function delete_test($file) { if (isset($_POST['daconfirm']) and isset($_SESSION["ticket_tiki-tests"])) { key_check('tiki-tests'); // Clean the filename $file = basename($file); if (file_exists("tiki_tests/tests/{$file}")) { return unlink("tiki_tests/tests/{$file}"); } return FALSE; } else { key_get('tiki-tests', tra("You are about to delete a TikiTest file, do you want to continue ?")); } return TRUE; }
public static function disabled($name, $preferences) { $content = tr('Plugin <strong>%0</strong> cannot be executed.', $name); if (Perms::get()->admin) { $smarty = TikiLib::lib('smarty'); $smarty->loadPlugin('smarty_function_preference'); $smarty->loadPlugin('smarty_modifier_escape'); $content .= '<form method="post" action="tiki-admin.php">'; foreach ($preferences as $pref) { $content .= smarty_function_preference(array('name' => $pref), $smarty); } $check = key_get(null, null, null, false); $content .= '<input type="hidden" name="ticket" value="' . $check['ticket'] . '">'; $content .= '<input type="submit" class="btn btn-default btn-sm" value="' . smarty_modifier_escape(tra('Set')) . '">'; $content .= '</form>'; } return self::error(tra('Plugin disabled'), $content); }
} else { $info = array(); $info["title"] = ''; $info["active"] = 'y'; $info["publishDate"] = $tikilib->now; } $smarty->assign('title', $info["title"]); $smarty->assign('active', $info["active"]); $smarty->assign('publishDate', $info["publishDate"]); if (isset($_REQUEST["remove"])) { $area = 'delpoll'; if ($prefs['feature_ticketlib2'] != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); $polllib->remove_poll($_REQUEST["remove"]); } else { key_get($area); } } if (isset($_REQUEST["save"])) { check_ticket('admin-polls'); $publishDate = mktime($_REQUEST["Time_Hour"], $_REQUEST["Time_Minute"], 0, $_REQUEST["Date_Month"], $_REQUEST["Date_Day"], $_REQUEST["Date_Year"]); $pid = $polllib->replace_poll($_REQUEST["pollId"], $_REQUEST["title"], $_REQUEST["active"], $publishDate); $cat_type = 'poll'; $cat_objid = $pid; $cat_desc = substr($_REQUEST["title"], 0, 200); $cat_name = $_REQUEST["title"]; $cat_href = "tiki-poll_results.php?pollId=" . $cat_objid; include_once "categorize.php"; } if (isset($_REQUEST['addPoll']) && !empty($_REQUEST['poll_template']) && !empty($_REQUEST['pages'])) { global $wikilib;
$smarty->assign('msg', tra('Incorrect param')); $smarty->display('error.tpl'); die; } if ($tiki_p_admin_file_galleries != 'y' && (!$user || $gal_info['user'] != $user)) { $smarty->assign('errortype', 401); $smarty->assign('msg', tra('Permission denied you cannot remove this gallery')); $smarty->display('error.tpl'); die; } $area = 'delfilegal'; if ($prefs['feature_ticketlib2'] != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); $filegallib->remove_file_gallery($_REQUEST['removegal'], $galleryId); } else { key_get($area, tra('Remove file gallery: ') . ' ' . $gal_info['name']); } } // Process upload of a file version if (!empty($_FILES)) { check_ticket('fgal'); if ($tiki_p_upload_files != 'y' && $tiki_p_admin_file_galleries != 'y') { $smarty->assign('errortype', 401); $smarty->assign('msg', tra('Permission denied you can upload files but not to this file gallery')); $smarty->display('error.tpl'); die; } $savedir = $prefs['fgal_use_dir']; foreach ($_FILES as $k => $v) { $reg = array(); if (!empty($v['tmp_name']) && is_uploaded_file($v['tmp_name'])) {
/** * @param $page * @param string $errortitle * @param string $errortype * @param bool $enableRedirect * @param string $message */ function display_error($page, $errortitle = "", $errortype = "", $enableRedirect = true, $message = '') { global $smarty, $prefs, $tikiroot, $userlib, $user; require_once 'tiki-setup.php'; // Don't redirect when calls are made for web services if ($enableRedirect && $prefs['feature_redirect_on_error'] == 'y' && !$this->is_machine_request() && $tikiroot . $prefs['tikiIndex'] != $_SERVER['PHP_SELF'] && $page != $userlib->get_user_default_homepage2($user)) { $this->redirect($prefs['tikiIndex']); } $detail = array('code' => $errortype, 'errortitle' => $errortitle, 'message' => $message); if (!isset($errortitle)) { $detail['errortitle'] = tra('unknown error'); } if (empty($message)) { $detail['message'] = $detail['errortitle']; } // Display the template switch ($errortype) { case '404': header("HTTP/1.0 404 Not Found"); $detail['page'] = $page; $detail['message'] .= ' (404)'; break; case '403': header("HTTP/1.0 403 Forbidden"); break; case '503': header("HTTP/1.0 503 Service Unavailable"); break; default: $errortype = (int) $errortype; $title = strip_tags($detail['errortitle']); if (!$errortype) { $errortype = 403; $title = 'Forbidden'; } header("HTTP/1.0 {$errortype} {$title}"); break; } if ($this->is_serializable_request()) { $errorreport = TikiLib::lib('errorreport'); $errorreport->report($errortitle); $errorreport->send_headers(); $this->output_serialized($detail); } elseif ($this->is_xml_http_request()) { $smarty->assign('detail', $detail); $smarty->display('error-ajax.tpl'); } else { if (($errortype == 401 || $errortype == 403) && empty($user) && ($prefs['permission_denied_login_box'] == 'y' || !empty($prefs['permission_denied_url']))) { $_SESSION['loginfrom'] = $_SERVER['REQUEST_URI']; } $smarty->assign('errortitle', $detail['errortitle']); $smarty->assign('msg', $detail['message']); $smarty->assign('errortype', $detail['code']); $check = key_get(null, null, null, false); $smarty->assign('ticket', $check['ticket']); if (isset($detail['page'])) { $smarty->assign('page', $page); } $smarty->display("error.tpl"); } die; }
/** * Checks whether the request was willingly submitted by the user, instead of being triggered by Cross-Site Request Forgery. * This uses random tokens. The first call brings to a request confirmation screen with * a new token in the form. The second call, in the second request, verifies the submitted token matches. * Typical usage: $access->check_authenticity(); * Warning: this mechanism does not allow passing uploaded files ($_FILES). For that, see check_ticket(). * @param string $confirmation_text Text on the confirmation screen. Default: 'Click here to confirm your action' * @access public * @return void */ function check_authenticity($confirmation_text = '') { global $prefs; if ($prefs['feature_ticketlib2'] == 'y') { if (isset($_REQUEST['daconfirm'])) { key_check(); } else { key_get(null, $confirmation_text); } } }
} } if (isset($_REQUEST["action"])) { check_ticket('admin-perms'); if ($_REQUEST["action"] == 'assign') { $userlib->assign_permission_to_group($_REQUEST["perm"], $group); $logslib->add_log('perms', "assigned perm " . $_REQUEST['perm'] . " to group {$group}"); } if ($_REQUEST["action"] == 'remove') { $area = 'delpermassign'; if ($prefs['feature_ticketlib2'] != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); $userlib->remove_permission_from_group($_REQUEST["permission"], $group); $logslib->add_log('perms', "unassigned perm " . $_REQUEST['permission'] . " from group {$group}"); } else { key_get($area, sprintf(tra('Unassign perm %s from group %s'), $_REQUEST['permission'], $group)); } } } $types = $userlib->get_permissions_types(); $smarty->assign('types', $types); $groups = $userlib->get_groups(); $smarty->assign('groups', $groups['data']); if (!isset($_REQUEST["sort_mode"])) { $sort_mode = 'type_asc'; } else { $sort_mode = $_REQUEST["sort_mode"]; } $smarty->assign_by_ref('sort_mode', $sort_mode); if (isset($_REQUEST["find"])) { $find = $_REQUEST["find"];
key_check($area); $userlib->remove_group($_REQUEST["group"]); $logslib->add_log('admingroups', 'removed group ' . $_REQUEST["group"]); unset($_REQUEST['group']); } else { key_get($area, tra('Remove group: ') . $_REQUEST['group']); } } if ($_REQUEST["action"] == 'remove') { $area = 'delgroupperm'; if ($prefs['feature_ticketlib2'] != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); $userlib->remove_permission_from_group($_REQUEST["permission"], $_REQUEST["group"]); $logslib->add_log('admingroups', 'removed permission ' . $_REQUEST["permission"] . ' from group ' . $_REQUEST["group"]); } else { key_get($area, sprintf(tra('Remove permission: %s on %s'), $_REQUEST['permission'], $_REQUEST['group'])); } } } if (isset($_REQUEST['clean'])) { global $cachelib; require_once "lib/cache/cachelib.php"; check_ticket('admin-groups'); $cachelib->invalidate('grouplist'); } if (!isset($_REQUEST["numrows"])) { $numrows = $maxRecords; } else { $numrows = $_REQUEST["numrows"]; } $smarty->assign_by_ref('numrows', $numrows);
$smarty->assign('msg', tra("Incorrect param")); $smarty->display('error.tpl'); die; } if (!($tiki_p_admin_file_galleries == 'y' || $user && ($user == $gal_info['user'] || $user == $removeInfo['user']))) { $smarty->assign('errortype', 401); $smarty->assign('msg', tra("Permission denied you cannot remove files from this gallery")); $smarty->display("error.tpl"); die; } $area = 'delfile'; if ($prefs['feature_ticketlib2'] != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); $filegallib->remove_file($removeInfo, $user, $gal_info); } else { key_get($area, ($removeInfo['archiveId'] ? tra('Remove archive: ') : tra('Remove file gallery: ')) . (!empty($removeInfo['name']) ? $removeInfo['name'] . ' - ' : '') . $removeInfo['filename']); } } if (isset($_REQUEST['delsel_x']) && !empty($_REQUEST['file'])) { check_ticket('list-archives'); foreach (array_values($_REQUEST['file']) as $fileId) { if (!($removeInfo = $filegallib->get_file_info($fileId))) { $smarty->assign('msg', tra("Incorrect param")); $smarty->display('error.tpl'); die; } $filegallib->remove_file($removeInfo, $user, $gal_info); } } // Set display config if (!isset($_REQUEST['maxRecords']) || $_REQUEST['maxRecords'] <= 0) {
$smarty->assign('lm_searchresults', ''); } } else { $smarty->assign('lm_criteria', ''); $smarty->assign('lm_searchresults', ''); $smarty->assign('lm_error', ''); } $smarty->assign('indexNeedsRebuilding', $prefslib->indexNeedsRebuilding()); if (isset($_REQUEST['prefrebuild'])) { $prefslib->rebuildIndex(); header('Location: ' . $base_url . 'tiki-admin.php'); } $admin_icons = array("general" => array('title' => tr('General'), 'description' => tr('Global site configuration, date formats, admin password, etc.'), 'help' => 'General+Admin'), "features" => array('title' => tr('Features'), 'description' => tr('Switches for major features'), 'help' => 'Features+Admin'), "login" => array('title' => tr('Log in'), 'description' => tr('User registration, remember me cookie settings and authentication methods'), 'help' => 'Login+Config'), "community" => array('title' => tr('Community'), 'description' => tr('User specific features and settings'), 'help' => 'Community'), "profiles" => array('title' => tr('Profiles'), 'description' => tr('Repository configuration, browse and apply profiles'), 'help' => 'Profiles'), "look" => array('title' => tr('Look & Feel'), 'description' => tr('Theme selection, layout settings and UI effect controls'), 'help' => 'Look+and+Feel'), "textarea" => array('title' => tr('Editing and Plugins'), 'description' => tr('Text editing settings applicable to many areas. Plugin activation and plugin alias management'), 'help' => 'Text+area'), "module" => array('title' => tr('Modules'), 'description' => tr('Module appearance settings'), 'help' => 'Module'), "metatags" => array('title' => tr('Meta Tags'), 'description' => tr('Information to include in the header of each page'), 'help' => 'Meta+Tags'), "i18n" => array('title' => tr('i18n'), 'description' => tr('Internationalization and localization - multilingual features'), 'help' => 'i18n'), "maps" => array('title' => tr('Maps'), 'description' => tr('Settings and features for maps'), 'help' => 'Maps', 'disabled' => false), "performance" => array('title' => tr('Performance'), 'description' => tr('Server performance settings'), 'help' => 'Performance'), "security" => array('title' => tr('Security'), 'description' => tr('Site security settings'), 'help' => 'Security'), "comments" => array('title' => tr('Comments'), 'description' => tr('Comments settings'), 'help' => 'Comments'), "rss" => array('title' => tr('Feeds'), 'help' => 'Feeds User', 'description' => tr('Outgoing RSS feed setup')), "connect" => array('title' => tr('Connect'), 'help' => 'Connect', 'description' => tr('Tiki Connect - join in!')), "rating" => array('title' => tr('Rating'), 'help' => 'Rating', 'description' => tr('Rating settings'), 'disabled' => $prefs['wiki_simple_ratings'] !== 'y' && $prefs['wiki_comments_simple_ratings'] !== 'y' && $prefs['comments_vote'] !== 'y' && $prefs['rating_advanced'] !== 'y' && $prefs['trackerfield_rating'] !== 'y' && $prefs['article_user_rating'] !== 'y' && $prefs['rating_results_detailed'] !== 'y' && $prefs['rating_smileys'] !== 'y'), "search" => array('title' => tr('Search'), 'description' => tr('Search configuration'), 'help' => 'Search', 'disabled' => $prefs['feature_search'] !== 'y' && $prefs['feature_search_fulltext'] !== 'y'), "wiki" => array('title' => tr('Wiki'), 'disabled' => $prefs['feature_wiki'] != 'y', 'description' => tr('Wiki page settings and features'), 'help' => 'Wiki+Config'), "fgal" => array('title' => tr('File Galleries'), 'disabled' => $prefs['feature_file_galleries'] != 'y', 'description' => tr('Defaults and configuration for file galleries'), 'help' => 'File+Gallery'), "blogs" => array('title' => tr('Blogs'), 'disabled' => $prefs['feature_blogs'] != 'y', 'description' => tr('Settings for blogs'), 'help' => 'Blog'), "gal" => array('title' => tr('Image Galleries'), 'disabled' => $prefs['feature_galleries'] != 'y', 'description' => tr('Defaults and configuration for image galleries (will be phased out in favour of file galleries)'), 'help' => 'Image+Gallery'), "articles" => array('title' => tr('Articles'), 'disabled' => $prefs['feature_articles'] != 'y', 'description' => tr('Settings and features for articles'), 'help' => 'Articles'), "forums" => array('title' => tr('Forums'), 'disabled' => $prefs['feature_forums'] != 'y', 'description' => tr('Settings and features for forums'), 'help' => 'Forum'), "trackers" => array('title' => tr('Trackers'), 'disabled' => $prefs['feature_trackers'] != 'y', 'description' => tr('Settings and features for trackers'), 'help' => 'Trackers'), "polls" => array('title' => tr('Polls'), 'disabled' => $prefs['feature_polls'] != 'y', 'description' => tr('Settings and features for polls'), 'help' => 'Polls'), "calendar" => array('title' => tr('Calendar'), 'disabled' => $prefs['feature_calendar'] != 'y', 'description' => tr('Settings and features for calendars'), 'help' => 'Calendar'), "category" => array('title' => tr('Categories'), 'disabled' => $prefs['feature_categories'] != 'y', 'description' => tr('Settings and features for categories'), 'help' => 'Category'), "workspace" => array('title' => tr('Workspaces'), 'disabled' => $prefs['workspace_ui'] != 'y' && $prefs['feature_areas'] != 'y', 'description' => tr('Configure workspace feature'), 'help' => 'workspace'), "score" => array('title' => tr('Score'), 'disabled' => $prefs['feature_score'] != 'y', 'description' => tr('Values of actions for users rank score'), 'help' => 'Score'), "freetags" => array('title' => tr('Tags'), 'disabled' => $prefs['feature_freetags'] != 'y', 'description' => tr('Settings and features for tags'), 'help' => 'Tags'), "faqs" => array('title' => tr('FAQs'), 'disabled' => $prefs['feature_faqs'] != 'y', 'description' => tr('Settings and features for FAQs'), 'help' => 'FAQ'), "directory" => array('title' => tr('Directory'), 'disabled' => $prefs['feature_directory'] != 'y', 'description' => tr('Settings and features for directory of links'), 'help' => 'Directory'), "copyright" => array('title' => tr('Copyright'), 'disabled' => $prefs['feature_copyright'] != 'y', 'description' => tr('Site-wide copyright information'), 'help' => 'Copyright'), "messages" => array('title' => tr('Messages'), 'disabled' => $prefs['feature_messages'] != 'y', 'description' => tr('Message settings'), 'help' => 'Inter-User+Messages'), "userfiles" => array('title' => tr('User Files'), 'disabled' => $prefs['feature_userfiles'] != 'y', 'description' => tr('User files settings'), 'help' => 'User+Files'), "webmail" => array('title' => tr('Webmail'), 'disabled' => $prefs['feature_webmail'] != 'y', 'description' => tr('Webmail settings'), 'help' => 'Webmail'), "wysiwyg" => array('title' => tr('Wysiwyg'), 'disabled' => $prefs['feature_wysiwyg'] != 'y', 'description' => tr('Options for WYSIWYG editor'), 'help' => 'Wysiwyg'), "ads" => array('title' => tr('Banners'), 'disabled' => $prefs['feature_banners'] != 'y', 'description' => tr('Site advertisements and notices'), 'help' => 'Look+and+Feel'), "intertiki" => array('title' => tr('InterTiki'), 'disabled' => $prefs['feature_intertiki'] != 'y', 'description' => tr('Set up links between Tiki servers'), 'help' => 'InterTiki'), "semantic" => array('title' => tr('Semantic Links'), 'disabled' => $prefs['feature_semantic'] != 'y', 'description' => tr('Manage semantic wiki links'), 'help' => 'Semantic+Admin'), "webservices" => array('title' => tr('Webservices'), 'disabled' => $prefs['feature_webservices'] != 'y', 'description' => tr('Register and manage web services'), 'help' => 'WebServices'), "sefurl" => array('title' => tr('SEF URL'), 'disabled' => $prefs['feature_sefurl'] != 'y' && $prefs['feature_canonical_url'] != 'y', 'description' => tr('Search Engine Friendly URLs'), 'help' => 'Rewrite+Rules'), "video" => array('title' => tr('Video'), 'disabled' => $prefs['feature_kaltura'] != 'y', 'description' => tr('Video integration configuration'), 'help' => 'Kaltura+Config'), "payment" => array('title' => tr('Payment'), 'disabled' => $prefs['payment_feature'] != 'y', 'description' => tr('Payment settings'), 'help' => 'Payment'), "socialnetworks" => array('title' => tr('Social networks'), 'disabled' => $prefs['feature_socialnetworks'] != 'y', 'description' => tr('Configure social networks integration'), 'help' => 'Social+Networks'), "share" => array('title' => tr('Share'), 'disabled' => $prefs['feature_share'] != 'y', 'description' => tr('Configure share feature'), 'help' => 'share')); if (isset($_REQUEST['page'])) { $adminPage = $_REQUEST['page']; $check = key_get(null, null, null, false); $smarty->assign('ticket', $check['ticket']); // Check if the associated incude_*.php file exists. If not, check to see if it might exist in the Addons. // If it exists, include the associated file and generate the ticket. $utilities = new TikiAddons_Utilities(); if (file_exists("admin/include_{$adminPage}.php")) { include_once "admin/include_{$adminPage}.php"; } elseif ($filepath = $utilities->getAddonFilePath("admin/include_{$adminPage}.php")) { include_once $filepath; } $url = 'tiki-admin.php' . '?page=' . $adminPage; if (isset($admin_icons[$adminPage])) { $admin_icon = $admin_icons[$adminPage]; $admintitle = $admin_icon['title']; $description = isset($admin_icon['description']) ? $admin_icon['description'] : ''; $helpUrl = isset($admin_icon['help']) ? $admin_icon['help'] : '';
$area = 'delcategobject'; if ($feature_ticketlib2 != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); $categlib->remove_object_from_category($_REQUEST["removeObject"], $_REQUEST["parentId"]); } else { key_get($area); } } if (isset($_REQUEST["removeCat"])) { $area = "delcateg"; if ($feature_ticketlib2 != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); $categlib->remove_category($_REQUEST["removeCat"]); } else { $confirmation = tra('Click here to delete this category'); key_get($area, $confirmation); } } if (isset($_REQUEST["save"]) && isset($_REQUEST["name"]) && strlen($_REQUEST["name"]) > 0) { check_ticket('admin-categories'); // Save if ($_REQUEST["categId"]) { if ($_REQUEST['parentId'] == $_REQUEST['categId']) { $smarty->assign('msg', tra("Category can`t be parent of itself")); $smarty->display("error.tpl"); die; } $categlib->update_category($_REQUEST["categId"], $_REQUEST["name"], $_REQUEST["description"], $_REQUEST["parentId"]); } else { $newcategId = $categlib->add_category($_REQUEST["parentId"], $_REQUEST["name"], $_REQUEST["description"]); if (isset($_REQUEST['assign_perms'])) {
case 'remove_pages': // Now check permissions to remove the selected pages if ($tiki_p_remove != 'y') { $smarty->assign('errortype', 401); $smarty->assign('msg', tra("Permission denied you cannot remove pages")); $smarty->display("error.tpl"); die; } $area = 'listpages_delete'; if ($prefs['feature_ticketlib2'] != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) { key_check($area); foreach ($_REQUEST["checked"] as $check) { $tikilib->remove_all_versions($check); } } else { key_get($area, '<b>' . tra("Delete those pages:") . '</b><br />' . implode('<br />', $_REQUEST["checked"])); } break; case 'print_pages': if ($prefs['feature_wiki_multiprint'] != 'y') { $smarty->assign('msg', tra("This feature is disabled") . ": feature_wiki_multiprint"); $smarty->display("error.tpl"); die; } foreach ($_REQUEST["checked"] as $check) { if ($tikilib->page_exists($check)) { // Now check permissions to access this page if (!$tikilib->user_has_perm_on_object($user, $check, 'wiki page', 'tiki_p_view')) { $smarty->assign('errortype', 401); $smarty->assign('msg', tra("Permission denied you cannot view this page")); $smarty->display("error.tpl");