<?php
if (!session_admin()) {
return;
}
$applications = parse_ini_file('inc/conf/auth/applications/index.php');
loader_import('saf.File.Directory');
$d = new Dir('inc/app');
$apps = array();
foreach ($d->read_all() as $file) {
if (strpos($file, '.') === 0 || !@is_dir('inc/app/' . $file) || !@file_exists('inc/app/' . $file . '/conf/config.ini.php') || in_array($file, array('cms', 'usradm'))) {
continue;
}
if (session_is_resource('app_' . $file) && !session_allowed('app_' . $file, 'rw', 'resource')) {
continue;
}
if (isset($applications[$file]) && !$applications[$file]) {
continue;
}
$c = @parse_ini_file('inc/app/' . $file . '/conf/config.ini.php');
if (!isset($c['admin_handler']) || !isset($c['admin_handler_type']) || isset($c['admin']) && !$c['admin']) {
continue;
}
if (!isset($c['app_name'])) {
$c['app_name'] = $file;
}
if ($c['admin_handler_type'] == 'box') {
$type = 'action';
} else {
$type = $c['admin_handler_type'];
}
<?php
global $cgi;
loader_import('saf.Misc.RPC');
if (!$cgi->table || !$cgi->items || !$cgi->key) {
echo rpc_response(false);
exit;
}
if (!$cgi->verify('table', 'regex', '/^[a-zA-Z0-9_-]+$/')) {
echo rpc_response(false);
exit;
}
if (!$cgi->verify('key', 'regex', '/^[a-zA-Z0-9_-]+$/')) {
echo rpc_response(false);
exit;
}
if (session_is_resource($cgi->table) && !session_allowed($cgi->table, 'rw', 'resource')) {
echo rpc_response(false);
exit;
}
$items = preg_split('/, ?/', $cgi->items);
foreach ($items as $item) {
db_execute('insert into ' . $cgi->table . ' (' . $cgi->key . ') values (?)', $item);
}
echo rpc_response(true);
exit;
/**
* Checks recursively in the form directory and parent directories
* until it checks $formPath finally for an access.php file. It then
* parses that file as an INI file and determines whether the form is
* accessible by the current user. If a template is specified in the
* access.php file, that template name is returned on success, otherwise
* a boolean true value is returned on success. False is always returned
* if the user is not allowed.
*
* @access public
* @param string $name
* @param string $context
* @return mixed
*
*/
function formAllowed($name, $context = 'normal')
{
$app = $this->getApp($name);
$name = $this->removeApp($name, $app);
if (session_admin() && session_is_resource('app_' . $app) && !session_allowed('app_' . $app, 'rw', 'resource')) {
return false;
}
if (isset($this->applications[$app]) && !$this->applications[$app]) {
// app is disabled
return false;
}
$dir = $this->prefix . '/' . $app . '/' . $this->formPath . '/' . $name;
while ($dir != $this->prefix . '/' . $app . '/' . $this->formPath) {
if (@file_exists($dir . '/access.php')) {
$access = parse_ini_file($dir . '/access.php');
$this->formAccess = $access;
if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'action' && !$access['sitellite_action']) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context != 'normal' && isset($access['sitellite_' . $context]) && !$access['sitellite_' . $context]) {
return false;
// } elseif ($context == 'inline' && ! $access['sitellite_inline']) {
// return false;
} else {
if (isset($access['sitellite_template_set'])) {
page_template_set($access['sitellite_template_set']);
}
if (isset($access['sitellite_template'])) {
return $access['sitellite_template'];
} else {
return true;
}
}
}
$dir = preg_split('/\\//', $dir);
array_pop($dir);
$dir = join('/', $dir);
}
// check for a global access.php file
if (@file_exists($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php')) {
$access = parse_ini_file($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php');
$this->formAccess = $access;
if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'action' && !$access['sitellite_action']) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'inline' && !$access['sitellite_inline']) {
return false;
} else {
if (isset($access['sitellite_template_set'])) {
page_template_set($access['sitellite_template_set']);
}
if (isset($access['sitellite_template'])) {
return $access['sitellite_template'];
} else {
return true;
}
}
}
// no access.php found at all, revert to logical defaults
if ($context == 'action') {
return false;
}
return true;
}
}
// END KEEPOUT CHECKING
global $cgi;
loader_import('cms.Versioning.Rex');
$rex = new Rex($cgi->collection);
session_set('imagechooser_path', '/pix');
if (!$rex->collection) {
page_title(intl_get('Error: Collection not found!'));
echo '<p><a href="' . $_SERVER['HTTP_REFERER'] . '">' . intl_get('Back') . '</a></p>';
return;
}
if (!session_allowed('add', 'rw', 'resource')) {
header('Location: ' . site_prefix() . '/index/cms-cpanel-action');
exit;
}
if (session_is_resource($cgi->collection) && !session_allowed($cgi->collection, 'r', 'resource')) {
header('Location: ' . site_prefix() . '/index/cms-cpanel-action');
exit;
}
if (isset($rex->info['Collection']['add'])) {
list($call, $name) = explode(':', $rex->info['Collection']['add']);
if ($call == 'box') {
echo loader_box($name);
} elseif ($call == 'form') {
echo loader_form($name);
} else {
echo loader_form($call);
}
return;
} else {
class CmsAddForm extends MailForm
<?php
global $page, $cgi;
if (!session_admin()) {
return;
}
if (!isset($parameters['collection'])) {
$parameters['collection'] = 'sitellite_page';
}
if (!session_allowed('add', 'rw', 'resource')) {
return;
}
if (session_is_resource($parameters['collection']) && !session_allowed($parameters['collection'], 'rw', 'resource')) {
return;
}
loader_import('cms.Versioning.Rex');
$rex = new Rex($parameters['collection']);
if (!$rex->collection) {
return;
}
$parameters['type'] = intl_get($rex->info['Collection']['singular']);
echo template_simple('buttons/add.spt', $parameters);
/**
* Returns the display HTML for this widget. The optional
* parameter determines whether or not to automatically display the widget
* nicely, or whether to simply return the widget (for use in a template).
*
* @access public
* @param boolean $generate_html
* @return string
*
*/
function display($generate_html = 0)
{
$data = '';
$attrstr = $this->getAttrs();
$selected = explode(',', $this->data_value);
loader_import('saf.Misc.RPC');
echo rpc_init('return false');
$mult = 'false';
if ($this->size) {
$multiple = ' size="' . $this->size . '"';
$braces = '';
if ($this->multiple) {
$multiple = ' multiple="multiple"' . $multiple;
$braces = '[]';
$mult = 'true';
}
} else {
$multiple = '';
$braces = '';
}
if (session_is_resource($this->table) && !session_allowed($this->table, 'rw', 'resource')) {
$allowed = false;
} else {
$allowed = true;
}
if ($allowed) {
loader_import('saf.GUI.Prompt');
if ($this->title) {
page_add_script('
var cms_' . $this->name . '_form;
var cms_' . $this->name . '_oldhandler;
function cms_' . $this->name . '_add_handler (words) {
f = cms_' . $this->name . '_form;
// 2. add the selected keywords to the list
for (i = 0; i < words.length; i++) {
if (document.all) {
f.elements[\'' . $this->name . $braces . '\'].options[f.elements[\'' . $this->name . $braces . '\'].options.length + 1] = new Option (words[i].text, words[i].value, false, true);
} else {
o = document.createElement (\'option\');
o.text = words[i].text;
o.value = words[i].value;
f.elements[\'' . $this->name . $braces . '\'].add (o, null);
}
}
rpc_handler = null;
rpc_handler = cms_' . $this->name . '_oldhandler;
}
function cms_' . $this->name . '_add (f) {
cms_' . $this->name . '_form = f;
// 0. collect our new items(s) from the user
prompt (
\'New items(s) -- separate multiple with commas (one, two, three)\',
\'\',
function (word) {
if (word == null || word.length == 0 || word == false) {
return false;
}
words = word.split (/, ?/);
cms_' . $this->name . '_oldhandler = rpc_handler;
rpc_handler = null;
rpc_handler = cms_' . $this->name . '_add_handler;
// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->addAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&title=' . $this->title . '&items=\' + word);
}
);
// 3. cancel the click
return false;
}
function cms_' . $this->name . '_remove (f) {
// 0. collect the selected items from the "items" field
word = \'\';
show = \'\';
sep = \'\';
for (i = 0; i < f.elements[\'' . $this->name . $braces . '\'].options.length; i++) {
if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
word = word + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].value;
show = show + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].text;
sep = \',\';
}
}
// 0.1. confirm that they want to delete the selected list
c = confirm (\'' . intl_get('Are you sure you want to remove these items?') . ' \' + show);
if (! c) {
return false;
}
// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->removeAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&title=' . $this->title . '&items=\' + word);
// 2. remove the selected keywords from the list
multiple = ' . $mult . ';
for (i = f.elements[\'' . $this->name . $braces . '\'].options.length - 1; i >= 0; i--) {
if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
// remove
if (document.all) {
f.elements[\'' . $this->name . $braces . '\'].options.remove (i);
} else {
f.elements[\'' . $this->name . $braces . '\'].options[i] = null;
}
if (! multiple) {
break;
}
}
}
// 3. cancel the click
return false;
}
');
} else {
page_add_script('
function cms_' . $this->name . '_add (f) {
cms_' . $this->name . '_form = f;
// 0. collect our new items(s) from the user
prompt (
\'New items(s) -- separate multiple with commas (one, two, three)\',
\'\',
function (word) {
if (word == null || word.length == 0 || word == false) {
return false;
}
words = word.split (/, ?/);
f = cms_' . $this->name . '_form;
// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->addAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&items=\' + word);
// 2. add the selected keywords to the list
for (i = 0; i < words.length; i++) {
if (document.all) {
f.elements[\'' . $this->name . $braces . '\'].options[f.elements[\'' . $this->name . $braces . '\'].options.length + 1] = new Option (words[i], words[i], false, true);
} else {
o = document.createElement (\'option\');
o.text = words[i];
o.value = words[i];
f.elements[\'' . $this->name . $braces . '\'].add (o, null);
}
}
}
);
// 3. cancel the click
return false;
}
function cms_' . $this->name . '_remove (f) {
// 0. collect the selected items from the "items" field
word = \'\';
sep = \'\';
for (i = 0; i < f.elements[\'' . $this->name . $braces . '\'].options.length; i++) {
if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
word = word + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].value;
sep = \',\';
}
}
// 0.1. confirm that they want to delete the selected list
c = confirm (\'' . intl_get('Are you sure you want to remove these items?') . ' \' + word);
if (! c) {
return false;
}
// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->removeAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&items=\' + word);
// 2. remove the selected keywords from the list
multiple = ' . $mult . ';
for (i = f.elements[\'' . $this->name . $braces . '\'].options.length - 1; i >= 0; i--) {
if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
// remove
if (document.all) {
f.elements[\'' . $this->name . $braces . '\'].options.remove (i);
} else {
f.elements[\'' . $this->name . $braces . '\'].options[i] = null;
}
if (! multiple) {
break;
}
}
}
// 3. cancel the click
return false;
}
');
}
// end title
}
// end allowed
if ($generate_html) {
$data .= '<tr>
<td class="label"' . $this->invalid() . ' valign="top">
<label for="' . $this->name . '" id="' . $this->name . '-label">' . template_simple($this->label_template, $this, '', true) . '</label>
</td>
<td class="field">
<table border="0" cellpadding="3" cellspacing="0">
<tr>
<td valign="top">
<select name="' . $this->name . $braces . '" ' . $multiple . $attrstr . ' ' . $this->extra . '>' . NEWLINE;
foreach ($this->getList() as $obj) {
if (!$this->title) {
$key = $obj->{$this->key};
$keyword = $obj->{$this->key};
} else {
$key = $obj->{$this->key};
$keyword = $obj->{$this->title};
}
$data .= TABx2 . TABx2 . TABx2 . '<option value="' . $key . '"';
if (in_array($key, $selected)) {
$data .= ' selected="selected"';
}
$data .= '>' . $keyword . '</option>' . NEWLINE;
}
$data .= '</select>
</td>' . NEWLINE;
if ($allowed) {
$data .= ' <td valign="top" width="100%">
<input type="submit" value="' . intl_get('Add') . '" onclick="return cms_' . $this->name . '_add (this.form)" /><br />
<input type="submit" value="' . intl_get('Remove') . '" onclick="return cms_' . $this->name . '_remove (this.form)" />
</td>
</tr>
</table>
</td>' . NEWLINE;
} else {
$data .= '</tr></table></td>';
}
$data .= ' </tr>' . NEWLINEx2;
} else {
}
return $data;
}
}
$data['links'] = array();
foreach ($rex->info as $key => $vals) {
if (strpos($key, 'link:') === 0) {
$perms = $vals['requires'];
switch ($perms) {
case 'r':
case 'w':
case 'rw':
if (session_is_resource($cgi->collection) && !session_allowed($cgi->collection, $perms, 'resource')) {
continue;
}
break;
}
if (isset($vals['requires resource'])) {
if (session_is_resource($vals['requires resource']) && !session_allowed($vals['requires resource'], 'rw', 'resource')) {
continue;
}
}
$vals['text'] = intl_get($vals['text']);
if (strpos($vals['url'], '/index/') === 0) {
$vals['url'] = site_prefix() . $vals['url'];
}
$data['links'][] = $vals;
}
}
echo template_simple(CMS_JS_ALERT_MESSAGE, $GLOBALS['cgi']);
echo loader_box('cms/nav');
template_simple_register('pager', $pg);
template_simple_register('locks', $locks);
template_simple_register('editable', $editable);
$parameters['inline'] = true;
}
if (!isset($parameters['return']) && $parameters['collection'] == 'sitellite_page') {
$parameters['return'] = site_current();
}
$parameters['return_v1'] = site_current();
loader_import('cms.Workflow.Lock');
lock_init();
if (lock_exists($parameters['collection'], $parameters['id'])) {
$parameters['editable'] = false;
$lock_info = lock_info($parameters['collection'], $parameters['id']);
$parameters['lock_owner'] = $lock_info->user;
$parameters['lock_expires'] = $lock_info->expires;
loader_import('cms.Filters');
}
if (session_is_resource('delete') && !session_allowed('delete', 'rw', 'resource')) {
$parameters['deletable'] = false;
}
if ($rex->isVersioned && $parameters['editable']) {
//session_allowed ('approved', 'w', 'status')) {
$parameters['history'] = true;
} else {
$parameters['history'] = false;
}
if ($parameters['collection'] == 'sitellite_page') {
$c = $rex->getCurrent($parameters['id']);
if ($c->sitellite_status == 'draft' || $c->sitellite_status == 'pending') {
//$parameters['status'] = $c->sitellite_status;
$p = $rex->getSource($parameters['id']);
if ($p == $c) {
$parameters['draft'] = false;
$c = 0;
foreach ($one as $k => $v) {
$ct = str_replace(site_prefix() . '/index/cms-browse-action?collection=', '', $k);
$r = new Rex($ct);
if ($r->info['Collection']['icon']) {
$icon = site_prefix() . '/' . $r->info['Collection']['icon'];
} else {
$icon = site_prefix() . '/inc/app/cms/pix/icons/content-type.gif';
}
$data['content_panel']['icons'][] = array('href' => $k, 'src' => $icon, 'alt' => $v);
$c++;
if ($c >= 3) {
break;
}
}
if (session_is_resource('app_usradm') && !session_allowed('app_usradm', 'rw', 'resource')) {
$data['admin_panel'] = array('name' => 'admin', 'caption' => intl_get('Admin'), 'action' => '#', 'method' => 'get', 'select' => 'list', 'selected' => '', 'select-extra' => 'disabled="disabled"', 'options' => array(array()), 'icons' => array(array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/users_disabled.gif', 'alt' => intl_get('Users')), array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/roles_disabled.gif', 'alt' => intl_get('Roles')), array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/teams_disabled.gif', 'alt' => intl_get('Teams'))));
if (!appconf('panels_show_disabled')) {
$data['admin_panel']['icons'] = array();
}
} else {
$data['admin_panel'] = array('name' => 'admin', 'caption' => intl_get('Admin'), 'action' => site_prefix() . '/index/usradm-browse-action', 'method' => 'get', 'select' => 'list', 'selected' => '', 'select-extra' => 'onchange="this.form.submit ()"', 'options' => array(array(site_prefix() . '/index/usradm-browse-action?list=accesslevels' => intl_get('Access Levels'), site_prefix() . '/index/usradm-browse-action?list=log' => intl_get('Activity Log'), site_prefix() . '/index/usradm-applications-action' => intl_get('Applications'), site_prefix() . '/index/usradm-cache-form' => intl_get('Cache Settings'), site_prefix() . '/index/usradm-browse-action?list=prefs' => intl_get('Preferences'), site_prefix() . '/index/usradm-browse-action?list=resources' => intl_get('Resources')), array(site_prefix() . '/index/usradm-browse-action?list=roles' => intl_get('Roles'), site_prefix() . '/index/usradm-settings-form' => intl_get('Site Settings'), site_prefix() . '/index/usradm-browse-action?list=statuses' => intl_get('Statuses'), site_prefix() . '/index/usradm-browse-action?list=teams' => intl_get('Teams'), site_prefix() . '/index/usradm-browse-action?list=users' => intl_get('Users'), site_prefix() . '/index/usradm-workflow-action' => intl_get('Workflow Services'))), 'icons' => array(array('href' => site_prefix() . '/index/usradm-browse-action?list=users', 'src' => site_prefix() . '/inc/app/cms/pix/icons/users.gif', 'alt' => intl_get('Users')), array('href' => site_prefix() . '/index/usradm-browse-action?list=roles', 'src' => site_prefix() . '/inc/app/cms/pix/icons/roles.gif', 'alt' => intl_get('Roles')), array('href' => site_prefix() . '/index/usradm-browse-action?list=teams', 'src' => site_prefix() . '/inc/app/cms/pix/icons/teams.gif', 'alt' => intl_get('Teams'))));
}
$apps = loader_box('cms/admintools');
$apps = explode(NEWLINE, $apps);
$c = 0;
foreach ($apps as $k => $v) {
if (empty($v)) {
unset($apps[$k]);
continue;
}
/**
* DELETE method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function DELETE($options)
{
if (isset($options['dest'])) {
$options['path'] = $options['dest'];
} else {
$options['path'] = $this->_path();
}
$path = $this->base . strtolower(rtrim($options["path"], '/'));
$debug = array();
foreach ($options as $k => $v) {
$debug[] = $k . '=' . $v;
}
$this->_debug(__LINE__, 0, 'DELETE: ' . join(', ', $debug));
if ($this->checkLock($options['path'], true)) {
$this->_debug(__LINE__, 423, 'Locked : ' . $options['path']);
return '423 Locked';
}
if (!file_exists($path)) {
$this->_debug(__LINE__, 404, 'File doesn\'t exist: ' . $path);
return "404 Not found";
}
if (session_is_resource('delete') && !session_allowed('delete', 'rw', 'resource')) {
$this->_debug(__LINE__, 403, 'Permissions failed: delete');
return '403 Forbidden';
}
if (is_dir($path)) {
return $this->_rmdir_recursive(trim($path, '/'));
} elseif (strpos($path, '/.') !== false) {
// dot-file
$res = unlink($path);
if (!$res) {
$this->_debug(__LINE__, 403, 'Unlinking dot-file failed: ' . $path);
return '403 Forbidden';
}
} else {
$info = $this->rex->getCurrent(ltrim($options['path'], '/'));
if (!session_allowed($info, 'rw')) {
$this->_debug(__LINE__, 403, 'Permissions failed: ' . $info->name);
return '403 Forbidden';
}
if (!$this->rex->delete(ltrim($options['path'], '/'), 'Deleted via WebDAV.')) {
$this->_debug(__LINE__, 500, 'Delete failed: ' . $this->rex->error . ' (' . $options['path'] . ')');
return '500 Internal server error';
}
}
return "204 No Content";
}
/**
* Returns the display HTML for this widget. The optional
* parameter determines whether or not to automatically display the widget
* nicely, or whether to simply return the widget (for use in a template).
*
* @access public
* @param boolean $generate_html
* @return string
*
*/
function display($generate_html = 0)
{
$data = '';
$attrstr = $this->getAttrs();
$selected = explode(',', $this->data_value);
if (session_is_resource($this->table) && !session_allowed($this->table, 'rw', 'resource')) {
$allowed = false;
} else {
$allowed = true;
}
$this->_list = $this->getList();
$this->_selected = $this->getSelected();
foreach ($this->_list as $k => $v) {
if (in_array($v->id, $this->_selected)) {
$this->_list[$k]->selected = true;
} else {
$this->_list[$k]->selected = false;
}
}
if (!$this->id) {
$this->_id = $this->id;
$this->id = 'false';
}
static $loaded = false;
if (!$loaded) {
page_add_style($this->_style);
page_add_script(site_prefix() . '/js/rpc-compressed.js');
}
$this->loaded = $loaded;
page_add_script(template_simple($this->_script, $this));
$loaded = true;
if (isset($this->_id)) {
$this->id = $this->_id;
unset($this->_id);
}
return template_simple($this->_output, $this);
}
