<div class="clear"></div>
<form name="contentForm" id="contentForm" method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<input type="hidden" name="view" value="<?php
echo $view;
?>
"/>
<input type="hidden" name="tab" value="<?php
echo $tab;
?>
"/>
<input type="hidden" name="action" value="controlcap"/>
<input type="hidden" name="cid" value="<?php
echo requestVar('cid');
?>
"/>
<?php
if ($tab != 'main') {
?>
<input type="hidden" name="newControl[Name]" value="<?php
echo validHtmlStr($newControl['Name']);
?>
"/>
<input type="hidden" name="newControl[Type]" value="<?php
echo validHtmlStr($newControl['Type']);
?>
"/>
<input type="hidden" name="newControl[Protocol]" value="<?php
echo validHtmlStr($newControl['Protocol']);
function sb_log()
{
global $oPluginAdmin;
$startpos = requestVar('startpos') ? requestVar('startpos') : 0;
$filter = requestVar('filter') ? requestVar('filter') : 'all';
$filtertype = requestVar('filtertype') ? requestVar('filtertype') : 'all';
$ipp = requestVar('ipp') ? requestVar('ipp') : 10;
$keyword = requestVar('keyword');
$filterform = buildfilterform($filter, $filtertype, $keyword, $ipp);
$total = $oPluginAdmin->plugin->spambayes->nbs->countlogtable($filter, $filtertype, $keyword);
if ($filter == 'all') {
$htotal = $oPluginAdmin->plugin->spambayes->nbs->countlogtable('ham', $filtertype, $keyword);
$stotal = $oPluginAdmin->plugin->spambayes->nbs->countlogtable('spam', $filtertype, $keyword);
echo '<h2>Spam Bayesian: Log [total events: ' . $total . ' (ham: ' . $htotal . ' spam: ' . $stotal . ') ]</h2>';
} else {
echo '<h2>Spam Bayesian: Log [total ' . $filter . ' events: ' . $total . ']</h2>';
}
$res = $oPluginAdmin->plugin->spambayes->nbs->getlogtable($startpos, $filter, $filtertype, $keyword, $ipp);
$pager = buildpager($startpos, $total, $filter, $filtertype, $filterform, 'log', $keyword, $ipp);
if ($total % $ipp == 0) {
$ap = intval(floor($total / $ipp));
} else {
$ap = intval(floor($total / $ipp)) + 1;
}
$cp = intval($startpos + $ipp) / $ipp;
echo '<table>';
echo '<tr><th colspan="2">Page ' . $cp . ' of ' . $ap . '</th><td colspan="2">Browse: <form style="display:inline"><input type="text" size="3" name="ipp" value="' . $ipp . '" /> items per page. <input type="submit" value="Go" /><input type="hidden" name="amount" value="cp" /><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" /><input type="hidden" name="page" value="log" /></form>';
echo '<span style="text-align:right" class="batchoperations">';
if ($filter != 'all') {
echo ' type: <b>' . $filter . '</b>';
}
if ($filtertype != 'all') {
echo ' event: <b>' . $filtertype . '</b>';
}
if ($keyword > '') {
echo ' keyword: <b>' . $keyword . '</b>';
}
echo '</span></td></tr>';
echo $pager;
$extraaction = '&filter=' . $filter . '&filtertype=' . urlencode($filtertype) . '&startpos=' . $startpos . '&keyword=' . $keyword . '&ipp=' . $ipp;
echo '<tr><th>Date</th><th>event</th><th>content</th><th>action</th></tr><form>';
$i = 0;
while ($arr = mysql_fetch_array($res)) {
echo '<tr onmouseover="focusRow(this);" onmouseout="blurRow(this);"><td>' . $arr['logtime'] . '<br /><b>' . $arr['catcode'] . '</b></td><td>' . $arr['log'] . '</td><td><input id="batch' . $i . '" name="batch[' . $i . ']" value="' . $arr['id'] . '" type="checkbox"><label for="batch' . $i . '">' . htmlentities(str_replace('^^', ' ', $arr['content'])) . '</label></td>';
echo '<td><a href="' . $_SERVER['PHP_SELF'] . '?page=trainlog&catcode=ham&id=' . $arr['id'] . $extraaction . '"><nobr>train ham</nobr></a>';
echo ' <a href="' . $_SERVER['PHP_SELF'] . '?page=trainlog&catcode=spam&id=' . $arr['id'] . $extraaction . '"><nobr>train spam</nobr></a>';
echo '<br /><a href="' . $_SERVER['PHP_SELF'] . '?page=explain&id=' . $arr['id'] . $extraaction . '"><nobr>explain</nobr></a>';
if (strstr($arr['log'], 'itemid:')) {
echo '<br /><br /><a style="color:red" href="' . $_SERVER['PHP_SELF'] . '?page=promote&id=' . $arr['id'] . $extraaction . '"><nobr>publish</nobr></a>';
}
echo '</td>';
echo '</tr>';
$i++;
}
if (mysql_num_rows($res) == 0) {
echo '<tr><td colspan="4"><b>Eventlog is empty</b></td></tr>';
}
echo '<tr><td colspan="4"><div class="batchoperations">with selected:<select name="batchaction">';
echo '<option value="tspam">Train spam</option>';
echo '<option value="tham">Train ham</option>';
echo '<option value="delete">Delete</option></select><input name="page" value="batch" type="hidden">';
echo '<input type="hidden" name="ipp" value="' . $ipp . '"/><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" />';
echo '<input value="Submit" type="submit">(
<a href="" onclick="if (event && event.preventDefault) event.preventDefault(); return batchSelectAll(1); ">select all</a> -
<a href="" onclick="if (event && event.preventDefault) event.preventDefault(); return batchSelectAll(0); ">deselect all</a>
)
</div></td></tr></form>';
echo '<tr><td colspan="4"><div class="batchoperations"><form action="" method="get" style="display:inline"><input type="hidden" name="ipp" value="' . $ipp . '"/><input type="hidden" name="page" value="clearlog" /><input type="hidden" name="amount" value="cp" /><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" /><input type="submit" value="Clear first ' . $ipp . '" /></form> <form action="" method="get" style="display:inline"><input type="hidden" name="ipp" value="' . $ipp . '"/><input type="hidden" name="page" value="clearlog" /><input type="hidden" name="amount" value="cf" /><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" /><input type="submit" value="Clear current filtered logs" /></form> <form action="" method="get" style="display:inline"><input type="hidden" name="page" value="clearlog" /><input type="submit" value="Clear complete log" /></form></div></td></tr>';
echo '<tr><th colspan="2">Page ' . $cp . ' of ' . $ap . '</th><td colspan="2">Browse: <form style="display:inline"><input type="text" size="3" name="ipp" value="' . $ipp . '" /> items per page. <input type="submit" value="Go" /><input type="hidden" name="amount" value="cp" /><input type="hidden" name="filter" value="' . $filter . '" /><input type="hidden" name="filtertype" value="' . $filtertype . '" /><input type="hidden" name="keyword" value="' . $keyword . '" /><input type="hidden" name="page" value="log" /></form></td></tr>';
echo $pager;
echo '</table>';
}
echo buildSelect($selectName, $filterNames);
?>
<label for="<?php
echo $newSelectName;
?>
"><?php
echo translate('OrEnterNewName');
?>
</label><input type="text" size="32" id="<?php
echo $newSelectName;
?>
" name="<?php
echo $newSelectName;
?>
" value="<?php
echo requestVar('filterName');
?>
"/>
</p>
<?php
} else {
?>
<p>
<label for="<?php
echo $newSelectName;
?>
"><?php
echo translate('EnterNewFilterName');
?>
</label><input type="text" size="32" id="<?php
echo $newSelectName;
}
global $CONF, $manager;
// $manager->checkTicket();
$action_url = $CONF['ActionURL'];
$thispage = $CONF['PluginURL'] . "badbehavior/index.php";
$adminpage = $CONF['AdminURL'];
$thisquerystring = serverVar('QUERY_STRING');
$toplink = '<p class="center"><a href="' . $thispage . '?' . $thisquerystring . '#sitop" alt="Return to Top of Page">-top-</a></p>' . "\n";
$showlist = strtolower(trim(requestVar('showlist')));
if (!in_array($showlist, array('stats', 'admin', 'logs'))) {
$showlist = 'stats';
}
$tname = stringStripTags(trim(requestVar('tname')));
$fname = stringStripTags(trim(requestVar('fname')));
$oname = stringStripTags(trim(requestVar('oname')));
$iname = stringStripTags(trim(requestVar('iname')));
$iname = preg_replace('|[^a-z0-9.,_/-]|i', '_', $iname);
// make sure bad behavior is loaded
if (!defined('BB2_CORE')) {
//echo "loading necessary bad behavior libraries...";
global $DIR_PLUGINS;
$homepath = $DIR_PLUGINS . '/badbehavior/';
require_once $homepath . '/bad-behavior-nucleuscms.php';
//echo " OK. Completed <br />\n";
}
$plugin =& $oPluginAdmin->plugin;
$sipid = $plugin->getID();
$admin = $plugin->siRights();
$minaccess = intval($plugin->minRights);
if (!$minaccess || $minaccess == 0) {
$minaccess = 8;
function convertLocalTrackbackURL($data)
{
global $manager, $CONF;
$ping_urls_count = 0;
$ping_urls = array();
$localflag = array();
$ping_url = requestVar('trackback_ping_url');
if (trim($ping_url)) {
$ping_urlsTemp = array();
$ping_urlsTemp = preg_split("/[\\s,]+/", trim($ping_url));
for ($i = 0; $i < count($ping_urlsTemp); $i++) {
$ping_urls[] = trim($ping_urlsTemp[$i]);
$ping_urls_count++;
}
}
$tb_url_amount = intRequestVar('tb_url_amount');
for ($i = 0; $i < $tb_url_amount; $i++) {
$tb_temp_url = requestVar('tb_url_' . $i);
if ($tb_temp_url) {
$ping_urls[$ping_urls_count] = $tb_temp_url;
$localflag[$ping_urls_count] = requestVar('tb_url_' . $i . '_local') == 'on' ? 1 : 0;
$ping_urls_count++;
}
}
if ($ping_urls_count <= 0) {
return;
}
$blog_id = getBlogidFromItemID(intval($data['itemid']));
for ($i = 0; $i < count($ping_urls); $i++) {
if ($localflag[$i]) {
$tmp_url = parse_url($ping_urls[$i]);
$tmp_url['path'] = trim($tmp_url['path'], '/');
$path_arr = explode("/", $tmp_url['path']);
$tail = end($path_arr);
$linkObj = array('linkparam' => 'item', 'bid' => $blog_id);
if (substr($tail, -10) == '.trackback') {
$pathName = substr($tail, 0, -10);
if (substr($pathName, -5) == '.html') {
$linkObj['name'] = $pathName;
} else {
$linkObj['name'] = $pathName . '.html';
}
} else {
$linkObj['name'] = $tail;
}
$item_id = $this->getRequestPathInfo($linkObj);
if ($item_id) {
$ping_urls[$i] = $CONF['ActionURL'] . '?action=plugin&name=TrackBack&tb_id=' . $item_id;
}
}
}
$_REQUEST['trackback_ping_url'] = implode("\n", $ping_urls);
}
/**
* @todo document this
*/
function action_banlistnew($blogid = '')
{
global $member, $manager;
if ($blogid == '') {
$blogid = intRequestVar('blogid');
}
$ip = requestVar('ip');
$member->blogAdminRights($blogid) or $this->disallow();
$blog =& $manager->getBlog($blogid);
$this->pagehead();
?>
<h2><?php
echo _BAN_ADD_TITLE;
?>
</h2>
<form method="post" action="index.php">
<h3><?php
echo _BAN_IPRANGE;
?>
</h3>
<p><?php
echo _BAN_IPRANGE_TEXT;
?>
</p>
<div class="note">
<strong><?php
echo _BAN_EXAMPLE_TITLE;
?>
</strong>
<?php
echo _BAN_EXAMPLE_TEXT;
?>
</div>
<div>
<?php
if ($ip) {
$iprangeVal = htmlspecialchars($ip, ENT_QUOTES);
?>
<input name="iprange" type="radio" value="<?php
echo $iprangeVal;
?>
" checked="checked" id="ip_fixed" />
<label for="ip_fixed"><?php
echo $iprangeVal;
?>
</label>
<br />
<input name="iprange" type="radio" value="custom" id="ip_custom" />
<label for="ip_custom"><?php
echo _BAN_IP_CUSTOM;
?>
</label>
<input name='customiprange' value='<?php
echo $iprangeVal;
?>
' maxlength='15' size='15' />
<?php
} else {
echo "<input name='iprange' value='custom' type='hidden' />";
echo "<input name='customiprange' value='' maxlength='15' size='15' />";
}
?>
</div>
<h3><?php
echo _BAN_BLOGS;
?>
</h3>
<p><?php
echo _BAN_BLOGS_TEXT;
?>
</p>
<div>
<input type="hidden" name="blogid" value="<?php
echo $blogid;
?>
" />
<input name="allblogs" type="radio" value="0" id="allblogs_one" /><label for="allblogs_one">'<?php
echo htmlspecialchars($blog->getName());
?>
'</label>
<br />
<input name="allblogs" type="radio" value="1" checked="checked" id="allblogs_all" /><label for="allblogs_all"><?php
echo _BAN_ALLBLOGS;
?>
</label>
</div>
<h3><?php
echo _BAN_REASON_TITLE;
?>
</h3>
<p><?php
echo _BAN_REASON_TEXT;
?>
</p>
<div><textarea name="reason" cols="40" rows="5"></textarea></div>
<h3><?php
echo _BAN_ADD_TITLE;
?>
</h3>
<div>
<input name="action" type="hidden" value="banlistadd" />
<?php
$manager->addTicketHidden();
?>
<input type="submit" value="<?php
echo _BAN_ADD_BTN;
?>
" />
</div>
</form>
<?php
$this->pagefoot();
}
/**
* Parse skinvar imagetext
*/
function parse_imagetext()
{
echo htmlspecialchars(requestVar('imagetext'), ENT_QUOTES);
}
function media_loginAndPassThrough()
{
media_head();
?>
<h1><?php
echo _LOGIN_PLEASE;
?>
</h1>
<form method="post" action="media.php">
<div>
<input name="action" value="login" type="hidden" />
<input name="collection" value="<?php
echo htmlspecialchars(requestVar('collection'));
?>
" type="hidden" />
<?php
echo _LOGINFORM_NAME;
?>
: <input name="login" />
<br /><?php
echo _LOGINFORM_PWD;
?>
: <input name="password" type="password" />
<br /><input type="submit" value="<?php
echo _LOGIN;
?>
" />
</div>
</form>
<p><a href="media.php" onclick="tinyMCEPopup.close();"><?php
echo _POPUP_CLOSE;
?>
</a></p>
<?php
media_foot();
exit;
}
function listplug_table_itemlist($template, $type)
{
$cssclass = null;
switch ($type) {
case 'HEAD':
echo "<th>" . _LIST_ITEM_INFO . "</th><th>" . _LIST_ITEM_CONTENT . "</th><th style=\"white-space:nowrap\" colspan='1'>" . _LISTS_ACTIONS . "</th>";
break;
case 'BODY':
$current = $template['current'];
$current->itime = strtotime($current->itime);
// string -> unix timestamp
if ($current->idraft == 1) {
$cssclass = "class='draft'";
}
// (can't use offset time since offsets might vary between blogs)
if ($current->itime > $template['now']) {
$cssclass = "class='future'";
}
$action = requestVar('action');
echo '<td ' . $cssclass . ' style="white-space:nowrap;">';
if ($action !== 'itemlist') {
echo _LIST_ITEM_BLOG . ' ', htmlspecialchars($current->bshortname) . ' <br />';
}
echo _LIST_ITEM_CAT, ' ', htmlspecialchars($current->cname) . ' <br />';
if ($action !== 'browseownitems') {
echo _LIST_ITEM_AUTHOR, ' ', htmlspecialchars($current->mname) . ' <br />';
}
echo date("Y-m-d", $current->itime), " " . date("H:i", $current->itime);
echo "</td>";
echo "<td {$cssclass}>";
$id = listplug_nextBatchId();
echo '<input type="checkbox" id="batch', $id, '" name="batch[', $id, ']" value="', $current->inumber, '" />';
echo '<label for="batch', $id, '">';
echo "<b>" . htmlspecialchars(strip_tags($current->ititle)) . "</b>";
echo '</label>';
echo "<br />";
$current->ibody = strip_tags($current->ibody);
$current->ibody = htmlspecialchars(shorten($current->ibody, 200, '...'));
$COMMENTS = new COMMENTS($current->inumber);
echo "{$current->ibody}</td>";
echo "<td style=\"white-space:nowrap\" {$cssclass}>";
echo "<a href='index.php?action=itemedit&itemid={$current->inumber}'>" . _LISTS_EDIT . "</a>";
echo " / <a href='index.php?action=itemmove&itemid={$current->inumber}'>" . _LISTS_MOVE . "</a>";
echo " / <a href='index.php?action=itemdelete&itemid={$current->inumber}'>" . _LISTS_DELETE . "</a><br />";
// evaluate amount of comments for the item
$camount = $COMMENTS->amountComments();
if ($camount > 0) {
echo "<a href='index.php?action=itemcommentlist&itemid={$current->inumber}'>";
echo "( " . sprintf(_LIST_ITEM_COMMENTS, $COMMENTS->amountComments()) . " )</a>";
} else {
echo _LIST_ITEM_NOCONTENT;
}
echo "</td>";
break;
}
}
function event_PostAuthentication($data)
{
global $CONF;
if ($this->isMobile() && !$CONF['UsingAdminArea']) {
if (requestVar('action') == 'addcomment' || strlen(getVar('query'))) {
// check if valid SJIS
if (!encoding_check(false, false, 'Shift_JIS')) {
foreach (array($_REQUEST, $_SERVER) as $input) {
array_walk($input, 'encoding_check');
}
}
// user/body/query won't be checked anymore.
encoding_check(false, false, false, array('user', 'body', 'query'));
}
}
}
function _skinfiles_uploadfile()
{
global $pluginUrl, $manager, $CONF;
$directory = trim(requestVar('dir'));
$directory = sfExpandDirectory($directory);
if (sfValidPath($directory) && is_dir($directory) && is_writable($directory)) {
$file = postFileInfo('name');
if ($file['size'] > $CONF['MaxUploadSize']) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_FILE_TOO_BIG . "<br />";
echo _SKINFILES_ERR_UPLOAD_FILE3 . $CONF['MaxUploadSize'] . " / ";
echo $file['size'] . " bytes</p>";
sfShowDirectory($directory);
return;
}
if (!is_uploaded_file($file['tmp_name'])) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_BADREQUEST . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>";
sfShowDirectory($directory);
return;
}
if (sfIllegalFilename($file['name'])) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE5 . "«" . htmlspecialchars($file['name']) . "» ";
echo _SKINFILES_ERR_UPLOAD_FILE6 . "</p>";
sfShowDirectory($directory);
return;
}
if (file_exists($directory . $file['name'])) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADDUPLICATE . "</p>";
sfShowDirectory($directory);
return;
}
if (!@move_uploaded_file($file['tmp_name'], $directory . $file['name'])) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADMOVEP . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>";
sfShowDirectory($directory);
}
$mask = @umask(00);
@chmod($directory . $file['name'], 0755);
@umask($mask);
echo "<p class='message'>" . _SKINFILES_ERR_UPLOAD_FILE7 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE8 . "</p>";
sfShowDirectory($directory);
} else {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE9 . "«" . htmlspecialchars(_skinfiles_basename($directory)) . "» " . _SKINFILES_ERR_UPLOAD_FILE10;
echo _SKINFILES_ERR_UPLOAD_FILE11 . "</p>";
}
}
/**
* Calls a plugin action
*/
function callPlugin()
{
global $manager;
$pluginName = 'NP_' . requestVar('name');
$actionType = requestVar('type');
// 1: check if plugin is installed
if (!$manager->pluginInstalled($pluginName)) {
doError(_ERROR_NOSUCHPLUGIN);
}
// 2: call plugin
$pluginObject =& $manager->getPlugin($pluginName);
if ($pluginObject) {
$error = $pluginObject->doAction($actionType);
} else {
$error = 'Could not load plugin (see actionlog)';
}
// doAction returns error when:
// - an error occurred (duh)
// - no actions are allowed (doAction is not implemented)
if ($error) {
doError($error);
}
exit;
}
function bm_doShowForm()
{
global $member;
$blogid = intRequestVar('blogid');
$log_text = trim(requestVar('logtext'));
$log_link = requestVar('loglink');
$log_linktitle = requestVar('loglinktitle');
$log_text = uniDecode($log_text, _CHARSET);
$log_linktitle = uniDecode($log_linktitle, _CHARSET);
if (!BLOG::existsID($blogid)) {
bm_doError(_ERROR_NOSUCHBLOG);
}
if (!$member->isTeamMember($blogid)) {
bm_doError(_ERROR_NOTONTEAM);
}
$logje = '';
if ($log_text) {
$logje .= '<blockquote><div>"' . htmlspecialchars($log_text) . '"</div></blockquote>' . "\n";
}
if (!$log_linktitle) {
$log_linktitle = $log_link;
}
if ($log_link) {
$logje .= '<a href="' . htmlspecialchars($log_link) . '">' . htmlspecialchars($log_linktitle) . '</a>';
}
$item['body'] = $logje;
$item['title'] = htmlspecialchars($log_linktitle);
$factory = new PAGEFACTORY($blogid);
$factory->createAddForm('bookmarklet', $item);
}
function event_PreUpdateItem($data)
{
// Add tags when it add for Item
$itags = trim(requestVar('itags'));
$inum = intval($data['itemid']);
$query = 'SELECT itags as result FROM %s WHERE inum = %d';
$oldTags = quickQuery(sprintf($query, _TAGEX_TABLE, $inum));
if ($itags == $oldTags) {
return false;
}
$query = 'DELETE FROM %s WHERE inum = %d';
sql_query(sprintf($query, _TAGEX_TABLE, $inum));
if (!empty($itags)) {
$query = 'INSERT INTO %s (inum, itags) VALUES (%d, %s)';
$query = sprintf($query, _TAGEX_TABLE, $inum, $this->quote_smart($itags));
sql_query($query);
}
$old_tags_array = $this->getTags($oldTags);
if (!is_array($old_tags_array)) {
$old_tags_array = array($old_tags_array);
}
$new_tags_array = $this->getTags($itags);
$deleteTags = $this->array_minus_array($old_tags_array, $new_tags_array);
for ($i = 0; $i < count($deleteTags); $i++) {
$this->deleteTags($deleteTags[$i], $inum);
}
$addTags = $this->array_minus_array($new_tags_array, $old_tags_array);
for ($i = 0; $i < count($addTags); $i++) {
$this->mergeTags($addTags[$i], $inum);
}
}
/**
* accepts a file for upload
*/
function media_upload()
{
global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType;
$uploadInfo = postFileInfo('upload');
$filename = $uploadInfo['name'];
$filetype = $uploadInfo['type'];
$filesize = $uploadInfo['size'];
$filetempname = $uploadInfo['tmp_name'];
$fileerror = intval($uploadInfo['error']);
// clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
$filename = cleanFileName($filename);
if ($filename === false) {
upload_doError(_ERROR_BADFILETYPE . $filename);
}
switch ($fileerror) {
case 0:
// = UPLOAD_ERR_OK
break;
case 1:
// = UPLOAD_ERR_INI_SIZE
// = UPLOAD_ERR_INI_SIZE
case 2:
// = UPLOAD_ERR_FORM_SIZE
upload_doError(_ERROR_FILE_TOO_BIG);
case 3:
// = UPLOAD_ERR_PARTIAL
// = UPLOAD_ERR_PARTIAL
case 4:
// = UPLOAD_ERR_NO_FILE
// = UPLOAD_ERR_NO_FILE
case 6:
// = UPLOAD_ERR_NO_TMP_DIR
// = UPLOAD_ERR_NO_TMP_DIR
case 7:
// = UPLOAD_ERR_CANT_WRITE
// = UPLOAD_ERR_CANT_WRITE
default:
// include error code for debugging
// (see http://www.php.net/manual/en/features.file-upload.errors.php)
upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
}
if ($filesize > $CONF['MaxUploadSize']) {
upload_doError(_ERROR_FILE_TOO_BIG);
}
// check file type against allowed types
$ok = 0;
$allowedtypes = explode(',', $CONF['AllowedTypes']);
foreach ($allowedtypes as $type) {
if (preg_match("#\\." . $type . "\$#i", $filename)) {
$ok = 1;
}
}
if (!$ok) {
upload_doError(_ERROR_BADFILETYPE . $filename);
}
if (!is_uploaded_file($filetempname)) {
upload_doError(_ERROR_BADREQUEST);
}
// prefix filename with current date (YYYYMMDD-HHMMSS-)
// this to avoid nameclashes
if ($CONF['MediaPrefix']) {
$filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename;
}
// currently selected collection
$collection = requestVar('collection');
if (!$collection || !@is_dir($DIR_MEDIA . $collection)) {
$collection = $member->getID();
}
// avoid directory travarsal and accessing invalid directory
if (!MEDIA::isValidCollection($collection)) {
media_doError(_ERROR_DISALLOWED);
}
$res = MEDIA::addMediaObject($collection, $filetempname, $filename);
if ($res != '') {
upload_doError($res);
}
$url = $CONF['MediaURL'] . $collection . '/' . $filename;
if ($responseType != 'json') {
echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>";
} else {
$arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url);
header("Content-Type: application/json; charset=utf-8");
echo json_encode($arr);
}
}
function passRequestVars()
{
global $HTTP_POST_VARS, $HTTP_GET_VARS;
foreach ($HTTP_POST_VARS as $key => $value) {
if ($key == 'action' && $value != requestVar('nextaction')) {
$key = 'nextaction';
}
// a nextaction of 'showlogin' makes no sense
if ($key == 'nextaction' && $value == 'showlogin') {
continue;
}
if ($key != 'login' && $key != 'password') {
passVar($key, $value);
}
}
foreach ($HTTP_GET_VARS as $key => $value) {
if ($key == 'action' && $value != requestVar('nextaction')) {
$key = 'nextaction';
}
// a nextaction of 'showlogin' makes no sense
if ($key == 'nextaction' && $value == 'showlogin') {
continue;
}
if ($key != 'login' && $key != 'password') {
passVar($key, $value);
}
}
}
function selector()
{
global $itemid, $blogid, $memberid, $query, $amount, $archivelist, $maxresults;
global $archive, $skinid, $blog, $memberinfo, $CONF, $member;
global $imagepopup, $catid, $special;
global $manager;
$actionNames = array('addcomment', 'sendmessage', 'createaccount', 'forgotpassword', 'votepositive', 'votenegative', 'plugin');
$action = requestVar('action');
if (in_array($action, $actionNames)) {
global $DIR_LIBS, $errormessage;
include_once $DIR_LIBS . 'ACTION.php';
$a = new ACTION();
$errorInfo = $a->doAction($action);
if ($errorInfo) {
$errormessage = $errorInfo['message'];
}
}
// show error when headers already sent out
if (headers_sent() && $CONF['alertOnHeadersSent']) {
// try to get line number/filename (extra headers_sent params only exists in PHP 4.3+)
if (function_exists('version_compare') && version_compare('4.3.0', phpversion(), '<=')) {
headers_sent($hsFile, $hsLine);
$extraInfo = sprintf(_GFUNCTIONS_HEADERSALREADYSENT_FILE, $hsFile, $hsLine);
} else {
$extraInfo = '';
}
startUpError(sprintf(_GFUNCTIONS_HEADERSALREADYSENT_TXT, $extraInfo), _GFUNCTIONS_HEADERSALREADYSENT_TITLE);
exit;
}
// make is so ?archivelist without blogname or blogid shows the archivelist
// for the default weblog
if (serverVar('QUERY_STRING') == 'archivelist') {
$archivelist = $CONF['DefaultBlog'];
}
// now decide which type of skin we need
if ($itemid) {
// itemid given -> only show that item
$type = 'item';
if (!$manager->existsItem($itemid, intval($CONF['allowFuture']), intval($CONF['allowDrafts']))) {
doError(_ERROR_NOSUCHITEM);
}
global $itemidprev, $itemidnext, $catid, $itemtitlenext, $itemtitleprev;
// 1. get timestamp, blogid and catid for item
$query = 'SELECT itime, iblog, icat FROM ' . sql_table('item') . ' WHERE inumber=' . intval($itemid);
$res = sql_query($query);
$obj = sql_fetch_object($res);
// if a different blog id has been set through the request or selectBlog(),
// deny access
if ($blogid && intval($blogid) != $obj->iblog) {
if (!headers_sent()) {
$b =& $manager->getBlog($obj->iblog);
$CONF['ItemURL'] = $b->getURL();
if ($CONF['URLMode'] == 'pathinfo' and substr($CONF['ItemURL'], -1) == '/') {
$CONF['ItemURL'] = substr($CONF['ItemURL'], 0, -1);
}
$correctURL = createItemLink($itemid, '');
redirect($correctURL);
exit;
} else {
doError(_ERROR_NOSUCHITEM);
}
}
// if a category has been selected which doesn't match the item, ignore the
// category. #85
if ($catid != 0 && $catid != $obj->icat) {
$catid = 0;
}
$blogid = $obj->iblog;
$timestamp = strtotime($obj->itime);
$b =& $manager->getBlog($blogid);
if ($b->isValidCategory($catid)) {
$catextra = ' and icat=' . $catid;
} else {
$catextra = '';
}
// get previous itemid and title
$query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime<' . mysqldate($timestamp) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime DESC LIMIT 1';
$res = sql_query($query);
$obj = sql_fetch_object($res);
if ($obj) {
$itemidprev = $obj->inumber;
$itemtitleprev = $obj->ititle;
}
// get next itemid and title
$query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime>' . mysqldate($timestamp) . ' and itime <= ' . mysqldate($b->getCorrectTime()) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime ASC LIMIT 1';
$res = sql_query($query);
$obj = sql_fetch_object($res);
if ($obj) {
$itemidnext = $obj->inumber;
$itemtitlenext = $obj->ititle;
}
} elseif ($archive) {
// show archive
$type = 'archive';
// get next and prev month links ...
global $archivenext, $archiveprev, $archivetype, $archivenextexists, $archiveprevexists;
// sql queries for the timestamp of the first and the last published item
$query = "SELECT UNIX_TIMESTAMP(itime) as result FROM " . sql_table('item') . " WHERE idraft=0 AND iblog=" . (int) ($blogid ? $blogid : $CONF['DefaultBlog']) . " ORDER BY itime ASC";
$first_timestamp = quickQuery($query);
$query = "SELECT UNIX_TIMESTAMP(itime) as result FROM " . sql_table('item') . " WHERE idraft=0 AND iblog=" . (int) ($blogid ? $blogid : $CONF['DefaultBlog']) . " ORDER BY itime DESC";
$last_timestamp = quickQuery($query);
sscanf($archive, '%d-%d-%d', $y, $m, $d);
if ($d != 0) {
$archivetype = _ARCHIVETYPE_DAY;
$t = mktime(0, 0, 0, $m, $d, $y);
// one day has 24 * 60 * 60 = 86400 seconds
$archiveprev = strftime('%Y-%m-%d', $t - 86400);
// check for published items
if ($t > $first_timestamp) {
$archiveprevexists = true;
} else {
$archiveprevexists = false;
}
// one day later
$t += 86400;
$archivenext = strftime('%Y-%m-%d', $t);
if ($t < $last_timestamp) {
$archivenextexists = true;
} else {
$archivenextexists = false;
}
} elseif ($m == 0) {
$archivetype = _ARCHIVETYPE_YEAR;
$t = mktime(0, 0, 0, 12, 31, $y - 1);
// one day before is in the previous year
$archiveprev = strftime('%Y', $t);
if ($t > $first_timestamp) {
$archiveprevexists = true;
} else {
$archiveprevexists = false;
}
// timestamp for the next year
$t = mktime(0, 0, 0, 1, 1, $y + 1);
$archivenext = strftime('%Y', $t);
if ($t < $last_timestamp) {
$archivenextexists = true;
} else {
$archivenextexists = false;
}
} else {
$archivetype = _ARCHIVETYPE_MONTH;
$t = mktime(0, 0, 0, $m, 1, $y);
// one day before is in the previous month
$archiveprev = strftime('%Y-%m', $t - 86400);
if ($t > $first_timestamp) {
$archiveprevexists = true;
} else {
$archiveprevexists = false;
}
// timestamp for the next month
$t = mktime(0, 0, 0, $m + 1, 1, $y);
$archivenext = strftime('%Y-%m', $t);
if ($t < $last_timestamp) {
$archivenextexists = true;
} else {
$archivenextexists = false;
}
}
} elseif ($archivelist) {
$type = 'archivelist';
if (is_numeric($archivelist)) {
$blogid = intVal($archivelist);
} else {
$blogid = getBlogIDFromName($archivelist);
}
if (!$blogid) {
doError(_ERROR_NOSUCHBLOG);
}
} elseif ($query) {
global $startpos;
$type = 'search';
$query = stripslashes($query);
if (preg_match("/^(¡{2}|ã€{2}| )+\$/", $query)) {
$type = 'index';
}
// $order = (_CHARSET == 'EUC-JP') ? 'EUC-JP, UTF-8,' : 'UTF-8, EUC-JP,';
// $query = mb_convert_encoding($query, _CHARSET, $order . ' JIS, SJIS, ASCII');
switch (strtolower(_CHARSET)) {
case 'utf-8':
$order = 'ASCII, UTF-8, EUC-JP, JIS, SJIS, EUC-CN, ISO-8859-1';
break;
case 'gb2312':
$order = 'ASCII, EUC-CN, EUC-JP, UTF-8, JIS, SJIS, ISO-8859-1';
break;
case 'shift_jis':
// Note that shift_jis is only supported for output.
// Using shift_jis in DB is prohibited.
$order = 'ASCII, SJIS, EUC-JP, UTF-8, JIS, EUC-CN, ISO-8859-1';
break;
default:
// euc-jp,iso-8859-x,windows-125x
$order = 'ASCII, EUC-JP, UTF-8, JIS, SJIS, EUC-CN, ISO-8859-1';
break;
}
$query = mb_convert_encoding($query, _CHARSET, $order);
if (is_numeric($blogid)) {
$blogid = intVal($blogid);
} else {
$blogid = getBlogIDFromName($blogid);
}
if (!$blogid) {
doError(_ERROR_NOSUCHBLOG);
}
} elseif ($memberid) {
$type = 'member';
if (!MEMBER::existsID($memberid)) {
doError(_ERROR_NOSUCHMEMBER);
}
$memberinfo = $manager->getMember($memberid);
} elseif ($imagepopup) {
// media object (images etc.)
$type = 'imagepopup';
// TODO: check if media-object exists
// TODO: set some vars?
} else {
// show regular index page
global $startpos;
$type = 'index';
}
// any type of skin with catid
if ($catid && !$blogid) {
$blogid = getBlogIDFromCatID($catid);
}
// decide which blog should be displayed
if (!$blogid) {
$blogid = $CONF['DefaultBlog'];
}
$b =& $manager->getBlog($blogid);
$blog = $b;
// references can't be placed in global variables?
if (!$blog->isValid) {
doError(_ERROR_NOSUCHBLOG);
}
// set catid if necessary
if ($catid) {
// check if the category is valid
if (!$blog->isValidCategory($catid)) {
doError(_ERROR_NOSUCHCATEGORY);
} else {
$blog->setSelectedCategory($catid);
}
}
// decide which skin should be used
if ($skinid != '' && $skinid == 0) {
selectSkin($skinid);
}
if (!$skinid) {
$skinid = $blog->getDefaultSkin();
}
//$special = requestVar('special'); //get at top of file as global
if (!empty($special) && isValidShortName($special)) {
$type = strtolower($special);
}
$skin = new SKIN($skinid);
if (!$skin->isValid) {
doError(_ERROR_NOSUCHSKIN);
}
// set global skinpart variable so can determine quickly what is being parsed from any plugin or phpinclude
global $skinpart;
$skinpart = $type;
// parse the skin
$skin->parse($type);
// check to see we should throw JustPosted event
$blog->checkJustPosted();
}
function varRequest($str, $default_value = "")
{
return requestVar($str, $default_value);
}
/**
* There seems to be no PostUpdateItem event so here we go
*/
function event_PreUpdateItem($data)
{
$mode = 'insert';
$itemid = $data['itemid'];
$tags = requestVar('plugin_technoratitags_field');
if ($tags != '') {
$tag_arr = array();
$tag_arr = explode(" ", $tags);
$tag_arr = array_unique($tag_arr);
$tags = implode(" ", $tag_arr);
}
/* First check if there is already a row for this post */
$result = sql_query("SELECT * FROM " . $this->tablename . " WHERE itemid=" . $data['itemid']);
if (sql_num_rows($result) > 0) {
$mode = 'update';
}
sql_free_result($result);
if ($mode == 'insert') {
$query = "INSERT INTO " . $this->tablename . " (itemid,tags) VALUES (" . $itemid . ",'" . $tags . "')";
} else {
$query = "UPDATE " . $this->tablename . " SET tags = '" . $tags . "' WHERE itemid = " . $itemid;
}
// update
sql_query($query);
if ($this->getOption('DelIcioUs') == "yes") {
global $manager;
$url = createItemLink($itemid);
// get item info
$item =& $manager->getItem($itemid, 0, 0);
$title = $data['title'] != '' ? $data['title'] : $item['title'];
$authorid = $item['authorid'];
$user = $this->getMemberOption($authorid, 'DeliciousUser');
$password = $this->getMemberOption($authorid, 'DeliciousPassword');
if ($user != '' && $password != '') {
$oPhpDelicious = new PhpDelicious($user, $password);
if (isset($tag_arr)) {
$oPhpDelicious->AddPost($url, $title, '', $tag_arr);
} else {
// remove the link is no tag for this post, link with no tag is just useless
$oPhpDelicious->DeletePost($url);
}
}
}
}
function action_pathupdate()
{
global $oPluginAdmin;
$o_oid = intRequestVar('oid');
$o_bid = intRequestVar('obd');
$o_param = requestVar('opr');
$o_name = requestVar('name');
$newPath = requestVar('path');
$action = requestVar('ret');
$msg = $this->plugin->RegistPath($o_oid, $newPath, $o_bid, $o_param, $o_name);
if ($msg) {
$this->error($msg);
if ($msg[0] != 0) {
return;
exit;
}
}
$mesage = _UPDATE_SUCCESS;
switch ($action) {
case 'catoverview':
if ($o_param == 'subcategory') {
$bid = getBlogIDFromCatID($o_bid);
} else {
$bid = $o_bid;
}
$this->action_categoryview($bid, _UPDATE_SUCCESS);
break;
case 'memberview':
$this->action_memberview(_UPDATE_SUCCESS);
break;
case 'blogview':
$this->action_blogview(_UPDATE_SUCCESS);
break;
case 'itemview':
$this->action_itemview($o_bid, _UPDATE_SUCCESS);
break;
default:
echo _UPDATE_SUCCESS;
break;
}
return;
}
function passRequestVars()
{
foreach ($_REQUEST as $key => $value) {
if ($key == 'action' && $value != requestVar('nextaction')) {
$key = 'nextaction';
}
// a nextaction of 'showlogin' makes no sense
if ($key == 'nextaction' && $value == 'showlogin') {
continue;
}
if ($key != 'login' && $key != 'password') {
passVar($key, $value);
}
}
}
?>
</a>
</div>
<h2><?php
echo translate('EventFilter');
?>
</h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="get" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<input type="hidden" name="view" value="filter"/>
<input type="hidden" name="page" value="<?php
echo requestVar('page');
?>
"/>
<input type="hidden" name="reload" value="0"/>
<input type="hidden" name="execute" value="0"/>
<input type="hidden" name="action" value=""/>
<input type="hidden" name="subaction" value=""/>
<input type="hidden" name="line" value=""/>
<input type="hidden" name="fid" value=""/>
<hr/>
<div id="filterSelector"><label for="<?php
echo $selectName;
?>
"><?php
echo translate('UseFilter');
?>
function doAction($actionType)
{
global $CONF, $member;
if (!($member->isLoggedIn() && $member->isAdmin())) {
return 'Sorry. not allowed';
}
if ($actionType == 'resetview') {
sql_query(sprintf('UPDATE %s SET views=0 WHERE id=%s', sql_table('plugin_views'), requestVar('id')));
} elseif ($actionType == 'resetallview') {
sql_query(sprintf('UPDATE %s SET views=0', sql_table('plugin_views')));
}
$url = $CONF['PluginURL'] . sprintf('views/index.php?sort=%s&order=%s', requestVar('sort'), requestVar('order'));
header('Location: ' . $url);
}
<?php
/*
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
* Copyright (C) 2002-2011 The Nucleus Group
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* (see nucleus/documentation/index.html#license for more info)
*/
/**
* File containing actions that can be performed by visitors of the site,
* like adding comments, etc...
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2011 The Nucleus Group
* @version $Id: action.php 1131 2011-02-01 06:19:31Z sakamocchi $
* $NucleusJP: action.php,v 1.8.2.1 2007/09/05 05:50:12 kimitake Exp $
*/
$CONF = array();
require './config.php';
// common functions
//include_once($DIR_LIBS . 'ACTION.php');
include_libs('ACTION.php', true, false);
$action = requestVar('action');
$a =& new ACTION();
$errorInfo = $a->doAction($action);
if ($errorInfo) {
doError($errorInfo['message'], new SKIN($errorInfo['skinid']));
}
/**
* Checks the ticket that was passed along with the current request
*/
function checkTicket()
{
global $member;
// get ticket from request
$ticket = requestVar('ticket');
// no ticket -> don't allow
if ($ticket == '') {
return false;
}
// remove expired tickets first
$this->_cleanUpExpiredTickets();
// get member id
if (!$member->isLoggedIn()) {
$memberId = -1;
} else {
$memberId = $member->getID();
}
// check if ticket is a valid one
$query = 'SELECT COUNT(*) as result FROM ' . sql_table('tickets') . ' WHERE member=' . intval($memberId) . ' and ticket=\'' . sql_real_escape_string($ticket) . '\'';
if (quickQuery($query) == 1) {
// [in the original implementation, the checked ticket was deleted. This would lead to invalid
// tickets when using the browsers back button and clicking another link/form
// leaving the keys in the database is not a real problem, since they're member-specific and
// only valid for a period of one hour
// ]
// sql_query('DELETE FROM '.sql_table('tickets').' WHERE member=' . intval($memberId). ' and ticket=\''.addslashes($ticket).'\'');
return true;
} else {
// not a valid ticket
return false;
}
}
