function webfiles_request()
{
$info = parse_url(urldecode($_SERVER['REQUEST_URI']));
$path = array_pop(preg_split('/\\/method.(copy|delete|edit|get|list|mkdir|move|put|search|lock|unlock|statuses|access-levels|teams)/', $info['path'], 2));
$path = rtrim($path, '/');
// check permissions
if (!session_allowed('sitellite_filesystem', 'rw', 'resource')) {
return webfiles_error(403, 'Forbidden');
}
// disallow .. references
if (strpos($path, '..') !== false) {
return webfiles_error(403, 'Forbidden');
}
// only post requests contain a body
if ($_SERVER['REQUEST_METHOD'] != 'POST' && $_SERVER['REQUEST_METHOD'] != 'PUT') {
return strtolower($path);
}
// fetch the body and return array(path, body)
$body = '';
$stream = fopen('php://input', 'r');
while (!feof($stream)) {
$body .= fread($stream, 4096);
}
fclose($stream);
$path = strtolower($path);
return array($path, $body);
}
}
// END KEEPOUT CHECKING
global $cgi;
loader_import('cms.Versioning.Rex');
$rex = new Rex($cgi->collection);
session_set('imagechooser_path', '/pix');
if (!$rex->collection) {
page_title(intl_get('Error: Collection not found!'));
echo '<p><a href="' . $_SERVER['HTTP_REFERER'] . '">' . intl_get('Back') . '</a></p>';
return;
}
if (!session_allowed('add', 'rw', 'resource')) {
header('Location: ' . site_prefix() . '/index/cms-cpanel-action');
exit;
}
if (session_is_resource($cgi->collection) && !session_allowed($cgi->collection, 'r', 'resource')) {
header('Location: ' . site_prefix() . '/index/cms-cpanel-action');
exit;
}
if (isset($rex->info['Collection']['add'])) {
list($call, $name) = explode(':', $rex->info['Collection']['add']);
if ($call == 'box') {
echo loader_box($name);
} elseif ($call == 'form') {
echo loader_form($name);
} else {
echo loader_form($call);
}
return;
} else {
class CmsAddForm extends MailForm
$pg = new Pager($cgi->offset, $limit);
$pg->url = site_current() . '?collection=' . urlencode($cgi->collection);
$res = $rex->getDeleted($limit, $cgi->offset, $acl);
if (!$res) {
$res = array();
$rex->total = 0;
}
$pg->total = $rex->total;
$res2 = array();
foreach ($res as $k => $v) {
$res2[$v->{$rex->key}] = $v;
}
function pretty_date($date)
{
loader_import('saf.Date');
return Date::timestamp($date, 'M j, Y - g:ia');
}
$pg->setData($res2);
$pg->update();
//page_title (intl_get ('Browsing') . ': ' . $rex->info['Collection']['display']);
$data['collection_name'] = $rex->info['Collection']['display'];
$data['title_field'] = $rex->info['Collection']['title_field'];
if (!session_allowed('approved', 'w', 'status')) {
$data['restore'] = false;
} else {
$data['restore'] = true;
}
echo template_simple(CMS_JS_ALERT_MESSAGE, $GLOBALS['cgi']);
echo loader_box('cms/nav');
template_simple_register('pager', $pg);
echo template_simple('deleted_items.spt', $data);
/**
* Returns the display HTML for this widget. The optional
* parameter determines whether or not to automatically display the widget
* nicely, or whether to simply return the widget (for use in a template).
*
* @access public
* @param boolean $generate_html
* @return string
*
*/
function display($generate_html = 0)
{
foreach (array_keys(parse_ini_file('inc/conf/auth/status/index.php')) as $status) {
if (session_allowed($status, 'w', 'status')) {
if ($status == 'parallel' && $this->collection != 'sitellite_page') {
continue;
}
$this->value[$status] = ucfirst($status);
}
}
if ($this->nullable) {
$this->value[''] = 'BLANK';
}
return parent::display($generate_html);
}
<?php
if (!session_allowed('imagechooser_delete', 'rw', 'resource')) {
die('Delete not permitted.');
}
$res = db_shift_array('select id from sitellite_page where body like ?', '%' . $parameters['location'] . '/' . $parameters['src'] . '%');
if (count($res) > 0) {
$parameters['deleted'] = false;
page_title(intl_get('Image in Use') . ': ' . $parameters['location'] . '/' . $parameters['src']);
$parameters['err'] = intl_get('Unable to delete image because it is still in use on the following pages:');
$parameters['list'] = $res;
} else {
if (!@unlink(site_docroot() . $parameters['location'] . '/' . $parameters['src'])) {
$parameters['deleted'] = false;
page_title(intl_get('Delete Failed') . ': ' . $parameters['location'] . '/' . $parameters['src']);
$parameters['err'] = intl_get('Unable to delete image. Check your server filesystem permissions and try again.');
} else {
$parameters['deleted'] = true;
page_title(intl_get('Image Deleted') . ': ' . $parameters['location'] . '/' . $parameters['src']);
}
}
if ($parameters['admin']) {
$app = '-admin-action';
} else {
$app = '-app';
}
global $cgi;
if ($parameters['err']) {
session_set('imagechooser_err', $parameters['err']);
session_set('imagechooser_pagelist', $parameters['list']);
} else {
/**
* Checks recursively in the form directory and parent directories
* until it checks $formPath finally for an access.php file. It then
* parses that file as an INI file and determines whether the form is
* accessible by the current user. If a template is specified in the
* access.php file, that template name is returned on success, otherwise
* a boolean true value is returned on success. False is always returned
* if the user is not allowed.
*
* @access public
* @param string $name
* @param string $context
* @return mixed
*
*/
function formAllowed($name, $context = 'normal')
{
$app = $this->getApp($name);
$name = $this->removeApp($name, $app);
if (session_admin() && session_is_resource('app_' . $app) && !session_allowed('app_' . $app, 'rw', 'resource')) {
return false;
}
if (isset($this->applications[$app]) && !$this->applications[$app]) {
// app is disabled
return false;
}
$dir = $this->prefix . '/' . $app . '/' . $this->formPath . '/' . $name;
while ($dir != $this->prefix . '/' . $app . '/' . $this->formPath) {
if (@file_exists($dir . '/access.php')) {
$access = parse_ini_file($dir . '/access.php');
$this->formAccess = $access;
if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'action' && !$access['sitellite_action']) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context != 'normal' && isset($access['sitellite_' . $context]) && !$access['sitellite_' . $context]) {
return false;
// } elseif ($context == 'inline' && ! $access['sitellite_inline']) {
// return false;
} else {
if (isset($access['sitellite_template_set'])) {
page_template_set($access['sitellite_template_set']);
}
if (isset($access['sitellite_template'])) {
return $access['sitellite_template'];
} else {
return true;
}
}
}
$dir = preg_split('/\\//', $dir);
array_pop($dir);
$dir = join('/', $dir);
}
// check for a global access.php file
if (@file_exists($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php')) {
$access = parse_ini_file($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php');
$this->formAccess = $access;
if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'action' && !$access['sitellite_action']) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'inline' && !$access['sitellite_inline']) {
return false;
} else {
if (isset($access['sitellite_template_set'])) {
page_template_set($access['sitellite_template_set']);
}
if (isset($access['sitellite_template'])) {
return $access['sitellite_template'];
} else {
return true;
}
}
}
// no access.php found at all, revert to logical defaults
if ($context == 'action') {
return false;
}
return true;
}
<?php
global $cgi;
loader_import('saf.Misc.RPC');
if (!$cgi->table || !$cgi->items || !$cgi->key) {
echo rpc_response(false);
exit;
}
if (!$cgi->verify('table', 'regex', '/^[a-zA-Z0-9_-]+$/')) {
echo rpc_response(false);
exit;
}
if (!$cgi->verify('key', 'regex', '/^[a-zA-Z0-9_-]+$/')) {
echo rpc_response(false);
exit;
}
if (session_is_resource($cgi->table) && !session_allowed($cgi->table, 'rw', 'resource')) {
echo rpc_response(false);
exit;
}
$items = preg_split('/, ?/', $cgi->items);
foreach ($items as $item) {
db_execute('insert into ' . $cgi->table . ' (' . $cgi->key . ') values (?)', $item);
}
echo rpc_response(true);
exit;
}
$data['links'] = array();
foreach ($rex->info as $key => $vals) {
if (strpos($key, 'link:') === 0) {
$perms = $vals['requires'];
switch ($perms) {
case 'r':
case 'w':
case 'rw':
if (session_is_resource($cgi->collection) && !session_allowed($cgi->collection, $perms, 'resource')) {
continue;
}
break;
}
if (isset($vals['requires resource'])) {
if (session_is_resource($vals['requires resource']) && !session_allowed($vals['requires resource'], 'rw', 'resource')) {
continue;
}
}
$vals['text'] = intl_get($vals['text']);
if (strpos($vals['url'], '/index/') === 0) {
$vals['url'] = site_prefix() . $vals['url'];
}
$data['links'][] = $vals;
}
}
echo template_simple(CMS_JS_ALERT_MESSAGE, $GLOBALS['cgi']);
echo loader_box('cms/nav');
template_simple_register('pager', $pg);
template_simple_register('locks', $locks);
template_simple_register('editable', $editable);
$pg->update();
function pretty_date($date)
{
loader_import('saf.Date');
return Date::timestamp($date, 'M j, Y - g:ia');
}
$cur = $rex->getCurrent($cgi->_key);
if (!$cur) {
$title = $cgi->_key;
} else {
$title = $cur->{$rex->info['Collection']['title_field']};
}
if (!session_allowed('approved', 'w', 'status')) {
//isset ($cur->sitellite_access) && ! session_allowed ($cur->sitellite_access, 'w', 'access')) {
$editable = false;
} elseif (isset($cur->sitellite_access) && !session_allowed($cur->sitellite_access, 'w', 'access')) {
$editable = false;
} elseif (isset($cur->sitellite_status) && !session_allowed($cur->sitellite_status, 'w', 'status')) {
$editable = false;
} elseif (isset($cur->sitellite_team) && !session_allowed($cur->sitellite_team, 'w', 'team')) {
$editable = false;
} else {
$editable = true;
}
if ($cgi->offset == 0) {
$cgi->_current = $history[0]->sv_autoid;
}
$pg->url = site_current() . '?_collection=' . urlencode($cgi->_collection) . '&_key=' . urlencode($cgi->_key) . '&_return=' . urlencode($cgi->_return) . '&_current=' . urlencode($cgi->_current);
page_title(intl_get('Change History') . ': ' . $rex->info['Collection']['display'] . ' / ' . $title);
template_simple_register('pager', $pg);
echo template_simple('history.spt', array('history' => $history, 'current' => $cgi->_current, 'editable' => $editable));
/**
* Returns the display HTML for this widget. The optional
* parameter determines whether or not to automatically display the widget
* nicely, or whether to simply return the widget (for use in a template).
*
* @access public
* @param boolean $generate_html
* @return string
*
*/
function display($generate_html = 0)
{
foreach (array_keys(parse_ini_file('inc/conf/auth/access/index.php')) as $access) {
if (session_allowed($access, 'w', 'access')) {
$this->value[$access] = ucfirst($access);
}
}
if ($this->nullable) {
$this->value[''] = 'BLANK';
}
return parent::display($generate_html);
}
$parameters['inline'] = true;
}
if (!isset($parameters['return']) && $parameters['collection'] == 'sitellite_page') {
$parameters['return'] = site_current();
}
$parameters['return_v1'] = site_current();
loader_import('cms.Workflow.Lock');
lock_init();
if (lock_exists($parameters['collection'], $parameters['id'])) {
$parameters['editable'] = false;
$lock_info = lock_info($parameters['collection'], $parameters['id']);
$parameters['lock_owner'] = $lock_info->user;
$parameters['lock_expires'] = $lock_info->expires;
loader_import('cms.Filters');
}
if (session_is_resource('delete') && !session_allowed('delete', 'rw', 'resource')) {
$parameters['deletable'] = false;
}
if ($rex->isVersioned && $parameters['editable']) {
//session_allowed ('approved', 'w', 'status')) {
$parameters['history'] = true;
} else {
$parameters['history'] = false;
}
if ($parameters['collection'] == 'sitellite_page') {
$c = $rex->getCurrent($parameters['id']);
if ($c->sitellite_status == 'draft' || $c->sitellite_status == 'pending') {
//$parameters['status'] = $c->sitellite_status;
$p = $rex->getSource($parameters['id']);
if ($p == $c) {
$parameters['draft'] = false;
$c = 0;
foreach ($one as $k => $v) {
$ct = str_replace(site_prefix() . '/index/cms-browse-action?collection=', '', $k);
$r = new Rex($ct);
if ($r->info['Collection']['icon']) {
$icon = site_prefix() . '/' . $r->info['Collection']['icon'];
} else {
$icon = site_prefix() . '/inc/app/cms/pix/icons/content-type.gif';
}
$data['content_panel']['icons'][] = array('href' => $k, 'src' => $icon, 'alt' => $v);
$c++;
if ($c >= 3) {
break;
}
}
if (session_is_resource('app_usradm') && !session_allowed('app_usradm', 'rw', 'resource')) {
$data['admin_panel'] = array('name' => 'admin', 'caption' => intl_get('Admin'), 'action' => '#', 'method' => 'get', 'select' => 'list', 'selected' => '', 'select-extra' => 'disabled="disabled"', 'options' => array(array()), 'icons' => array(array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/users_disabled.gif', 'alt' => intl_get('Users')), array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/roles_disabled.gif', 'alt' => intl_get('Roles')), array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/teams_disabled.gif', 'alt' => intl_get('Teams'))));
if (!appconf('panels_show_disabled')) {
$data['admin_panel']['icons'] = array();
}
} else {
$data['admin_panel'] = array('name' => 'admin', 'caption' => intl_get('Admin'), 'action' => site_prefix() . '/index/usradm-browse-action', 'method' => 'get', 'select' => 'list', 'selected' => '', 'select-extra' => 'onchange="this.form.submit ()"', 'options' => array(array(site_prefix() . '/index/usradm-browse-action?list=accesslevels' => intl_get('Access Levels'), site_prefix() . '/index/usradm-browse-action?list=log' => intl_get('Activity Log'), site_prefix() . '/index/usradm-applications-action' => intl_get('Applications'), site_prefix() . '/index/usradm-cache-form' => intl_get('Cache Settings'), site_prefix() . '/index/usradm-browse-action?list=prefs' => intl_get('Preferences'), site_prefix() . '/index/usradm-browse-action?list=resources' => intl_get('Resources')), array(site_prefix() . '/index/usradm-browse-action?list=roles' => intl_get('Roles'), site_prefix() . '/index/usradm-settings-form' => intl_get('Site Settings'), site_prefix() . '/index/usradm-browse-action?list=statuses' => intl_get('Statuses'), site_prefix() . '/index/usradm-browse-action?list=teams' => intl_get('Teams'), site_prefix() . '/index/usradm-browse-action?list=users' => intl_get('Users'), site_prefix() . '/index/usradm-workflow-action' => intl_get('Workflow Services'))), 'icons' => array(array('href' => site_prefix() . '/index/usradm-browse-action?list=users', 'src' => site_prefix() . '/inc/app/cms/pix/icons/users.gif', 'alt' => intl_get('Users')), array('href' => site_prefix() . '/index/usradm-browse-action?list=roles', 'src' => site_prefix() . '/inc/app/cms/pix/icons/roles.gif', 'alt' => intl_get('Roles')), array('href' => site_prefix() . '/index/usradm-browse-action?list=teams', 'src' => site_prefix() . '/inc/app/cms/pix/icons/teams.gif', 'alt' => intl_get('Teams'))));
}
$apps = loader_box('cms/admintools');
$apps = explode(NEWLINE, $apps);
$c = 0;
foreach ($apps as $k => $v) {
if (empty($v)) {
unset($apps[$k]);
continue;
}
$page = new StdClass();
$page->user = $user;
$page->title = intl_get('Your Homepage');
$page->template = appconf('homepage_default_template');
$page->body = intl_get('Edit your homepage to change this text.');
} else {
$page = new StdClass();
$page->user = $user;
$page->title = $user . '\'s ' . intl_get('Homepage');
$page->template = appconf('homepage_default_template');
$page->body = intl_get('This user has not yet created a home page.');
}
}
if ($context == 'action') {
page_title($page->title);
if (!empty($page->template)) {
page_template($page->template);
}
$default_template = appconf('homepage_template');
if ($default_template) {
page_template($default_template);
}
}
if ($self && session_allowed('sitellite_homepage', 'w', 'resource')) {
echo '<p><a href="' . site_prefix() . '/index/sitemember-homepage-form?user='******'">' . intl_get('Edit Homepage') . '</a></p>';
}
if ($context != 'action') {
echo '<p><strong>' . intl_get('Title') . ': ' . $page->title . '</strong></p>';
}
$GLOBALS['page']->body_parts = preg_split('|<hr[^>]*>|is', $page->body);
echo $page->body;
/**
* PROPPATCH method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function PROPPATCH(&$options)
{
$options['path'] = $this->_path();
$path = $options["path"];
//info ($options);
$info = $this->rex->getCurrent(trim($path, '/'));
if (!session_allowed($info, 'rw')) {
foreach ($options['props'] as $k => $v) {
$options['props'][$k]['status'] = '403 Forbidden';
}
return '';
}
unset($info);
$update = array();
foreach ($options["props"] as $key => $prop) {
if ($prop["ns"] == "DAV:") {
$options["props"][$key]['status'] = "403 Forbidden";
} elseif ($prop['ns'] == 'WebFiles') {
// known properties by sitellite
if (isset($prop['val'])) {
switch ($prop['name']) {
case 'status':
case 'access':
case 'owner':
case 'team':
$update['sitellite_' . $prop['name']] = $prop['val'];
break;
case 'keywords':
case 'description':
$update[$prop['name']] = $prop['val'];
break;
}
} else {
// todo: delete property value
}
}
}
//info ($update);
// todo: update rex with $update...
return '';
}
<?php
if (!session_admin()) {
return;
}
$applications = parse_ini_file('inc/conf/auth/applications/index.php');
loader_import('saf.File.Directory');
$d = new Dir('inc/app');
$apps = array();
foreach ($d->read_all() as $file) {
if (strpos($file, '.') === 0 || !@is_dir('inc/app/' . $file) || !@file_exists('inc/app/' . $file . '/conf/config.ini.php') || in_array($file, array('cms', 'usradm'))) {
continue;
}
if (session_is_resource('app_' . $file) && !session_allowed('app_' . $file, 'rw', 'resource')) {
continue;
}
if (isset($applications[$file]) && !$applications[$file]) {
continue;
}
$c = @parse_ini_file('inc/app/' . $file . '/conf/config.ini.php');
if (!isset($c['admin_handler']) || !isset($c['admin_handler_type']) || isset($c['admin']) && !$c['admin']) {
continue;
}
if (!isset($c['app_name'])) {
$c['app_name'] = $file;
}
if ($c['admin_handler_type'] == 'box') {
$type = 'action';
} else {
$type = $c['admin_handler_type'];
}
<?php
global $page, $cgi;
if (!session_admin()) {
return;
}
if (!isset($parameters['collection'])) {
$parameters['collection'] = 'sitellite_page';
}
if (!session_allowed('add', 'rw', 'resource')) {
return;
}
if (session_is_resource($parameters['collection']) && !session_allowed($parameters['collection'], 'rw', 'resource')) {
return;
}
loader_import('cms.Versioning.Rex');
$rex = new Rex($parameters['collection']);
if (!$rex->collection) {
return;
}
$parameters['type'] = intl_get($rex->info['Collection']['singular']);
echo template_simple('buttons/add.spt', $parameters);
// end if $_devnotes
$title = 'DevNotes';
if (isset($parameters['title'])) {
$title = $parameters['title'];
}
echo '<a name="devnotes"></a><h1>' . intl_get($title) . '</h1>';
if (session_admin()) {
if ($inframe) {
$target = ' target="_parent"';
} else {
$target = '';
}
echo template_simple('<p><a href="{site/prefix}/index/devnotes-admin-action"' . $target . '>{intl DevNotes Admin}</a></p>');
}
if ($_devnotes) {
if (!isset($parameters['posting']) || isset($parameters['posting']) && session_allowed($parameters['posting'], 'rw', 'access')) {
// display add form
$dn->listFields('distinct name');
$dn->orderBy('ts asc');
$users1 = $dn->find(array());
if (!is_array($users1)) {
$users1 = array();
}
$users = array();
foreach ($users1 as $key => $value) {
$users[] = $value->name;
}
echo template_simple('form.spt', array('users' => $users, 'appname' => $appname));
}
// end $parameters['posting'] check
}
/**
* Returns the display HTML for this widget. The optional
* parameter determines whether or not to automatically display the widget
* nicely, or whether to simply return the widget (for use in a template).
*
* @access public
* @param boolean $generate_html
* @return string
*
*/
function display($generate_html = 0)
{
$data = '';
$attrstr = $this->getAttrs();
$selected = explode(',', $this->data_value);
loader_import('saf.Misc.RPC');
echo rpc_init('return false');
$mult = 'false';
if ($this->size) {
$multiple = ' size="' . $this->size . '"';
$braces = '';
if ($this->multiple) {
$multiple = ' multiple="multiple"' . $multiple;
$braces = '[]';
$mult = 'true';
}
} else {
$multiple = '';
$braces = '';
}
if (session_is_resource($this->table) && !session_allowed($this->table, 'rw', 'resource')) {
$allowed = false;
} else {
$allowed = true;
}
if ($allowed) {
loader_import('saf.GUI.Prompt');
if ($this->title) {
page_add_script('
var cms_' . $this->name . '_form;
var cms_' . $this->name . '_oldhandler;
function cms_' . $this->name . '_add_handler (words) {
f = cms_' . $this->name . '_form;
// 2. add the selected keywords to the list
for (i = 0; i < words.length; i++) {
if (document.all) {
f.elements[\'' . $this->name . $braces . '\'].options[f.elements[\'' . $this->name . $braces . '\'].options.length + 1] = new Option (words[i].text, words[i].value, false, true);
} else {
o = document.createElement (\'option\');
o.text = words[i].text;
o.value = words[i].value;
f.elements[\'' . $this->name . $braces . '\'].add (o, null);
}
}
rpc_handler = null;
rpc_handler = cms_' . $this->name . '_oldhandler;
}
function cms_' . $this->name . '_add (f) {
cms_' . $this->name . '_form = f;
// 0. collect our new items(s) from the user
prompt (
\'New items(s) -- separate multiple with commas (one, two, three)\',
\'\',
function (word) {
if (word == null || word.length == 0 || word == false) {
return false;
}
words = word.split (/, ?/);
cms_' . $this->name . '_oldhandler = rpc_handler;
rpc_handler = null;
rpc_handler = cms_' . $this->name . '_add_handler;
// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->addAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&title=' . $this->title . '&items=\' + word);
}
);
// 3. cancel the click
return false;
}
function cms_' . $this->name . '_remove (f) {
// 0. collect the selected items from the "items" field
word = \'\';
show = \'\';
sep = \'\';
for (i = 0; i < f.elements[\'' . $this->name . $braces . '\'].options.length; i++) {
if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
word = word + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].value;
show = show + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].text;
sep = \',\';
}
}
// 0.1. confirm that they want to delete the selected list
c = confirm (\'' . intl_get('Are you sure you want to remove these items?') . ' \' + show);
if (! c) {
return false;
}
// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->removeAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&title=' . $this->title . '&items=\' + word);
// 2. remove the selected keywords from the list
multiple = ' . $mult . ';
for (i = f.elements[\'' . $this->name . $braces . '\'].options.length - 1; i >= 0; i--) {
if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
// remove
if (document.all) {
f.elements[\'' . $this->name . $braces . '\'].options.remove (i);
} else {
f.elements[\'' . $this->name . $braces . '\'].options[i] = null;
}
if (! multiple) {
break;
}
}
}
// 3. cancel the click
return false;
}
');
} else {
page_add_script('
function cms_' . $this->name . '_add (f) {
cms_' . $this->name . '_form = f;
// 0. collect our new items(s) from the user
prompt (
\'New items(s) -- separate multiple with commas (one, two, three)\',
\'\',
function (word) {
if (word == null || word.length == 0 || word == false) {
return false;
}
words = word.split (/, ?/);
f = cms_' . $this->name . '_form;
// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->addAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&items=\' + word);
// 2. add the selected keywords to the list
for (i = 0; i < words.length; i++) {
if (document.all) {
f.elements[\'' . $this->name . $braces . '\'].options[f.elements[\'' . $this->name . $braces . '\'].options.length + 1] = new Option (words[i], words[i], false, true);
} else {
o = document.createElement (\'option\');
o.text = words[i];
o.value = words[i];
f.elements[\'' . $this->name . $braces . '\'].add (o, null);
}
}
}
);
// 3. cancel the click
return false;
}
function cms_' . $this->name . '_remove (f) {
// 0. collect the selected items from the "items" field
word = \'\';
sep = \'\';
for (i = 0; i < f.elements[\'' . $this->name . $braces . '\'].options.length; i++) {
if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
word = word + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].value;
sep = \',\';
}
}
// 0.1. confirm that they want to delete the selected list
c = confirm (\'' . intl_get('Are you sure you want to remove these items?') . ' \' + word);
if (! c) {
return false;
}
// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->removeAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&items=\' + word);
// 2. remove the selected keywords from the list
multiple = ' . $mult . ';
for (i = f.elements[\'' . $this->name . $braces . '\'].options.length - 1; i >= 0; i--) {
if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
// remove
if (document.all) {
f.elements[\'' . $this->name . $braces . '\'].options.remove (i);
} else {
f.elements[\'' . $this->name . $braces . '\'].options[i] = null;
}
if (! multiple) {
break;
}
}
}
// 3. cancel the click
return false;
}
');
}
// end title
}
// end allowed
if ($generate_html) {
$data .= '<tr>
<td class="label"' . $this->invalid() . ' valign="top">
<label for="' . $this->name . '" id="' . $this->name . '-label">' . template_simple($this->label_template, $this, '', true) . '</label>
</td>
<td class="field">
<table border="0" cellpadding="3" cellspacing="0">
<tr>
<td valign="top">
<select name="' . $this->name . $braces . '" ' . $multiple . $attrstr . ' ' . $this->extra . '>' . NEWLINE;
foreach ($this->getList() as $obj) {
if (!$this->title) {
$key = $obj->{$this->key};
$keyword = $obj->{$this->key};
} else {
$key = $obj->{$this->key};
$keyword = $obj->{$this->title};
}
$data .= TABx2 . TABx2 . TABx2 . '<option value="' . $key . '"';
if (in_array($key, $selected)) {
$data .= ' selected="selected"';
}
$data .= '>' . $keyword . '</option>' . NEWLINE;
}
$data .= '</select>
</td>' . NEWLINE;
if ($allowed) {
$data .= ' <td valign="top" width="100%">
<input type="submit" value="' . intl_get('Add') . '" onclick="return cms_' . $this->name . '_add (this.form)" /><br />
<input type="submit" value="' . intl_get('Remove') . '" onclick="return cms_' . $this->name . '_remove (this.form)" />
</td>
</tr>
</table>
</td>' . NEWLINE;
} else {
$data .= '</tr></table></td>';
}
$data .= ' </tr>' . NEWLINEx2;
} else {
}
return $data;
}
}
if ($cgi->multiple == 'yes') {
$multiple = true;
} else {
$multiple = false;
}
$sitesearch_allowed = array();
$sitesearch_highlight = array();
loader_import('saf.File.Directory');
foreach (Dir::fetch('inc/app/cms/conf/collections') as $file) {
if (strpos($file, '.') === 0 || @is_dir('inc/app/cms/conf/collections/' . $file)) {
continue;
}
$config = ini_parse('inc/app/cms/conf/collections/' . $file);
if (isset($config['Collection']['sitesearch_url'])) {
if (isset($config['Collection']['sitesearch_access']) && session_allowed($config['Collection']['sitesearch_access'], 'r', 'access')) {
$sitesearch_allowed[] = $config['Collection']['name'];
}
$sitesearch_highlight[$config['Collection']['name']] = $config['Collection']['name'];
if (isset($config['Collection']['sitesearch_highlight']) && !$config['Collection']['sitesearch_highlight']) {
unset($sitesearch_highlight[$config['Collection']['name']]);
}
}
}
$folders = ini_parse('inc/app/sitesearch/conf/folders.ini.php');
$domains = array(site_domain() => site_domain());
foreach ($folders as $name => $folder) {
if (isset($folder['domain'])) {
$domains[$folder['domain']] = $folder['domain'];
} else {
$sitesearch_allowed[] = $name;
/**
* Returns the display HTML for this widget. The optional
* parameter determines whether or not to automatically display the widget
* nicely, or whether to simply return the widget (for use in a template).
*
* @access public
* @param boolean $generate_html
* @return string
*
*/
function display($generate_html = 0)
{
$data = '';
$attrstr = $this->getAttrs();
$selected = explode(',', $this->data_value);
if (session_is_resource($this->table) && !session_allowed($this->table, 'rw', 'resource')) {
$allowed = false;
} else {
$allowed = true;
}
$this->_list = $this->getList();
$this->_selected = $this->getSelected();
foreach ($this->_list as $k => $v) {
if (in_array($v->id, $this->_selected)) {
$this->_list[$k]->selected = true;
} else {
$this->_list[$k]->selected = false;
}
}
if (!$this->id) {
$this->_id = $this->id;
$this->id = 'false';
}
static $loaded = false;
if (!$loaded) {
page_add_style($this->_style);
page_add_script(site_prefix() . '/js/rpc-compressed.js');
}
$this->loaded = $loaded;
page_add_script(template_simple($this->_script, $this));
$loaded = true;
if (isset($this->_id)) {
$this->id = $this->_id;
unset($this->_id);
}
return template_simple($this->_output, $this);
}