function capa_global_page() { // Check if POST isnt empty $_POST ? capa_handle_action() : NULL; $private_message = capa_protect::get_private_message(); echo '<div class="wrap">'; // For WP < 27 echo function_exists('screen_icon') ? screen_icon('options-general') : NULL; echo '<h2 style="margin-bottom:15px;">' . __('CaPa » General settings', 'capa') . '<br><span class="description">' . __('These settings define the display of the CaPa protected content on your blog.', 'capa') . '</span></h2>'; echo '<form name="capa_protect" method="post">'; wp_nonce_field('update-options'); // -------------------------------------------------------------- echo ' <table class="form-table capa-form-table"> <tr> <th scope="row">' . __('Page display', 'capa') . '</th> <td> <label> <input name="capa_protect_show_private_pages" type="checkbox" onClick="capa_enable_disable_form_elements()"' . (get_option('capa_protect_show_private_pages') ? " checked" : "") . '> ' . __('Show protected pages', 'capa') . ' </label> <br> <span class="description" style="margin-left:10px;">' . __('Checking this option will show links to all the pages.', 'capa') . '</span> <br> <div style="margin-left:10px;"> </div> </td> </tr> <tr> <th scope="row">' . __('The Category List', 'capa') . '</th> <td> <label> <input name="capa_protect_show_private_categories" type="checkbox" onClick="capa_enable_disable_form_elements()"' . (get_option('capa_protect_show_private_categories') ? " checked" : "") . '> ' . __('Show private categories', 'capa') . ' </label> <br> <span class="description" style="margin-left:10px;">' . __('Checking this option will show links to all the Categories.', 'capa') . '</span> <br> <label id="capa_protect_show_padlock_on_private_categories"> <input name="capa_protect_show_padlock_on_private_categories" type="checkbox" ' . (get_option('capa_protect_show_padlock_on_private_categories') ? " checked" : "") . '> ' . __('Show a padlock icon next to private categories', 'capa') . ' </label> </td> </tr> <tr valign="top"> <th scope="row">' . __('Posts and pages display.', 'capa') . ' <br> <span class="description">' . __('How do you want to display a protected post or page?', 'capa') . '</span> </th> <td> <label> <input type="radio" name="capa_protect_post_policy" onClick="capa_enable_disable_form_elements()" value="hide" ' . (get_option('capa_protect_post_policy') == 'hide' || get_option('capa_protect_post_policy') == false && get_option('capa_protect_show_private_message') == false ? ' checked' : '') . '> ' . __('Hide everything', 'capa') . ' </label> <br> <label> <input type="radio" name="capa_protect_post_policy" onClick="capa_enable_disable_form_elements()" value="show message"' . (get_option('capa_protect_post_policy') == 'show message' || get_option('capa_protect_show_private_message') == true ? ' checked' : '') . '> ' . __('Show everything', 'capa') . ' </label> <br> <label> <input type="radio" name="capa_protect_post_policy" onClick="capa_enable_disable_form_elements()" value="show title"' . (get_option('capa_protect_post_policy') == 'show title' ? ' checked' : '') . '> ' . __('Show title and the private message as content', 'capa') . ' </label> </td> </tr> <tr> <th scope="row">' . __('The private message', 'capa') . '</th> <td> <label for="capa_protect_private_message" id="capa_protect_private_message"> <input name="capa_protect_private_message" type="text" size="70"' . ' value="' . $private_message . '" /> </label> </td> </tr> <tr> <th scope="row">' . __('The Comments', 'capa') . '</th> <td style="padding-left:20px;"> <h4 style="margin: 5px 0px 10px -10px;">' . __('Public & Allowed Comments', 'capa') . ':</h4> <label> <input type="radio" name="capa_protect_comment_policy" onClick="capa_enable_disable_form_elements()" value="hide"' . (get_option('capa_protect_comment_policy') == 'hide' || get_option('capa_protect_comment_policy') == false ? ' checked' : '') . '> ' . __('Hide all comments.', 'capa') . ' </label> <br> <label> <input type="radio" name="capa_protect_comment_policy" onClick="capa_enable_disable_form_elements()" value="show name"' . (get_option('capa_protect_comment_policy') == 'show name' ? ' checked' : '') . '> ' . __('Show Author, but the private message for the content.', 'capa') . ' </label> <br> <label> <input type="radio" name="capa_protect_comment_policy" onClick="capa_enable_disable_form_elements()" value="show message"' . (get_option('capa_protect_comment_policy') == 'show message' ? ' checked' : '') . '> ' . __('Show content, but no author.', 'capa') . ' </label> <br> <label> <input type="radio" name="capa_protect_comment_policy" onClick="capa_enable_disable_form_elements()" value="all"' . (get_option('capa_protect_comment_policy') == 'all' ? ' checked' : '') . '> ' . __('Show everything.', 'capa') . ' </label> <h4 style="margin: 15px 0px 10px -10px;">' . __('Private Comments', 'capa') . ':</h4> <label> <input name="capa_protect_show_comment_on_private_posts" type="checkbox" value="1" ' . (get_option('capa_protect_show_comment_on_private_posts') ? " checked" : "") . '> ' . __('Use the Settings for comments from protected Posts.', 'capa') . ' </label> </td> </tr> <tr> <th scope="row">' . __('The Media Library', 'capa') . '</th> <td> <label> <input name="capa_protect_show_only_allowed_attachments" type="checkbox" onClick="capa_enable_disable_form_elements()" ' . (get_option('capa_protect_show_only_allowed_attachments') ? " checked" : "") . '> ' . __('Show only allowed Attachments', 'capa') . ' </label> <br> <span class="description" style="margin-left:10px;">' . __('Checking this option shows only attachments which were uploaded (not inserted) in posts from allowed categories', 'capa') . '</span> <br> <label id="capa_protect_show_unattached_files"> <input name="capa_protect_show_unattached_files" type="checkbox" ' . (get_option('capa_protect_show_unattached_files') ? " checked" : "") . '> ' . __('Show unattached files', 'capa') . ' </label> </td> </tr> <tr> <th scope="row">' . __('Miscellaneous', 'capa') . '</th> <td> <label> <input type="checkbox" name="capa_protect_keep_options" value="on"' . (get_option('capa_protect_keep_options') == '1' ? ' checked' : '') . '> ' . __('Keep CaPa Settings', 'capa') . ' </label><br> <span class="description" style="margin-left:10px;">' . __('In Case CaPa is disabled but you wanna keep the Settings.', 'capa') . '</span> </td> </tr> </table> '; echo ' <p class="submit" style="float:left; margin-right:10px;"> <button type="submit" name="submit" class="button-primary" value="Update general settings" >' . __('Update general settings', 'capa') . '</button> </p> <p class="submit"> <button type="submit" name="submit" class="button-secondary" value="reset defaults" >' . __('Reset defaults', 'capa') . '</button> </p> '; echo '<script type="text/javascript">capa_enable_disable_form_elements();</script>'; echo '</form>'; echo '</div>'; }
/** * Alternate diverse SQL Queries * * @uses $current_user * @uses $capa_protect_comment_policy * @uses $wpdb * * @uses capa_protect::filter_posts() * @uses capa_protect::get_valid_categories() * @uses capa_protect::get_valid_tags() * * @return string */ function filter_wpdb_query($param) { global $current_user; if ($current_user && isset($current_user->allcaps['manage_categories']) && !isset($current_user->caps['editor'])) { return $param; } global $wpdb, $capa_protect_comment_policy; // Code fuer WP < 3 if ((int) $GLOBALS['wp_version'] != '3') { // SQLFILTER::function _wp_get_comment_list # FROM $wpdb->comments USE INDEX (comment_date_gmt) WHERE if (strpos($param, "FROM {$wpdb->comments} USE INDEX (comment_date_gmt) WHERE") !== FALSE) { if (strpos($param, 'WHERE') !== FALSE && strpos(substr($param, strpos($param, 'WHERE')), 'comment_post_ID') === FALSE) { // In Case Public/Allowed Comments are hidden if ($capa_protect_comment_policy == 'hide') { $allow_posts = ' comment_post_ID IN (0) AND'; } else { $allow_posts = capa_protect::filter_posts(); $allow_posts = str_replace('AND ID', ' comment_post_ID', $allow_posts) . " AND"; } $param = str_replace('WHERE', 'WHERE' . $allow_posts, $param); return $param; } } // SQLFILTER::function wp_count_terms # SELECT COUNT(*) # FROM $wpdb->term_taxonomy WHERE taxonomy = %s if (strpos($param, "SELECT COUNT(*) FROM {$wpdb->term_taxonomy} WHERE taxonomy") !== FALSE) { $taxo = substr($param, strpos($param, 'taxonomy =') + 12, -2); switch ($taxo) { case 'category': if (strpos($param, 'term_taxonomy_id') === FALSE) { $disallow_cat = capa_protect::get_value_categories(FALSE); $param .= ' AND term_taxonomy_id NOT IN (' . implode(',', $disallow_cat) . ')'; } break; case 'post_tag': if (strpos($param, 'term_taxonomy_id') === FALSE) { $allow_tags = capa_protect::get_value_tags(); $param .= ' AND term_taxonomy_id IN (' . implode(',', $allow_tags) . ') '; } break; } return $param; } // SQLFILTER::function wp_dashboard_recent_comments // Code von WP < 3 # SELECT * # FROM $wpdb->comments # ORDER BY comment_date_gmt DESC LIMIT $start, 50 if (strpos($param, "SELECT * FROM {$wpdb->comments} ORDER BY comment_date_gmt DESC LIMIT") !== FALSE) { if (strpos($param, 'ORDER') !== FALSE && strpos(substr($param, strpos($param, 'WHERE')), 'comment_post_ID') === FALSE) { // In Case Public/Allowed Comments are hidden if ($capa_protect_comment_policy == 'hide') { $allow_posts = ' comment_post_ID IN (0)'; } else { $allow_posts = capa_protect::filter_posts(); $allow_posts = str_replace('AND ID', ' comment_post_ID', $allow_posts); } $param = str_replace('ORDER', 'WHERE ' . $allow_posts . ' ORDER', $param); } return $param; } } // SQLFILTER::function _wp_get_comment_list # SELECT * # FROM $wpdb->comments c # LEFT JOIN $wpdb->posts p ON c.comment_post_ID = p.ID # WHERE p.post_status != 'trash' if (strpos($param, " FROM {$wpdb->comments} c LEFT JOIN {$wpdb->posts} p ON c.comment_post_ID = p.ID") !== FALSE) { if (strpos($param, 'WHERE') !== FALSE && strpos(substr($param, strpos($param, 'WHERE')), 'comment_post_ID') === FALSE) { // In Case Public/Allowed Comments are hidden if ($capa_protect_comment_policy == 'hide') { $allow_posts = ' comment_post_ID IN (0) AND'; } else { $allow_posts = capa_protect::filter_posts(); $allow_posts = str_replace('AND ID', ' comment_post_ID', $allow_posts) . " AND"; } $param = str_replace('WHERE', 'WHERE' . $allow_posts, $param); } } // SQLFILTER::function wp_count_comments # SELECT comment_approved, COUNT( * ) AS num_comments # FROM sm_blog_comments # GROUP BY comment_approved if (strpos($param, 'SELECT comment_approved, COUNT') !== FALSE && strpos($param, 'WHERE') === FALSE) { if ($capa_protect_comment_policy == 'hide') { $allow_posts = ' WHERE comment_post_ID IN (0) '; } else { $allow_posts = capa_protect::filter_posts(); $allow_posts = str_replace('AND ID', ' WHERE comment_post_ID', $allow_posts) . " "; } $param = str_replace('FROM ' . $wpdb->comments, 'FROM ' . $wpdb->comments . ' ' . $allow_posts, $param); } // SQLFILTER::function wp_get_recent_posts # SELECT * # FROM $wpdb->posts # WHERE post_type = 'post' AND post_status IN ( 'draft', 'publish', 'future', 'pending', 'private' ) ORDER BY post_date DESC $limit if (strpos($param, "SELECT * FROM {$wpdb->posts} WHERE post_type = 'post' AND post_status IN ( 'draft', 'publish', 'future', 'pending', 'private' ) ORDER BY post_date DESC") !== FALSE) { $recent_posts = substr($param, strpos($param, 'LIMIT ') + 6); $allow_posts = capa_protect::filter_posts(); $param = str_replace('AND post_status', $allow_posts . ' AND post_status', $param); return $param; } // SQLFILTER::function wp_count_attachments if (strpos($param, 'SELECT post_mime_type, COUNT( * ) AS num_posts') !== FALSE) { global $capa_protect_show_only_allowed_attachments; if (!$capa_protect_show_only_allowed_attachments) { return $param; } $allow_posts = capa_protect::filter_posts(); $allow_posts = str_replace('AND ID', ' AND post_parent', $allow_posts); $param = str_replace('AND post_status', $allow_posts . ' AND post_status', $param); return $param; } // SQLFILTER::function get_available_post_mime_types if (strpos($param, "SELECT DISTINCT post_mime_type FROM {$wpdb->posts} WHERE post_type = 'attachment'") !== FALSE) { global $capa_protect_show_only_allowed_attachments; if (!$capa_protect_show_only_allowed_attachments) { return $param; } $allow_posts = capa_protect::filter_posts(); $allow_posts = str_replace(' AND ID', ' AND post_parent', $allow_posts); $param = $param . $allow_posts; return $param; } // SQLFILTER::function wp_count_posts if (strpos($param, 'SELECT post_status, COUNT(') !== FALSE) { $allow_posts = capa_protect::filter_posts(); $allow_posts = str_replace('AND ID', ' ID', $allow_posts); $allow_posts != '' ? $allow_posts = $allow_posts . ' AND ' : NULL; if (strpos($param, 'WHERE') !== FALSE && strpos($param, 'ID') === FALSE) { $param = str_replace('WHERE', 'WHERE' . $allow_posts, $param); } return $param; } // SQLFILTER::function &get_terms ( case of count ) # SELECT COUNT(*) FROM $wpdb->terms AS t # INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id # WHERE tt.taxonomy IN (string) AND tt.term_taxonomy_id IN (int) // DEV if (!isset($GLOBALS['wp_filter']['list_terms_exclusions']) && strpos($param, "SELECT COUNT(*) FROM {$wpdb->terms} AS t INNER JOIN {$wpdb->term_taxonomy} AS tt ON t.term_id = tt.term_id WHERE") !== FALSE) { switch ($param) { case strpos($param, 'category') !== FALSE: if (strpos($param, 'term_taxonomy_id') === FALSE) { $disallow_cat = capa_protect::get_value_categories(FALSE); $param .= ' AND term_taxonomy_id NOT IN (' . implode(',', $disallow_cat) . ')'; } else { $disallow_cat = capa_protect::get_value_categories(TRUE); $param = str_replace('WHERE', 'WHERE tt.term_taxonomy_id IN (' . implode(',', $disallow_cat) . ') AND', $param); } break; case strpos($param, 'post_tag') !== FALSE: if (strpos($param, 'term_taxonomy_id') === FALSE) { $allow_tags = capa_protect::get_value_tags(); $param .= ' AND term_taxonomy_id IN (' . implode(',', $allow_tags) . ') '; } else { $allow_tags = capa_protect::get_value_tags(); $param = str_replace('WHERE', 'WHERE t.term_id IN (' . implode(',', $allow_tags) . ') AND', $param); } break; } return $param; } // SQLFILTER::function get_var ( case of unattached file count ) # SELECT COUNT( * ) FROM $wpdb->posts # WHERE post_type = 'attachment' AND post_status != 'trash' AND post_parent < 1 // DEV if (strpos($param, "SELECT COUNT( * ) FROM {$wpdb->posts} WHERE post_type = 'attachment' AND post_status != 'trash' AND post_parent < 1") !== FALSE) { global $capa_protect_show_unattached_files; if (!$capa_protect_show_unattached_files) { $param .= ' AND post_parent NOT IN (0)'; } } return $param; }