function sendMailTrackback($my_trackback)
{
global $PIVOTX;
$cat_weblogs = $PIVOTX['weblogs']->getWeblogsWithCat($PIVOTX['db']->entry['category']);
$addr_arr = array();
// Using the same settings as for comments
foreach ($cat_weblogs as $this_weblog) {
if ($PIVOTX['weblogs']->get($this_weblog, 'comment_sendmail') == 1) {
$addr_arr = array_merge($addr_arr, explode(",", $PIVOTX['weblogs']->get($this_weblog, 'comment_emailto')));
}
}
// make a nice title for the mail..
if (strlen($PIVOTX['db']->entry['title']) > 2) {
$title = $PIVOTX['db']->entry['title'];
$title = strip_tags($title);
} else {
$title = substr($PIVOTX['db']->entry['introduction'], 0, 300);
$title = strip_tags($title);
$title = str_replace("\n", "", $title);
$title = str_replace("\r", "", $title);
$title = substr($title, 0, 60);
}
$title = i18n_str_to_utf8($title);
// maybe send some mail to authors..
if (count($addr_arr) > 0) {
$adminurl = $PIVOTX['paths']['host'] . makeAdminPageLink();
$id = formatDate($my_trackback["date"], "%ye%%month%%day%%hour24%%minute%");
$editlink = $adminurl . "?page=trackbacks&uid=" . $PIVOTX['db']->entry['code'];
/*
$blocklink = $adminurl."menu=entries&func=edittracks&id=". $PIVOTX['db']->entry['code'].
"&blocksingle=".$my_trackback['ip'];
*/
$body = sprintf(__('"%s" posted the following trackback') . ":", unentify($my_trackback['name']));
$body .= sprintf("\n\n-------------\n");
$body .= sprintf(__('Title') . ": %s\n", $my_trackback['title']);
$body .= sprintf(__('URL') . ": %s\n", $my_trackback['url']);
$body .= sprintf(__('Excerpt') . ":\n%s", unentify($my_trackback['excerpt']));
$body .= sprintf("\n-------------\n");
$body .= sprintf(__('IP-address') . ": %s\n", $my_trackback['ip']);
$body .= sprintf(__('Date') . ": %s\n", $my_trackback['date']);
$body .= sprintf("\n" . __('This is a trackback on entry "%s"') . "\n", $title);
$body .= sprintf("-------------\n");
$body .= sprintf("%s:\n%s%s\n", __('View this entry'), $PIVOTX['paths']['host'], makeFileLink($PIVOTX['db']->entry, "", ""));
$body .= sprintf("\n%s:\n%s\n", __('Edit this trackback'), $editlink);
//$body.=sprintf("\n%s:\n%s\n", __('Block this IP'), $blocklink );
$body = i18n_str_to_utf8($body);
// pivotxMail encodes the subject and adds the needed headers for UTF-8
$subject = sprintf(__('New trackback on entry "%s"'), $title);
$addr_arr = array_unique($addr_arr);
foreach ($addr_arr as $addr) {
$addr = trim($addr);
if (pivotxMail($addr, $subject, $body, $add_header)) {
debug("Sent Mail to {$addr} for '" . $my_trackback['name'] . "'");
} else {
debug("Failed sending mail to {$addr} for '" . $my_trackback['name'] . "'");
break;
}
}
}
}
/**
* Check for common misconfigurations, filerights, and whatnot.
*
*/
function checkWarnings()
{
global $minrequiredphp, $dbversion, $PIVOTX;
$this->filelist = array();
// Check if there are any hooks to execute..
$PIVOTX['extensions']->executeHook('before_checkwarnings', $dummy);
// We should only check these warnings when logged in.. Whilst displaying
// them isn't a direct security problem, we should be careful about
// giving Teh scr1ptk1ddi3zz any pointers.
if (!$PIVOTX['session']->isLoggedIn()) {
return;
}
if ($PIVOTX['config']->get('dont_check_filerights') != 1) {
// Check files in pivotx/db/
$this->_checkFilerights($PIVOTX['paths']['db_path'], "db/", false);
if (!empty($this->filelist)) {
$this->_makeFileWarning("db/");
}
// Check files in pivotx/templates/
$this->_checkFilerights($PIVOTX['paths']['templates_path'], "templates/", true);
if (!empty($this->filelist)) {
$this->_makeFileWarning("templates/");
}
// Check files in pivotx/images/
$this->_checkFilerights($PIVOTX['paths']['upload_base_path'], basename($PIVOTX['paths']['upload_base_path']) . "/", true);
if (!empty($this->filelist)) {
$this->_makeFileWarning(basename($PIVOTX['paths']['upload_base_path']) . "/");
}
}
// Check minimum PHP version.
if (!checkVersion(phpversion(), $minrequiredphp)) {
$thiswarning = sprintf(__("The current version of PHP on the server is %s, which is an older version than PivotX requires (%s). PivotX will most likely not work correctly, until the server is updated to a newer version."), phpversion(), $minrequiredphp);
$this->warnings[] = "<p>" . $thiswarning . "</p>";
}
// Check Safe Mode
if (ini_get('safe_mode') && !$PIVOTX['config']->get('ignore_safe_mode')) {
$thiswarning = __("This webserver has safe_mode enabled. This doesn't actually make things any 'safer', just more annoying. Please ask your hosting provider to turn it off. See the documentation for more info: <a href='http://docs.pivotx.net/doku.php?id=dealing_with_safe_mode'>Dealing with safe_mode</a>.");
$this->warnings[] = "<p>" . $thiswarning . "</p>";
}
// Check PivotX Setup
if ((file_exists($PIVOTX['paths']['pivotx_path'] . '../pivotx-setup-safemode.php') || file_exists($PIVOTX['paths']['pivotx_path'] . '../pivotx-setup.php')) && !$PIVOTX['config']->get('ignore_setupscript')) {
$thiswarning = __('The PivotX installer script "pivotx-setup.php" is still present in the parent folder. You should be aware that this is a potential security risk. We advise you to remove it, or to set an empty password inside it, so that it can\'t be executed by people with bad intentions.');
$this->warnings[] = "<p>" . $thiswarning . "</p>";
}
// Check (old) Pivot Setup - message can't be ignored
if (file_exists($PIVOTX['paths']['pivotx_path'] . '../pivot-setup-safemode.php') || file_exists($PIVOTX['paths']['pivotx_path'] . '../pivot-setup.php')) {
$thiswarning = __('The old Pivot installer script "pivot-setup.php" is still present in the parent folder. Please remove it immediately since it\'s not used for PivotX and it is a potential security risk.');
$this->warnings[] = "<p>" . $thiswarning . "</p>";
}
// Check for erroneous 'canonical_host', but only if we actually use it.
// The check can definitely be improved ...
if ($PIVOTX['config']->get('dont_add_canonical') == 0) {
$canonical_host = $PIVOTX['config']->get('canonical_host');
if ($canonical_host != $PIVOTX['paths']['host']) {
$thiswarning = __("You are currently logged in at a different host than your canonical host. " . "If <strong>%s</strong> isn't the canonical host you want, change it on the %s screen.");
$link = '<a href="' . makeAdminPageLink('advconfiguration') . '">' . __('Advanced Configuration') . '</a>';
$thiswarning = sprintf($thiswarning, $canonical_host, $link);
$this->warnings[] = "<p>" . $thiswarning . "</p>";
}
}
// Check for 'preferred_admin_location'.
if ($PIVOTX['config']->get('preferred_admin_location')) {
$request_url = (empty($_SERVER['HTTPS']) ? "http://" : "https://") . $_SERVER['HTTP_HOST'] . str_replace("/index.php", "/", $_SERVER['REQUEST_URI']);
$request = parse_url(stripTrailingSlash($request_url));
$preferred_url = str_replace("/index.php", "/", $PIVOTX['config']->get('preferred_admin_location'));
$preferred = parse_url(stripTrailingSlash($preferred_url));
if (empty($preferred['scheme'])) {
$preferred['scheme'] = "http";
}
if ($request['scheme'] != $preferred['scheme'] || $request['host'] != $preferred['host'] || $request['path'] != $preferred['path']) {
$thiswarning = __("You are currently logged in at a different location than the preferred one. This might cause problems with wrongly calculated links. Please click here to go to the correct location:");
$thiswarning .= sprintf(" <a href='%s://%s%s/'>%s%s/</a>", $preferred['scheme'], $preferred['host'], $preferred['path'], $preferred['host'], $preferred['path']);
$this->warnings[] = "<p>" . $thiswarning . "</p>";
}
}
/* -- Commented this out for now. Takes up to two seconds for some servers,
-- Which is very bad, considering it's called every time on the dashboard page.
-- Perhaps move this check to scheduler.php?
// Check if we have 'mod rewrite' enabled, but no .htaccess
if( ($PIVOTX['config']->get('mod_rewrite')>0) && (!$PIVOTX['config']->get('ignore_modrewrite_check')) && function_exists('get_headers') ) {
// Get the headers for a web page that we know always exists
$url = $PIVOTX['paths']['host'].$PIVOTX['paths']['site_url']."search/modrewritecheck";
$headers = get_headers($url);
// $headers[0] should look like 'HTTP/1.1 200 OK', else give warning
if (strpos($headers[0], "200 OK")===false) {
$thiswarning = __('\'Mod rewrite\' is enabled, but it seems like the webserver is not set up correctly to serve pages with non-crufty URLs. You should copy the <tt>example.htaccess</tt> from the PivotX distribution to <tt>.htaccess</tt>. Until you\'ve done this, most pages on your site will give a 404-not-found error.');
$this->warnings[] = "<p>". $thiswarning ."</p>";
}
} */
// Check if magic_quotes_runtime is enabled - Warning is commented out for now
// because we _should_ be able to handle both cases transparently for the user.
//if( get_magic_quotes_runtime() && (!$PIVOTX['config']->get('ignore_magic_quotes')) {
// $thiswarning = __('Your server has a PHP option set that\'s called "Magic quotes" enabled. This might cause PivotX to run sub-optimally. Look on <a href="http://docs.pivotx.net/doku.php?id=servers_with_magic_quotes">this page</a> to remedy the situation.');
// $this->warnings[] = "<p>". $thiswarning ."</p>";
//}
/**
* Commented this out. since PivotX doesn't need to write files in a higher
* dir than pivotx/, there is no problem with open_basedir..
*/
// Check Open Basedir
// if( ini_get('open_basedir') ) {
// $thiswarning = __("This webserver has open_basedir enabled. You'll have a hard time running PivotX in the current configuration. Please ask your hosting provider to turn it off. See the documentation for more info: <a href='http://docs.pivotx.net/doku.php?id=dealing_with_safe_mode'>Dealing with safe_mode</a>.");
// $this->warnings[] = "<p>". $thiswarning ."</p>";
// }
// Check Register Globals
if (ini_get('register_globals') && !$PIVOTX['config']->get('ignore_register_globals')) {
$thiswarning = __("This webserver has register_globals enabled. This is a serious potential security issue. Please ask your hosting provider to turn it off. See the PHP documentation for more info: <a href='http://php.net/register_globals'>Register Globals</a>.");
$this->warnings[] = "<p>" . $thiswarning . "</p>";
}
$user = $PIVOTX['users']->getUser($PIVOTX['session']->currentUsername());
// Check if the password is properly salted.
if ($user['salt'] == "") {
$thiswarning = __("Your password is not fully encrypted yet. Please go to %myinfo%, and set your password again.");
$link = sprintf("<a href=\"index.php?page=myinfo\">%s</a>", __("My Info"));
$thiswarning = str_replace('%myinfo%', $link, $thiswarning);
$this->warnings[] = "<p>" . $thiswarning . "</p>";
}
// Check if there are any hooks to execute..
$PIVOTX['extensions']->executeHook('after_checkwarnings', $dummy);
}
function sendMailComment($temp_comment, $notifications = '')
{
global $PIVOTX;
$cat_weblogs = $PIVOTX['weblogs']->getWeblogsWithCat($PIVOTX['db']->entry['category']);
$addr_arr = array();
foreach ($cat_weblogs as $this_weblog) {
if ($PIVOTX['weblogs']->get($this_weblog, 'comment_sendmail') == 1) {
$addr_arr = array_merge($addr_arr, explode(",", $PIVOTX['weblogs']->get($this_weblog, 'comment_emailto')));
}
}
// make a nice title for the mail..
if (strlen($PIVOTX['db']->entry['title']) > 2) {
$title = $PIVOTX['db']->entry['title'];
$title = strip_tags($title);
} else {
$title = substr($PIVOTX['db']->entry['introduction'], 0, 300);
$title = strip_tags($title);
$title = str_replace("\n", "", $title);
$title = str_replace("\r", "", $title);
$title = substr($title, 0, 60);
}
$title = i18n_str_to_utf8($title);
// maybe send some mail to authors..
if (count($addr_arr) > 0) {
$adminurl = $PIVOTX['paths']['host'] . makeAdminPageLink();
$id = safeString($temp_comment["name"], TRUE) . "-" . formatDate($temp_comment["date"], "%ye%%month%%day%%hour24%%minute%");
$editlink = $adminurl . "?page=comments&uid=" . $PIVOTX['db']->entry['code'];
$approvelink = $adminurl . "?page=comments";
//$deletelink = $adminurl."menu=moderate_comments&".urlencode($id)."=2";
//$blocklink = $adminurl."menu=entries&func=editcomments&id=". $PIVOTX['db']->entry['code']."&blocksingle=".$temp_comment['ip'];
$comment = $temp_comment['comment'];
// $comment = unentify($comment);
$body = sprintf(__('"%s" posted the following comment') . ":\n\n", unentify($temp_comment['name']));
$body .= sprintf("%s", $comment);
$body .= sprintf("\n\n-------------\n\n");
$body .= sprintf(__('Name') . ": %s\n", unentify($temp_comment['name']));
$body .= sprintf(__('IP-address') . ": %s\n", $temp_comment['ip']);
$body .= sprintf(__('Date') . ": %s\n", $temp_comment['date']);
$body .= trim(sprintf(__('Email') . ": %s", $temp_comment['email'])) . "\n";
$body .= trim(sprintf(__('URL') . ": %s\n", $temp_comment['url'])) . "\n";
$body .= sprintf("\n" . __('This is a comment on entry "%s"') . "\n", $title);
$body .= $notifications;
$body .= sprintf("\n-------------\n\n");
if ($PIVOTX['config']->get('moderate_comments') == 1) {
$body .= sprintf(__('Moderate this comment') . ":\n%s\n", $approvelink);
// $body.=sprintf("\n".__('Delete this comment').":\n%s\n", $deletelink);
}
$body .= sprintf("\n%s:\n%s%s\n", __('View this entry'), $PIVOTX['paths']['host'], makeFileLink($PIVOTX['db']->entry, "", ""));
$body .= sprintf("\n%s:\n%s%s\n", __('View this comment'), $PIVOTX['paths']['host'], makeFileLink($PIVOTX['db']->entry, "", $id));
$body .= sprintf("\n%s:\n%s\n", __('Edit this comment'), $editlink);
//$body.=sprintf("\n%s:\n%s\n", __('Block this IP'), $blocklink );
$body = i18n_str_to_utf8($body);
// pivotxMail encodes the subject and adds the needed headers for UTF-8
$subject = sprintf(__('New comment on entry "%s"'), $title);
$addr_arr = array_unique($addr_arr);
foreach ($addr_arr as $addr) {
$addr = trim($addr);
if (pivotxMail($addr, $subject, $body, $add_header)) {
debug("Sent Mail to {$addr} for '" . $temp_comment['name'] . "'");
} else {
debug("Failed sending mail to {$addr} for '" . $temp_comment['name'] . "'");
break;
}
}
}
}
/**
* Organize a single menu level of the menu structure
*
* - sorts the level
* - applies user-level restrictions
* - converts uri's to href's
* - removes 'disabled' items
* - create 'have_menu' booleans for menu's with subs
*
* @param array $in menu level (and subs)
& @param array $currentuserlevel
*/
function organizeMenuLevel($in, $currentuserlevel, $path = false, $level = 0)
{
$out = array();
if (!is_array($path)) {
$path = array();
}
foreach ($in as $item) {
if (isset($item['level']) && $currentuserlevel < $item['level']) {
continue;
}
if (isset($item['disabled']) && $item['disabled']) {
continue;
}
if (!isset($item['href'])) {
if ($item['uri'] == 'dashboard') {
$item['href'] = makeAdminPageLink();
} else {
$item['href'] = makeAdminPageLink($item['uri']);
}
}
if (!isset($item['is_divider'])) {
$item['is_divider'] = false;
}
$all_pages = array();
if (isset($item['uri'])) {
$all_pages[] = $item['uri'];
}
if (isset($item['menu']) && count($item['menu']) > 0) {
$item['have_menu'] = true;
$item['menu'] = organizeMenuLevel($item['menu'], $currentuserlevel, $item['path'], $level + 1);
foreach ($item['menu'] as $i2) {
if (isset($i2['uri'])) {
$all_pages[] = $i2['uri'];
}
if (isset($i2['all_pages']) && is_array($i2['all_pages'])) {
$all_pages = array_merge($all_pages, $i2['all_pages']);
}
}
} else {
$item['have_menu'] = false;
}
$item['all_pages'] = $all_pages;
$out[] = $item;
}
$highest_sortorder = 1;
foreach ($out as $item) {
if (!isset($item['sortorder']) && $item['sortorder'] > $highest_sortorder) {
$highest_sortorder = $item['sortorder'];
}
}
for ($i = 0; $i < count($out); $i++) {
if (!isset($out[$i]['sortorder'])) {
$out[$i]['sortorder'] = $highest_sortorder++;
}
}
usort($out, 'compareMenuItem');
return $out;
}
/**
* Display extension documentation using Textile or Markdown.
*/
function pageDocumentation()
{
global $PIVOTX;
// Get the filename, extension (markdown or textile) and type (summary or other)
$filename = $PIVOTX['paths']['extensions_path'] . $_GET['file'];
$basename = makeAdminPageLink('documentation') . "&file=" . dirname($_GET['file']);
$extension = strtolower(getExtension($filename));
list($type, $dummy) = explode(".", basename($filename));
if (!file_exists($filename) || $extension != "textile" && $extension != "markdown") {
echo "Not a valid filename";
die;
}
$source = file_get_contents($filename);
if ($extension == "markdown") {
$html = pivotxMarkdown($source);
} else {
$html = pivotxTextile($source);
}
// Find the fist <h1>, to use as title.. But, only for full docs..
if ($type != "summary") {
preg_match_all('/<h1>(.*)<\\/h1>/i', $html, $match);
if (!empty($match[1][0])) {
$PIVOTX['template']->assign('title', strip_tags($match[1][0]));
}
}
// Find links to other pages in the docs, and rewrite them, so that they're parsed into correct links
$html = preg_replace('/a href="([a-z0-9_-]*)\\.(markdown|textile)"/', 'a href="' . $basename . '/\\1.\\2"', $html);
$PIVOTX['template']->assign('html', $html);
// Check for 'toc.markdown' or 'toc.textile', and insert those, if present..
$tocfilename = dirname($filename) . "/toc." . $extension;
if (file_exists($tocfilename)) {
$toc = file_get_contents($tocfilename);
if ($extension == "markdown") {
$tochtml = pivotxMarkdown($toc);
} else {
$tochtml = pivotxTextile($toc);
}
// Find links to other pages in the docs, and rewrite them, so that they're parsed into correct links
$tochtml = preg_replace('/a href="([a-z0-9_-]*)\\.(markdown|textile)"/', 'a href="' . $basename . '/\\1.\\2"', $tochtml);
$PIVOTX['template']->assign('toc', $tochtml);
}
renderTemplate('documentation.tpl');
}
/**
* Helper function for __scanFile, to check if the extension has any
* documentation.
*
* @param array $info
* @return string
* @see Extensions::__scanFile
*/
function __scanDocumentation($info, $title)
{
global $PIVOTX;
$title = htmlspecialchars($title, ENT_QUOTES, "UTF-8");
$docdir = dirname($PIVOTX['paths']['extensions_path'] . $info['file']) . '/docs/';
if (file_exists($docdir)) {
$docurl = str_replace($PIVOTX['paths']['extensions_path'], $PIVOTX['paths']['extensions_url'], $docdir);
$pageurl = makeAdminPageLink('documentation');
if (file_exists($docdir . 'summary.markdown')) {
$info['description'] .= ' [<a href="' . $pageurl . '&file=' . basename(dirname($docurl)) . '/docs/summary.markdown" class="dialog editor" title="' . $title . '">' . __('quick docs') . '</a>]';
} else {
if (file_exists($docdir . 'summary.textile')) {
$info['description'] .= ' [<a href="' . $pageurl . '&file=' . basename(dirname($docurl)) . '/docs/summary.textile" class="dialog editor" title="' . $title . '">' . __('quick docs') . '</a>]';
} else {
if (file_exists($docdir . 'summary.html')) {
$info['description'] .= ' [<a href="' . $docurl . 'summary.html" class="dialog editor" title="' . $title . '">' . __('quick docs') . '</a>]';
}
}
}
if (file_exists($docdir . 'index.markdown')) {
$info['description'] .= ' [<a href="' . $pageurl . '&file=' . basename(dirname($docurl)) . '/docs/index.markdown" target="_blank" title="' . $title . '">' . __('full docs') . '</a>]';
} else {
if (file_exists($docdir . 'index.textile')) {
$info['description'] .= ' [<a href="' . $pageurl . '&file=' . basename(dirname($docurl)) . '/docs/index.textile" target="_blank" title="' . $title . '">' . __('full docs') . '</a>]';
} else {
if (file_exists($docdir . 'index.html')) {
$info['description'] .= ' [<a href="' . $docurl . 'index.html" target="_blank" title="' . $title . '">' . __('full docs') . '</a>]';
}
}
}
}
return $info['description'];
}
