404'); } $group = get_entity($page[1]); if (!elgg_instanceof($group, 'group')) { forward('', '404'); } if (!isset($page[2]) || $page[2] == 'all') { $params = blog_get_page_content_list($page[1]); } else { $params = blog_get_page_content_archive($page[1], $page[3], $page[4]); } if (!elgg_is_admin_logged_in()) { elgg_unregister_menu_item('title', 'add'); } break; case 'all': $params = blog_get_page_content_list(); if (!elgg_is_admin_logged_in()) { elgg_unregister_menu_item('title', 'add'); } $params['filter'] = false; break; default: return false; } if (isset($params['sidebar'])) { $params['sidebar'] .= elgg_view('blog/sidebar', array('page' => $page_type)); } else { $params['sidebar'] = elgg_view('blog/sidebar', array('page' => $page_type)); } $body = elgg_view_layout('content', $params); echo elgg_view_page($params['title'], $body); return true; }