function logit($r = '') { global $siteurl, $prefs, $pretext; $mydomain = str_replace('www.', '', preg_quote($siteurl, "/")); $out['uri'] = @$pretext['request_uri']; $out['ref'] = clean_url(str_replace("http://", "", serverSet('HTTP_REFERER'))); $host = $ip = serverSet('REMOTE_ADDR'); if (!empty($prefs['use_dns'])) { // A crude rDNS cache if ($h = safe_field('host', 'txp_log', "ip='" . doSlash($ip) . "' limit 1")) { $host = $h; } else { // Double-check the rDNS $host = @gethostbyaddr(serverSet('REMOTE_ADDR')); if ($host != $ip and @gethostbyname($host) != $ip) { $host = $ip; } } } $out['ip'] = $ip; $out['host'] = $host; $out['status'] = 200; // FIXME $out['method'] = serverSet('REQUEST_METHOD'); if (preg_match("/^[^\\.]*\\.?{$mydomain}/i", $out['ref'])) { $out['ref'] = ""; } if ($r == 'refer') { if (trim($out['ref']) != "") { insert_logit($out); } } else { insert_logit($out); } }
/** * Outputs a diagnostics report. * * This is the main panel. */ function doDiagnostics() { global $prefs, $files, $txpcfg, $event, $step, $theme, $DB; extract(get_prefs()); $urlparts = parse_url(hu); $mydomain = $urlparts['host']; $is_apache = stristr(serverSet('SERVER_SOFTWARE'), 'Apache') || is_callable('apache_get_version'); $real_doc_root = isset($_SERVER['DOCUMENT_ROOT']) ? realpath($_SERVER['DOCUMENT_ROOT']) : ''; // ini_get() returns string values passed via php_value as a string, not boolean. $is_register_globals = (strcasecmp(ini_get('register_globals'), 'on') === 0 or ini_get('register_globals') === '1'); // Check for Textpattern updates, at most once every 24 hours. $now = time(); $updateInfo = unserialize(get_pref('last_update_check', '')); if (!$updateInfo || $now > $updateInfo['when'] + 60 * 60 * 24) { $updates = checkUpdates(); $updateInfo['msg'] = $updates ? gTxt($updates['msg'], array('{version}' => $updates['version'])) : ''; $updateInfo['when'] = $now; set_pref('last_update_check', serialize($updateInfo), 'publish', PREF_HIDDEN, 'text_input'); } $fail = array(); if (!empty($updateInfo['msg'])) { $fail['textpattern_version_update'] = diag_msg_wrap($updateInfo['msg'], 'information'); } if (!is_callable('version_compare') || version_compare(PHP_VERSION, REQUIRED_PHP_VERSION, '<')) { $fail['php_version_required'] = diag_msg_wrap(gTxt('php_version_required', array('{version}' => REQUIRED_PHP_VERSION))); } if (!isset($path_to_site)) { $fail['path_to_site_missing'] = diag_msg_wrap(gTxt('path_to_site_missing'), 'warning'); } if (@gethostbyname($mydomain) === $mydomain) { $fail['dns_lookup_fails'] = diag_msg_wrap(gTxt('dns_lookup_fails') . cs . $mydomain, 'warning'); } if (!@is_dir($path_to_site)) { $fail['path_to_site_inacc'] = diag_msg_wrap(gTxt('path_to_site_inacc') . cs . $path_to_site); } if (rtrim($siteurl, '/') != $siteurl) { $fail['site_trailing_slash'] = diag_msg_wrap(gTxt('site_trailing_slash') . cs . $path_to_site, 'warning'); } if (!@is_file($path_to_site . "/index.php") || !@is_readable($path_to_site . "/index.php")) { $fail['index_inaccessible'] = diag_msg_wrap("{$path_to_site}/index.php " . gTxt('is_inaccessible')); } $not_readable = array(); if (!@is_writable($path_to_site . '/' . $img_dir)) { $not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('img_dir'), gTxt('dir_not_writable')) . ": {$path_to_site}/{$img_dir}", 'warning'); } if (!@is_writable($file_base_path)) { $not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('file_base_path'), gTxt('dir_not_writable')) . ": {$file_base_path}", 'warning'); } if (!@is_writable($tempdir)) { $not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('tempdir'), gTxt('dir_not_writable')) . ": {$tempdir}", 'warning'); } if ($not_readable) { $fail['dir_not_writable'] = join(n, $not_readable); } if ($permlink_mode != 'messy' && !$is_apache) { $fail['cleanurl_only_apache'] = diag_msg_wrap(gTxt('cleanurl_only_apache'), 'information'); } if ($permlink_mode != 'messy' and !@is_readable($path_to_site . '/.htaccess')) { $fail['htaccess_missing'] = diag_msg_wrap(gTxt('htaccess_missing')); } if ($permlink_mode != 'messy' and is_callable('apache_get_modules') and !apache_module('mod_rewrite')) { $fail['mod_rewrite_missing'] = diag_msg_wrap(gTxt('mod_rewrite_missing')); } if (!ini_get('file_uploads')) { $fail['file_uploads_disabled'] = diag_msg_wrap(gTxt('file_uploads_disabled'), 'information'); } if (@is_dir(txpath . DS . 'setup')) { $fail['setup_still_exists'] = diag_msg_wrap(txpath . DS . "setup" . DS . ' ' . gTxt('still_exists'), 'warning'); } if (empty($tempdir)) { $fail['no_temp_dir'] = diag_msg_wrap(gTxt('no_temp_dir'), 'warning'); } if (is_disabled('mail')) { $fail['warn_mail_unavailable'] = diag_msg_wrap(gTxt('warn_mail_unavailable'), 'warning'); } if ($is_register_globals) { $fail['warn_register_globals_or_update'] = diag_msg_wrap(gTxt('warn_register_globals_or_update'), 'warning'); } if ($permlink_mode != 'messy') { $rs = safe_column("name", "txp_section", "1"); foreach ($rs as $name) { if ($name and @file_exists($path_to_site . '/' . $name)) { $fail['old_placeholder_exists'] = diag_msg_wrap(gTxt('old_placeholder') . ": {$path_to_site}/{$name}"); } } } $cs = check_file_integrity(INTEGRITY_REALPATH); if (!$cs) { $cs = array(); } // Files that don't match their checksums. if ($modified_files = array_keys($cs, INTEGRITY_MODIFIED)) { $fail['modified_files'] = diag_msg_wrap(gTxt('modified_files') . cs . n . t . join(', ' . n . t, $modified_files), 'warning'); } // Running development code in live mode is not recommended. if (preg_match('/-dev$/', txp_version) and $production_status == 'live') { $fail['dev_version_live'] = diag_msg_wrap(gTxt('dev_version_live'), 'warning'); } // Missing files. if ($missing = array_merge(array_keys($cs, INTEGRITY_MISSING), array_keys($cs, INTEGRITY_NOT_FILE), array_keys($cs, INTEGRITY_NOT_READABLE))) { $fail['missing_files'] = diag_msg_wrap(gTxt('missing_files') . cs . n . t . join(', ' . n . t, $missing)); } // Anything might break if arbitrary functions are disabled. if (ini_get('disable_functions')) { $disabled_funcs = array_map('trim', explode(',', ini_get('disable_functions'))); // Commonly disabled functions that we don't need. $disabled_funcs = array_diff($disabled_funcs, array('imagefilltoborder', 'escapeshellarg', 'escapeshellcmd', 'exec', 'passthru', 'proc_close', 'proc_get_status', 'proc_nice', 'proc_open', 'proc_terminate', 'shell_exec', 'system', 'popen', 'dl', 'chown')); if ($disabled_funcs) { $fail['some_php_functions_disabled'] = diag_msg_wrap(gTxt('some_php_functions_disabled') . cs . join(', ', $disabled_funcs), 'warning'); } } // Not sure about this one. // if (strncmp(php_sapi_name(), 'cgi', 3) == 0 and ini_get('cgi.rfc2616_headers')) // $fail['cgi_header_config'] = gTxt('cgi_header_config'); $guess_site_url = $_SERVER['HTTP_HOST'] . preg_replace('#[/\\\\]$#', '', dirname(dirname($_SERVER['SCRIPT_NAME']))); if ($siteurl and strip_prefix($siteurl, 'www.') != strip_prefix($guess_site_url, 'www.')) { $fail['site_url_mismatch'] = diag_msg_wrap(gTxt('site_url_mismatch') . cs . $guess_site_url, 'warning'); } // Test clean URL server vars. if (hu) { if (ini_get('allow_url_fopen') and $permlink_mode != 'messy') { $s = md5(uniqid(rand(), true)); ini_set('default_socket_timeout', 10); $pretext_data = @file(hu . $s . '/?txpcleantest=1'); if ($pretext_data) { $pretext_req = trim(@$pretext_data[0]); if ($pretext_req != md5('/' . $s . '/?txpcleantest=1')) { $fail['clean_url_data_failed'] = diag_msg_wrap(gTxt('clean_url_data_failed') . cs . txpspecialchars($pretext_req), 'warning'); } } else { $fail['clean_url_test_failed'] = diag_msg_wrap(gTxt('clean_url_test_failed'), 'warning'); } } } if ($tables = list_txp_tables()) { $table_errors = check_tables($tables); if ($table_errors) { $fail['mysql_table_errors'] = diag_msg_wrap(gTxt('mysql_table_errors') . cs . n . t . join(', ' . n . t, $table_errors)); } } $active_plugins = array(); if ($rows = safe_rows('name, version, code_md5, md5(code) as md5', 'txp_plugin', 'status > 0')) { foreach ($rows as $row) { $n = $row['name'] . '-' . $row['version']; if (strtolower($row['md5']) != strtolower($row['code_md5'])) { $n .= 'm'; } $active_plugins[] = $n; } } $theme_manifest = $theme->manifest(); // Check GD info. if (function_exists('gd_info')) { $gd_info = gd_info(); $gd_support = array(); if ($gd_info['GIF Create Support']) { $gd_support[] = 'GIF'; } // Aside: In PHP 5.3, they chose to add a previously unemployed capital "E" to the array key. if (!empty($gd_info['JPEG Support']) || !empty($gd_info['JPG Support'])) { $gd_support[] = 'JPG'; } if ($gd_info['PNG Support']) { $gd_support[] = 'PNG'; } if ($gd_support) { $gd_support = join(', ', $gd_support); } else { $gd_support = gTxt('none'); } $gd = gTxt('gd_info', array('{version}' => $gd_info['GD Version'], '{supported}' => $gd_support)); } else { $gd = gTxt('gd_unavailable'); } if (realpath($prefs['tempdir']) === realpath($prefs['plugin_cache_dir'])) { $fail['tmp_plugin_paths_match'] = diag_msg_wrap(gTxt('tmp_plugin_paths_match')); } // Database server time. extract(doSpecial(getRow('select @@global.time_zone as db_global_timezone, @@session.time_zone as db_session_timezone, now() as db_server_time, unix_timestamp(now()) as db_server_timestamp'))); $db_server_timeoffset = $db_server_timestamp - $now; echo pagetop(gTxt('tab_diagnostics'), ''); echo hed(gTxt('tab_diagnostics'), 1, array('class' => 'txp-heading')); echo n . '<div id="' . $event . '_container" class="txp-container">' . n . '<div id="pre_flight_check">' . hed(gTxt('preflight_check'), 2); if ($fail) { foreach ($fail as $help => $message) { echo graf(nl2br($message) . popHelp($help)); } } else { echo graf(diag_msg_wrap(gTxt('all_checks_passed'), 'success')); } echo '</div>'; echo '<div id="diagnostics">', hed(gTxt('diagnostic_info'), 2); $fmt_date = '%Y-%m-%d %H:%M:%S'; $out = array('<p><textarea class="code" id="diagnostics-detail" cols="' . INPUT_LARGE . '" rows="' . TEXTAREA_HEIGHT_LARGE . '" dir="ltr" readonly>', gTxt('txp_version') . cs . txp_version . ' (' . check_file_integrity(INTEGRITY_DIGEST) . ')' . n, gTxt('last_update') . cs . gmstrftime($fmt_date, $dbupdatetime) . '/' . gmstrftime($fmt_date, @filemtime(txpath . '/update/_update.php')) . n, gTxt('document_root') . cs . @$_SERVER['DOCUMENT_ROOT'] . ($real_doc_root != @$_SERVER['DOCUMENT_ROOT'] ? ' (' . $real_doc_root . ')' : '') . n, '$path_to_site' . cs . $path_to_site . n, gTxt('txp_path') . cs . txpath . n, gTxt('permlink_mode') . cs . $permlink_mode . n, ini_get('open_basedir') ? 'open_basedir: ' . ini_get('open_basedir') . n : '', ini_get('upload_tmp_dir') ? 'upload_tmp_dir: ' . ini_get('upload_tmp_dir') . n : '', gTxt('tempdir') . cs . $tempdir . n, gTxt('web_domain') . cs . $siteurl . n, gTxt('php_version') . cs . phpversion() . n, $is_register_globals ? gTxt('register_globals') . cs . $is_register_globals . n : '', gTxt('gd_library') . cs . $gd . n, gTxt('server') . ' TZ: ' . Txp::get('Textpattern_Date_Timezone')->getTimeZone() . n, gTxt('server_time') . cs . strftime('%Y-%m-%d %H:%M:%S') . n, strip_tags(gTxt('is_dst')) . cs . $is_dst . n, strip_tags(gTxt('auto_dst')) . cs . $auto_dst . n, strip_tags(gTxt('gmtoffset')) . cs . $timezone_key . sp . "({$gmtoffset})" . n, 'MySQL' . cs . mysql_get_server_info() . n, gTxt('db_server_time') . cs . $db_server_time . n, gTxt('db_server_timeoffset') . cs . $db_server_timeoffset . ' s' . n, gTxt('db_global_timezone') . cs . $db_global_timezone . n, gTxt('db_session_timezone') . cs . $db_session_timezone . n, gTxt('locale') . cs . $locale . n, isset($_SERVER['SERVER_SOFTWARE']) ? gTxt('server') . cs . $_SERVER['SERVER_SOFTWARE'] . n : '', is_callable('apache_get_version') ? gTxt('apache_version') . cs . @apache_get_version() . n : '', gTxt('php_sapi_mode') . cs . PHP_SAPI . n, gTxt('rfc2616_headers') . cs . ini_get('cgi.rfc2616_headers') . n, gTxt('os_version') . cs . php_uname('s') . ' ' . php_uname('r') . n, $active_plugins ? gTxt('active_plugins') . cs . join(', ', $active_plugins) . n : '', gTxt('theme_name') . cs . $theme_name . sp . $theme_manifest['version'] . n, $fail ? n . gTxt('preflight_check') . cs . n . ln . join("\n", doStripTags($fail)) . n . ln : '', is_readable($path_to_site . '/.htaccess') ? n . gTxt('htaccess_contents') . cs . n . ln . txpspecialchars(join('', file($path_to_site . '/.htaccess'))) . n . ln : ''); if ($step == 'high') { $out[] = n . 'Charset (default/config)' . cs . $DB->default_charset . '/' . $DB->charset . n; $result = safe_query("SHOW variables like 'character_se%'"); while ($row = mysql_fetch_row($result)) { $out[] = $row[0] . cs . $row[1] . n; if ($row[0] == 'character_set_connection') { $conn_char = $row[1]; } } $table_names = array(PFX . 'textpattern'); $result = safe_query("SHOW TABLES LIKE '" . PFX . "txp\\_%'"); while ($row = mysql_fetch_row($result)) { $table_names[] = $row[0]; } $table_msg = array(); foreach ($table_names as $table) { $ctr = safe_query("SHOW CREATE TABLE " . $table . ""); if (!$ctr) { unset($table_names[$table]); continue; } $ctcharset = preg_replace('#^CREATE TABLE.*SET=([^ ]+)[^)]*$#is', '\\1', mysql_result($ctr, 0, 'Create Table')); if (isset($conn_char) && !stristr($ctcharset, 'CREATE') && $conn_char != $ctcharset) { $table_msg[] = "{$table} is {$ctcharset}"; } $ctr = safe_query("CHECK TABLE " . $table); if (in_array(mysql_result($ctr, 0, 'Msg_type'), array('error', 'warning'))) { $table_msg[] = $table . cs . mysql_result($ctr, 0, 'Msg_Text'); } } if ($table_msg == array()) { $table_msg = count($table_names) < 17 ? array('-') : array('OK'); } $out[] = count($table_names) . ' Tables' . cs . implode(', ', $table_msg) . n; $cf = preg_grep('/^custom_\\d+/', getThings('describe `' . PFX . 'textpattern`')); $out[] = n . get_pref('max_custom_fields', 10) . sp . gTxt('custom') . cs . implode(', ', $cf) . sp . '(' . count($cf) . ')' . n; $extns = get_loaded_extensions(); $extv = array(); foreach ($extns as $e) { $extv[] = $e . (phpversion($e) ? '/' . phpversion($e) : ''); } $out[] = n . gTxt('php_extensions') . cs . join(', ', $extv) . n; if (is_callable('apache_get_modules')) { $out[] = n . gTxt('apache_modules') . cs . join(', ', apache_get_modules()) . n; } if (@is_array($pretext_data) and count($pretext_data) > 1) { $out[] = n . gTxt('pretext_data') . cs . txpspecialchars(join('', array_slice($pretext_data, 1, 20))) . n; } $out[] = n; if ($md5s = check_file_integrity(INTEGRITY_MD5)) { foreach ($md5s as $f => $checksum) { $out[] = $f . cs . n . t . (!$checksum ? gTxt('unknown') : $checksum) . n; } } $out[] = n . ln; } $out[] = callback_event('diag_results', $step) . n; $out[] = '</textarea></p>'; $dets = array('low' => gTxt('low'), 'high' => gTxt('high')); $out[] = form(graf(eInput('diag') . n . '<label>' . gTxt('detail') . '</label>' . selectInput('step', $dets, $step, 0, 1))); echo join('', $out), '</div>', '</div>'; }
function preText($s, $prefs) { extract($prefs); if (gps('rss')) { include txpath . '/publish/rss.php'; exit(rss()); } if (gps('atom')) { include txpath . '/publish/atom.php'; exit(atom()); } // set messy variables $out = makeOut('id', 's', 'c', 'q', 'pg', 'p', 'month'); // if messy vars exist, bypass url parsing if (!$out['id'] && !$out['s']) { // define the useable url, minus any subdirectories. // this is pretty fugly, if anyone wants to have a go at it - dean $subpath = preg_quote(preg_replace("/http:\\/\\/.*(\\/.*)/Ui", "\$1", hu), "/"); $req = preg_replace("/^{$subpath}/i", "/", serverSet('REQUEST_URI')); extract(chopUrl($req)); //first we sniff out some of the preset url schemes if (!empty($u1)) { switch ($u1) { case 'atom': include txpath . '/publish/atom.php'; exit(atom()); case 'rss': include txpath . '/publish/rss.php'; exit(rss()); case strtolower(gTxt('section')): $out['s'] = ckEx('section', $u2) ? $u2 : 'default'; break; case strtolower(gTxt('category')): $out['c'] = ckEx('category', $u2) ? $u2 : ''; break; case urlencode(strtolower(gTxt('author'))): $author_name = !empty($u2) ? urldecode($u2) : ''; $out['author'] = safe_field('name', 'txp_users', "RealName like '{$author_name}'"); break; case strtolower(gTxt('file_download')): $out['s'] = 'file_download'; $out['id'] = !empty($u2) ? $u2 : ''; break; case 'p': $out['p'] = is_numeric($u2) ? $u2 : ''; break; default: // then see if the prefs-defined permlink scheme is usable switch ($permlink_mode) { case 'section_id_title': $out['s'] = ckEx('section', $u1) ? $u1 : 'default'; $out['id'] = is_numeric($u2) && ckExID($u2) ? $u2 : ''; break; case 'year_month_day_title': if (empty($u4)) { $out['month'] = "{$u1}-{$u2}"; if (!empty($u3)) { $out['month'] .= "-{$u3}"; } $out['s'] = 'default'; } else { $when = date("Y-m-d", strtotime("{$u1}-{$u2}-{$u3}") + $timeoffset); $rs = lookupByDateTitle($when, $u4); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ''; } break; case 'section_title': $rs = lookupByTitleSection($u2, $u1); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = ckEx('section', $u1) ? $u1 : 'default'; break; case 'title_only': $rs = lookupByTitle($u1); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ckEx('section', $u1) ? $u1 : 'default'; break; case 'id_title': if (is_numeric($u1) && ckExID($u1)) { $rs = lookupByID($u1); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : 'default'; } else { # We don't want to miss the /section/ pages $out['s'] = ckEx('section', $u1) ? $u1 : 'default'; } break; } } } else { $out['s'] = 'default'; } } else { // Messy mode, but prevent to get the id for file_downloads if ($out['id'] && !$out['s']) { $out['s'] = safe_field('section', 'textpattern', "ID='" . doSlash($out['id']) . "'"); } } if ($out['s'] == 'file_download') { // get id of potential filename if (!is_numeric($out['id'])) { $rs = safe_row("*", "txp_file", "filename='" . $out['id'] . "'"); } else { $rs = safe_row("*", "txp_file", "id='" . $out['id'] . "'"); } $out = $rs ? array_merge($out, $rs) : array('s' => 'file_download', 'file_error' => 404); return $out; } $out['s'] = empty($out['s']) ? 'default' : $out['s']; $s = $out['s']; $id = $out['id']; // hackish if (empty($id)) { $GLOBALS['is_article_list'] = true; } // by this point we should know the section, so grab its page and css $rs = safe_row("*", "txp_section", "name = '{$s}' limit 1"); $out['page'] = @$rs['page']; $out['css'] = @$rs['css']; if (is_numeric($id)) { $idrs = safe_row("Posted, AuthorID, Keywords", "textpattern", "ID={$id}"); extract($idrs); if ($np = getNextPrev($id, $Posted, $s)) { $out = array_merge($out, $np); } $out['id_keywords'] = $Keywords; $out['id_author'] = get_author_name($AuthorID); } $out['path_from_root'] = $path_from_root; // these are deprecated as of 1.0 $out['pfr'] = $path_from_root; // leaving them here for plugin compat $out['path_to_site'] = $path_to_site; $out['permlink_mode'] = $permlink_mode; $out['sitename'] = htmlspecialchars($sitename); return $out; }
function replace_relative_urls($html, $permalink = '') { global $siteurl; # urls like "/foo/bar" - relative to the domain if (serverSet('HTTP_HOST')) { $html = preg_replace('@(<a[^>]+href=")/@', '$1' . PROTOCOL . serverSet('HTTP_HOST') . '/', $html); $html = preg_replace('@(<img[^>]+src=")/@', '$1' . PROTOCOL . serverSet('HTTP_HOST') . '/', $html); } # "foo/bar" - relative to the textpattern root $html = preg_replace('@(<a[^>]+href=")(?!http://)@', '$1' . PROTOCOL . $siteurl . '/$2', $html); $html = preg_replace('@(<img[^>]+src=")(?!http://)@', '$1' . PROTOCOL . $siteurl . '/$2', $html); if ($permalink) { $html = preg_replace("/href=\\\"#(.*)\"/", "href=\"" . $permalink . "#\\1\"", $html); } return $html; }
if ($DB->connected && $DB->table_exists(PFX . 'textpattern')) { $dbversion = safe_field('val', 'txp_prefs', "name = 'version'"); // global site prefs $prefs = get_prefs(); extract($prefs); if (empty($siteurl)) { $siteurl = $_SERVER['HTTP_HOST'] . rtrim(dirname(dirname($_SERVER['SCRIPT_NAME'])), '/'); } if (empty($path_to_site)) { updateSitePath(dirname(dirname(__FILE__))); } define("LANG", $language); //i18n: define("LANG","en-gb"); define('txp_version', $thisversion); if (!defined('PROTOCOL')) { switch (serverSet('HTTPS')) { case '': case 'off': // ISAPI with IIS define('PROTOCOL', 'http://'); break; default: define('PROTOCOL', 'https://'); break; } } define("hu", PROTOCOL . $siteurl . '/'); // v1.0 experimental relative url global define("rhu", preg_replace("/https?:\\/\\/.+(\\/.*)\\/?\$/U", "\$1", hu)); if (!empty($locale)) { setlocale(LC_ALL, $locale);
function preText($s, $prefs) { extract($prefs); callback_event('pretext'); // Set messy variables. $out = makeOut('id', 's', 'c', 'context', 'q', 'm', 'pg', 'p', 'month', 'author'); if (gps('rss')) { $out['feed'] = 'rss'; } if (gps('atom')) { $out['feed'] = 'atom'; } // Some useful vars for taghandlers, plugins. $out['request_uri'] = preg_replace("|^https?://[^/]+|i", "", serverSet('REQUEST_URI')); $out['qs'] = serverSet('QUERY_STRING'); // IIS fix. if (!$out['request_uri'] and serverSet('SCRIPT_NAME')) { $out['request_uri'] = serverSet('SCRIPT_NAME') . (serverSet('QUERY_STRING') ? '?' . serverSet('QUERY_STRING') : ''); } // Another IIS fix. if (!$out['request_uri'] and serverSet('argv')) { $argv = serverSet('argv'); $out['request_uri'] = @substr($argv[0], strpos($argv[0], ';') + 1); } // Define the useable url, minus any subdirectories. // This is pretty ugly, if anyone wants to have a go at it. $out['subpath'] = $subpath = preg_quote(preg_replace("/https?:\\/\\/.*(\\/.*)/Ui", "\$1", hu), "/"); $out['req'] = $req = preg_replace("/^{$subpath}/i", "/", $out['request_uri']); $is_404 = $out['status'] == '404'; // If messy vars exist, bypass URL parsing. if (!$out['id'] && !$out['s'] && !(txpinterface == 'css') && !(txpinterface == 'admin')) { // Return clean URL test results for diagnostics. if (gps('txpcleantest')) { exit(show_clean_test($out)); } extract(chopUrl($req)); // First we sniff out some of the preset URL schemes. if (strlen($u1)) { switch ($u1) { case 'atom': $out['feed'] = 'atom'; break; case 'rss': $out['feed'] = 'rss'; break; // urldecode(strtolower(urlencode())) looks ugly but is the // only way to make it multibyte-safe without breaking // backwards-compatibility. // urldecode(strtolower(urlencode())) looks ugly but is the // only way to make it multibyte-safe without breaking // backwards-compatibility. case urldecode(strtolower(urlencode(gTxt('section')))): $out['s'] = ckEx('section', $u2) ? $u2 : ''; $is_404 = empty($out['s']); break; case urldecode(strtolower(urlencode(gTxt('category')))): if ($u3) { $out['context'] = validContext($u2); $out['c'] = $u3; } else { $out['context'] = 'article'; $out['c'] = $u2; } $out['c'] = ckCat($out['context'], $out['c']) ? $out['c'] : ''; $is_404 = empty($out['c']); break; case urldecode(strtolower(urlencode(gTxt('author')))): if ($u3) { $out['context'] = validContext($u2); $out['author'] = $u3; } else { $out['context'] = 'article'; $out['author'] = $u2; } $out['author'] = !empty($out['author']) ? $out['author'] : ''; break; // AuthorID gets resolved from Name further down. // AuthorID gets resolved from Name further down. case urldecode(strtolower(urlencode(gTxt('file_download')))): $out['s'] = 'file_download'; $out['id'] = !empty($u2) ? $u2 : ''; $out['filename'] = !empty($u3) ? $u3 : ''; break; default: // Then see if the prefs-defined permlink scheme is usable. switch ($permlink_mode) { case 'section_id_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } else { $rs = lookupByIDSection($u2, $u1); $out['s'] = @$rs['Section']; $out['id'] = @$rs['ID']; $is_404 = (empty($out['s']) or empty($out['id'])); } break; case 'year_month_day_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } elseif (empty($u4)) { $month = "{$u1}-{$u2}"; if (!empty($u3)) { $month .= "-{$u3}"; } if (preg_match('/\\d+-\\d+(?:-\\d+)?/', $month)) { $out['month'] = $month; $out['s'] = 'default'; } else { $is_404 = 1; } } else { $when = "{$u1}-{$u2}-{$u3}"; $rs = lookupByDateTitle($when, $u4); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ''; $is_404 = (empty($out['s']) or empty($out['id'])); } break; case 'section_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } else { $rs = lookupByTitleSection($u2, $u1); $out['id'] = isset($rs['ID']) ? $rs['ID'] : ''; $out['s'] = isset($rs['Section']) ? $rs['Section'] : ''; $is_404 = (empty($out['s']) or empty($out['id'])); } break; case 'title_only': $rs = lookupByTitle($u1); $out['id'] = @$rs['ID']; $out['s'] = empty($rs['Section']) ? ckEx('section', $u1) : $rs['Section']; $is_404 = empty($out['s']); break; case 'id_title': if (is_numeric($u1) && ckExID($u1)) { $rs = lookupByID($u1); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ''; $is_404 = (empty($out['s']) or empty($out['id'])); } else { // We don't want to miss the /section/ pages. $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } break; } if (!$is_404) { $out['context'] = validContext($out['context']); } break; // Prefs-defined permlink scheme case. } } else { $out['s'] = 'default'; $out['context'] = validContext($out['context']); } } else { // Messy mode, but prevent to get the id for file_downloads. $out['context'] = validContext($out['context']); if ($out['context'] == 'article' && $out['id'] && $out['s'] != 'file_download') { $rs = lookupByID($out['id']); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ''; $is_404 = (empty($out['s']) or empty($out['id'])); } } // Existing category in messy or clean URL? if (!empty($out['c'])) { if (!ckCat($out['context'], $out['c'])) { $is_404 = true; $out['c'] = ''; } } // Resolve AuthorID from Authorname. if ($out['author']) { $name = urldecode(strtolower(urlencode($out['author']))); $name = safe_field('name', 'txp_users', "RealName LIKE '" . doSlash($out['author']) . "'"); if ($name) { $out['author'] = $name; } else { $out['author'] = ''; $is_404 = true; } } // Allow article preview. if (gps('txpreview')) { doAuth(); if (!has_privs('article.preview')) { txp_status_header('401 Unauthorized'); exit(hed('401 Unauthorized', 1) . graf(gTxt('restricted_area'))); } global $nolog; $nolog = true; $rs = safe_row("ID AS id, Section AS s", 'textpattern', "ID = " . intval(gps('txpreview')) . " LIMIT 1"); if ($rs) { $is_404 = false; $out = array_merge($out, $rs); } } // Stats: found or not. $out['status'] = $is_404 ? '404' : '200'; $out['pg'] = is_numeric($out['pg']) ? intval($out['pg']) : ''; $out['id'] = is_numeric($out['id']) ? intval($out['id']) : ''; if ($out['s'] == 'file_download') { if (is_numeric($out['id'])) { // Undo the double-encoding workaround for .gz files; // @see filedownloadurl(). if (!empty($out['filename'])) { $out['filename'] = preg_replace('/gz&$/i', 'gz', $out['filename']); } $fn = empty($out['filename']) ? '' : " AND filename = '" . doSlash($out['filename']) . "'"; $rs = safe_row('*', 'txp_file', "id = " . intval($out['id']) . " AND status = " . STATUS_LIVE . " AND created <= " . now('created') . $fn); } return !empty($rs) ? array_merge($out, $rs) : array('s' => 'file_download', 'file_error' => 404); } if (!$is_404) { $out['s'] = empty($out['s']) ? 'default' : $out['s']; } $s = $out['s']; $id = $out['id']; // Hackish. global $is_article_list; if (empty($id)) { $is_article_list = true; } // By this point we should know the section, so grab its page and CSS. if (txpinterface != 'css') { $rs = safe_row("page, css", "txp_section", "name = '" . doSlash($s) . "' LIMIT 1"); $out['page'] = isset($rs['page']) ? $rs['page'] : ''; $out['css'] = isset($rs['css']) ? $rs['css'] : ''; } if (is_numeric($id) and !$is_404) { $a = safe_row("*, UNIX_TIMESTAMP(Posted) AS uPosted, UNIX_TIMESTAMP(Expires) AS uExpires, UNIX_TIMESTAMP(LastMod) AS uLastMod", 'textpattern', "ID = " . intval($id) . (gps('txpreview') ? '' : " AND Status IN (" . STATUS_LIVE . "," . STATUS_STICKY . ")")); if ($a) { $out['id_keywords'] = $a['Keywords']; $out['id_author'] = $a['AuthorID']; populateArticleData($a); $uExpires = $a['uExpires']; if ($uExpires and time() > $uExpires and !$publish_expired_articles) { $out['status'] = '410'; } } } // These are deprecated as of Textpattern v1.0 - leaving them here for // plugin compatibility. $out['path_from_root'] = rhu; $out['pfr'] = rhu; $out['path_to_site'] = $path_to_site; $out['permlink_mode'] = $permlink_mode; $out['sitename'] = $sitename; return $out; }
function mem_form_serverinfo($atts) { global $mem_form_submit; extract(mem_form_lAtts(array('label' => '', 'name' => ''), $atts)); if (empty($name)) { $name = mem_form_label2name($label); } if (strlen($name) and $mem_form_submit) { if (!$label) { $label = $name; } mem_form_store($name, $label, serverSet($name)); } }
function preText($s, $prefs) { extract($prefs); callback_event('pretext'); if (gps('rss')) { include txpath . '/publish/rss.php'; exit(rss()); } if (gps('atom')) { include txpath . '/publish/atom.php'; exit(atom()); } // set messy variables $out = makeOut('id', 's', 'c', 'q', 'pg', 'p', 'month', 'author'); // some useful vars for taghandlers, plugins $out['request_uri'] = preg_replace("|^https?://[^/]+|i", "", serverSet('REQUEST_URI')); $out['qs'] = serverSet('QUERY_STRING'); // IIS fix if (!$out['request_uri'] and serverSet('SCRIPT_NAME')) { $out['request_uri'] = serverSet('SCRIPT_NAME') . (serverSet('QUERY_STRING') ? '?' . serverSet('QUERY_STRING') : ''); } // another IIS fix if (!$out['request_uri'] and serverSet('argv')) { $argv = serverSet('argv'); $out['request_uri'] = @substr($argv[0], strpos($argv[0], ';') + 1); } // define the useable url, minus any subdirectories. // this is pretty fugly, if anyone wants to have a go at it - dean $out['subpath'] = $subpath = preg_quote(preg_replace("/https?:\\/\\/.*(\\/.*)/Ui", "\$1", hu), "/"); $out['req'] = $req = preg_replace("/^{$subpath}/i", "/", $out['request_uri']); $is_404 = 0; // if messy vars exist, bypass url parsing if (!$out['id'] && !$out['s'] && !(txpinterface == 'css') && !(txpinterface == 'admin')) { // return clean URL test results for diagnostics if (gps('txpcleantest')) { exit(show_clean_test($out)); } extract(chopUrl($req)); //first we sniff out some of the preset url schemes if (strlen($u1)) { switch ($u1) { case 'atom': include txpath . '/publish/atom.php'; exit(atom()); case 'rss': include txpath . '/publish/rss.php'; exit(rss()); // urldecode(strtolower(urlencode())) looks ugly but is the only way to // make it multibyte-safe without breaking backwards-compatibility // urldecode(strtolower(urlencode())) looks ugly but is the only way to // make it multibyte-safe without breaking backwards-compatibility case urldecode(strtolower(urlencode(gTxt('section')))): $out['s'] = ckEx('section', $u2) ? $u2 : ''; $is_404 = empty($out['s']); break; case urldecode(strtolower(urlencode(gTxt('category')))): $out['c'] = ckEx('category', $u2) ? $u2 : ''; $is_404 = empty($out['c']); break; case urldecode(strtolower(urlencode(gTxt('author')))): $out['author'] = !empty($u2) ? $u2 : ''; break; // AuthorID gets resolved from Name further down // AuthorID gets resolved from Name further down case urldecode(strtolower(urlencode(gTxt('file_download')))): $out['s'] = 'file_download'; $out['id'] = !empty($u2) ? $u2 : ''; break; default: // then see if the prefs-defined permlink scheme is usable switch ($permlink_mode) { case 'section_id_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } else { $rs = lookupByIDSection($u2, $u1); $out['s'] = @$rs['Section']; $out['id'] = @$rs['ID']; $is_404 = (empty($out['s']) or empty($out['id'])); } break; case 'year_month_day_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } elseif (empty($u4)) { $month = "{$u1}-{$u2}"; if (!empty($u3)) { $month .= "-{$u3}"; } if (preg_match('/\\d+-\\d+(?:-\\d+)?/', $month)) { $out['month'] = $month; $out['s'] = 'default'; } else { $is_404 = 1; } } else { $when = "{$u1}-{$u2}-{$u3}"; $rs = lookupByDateTitle($when, $u4); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ''; $is_404 = (empty($out['s']) or empty($out['id'])); } break; case 'section_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } else { $rs = lookupByTitleSection($u2, $u1); $out['id'] = @$rs['ID']; $out['s'] = @$rs['Section']; $is_404 = (empty($out['s']) or empty($out['id'])); } break; case 'title_only': $rs = lookupByTitle($u1); $out['id'] = @$rs['ID']; $out['s'] = empty($rs['Section']) ? ckEx('section', $u1) : $rs['Section']; $is_404 = empty($out['s']); break; case 'id_title': if (is_numeric($u1) && ckExID($u1)) { $rs = lookupByID($u1); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ''; $is_404 = (empty($out['s']) or empty($out['id'])); } else { # We don't want to miss the /section/ pages $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } break; } } } else { $out['s'] = 'default'; } } else { // Messy mode, but prevent to get the id for file_downloads if ($out['id'] && !$out['s']) { $rs = lookupByID($out['id']); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ''; $is_404 = (empty($out['s']) or empty($out['id'])); } } // Resolve AuthorID from Authorname if ($out['author']) { $name = urldecode(strtolower(urlencode($out['author']))); $name = safe_field('name', 'txp_users', "RealName like '" . doSlash($out['author']) . "'"); if ($name) { $out['author'] = $name; } else { $out['author'] = ''; $is_404 = true; } } // allow article preview if (gps('txpreview') and is_logged_in()) { global $nolog; $nolog = true; $rs = safe_row("ID as id,Section as s", 'textpattern', 'ID = ' . intval(gps('txpreview')) . ' limit 1'); if ($rs and $is_404) { $is_404 = false; $out = array_merge($out, $rs); } } // Stats: found or not $out['status'] = $is_404 ? '404' : '200'; $out['pg'] = is_numeric($out['pg']) ? intval($out['pg']) : ''; $out['id'] = is_numeric($out['id']) ? intval($out['id']) : ''; if ($out['s'] == 'file_download') { // get id of potential filename if (!is_numeric($out['id'])) { $rs = safe_row("*", "txp_file", "filename='" . doSlash($out['id']) . "' and status = 4"); } else { $rs = safe_row("*", "txp_file", 'id=' . intval($out['id']) . ' and status = 4'); } $out = $rs ? array_merge($out, $rs) : array('s' => 'file_download', 'file_error' => 404); return $out; } if (!$is_404) { $out['s'] = empty($out['s']) ? 'default' : $out['s']; } $s = $out['s']; $id = $out['id']; // hackish global $is_article_list; if (empty($id)) { $is_article_list = true; } // by this point we should know the section, so grab its page and css $rs = safe_row("page, css", "txp_section", "name = '" . doSlash($s) . "' limit 1"); $out['page'] = @$rs['page']; $out['css'] = @$rs['css']; if (is_numeric($id) and !$is_404) { $a = safe_row('*, unix_timestamp(Posted) as uPosted, unix_timestamp(Expires) as uExpires, unix_timestamp(LastMod) as uLastMod', 'textpattern', 'ID=' . intval($id) . (gps('txpreview') ? '' : ' and Status in (4,5)')); if ($a) { $Posted = $a['Posted']; $out['id_keywords'] = $a['Keywords']; $out['id_author'] = $a['AuthorID']; populateArticleData($a); $uExpires = $a['uExpires']; if ($uExpires and time() > $uExpires and !$publish_expired_articles) { $out['status'] = '410'; } if ($np = getNextPrev($id, $Posted, $s)) { $out = array_merge($out, $np); } } } $out['path_from_root'] = rhu; // these are deprecated as of 1.0 $out['pfr'] = rhu; // leaving them here for plugin compat $out['path_to_site'] = $path_to_site; $out['permlink_mode'] = $permlink_mode; $out['sitename'] = $sitename; return $out; }
function frompath() { $pinfo = serverSet('PATH_INFO'); if ($pinfo) { $frompath = explode('/', $pinfo); return !empty($frompath[1]) ? $frompath[1] : ''; } return ''; }
/** * Writes a record to the visitor log using the current visitor's information. * * This function is used by log_hit(). See it before trying to use this one. * * The hit is ignore if $r is set to 'refer' and the HTTP REFERER header is empty. * * @param string $r Type of record to write, e.g. refer * @param int $status HTTP status code * @access private * @see log_hit() */ function logit($r = '', $status = 200) { global $prefs, $pretext; if (!isset($pretext['request_uri'])) { return; } $host = $ip = (string) remote_addr(); $protocol = false; $referer = serverSet('HTTP_REFERER'); if ($referer) { foreach (do_list(LOG_REFERER_PROTOCOLS) as $option) { if (strpos($referer, $option . '://') === 0) { $protocol = $option; $referer = substr($referer, strlen($protocol) + 3); break; } } if (!$protocol || $protocol === 'https' && PROTOCOL !== 'https://') { $referer = ''; } elseif (preg_match('/^[^\\.]*\\.?' . preg_quote(preg_replace('/^www\\./', '', SITE_HOST), '/') . '/i', $referer)) { $referer = ''; } else { $referer = $protocol . '://' . clean_url($referer); } } if ($r == 'refer' && !$referer) { return; } if (!empty($prefs['use_dns'])) { // A crude rDNS cache. if (($h = safe_field('host', 'txp_log', "ip='" . doSlash($ip) . "' limit 1")) !== false) { $host = $h; } else { // Double-check the rDNS. $host = @gethostbyaddr($ip); if ($host !== $ip && @gethostbyname($host) !== $ip) { $host = $ip; } } } insert_logit(array('uri' => $pretext['request_uri'], 'ip' => $ip, 'host' => $host, 'status' => $status, 'method' => serverSet('REQUEST_METHOD'), 'ref' => $referer)); }
$microstart = getmicrotime(); if ($connected && safe_query("describe `" . PFX . "textpattern`")) { $dbversion = safe_field('val', 'txp_prefs', "name = 'version'"); $prefs = get_prefs(); extract($prefs); if (empty($siteurl)) { $siteurl = $_SERVER['HTTP_HOST'] . rtrim(dirname(dirname($_SERVER['SCRIPT_NAME'])), '/'); } if (empty($path_to_site)) { updateSitePath(dirname(dirname(__FILE__))); } define("LANG", $language); //i18n: define("LANG","en-gb"); define('txp_version', $thisversion); if (!defined('PROTOCOL')) { define('PROTOCOL', strtolower(serverSet('HTTPS')) == 'on' ? 'https://' : 'http://'); } define("hu", PROTOCOL . $siteurl . '/'); // v1.0 experimental relative url global define("rhu", preg_replace("/https?:\\/\\/.+(\\/.*)\\/?\$/U", "\$1", hu)); if (!empty($locale)) { setlocale(LC_ALL, $locale); } $textarray = load_lang(LANG); include txpath . '/include/txp_auth.php'; doAuth(); $event = gps('event') ? gps('event') : 'article'; $step = gps('step'); if (!$dbversion or $dbversion != $thisversion or $txp_using_svn) { define('TXP_UPDATE', 1); include txpath . '/update/_update.php';
function password_protect($atts, $thing = null) { ob_start(); extract(lAtts(array('login' => null, 'pass' => null, 'privs' => null), $atts)); if ($pass === null) { $access = ($user = is_logged_in($login)) !== false && ($privs === null || in_list($user['privs'], $privs)); } else { $au = serverSet('PHP_AUTH_USER'); $ap = serverSet('PHP_AUTH_PW'); // For PHP as (f)cgi, two rules in htaccess often allow this workaround. $ru = serverSet('REDIRECT_REMOTE_USER'); if (!$au && !$ap && strpos($ru, 'Basic') === 0) { list($au, $ap) = explode(':', base64_decode(substr($ru, 6))); } $access = $au === $login && $ap === $pass; } if ($access === false && $pass !== null) { header('WWW-Authenticate: Basic realm="Private"'); } if ($thing === null) { if ($access === false) { txp_die(gTxt('auth_required'), '401'); } return ''; } return parse(EvalElse($thing, $access)); }
function cnk_pretext() { global $prefs; // only takeover url algorithm when in section_title mode if (CNK_FRIENDLY_URLS && $prefs['permlink_mode'] == 'section_title') { extract($prefs); $out = array(); // some useful vars for taghandlers, plugins $out['request_uri'] = preg_replace("|^https?://[^/]+|i", "", serverSet('REQUEST_URI')); $out['qs'] = serverSet('QUERY_STRING'); // IIS fix if (!$out['request_uri'] and serverSet('SCRIPT_NAME')) { $out['request_uri'] = serverSet('SCRIPT_NAME') . (serverSet('QUERY_STRING') ? '?' . serverSet('QUERY_STRING') : ''); } // another IIS fix if (!$out['request_uri'] and serverSet('argv')) { $argv = serverSet('argv'); $out['request_uri'] = @substr($argv[0], strpos($argv[0], ';') + 1); } $subpath = preg_quote(preg_replace("/https?:\\/\\/.*(\\/.*)/Ui", "\$1", hu), "/"); $req = preg_replace("/^{$subpath}/i", "/", $out['request_uri']); $url_chunks = explode('/', trim($req, '/')); $req = '/' . implode('/', array_slice($url_chunks, -2)); //echo $req; extract(chopUrl($req)); //first we sniff out some of the preset url schemes if (strlen($u1)) { switch ($u1) { case 'atom': include txpath . '/publish/atom.php'; exit(atom()); case 'rss': include txpath . '/publish/rss.php'; exit(rss()); // urldecode(strtolower(urlencode())) looks ugly but is the only way to // make it multibyte-safe without breaking backwards-compatibility // urldecode(strtolower(urlencode())) looks ugly but is the only way to // make it multibyte-safe without breaking backwards-compatibility case urldecode(strtolower(urlencode(gTxt('section')))): $out['s'] = ckEx('section', $u2) ? $u2 : ''; break; case urldecode(strtolower(urlencode(gTxt('category')))): $out['c'] = ckEx('category', $u2) ? $u2 : ''; break; case urldecode(strtolower(urlencode(gTxt('author')))): $out['author'] = !empty($u2) ? $u2 : ''; break; // AuthorID gets resolved from Name further down // AuthorID gets resolved from Name further down case urldecode(strtolower(urlencode(gTxt('file_download')))): $out['s'] = 'file_download'; $out['id'] = !empty($u2) ? $u2 : ''; break; default: // then see if the prefs-defined permlink scheme is usable switch ($permlink_mode) { /* case 'section_id_title': if (empty($u2)) { $out['s'] = (ckEx('section',$u1)) ? $u1 : ''; } else { $rs = lookupByIDSection($u2, $u1); $out['s'] = @$rs['Section']; $out['id'] = @$rs['ID']; } break; case 'year_month_day_title': if (empty($u2)) { $out['s'] = (ckEx('section',$u1)) ? $u1 : ''; } elseif (empty($u4)) { $month = "$u1-$u2"; if (!empty($u3)) $month.= "-$u3"; if (preg_match('/\d+-\d+(?:-\d+)?/', $month)) { $out['month'] = $month; $out['s'] = 'default'; } } else { $when = "$u1-$u2-$u3"; $rs = lookupByDateTitle($when,$u4); $out['id'] = (!empty($rs['ID'])) ? $rs['ID'] : ''; $out['s'] = (!empty($rs['Section'])) ? $rs['Section'] : ''; } break; */ case 'section_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; } else { // match section/title $rs = lookupByTitleSection($u2, $u1); if (count($rs)) { $out['id'] = @$rs['ID']; $out['s'] = @$rs['Section']; } else { // match parentsection/section $rs = safe_row("name, lft", 'txp_section', "lower(name) like '" . doSlash($u2) . "' AND lower(parent)='" . doSlash($u1) . "' limit 1"); if (count($rs)) { // check path TODO: move to function $rs_path = safe_rows("name", "txp_section", "lft <= " . $rs['lft'] . " and ((rgt-lft) > 1 OR lft = " . $rs['lft'] . ") and name != 'default' order by lft"); $path = '/'; for ($i = 0; $i < count($rs_path); $i++) { $path .= $rs_path[$i]['name'] . '/'; } if ($path == '/' . implode('/', $url_chunks) . '/') { $out['s'] = @$rs['name']; } } } } break; /* case 'title_only': $rs = lookupByTitle($u1); $out['id'] = @$rs['ID']; $out['s'] = (empty($rs['Section']) ? ckEx('section', $u1) : $rs['Section']); break; case 'id_title': if (is_numeric($u1) && ckExID($u1)) { $rs = lookupByID($u1); $out['id'] = (!empty($rs['ID'])) ? $rs['ID'] : ''; $out['s'] = (!empty($rs['Section'])) ? $rs['Section'] : ''; } else { # We don't want to miss the /section/ pages $out['s']= ckEx('section',$u1)? $u1 : ''; } break; */ } } } else { $out['s'] = 'default'; } //print_r($out); if (isset($out['id'])) { $_GET['id'] = $out['id']; } if (isset($out['s'])) { $_GET['s'] = $out['s']; } } }
function preText($s, $prefs) { extract($prefs); callback_event('pretext'); if (gps('rss')) { include txpath . '/publish/rss.php'; exit(rss()); } if (gps('atom')) { include txpath . '/publish/atom.php'; exit(atom()); } // set messy variables $out = makeOut('id', 's', 'c', 'q', 'pg', 'p', 'month', 'author'); // some useful vars for taghandlers, plugins $out['request_uri'] = serverSet('REQUEST_URI'); $out['qs'] = serverSet('QUERY_STRING'); // IIS - can someone confirm whether or not this works? if (!$out['request_uri'] and $argv = serverSet('argv')) { $out['request_uri'] = @substr($argv[0], strpos($argv[0], ';' + 1)); } // define the useable url, minus any subdirectories. // this is pretty fugly, if anyone wants to have a go at it - dean $out['subpath'] = $subpath = preg_quote(preg_replace("/http:\\/\\/.*(\\/.*)/Ui", "\$1", hu), "/"); $out['req'] = $req = preg_replace("/^{$subpath}/i", "/", serverSet('REQUEST_URI')); $is_404 = 0; // if messy vars exist, bypass url parsing if (!$out['id'] && !$out['s']) { extract(chopUrl($req)); //first we sniff out some of the preset url schemes if (!empty($u1)) { switch ($u1) { case 'atom': include txpath . '/publish/atom.php'; exit(atom()); case 'rss': include txpath . '/publish/rss.php'; exit(rss()); // urldecode(strtolower(urlencode())) looks ugly but is the only way to // make it multibyte-safe without breaking backwards-compatibility // urldecode(strtolower(urlencode())) looks ugly but is the only way to // make it multibyte-safe without breaking backwards-compatibility case urldecode(strtolower(urlencode(gTxt('section')))): $out['s'] = ckEx('section', $u2) ? $u2 : ''; break; case urldecode(strtolower(urlencode(gTxt('category')))): $out['c'] = ckEx('category', $u2) ? $u2 : ''; break; case urldecode(strtolower(urlencode(gTxt('author')))): $out['author'] = !empty($u2) ? $u2 : ''; break; // AuthorID gets resolved from Name further down // AuthorID gets resolved from Name further down case urldecode(strtolower(urlencode(gTxt('file_download')))): $out['s'] = 'file_download'; $out['id'] = !empty($u2) ? $u2 : ''; break; case 'p': $out['p'] = is_numeric($u2) ? $u2 : ''; break; default: // then see if the prefs-defined permlink scheme is usable switch ($permlink_mode) { case 'section_id_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } else { $rs = ckExID($u2); $out['s'] = @$rs['Section']; $out['id'] = @$rs['ID']; $is_404 = (empty($out['s']) or empty($out['id'])); } break; case 'year_month_day_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } elseif (empty($u4)) { $month = "{$u1}-{$u2}"; if (!empty($u3)) { $month .= "-{$u3}"; } if (preg_match('/\\d+-\\d+(?:-\\d+)?/', $month)) { $out['month'] = $month; $out['s'] = 'default'; } else { $is_404 = 1; } } else { $when = "{$u1}-{$u2}-{$u3}"; $rs = lookupByDateTitle($when, $u4); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ''; $is_404 = (empty($out['s']) or empty($out['id'])); } break; case 'section_title': if (empty($u2)) { $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } else { $rs = lookupByTitleSection($u2, $u1); $out['id'] = @$rs['ID']; $out['s'] = @$rs['Section']; $is_404 = (empty($out['s']) or empty($out['id'])); } break; case 'title_only': $rs = lookupByTitle($u1); $out['id'] = @$rs['ID']; $out['s'] = empty($rs['Section']) ? ckEx('section', $u1) : $rs['Section']; $is_404 = empty($out['s']); break; case 'id_title': if (is_numeric($u1) && ckExID($u1)) { $rs = lookupByID($u1); $out['id'] = !empty($rs['ID']) ? $rs['ID'] : ''; $out['s'] = !empty($rs['Section']) ? $rs['Section'] : ''; $is_404 = (empty($out['s']) or empty($out['id'])); } else { # We don't want to miss the /section/ pages $out['s'] = ckEx('section', $u1) ? $u1 : ''; $is_404 = empty($out['s']); } break; } } } else { $out['s'] = 'default'; } } else { // Messy mode, but prevent to get the id for file_downloads if ($out['id'] && !$out['s']) { $out['s'] = safe_field('section', 'textpattern', "ID='" . doSlash($out['id']) . "'"); } } // Resolve AuthorID from Authorname if ($out['author']) { $out['author'] = safe_field('name', 'txp_users', "RealName like '" . doSlash($out['author']) . "'"); } // Stats: found or not $out['status'] = $is_404 ? '404' : '200'; if ($out['s'] == 'file_download') { // get id of potential filename if (!is_numeric($out['id'])) { $rs = safe_row("*", "txp_file", "filename='" . doSlash($out['id']) . "'"); } else { $rs = safe_row("*", "txp_file", "id='" . intval($out['id']) . "'"); } $out = $rs ? array_merge($out, $rs) : array('s' => 'file_download', 'file_error' => 404); return $out; } if (!$is_404) { $out['s'] = empty($out['s']) ? 'default' : $out['s']; } $s = $out['s']; $id = $out['id']; // hackish if (empty($id)) { $GLOBALS['is_article_list'] = true; } // by this point we should know the section, so grab its page and css $rs = safe_row("*", "txp_section", "name = '" . doSlash($s) . "' limit 1"); $out['page'] = @$rs['page']; // Remove the below line if nothing breaks // $out['css'] = @$rs['css']; if (is_numeric($id)) { $idrs = safe_row("Posted, AuthorID, Keywords", "textpattern", "ID=" . doSlash($id)); extract($idrs); if ($np = getNextPrev($id, $Posted, $s)) { $out = array_merge($out, $np); } $out['id_keywords'] = $Keywords; $out['id_author'] = get_author_name($AuthorID); } $out['path_from_root'] = $path_from_root; // these are deprecated as of 1.0 $out['pfr'] = $path_from_root; // leaving them here for plugin compat $out['path_to_site'] = $path_to_site; $out['permlink_mode'] = $permlink_mode; $out['sitename'] = htmlspecialchars($sitename); return $out; }
$microstart = getmicrotime(); if ($connected && safe_query("describe `" . PFX . "textpattern`")) { $dbversion = safe_field('val', 'txp_prefs', "name = 'version'"); $prefs = get_prefs(); extract($prefs); if (empty($siteurl)) { $siteurl = $_SERVER['HTTP_HOST'] . rtrim(dirname(dirname($_SERVER['SCRIPT_NAME'])), '/'); } if (empty($path_to_site)) { updateSitePath(dirname(dirname(__FILE__))); } define("LANG", $language); //i18n: define("LANG","en-gb"); define('txp_version', $thisversion); if (!defined('PROTOCOL')) { define('PROTOCOL', serverSet('HTTPS') != '' ? 'https://' : 'http://'); } define("hu", PROTOCOL . $siteurl . '/'); // v1.0 experimental relative url global define("rhu", preg_replace("/https?:\\/\\/.+(\\/.*)\\/?\$/U", "\$1", hu)); if (!empty($locale)) { setlocale(LC_ALL, $locale); } $textarray = load_lang(LANG); include txpath . '/include/txp_auth.php'; doAuth(); $event = gps('event') ? gps('event') : 'article'; $step = gps('step'); if (!$dbversion or $dbversion != $thisversion or $txp_using_svn) { define('TXP_UPDATE', 1); include txpath . '/update/_update.php';
function _method() { // return the request method return strtoupper(serverSet('REQUEST_METHOD')); }
function password_protect($atts) { ob_start(); extract(lAtts(array('login' => '', 'pass' => ''), $atts)); $au = serverSet('PHP_AUTH_USER'); $ap = serverSet('PHP_AUTH_PW'); //For php as (f)cgi, two rules in htaccess often allow this workaround $ru = serverSet('REDIRECT_REMOTE_USER'); if ($ru && !$au && !$ap && substr($ru, 0, 5) == 'Basic') { list($au, $ap) = explode(':', base64_decode(substr($ru, 6))); } if ($login && $pass) { if (!$au || !$ap || $au != $login || $ap != $pass) { header('WWW-Authenticate: Basic realm="Private"'); txp_die(gTxt('auth_required'), '401'); } } }
function password_protect($atts) { ob_start(); extract(lAtts(array('login' => '', 'pass' => ''), $atts)); $au = serverSet('PHP_AUTH_USER'); $ap = serverSet('PHP_AUTH_PW'); if ($login && $pass) { if (!$au || !$ap || $au != $login || $ap != $pass) { header('WWW-Authenticate: Basic realm="Private"'); header('HTTP/1.0 401 Unauthorized'); exit(gTxt('auth_required')); } } }
/** * Test whether the client accepts a certain response format. * * Discards formats with a quality factor below 0.1 * * @param string $format One of 'html', 'txt', 'js', 'css', 'json', 'xml', 'rdf', 'atom', 'rss' * @return boolean $format TRUE if accepted * @since 4.5.0 * @package Network */ function http_accept_format($format) { static $formats = array('html' => array('text/html', 'application/xhtml+xml', '*/*'), 'txt' => array('text/plain', '*/*'), 'js' => array('application/javascript', 'application/x-javascript', 'text/javascript', 'application/ecmascript', 'application/x-ecmascript', '*/*'), 'css' => array('text/css', '*/*'), 'json' => array('application/json', 'application/x-json', '*/*'), 'xml' => array('text/xml', 'application/xml', 'application/x-xml', '*/*'), 'rdf' => array('application/rdf+xml', '*/*'), 'atom' => array('application/atom+xml', '*/*'), 'rss' => array('application/rss+xml', '*/*')); static $accepts = array(); static $q = array(); if (empty($accepts)) { // Build cache of accepted formats. $accepts = preg_split('/\\s*,\\s*/', serverSet('HTTP_ACCEPT'), null, PREG_SPLIT_NO_EMPTY); foreach ($accepts as $i => &$a) { // Sniff out quality factors if present. if (preg_match('/(.*)\\s*;\\s*q=([.0-9]*)/', $a, $m)) { $a = $m[1]; $q[$a] = floatval($m[2]); } else { $q[$a] = 1.0; } // Discard formats with quality factors below an arbitrary threshold // as jQuery adds a wildcard '*/*; q=0.01' to the 'Accepts' header // for XHR requests. if ($q[$a] < 0.1) { unset($q[$a]); unset($accepts[$i]); } } } return isset($formats[$format]) && count(array_intersect($formats[$format], $accepts)) > 0; }
/** * Test whether the client accepts a certain response format * @param string $format One of 'html', 'txt', 'js', 'css', 'json', 'xml', 'rdf', 'atom', or 'rss' * @return boolean $format is accepted * @since 4.5.0 */ function http_accept_format($format) { static $formats = array('html' => array('text/html', 'application/xhtml+xml', '*/*'), 'txt' => array('text/plain', '*/*'), 'js' => array('application/javascript', 'application/x-javascript', 'text/javascript', 'application/ecmascript', 'application/x-ecmascript', '*/*'), 'css' => array('text/css', '*/*'), 'json' => array('application/json', 'application/x-json', '*/*'), 'xml' => array('text/xml', 'application/xml', 'application/x-xml', '*/*'), 'rdf' => array('application/rdf+xml', '*/*'), 'atom' => array('application/atom+xml', '*/*'), 'rss' => array('application/rss+xml', '*/*')); static $accepts = array(); // static $q = array(); // nice to have if (empty($accepts)) { // build cache of accepted formats $accepts = preg_split('/\\s*,\\s*/', serverSet('HTTP_ACCEPT'), null, PREG_SPLIT_NO_EMPTY); foreach ($accepts as &$a) { // sniff out quality factors if present if (preg_match('/(.*)\\s*;\\s*q=([.0-9]*)/', $a, $m)) { $a = $m[1]; // $q[$a] = floatval($m[2]); // } else { // $q[$a] = 1.0; } } } return isset($formats[$format]) ? count(array_intersect($formats[$format], $accepts)) > 0 : false; }
/** * Renders a checkbox to set/unset a browser cookie. * * @param string $classname Label text. The cookie's name will be derived from this value * @param bool $form Create as a stand-along <form> element * @return string HTML */ function cookie_box($classname, $form = true) { $name = 'cb_' . $classname; $id = escape_js($name); $class = escape_js($classname); if (cs('toggle_' . $classname)) { $value = 1; } else { $value = 0; } $newvalue = 1 - $value; $out = checkbox($name, 1, (bool) $value, 0, $name) . n . tag(gTxt($classname), 'label', array('for' => $name)); $js = <<<EOF \$(function () { \$('input') .filter(function () { if (\$(this).attr('id') === '{$id}') { return true; } }) .change(function () { setClassRemember('{$class}', {$newvalue}); \$(this).parents('form').submit(); }); }); EOF; $out .= script_js($js); if ($form) { if (serverSet('QUERY_STRING')) { $action = 'index.php?' . serverSet('QUERY_STRING'); } else { $action = 'index.php'; } $out .= eInput(gps('event')) . tInput(); return tag($out, 'form', array('class' => $name, 'method' => 'post', 'action' => $action)); } return $out; }
/** * ign_doTxpValidate strictly validates cookie or passed in credentials, does NOT check privilege levels, * make certain to call ign_checkPrivs after validating the user for protected elements * returns value depending type of failure or 0 on success * 0 - successful validation * 1 - logout process (display login?) * 2 - invalid user / password * 3 - bad cookie * **/ function ign_doTxpValidate() { global $logout, $txpcfg, $ign_user_db; if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) { $p_userid = serverSet('PHP_AUTH_USER'); $p_password = serverSet('PHP_AUTH_PW'); } else { $p_userid = ps('p_userid'); $p_password = ps('p_password'); } $logout = gps('logout'); $stay = ps('stay'); $now = time() + 3600 * 24 * 365; // $d = explode('.', $_SERVER['HTTP_HOST']); // $d = '.' . join('.', array_slice($d, 1-count($d), count($d)-1)); $domain = ign_getDomain(); if ($logout) { setcookie('ign_login', ' ', time() - 3600, '/', $domain); $GLOBALS['ign_user'] = ''; // logout from Vanilla if (load_plugin("ddh_vanilla_integration")) { ddh_vanilla_logout(); } return 1; } if (isset($_COOKIE['ign_login']) and !$logout) { //parse cookie list($c_userid, $c_privs, $c_realname, $cookie_hash) = ign_getCookie(); //get account info $acct = safe_row('name, privs, realname, nonce, last_access, email', $ign_user_db, "name='{$c_userid}'"); $nonce = $acct['nonce']; if (md5($c_userid . $c_privs . $nonce) == $cookie_hash) { // check nonce $GLOBALS['ign_user'] = $c_userid; // cookie is good, create $txp_user if ($c_privs != $acct['privs']) { if ($_COOKIE['ign_stay']) { if (!ign_setCookie($acct, $now)) { return 3; } } else { if (!ign_setCookie($acct)) { return 3; } } } ign_update_access($acct); return 0; } else { // something's gone wrong $GLOBALS['ign_user'] = ''; setcookie('ign_login', '', -1, '/'); return 3; } } elseif ($p_userid) { // no cookie, but incoming login vars sleep(3); // should grind dictionary attacks to a halt $valid_usr = ign_validate($p_userid, $p_password); if ($valid_usr) { $nonce = $valid_usr['nonce']; //get nonce if ($stay) { // persistent cookie required if (!ign_setCookie($valid_usr, $now)) { return 3; } setcookie('ign_stay', '1', $now, '/', $domain); } else { // session-only cookie required` if (!ign_setCookie($valid_usr)) { return 3; } setcookie('ign_stay', '0', -1, '/', $domain); } $GLOBALS['ign_user'] = $p_userid; // login is good, create $txp_user return 0; } else { $GLOBALS['ign_user'] = ''; return 2; } } else { $GLOBALS['ign_user'] = ''; return -1; } }
function yab_shop_add() { global $thisarticle, $is_article_list; $id = $thisarticle['thisid']; $property_1_name = yab_shop_config('custom_field_property_1_name'); $property_2_name = yab_shop_config('custom_field_property_2_name'); $property_3_name = yab_shop_config('custom_field_property_3_name'); $hinput = ''; $purl = permlinkurl_id($id); $script = ''; if ($is_article_list == true) { $hinput = hInput('yab-shop-id', $id); if (serverSet('REQUEST_URI') and serverSet('HTTP_HOST')) { $purl = PROTOCOL . serverSet('HTTP_HOST') . serverSet('REQUEST_URI'); } } if (yab_shop_config('use_property_prices') == '1') { $script .= yab_shop_property_prices($id) . n; } $add_form = tag($hinput . yab_shop_build_custom_select_tag($property_1_name, yab_shop_lang('custom_field_property_1')) . yab_shop_build_custom_select_tag($property_2_name, yab_shop_lang('custom_field_property_2')) . yab_shop_build_custom_select_tag($property_3_name, yab_shop_lang('custom_field_property_3')) . graf(fInput('text', 'qty', '1', '', '', '', '1') . fInput('submit', 'add', yab_shop_lang('add_to_cart'), 'submit'), ' class="yab-add"'), 'form', ' method="post" action="' . $purl . '#yab-shop-form-' . $id . '" id="yab-shop-form-' . $id . '"'); return $script . $add_form; }
function show_clean_test($pretext) { echo md5(@$pretext['req']) . n; if (serverSet('SERVER_ADDR') == serverSet('REMOTE_ADDR')) { var_export($pretext); } }
function l10n_lang_list($atts) { global $thisarticle, $l10n_language, $is_article_list, $pretext, $prefs; extract(lAtts(array('title' => '', 'on404' => '', 'current_class' => 'l10n_current', 'language_class' => 'long', 'list_class' => 'l10n_lang_list', 'show_empty' => '', 'link_current' => '', 'display' => 'native', 'article_list' => $is_article_list, 'surpress_current' => '', 'empty_title' => '', 'appendslash' => '', 'wraptag' => 'ul', 'break' => 'li', 'hide_langs' => ''), $atts)); $on404 = !empty($on404); # User marked this list as a 404 special lookup list. $show_empty = !empty($show_empty); $link_current = !empty($link_current); $surpress_current = !empty($surpress_current); $break = $wraptag == 'select' ? 'option' : $break; // Ensure 'option' break tag if select used $appendslash = !empty($appendslash); $processing404 = $pretext['status'] === '404'; $messy_urls = $pretext['permlink_mode'] === 'messy'; $category_list = !empty($pretext['c']); $get_style_cat = gps('c'); $processingcats = $category_list && !$messy_urls && !$get_style_cat; # Don't process (localise) category list urls in messy mode. $author_list = !empty($pretext['author']); $get_style_auth = gps('author'); $processingauths = $author_list && !$messy_urls && !$get_style_auth; # Don't process (localise) author list urls in messy mode. $list = array(); static $alangs; $slangs = MLPLanguageHandler::get_site_langs(); $hide_langs = do_list(trim($hide_langs)); $slangs = array_diff($slangs, $hide_langs); $section = empty($pretext['s']) ? '' : $pretext['s']; $id = $pretext['id']; $subpath = preg_quote(preg_replace("/https?:\\/\\/.*(\\/.*)/Ui", "\$1", hu), "/"); $uri = preg_replace("/^{$subpath}/i", "/", serverSet('REQUEST_URI')); #$uri = preg_replace("/^$subpath/i" , "/" , rtrim(serverSet('REQUEST_URI'),'/')); $parts = chopUrl($uri); //echo br , "l10n_lang_list(" , var_dump($atts) , ") Section($section) ID($id)" ; //echo br , 'uri = ' , $uri; //echo br , "parts = " , var_dump( $parts ); $name_mappings = array(); if ($processingcats || $processingauths) { # echo br , 'Processing by category or author : '; $info = safe_rows_start('name,lang,data', 'txp_lang', "`name` IN ('category','author')"); if ($info and mysql_num_rows($info) > 0) { while ($r = nextRow($info)) { $name_mappings[$r['name']][$r['lang']] = urlencode($r['data']); } } # echo var_dump( $name_mappings ) . br ; } if ($on404 or $processing404) { # # Find the section and id of the faulting article (if possible)... # if (empty($id)) { $id = gps('id'); } # Try out a messy match first if (empty($id)) { extract($parts); //echo br , 'permlink_mode = ' , $prefs['permlink_mode']; switch ($prefs['permlink_mode']) { case 'section_id_title': $id = $u1; break; case 'year_month_day_title': $when = "{$u0}-{$u1}-{$u2}"; $rs = safe_row("ID,Section", L10N_MASTER_TEXTPATTERN, "posted like '" . doSlash($when) . "%' and url_title like '" . doSlash($u3) . "' and Status >= 4 limit 1"); $id = !empty($rs['ID']) ? $rs['ID'] : ''; break; case 'section_title': $rs = safe_row("ID,Section", L10N_MASTER_TEXTPATTERN, "url_title like '" . doSlash($u1) . "' AND Section='" . doSlash($u0) . "' and Status >= 4 limit 1"); $id = @$rs['ID']; break; case 'title_only': $rs = safe_row('ID', L10N_MASTER_TEXTPATTERN, "url_title like '" . doSlash($u0) . "' and Status >= 4 limit 1"); $id = @$rs['ID']; break; case 'id_title': $id = $u0; break; } } if (!empty($id) and is_numeric($id)) { $article_list = false; } else { return ''; } # # Make sure we show all alternatives, even if they are in the current language... # $link_current = true; } $show_title = !empty($title); if (!$article_list) { if (!isset($alangs) or !is_array($alangs)) { $alangs = _l10n_get_alternate_mappings($id, 'nothing', true); } //echo br , 'alangs = ' , var_dump( $alangs ); if ($show_title) { $show_title = !empty($alangs); } } if ($show_title) { $title = tag($title, 'p') . n; } else { $title = ''; } foreach ($slangs as $lang) { $codes = MLPLanguageHandler::compact_code($lang); $short = $codes['short']; $long = $codes['long']; $dir = MLPLanguageHandler::get_lang_direction_markup($lang); # # Surpress the current item when needed... # $current = $l10n_language['long'] === $lang; if ($current && $surpress_current) { continue; } switch ($display) { case 'short': $lname = $short; break; case 'long': $lname = $long; break; case 'native+': $lname = MLPLanguageHandler::get_native_name_of_lang($lang) . " [{$short}]"; break; case 'native++': $lname = MLPLanguageHandler::get_native_name_of_lang($lang) . " [{$long}]"; break; default: $lname = MLPLanguageHandler::get_native_name_of_lang($lang); break; } if ($article_list) { # # No individual ID but we should be able to serve all the languages # so use the current url and inject the language component into each one... # $text = tag($lname, 'span', $dir); # # Prep the line class... # $class = 'short' === $language_class ? $short : $lang; if ($current) { $class .= ' ' . $current_class; } $class = ' class="' . $class . '"'; if (!$current or $link_current) { #$subpath = preg_quote(preg_replace("/https?:\/\/.*(\/.*)/Ui","$1",hu),"/"); #$uri = preg_replace("/^$subpath/i" , "/" , serverSet('REQUEST_URI')); if ($processing404) { $uri = ''; } if ($processingcats || $processingauths) { # # Category lists are a special case. For this to work, we need to # replace the local 'category'/'author' string with it's name in the target language. # # Not doing the replace results in 404 errors. # $type = $processingcats ? 'category' : 'author'; $target_name = $name_mappings[$type][$lang]; #echo br . $uri . ' => ' . $lang . ' = ' . $target_name . '(' . urldecode($target_name) . ')'; $chunks = explode('/', ltrim($uri, '/')); $chunks[0] = $target_name; $uri = '/' . join('/', $chunks); } if (!$processing404 && $appendslash && $uri == '') { $uri = '/'; } if ($break == 'option') { $line = $text; $class .= ' value="' . hu . $short . $uri . '"'; } else { $line = '<a href="' . hu . $short . $uri . '">' . $text . '</a>'; } } else { if ($break == 'option') { $class .= ' selected="selected"'; } $line = $text; } $list[] = tag($line, $break, $class); } else { # # If a translation exists for that language then we # build a valid url to it and make it active in the list, otherwise include it in the # list but wihtout the hyper-link. # # The active page is marked up with a css class. # if (array_key_exists($lang, $alangs)) { $record = $alangs[$lang]; $lang_rendition_title = $record['Title']; $lang_rendition_id = $record['ID']; $text = $lname; if ($processing404) { $text = strong($text) . sp . ':' . sp . $lang_rendition_title; } $text = tag($text, 'span', $dir); # # Prep the line class... # $class = 'short' === $language_class ? $short : $lang; if ($current) { $class .= ' ' . $current_class; } $class = ' class="' . $class . '"'; if (!$current or $link_current) { $url = permlinkurl($record); $f = hu; $url = str_replace($f, $f . $short . '/', $url); if ($break == 'option') { $line = $text; $class .= ' value="' . $url . '"'; } else { $line = '<a href="' . $url . '">' . $text . '</a>'; } } else { if ($break == 'option') { $class .= ' selected="selected"'; } $line = $text; } $list[] = tag($line, $break, $class); } else { if ($show_empty) { $list[] = tag($lname, $break); } } } } $selopts = ''; if (!empty($list)) { if ($wraptag == 'select') { $selopts .= ' onchange="location.href=this.options[selectedIndex].value"'; } $list = $title . tag(join("\n\t", $list), $wraptag, " class=\"{$list_class}\"" . $selopts); } else { $list = tag($empty_title, 'p') . n; } return $list; }