function sendMailTrackback($my_trackback) { global $PIVOTX; $cat_weblogs = $PIVOTX['weblogs']->getWeblogsWithCat($PIVOTX['db']->entry['category']); $addr_arr = array(); // Using the same settings as for comments foreach ($cat_weblogs as $this_weblog) { if ($PIVOTX['weblogs']->get($this_weblog, 'comment_sendmail') == 1) { $addr_arr = array_merge($addr_arr, explode(",", $PIVOTX['weblogs']->get($this_weblog, 'comment_emailto'))); } } // make a nice title for the mail.. if (strlen($PIVOTX['db']->entry['title']) > 2) { $title = $PIVOTX['db']->entry['title']; $title = strip_tags($title); } else { $title = substr($PIVOTX['db']->entry['introduction'], 0, 300); $title = strip_tags($title); $title = str_replace("\n", "", $title); $title = str_replace("\r", "", $title); $title = substr($title, 0, 60); } $title = i18n_str_to_utf8($title); // maybe send some mail to authors.. if (count($addr_arr) > 0) { $adminurl = $PIVOTX['paths']['host'] . makeAdminPageLink(); $id = formatDate($my_trackback["date"], "%ye%%month%%day%%hour24%%minute%"); $editlink = $adminurl . "?page=trackbacks&uid=" . $PIVOTX['db']->entry['code']; /* $blocklink = $adminurl."menu=entries&func=edittracks&id=". $PIVOTX['db']->entry['code']. "&blocksingle=".$my_trackback['ip']; */ $body = sprintf(__('"%s" posted the following trackback') . ":", unentify($my_trackback['name'])); $body .= sprintf("\n\n-------------\n"); $body .= sprintf(__('Title') . ": %s\n", $my_trackback['title']); $body .= sprintf(__('URL') . ": %s\n", $my_trackback['url']); $body .= sprintf(__('Excerpt') . ":\n%s", unentify($my_trackback['excerpt'])); $body .= sprintf("\n-------------\n"); $body .= sprintf(__('IP-address') . ": %s\n", $my_trackback['ip']); $body .= sprintf(__('Date') . ": %s\n", $my_trackback['date']); $body .= sprintf("\n" . __('This is a trackback on entry "%s"') . "\n", $title); $body .= sprintf("-------------\n"); $body .= sprintf("%s:\n%s%s\n", __('View this entry'), $PIVOTX['paths']['host'], makeFileLink($PIVOTX['db']->entry, "", "")); $body .= sprintf("\n%s:\n%s\n", __('Edit this trackback'), $editlink); //$body.=sprintf("\n%s:\n%s\n", __('Block this IP'), $blocklink ); $body = i18n_str_to_utf8($body); // pivotxMail encodes the subject and adds the needed headers for UTF-8 $subject = sprintf(__('New trackback on entry "%s"'), $title); $addr_arr = array_unique($addr_arr); foreach ($addr_arr as $addr) { $addr = trim($addr); if (pivotxMail($addr, $subject, $body, $add_header)) { debug("Sent Mail to {$addr} for '" . $my_trackback['name'] . "'"); } else { debug("Failed sending mail to {$addr} for '" . $my_trackback['name'] . "'"); break; } } } }
/** * Check for common misconfigurations, filerights, and whatnot. * */ function checkWarnings() { global $minrequiredphp, $dbversion, $PIVOTX; $this->filelist = array(); // Check if there are any hooks to execute.. $PIVOTX['extensions']->executeHook('before_checkwarnings', $dummy); // We should only check these warnings when logged in.. Whilst displaying // them isn't a direct security problem, we should be careful about // giving Teh scr1ptk1ddi3zz any pointers. if (!$PIVOTX['session']->isLoggedIn()) { return; } if ($PIVOTX['config']->get('dont_check_filerights') != 1) { // Check files in pivotx/db/ $this->_checkFilerights($PIVOTX['paths']['db_path'], "db/", false); if (!empty($this->filelist)) { $this->_makeFileWarning("db/"); } // Check files in pivotx/templates/ $this->_checkFilerights($PIVOTX['paths']['templates_path'], "templates/", true); if (!empty($this->filelist)) { $this->_makeFileWarning("templates/"); } // Check files in pivotx/images/ $this->_checkFilerights($PIVOTX['paths']['upload_base_path'], basename($PIVOTX['paths']['upload_base_path']) . "/", true); if (!empty($this->filelist)) { $this->_makeFileWarning(basename($PIVOTX['paths']['upload_base_path']) . "/"); } } // Check minimum PHP version. if (!checkVersion(phpversion(), $minrequiredphp)) { $thiswarning = sprintf(__("The current version of PHP on the server is %s, which is an older version than PivotX requires (%s). PivotX will most likely not work correctly, until the server is updated to a newer version."), phpversion(), $minrequiredphp); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check Safe Mode if (ini_get('safe_mode') && !$PIVOTX['config']->get('ignore_safe_mode')) { $thiswarning = __("This webserver has safe_mode enabled. This doesn't actually make things any 'safer', just more annoying. Please ask your hosting provider to turn it off. See the documentation for more info: <a href='http://docs.pivotx.net/doku.php?id=dealing_with_safe_mode'>Dealing with safe_mode</a>."); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check PivotX Setup if ((file_exists($PIVOTX['paths']['pivotx_path'] . '../pivotx-setup-safemode.php') || file_exists($PIVOTX['paths']['pivotx_path'] . '../pivotx-setup.php')) && !$PIVOTX['config']->get('ignore_setupscript')) { $thiswarning = __('The PivotX installer script "pivotx-setup.php" is still present in the parent folder. You should be aware that this is a potential security risk. We advise you to remove it, or to set an empty password inside it, so that it can\'t be executed by people with bad intentions.'); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check (old) Pivot Setup - message can't be ignored if (file_exists($PIVOTX['paths']['pivotx_path'] . '../pivot-setup-safemode.php') || file_exists($PIVOTX['paths']['pivotx_path'] . '../pivot-setup.php')) { $thiswarning = __('The old Pivot installer script "pivot-setup.php" is still present in the parent folder. Please remove it immediately since it\'s not used for PivotX and it is a potential security risk.'); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check for erroneous 'canonical_host', but only if we actually use it. // The check can definitely be improved ... if ($PIVOTX['config']->get('dont_add_canonical') == 0) { $canonical_host = $PIVOTX['config']->get('canonical_host'); if ($canonical_host != $PIVOTX['paths']['host']) { $thiswarning = __("You are currently logged in at a different host than your canonical host. " . "If <strong>%s</strong> isn't the canonical host you want, change it on the %s screen."); $link = '<a href="' . makeAdminPageLink('advconfiguration') . '">' . __('Advanced Configuration') . '</a>'; $thiswarning = sprintf($thiswarning, $canonical_host, $link); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } } // Check for 'preferred_admin_location'. if ($PIVOTX['config']->get('preferred_admin_location')) { $request_url = (empty($_SERVER['HTTPS']) ? "http://" : "https://") . $_SERVER['HTTP_HOST'] . str_replace("/index.php", "/", $_SERVER['REQUEST_URI']); $request = parse_url(stripTrailingSlash($request_url)); $preferred_url = str_replace("/index.php", "/", $PIVOTX['config']->get('preferred_admin_location')); $preferred = parse_url(stripTrailingSlash($preferred_url)); if (empty($preferred['scheme'])) { $preferred['scheme'] = "http"; } if ($request['scheme'] != $preferred['scheme'] || $request['host'] != $preferred['host'] || $request['path'] != $preferred['path']) { $thiswarning = __("You are currently logged in at a different location than the preferred one. This might cause problems with wrongly calculated links. Please click here to go to the correct location:"); $thiswarning .= sprintf(" <a href='%s://%s%s/'>%s%s/</a>", $preferred['scheme'], $preferred['host'], $preferred['path'], $preferred['host'], $preferred['path']); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } } /* -- Commented this out for now. Takes up to two seconds for some servers, -- Which is very bad, considering it's called every time on the dashboard page. -- Perhaps move this check to scheduler.php? // Check if we have 'mod rewrite' enabled, but no .htaccess if( ($PIVOTX['config']->get('mod_rewrite')>0) && (!$PIVOTX['config']->get('ignore_modrewrite_check')) && function_exists('get_headers') ) { // Get the headers for a web page that we know always exists $url = $PIVOTX['paths']['host'].$PIVOTX['paths']['site_url']."search/modrewritecheck"; $headers = get_headers($url); // $headers[0] should look like 'HTTP/1.1 200 OK', else give warning if (strpos($headers[0], "200 OK")===false) { $thiswarning = __('\'Mod rewrite\' is enabled, but it seems like the webserver is not set up correctly to serve pages with non-crufty URLs. You should copy the <tt>example.htaccess</tt> from the PivotX distribution to <tt>.htaccess</tt>. Until you\'ve done this, most pages on your site will give a 404-not-found error.'); $this->warnings[] = "<p>". $thiswarning ."</p>"; } } */ // Check if magic_quotes_runtime is enabled - Warning is commented out for now // because we _should_ be able to handle both cases transparently for the user. //if( get_magic_quotes_runtime() && (!$PIVOTX['config']->get('ignore_magic_quotes')) { // $thiswarning = __('Your server has a PHP option set that\'s called "Magic quotes" enabled. This might cause PivotX to run sub-optimally. Look on <a href="http://docs.pivotx.net/doku.php?id=servers_with_magic_quotes">this page</a> to remedy the situation.'); // $this->warnings[] = "<p>". $thiswarning ."</p>"; //} /** * Commented this out. since PivotX doesn't need to write files in a higher * dir than pivotx/, there is no problem with open_basedir.. */ // Check Open Basedir // if( ini_get('open_basedir') ) { // $thiswarning = __("This webserver has open_basedir enabled. You'll have a hard time running PivotX in the current configuration. Please ask your hosting provider to turn it off. See the documentation for more info: <a href='http://docs.pivotx.net/doku.php?id=dealing_with_safe_mode'>Dealing with safe_mode</a>."); // $this->warnings[] = "<p>". $thiswarning ."</p>"; // } // Check Register Globals if (ini_get('register_globals') && !$PIVOTX['config']->get('ignore_register_globals')) { $thiswarning = __("This webserver has register_globals enabled. This is a serious potential security issue. Please ask your hosting provider to turn it off. See the PHP documentation for more info: <a href='http://php.net/register_globals'>Register Globals</a>."); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } $user = $PIVOTX['users']->getUser($PIVOTX['session']->currentUsername()); // Check if the password is properly salted. if ($user['salt'] == "") { $thiswarning = __("Your password is not fully encrypted yet. Please go to %myinfo%, and set your password again."); $link = sprintf("<a href=\"index.php?page=myinfo\">%s</a>", __("My Info")); $thiswarning = str_replace('%myinfo%', $link, $thiswarning); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check if there are any hooks to execute.. $PIVOTX['extensions']->executeHook('after_checkwarnings', $dummy); }
function sendMailComment($temp_comment, $notifications = '') { global $PIVOTX; $cat_weblogs = $PIVOTX['weblogs']->getWeblogsWithCat($PIVOTX['db']->entry['category']); $addr_arr = array(); foreach ($cat_weblogs as $this_weblog) { if ($PIVOTX['weblogs']->get($this_weblog, 'comment_sendmail') == 1) { $addr_arr = array_merge($addr_arr, explode(",", $PIVOTX['weblogs']->get($this_weblog, 'comment_emailto'))); } } // make a nice title for the mail.. if (strlen($PIVOTX['db']->entry['title']) > 2) { $title = $PIVOTX['db']->entry['title']; $title = strip_tags($title); } else { $title = substr($PIVOTX['db']->entry['introduction'], 0, 300); $title = strip_tags($title); $title = str_replace("\n", "", $title); $title = str_replace("\r", "", $title); $title = substr($title, 0, 60); } $title = i18n_str_to_utf8($title); // maybe send some mail to authors.. if (count($addr_arr) > 0) { $adminurl = $PIVOTX['paths']['host'] . makeAdminPageLink(); $id = safeString($temp_comment["name"], TRUE) . "-" . formatDate($temp_comment["date"], "%ye%%month%%day%%hour24%%minute%"); $editlink = $adminurl . "?page=comments&uid=" . $PIVOTX['db']->entry['code']; $approvelink = $adminurl . "?page=comments"; //$deletelink = $adminurl."menu=moderate_comments&".urlencode($id)."=2"; //$blocklink = $adminurl."menu=entries&func=editcomments&id=". $PIVOTX['db']->entry['code']."&blocksingle=".$temp_comment['ip']; $comment = $temp_comment['comment']; // $comment = unentify($comment); $body = sprintf(__('"%s" posted the following comment') . ":\n\n", unentify($temp_comment['name'])); $body .= sprintf("%s", $comment); $body .= sprintf("\n\n-------------\n\n"); $body .= sprintf(__('Name') . ": %s\n", unentify($temp_comment['name'])); $body .= sprintf(__('IP-address') . ": %s\n", $temp_comment['ip']); $body .= sprintf(__('Date') . ": %s\n", $temp_comment['date']); $body .= trim(sprintf(__('Email') . ": %s", $temp_comment['email'])) . "\n"; $body .= trim(sprintf(__('URL') . ": %s\n", $temp_comment['url'])) . "\n"; $body .= sprintf("\n" . __('This is a comment on entry "%s"') . "\n", $title); $body .= $notifications; $body .= sprintf("\n-------------\n\n"); if ($PIVOTX['config']->get('moderate_comments') == 1) { $body .= sprintf(__('Moderate this comment') . ":\n%s\n", $approvelink); // $body.=sprintf("\n".__('Delete this comment').":\n%s\n", $deletelink); } $body .= sprintf("\n%s:\n%s%s\n", __('View this entry'), $PIVOTX['paths']['host'], makeFileLink($PIVOTX['db']->entry, "", "")); $body .= sprintf("\n%s:\n%s%s\n", __('View this comment'), $PIVOTX['paths']['host'], makeFileLink($PIVOTX['db']->entry, "", $id)); $body .= sprintf("\n%s:\n%s\n", __('Edit this comment'), $editlink); //$body.=sprintf("\n%s:\n%s\n", __('Block this IP'), $blocklink ); $body = i18n_str_to_utf8($body); // pivotxMail encodes the subject and adds the needed headers for UTF-8 $subject = sprintf(__('New comment on entry "%s"'), $title); $addr_arr = array_unique($addr_arr); foreach ($addr_arr as $addr) { $addr = trim($addr); if (pivotxMail($addr, $subject, $body, $add_header)) { debug("Sent Mail to {$addr} for '" . $temp_comment['name'] . "'"); } else { debug("Failed sending mail to {$addr} for '" . $temp_comment['name'] . "'"); break; } } } }
/** * Organize a single menu level of the menu structure * * - sorts the level * - applies user-level restrictions * - converts uri's to href's * - removes 'disabled' items * - create 'have_menu' booleans for menu's with subs * * @param array $in menu level (and subs) & @param array $currentuserlevel */ function organizeMenuLevel($in, $currentuserlevel, $path = false, $level = 0) { $out = array(); if (!is_array($path)) { $path = array(); } foreach ($in as $item) { if (isset($item['level']) && $currentuserlevel < $item['level']) { continue; } if (isset($item['disabled']) && $item['disabled']) { continue; } if (!isset($item['href'])) { if ($item['uri'] == 'dashboard') { $item['href'] = makeAdminPageLink(); } else { $item['href'] = makeAdminPageLink($item['uri']); } } if (!isset($item['is_divider'])) { $item['is_divider'] = false; } $all_pages = array(); if (isset($item['uri'])) { $all_pages[] = $item['uri']; } if (isset($item['menu']) && count($item['menu']) > 0) { $item['have_menu'] = true; $item['menu'] = organizeMenuLevel($item['menu'], $currentuserlevel, $item['path'], $level + 1); foreach ($item['menu'] as $i2) { if (isset($i2['uri'])) { $all_pages[] = $i2['uri']; } if (isset($i2['all_pages']) && is_array($i2['all_pages'])) { $all_pages = array_merge($all_pages, $i2['all_pages']); } } } else { $item['have_menu'] = false; } $item['all_pages'] = $all_pages; $out[] = $item; } $highest_sortorder = 1; foreach ($out as $item) { if (!isset($item['sortorder']) && $item['sortorder'] > $highest_sortorder) { $highest_sortorder = $item['sortorder']; } } for ($i = 0; $i < count($out); $i++) { if (!isset($out[$i]['sortorder'])) { $out[$i]['sortorder'] = $highest_sortorder++; } } usort($out, 'compareMenuItem'); return $out; }
/** * Display extension documentation using Textile or Markdown. */ function pageDocumentation() { global $PIVOTX; // Get the filename, extension (markdown or textile) and type (summary or other) $filename = $PIVOTX['paths']['extensions_path'] . $_GET['file']; $basename = makeAdminPageLink('documentation') . "&file=" . dirname($_GET['file']); $extension = strtolower(getExtension($filename)); list($type, $dummy) = explode(".", basename($filename)); if (!file_exists($filename) || $extension != "textile" && $extension != "markdown") { echo "Not a valid filename"; die; } $source = file_get_contents($filename); if ($extension == "markdown") { $html = pivotxMarkdown($source); } else { $html = pivotxTextile($source); } // Find the fist <h1>, to use as title.. But, only for full docs.. if ($type != "summary") { preg_match_all('/<h1>(.*)<\\/h1>/i', $html, $match); if (!empty($match[1][0])) { $PIVOTX['template']->assign('title', strip_tags($match[1][0])); } } // Find links to other pages in the docs, and rewrite them, so that they're parsed into correct links $html = preg_replace('/a href="([a-z0-9_-]*)\\.(markdown|textile)"/', 'a href="' . $basename . '/\\1.\\2"', $html); $PIVOTX['template']->assign('html', $html); // Check for 'toc.markdown' or 'toc.textile', and insert those, if present.. $tocfilename = dirname($filename) . "/toc." . $extension; if (file_exists($tocfilename)) { $toc = file_get_contents($tocfilename); if ($extension == "markdown") { $tochtml = pivotxMarkdown($toc); } else { $tochtml = pivotxTextile($toc); } // Find links to other pages in the docs, and rewrite them, so that they're parsed into correct links $tochtml = preg_replace('/a href="([a-z0-9_-]*)\\.(markdown|textile)"/', 'a href="' . $basename . '/\\1.\\2"', $tochtml); $PIVOTX['template']->assign('toc', $tochtml); } renderTemplate('documentation.tpl'); }
/** * Helper function for __scanFile, to check if the extension has any * documentation. * * @param array $info * @return string * @see Extensions::__scanFile */ function __scanDocumentation($info, $title) { global $PIVOTX; $title = htmlspecialchars($title, ENT_QUOTES, "UTF-8"); $docdir = dirname($PIVOTX['paths']['extensions_path'] . $info['file']) . '/docs/'; if (file_exists($docdir)) { $docurl = str_replace($PIVOTX['paths']['extensions_path'], $PIVOTX['paths']['extensions_url'], $docdir); $pageurl = makeAdminPageLink('documentation'); if (file_exists($docdir . 'summary.markdown')) { $info['description'] .= ' [<a href="' . $pageurl . '&file=' . basename(dirname($docurl)) . '/docs/summary.markdown" class="dialog editor" title="' . $title . '">' . __('quick docs') . '</a>]'; } else { if (file_exists($docdir . 'summary.textile')) { $info['description'] .= ' [<a href="' . $pageurl . '&file=' . basename(dirname($docurl)) . '/docs/summary.textile" class="dialog editor" title="' . $title . '">' . __('quick docs') . '</a>]'; } else { if (file_exists($docdir . 'summary.html')) { $info['description'] .= ' [<a href="' . $docurl . 'summary.html" class="dialog editor" title="' . $title . '">' . __('quick docs') . '</a>]'; } } } if (file_exists($docdir . 'index.markdown')) { $info['description'] .= ' [<a href="' . $pageurl . '&file=' . basename(dirname($docurl)) . '/docs/index.markdown" target="_blank" title="' . $title . '">' . __('full docs') . '</a>]'; } else { if (file_exists($docdir . 'index.textile')) { $info['description'] .= ' [<a href="' . $pageurl . '&file=' . basename(dirname($docurl)) . '/docs/index.textile" target="_blank" title="' . $title . '">' . __('full docs') . '</a>]'; } else { if (file_exists($docdir . 'index.html')) { $info['description'] .= ' [<a href="' . $docurl . 'index.html" target="_blank" title="' . $title . '">' . __('full docs') . '</a>]'; } } } } return $info['description']; }