Exemple #1
0
function rss_theme_options_configure_overrides($theme, $media, $config_items)
{
    $action = null;
    if (isset($_REQUEST[CST_ADMIN_METAACTION])) {
        $action = $_REQUEST[CST_ADMIN_METAACTION];
    } else {
        if (isset($_REQUEST['action'])) {
            $action = $_REQUEST['action'];
        }
    }
    if (isset($_REQUEST['mediaparam']) && $media === sanitize($_REQUEST['mediaparam'], RSS_SANITIZER_CHARACTERS)) {
        if (array_key_exists(CST_ADMIN_CONFIRMED, $_POST) && $_POST[CST_ADMIN_CONFIRMED] == __('Yes')) {
            if (!array_key_exists('key', $_REQUEST)) {
                rss_error('Invalid config key specified.', RSS_ERROR_ERROR, true);
            } else {
                $key = sanitize($_REQUEST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL);
                rss_theme_delete_config_override_option($key, $theme, $media);
            }
            $action = null;
            //redirect to our theme's admin page
        } else {
            if (rss_theme_options_is_submit()) {
                switch ($action) {
                    case __('Submit Changes'):
                    case 'ACT_ADMIN_SUBMIT_CHANGES':
                        if (!array_key_exists('key', $_REQUEST)) {
                            rss_error('Invalid config key specified.', RSS_ERROR_ERROR, true);
                            break;
                        }
                        if (!array_key_exists('type', $_REQUEST)) {
                            rss_error('Invalid config type specified.', RSS_ERROR_ERROR, true);
                            break;
                        }
                        if (!array_key_exists('value', $_REQUEST)) {
                            rss_error('Invalid config value specified.', RSS_ERROR_ERROR, true);
                            break;
                        }
                        $key = sanitize($_REQUEST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL);
                        $type = sanitize($_POST['type'], RSS_SANITIZER_CHARACTERS);
                        $value = sanitize($_POST['value'], RSS_SANITIZER_SIMPLE_SQL);
                        if ($type == 'enum') {
                            $item = theme_options_fill_override_array($theme, $media, $config_items, $key);
                            if (count($item)) {
                                $arr = explode(',', $item['default_']);
                                $idx = array_pop($arr);
                                $newkey = -1;
                                foreach ($arr as $i => $val) {
                                    if ($val == $value) {
                                        $newkey = $i;
                                    }
                                }
                                reset($arr);
                                if ($newkey > -1) {
                                    array_push($arr, $newkey);
                                    rss_theme_set_config_override_option($key, implode(',', $arr), $theme, $media);
                                } else {
                                    rss_error("Oops, invalid value '{$value}' for this config key", RSS_ERROR_ERROR, true);
                                }
                            }
                        } else {
                            rss_theme_set_config_override_option($key, $value, $theme, $media);
                        }
                        break;
                    default:
                        rss_error('Invalid config action specified.', RSS_ERROR_ERROR, true);
                        break;
                }
                $action = null;
                //redirect to our theme's admin page
            }
        }
    }
    switch ($action) {
        case CST_ADMIN_DEFAULT_ACTION:
        case 'CST_ADMIN_DEFAULT_ACTION':
            if (isset($_REQUEST['mediaparam']) && $media === sanitize($_REQUEST['mediaparam'], RSS_SANITIZER_CHARACTERS)) {
                if (!array_key_exists('key', $_REQUEST)) {
                    rss_error('Invalid config key specified.', RSS_ERROR_ERROR, true);
                    break;
                }
                $key = sanitize($_REQUEST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL);
                $item = theme_options_fill_override_array($theme, $media, $config_items, $key);
                if (count($item)) {
                    extract($item);
                    config_default_form($key_, $type_, $default_, CST_ADMIN_DOMAIN_THEME_OPTIONS);
                    rss_theme_options_form_class('box');
                    rss_theme_options_rendered_buttons(true);
                }
            }
            break;
        case CST_ADMIN_EDIT_ACTION:
        case 'CST_ADMIN_EDIT_ACTION':
            if (isset($_REQUEST['mediaparam']) && $media === sanitize($_REQUEST['mediaparam'], RSS_SANITIZER_CHARACTERS)) {
                if (!array_key_exists('key', $_REQUEST)) {
                    rss_error('Invalid config key specified.', RSS_ERROR_ERROR, true);
                    break;
                }
                $key = sanitize($_REQUEST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL);
                $item = theme_options_fill_override_array($theme, $media, $config_items, $key);
                if (count($item)) {
                    extract($item);
                    $dummy = null;
                    config_edit_form($key_, $value_, $default_, $type_, $desc_, $export_, $dummy);
                }
            }
            break;
        default:
            $caption = "Configuration overrides";
            if (isset($media)) {
                $caption .= " for {$media} media";
            }
            config_table_header($caption);
            $cntr = 0;
            $items = theme_options_fill_override_array($theme, $media, $config_items);
            foreach ($items as $item) {
                config_table_row($item, $cntr++ % 2 == 0 ? "even" : "odd", CST_ADMIN_DOMAIN_THEME_OPTIONS, "&theme={$theme}&mediaparam={$media}");
            }
            config_table_footer();
            //no buttons here
            rss_theme_options_rendered_buttons(true);
            break;
    }
}
Exemple #2
0
function config_admin()
{
    $ret__ = CST_ADMIN_DOMAIN_CONFIG;
    if (isset($_REQUEST[CST_ADMIN_METAACTION])) {
        $action = $_REQUEST[CST_ADMIN_METAACTION];
    } else {
        $action = $_REQUEST['action'];
    }
    switch ($action) {
        case CST_ADMIN_DEFAULT_ACTION:
        case 'CST_ADMIN_DEFAULT_ACTION':
            if (!array_key_exists('key', $_REQUEST)) {
                rss_error(__('Invalid config key specified.'), RSS_ERROR_ERROR, true);
                break;
            }
            $key = sanitize($_REQUEST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL);
            $res = rss_query("select value_,default_,type_ from " . getTable('config') . " where key_='{$key}'");
            list($value, $default, $type) = rss_fetch_row($res);
            $value = real_strip_slashes($value);
            $default = real_strip_slashes($default);
            if ($value == $default) {
                rss_error(__("The value for '{$key}' is the same as its default value!"), RSS_ERROR_ERROR, true);
                break;
            }
            if (array_key_exists(CST_ADMIN_CONFIRMED, $_POST) && $_POST[CST_ADMIN_CONFIRMED] == __('Yes')) {
                rss_query("update " . getTable('config') . " set value_=default_ where key_='{$key}'");
                rss_invalidate_cache();
            } elseif (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST) && $_REQUEST[CST_ADMIN_CONFIRMED] == __('No')) {
                //nop
            } else {
                echo "<form class=\"box\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n";
                config_default_form($key, $type, $default, CST_ADMIN_DOMAIN_CONFIG);
                echo "</form>\n";
                $ret = CST_ADMIN_DOMAIN_NONE;
            }
            break;
        case CST_ADMIN_EDIT_ACTION:
        case 'CST_ADMIN_EDIT_ACTION':
            $key_ = sanitize($_REQUEST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL);
            $res = rss_query("select * from " . getTable('config') . " where key_ ='{$key_}'");
            list($key, $value, $default, $type, $desc, $export) = rss_fetch_row($res);
            echo "<div>\n";
            echo "\n\n<h2>Edit '{$key}'</h2>\n";
            echo "<form style=\"display:inline\" id=\"cfg\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n";
            $onclickaction = null;
            config_edit_form($key, $value, $default, $type, $desc, $export, $onclickaction);
            echo "<p style=\"display:inline\">\n";
            echo isset($preview) ? "<input type=\"submit\" name=\"action\" value=\"" . __('Preview') . "\"" . ($onclickaction ? " onclick=\"{$onclickaction}\"" : "") . " />\n" : "";
            echo "<input type=\"hidden\" name=\"" . CST_ADMIN_METAACTION . "\" value=\"ACT_ADMIN_SUBMIT_CHANGES\" />";
            echo "<input type=\"submit\" name=\"action\" value=\"" . __('Submit Changes') . "\"" . ($onclickaction ? " onclick=\"{$onclickaction}\"" : "") . " /><input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CONFIG . "\"/>\n</p></form>\n";
            echo "<form style=\"display:inline\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p style=\"display:inline\">\n<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CONFIG . "\"/>\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_METAACTION . "\" value=\"ACT_ADMIN_SUBMIT_CANCEL\" />" . "<input type=\"submit\" name=\"action\" value=\"" . __('Cancel') . "\"/></p></form>\n" . "\n\n</div>\n";
            $ret__ = CST_ADMIN_DOMAIN_NONE;
            break;
        case __('Preview'):
        case 'ACT_ADMIN_PREVIEW_CHANGES':
            rss_error('fixme: preview not yet implemented', RSS_ERROR_ERROR, true);
            break;
        case __('Submit Changes'):
        case 'ACT_ADMIN_SUBMIT_CHANGES':
            $key = sanitize($_POST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL);
            $type = sanitize($_POST['type'], RSS_SANITIZER_CHARACTERS);
            $value = sanitize($_POST['value'], RSS_SANITIZER_SIMPLE_SQL);
            // sanitizine routines for values
            switch ($key) {
                case 'rss.output.title':
                    $value = strip_tags($value);
                    break;
                case 'rss.config.robotsmeta':
                    $value = preg_replace('#[^a-zA-Z,\\s]#', '', $value);
                    break;
            }
            switch ($key) {
                case 'rss.input.allowed':
                    $ret = array();
                    $tmp = explode(' ', $value);
                    foreach ($tmp as $key__) {
                        if (preg_match('|^[a-zA-Z]+$|', $key__)) {
                            $ret[$key__] = array();
                        } else {
                            $tmp2 = array();
                            $attrs = explode(',', $key__);
                            $key__ = array_shift($attrs);
                            foreach ($attrs as $attr) {
                                $tmp2[$attr] = 1;
                            }
                            $ret[$key__] = $tmp2;
                        }
                    }
                    $sql = "update " . getTable('config') . " set value_='" . serialize($ret) . "' where key_='{$key}'";
                    break;
                case 'rss.output.lang':
                    $langs = getLanguages();
                    $codes = array_keys($langs);
                    $out_val = implode(',', $codes);
                    $cntr = 0;
                    $idx = "0";
                    foreach ($codes as $code) {
                        if ($code == $value) {
                            $idx = $cntr;
                        }
                        $cntr++;
                    }
                    $out_val .= ",{$idx}";
                    $sql = "update " . getTable('config') . " set value_='{$out_val}' where key_='{$key}'";
                    break;
                default:
                    switch ($type) {
                        case 'string':
                            $sql = "update " . getTable('config') . " set value_='{$value}' where key_='{$key}'";
                            break;
                        case 'num':
                            if (!is_numeric($value)) {
                                rss_error(__("Oops, I was expecting a numeric value, got '{$value}' instead!"), RSS_ERROR_ERROR, true);
                                break;
                            }
                            $sql = "update " . getTable('config') . " set value_='{$value}' where key_='{$key}'";
                            break;
                        case 'boolean':
                            if ($value != __('True') && $value != __('False')) {
                                rss_error(__("Oops, invalid value for {$key} : {$value}"), RSS_ERROR_ERROR, true);
                                break;
                            }
                            $sql = "update " . getTable('config') . " set value_='" . ($value == __('True') ? 'true' : 'false') . "'" . " where key_='{$key}'";
                            break;
                        case 'enum':
                            $res = rss_query("select value_ from " . getTable('config') . " where key_='{$key}'");
                            list($oldvalue) = rss_fetch_row($res);
                            if (strstr($oldvalue, $value) === FALSE) {
                                rss_error(__("Oops, invalid value '{$value}' for this config key"), RSS_ERROR_ERROR, true);
                                break;
                            }
                            $arr = explode(',', $oldvalue);
                            $idx = array_pop($arr);
                            $newkey = -1;
                            foreach ($arr as $i => $val) {
                                if ($val == $value) {
                                    $newkey = $i;
                                }
                            }
                            reset($arr);
                            if ($newkey > -1) {
                                array_push($arr, $newkey);
                                $sql = "update " . getTable('config') . " set value_='" . implode(',', $arr) . "'" . " where key_='{$key}'";
                            } else {
                                rss_error(__("Oops, invalid value '{$value}' for this config key"), RSS_ERROR_ERROR, true);
                            }
                            break;
                        default:
                            rss_error(__('Ooops, unknown config type: ') . $type, RSS_ERROR_ERROR, true);
                            //var_dump($_REQUEST);
                            break;
                    }
            }
            if (isset($sql)) {
                rss_query($sql);
                rss_invalidate_cache();
            }
            break;
        default:
            break;
    }
    return $ret__;
}