/** * Set the Admin Theme : * - checks if the required template exists * - set the admin theme variables * - set the admin theme constants * - Register all the needed CSS/JS files */ public function setAdminTheme() { $sAdminThemeName = getGlobalSetting('admintheme'); // We retrieve the admin theme in config ( {{settings_global}} or config-defaults.php ) $sStandardTemplateRootDir = Yii::app()->getConfig("styledir"); // Path for the standard Admin Themes $sUserTemplateDir = Yii::app()->getConfig('uploaddir') . DIRECTORY_SEPARATOR . 'admintheme'; // Path for the user Admin Themes // Check if the required theme is a standard one if ($this->isStandardAdminTheme($sAdminThemeName)) { $sTemplateDir = $sStandardTemplateRootDir; // It's standard, so it will be in standard path $sTemplateUrl = Yii::app()->getConfig('styleurl') . $sAdminThemeName; // Available via a standard URL } else { // If it's not a standard theme, we bet it's a user one. // In fact, it could also be a old 2.06 admin theme just aftet an update (it will then be caught as "non existent" in the next if statement") $sTemplateDir = $sUserTemplateDir; $sTemplateUrl = Yii::app()->getConfig('uploadurl') . DIRECTORY_SEPARATOR . 'admintheme' . DIRECTORY_SEPARATOR . $sAdminThemeName; } // If the theme directory doesn't exist, it can be that: // - user updated from 2.06 and still have old theme configurated in database // - user deleted a custom theme // In any case, we just set Sea Green as the template to use if (!is_dir($sTemplateDir . DIRECTORY_SEPARATOR . $sAdminThemeName)) { $sAdminThemeName = 'Sea_Green'; $sTemplateDir = $sStandardTemplateRootDir; $sTemplateUrl = Yii::app()->getConfig('styleurl') . DIRECTORY_SEPARATOR . $sAdminThemeName; setGlobalSetting('admintheme', 'Sea_Green'); } // Now that we are sure we have an existing template, we can set the variables of the AdminTheme $this->sTemplateUrl = $sTemplateUrl; $this->name = $sAdminThemeName; $this->path = $sTemplateDir . DIRECTORY_SEPARATOR . $this->name; // This is necessary because a lot of files still use "adminstyleurl". // TODO: replace everywhere the call to Yii::app()->getConfig('adminstyleurl) by $oAdminTheme->sTemplateUrl; Yii::app()->setConfig('adminstyleurl', $this->sTemplateUrl); ////////////////////// // Config file loading $bOldEntityLoaderState = libxml_disable_entity_loader(true); // @see: http://phpsecurity.readthedocs.io/en/latest/Injection-Attacks.html#xml-external-entity-injection $sXMLConfigFile = file_get_contents(realpath($this->path . '/config.xml')); // Now that entity loader is disabled, we can't use simplexml_load_file; so we must read the file with file_get_contents and convert it as a string // Simple Xml is buggy on PHP < 5.4. The [ array -> json_encode -> json_decode ] workaround seems to be the most used one. // @see: http://php.net/manual/de/book.simplexml.php#105330 (top comment on PHP doc for simplexml) $this->config = json_decode(json_encode((array) simplexml_load_string($sXMLConfigFile), 1)); // If developers want to test asset manager with debug mode on self::$use_asset_manager = isset($this->config->engine->use_asset_manager_in_debug_mode) ? $this->config->engine->use_asset_manager_in_debug_mode == 'true' : 'false'; $this->defineConstants(); // Define the (still) necessary constants $this->registerStylesAndScripts(); // Register all CSS and JS libxml_disable_entity_loader($bOldEntityLoaderState); // Put back entity loader to its original state, to avoid contagion to other applications on the server return $this; }