function generate_content(&$title) { global $serendipity; $title = $this->get_config('title', $title); $login_url = $this->get_config('login_url'); $logout_url = $this->get_config('logout_url'); if ($login_url == "") { $login_url = serendipity_currentURL(); } if ($logout_url == "") { $logout_url = serendipity_currentURL(); } if (isset($serendipity['POST']['action']) && !isset($serendipity['POST']['logout']) && !serendipity_userLoggedIn()) { echo '<div class="serendipity_center serendipity_msg_important">' . WRONG_USERNAME_OR_PASSWORD . '</div>'; } elseif (serendipity_userLoggedIn()) { echo '<div class="serendipity_center">' . WELCOME_BACK . ' ' . $_SESSION['serendipityUser'] . '</div>'; echo '<form id="loginform" action="' . $logout_url . '" method="post">'; echo '<input type="hidden" name="serendipity[logout]" value="true" />'; echo '<input type="submit" name="serendipity[action]" value="' . LOGOUT . ' >" />'; $show_entry = false; $show_media = false; if (function_exists('serendipity_checkPermission')) { if (serendipity_checkPermission('adminEntries')) { $show_entry = true; } if (serendipity_checkPermission('adminImages') && serendipity_checkPermission('adminImagesAdd')) { $show_media = true; } } elseif (!$serendipity['no_create']) { $show_entry = true; $show_media = true; } if ($show_entry) { echo '<div class="loginform_link_entry"><a href="' . $serendipity['baseURL'] . 'serendipity_admin.php?serendipity[adminModule]=entries&serendipity[adminAction]=new">' . NEW_ENTRY . '</a></div>'; } if ($show_media) { echo '<div class="loginform_link_media"><a href="' . $serendipity['baseURL'] . 'serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect">' . ADD_MEDIA . '</a></div>'; } echo '</form>'; return true; } // Logout is performed in bundled event plugin! echo '<form id="loginform" action="' . $login_url . '" method="post">'; echo '<fieldset id="loginform_userdata" style="border: none;">'; echo '<label for="username">' . USERNAME . '</label>'; echo '<input id="username" type="text" name="serendipity[user]" value="" />'; echo '<label for="s9ypassw">' . PASSWORD . '</label>'; echo '<input id="s9ypassw" type="password" name="serendipity[pass]" value="" />'; echo '</fieldset>'; echo '<fieldset id="loginform_login" style="border: none;">'; echo '<input id="autologin" type="checkbox" name="serendipity[auto]" /><label for="autologin"> ' . AUTOMATIC_LOGIN . '</label>'; echo '<input type="submit" id="loginform_submit" name="serendipity[action]" value="' . LOGIN . ' >" />'; echo '</fieldset>'; echo '</form>'; if (class_exists('serendipity_event_forgotpassword')) { echo '<div class="forgot_password"><a href="' . $serendipity['baseURL'] . '/serendipity_admin.php?forgotpassword=1">' . PLUGIN_EVENT_FORGOTPASSWORD_LOST_PASSWORD . '</a></div>'; } return true; }
function check() { global $serendipity; if (function_exists('serendipity_checkPermission')) { return serendipity_checkPermission('adminCategories'); } elseif ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) { return false; } else { return true; } }
/** * Approve a comment * * LONG * * @access public * @param int The ID of the comment to approve * @param int The ID of the entry a comment belongs to * @param boolean Whether to force approving a comment despite of its current status * @param boolean If set to true, a comment will be moderated instead of approved. + * @param string The 32 character token [if using token based moderation] * @return boolean Success or failure */ function serendipity_approveComment($cid, $entry_id, $force = false, $moderate = false, $token = false) { global $serendipity; $goodtoken = serendipity_checkCommentToken($token, $cid); /* Get data about the comment, we need this query because this function can be called from anywhere */ /* This also makes sure we are either the author of the comment, or a USERLEVEL_ADMIN */ $sql = "SELECT c.*, e.title, a.email as authoremail, a.mail_comments, e.timestamp AS entry_timestamp, e.last_modified AS entry_last_modified\n FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid)\n WHERE c.id = '" . (int) $cid . "'\n " . (!serendipity_checkPermission('adminEntriesMaintainOthers') && $force !== true && !$goodtoken ? "AND e.authorid = '" . (int) $serendipity['authorid'] . "'" : '') . "\n " . ($force === true ? "" : "AND status = 'pending'"); $rs = serendipity_db_query($sql, true); if ($moderate) { $sql = "UPDATE {$serendipity['dbPrefix']}comments SET status = 'pending' WHERE id = " . (int) $cid; } else { $sql = "UPDATE {$serendipity['dbPrefix']}comments SET status = 'approved' WHERE id = " . (int) $cid; } serendipity_db_query($sql); $field = $rs['type'] == 'NORMAL' ? 'comments' : 'trackbacks'; // Check when the entry was published. If it is older than max_last_modified allows, the last_modified date of that entry // will not be pushed. With this we make sure that an RSS feed will not be updated on a client's reader and marked as new // only because someone made an comment to an old entry. if ($rs['entry_timestamp'] > time() - $serendipity['max_last_modified']) { $lm = time(); } else { $lm = (int) $rs['entry_last_modified']; } $counter_comments = serendipity_db_query("SELECT count(id) AS counter \n FROM {$serendipity['dbPrefix']}comments \n WHERE status = 'approved' \n AND type = 'NORMAL'\n AND entry_id = " . (int) $entry_id . "\n GROUP BY entry_id", true); $counter_tb = serendipity_db_query("SELECT count(id) AS counter \n FROM {$serendipity['dbPrefix']}comments \n WHERE status = 'approved' \n AND (type = 'TRACKBACK' or type = 'PINGBACK')\n AND entry_id = " . (int) $entry_id . "\n GROUP BY entry_id", true); $query = "UPDATE {$serendipity['dbPrefix']}entries \n SET comments = " . (int) $counter_comments['counter'] . ",\n trackbacks = " . (int) $counter_tb['counter'] . ", \n last_modified = " . $lm . " \n WHERE id = " . (int) $entry_id; serendipity_db_query($query); /* It's already approved, don't spam people */ if ($rs === false) { return false; } if (!$moderate) { if ($serendipity['allowSubscriptions'] === 'fulltext') { serendipity_mailSubscribers($entry_id, $rs['author'], $rs['email'], $rs['title'], $rs['authoremail'], $cid, $rs['body']); } elseif (serendipity_db_bool($serendipity['allowSubscriptions'])) { serendipity_mailSubscribers($entry_id, $rs['author'], $rs['email'], $rs['title'], $rs['authoremail'], $cid); } serendipity_plugin_api::hook_event('backend_approvecomment', $rs); } return true; }
/** * Checks whether a user has access to write into a directory * * @access public * @param string Directory to check * @return boolean */ function serendipity_checkDirUpload($dir) { global $serendipity; /* if (serendipity_checkPermission('adminImagesMaintainOthers')) { return true; } */ $allowed = serendipity_ACLGet(0, 'directory', 'write', $dir); $mygroups = serendipity_checkPermission(null, null, true); // Usergroup "0" always means that access is granted. If no array exists, no ACL restrictions have been set and all is fine. if (!is_array($allowed) || isset($allowed[0])) { return true; } if (!is_array($mygroups)) { return true; } foreach ($mygroups as $grpid => $grp) { if (isset($allowed[$grpid])) { return true; break; } } return false; }
if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()) { $config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE); if ((!serendipity_checkPermission('adminUsersEditUserlevel') || !serendipity_checkPermission('adminUsersMaintainOthers')) && (int) $_POST['userlevel'] > $serendipity['serendipityUserlevel']) { echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>'; } elseif (empty($_POST['username'])) { echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . USERCONF_CHECK_USERNAME_ERROR . '</div>'; } elseif (!empty($_POST['password']) && $_POST['check_password'] != $_SESSION['serendipityPassword'] && serendipity_passwordhash($_POST['check_password']) != $_SESSION['serendipityPassword']) { echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . USERCONF_CHECK_PASSWORD_ERROR . '</div>'; } else { $valid_groups = serendipity_getGroups($serendipity['authorid'], true); foreach ($config as $category) { foreach ($category['items'] as $item) { if (in_array('groups', $item['flags'])) { if (serendipity_checkPermission('adminUsersMaintainOthers')) { // Void, no fixing neccessarry } elseif (serendipity_checkPermission('adminUsersMaintainSame')) { if (!is_array($_POST[$item['var']])) { continue; } // Check that no user may assign groups he's not allowed to. foreach ($_POST[$item['var']] as $groupkey => $groupval) { if (in_array($groupval, $valid_groups)) { continue; } elseif ($groupval == 2 && in_array(3, $valid_groups)) { // Admin is allowed to assign users to chief editors continue; } elseif ($groupval == 1 && in_array(2, $valid_groups)) { // Chief is allowed to assign users to editors continue; } unset($_POST[$item['var']][$groupkey]);
/** * Show the list of plugins * * Shows a HTML list of all installed plugins, complete with config/delete/sort order options * * @access public * @param boolean Indicates if event plugins (TRUE) or sidebar plugins (FALSE) shall be shown * @return null */ function show_plugins($event_only = false, $sidebars = null) { global $serendipity; $sql_filter = ''; if (is_array($sidebars)) { foreach ($sidebars as $sidebar) { $up = strtoupper($sidebar); if ($sidebar == 'hide') { $opts[$sidebar] = HIDDEN; } elseif (defined('SIDEBAR_' . $up)) { $opts[$sidebar] = constant('SIDEBAR_' . $up); } elseif (defined($up)) { $opts[$sidebar] = constant($up); } else { $opts[$sidebar] = $up; } $sql_filter .= "AND placement != '" . serendipity_db_escape_string($sidebar) . "' "; } } if (!$event_only) { $sql = "SELECT * from {$serendipity['dbPrefix']}plugins\n WHERE placement != 'event'\n AND placement != 'eventh'\n " . $sql_filter; $invisible_plugins = serendipity_db_query($sql); if (is_array($invisible_plugins)) { $sidebars[] = 'NONE'; $opts['NONE'] = NONE; } } $opts['event'] = PLUGIN_ACTIVE; $opts['eventh'] = PLUGIN_INACTIVE; $data['event_only'] = $event_only; if (!$event_only) { $data['is_first'] = true; } $data['serendipity_setFormToken'] = serendipity_setFormToken(); $data['serendipity_setFormTokenUrl'] = serendipity_setFormToken('url'); /* Block display the plugins per placement location. */ if ($event_only) { $plugin_placements = array('event', 'eventh'); } else { $plugin_placements = $sidebars; } $data['plugin_placements'] = $plugin_placements; static $users = array(); if (empty($users)) { $users = serendipity_fetchUsers('', 'hidden'); } $data['users'] = $users; $i = 0; foreach ($plugin_placements as $plugin_placement) { if (!$event_only && $plugin_placement == 'NONE') { $is_invisible = true; } else { $is_invisible = false; } $data['placement'][$plugin_placement]['ptitle'] = $ptitle = $opts[$plugin_placement]; $data['placement'][$plugin_placement]['pid'] = $pid = $plugin_placement; if ($is_invisible) { $plugins = $invisible_plugins; } else { $plugins = serendipity_plugin_api::enum_plugins($plugin_placement); } if (!is_array($plugins)) { continue; } $sort_idx = 0; foreach ($plugins as $plugin_data) { $i++; $plugin =& serendipity_plugin_api::load_plugin($plugin_data['name'], $plugin_data['authorid']); $key = urlencode($plugin_data['name']); $css_key = 's9ycid' . str_replace('%', '-', $key); $is_plugin_owner = $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'); $is_plugin_editable = $is_plugin_owner || $plugin_data['authorid'] == '0'; $cname = explode(':', $plugin_data['name']); if (!is_object($plugin)) { $name = $title = ERROR . '!'; $desc = ERROR . ': ' . $plugin_data['name']; $can_configure = false; } else { /* query for its name, description and configuration data */ $bag = new serendipity_property_bag(); $plugin->introspect($bag); $name = serendipity_specialchars($bag->get('name')); $desc = '<details class="plugin_data">'; $desc .= '<summary><var class="perm_name">' . $cname[0] . '</var></summary>'; $desc .= '<div class="plugin_desc clearfix">' . serendipity_specialchars($bag->get('description')) . '</div>'; $desc .= '<span class="block_level">' . VERSION . ': ' . $bag->get('version') . '</span>'; $desc .= '</details>'; $title = serendipity_plugin_api::get_plugin_title($plugin, '[' . $name . ']'); if ($bag->is_set('configuration') && ($plugin->protected === FALSE || $plugin_data['authorid'] == '0' || $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'))) { $can_configure = true; } else { $can_configure = false; } } if ($opts === null) { $opts = array('left' => LEFT, 'right' => RIGHT, 'hide' => HIDDEN); } $event_opts = array('event' => PLUGIN_ACTIVE, 'eventh' => PLUGIN_INACTIVE); if ($event_only) { $gopts = $event_opts; } else { $gopts = $opts; } $data['placement'][$plugin_placement]['plugin_data'][$i]['sort_idx'] = $sort_idx; $data['placement'][$plugin_placement]['plugin_data'][$i]['css_key'] = $css_key; $data['placement'][$plugin_placement]['plugin_data'][$i]['is_plugin_editable'] = $is_plugin_editable; $data['placement'][$plugin_placement]['plugin_data'][$i]['is_plugin_owner'] = $is_plugin_owner; $data['placement'][$plugin_placement]['plugin_data'][$i]['name'] = $plugin_data['name']; $data['placement'][$plugin_placement]['plugin_data'][$i]['authorid'] = $plugin_data['authorid']; $data['placement'][$plugin_placement]['plugin_data'][$i]['can_configure'] = $can_configure; $data['placement'][$plugin_placement]['plugin_data'][$i]['key'] = $key; $data['placement'][$plugin_placement]['plugin_data'][$i]['title'] = $title; $data['placement'][$plugin_placement]['plugin_data'][$i]['desc'] = $desc; $data['placement'][$plugin_placement]['plugin_data'][$i]['placement'] = $plugin_data['placement']; $data['placement'][$plugin_placement]['plugin_data'][$i]['gopts'] = $gopts; $sort_idx++; } } $data['total'] = $i; return serendipity_smarty_show('admin/show_plugins.fnc.tpl', $data); }
/** * Check if a member of a group has permissions to execute a plugin * * @param string Pluginname * @param int ID of the group of which the members should be checked * @return boolean */ function serendipity_hasPluginPermissions($plugin, $groupid = null) { static $forbidden = null; global $serendipity; if (empty($serendipity['authorid'])) { return true; } if ($forbidden === null || $groupid !== null && !isset($forbidden[$groupid])) { $forbidden = array(); if ($groupid === null) { $groups = serendipity_checkPermission(null, null, 'all'); } else { $groups = array($groupid => serendipity_fetchGroup($groupid)); } foreach ($groups as $idx => $group) { if ($idx == 'membership') { continue; } foreach ($group as $key => $val) { if (substr($key, 0, 2) == 'f_') { $forbidden[$groupid][$key] = true; } } } } if (isset($forbidden[$groupid]['f_' . $plugin])) { return false; } else { return true; } }
function event_hook($event, &$bag, &$eventData, $addData = null) { global $serendipity; static $is_cache = null; static $use_groups = null; static $use_users = null; static $ext_joins = null; $hooks =& $bag->get('event_hooks'); if ($is_cache === null) { $is_cache = serendipity_db_bool($this->get_config('cache', 'true')); $use_groups = serendipity_db_bool($this->get_config('use_groups')); $use_users = serendipity_db_bool($this->get_config('use_users')); $ext_joins = serendipity_db_bool($this->get_config('use_ext_joins')); } if (isset($hooks[$event])) { switch ($event) { case 'frontend_entryproperties_query': $eventData['and'] = $this->returnQueryCondition($is_cache); return true; break; case 'backend_display': $is_sticky = isset($eventData['properties']['ep_is_sticky']) && serendipity_db_bool($eventData['properties']['ep_is_sticky']) || isset($serendipity['POST']['properties']['is_sticky']) && serendipity_db_bool($serendipity['POST']['properties']['is_sticky']) ? 'checked="checked"' : ''; $no_frontpage = isset($eventData['properties']['ep_no_frontpage']) && serendipity_db_bool($eventData['properties']['ep_no_frontpage']) || isset($serendipity['POST']['properties']['no_frontpage']) && serendipity_db_bool($serendipity['POST']['properties']['no_frontpage']) ? 'checked="checked"' : ''; $hiderss = isset($eventData['properties']['ep_hiderss']) && serendipity_db_bool($eventData['properties']['ep_hiderss']) || isset($serendipity['POST']['properties']['hiderss']) && serendipity_db_bool($serendipity['POST']['properties']['hiderss']) ? 'checked="checked"' : ''; $access_values = array(PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PRIVATE => 'private', PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PUBLIC => 'public', PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBERS => 'member'); if (isset($eventData['properties']['ep_access'])) { $access = $eventData['properties']['ep_access']; } elseif (isset($serendipity['POST']['properties']['access'])) { $access = $serendipity['POST']['properties']['access']; } else { $access = $this->get_config('default_read', 'public'); } if (isset($eventData['properties']['ep_access_groups'])) { $access_groups = explode(';', $eventData['properties']['ep_access_groups']); } elseif (isset($serendipity['POST']['properties']['access_groups'])) { $access_groups = $serendipity['POST']['properties']['access_groups']; } else { $access_groups = array(); } if (isset($eventData['properties']['ep_access_users'])) { $access_users = explode(';', $eventData['properties']['ep_access_users']); } elseif (isset($serendipity['POST']['properties']['access_users'])) { $access_users = $serendipity['POST']['properties']['access_users']; } else { $access_users = array(); } if (isset($eventData['properties']['ep_entrypassword'])) { $password = $eventData['properties']['ep_entrypassword']; } elseif (isset($serendipity['POST']['properties']['entrypassword'])) { $password = $serendipity['POST']['properties']['entrypassword']; } else { $password = ''; } ?> <div class="entryproperties"> <input type="hidden" name="serendipity[propertyform]" value="true" /> <h3><?php echo PLUGIN_EVENT_ENTRYPROPERTIES_TITLE; ?> </h3> <?php $elements = explode(',', $this->get_config('sequence')); foreach ($elements as $element) { $this->showBackend($element, $eventData, $is_sticky, $no_frontpage, $hiderss, $access_values, $access, $password, $use_groups, $access_groups, $use_users, $access_users); } ?> </div> <?php return true; break; case 'backend_maintenance': if ($is_cache && $serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN) { echo '<section id="maintenance_buildcache" class="equal_heights quick_list">'; echo '<h3>' . PLUGIN_EVENT_ENTRYPROPERTY_BUILDCACHE . '</h3>'; echo '<a class="button_link build_cache" href="?serendipity[adminModule]=event_display&serendipity[adminAction]=buildcache" data-delmsg="' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNEXT . '">' . PLUGIN_EVENT_ENTRYPROPERTY_BUILDCACHE . '</a></section>'; } return true; break; case 'backend_import_entry': //TODO: (ph) Maybe handle caching? if (is_array($addData) && !$addData['nl2br']) { $props = array(); $props['no_nl2br'] = 'true'; $this->addProperties($props, $eventData); } break; case 'backend_sidebar_entries_event_display_buildcache': if ($is_cache) { $per_fetch = 25; $page = isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1; $from = ($page - 1) * $per_fetch; $to = $page * $per_fetch; printf('<h2>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNO, $from, $to); $entries = serendipity_fetchEntries(null, true, $per_fetch, false, false, 'timestamp DESC', '', true); $total = serendipity_getTotalEntries(); printf(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_TOTAL . '</h2>', $total); if (is_array($entries)) { echo '<ul class="plainList">'; foreach ($entries as $idx => $entry) { printf('<li>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_BUILDING, $entry['id'], serendipity_specialchars($entry['title'])); $this->updateCache($entry); echo ' ' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHED . '</li>'; } echo '</ul>'; } if ($to < $total) { ?> <script> if (confirm("<?php echo serendipity_specialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNEXT); ?> ")) { location.href = "?serendipity[adminModule]=event_display&serendipity[adminAction]=buildcache&serendipity[page]=<?php echo $page + 1; ?> "; } else { alert("<?php echo serendipity_specialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_ABORTED); ?> "); } </script> <?php } else { echo '<span class="msg_notice"><span class="icon-info-circled"></span>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_DONE . '</span>'; } } return true; break; case 'backend_cache_entries': if (!$is_cache) { return true; } $entries = serendipity_fetchEntries(null, true, $serendipity['fetchLimit'], false, false, 'timestamp DESC', '', true); if (is_array($entries) && !empty($entries)) { foreach ($entries as $idx => $entry) { $this->updateCache($entry); } } return true; break; case 'backend_cache_purge': serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE property LIKE 'ep_cache_%'"); break; case 'backend_entry_presave': if (is_array($serendipity['POST']['properties'])) { $this->applyProperties($serendipity['POST']['properties']); } break; case 'backend_publish': case 'backend_save': if (!isset($eventData['id'])) { return true; } if (!empty($serendipity['POST']['change_author']) && $serendipity['POST']['change_author'] != $eventData['id']) { // Check again if the POSTed value is an author that the current user has "access" to. $avail_users =& $this->getValidAuthors(); $new_authorid = (int) $serendipity['POST']['change_author']; foreach ($avail_users as $user) { if ($new_authorid == $user['authorid']) { serendipity_db_query("UPDATE {$serendipity['dbPrefix']}entries SET authorid = " . $new_authorid . " WHERE id = " . (int) $eventData['id']); } } } if ($is_cache) { // Previous calls to frontend_display used the "no_scramble" atteribute to not tinker with the data. // We now need to call those plugins that have not yet operated before. $to_addData = array('from' => 'entryproperties:' . $event); serendipity_plugin_api::hook_event('frontend_display_cache', $eventData, $to_addData); $serendipity['POST']['properties']['cache_body'] = $eventData['body']; $serendipity['POST']['properties']['cache_extended'] = $eventData['extended']; } if (is_array($serendipity['POST']['properties']['access_groups']) && $serendipity['POST']['properties']['access'] != 'member') { unset($serendipity['POST']['properties']['access_groups']); } if (is_array($serendipity['POST']['properties']['access_users']) && $serendipity['POST']['properties']['access'] != 'member') { unset($serendipity['POST']['properties']['access_users']); } $this->addProperties($serendipity['POST']['properties'], $eventData); return true; break; case 'frontend_configure': if (isset($serendipity['POST']['id']) && empty($serendipity['GET']['id'])) { $serendipity['GET']['id'] =& $serendipity['POST']['id']; $serendipity['GET']['subpage'] =& $serendipity['POST']['subpage']; } break; case 'frontend_entryproperties': $and = $this->returnQueryCondition($is_cache); $q = "SELECT entryid, property, value FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid IN (" . implode(', ', array_keys($addData)) . ") {$and}"; $properties = serendipity_db_query($q); if (!is_array($properties)) { return true; } foreach ($properties as $idx => $row) { $eventData[$addData[$row['entryid']]]['properties'][$row['property']] = $row['value']; } return true; break; case 'entry_display': // PH: This is done after Garvins suggestion to patchup $eventData in case an entry // is in the process of being created. This must be done for the extended properties // to be applied in the preview. if (isset($serendipity['GET']['id']) && isset($eventData[0]['properties']['ep_entrypassword'])) { if ($_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] == md5($eventData[0]['properties']['ep_entrypassword']) || $eventData[0]['properties']['ep_entrypassword'] == $serendipity['POST']['entrypassword']) { // Do not show login form again, once we have first enabled it. $_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] = md5($eventData[0]['properties']['ep_entrypassword']); } else { if (is_array($eventData)) { $eventData['clean_page'] = true; } else { $eventData = array('clean_page' => true); } $this->showPasswordForm = true; } } if ($addData['preview'] && is_array($serendipity['POST']['properties']) && count($serendipity['POST']['properties']) > 0) { $parr = array(); $supported_properties = serendipity_event_entryproperties::getSupportedProperties(); foreach ($supported_properties as $prop_key) { if (isset($serendipity['POST']['properties'][$prop_key])) { $eventData[0]['properties']['ep_' . $prop_key] = $serendipity['POST']['properties'][$prop_key]; } } } break; case 'entries_header': if ($this->showPasswordForm) { echo $this->showPasswordform(); } break; case 'frontend_fetchentries': case 'frontend_fetchentry': $joins = array(); $conds = array(); if (!$ext_joins) { return true; } if ($_SESSION['serendipityAuthedUser'] === true) { $conds[] = " (ep_access.property IS NULL OR ep_access.value = 'member' OR ep_access.value = 'public' OR (ep_access.value = 'private' AND e.authorid = " . (int) $serendipity['authorid'] . ")) "; if ($use_groups) { $mygroups = serendipity_checkPermission(null, null, true); $groupcond = array(); foreach ((array) $mygroups as $mygroup) { $groupcond[] .= "ep_access_groups.value LIKE '%;{$mygroup};%'"; } if (count($groupcond) > 0) { $conds[] = " (ep_access_groups.property IS NULL OR (ep_access.value = 'member' AND (" . implode(' OR ', $groupcond) . ")))"; } } if ($use_users) { $conds[] = " (ep_access_users.property IS NULL OR (ep_access.value = 'member' AND (ep_access_users.value LIKE '%;" . (int) $serendipity['authorid'] . ";%' OR e.authorid = " . (int) $serendipity['authorid'] . "))) "; } } else { $conds[] = " (ep_access.property IS NULL OR ep_access.value = 'public')"; } if (!isset($serendipity['GET']['viewAuthor']) && !isset($serendipity['plugin_vars']['tag']) && !isset($serendipity['GET']['category']) && !isset($serendipity['GET']['adminModule']) && $event == 'frontend_fetchentries' && $addData['source'] != 'search') { $conds[] = " (ep_no_frontpage.property IS NULL OR ep_no_frontpage.value != 'true') "; $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_no_frontpage\n ON (e.id = ep_no_frontpage.entryid AND ep_no_frontpage.property = 'ep_no_frontpage')"; } if (count($conds) > 0) { $cond = implode(' AND ', $conds); if (empty($eventData['and'])) { $eventData['and'] = " WHERE {$cond} "; } else { $eventData['and'] .= " AND {$cond} "; } } $conds = array(); if ((!isset($addData['noSticky']) || $addData['noSticky'] !== true) && !isset($serendipity['skipSticky'])) { $conds[] = 'ep_sticky.value AS orderkey,'; } else { $conds[] = 'e.isdraft AS orderkey,'; } if ($is_cache && (!isset($addData['noCache']) || !$addData['noCache'])) { $conds[] = 'ep_cache_extended.value AS ep_cache_extended,'; $conds[] = 'ep_cache_body.value AS ep_cache_body,'; } $cond = implode("\n", $conds); if (empty($eventData['addkey'])) { $eventData['addkey'] = $cond; } else { $eventData['addkey'] .= $cond; } if ($serendipity['dbType'] == 'postgres') { // PostgreSQL is a bit weird here. Empty columns with NULL or "" content for // orderkey would get sorted on top when using DESC, and only after those // the "true" content would be inserted. Thus we order ASC in postgreSQL, // and silently wonder. Thanks to Nate Johnston for working this out! $cond = 'orderkey ASC'; } else { $cond = 'orderkey DESC'; } if (empty($eventData['orderby'])) { $eventData['orderby'] = $cond; } else { $eventData['orderby'] = $cond . ', ' . $eventData['orderby']; } if ($is_cache && (!isset($addData['noCache']) || !$addData['noCache'])) { $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_cache_extended\n ON (e.id = ep_cache_extended.entryid AND ep_cache_extended.property = 'ep_cache_extended')"; $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_cache_body\n ON (e.id = ep_cache_body.entryid AND ep_cache_body.property = 'ep_cache_body')"; } $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access\n ON (e.id = ep_access.entryid AND ep_access.property = 'ep_access')"; if ($use_groups) { $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access_groups\n ON (e.id = ep_access_groups.entryid AND ep_access_groups.property = 'ep_access_groups')"; } if ($use_users) { $joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access_users\n ON (e.id = ep_access_users.entryid AND ep_access_users.property = 'ep_access_users')"; } if ((!isset($addData['noSticky']) || $addData['noSticky'] !== true) && !isset($serendipity['skipSticky'])) { $joins[] = " LEFT JOIN {$serendipity['dbPrefix']}entryproperties ep_sticky\n ON (e.id = ep_sticky.entryid AND ep_sticky.property = 'ep_is_sticky')"; } $cond = implode("\n", $joins); if (empty($eventData['joins'])) { $eventData['joins'] = $cond; } else { $eventData['joins'] .= $cond; } return true; break; case 'frontend_entries_rss': if (is_array($eventData)) { foreach ($eventData as $idx => $entry) { if (is_array($entry['properties']) && isset($entry['properties']['ep_hiderss']) && $entry['properties']['ep_hiderss']) { unset($eventData[$idx]['body']); unset($eventData[$idx]['extended']); unset($eventData[$idx]['exflag']); } } } return true; break; case 'backend_plugins_new_instance': // This hook will always push the entryproperties plugin as last in queue. // Happens always when a new plugin is added. // This is important because of its caching mechanism! // Fetch maximum sort_order value. This will be the new value of our current plugin. $q = "SELECT MAX(sort_order) as sort_order_max FROM {$serendipity['dbPrefix']}plugins WHERE placement = '" . $addData['default_placement'] . "'"; $rs = serendipity_db_query($q, true, 'num'); // Fetch current sort_order of current plugin. $q = "SELECT sort_order FROM {$serendipity['dbPrefix']}plugins WHERE name = '" . $this->instance . "'"; $cur = serendipity_db_query($q, true, 'num'); // Decrease sort_order of all plugins after current plugin by one. $q = "UPDATE {$serendipity['dbPrefix']}plugins SET sort_order = sort_order - 1 WHERE placement = '" . $addData['default_placement'] . "' AND sort_order > " . intval($cur[0]); serendipity_db_query($q); // Set current plugin as last plugin in queue. $q = "UPDATE {$serendipity['dbPrefix']}plugins SET sort_order = " . intval($rs[0]) . " WHERE name = '" . $this->instance . "'"; serendipity_db_query($q); return true; break; default: return false; break; } } else { return false; } }
</a></li> <?php } if (serendipity_checkPermission('adminImport')) { ?> <li class="serendipitySideBarMenuLink serendipitySideBarMenuUserManagementLinks"><a href="serendipity_admin.php?serendipity[adminModule]=import"><?php echo IMPORT_ENTRIES; ?> </a></li> <li class="serendipitySideBarMenuLink serendipitySideBarMenuUserManagementLinks"><a href="serendipity_admin.php?serendipity[adminModule]=export"><?php echo EXPORT_ENTRIES; ?> </a></li> <?php } if (serendipity_checkPermission('siteConfiguration') || serendipity_checkPermission('blogConfiguration')) { ?> <li class="serendipitySideBarMenuLink serendipitySideBarMenuUserManagementLinks"><a href="serendipity_admin.php?serendipity[adminModule]=integrity"><?php echo INTEGRITY; ?> </a></li> <?php } ?> <?php if ($serendipity['no_create'] !== true) { serendipity_plugin_api::hook_event('backend_sidebar_admin', $serendipity); } ?> <li class="serendipitySideBarMenuFoot serendipitySideBarMenuUserManagement" style="display:none"></li> </ul>
function showMediaLibrary($messages = false, $addvar_check = false) { global $serendipity; if (!serendipity_checkPermission('adminImagesView')) { return; } if (!empty($messages)) { echo '<div class="imageMessage"><ul>'; foreach ($messages as $message) { echo '<li>' . $message . '</li>'; } echo '</ul></div>'; } // After upload, do not show the list to be able to proceed to // media selection. if ($addvar_check && !empty($GLOBALS['image_selector_addvars'])) { return true; } ?> <script type="text/javascript" language="javascript"> <!-- function rename(id, fname) { if(newname = prompt('<?php echo ENTER_NEW_NAME; ?> ' + fname, fname)) { location.href='?<?php echo serendipity_setFormToken('url'); ?> &serendipity[adminModule]=images&serendipity[adminAction]=rename&serendipity[fid]='+ escape(id) + '&serendipity[newname]='+ escape(newname); } } //--> </script> <?php if (!isset($serendipity['thumbPerPage'])) { $serendipity['thumbPerPage'] = 2; } serendipity_displayImageList(isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1, $serendipity['thumbPerPage'], true); }
$totalComments = $sql['total']; $pages = $commentsPerPage == COMMENTS_FILTER_ALL ? 1 : ceil($totalComments / (int) $commentsPerPage); $page = (int) $serendipity['GET']['page']; if ($page == 0 || $page > $pages) { $page = 1; } $linkPrevious = 'serendipity_admin.php?serendipity[adminModule]=comments&serendipity[page]=' . ($page - 1) . $searchString; $linkNext = 'serendipity_admin.php?serendipity[adminModule]=comments&serendipity[page]=' . ($page + 1) . $searchString; $filter_vals = array(10, 20, 50, COMMENTS_FILTER_ALL); if ($commentsPerPage == COMMENTS_FILTER_ALL) { $limit = ''; } else { $limit = serendipity_db_limit_sql(serendipity_db_limit(($page - 1) * (int) $commentsPerPage, (int) $commentsPerPage)); } $sql = serendipity_db_query("SELECT c.*, e.title FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n WHERE 1 = 1 " . ($c_type !== null ? " AND c.type = '{$c_type}' " : '') . $and . (!serendipity_checkPermission('adminEntriesMaintainOthers') ? 'AND e.authorid = ' . (int) $serendipity['authorid'] : '') . "\n ORDER BY c.id DESC {$limit}"); if (serendipity_checkPermission('adminComments')) { ob_start(); # This event has to get send here so the spamblock-plugin can block an author now and the comment_page show that on this pageload serendipity_plugin_api::hook_event('backend_comments_top', $sql); $data['backend_comments_top'] = ob_get_contents(); ob_end_clean(); } $data['commentsPerPage'] = $commentsPerPage; $data['totalComments'] = $totalComments; $data['pages'] = $pages; $data['page'] = $page; $data['linkPrevious'] = $linkPrevious; $data['linkNext'] = $linkNext; $data['searchString'] = $searchString; $data['filter_vals'] = $filter_vals; $data['sql'] = $sql;
/** * event hook: backend_sidebar_entries_event_display_managetags * uses global object array eventData */ function displayManageTags() { global $serendipity; if ($this->get_config('dbversion', 1) != 2) { $this->install(); $this->set_config('dbversion', 2); } $full_permission = serendipity_checkPermission('adminPlugins'); // AFAIS, BY USERLEVEL permission checks are being deprecated if ($serendipity['version'][0] < 2) { ?> <div style="border: 1px solid #000;" class="freetagMenu"> <ul> <?php } else { ?> <h2><?php echo PLUGIN_EVENT_FREETAG_MANAGETAGS; ?> </h2> <div class="freetagMenu"> <ul class="plainList clearfix"> <?php } ?> <li><a class="button_link" href="<?php echo FREETAG_MANAGE_URL; ?> &serendipity[tagview]=all" title="<?php echo PLUGIN_EVENT_FREETAG_MANAGE_ALL; ?> ">ALL</a></li> <li><a class="button_link" href="<?php echo FREETAG_MANAGE_URL; ?> &serendipity[tagview]=leaf" title="<?php echo PLUGIN_EVENT_FREETAG_MANAGE_LEAF; ?> ">LEAF</a></li> <?php if ($full_permission === true) { ?> <li><a class="button_link" href="<?php echo FREETAG_MANAGE_URL; ?> &serendipity[tagview]=entryuntagged" title="<?php echo PLUGIN_EVENT_FREETAG_MANAGE_UNTAGGED; ?> ">NOTAG</a></li> <li><a class="button_link" href="<?php echo FREETAG_MANAGE_URL; ?> &serendipity[tagview]=entryleaf" title="<?php echo PLUGIN_EVENT_FREETAG_MANAGE_LEAFTAGGED; ?> ">LEAFTAG</a></li> <li><a class="button_link" href="<?php echo FREETAG_MANAGE_URL; ?> &serendipity[tagview]=keywords" title="<?php echo PLUGIN_EVENT_FREETAG_KEYWORDS; ?> ">KEYWORD</a></li> <li><a class="button_link" href="<?php echo FREETAG_MANAGE_URL; ?> &serendipity[tagview]=cat2tag" title="<?php echo PLUGIN_EVENT_FREETAG_GLOBALLINKS; ?> ">CAT2TAG</a></li> <li><a class="button_link" href="<?php echo FREETAG_MANAGE_URL; ?> &serendipity[tagview]=tagupdate" onclick="return confirm('<?php echo htmlspecialchars(PLUGIN_EVENT_FREETAG_REBUILD_DESC, ENT_COMPAT, LANG_CHARSET); ?> ');" title="<?php echo PLUGIN_EVENT_FREETAG_REBUILD; ?> ">AUTOTAG</a></li> <li><a class="button_link" href="<?php echo FREETAG_MANAGE_URL; ?> &serendipity[tagview]=cleanupmappings" title="<?php echo PLUGIN_EVENT_FREETAG_MANAGE_CLEANUP; ?> ">CLEAN</a></li> <?php } ?> </ul> </div> <?php if (isset($this->eventData['GET']['tagaction']) && !empty($this->eventData['GET']['tagaction'])) { $this->displayTagAction($full_permission); } // backend menu cases if (isset($this->eventData['GET']['tagview'])) { switch ($this->eventData['GET']['tagview']) { case 'all': // 1 $tags = (array) $this->getAllTags(); $this->displayEditTags($tags); break; case 'leaf': // 2 $tags = (array) $this->getLeafTags(); $this->displayEditTags($tags); break; case 'entryuntagged': // 3 if ($full_permission === true) { $this->displayUntaggedEntries(); } break; case 'entryleaf': // 4 if ($full_permission === true) { $this->displayLeafTaggedEntries(); } break; case 'keywords': // 5 if ($full_permission === true) { $tags = (array) $this->getAllTags(); $this->displayKeywordAssignment($tags); } break; case 'cat2tag': // 6 if ($full_permission === true) { $this->displayCategoryToTags(); } break; case 'tagupdate': // 7 if ($full_permission === true) { break; } if (!serendipity_db_bool($this->get_config('keyword2tag', 'false'))) { echo '<span class="msg_notice"><span class="icon-info-circled"></span>The option "' . PLUGIN_EVENT_FREETAG_KEYWORDS . '" is not set!</span>' . "\n"; // i18n? break; } $this->displayTagUpdate(); break; case 'cleanupmappings': // 8 if ($full_permission === true) { $this->cleanupTagAssignments(); } break; default: if (!empty($this->eventData['GET']['tagview'])) { echo '<span class="msg_notice"><span class="icon-info-circled"></span> ' . "Can't execute tagview</span>\n"; } break; } } return true; }
/* Paging */ $sql = serendipity_db_query("SELECT COUNT(*) AS total FROM {$serendipity['dbPrefix']}comments c WHERE 1 = 1 " . ($c_type !== null ? " AND c.type = '{$c_type}' " : '') . $and, true); $totalComments = $sql['total']; $pages = $commentsPerPage == COMMENTS_FILTER_ALL ? 1 : ceil($totalComments / (int) $commentsPerPage); $page = (int) $serendipity['GET']['page']; if ($page == 0 || $page > $pages) { $page = 1; } $linkPrevious = 'serendipity_admin.php?serendipity[adminModule]=comments&serendipity[page]=' . ($page - 1) . $searchString; $linkNext = 'serendipity_admin.php?serendipity[adminModule]=comments&serendipity[page]=' . ($page + 1) . $searchString; if ($commentsPerPage == COMMENTS_FILTER_ALL) { $limit = ''; } else { $limit = serendipity_db_limit_sql(serendipity_db_limit(($page - 1) * (int) $commentsPerPage, (int) $commentsPerPage)); } $sql = serendipity_db_query("SELECT c.*, e.title FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n WHERE 1 = 1 " . ($c_type !== null ? " AND c.type = '{$c_type}' " : '') . $and . (!serendipity_checkPermission('adminEntriesMaintainOthers') ? 'AND e.authorid = ' . (int) $serendipity['authorid'] : '') . "\n ORDER BY c.id DESC {$limit}"); if (!empty($errormsg)) { echo '<p class="serendipityAdminMsgError serendipity_backend_msg_notice"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . $errormsg . '</p>'; } // closing admin messages ?> <script type="text/javascript"> function FT_toggle(id) { if ( document.getElementById(id + '_full').style.display == '' ) { document.getElementById(id + '_full').style.display='none'; document.getElementById(id + '_summary').style.display=''; document.getElementById(id + '_text').innerHTML = '<?php echo VIEW_FULL; ?> '; } else {
$data['messages'] = '<span class="msg_notice"><span class="icon-info-circled"></span> ' . MEDIA_RESIZE_EXISTS . '</span>'; } else { $data['print_SCALING_IMAGE'] = sprintf(SCALING_IMAGE, $file['path'] . $file['name'] . '.' . $file['extension'], (int) $serendipity['GET']['width'], (int) $serendipity['GET']['height']); $data['extraParems'] = serendipity_generateImageSelectorParems(); $scaleImg = serendipity_scaleImg($serendipity['GET']['fid'], $serendipity['GET']['width'], $serendipity['GET']['height']); if (!empty($scaleImg) && is_string($scaleImg)) { $data['scaleImgError'] = $scaleImg; } $data['is_done'] = true; } // fall back $data['showML'] = showMediaLibrary(); break; case 'scaleSelect': $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']); if (!is_array($file) || !serendipity_checkPermission('adminImagesDelete') || !serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) { return; } $data['extraParems'] = serendipity_generateImageSelectorParems('form'); $data['case_scaleSelect'] = true; $s = getimagesize($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $file['name'] . ($file['extension'] ? '.' . $file['extension'] : "")); $data['img_width'] = $s[0]; $data['img_height'] = $s[1]; $data['print_RESIZE_BLAHBLAH'] = sprintf(RESIZE_BLAHBLAH, serendipity_specialchars($serendipity['GET']['fname'])); $data['print_ORIGINAL_SIZE'] = sprintf(ORIGINAL_SIZE, $s[0], $s[1]); $data['formtoken'] = serendipity_setFormToken(); $data['file'] = $serendipity['uploadHTTPPath'] . $file['path'] . $file['name'] . ($file['extension'] ? '.' . $file['extension'] : ""); break; case 'choose': $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']); $media['file'] =& $file;
function event_hook($event, &$bag, &$eventData, $addData = null) { global $serendipity; $hooks =& $bag->get('event_hooks'); if (isset($hooks[$event])) { switch ($event) { case 'external_plugin': //catch learnAction here because the GET-Params prevent //the normal switch/case to find this if (strpos($eventData, 'learnAction') !== false) { if (!serendipity_checkPermission('adminComments')) { return; } $this->learnAction($_REQUEST['id'], $_REQUEST['category'], $_REQUEST['action'], $_REQUEST['entry_id']); echo DONE; return true; break; } switch ($eventData) { case 'learncomment': if (!serendipity_checkPermission('adminComments')) { break; } $category = $_REQUEST['category']; $ids = $_REQUEST['id']; $ids = explode(';', $ids); foreach ($ids as $id) { $comment = $this->getComment($id); if (is_array($comment)) { $comment = $comment['0']; $entry_id = $comment['entry_id']; } $this->startLearn($comment, $category); //Ham shall be approved, Spam deleted if ($category == 'ham') { serendipity_approveComment($id, $entry_id); } elseif ($category == 'spam') { if ($this->get_config('method', 'moderate') == 'custom') { $spamBarrier = min(array($this->get_config('moderateBarrier', 70) / 100, $this->get_config('blockBarrier', 90) / 100)); } else { $spamBarrier = 0.7; } //spam shall not get through the filter twice - so make sure, it really is marked as spam $loop = 0; while ($this->startClassify($comment) < $spamBarrier && $loop < 5) { $this->startLearn($comment, $category); //prevent infinite loop $loop++; } if ($this->get_config('recycler', true)) { $this->recycleComment($id, $entry_id); } serendipity_deleteComment($id, $entry_id); } } break; case 'spamblock_bayes.load.gif': header('Content-Type: image/gif'); echo file_get_contents(dirname(__FILE__) . '/img/spamblock_bayes.load.gif'); break; case 'spamblock_bayes.spam.png': header('Content-Type: image/png'); echo file_get_contents(dirname(__FILE__) . '/img/spamblock_bayes.spam.png'); break; case 'jquery.tablesorter.js': header('Content-Type: text/javascript'); echo file_get_contents(dirname(__FILE__) . '/jquery.tablesorter.js'); break; case 'jquery.heatcolor.js': header('Content-Type: text/javascript'); echo file_get_contents(dirname(__FILE__) . '/jquery.heatcolor.js'); break; case 'jquery.excerpt.js': header('Content-Type: text/javascript'); echo file_get_contents(dirname(__FILE__) . '/jquery.excerpt.js'); break; case 'serendipity_event_spamblock_bayes.js': header('Content-Type: text/javascript'); echo file_get_contents(dirname(__FILE__) . '/serendipity_event_spamblock_bayes.js'); break; case 'getRating': $ids = $_REQUEST['id']; $ids = explode(';', $ids); //we get the comments in wrong order $comments = array_reverse($this->getComment($ids)); $i = 0; foreach ($comments as $comment) { $ratings .= preg_replace('/\\..*/', '', $this->startClassify($comment) * 100) . '%;' . $ids[$i] . ';'; $i++; } echo $ratings; break; case 'bayesMenuLearn': if (!serendipity_checkPermission('adminComments')) { break; } //the POST-Data of the form is almost exactly like the result of the database-query $comment = $_POST; if (serendipity_db_bool($comment['ham'])) { $category = 'ham'; } else { $category = 'spam'; } $this->startLearn($comment, $category); $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=3'; $url .= '&serendipity[success]=Learned comment as ' . $category . '">'; echo $redirect . $url; break; case 'bayesLearnFromOld': if (!serendipity_checkPermission('adminComments')) { break; } $this->learnFromOld(); #redirect the user back to the menu $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=2'; $url .= '&serendipity[success]=Learning Done">'; echo $redirect . $url; break; case 'bayesDeleteDatabase': if (!serendipity_checkPermission('adminComments')) { break; } $this->deleteDB(); $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=2'; $url .= '&serendipity[success]=Database deleted">'; echo $redirect . $url; break; case 'bayesSetupDatabase': if (!serendipity_checkPermission('adminComments')) { break; } $this->setupDB(); $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=2'; $url .= '&serendipity[success]=Database created">'; echo $redirect . $url; break; case 'bayesRecycler': if (!serendipity_checkPermission('adminComments')) { break; } if (!empty($_REQUEST['serendipity']['selected'])) { $ids = array_keys($_REQUEST['serendipity']['selected']); } else { if (!empty($_REQUEST['serendipity']['comments'])) { $ids = array_keys($_REQUEST['serendipity']['comments']); } } if (isset($_REQUEST['restore'])) { if (!empty($ids)) { $ids = array_keys($_REQUEST['serendipity']['selected']); #When restoring a comment we can be pretty sure it's a valid one $comments = $this->getRecyclerComment($ids); foreach ($comments as $comment) { $this->startLearn($comment, 'ham'); } $this->restoreComments($ids); if (in_array(0, $ids)) { #this happened when the recyclercode was broken $msg = "Not able to restore comment with id 0"; $msgtype = 'error'; } if (count($ids) > 1) { $msg = 'Comments ' . implode(', ', $ids) . ' restored'; } else { $msg = 'Comment ' . implode(', ', $ids) . ' restored'; } $msgtype = 'success'; } else { $msg = 'No comment selected'; $msgtype = 'message'; } } if (isset($_REQUEST['empty'])) { if (isset($_REQUEST['recyclerSpam'])) { if ($this->get_config('emptyAll', false)) { $comments = $this->getAllRecyclerComments(); } else { $comments = $this->getRecyclerComment($ids); } foreach ($comments as $comment) { $this->startLearn($comment, 'spam'); } } if ($this->get_config('emptyAll', false)) { $success = $this->emptyRecycler(); } else { $success = $this->deleteFromRecycler($ids); } if (serendipity_db_bool($success)) { $msg = 'Recycler emptied'; $msgtype = 'success'; } else { $msg = urlencode($success); $msgtype = 'error'; } } $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=1'; if (!empty($msgtype)) { $url .= '&serendipity[' . $msgtype . ']=' . $msg . '">'; } else { $url .= '" />'; } echo $redirect . $url; break; case 'bayesAnalyse': if (isset($_REQUEST['comments'])) { $comment_ids = array_keys($_REQUEST['comments']); } else { $msg = 'Please select at least one comment'; $msgtype = 'message'; } $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=4'; if (isset($_REQUEST['comments'])) { foreach ($comment_ids as $comment) { $url .= '&serendipity[comments][' . $comment . ']'; } } if (!empty($msgtype)) { $url .= '&serendipity[' . $msgtype . ']=' . $msg . '"/>'; } else { $url .= '" />'; } echo $redirect . $url; break; case 'bayesImport': #Showing the menu $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=5'; echo $redirect . $url; break; case 'spamblock_bayes_import': if (!serendipity_checkPermission('adminComments')) { break; } $this->setupDB(); #starting the import $importDatabase = $this->getCsvDatabase($_FILES['importcsv']['tmp_name']); $result = $this->importDatabase($importDatabase); if ($result === true) { $msg = "Database imported"; $msgtype = "success"; } else { $msg = $result; $msgtype = "error"; } $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=2'; $url .= '&serendipity[' . $msgtype . ']=' . $msg . '">'; echo $redirect . $url; break; case 'bayesExportDatabase': $key = $_POST['key']; $exportKey = $this->get_config('exportKey', ""); if (!(serendipity_checkPermission('adminComments') || !$exportKey == "" && $exportKey == $key)) { break; } $this->set_config('exportKey', ""); $this->exportDatabase(); header('Content-type: application/x-download'); header('Content-Disposition: attachment; filename=spamblock_bayes.csv'); echo file_get_contents($serendipity['serendipityPath'] . 'templates_c/spamblock_bayes.csv'); break; case 'bayesTrojaGetKey': $publicTrojaKey = openssl_get_publickey(file_get_contents(dirname(__FILE__) . '/publicTrojaKey.pem')); header('HTTP/1.1 200 OK'); $key = mt_rand(); $this->set_config('exportKey', $key); openssl_public_encrypt($key, $enc_key, $publicTrojaKey, OPENSSL_PKCS1_PADDING); echo base64_encode($enc_key); break; case 'bayesTrojaRegister': if (!serendipity_checkPermission('adminComments')) { break; } $this->set_config('awaitingTrojaRequest', true); $this->set_config('troja_registered', true); $trojaUrlTarget = $this->trojaUrl . 'register'; $data = array('url' => $serendipity['baseURL']); $trojaUrlTarget .= "?" . http_build_query($data); $response = $this->getRequest($trojaUrlTarget); parse_str($response, $params); $registered = urldecode($params['registered']); if ($registered == 1) { $msg = "Registered"; $msgtype = "success"; } else { $msg = "Could not register this blog (already registered?)"; $msgtype = "error"; } $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=5'; $url .= '&serendipity[' . $msgtype . ']=' . $msg . '">'; echo $redirect . $url; break; case 'bayesTrojaRemove': if (!serendipity_checkPermission('adminComments')) { break; } $this->set_config('awaitingTrojaRequest', true); $this->set_config('troja_registered', false); $trojaUrlTarget = $this->trojaUrl . 'remove'; $data = array('url' => $serendipity['baseURL']); $trojaUrlTarget .= "?" . http_build_query($data); $response = $this->getRequest($trojaUrlTarget); parse_str($response, $params); $removed = urldecode($params['removed']); if ($removed == 1) { $msg = "Removed"; $msgtype = "success"; } else { $msg = "Could not remove this blog"; $msgtype = "error"; } $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=5'; $url .= '&serendipity[' . $msgtype . ']=' . $msg . '">'; echo $redirect . $url; break; case 'bayesTrojaAccept': $waiting = serendipity_db_bool($this->get_config('awaitingTrojaRequest', false)); if ($waiting === true) { header('HTTP/1.1 200 OK'); $this->set_config('awaitingTrojaRequest', false); } else { header('HTTP/1.1 403 Forbidden'); } echo ""; break; case 'bayesTrojaRequestDB': if (!serendipity_checkPermission('adminComments')) { break; } $trojaUrlTarget = $this->trojaUrl . 'requestDB'; $url = $serendipity['baseURL']; $try = 0; while (trim($url) == $serendipity['baseURL']) { $try++; $response = $this->getRequest($trojaUrlTarget); parse_str($response, $params); $url = urldecode($params['url']); if ($try > 3) { break; } } $key = $params['key']; $error = false; if (trim($url) == "http://" . $serendipity['baseURL'] || trim($url) == $serendipity['baseURL']) { $msg = "Got only this blog as target to import from"; $msgtype = "error"; $error = true; } if ($url == "") { $msg = "Got no target to import from"; $msgtype = "error"; $error = true; } if ($error) { $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=5'; $url .= '&serendipity[' . $msgtype . ']=' . $msg . '">'; echo $redirect . $url; return; } else { $msg = "Imported from {$url}"; $msgtype = "success"; } $this->fetchDatabase(trim($url), $key); $redirect = '<meta http-equiv="REFRESH" content="0;url='; $url = 'serendipity_admin.php?serendipity[adminModule]=event_display'; $url .= '&serendipity[adminAction]=spamblock_bayes'; $url .= '&serendipity[subpage]=5'; $url .= '&serendipity[' . $msgtype . ']=' . $msg . '">'; echo $redirect . $url; break; } return true; break; case 'frontend_saveComment': if (!is_array($eventData) || serendipity_db_bool($eventData['allow_comments'])) { $serendipity['csuccess'] = 'true'; $comment = array($this->type['url'] => $addData['url'], $this->type['body'] => $addData['comment'], $this->type['name'] => $addData['name'], $this->type['email'] => $addData['email'], $this->type['ip'] => serendipity_db_escape_string(isset($addData['ip']) ? $addData['ip'] : $_SERVER['REMOTE_ADDR']), $this->type['referrer'] => substr(isset($_SESSION['HTTP_REFERER']) ? serendipity_db_escape_string($_SESSION['HTTP_REFERER']) : '', 0, 200)); if ($this->checkIfSpam($comment)) { $method = $this->get_config('method', 'moderate'); if ($method == 'moderate') { $this->moderate($eventData, $addData); return false; } elseif ($method == 'block') { $this->block($eventData, $addData); return false; } } $blockBarrier = $this->get_config('blockBarrier', 90) / 100; $moderateBarrier = $this->get_config('moderateBarrier', 70) / 100; //now this either wasn't spam or method custom is selected. if ($this->lastRating > $blockBarrier) { $this->block($eventData, $addData); return false; } elseif ($this->lastRating > $moderateBarrier) { $this->moderate($eventData, $addData); return false; } } return true; break; case 'backend_view_comment': $path = $this->path = $this->get_config('path', $serendipity['serendipityHTTPPath'] . 'plugins/serendipity_event_spamblock_bayes/'); if (!empty($path) && $path != 'default' && $path != 'none' && $path != 'empty') { $path_defined = true; $imgpath = $path . 'img/'; } else { $path_defined = false; $imgpath = $serendipity['baseURL'] . 'index.php?/plugin/'; } $comment = $eventData; //change $comment into the needed form $comment[$this->type['body']] = $comment['fullBody']; unset($comment['fullBody']); if ($serendipity['version'][0] == '1') { $eventData['action_more'] = '<a id="ham' . $comment['id'] . '" class="serendipityIconLink spamblockBayesControls" onclick="return ham(' . $comment['id'] . ');" title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . ': ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAM . '" href="' . $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=approve&category=ham&id=' . $eventData['id'] . '&entry_id=' . $eventData['entry_id'] . '" ><img src="' . serendipity_getTemplateFile('admin/img/accept.png') . '" alt="" />' . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAM . '</a> <a id="spam' . $comment['id'] . '" class="serendipityIconLink spamblockBayesControls" onclick="return spam(' . $comment['id'] . ');" title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . ': ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAM . '" href="' . $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=delete&category=spam&id=' . $eventData['id'] . '&entry_id=' . $eventData['entry_id'] . '" ><img src="' . $imgpath . 'spamblock_bayes.spam.png' . '" alt="" />' . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAM . '</a> <span class="spamblockBayesRating"> <a href="serendipity_admin.php?serendipity[adminModule]=event_display&serendipity[adminAction]=spamblock_bayes&serendipity[subpage]=4&serendipity[comments][' . $comment['id'] . ']"> <span id="' . $comment['id'] . '_rating">' . preg_replace('/\\..*/', '', $this->startClassify($comment) * 100) . '%</span> </a> <img src="' . serendipity_getTemplateFile('admin/img/admin_msg_note.png') . '" title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_RATING_EXPLANATION . '" /> </span> '; } else { $eventData['action_more'] = '<ul id="bayes_actions" class="plainList clearfix actions"> <li> <a id="ham' . $comment['id'] . '" class="button_link spamblockBayesControls" onclick="return ham(' . $comment['id'] . ');" title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . ': ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAM . '" href="' . $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=approve&category=ham&id=' . $eventData['id'] . '&entry_id=' . $eventData['entry_id'] . '" ><span class="icon-ok-circled"></span><span class="visuallyhidden"> ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAM . '</span></a> </li> <li> <a id="spam' . $comment['id'] . '" class="button_link spamblockBayesControls" onclick="return spam(' . $comment['id'] . ');" title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . ': ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAM . '" href="' . $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=delete&category=spam&id=' . $eventData['id'] . '&entry_id=' . $eventData['entry_id'] . '" ><span class="icon-cancel"></span><span class="visuallyhidden"> ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAM . '</span></a> </li> <li class="bayes_spamrating"> <a href="serendipity_admin.php?serendipity[adminModule]=event_display&serendipity[adminAction]=spamblock_bayes&serendipity[subpage]=4&serendipity[comments][' . $comment['id'] . ']" title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_RATING_EXPLANATION . '"> <span id="' . $comment['id'] . '_rating"> ' . preg_replace('/\\..*/', '', $this->startClassify($comment) * 100) . '%</span> </a> </li> </ul> '; } return true; break; case 'backend_sendcomment': $delete = PLUGIN_EVENT_SPAMBLOCK_BAYES_DELETE . ': '; $delete .= $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=delete&category=spam&id=' . $eventData['comment_id'] . '&entry_id=' . $eventData['entry_id']; $eventData['action_more']['delete'] = $delete; if (!empty($eventData['moderate_comment']) && $eventData['moderate_comment']) { $approve = PLUGIN_EVENT_SPAMBLOCK_BAYES_APPROVE . ': '; $approve .= $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=approve&category=ham&id=' . $eventData['comment_id'] . '&entry_id=' . $eventData['entry_id']; $eventData['action_more']['approve'] = $approve; } return true; break; case 'backend_comments_top': $path = $this->path = $this->get_config('path', $serendipity['serendipityHTTPPath'] . 'plugins/serendipity_event_spamblock_bayes/'); if (!empty($path) && $path != 'default' && $path != 'none' && $path != 'empty') { $path_defined = true; $imgpath = $path . 'img/'; } else { $path_defined = false; $imgpath = $serendipity['baseURL'] . 'index.php?/plugin/'; } echo "<style>\n .spamblockBayesControls {\n cursor: pointer;\n }\n .spamblockBayesRating {\n float: right;\n }\n .spamblockBayesRating img {\n vertical-align: middle;\n }\n </style>\n <script>\n var learncommentPath = '{$serendipity['baseURL']}index.php?/plugin/learncomment';\n var ratingPath = '{$serendipity['baseURL']}index.php?/plugin/getRating';\n var bayesCharset = '" . LANG_CHARSET . "';\n var bayesDone = '" . DONE . "';\n var bayesHelpImage = '" . serendipity_getTemplateFile('admin/img/admin_msg_note.png') . "';\n var bayesHelpTitle = '" . PLUGIN_EVENT_SPAMBLOCK_BAYES_RATING_EXPLANATION . "';\n var bayesLoadIndicator = '{$imgpath}spamblock_bayes.load.gif';\n var bayesSpambutton = '" . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAMBUTTON . "';\n var bayesHambutton = '" . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAMBUTTON . "';\n var bayesPlugin = '" . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . "';\n </script>\n <script type=\"text/javascript\" src=\"{$path}bayes_commentlist.js\"></script>\n "; return true; break; case 'backend_sidebar_entries': if (!serendipity_checkPermission('adminComments')) { break; } if ($serendipity['version'][0] == '1') { if ($this->get_config('menu', true)) { echo '<li class="serendipitySideBarMenuLink serendipitySideBarMenuEntryLinks"> <a href="?serendipity[adminModule]=event_display&serendipity[adminAction]=spamblock_bayes&serendipity[subpage]=1"> ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . ' </a> </li>'; } } else { } return true; break; case 'backend_sidebar_admin_appearance': if (!serendipity_checkPermission('adminComments')) { break; } if ($serendipity['version'][0] == '1') { } else { if ($this->get_config('menu', true)) { echo '<li><a href="?serendipity[adminModule]=event_display&serendipity[adminAction]=spamblock_bayes&serendipity[subpage]=1">' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . '</a></li>'; } } return true; break; case 'backend_sidebar_entries_event_display_spamblock_bayes': if (!serendipity_checkPermission('adminComments')) { break; } $path = $this->path = $this->get_config('path', $serendipity['serendipityHTTPPath'] . 'plugins/serendipity_event_spamblock_bayes/'); if (!empty($path) && $path != 'default' && $path != 'none' && $path != 'empty') { $path_defined = true; $imgpath = $path . 'img/'; } else { $path_defined = false; $imgpath = $serendipity['baseURL'] . 'index.php?/plugin/'; } global $serendipity; if (isset($serendipity['GET']['message'])) { if ($serendipity['version'][0] == '1') { echo '<p class="serendipityAdminMsgNote">' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['message']) : htmlspecialchars($serendipity['GET']['message'], ENT_COMPAT, LANG_CHARSET)) . '</p>'; } else { echo '<span class="msg_notice"><span class="icon-info-circled"></span> ' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['message']) : htmlspecialchars($serendipity['GET']['message'], ENT_COMPAT, LANG_CHARSET)) . '</span>'; } } if (isset($serendipity['GET']['success'])) { if ($serendipity['version'][0] == '1') { echo '<p class="serendipityAdminMsgSuccess">' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['success']) : htmlspecialchars($serendipity['GET']['success'], ENT_COMPAT, LANG_CHARSET)) . '</p>'; } else { echo '<span class="msg_success"><span class="icon-ok-circled"></span> ' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['success']) : htmlspecialchars($serendipity['GET']['success'], ENT_COMPAT, LANG_CHARSET)) . '</span>'; } } if (isset($serendipity['GET']['error'])) { if ($serendipity['version'][0] == '1') { echo '<p class="serendipityAdminMsgError">' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['error']) : htmlspecialchars($serendipity['GET']['error'], ENT_COMPAT, LANG_CHARSET)) . '</p>'; } else { echo '<span class="msg_error"><span class="icon-attention-circled"></span> ' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['error']) : htmlspecialchars($serendipity['GET']['error'], ENT_COMPAT, LANG_CHARSET)) . '</span>'; } } $this->get = $serendipity['GET']; $this->displayMenu($serendipity['GET']['subpage']); return true; break; case 'xmlrpc_comment_spam': $entry_id = $addData['id']; $comment_id = $addData['cid']; if ($this->get_config('method', 'moderate') == 'custom') { $spamBarrier = min(array($this->get_config('moderateBarrier', 70) / 100, $this->get_config('blockBarrier', 90) / 100)); } else { $spamBarrier = 0.7; } //spam shall not get through the filter twice - so make sure, it really is marked as spam $loop = 0; while ($this->startClassify($eventData) < $spamBarrier && $loop < 5) { $this->startLearn($eventData, 'spam'); //prevent infinite loop $loop++; } if ($this->get_config('recycler', true)) { $this->recycleComment($comment_id, $entry_id); } serendipity_deleteComment($comment_id, $entry_id); return true; break; case 'xmlrpc_comment_ham': $this->startLearn($eventData, 'ham'); $comment_id = $addData['cid']; $entry_id = $addData['id']; //moderated ham-comments should be instantly approved, that's why they need an id: serendipity_approveComment($comment_id, $entry_id); return true; break; default: return false; break; } } else { return false; } }
<?php if (IN_serendipity !== true) { die("Don't hack!"); } $probelang = dirname(__FILE__) . '/' . $serendipity['charset'] . 'lang_' . $serendipity['lang'] . '.inc.php'; if (file_exists($probelang)) { include $probelang; } include dirname(__FILE__) . '/lang_en.inc.php'; $serendipity['smarty']->assign(array('currpage' => "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'])); $template_config = array(array('var' => 'feedburner', 'name' => FEEDBURNER_102, 'type' => 'string', 'default' => ''), array('var' => 'delicious', 'name' => DELICIOUS_102, 'type' => 'string', 'default' => ''), array('var' => 'flickr', 'name' => 'flickr URI', 'type' => 'string', 'default' => ''), array('var' => 'technorati', 'name' => 'technorati URI', 'type' => 'string', 'default' => ''), array('var' => 'addthiswidget', 'name' => 'addthis.com Bookmark Widget', 'type' => 'boolean', 'default' => 'false'), array('var' => 'addthisaccount', 'name' => 'addthis.com Account', 'type' => 'string', 'default' => ''), array('var' => 'amount', 'name' => NAVLINK_AMOUNT, 'type' => 'string', 'default' => '5')); $template_loaded_config = serendipity_loadThemeOptions($template_config, $serendipity['smarty_vars']['template_option']); if (isset($_POST['serendipity']['template']['amount']) && serendipity_userLoggedIn() && serendipity_checkPermission('adminTemplates')) { $temp_post = $_POST['serendipity']['template']['amount']; if (is_numeric($temp_post)) { $template_loaded_config['amount'] = $temp_post; } } $navlinks = array(); for ($i = 0; $i < $template_loaded_config['amount']; $i++) { $navlinks[] = array('title' => $template_loaded_config['navlink' . $i . 'text'], 'href' => $template_loaded_config['navlink' . $i . 'url'], 'akey' => $template_loaded_config['navlink' . $i . 'key']); $template_config[] = array('var' => 'navlink' . $i . 'text', 'name' => NAV_LINK_TEXT . ' #' . $i, 'type' => 'string', 'default' => 'Link #' . $i); $template_config[] = array('var' => 'navlink' . $i . 'url', 'name' => NAV_LINK_URL . ' #' . $i, 'type' => 'string', 'default' => '#'); $template_config[] = array('var' => 'navlink' . $i . 'key', 'name' => NAV_LINK_KEY . ' #' . $i, 'type' => 'string', 'default' => $i); } $serendipity['smarty']->assign_by_ref('navlinks', $navlinks);
function showElementCommentlist($where, $limit) { global $serendipity; $summaryLength = 200; $i = 0; if (version_compare(substr($serendipity['version'], 0, 3), '1.6') >= 0) { $comments = serendipity_fetchComments(null, $limit, 'co.id DESC', true, 'NORMAL', $where); } else { $comments = serendipity_db_query("SELECT c.*, e.title FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n WHERE 1 = 1 " . $where . (!serendipity_checkPermission('adminEntriesMaintainOthers') ? 'AND e.authorid = ' . (int) $serendipity['authorid'] : '') . "\n ORDER BY c.id DESC LIMIT {$limit}"); } if (!is_array($comments)) { return; } if (count($comments) == 0) { return; } echo '<table width="100%" cellpadding="3" border="0" cellspacing="0">'; foreach ($comments as $rs) { $i++; $comment = array('fullBody' => $rs['body'], 'summary' => serendipity_mb('substr', $rs['body'], 0, $summaryLength), 'status' => $rs['status'], 'type' => $rs['type'], 'id' => $rs['id'], 'title' => $rs['title'], 'timestamp' => $rs['timestamp'], 'referer' => $rs['referer'], 'url' => $rs['url'], 'ip' => $rs['ip'], 'entry_url' => serendipity_archiveURL($rs['entry_id'], $rs['title']), 'email' => $rs['email'], 'author' => empty($rs['author']) ? ANONYMOUS : $rs['author'], 'entry_id' => $rs['entry_id']); $entrylink = serendipity_archiveURL($comment['entry_id'], 'comments', 'serendipityHTTPPath', true) . '#c' . $comment['id']; if (strlen($comment['fullBody']) > strlen($comment['summary'])) { $comment['summary'] .= ' ...'; $comment['excerpt'] = true; // When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML. $comment['fullBody'] = nl2br(function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['fullBody']) : htmlspecialchars($comment['fullBody'], ENT_COMPAT, LANG_CHARSET)); $comment['summary'] = nl2br(strip_tags($comment['summary'])); } else { $comment['excerpt'] = false; $comment['fullBody'] = $comment['summary'] = nl2br(function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['fullBody']) : htmlspecialchars($comment['fullBody'], ENT_COMPAT, LANG_CHARSET)); } #serendipity_plugin_api::hook_event('backend_view_comment', $comment, '&serendipity[page]='. $page . $searchString); $class = 'serendipity_admin_list_item_' . ($i % 2 == 0 ? 'even' : 'uneven'); if ($comment['status'] == 'pending' || $comment['status'] === 'confirm') { $class .= ' serendipity_admin_comment_pending'; } $header_class = $comment['status'] == 'pending' || $comment['status'] === 'confirm' ? 'serendipityAdminMsgNote serendipity_admin_comment_pending_header' : ''; ?> <tr> <td class="<?php echo $header_class; ?> "> <?php if ($header_class == 'serendipityAdminMsgNote serendipity_admin_comment_pending_header') { ?> <img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="<?php echo serendipity_getTemplateFile('admin/img/admin_msg_note.png'); ?> " alt="" /> <?php } ?> <a name="c<?php echo $comment['id']; ?> "></a> <?php echo ($comment['type'] == 'NORMAL' ? COMMENT : ($comment['type'] == 'TRACKBACK' ? TRACKBACK : PINGBACK)) . ' #' . $comment['id'] . ', ' . IN_REPLY_TO . ' <strong><a href="' . $comment['entry_url'] . '">' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['title']) : htmlspecialchars($comment['title'], ENT_COMPAT, LANG_CHARSET)) . '</a></strong>, ' . ON . ' ' . serendipity_formatTime('%b %e %Y, %H:%M', $comment['timestamp']); ?> </td> </tr> <tr> <td class="serendipity_admin_list_item <?php echo $class; ?> " id="comment_<?php echo $comment['id']; ?> "> <table width="100%" cellspacing="0" cellpadding="3" border="0"> <tr> <td width="40%"><strong><?php echo AUTHOR; ?> </strong>: <?php echo (function_exists('serendipity_specialchars') ? serendipity_specialchars(serendipity_truncateString($comment['author'], 30)) : htmlspecialchars(serendipity_truncateString($comment['author'], 30), ENT_COMPAT, LANG_CHARSET)) . $comment['action_author']; ?> </td> <td><strong><?php echo EMAIL; ?> </strong>: <?php if (empty($comment['email'])) { echo 'N/A'; } else { ?> <a href="mailto:<?php echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['email']) : htmlspecialchars($comment['email'], ENT_COMPAT, LANG_CHARSET); ?> " title="<?php echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['email']) : htmlspecialchars($comment['email'], ENT_COMPAT, LANG_CHARSET); ?> "><?php echo function_exists('serendipity_specialchars') ? serendipity_specialchars(serendipity_truncateString($comment['email'], 30)) : htmlspecialchars(serendipity_truncateString($comment['email'], 30), ENT_COMPAT, LANG_CHARSET); ?> </a> <?php } ?> <?php echo $comment['action_email']; ?> </td> </tr> <tr> <td width="40%"><strong>IP</strong>: <?php if (empty($comment['ip'])) { echo '0.0.0.0'; } else { echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['ip']) : htmlspecialchars($comment['ip'], ENT_COMPAT, LANG_CHARSET); } ?> <?php echo $comment['action_ip']; ?> </td> <td><strong><?php echo URL; ?> </strong>: <?php if (empty($comment['url'])) { echo 'N/A'; } else { ?> <a href="<?php echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['url']) : htmlspecialchars($comment['url'], ENT_COMPAT, LANG_CHARSET); ?> " title="<?php echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['url']) : htmlspecialchars($comment['url'], ENT_COMPAT, LANG_CHARSET); ?> " target="_blank"><?php echo function_exists('serendipity_specialchars') ? serendipity_specialchars(serendipity_truncateString($comment['url'], 30)) : htmlspecialchars(serendipity_truncateString($comment['url'], 30), ENT_COMPAT, LANG_CHARSET); ?> </a> <?php } ?> <?php echo $comment['action_url']; ?> </td> </tr> <tr> <td width="40%"> </td> <td><strong><?php echo REFERER; ?> </strong>: <?php if (empty($comment['referer'])) { echo 'N/A'; } else { ?> <a href="<?php echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['referer']) : htmlspecialchars($comment['referer'], ENT_COMPAT, LANG_CHARSET); ?> " title="<?php echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['referer']) : htmlspecialchars($comment['referer'], ENT_COMPAT, LANG_CHARSET); ?> " target="_blank"><?php echo function_exists('serendipity_specialchars') ? serendipity_specialchars(serendipity_truncateString($comment['referer'], 30)) : htmlspecialchars(serendipity_truncateString($comment['referer'], 30), ENT_COMPAT, LANG_CHARSET); ?> </a> <?php } ?> <?php echo $comment['action_referer']; ?> </td> <tr> <td style="border-top: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC" colspan="3"> <div id="<?php echo $comment['id']; ?> _summary"><?php echo $comment['summary']; ?> </div> <div id="<?php echo $comment['id']; ?> _full" style="display: none"><?php echo $comment['fullBody']; ?> </div> </td> </tr> </table> <?php if (($comment['status'] == 'pending' || $comment['status'] === 'confirm') && !serendipity_db_bool($this->get_config('read_only'))) { ?> <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=approve&serendipity[id]=<?php echo $comment['id']; ?> &<?php echo serendipity_setFormToken('url'); ?> " class="serendipityIconLink" title="<?php echo APPROVE; ?> "><img src="<?php echo serendipity_getTemplateFile('admin/img/accept.png'); ?> " alt="<?php echo APPROVE; ?> " /><?php echo APPROVE; ?> </a> <?php } ?> <?php if ($comment['status'] == 'approved' && !serendipity_db_bool($this->get_config('read_only'))) { ?> <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=pending&serendipity[id]=<?php echo $comment['id']; ?> &<?php echo serendipity_setFormToken('url'); ?> " class="serendipityIconLink" title="<?php echo SET_TO_MODERATED; ?> "><img src="<?php echo serendipity_getTemplateFile('admin/img/clock.png'); ?> " alt="<?php echo SET_TO_MODERATED; ?> " /><?php echo SET_TO_MODERATED; ?> </a> <?php } ?> <?php if ($comment['excerpt']) { ?> <a href="#c<?php echo $comment['id']; ?> " onclick="FT_toggle(<?php echo $comment['id']; ?> ); return false;" title="<?php echo VIEW; ?> " class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/zoom.png'); ?> " alt="<?php echo TOGGLE_ALL; ?> " /><span id="<?php echo $comment['id']; ?> _text"><?php echo TOGGLE_ALL; ?> </span></a> <?php } ?> <a target="_blank" href="<?php echo $entrylink; ?> " title="<?php echo VIEW; ?> " class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/zoom.png'); ?> " alt="<?php echo VIEW; ?> " /><?php echo VIEW; ?> </a> <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=edit&serendipity[id]=<?php echo $comment['id']; ?> &serendipity[entry_id]=<?php echo $comment['entry_id']; ?> &<?php echo serendipity_setFormToken('url'); ?> " title="<?php echo EDIT; ?> " class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/edit.png'); ?> " alt="<?php echo EDIT; ?> " /><?php echo EDIT; ?> </a> <?php if (!serendipity_db_bool($this->get_config('read_only'))) { ?> <a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=delete&serendipity[id]=<?php echo $comment['id']; ?> &serendipity[entry_id]=<?php echo $comment['entry_id']; ?> &<?php echo serendipity_setFormToken('url'); ?> " onclick='return confirm("<?php echo sprintf(COMMENT_DELETE_CONFIRM, $comment['id'], function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['author']) : htmlspecialchars($comment['author'], ENT_COMPAT, LANG_CHARSET)); ?> ")' title="<?php echo DELETE; ?> " class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/delete.png'); ?> " alt="<?php echo DELETE; ?> " /><?php echo DELETE; ?> </a> <?php } ?> <a target="_blank" onclick="cf = window.open(this.href, 'CommentForm', 'width=800,height=600,toolbar=no,scrollbars=1,scrollbars,resize=1,resizable=1'); cf.focus(); return false;" href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=reply&serendipity[id]=<?php echo $comment['id']; ?> &serendipity[entry_id]=<?php echo $comment['entry_id']; ?> &serendipity[noBanner]=true&serendipity[noSidebar]=true&<?php echo serendipity_setFormToken('url'); ?> " title="<?php echo REPLY; ?> " class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/user_editor.png'); ?> " alt="<?php echo REPLY; ?> " /><?php echo REPLY; ?> </a> <?php echo $comment['action_more']; ?> </td> </tr> <?php } echo '</table>'; }
<?php # $Id$ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details if (IN_serendipity !== true) { die("Don't hack!"); } if (!serendipity_checkPermission('adminTemplates')) { return; } class template_option { var $config = null; var $values = null; var $keys = null; function introspect_config_item($item, &$bag) { foreach ($this->config[$item] as $key => $val) { $bag->add($key, $val); } } function get_config($item) { return $this->values[$item]; } function set_config($item, $value) { global $serendipity; serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options\n WHERE okey = 't_" . serendipity_db_escape_string($serendipity['template']) . "'\n AND name = '" . serendipity_db_escape_string($item) . "'"); if ($this->config[$item]['scope'] == 'global') {
/** * Get a list of Sidebar plugins and pass them to Smarty * * @access public * @param string The side of plugins to show (left/right/hide/event/eventh) * @param string deprecated: Indicated which wrapping HTML element to use for plugins * @param boolean Indicates whether only all plugins should be shown that are not in the $side list * @param string Only show plugins of this plugin class * @param string Only show a plugin with this instance ID * @return string Smarty HTML output */ function generate_plugins($side, $tag = '', $negate = false, $class = null, $id = null, $tpl = 'sidebar.tpl') { global $serendipity; /* $tag parameter is deprecated and used in Smarty templates instead. Only use it in function * header for layout.php BC. */ $plugins = serendipity_plugin_api::enum_plugins($side, $negate, $class, $id); if (!is_array($plugins)) { return; } if (!isset($serendipity['smarty'])) { $serendipity['smarty_raw_mode'] = true; serendipity_smarty_init(); } $pluginData = array(); $addData = func_get_args(); serendipity_plugin_api::hook_event('frontend_generate_plugins', $plugins, $addData); if (count($plugins) == 0) { $serendipity['prevent_sidebar_plugins_' . $side] = true; } $loggedin = false; if (serendipity_userLoggedIn() && serendipity_checkPermission('adminPlugins')) { $loggedin = true; } foreach ($plugins as $plugin_data) { $plugin =& serendipity_plugin_api::load_plugin($plugin_data['name'], $plugin_data['authorid'], $plugin_data['path']); if (is_object($plugin)) { $class = get_class($plugin); $title = ''; /* TODO: make generate_content NOT echo its output */ ob_start(); $show_plugin = $plugin->generate_content($title); $content = ob_get_contents(); ob_end_clean(); if ($loggedin) { $content .= '<div class="serendipity_edit_nugget"><a href="' . $serendipity['serendipityHTTPPath'] . 'serendipity_admin.php?serendipity[adminModule]=plugins&serendipity[plugin_to_conf]=' . htmlentities($plugin->instance) . '">' . EDIT . '</a></div>'; } if ($show_plugin !== false) { $pluginData[] = array('side' => $side, 'class' => $class, 'title' => $title, 'content' => $content, 'id' => $plugin->instance); } } else { $pluginData[] = array('side' => $side, 'title' => ERROR, 'class' => $class, 'content' => sprintf(INCLUDE_ERROR, $plugin_data['name'])); } } serendipity_plugin_api::hook_event('frontend_sidebar_plugins', $pluginData, $addData); $serendipity['smarty']->assign_by_ref('plugindata', $pluginData); $serendipity['smarty']->assign('pluginside', ucfirst($side)); return serendipity_smarty_fetch('sidebar_' . $side, $tpl, true); }
/** * When paths or other options are changed in the s9y configuration, update the core files * * @access public * @return boolean */ function serendipity_updateConfiguration() { global $serendipity, $umask; // Save all basic config variables to the database $config = serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE); if (isset($_POST['sqlitedbName']) && !empty($_POST['sqlitedbName'])) { $_POST['dbName'] = $_POST['sqlitedbName']; } // Password can be hidden in re-configuring, but we need to store old password if (empty($_POST['dbPass']) && !empty($serendipity['dbPass'])) { $_POST['dbPass'] = $serendipity['dbPass']; } foreach ($config as $category) { foreach ($category['items'] as $item) { /* Don't save trash */ if (!serendipity_checkConfigItemFlags($item, 'configuration')) { continue; } if (!isset($item['userlevel'])) { $item['userlevel'] = USERLEVEL_ADMIN; } // Check permission set. Changes to blogConfiguration or siteConfiguration items // always required authorid = 0, so that it be not specific to a userlogin if ($serendipity['serendipityUserlevel'] >= $item['userlevel'] || IS_installed === false) { $authorid = 0; } elseif ($item['permission'] == 'blogConfiguration' && serendipity_checkPermission('blogConfiguration')) { $authorid = 0; } elseif ($item['permission'] == 'siteConfiguration' && serendipity_checkPermission('siteConfiguration')) { $authorid = 0; } else { $authorid = $serendipity['authorid']; } if (is_array($_POST[$item['var']])) { // Arrays not allowed. Use first index value. list($a_key, $a_val) = each($_POST[$item['var']]); $_POST[$item['var']] = $a_key; // If it still is an array, munge it all together. if (is_array($_POST[$item['var']])) { $_POST[$item['var']] = @implode(',', $_POST[$item['var']]); } } serendipity_set_config_var($item['var'], $_POST[$item['var']], $authorid); } } if (IS_installed === false || serendipity_checkPermission('siteConfiguration')) { return serendipity_updateLocalConfig($_POST['dbName'], $_POST['dbPrefix'], $_POST['dbHost'], $_POST['dbUser'], $_POST['dbPass'], $_POST['dbType'], $_POST['dbPersistent']); } else { return true; } }
if ($bag->is_set('configuration')) { /* Only play with the plugin if there is something to play with */ echo '<script type="text/javascript">location.href = \'' . $serendipity['baseurl'] . '?serendipity[adminModule]=plugins&serendipity[plugin_to_conf]=' . $inst . '\';</script>'; die; } else { /* If no config is available, redirect to plugin overview, because we do not want that a user can install the plugin a second time via accidental browser refresh */ echo '<script type="text/javascript">location.href = \'' . $serendipity['baseurl'] . '?serendipity[adminModule]=plugins\';</script>'; die; } } } if (isset($_POST['REMOVE']) && serendipity_checkFormToken()) { if (is_array($_POST['serendipity']['plugin_to_remove'])) { foreach ($_POST['serendipity']['plugin_to_remove'] as $key) { $plugin =& serendipity_plugin_api::load_plugin($key); if ($plugin->serendipity_owner == '0' || $plugin->serendipity_owner == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers')) { serendipity_plugin_api::remove_plugin_instance($key); } } } } ?> <?php if (isset($_POST['SAVE'])) { ?> <div class="serendipityAdminMsgSuccess"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="<?php echo serendipity_getTemplateFile('admin/img/admin_msg_success.png'); ?> " alt="" /><?php echo DONE . ': ' . sprintf(SETTINGS_SAVED_AT, serendipity_strftime('%H:%M:%S'));
/** * Show the list of plugins * * Shows a HTML list of all installed plugins, complete with config/delete/sort order options * * @access public * @param boolean Indicates if event plugins (TRUE) or sidebar plugins (FALSE) shall be shown * @return null */ function show_plugins($event_only = false, $sidebars = null) { static $opts = array('event' => PLUGIN_ACTIVE, 'eventh' => PLUGIN_INACTIVE); global $serendipity; $sql_filter = ''; if (is_array($sidebars)) { foreach ($sidebars as $sidebar) { $up = strtoupper($sidebar); if ($sidebar == 'hide') { $opts[$sidebar] = HIDDEN; } elseif (defined('SIDEBAR_' . $up)) { $opts[$sidebar] = constant('SIDEBAR_' . $up); } elseif (defined($up)) { $opts[$sidebar] = constant($up); } else { $opts[$sidebar] = $up; } $sql_filter .= "AND placement != '" . serendipity_db_escape_string($sidebar) . "' "; } } if (!$event_only) { $sql = "SELECT * from {$serendipity['dbPrefix']}plugins\n WHERE placement != 'event'\n AND placement != 'eventh'\n " . $sql_filter; $invisible_plugins = serendipity_db_query($sql); if (is_array($invisible_plugins)) { $sidebars[] = 'NONE'; $opts['NONE'] = NONE; } } $eyecandy = !isset($serendipity['eyecandy']) || serendipity_db_bool($serendipity['eyecandy']); if (!$eyecandy) { echo ' <form action="?serendipity[adminModule]=plugins" method="post">'; } elseif (!$event_only) { echo '<script type="text/javascript"> function templatePluginMoverInit() { '; $is_first = true; foreach ($sidebars as $sidebar) { ?> <?php echo $is_first ? 'var ' : ''; ?> list = document.getElementById("<?php echo $sidebar; ?> _col"); DragDrop.makeListContainer(list, 'g1'); list.onDragOver = function() { this.style["border"] = "1px solid #4d759b"; }; list.onDragOut = function() { this.style["border"] = "none"; }; <?php $is_first = false; } echo ' } addLoadEvent(templatePluginMoverInit);</script>'; echo ' <form action="?serendipity[adminModule]=plugins" method="post" onsubmit="pluginMovergetSort(); return true">'; echo ' <input type="hidden" name="serendipity[pluginorder]" id="order" value="" />'; } else { echo '<script type="text/javascript">addLoadEvent(pluginMoverInitEvent);</script>'; echo ' <form action="?serendipity[adminModule]=plugins" method="post" onsubmit="pluginMovergetSortEvent(); return true">'; echo ' <input type="hidden" name="serendipity[pluginorder]" id="eventorder" value="" />'; } echo serendipity_setFormToken(); ?> <table class="pluginmanager" border="0" cellpadding="5" cellspacing="3" width="100%"> <tr> <?php $errors = array(); /* Block display the plugins per placement location. */ if ($event_only) { $plugin_placements = array('event', 'eventh'); } else { $plugin_placements = $sidebars; } $total = 0; foreach ($plugin_placements as $plugin_placement) { if (!$event_only && $plugin_placement == 'NONE') { $is_invisible = true; } else { $is_invisible = false; } $ptitle = $opts[$plugin_placement]; $pid = $plugin_placement; echo '<td class="pluginmanager_side pluginmanager_' . ($event_only ? 'event' : 'sidebar') . '">'; echo '<div class="heading">' . $ptitle . '</div>'; echo '<ol id="' . $pid . '_col" class="pluginmanager_container">'; if ($is_invisible) { $plugins = $invisible_plugins; } else { $plugins = serendipity_plugin_api::enum_plugins($plugin_placement); } if (!is_array($plugins)) { continue; } $sort_idx = 0; foreach ($plugins as $plugin_data) { $total++; $plugin =& serendipity_plugin_api::load_plugin($plugin_data['name'], $plugin_data['authorid']); $key = urlencode($plugin_data['name']); $css_key = 's9ycid' . str_replace('%', '-', $key); $is_plugin_owner = $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'); $is_plugin_editable = $is_plugin_owner || $plugin_data['authorid'] == '0'; if (!is_object($plugin)) { $name = $title = ERROR . '!'; $desc = ERROR . ': ' . $plugin_data['name']; $can_configure = false; } else { /* query for its name, description and configuration data */ $bag = new serendipity_property_bag(); $plugin->introspect($bag); $name = htmlspecialchars($bag->get('name')); $desc = htmlspecialchars($bag->get('description')); $desc .= '<br />' . VERSION . ': <em>' . $bag->get('version') . '</em>'; $title = serendipity_plugin_api::get_plugin_title($plugin, '[' . $name . ']'); if ($bag->is_set('configuration') && ($plugin->protected === FALSE || $plugin_data['authorid'] == '0' || $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'))) { $can_configure = true; } else { $can_configure = false; } } if ($event_only) { $place = placement_box('serendipity[placement][' . $plugin_data['name'] . ']', $plugin_data['placement'], $is_plugin_editable, true, $opts); $event_only_uri = '&serendipity[event_plugin]=true'; } else { $place = placement_box('serendipity[placement][' . $plugin_data['name'] . ']', $plugin_data['placement'], $is_plugin_editable, false, $opts); $event_only_uri = ''; } /* Only display UP/DOWN links if there's somewhere for the plugin to go */ if ($sort_idx == 0) { $moveup = ' '; } else { $moveup = '<a href="?' . serendipity_setFormToken('url') . '&serendipity[adminModule]=plugins&submit=move+up&serendipity[plugin_to_move]=' . $key . $event_only_uri . '" style="border: 0"><img src="' . serendipity_getTemplateFile('admin/img/uparrow.png') . '" height="16" width="16" border="0" alt="' . UP . '" /></a>'; } if ($sort_idx == count($plugins) - 1) { $movedown = ' '; } else { $movedown = ($moveup != '' ? ' ' : '') . '<a href="?' . serendipity_setFormToken('url') . '&serendipity[adminModule]=plugins&submit=move+down&serendipity[plugin_to_move]=' . $key . $event_only_uri . '" style="border: 0"><img src="' . serendipity_getTemplateFile('admin/img/downarrow.png') . '" height="16" width="16" alt="' . DOWN . '" border="0" /></a>'; } ?> <li class="pluginmanager_item_<?php echo $sort_idx % 2 ? 'even' : 'uneven'; ?> " id="<?php echo $css_key; ?> "> <div id="g<?php echo $css_key; ?> " class="pluginmanager_grablet"> <a href="#" id="grab<?php echo $css_key; ?> "></a> </div> <?php if ($is_plugin_editable) { ?> <input class="input_checkbox" type="checkbox" name="serendipity[plugin_to_remove][]" value="<?php echo $plugin_data['name']; ?> " /> <?php } ?> <?php if ($can_configure) { ?> <a class="pluginmanager_configure" href="?serendipity[adminModule]=plugins&serendipity[plugin_to_conf]=<?php echo $key; ?> "><img src="<?php echo serendipity_getTemplateFile('admin/img/configure.png'); ?> " style="border: 0; vertical-align: bottom;" alt="[C]" /></a> <?php } ?> <span class="pluginmanager_title"> <?php if ($can_configure) { ?> <a title="<?php echo $plugin_data['name']; ?> " href="?serendipity[adminModule]=plugins&serendipity[plugin_to_conf]=<?php echo $key; ?> "><?php echo $title; ?> </a> <?php } else { ?> <?php echo $title; ?> <?php } ?> </span><br /> <div class="pluginmanager_description" style="font-size: 8pt"><?php echo $desc; ?> </div> <div class="pluginmanager_ownership"><?php ownership($plugin_data['authorid'], $plugin_data['name'], $is_plugin_owner); ?> </div> <?php echo $eyecandy ? '<noscript>' : ''; ?> <div class="pluginmanager_place"><?php echo $place; ?> </div> <div class="pluginmanager_move"><?php echo $moveup; ?> <?php echo $movedown; ?> </div> <?php echo $eyecandy ? '</noscript>' : ''; ?> </li> <?php $sort_idx++; } echo '</ol></td>'; } ?> </tr> <tr> <td colspan="3" align="right"><?php printf(PLUGIN_AVAILABLE_COUNT, $total); ?> </td> </tr> </table> <br /> <div> <input type="submit" name="REMOVE" title="<?php echo DELETE; ?> " value="<?php echo REMOVE_TICKED_PLUGINS; ?> " class="serendipityPrettyButton input_button" /> <input type="submit" name="SAVE" title="<?php echo SAVE_CHANGES_TO_LAYOUT; ?> " value="<?php echo SAVE; ?> " class="serendipityPrettyButton input_button" /> </div> </form> <?php }
function showMediaLibrary($messages = false, $addvar_check = false, $smarty_vars = array()) { global $serendipity; if (!serendipity_checkPermission('adminImagesView')) { return; } $output = ""; // After upload, do not show the list to be able to proceed to // media selection. if ($addvar_check && !empty($GLOBALS['image_selector_addvars'])) { return true; } if (!isset($serendipity['thumbPerPage'])) { $serendipity['thumbPerPage'] = 2; } $smarty_vars = array('textarea' => isset($serendipity['GET']['textarea']) ? $serendipity['GET']['textarea'] : false, 'htmltarget' => isset($serendipity['GET']['htmltarget']) ? $serendipity['GET']['htmltarget'] : '', 'filename_only' => isset($serendipity['GET']['filename_only']) ? $serendipity['GET']['filename_only'] : false); $show_upload = isset($serendipity['GET']['showUpload']) ? $serendipity['GET']['showUpload'] : false; $output .= serendipity_displayImageList(isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1, $serendipity['thumbPerPage'], isset($serendipity['GET']['showMediaToolbar']) ? serendipity_db_bool($serendipity['GET']['showMediaToolbar']) : true, NULL, $show_upload, NULL, $smarty_vars); return $output; }
function universal_updateComment($cid, $entry_id, $entry_authorid, &$comment) { global $serendipity; // Check for adminEntriesMaintainOthers if ($entry_authorid != $serendipity['authorid'] && !serendipity_checkPermission('adminEntriesMaintainOthers')) { return false; // wrong user having no adminEntriesMaintainOthers right } $sql = "UPDATE {$serendipity['dbPrefix']}comments\n SET\n author = '" . serendipity_db_escape_string($comment['author']) . "',\n email = '" . serendipity_db_escape_string($comment['email']) . "',\n url = '" . serendipity_db_escape_string($comment['url']) . "',\n body = '" . serendipity_db_escape_string($comment['body']) . "'\n WHERE id = " . (int) $cid . " AND entry_id = " . (int) $entry_id; serendipity_db_query($sql); serendipity_plugin_api::hook_event('backend_updatecomment', $comment, $cid); return true; }
global $serendipity; $data = array(); switch ($serendipity['POST']['adminAction']) { case 'publish': if (!serendipity_checkFormToken()) { break; } $success = serendipity_updertEntry(array('id' => serendipity_specialchars($serendipity['POST']['id']), 'timestamp' => time(), 'isdraft' => 0)); if (is_numeric($success)) { $data['published'] = $success; } else { $data['error_publish'] = $success; } break; case 'updateCheckDisable': if (!serendipity_checkFormToken() || !serendipity_checkPermission('blogConfiguration')) { break; } serendipity_set_config_var('updateCheck', false); break; } $user = serendipity_fetchAuthor($serendipity['authorid']); // chrome-compatible, from Oliver Gassner, adapted from TextPattern. Hi guys, keep it up. :-) $bookmarklet = "javascript:var%20d=document,w=window,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),f='" . $serendipity['baseURL'] . "',l=d.location,e=encodeURIComponent,p='serendipity_admin.php?serendipity[adminModule]=entries&serendipity[adminAction]=new&serendipity[title]='+e(d.title)+'&serendipity[body]='+e(s)+'&serendipity[url]='+location.href,u=f+p;a=function(){%20%20if(!w.open(u,'t','toolbar=0,resizable=1,scrollbars=1,status=1,width=800,height=800'))%20%20%20%20l.href=u;};if(/Firefox/.test(navigator.userAgent))%20%20setTimeout(a,0);else%20%20a();void(0)"; $data['bookmarklet'] = $bookmarklet; $data['username'] = $user[0]['realname']; $data['js_failure_file'] = serendipity_getTemplateFile('admin/serendipity_editor.js'); $output = array(); serendipity_plugin_api::hook_event('backend_frontpage_display', $output); $data['backend_frontpage_display'] = $output['more']; $data['usedVersion'] = $serendipity['version'];
function template_options($template, $catid) { global $serendipity, $template_config; if (!serendipity_checkPermission('adminTemplates')) { return; } $template = str_replace('.', '', urldecode($template)); $catid = (int) $catid; $tpl_path = $serendipity['serendipityPath'] . $serendipity['templatePath'] . $template; if (!is_dir($tpl_path)) { return false; } $serendipity['GET']['adminModule'] == 'templates'; $serendipity['smarty_vars']['template_option'] = $template . '_' . $catid; echo '<h3>' . STYLE_OPTIONS . '</h3>'; if (file_exists($tpl_path . '/config.inc.php')) { serendipity_smarty_init(); include_once $tpl_path . '/config.inc.php'; } if (is_array($template_config)) { serendipity_plugin_api::hook_event('backend_templates_configuration_top', $template_config); if ($serendipity['POST']['adminSubAction'] == 'configure') { foreach ($serendipity['POST']['template'] as $option => $value) { categorytemplate_option::set_config($option, $value, $serendipity['smarty_vars']['template_option']); } echo '<div class="serendipityAdminMsgSuccess"><img style="height: 22px; width: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_success.png') . '" alt="" />' . DONE . ': ' . sprintf(SETTINGS_SAVED_AT, serendipity_strftime('%H:%M:%S')) . '</div>'; } echo '<form method="post" action="serendipity_admin.php">'; echo '<input type="hidden" name="serendipity[adminModule]" value="templates" />'; echo '<input type="hidden" name="serendipity[adminSubAction]" value="configure" />'; echo '<input type="hidden" name="serendipity[adminAction]" value="cattemplate" />'; echo '<input type="hidden" name="serendipity[adminModule]" value="event_display" />'; echo '<input type="hidden" name="serendipity[catid]" value="' . $catid . '" />'; echo '<input type="hidden" name="serendipity[cat_template]" value="' . urlencode($template) . '" />'; include S9Y_INCLUDE_PATH . 'include/functions_plugins_admin.inc.php'; $template_vars =& serendipity_loadThemeOptions($template_config, $serendipity['smarty_vars']['template_option']); $template_options = new categorytemplate_option(); $template_options->import($template_config); $template_options->values =& $template_vars; serendipity_plugin_config($template_options, $template_vars, $serendipity['template'], $serendipity['template'], $template_options->keys, true, true, true, true, 'template'); echo '</form><br />'; serendipity_plugin_api::hook_event('backend_templates_configuration_bottom', $template_config); } else { echo '<p>' . STYLE_OPTIONS_NONE . '</p>'; serendipity_plugin_api::hook_event('backend_templates_configuration_none', $template_config); } }
<?php # $Id: entries.inc.php 2546 2009-07-10 15:45:18Z garvinhicking $ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details if (IN_serendipity !== true) { die("Don't hack!"); } if (!serendipity_checkPermission('adminEntries')) { return; } $sort_order = array('timestamp' => DATE, 'isdraft' => PUBLISH . '/' . DRAFT, 'a.realname' => AUTHOR, 'category_name' => CATEGORY, 'last_modified' => LAST_UPDATED, 'title' => TITLE, 'id' => 'ID'); $per_page = array('12', '16', '50', '100'); /** * Shows the entry panel overview * * Shows a list of existing entries, with pagination and cookie-remember settings. * * @access public * @return null */ function serendipity_drawList() { global $serendipity, $sort_order, $per_page; $filter_import = array('author', 'category', 'isdraft'); $sort_import = array('perPage', 'ordermode', 'order'); foreach ($filter_import as $f_import) { serendipity_restoreVar($serendipity['COOKIE']['entrylist_filter_' . $f_import], $serendipity['GET']['filter'][$f_import]); serendipity_JSsetCookie('entrylist_filter_' . $f_import, $serendipity['GET']['filter'][$f_import]); } foreach ($sort_import as $s_import) {
echo DIAGNOSTIC_ERROR; echo '<div class="serendipityAdminMsgError">- <img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . implode('<br />', $res) . '</div><br /><br />'; } else { /* If we have new rewrite rules, then install them */ $permalinkOld = array($oldConfig['serendipityHTTPPath'], $oldConfig['serendipityPath'], $oldConfig['baseURL'], $oldConfig['indexFile'], $oldConfig['rewrite']); $permalinkNew = array($serendipity['serendipityHTTPPath'], $serendipity['serendipityPath'], $serendipity['baseURL'], $serendipity['indexFile'], $serendipity['rewrite']); // Compare all old permalink section values against new one. A change in any of those // will force to update the .htaccess for rewrite rules. $permconf = serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE); if (is_array($permconf) && is_array($permconf['permalinks']['items'])) { foreach ($permconf['permalinks']['items'] as $permitem) { $permalinkOld[] = $oldConfig[$permitem['var']]; $permalinkNew[] = $serendipity[$permitem['var']]; } } if (serendipity_checkPermission('siteConfiguration') && serialize($permalinkOld) != serialize($permalinkNew)) { printf(ATTEMPT_WRITE_FILE, $serendipity['serendipityPath'] . '.htaccess'); $res = serendipity_installFiles($serendipity['serendipityPath']); if (is_array($res)) { echo implode('<br />', $res); } else { echo DONE . '<br />'; } serendipity_buildPermalinks(); } echo '<br /><div class="serendipityAdminMsgSuccess"><img style="height: 22px; width: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_success.png') . '" alt="" />' . WRITTEN_N_SAVED . '</div>'; } break; default: $from =& $serendipity; $t = serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE);
if (!serendipity_checkPermission('adminEntries')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/entries.inc.php'; $admin_section = ADMIN_ENTRIES; break; case 'comments': if (!serendipity_checkPermission('adminComments')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/comments.inc.php'; $admin_section = COMMENTS; break; case 'category': case 'categories': if (!serendipity_checkPermission('adminCategories')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/category.inc.php'; $admin_section = CATEGORIES; break; case 'logout': echo LOGGEDOUT; break; case 'event_display': if ($serendipity['no_create'] !== true) { serendipity_plugin_api::hook_event('backend_sidebar_entries_event_display_' . $serendipity['GET']['adminAction'], $serendipity); } break; case 'maintenance': include S9Y_INCLUDE_PATH . 'include/admin/maintenance.inc.php';
/** * Delete an entry and everything that belongs to it (comments) * * @access public * @param int The Entry ID to delete * @return mixed FALSE or NULL on error */ function serendipity_deleteEntry($id) { global $serendipity; if (!is_numeric($id)) { return false; } // Purge the daily/monthly entries so they can be rebuilt $result = serendipity_db_query("SELECT timestamp, authorid FROM {$serendipity['dbPrefix']}entries WHERE id = '" . (int) $id . "'", true); if ($result[1] != $serendipity['authorid'] && !serendipity_checkPermission('adminEntriesMaintainOthers')) { // Only admins and chief users can delete entries which do not belong to the author return; } serendipity_purgeEntry($id, $result[0]); serendipity_plugin_api::hook_event('backend_delete_entry', $id); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entries WHERE id={$id}"); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entrycat WHERE entryid={$id}"); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid={$id}"); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}comments WHERE entry_id={$id}"); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}references WHERE entry_id='{$id}' AND type = ''"); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}permalinks WHERE entry_id='{$id}'"); }