Esempio n. 1
0
function webfiles_request()
{
    $info = parse_url(urldecode($_SERVER['REQUEST_URI']));
    $path = array_pop(preg_split('/\\/method.(copy|delete|edit|get|list|mkdir|move|put|search|lock|unlock|statuses|access-levels|teams)/', $info['path'], 2));
    $path = rtrim($path, '/');
    // check permissions
    if (!session_allowed('sitellite_filesystem', 'rw', 'resource')) {
        return webfiles_error(403, 'Forbidden');
    }
    // disallow .. references
    if (strpos($path, '..') !== false) {
        return webfiles_error(403, 'Forbidden');
    }
    // only post requests contain a body
    if ($_SERVER['REQUEST_METHOD'] != 'POST' && $_SERVER['REQUEST_METHOD'] != 'PUT') {
        return strtolower($path);
    }
    // fetch the body and return array(path, body)
    $body = '';
    $stream = fopen('php://input', 'r');
    while (!feof($stream)) {
        $body .= fread($stream, 4096);
    }
    fclose($stream);
    $path = strtolower($path);
    return array($path, $body);
}
Esempio n. 2
0
}
// END KEEPOUT CHECKING
global $cgi;
loader_import('cms.Versioning.Rex');
$rex = new Rex($cgi->collection);
session_set('imagechooser_path', '/pix');
if (!$rex->collection) {
    page_title(intl_get('Error: Collection not found!'));
    echo '<p><a href="' . $_SERVER['HTTP_REFERER'] . '">' . intl_get('Back') . '</a></p>';
    return;
}
if (!session_allowed('add', 'rw', 'resource')) {
    header('Location: ' . site_prefix() . '/index/cms-cpanel-action');
    exit;
}
if (session_is_resource($cgi->collection) && !session_allowed($cgi->collection, 'r', 'resource')) {
    header('Location: ' . site_prefix() . '/index/cms-cpanel-action');
    exit;
}
if (isset($rex->info['Collection']['add'])) {
    list($call, $name) = explode(':', $rex->info['Collection']['add']);
    if ($call == 'box') {
        echo loader_box($name);
    } elseif ($call == 'form') {
        echo loader_form($name);
    } else {
        echo loader_form($call);
    }
    return;
} else {
    class CmsAddForm extends MailForm
Esempio n. 3
0
$pg = new Pager($cgi->offset, $limit);
$pg->url = site_current() . '?collection=' . urlencode($cgi->collection);
$res = $rex->getDeleted($limit, $cgi->offset, $acl);
if (!$res) {
    $res = array();
    $rex->total = 0;
}
$pg->total = $rex->total;
$res2 = array();
foreach ($res as $k => $v) {
    $res2[$v->{$rex->key}] = $v;
}
function pretty_date($date)
{
    loader_import('saf.Date');
    return Date::timestamp($date, 'M j, Y - g:ia');
}
$pg->setData($res2);
$pg->update();
//page_title (intl_get ('Browsing') . ': ' . $rex->info['Collection']['display']);
$data['collection_name'] = $rex->info['Collection']['display'];
$data['title_field'] = $rex->info['Collection']['title_field'];
if (!session_allowed('approved', 'w', 'status')) {
    $data['restore'] = false;
} else {
    $data['restore'] = true;
}
echo template_simple(CMS_JS_ALERT_MESSAGE, $GLOBALS['cgi']);
echo loader_box('cms/nav');
template_simple_register('pager', $pg);
echo template_simple('deleted_items.spt', $data);
Esempio n. 4
0
 /**
  * Returns the display HTML for this widget.  The optional
  * parameter determines whether or not to automatically display the widget
  * nicely, or whether to simply return the widget (for use in a template).
  * 
  * @access	public
  * @param	boolean	$generate_html
  * @return	string
  * 
  */
 function display($generate_html = 0)
 {
     foreach (array_keys(parse_ini_file('inc/conf/auth/status/index.php')) as $status) {
         if (session_allowed($status, 'w', 'status')) {
             if ($status == 'parallel' && $this->collection != 'sitellite_page') {
                 continue;
             }
             $this->value[$status] = ucfirst($status);
         }
     }
     if ($this->nullable) {
         $this->value[''] = 'BLANK';
     }
     return parent::display($generate_html);
 }
Esempio n. 5
0
<?php

if (!session_allowed('imagechooser_delete', 'rw', 'resource')) {
    die('Delete not permitted.');
}
$res = db_shift_array('select id from sitellite_page where body like ?', '%' . $parameters['location'] . '/' . $parameters['src'] . '%');
if (count($res) > 0) {
    $parameters['deleted'] = false;
    page_title(intl_get('Image in Use') . ': ' . $parameters['location'] . '/' . $parameters['src']);
    $parameters['err'] = intl_get('Unable to delete image because it is still in use on the following pages:');
    $parameters['list'] = $res;
} else {
    if (!@unlink(site_docroot() . $parameters['location'] . '/' . $parameters['src'])) {
        $parameters['deleted'] = false;
        page_title(intl_get('Delete Failed') . ': ' . $parameters['location'] . '/' . $parameters['src']);
        $parameters['err'] = intl_get('Unable to delete image.  Check your server filesystem permissions and try again.');
    } else {
        $parameters['deleted'] = true;
        page_title(intl_get('Image Deleted') . ': ' . $parameters['location'] . '/' . $parameters['src']);
    }
}
if ($parameters['admin']) {
    $app = '-admin-action';
} else {
    $app = '-app';
}
global $cgi;
if ($parameters['err']) {
    session_set('imagechooser_err', $parameters['err']);
    session_set('imagechooser_pagelist', $parameters['list']);
} else {
Esempio n. 6
0
 /**
  * Checks recursively in the form directory and parent directories
  * until it checks $formPath finally for an access.php file.  It then
  * parses that file as an INI file and determines whether the form is
  * accessible by the current user.  If a template is specified in the
  * access.php file, that template name is returned on success, otherwise
  * a boolean true value is returned on success.  False is always returned
  * if the user is not allowed.
  * 
  * @access	public
  * @param	string	$name
  * @param	string	$context
  * @return	mixed
  * 
  */
 function formAllowed($name, $context = 'normal')
 {
     $app = $this->getApp($name);
     $name = $this->removeApp($name, $app);
     if (session_admin() && session_is_resource('app_' . $app) && !session_allowed('app_' . $app, 'rw', 'resource')) {
         return false;
     }
     if (isset($this->applications[$app]) && !$this->applications[$app]) {
         // app is disabled
         return false;
     }
     $dir = $this->prefix . '/' . $app . '/' . $this->formPath . '/' . $name;
     while ($dir != $this->prefix . '/' . $app . '/' . $this->formPath) {
         if (@file_exists($dir . '/access.php')) {
             $access = parse_ini_file($dir . '/access.php');
             $this->formAccess = $access;
             if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
                 if (isset($access['sitellite_goto'])) {
                     header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
                     exit;
                 }
                 return false;
             } elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
                 if (isset($access['sitellite_goto'])) {
                     header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
                     exit;
                 }
                 return false;
             } elseif ($context == 'action' && !$access['sitellite_action']) {
                 if (isset($access['sitellite_goto'])) {
                     header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
                     exit;
                 }
                 return false;
             } elseif ($context != 'normal' && isset($access['sitellite_' . $context]) && !$access['sitellite_' . $context]) {
                 return false;
                 //				} elseif ($context == 'inline' && ! $access['sitellite_inline']) {
                 //					return false;
             } else {
                 if (isset($access['sitellite_template_set'])) {
                     page_template_set($access['sitellite_template_set']);
                 }
                 if (isset($access['sitellite_template'])) {
                     return $access['sitellite_template'];
                 } else {
                     return true;
                 }
             }
         }
         $dir = preg_split('/\\//', $dir);
         array_pop($dir);
         $dir = join('/', $dir);
     }
     // check for a global access.php file
     if (@file_exists($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php')) {
         $access = parse_ini_file($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php');
         $this->formAccess = $access;
         if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
             if (isset($access['sitellite_goto'])) {
                 header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
                 exit;
             }
             return false;
         } elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
             if (isset($access['sitellite_goto'])) {
                 header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
                 exit;
             }
             return false;
         } elseif ($context == 'action' && !$access['sitellite_action']) {
             if (isset($access['sitellite_goto'])) {
                 header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
                 exit;
             }
             return false;
         } elseif ($context == 'inline' && !$access['sitellite_inline']) {
             return false;
         } else {
             if (isset($access['sitellite_template_set'])) {
                 page_template_set($access['sitellite_template_set']);
             }
             if (isset($access['sitellite_template'])) {
                 return $access['sitellite_template'];
             } else {
                 return true;
             }
         }
     }
     // no access.php found at all, revert to logical defaults
     if ($context == 'action') {
         return false;
     }
     return true;
 }
Esempio n. 7
0
<?php

global $cgi;
loader_import('saf.Misc.RPC');
if (!$cgi->table || !$cgi->items || !$cgi->key) {
    echo rpc_response(false);
    exit;
}
if (!$cgi->verify('table', 'regex', '/^[a-zA-Z0-9_-]+$/')) {
    echo rpc_response(false);
    exit;
}
if (!$cgi->verify('key', 'regex', '/^[a-zA-Z0-9_-]+$/')) {
    echo rpc_response(false);
    exit;
}
if (session_is_resource($cgi->table) && !session_allowed($cgi->table, 'rw', 'resource')) {
    echo rpc_response(false);
    exit;
}
$items = preg_split('/, ?/', $cgi->items);
foreach ($items as $item) {
    db_execute('insert into ' . $cgi->table . ' (' . $cgi->key . ') values (?)', $item);
}
echo rpc_response(true);
exit;
Esempio n. 8
0
}
$data['links'] = array();
foreach ($rex->info as $key => $vals) {
    if (strpos($key, 'link:') === 0) {
        $perms = $vals['requires'];
        switch ($perms) {
            case 'r':
            case 'w':
            case 'rw':
                if (session_is_resource($cgi->collection) && !session_allowed($cgi->collection, $perms, 'resource')) {
                    continue;
                }
                break;
        }
        if (isset($vals['requires resource'])) {
            if (session_is_resource($vals['requires resource']) && !session_allowed($vals['requires resource'], 'rw', 'resource')) {
                continue;
            }
        }
        $vals['text'] = intl_get($vals['text']);
        if (strpos($vals['url'], '/index/') === 0) {
            $vals['url'] = site_prefix() . $vals['url'];
        }
        $data['links'][] = $vals;
    }
}
echo template_simple(CMS_JS_ALERT_MESSAGE, $GLOBALS['cgi']);
echo loader_box('cms/nav');
template_simple_register('pager', $pg);
template_simple_register('locks', $locks);
template_simple_register('editable', $editable);
Esempio n. 9
0
$pg->update();
function pretty_date($date)
{
    loader_import('saf.Date');
    return Date::timestamp($date, 'M j, Y - g:ia');
}
$cur = $rex->getCurrent($cgi->_key);
if (!$cur) {
    $title = $cgi->_key;
} else {
    $title = $cur->{$rex->info['Collection']['title_field']};
}
if (!session_allowed('approved', 'w', 'status')) {
    //isset ($cur->sitellite_access) && ! session_allowed ($cur->sitellite_access, 'w', 'access')) {
    $editable = false;
} elseif (isset($cur->sitellite_access) && !session_allowed($cur->sitellite_access, 'w', 'access')) {
    $editable = false;
} elseif (isset($cur->sitellite_status) && !session_allowed($cur->sitellite_status, 'w', 'status')) {
    $editable = false;
} elseif (isset($cur->sitellite_team) && !session_allowed($cur->sitellite_team, 'w', 'team')) {
    $editable = false;
} else {
    $editable = true;
}
if ($cgi->offset == 0) {
    $cgi->_current = $history[0]->sv_autoid;
}
$pg->url = site_current() . '?_collection=' . urlencode($cgi->_collection) . '&_key=' . urlencode($cgi->_key) . '&_return=' . urlencode($cgi->_return) . '&_current=' . urlencode($cgi->_current);
page_title(intl_get('Change History') . ': ' . $rex->info['Collection']['display'] . ' / ' . $title);
template_simple_register('pager', $pg);
echo template_simple('history.spt', array('history' => $history, 'current' => $cgi->_current, 'editable' => $editable));
Esempio n. 10
0
 /**
  * Returns the display HTML for this widget.  The optional
  * parameter determines whether or not to automatically display the widget
  * nicely, or whether to simply return the widget (for use in a template).
  * 
  * @access	public
  * @param	boolean	$generate_html
  * @return	string
  * 
  */
 function display($generate_html = 0)
 {
     foreach (array_keys(parse_ini_file('inc/conf/auth/access/index.php')) as $access) {
         if (session_allowed($access, 'w', 'access')) {
             $this->value[$access] = ucfirst($access);
         }
     }
     if ($this->nullable) {
         $this->value[''] = 'BLANK';
     }
     return parent::display($generate_html);
 }
Esempio n. 11
0
    $parameters['inline'] = true;
}
if (!isset($parameters['return']) && $parameters['collection'] == 'sitellite_page') {
    $parameters['return'] = site_current();
}
$parameters['return_v1'] = site_current();
loader_import('cms.Workflow.Lock');
lock_init();
if (lock_exists($parameters['collection'], $parameters['id'])) {
    $parameters['editable'] = false;
    $lock_info = lock_info($parameters['collection'], $parameters['id']);
    $parameters['lock_owner'] = $lock_info->user;
    $parameters['lock_expires'] = $lock_info->expires;
    loader_import('cms.Filters');
}
if (session_is_resource('delete') && !session_allowed('delete', 'rw', 'resource')) {
    $parameters['deletable'] = false;
}
if ($rex->isVersioned && $parameters['editable']) {
    //session_allowed ('approved', 'w', 'status')) {
    $parameters['history'] = true;
} else {
    $parameters['history'] = false;
}
if ($parameters['collection'] == 'sitellite_page') {
    $c = $rex->getCurrent($parameters['id']);
    if ($c->sitellite_status == 'draft' || $c->sitellite_status == 'pending') {
        //$parameters['status'] = $c->sitellite_status;
        $p = $rex->getSource($parameters['id']);
        if ($p == $c) {
            $parameters['draft'] = false;
Esempio n. 12
0
$c = 0;
foreach ($one as $k => $v) {
    $ct = str_replace(site_prefix() . '/index/cms-browse-action?collection=', '', $k);
    $r = new Rex($ct);
    if ($r->info['Collection']['icon']) {
        $icon = site_prefix() . '/' . $r->info['Collection']['icon'];
    } else {
        $icon = site_prefix() . '/inc/app/cms/pix/icons/content-type.gif';
    }
    $data['content_panel']['icons'][] = array('href' => $k, 'src' => $icon, 'alt' => $v);
    $c++;
    if ($c >= 3) {
        break;
    }
}
if (session_is_resource('app_usradm') && !session_allowed('app_usradm', 'rw', 'resource')) {
    $data['admin_panel'] = array('name' => 'admin', 'caption' => intl_get('Admin'), 'action' => '#', 'method' => 'get', 'select' => 'list', 'selected' => '', 'select-extra' => 'disabled="disabled"', 'options' => array(array()), 'icons' => array(array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/users_disabled.gif', 'alt' => intl_get('Users')), array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/roles_disabled.gif', 'alt' => intl_get('Roles')), array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/teams_disabled.gif', 'alt' => intl_get('Teams'))));
    if (!appconf('panels_show_disabled')) {
        $data['admin_panel']['icons'] = array();
    }
} else {
    $data['admin_panel'] = array('name' => 'admin', 'caption' => intl_get('Admin'), 'action' => site_prefix() . '/index/usradm-browse-action', 'method' => 'get', 'select' => 'list', 'selected' => '', 'select-extra' => 'onchange="this.form.submit ()"', 'options' => array(array(site_prefix() . '/index/usradm-browse-action?list=accesslevels' => intl_get('Access Levels'), site_prefix() . '/index/usradm-browse-action?list=log' => intl_get('Activity Log'), site_prefix() . '/index/usradm-applications-action' => intl_get('Applications'), site_prefix() . '/index/usradm-cache-form' => intl_get('Cache Settings'), site_prefix() . '/index/usradm-browse-action?list=prefs' => intl_get('Preferences'), site_prefix() . '/index/usradm-browse-action?list=resources' => intl_get('Resources')), array(site_prefix() . '/index/usradm-browse-action?list=roles' => intl_get('Roles'), site_prefix() . '/index/usradm-settings-form' => intl_get('Site Settings'), site_prefix() . '/index/usradm-browse-action?list=statuses' => intl_get('Statuses'), site_prefix() . '/index/usradm-browse-action?list=teams' => intl_get('Teams'), site_prefix() . '/index/usradm-browse-action?list=users' => intl_get('Users'), site_prefix() . '/index/usradm-workflow-action' => intl_get('Workflow Services'))), 'icons' => array(array('href' => site_prefix() . '/index/usradm-browse-action?list=users', 'src' => site_prefix() . '/inc/app/cms/pix/icons/users.gif', 'alt' => intl_get('Users')), array('href' => site_prefix() . '/index/usradm-browse-action?list=roles', 'src' => site_prefix() . '/inc/app/cms/pix/icons/roles.gif', 'alt' => intl_get('Roles')), array('href' => site_prefix() . '/index/usradm-browse-action?list=teams', 'src' => site_prefix() . '/inc/app/cms/pix/icons/teams.gif', 'alt' => intl_get('Teams'))));
}
$apps = loader_box('cms/admintools');
$apps = explode(NEWLINE, $apps);
$c = 0;
foreach ($apps as $k => $v) {
    if (empty($v)) {
        unset($apps[$k]);
        continue;
    }
Esempio n. 13
0
        $page = new StdClass();
        $page->user = $user;
        $page->title = intl_get('Your Homepage');
        $page->template = appconf('homepage_default_template');
        $page->body = intl_get('Edit your homepage to change this text.');
    } else {
        $page = new StdClass();
        $page->user = $user;
        $page->title = $user . '\'s ' . intl_get('Homepage');
        $page->template = appconf('homepage_default_template');
        $page->body = intl_get('This user has not yet created a home page.');
    }
}
if ($context == 'action') {
    page_title($page->title);
    if (!empty($page->template)) {
        page_template($page->template);
    }
    $default_template = appconf('homepage_template');
    if ($default_template) {
        page_template($default_template);
    }
}
if ($self && session_allowed('sitellite_homepage', 'w', 'resource')) {
    echo '<p><a href="' . site_prefix() . '/index/sitemember-homepage-form?user='******'">' . intl_get('Edit Homepage') . '</a></p>';
}
if ($context != 'action') {
    echo '<p><strong>' . intl_get('Title') . ': ' . $page->title . '</strong></p>';
}
$GLOBALS['page']->body_parts = preg_split('|<hr[^>]*>|is', $page->body);
echo $page->body;
Esempio n. 14
0
 /**
  * PROPPATCH method handler
  *
  * @param  array  general parameter passing array
  * @return bool   true on success
  */
 function PROPPATCH(&$options)
 {
     $options['path'] = $this->_path();
     $path = $options["path"];
     //info ($options);
     $info = $this->rex->getCurrent(trim($path, '/'));
     if (!session_allowed($info, 'rw')) {
         foreach ($options['props'] as $k => $v) {
             $options['props'][$k]['status'] = '403 Forbidden';
         }
         return '';
     }
     unset($info);
     $update = array();
     foreach ($options["props"] as $key => $prop) {
         if ($prop["ns"] == "DAV:") {
             $options["props"][$key]['status'] = "403 Forbidden";
         } elseif ($prop['ns'] == 'WebFiles') {
             // known properties by sitellite
             if (isset($prop['val'])) {
                 switch ($prop['name']) {
                     case 'status':
                     case 'access':
                     case 'owner':
                     case 'team':
                         $update['sitellite_' . $prop['name']] = $prop['val'];
                         break;
                     case 'keywords':
                     case 'description':
                         $update[$prop['name']] = $prop['val'];
                         break;
                 }
             } else {
                 // todo: delete property value
             }
         }
     }
     //info ($update);
     // todo: update rex with $update...
     return '';
 }
Esempio n. 15
0
<?php

if (!session_admin()) {
    return;
}
$applications = parse_ini_file('inc/conf/auth/applications/index.php');
loader_import('saf.File.Directory');
$d = new Dir('inc/app');
$apps = array();
foreach ($d->read_all() as $file) {
    if (strpos($file, '.') === 0 || !@is_dir('inc/app/' . $file) || !@file_exists('inc/app/' . $file . '/conf/config.ini.php') || in_array($file, array('cms', 'usradm'))) {
        continue;
    }
    if (session_is_resource('app_' . $file) && !session_allowed('app_' . $file, 'rw', 'resource')) {
        continue;
    }
    if (isset($applications[$file]) && !$applications[$file]) {
        continue;
    }
    $c = @parse_ini_file('inc/app/' . $file . '/conf/config.ini.php');
    if (!isset($c['admin_handler']) || !isset($c['admin_handler_type']) || isset($c['admin']) && !$c['admin']) {
        continue;
    }
    if (!isset($c['app_name'])) {
        $c['app_name'] = $file;
    }
    if ($c['admin_handler_type'] == 'box') {
        $type = 'action';
    } else {
        $type = $c['admin_handler_type'];
    }
Esempio n. 16
0
<?php

global $page, $cgi;
if (!session_admin()) {
    return;
}
if (!isset($parameters['collection'])) {
    $parameters['collection'] = 'sitellite_page';
}
if (!session_allowed('add', 'rw', 'resource')) {
    return;
}
if (session_is_resource($parameters['collection']) && !session_allowed($parameters['collection'], 'rw', 'resource')) {
    return;
}
loader_import('cms.Versioning.Rex');
$rex = new Rex($parameters['collection']);
if (!$rex->collection) {
    return;
}
$parameters['type'] = intl_get($rex->info['Collection']['singular']);
echo template_simple('buttons/add.spt', $parameters);
Esempio n. 17
0
// end if $_devnotes
$title = 'DevNotes';
if (isset($parameters['title'])) {
    $title = $parameters['title'];
}
echo '<a name="devnotes"></a><h1>' . intl_get($title) . '</h1>';
if (session_admin()) {
    if ($inframe) {
        $target = ' target="_parent"';
    } else {
        $target = '';
    }
    echo template_simple('<p><a href="{site/prefix}/index/devnotes-admin-action"' . $target . '>{intl DevNotes Admin}</a></p>');
}
if ($_devnotes) {
    if (!isset($parameters['posting']) || isset($parameters['posting']) && session_allowed($parameters['posting'], 'rw', 'access')) {
        // display add form
        $dn->listFields('distinct name');
        $dn->orderBy('ts asc');
        $users1 = $dn->find(array());
        if (!is_array($users1)) {
            $users1 = array();
        }
        $users = array();
        foreach ($users1 as $key => $value) {
            $users[] = $value->name;
        }
        echo template_simple('form.spt', array('users' => $users, 'appname' => $appname));
    }
    // end $parameters['posting'] check
}
Esempio n. 18
0
    /**
     * Returns the display HTML for this widget.  The optional
     * parameter determines whether or not to automatically display the widget
     * nicely, or whether to simply return the widget (for use in a template).
     * 
     * @access	public
     * @param	boolean	$generate_html
     * @return	string
     * 
     */
    function display($generate_html = 0)
    {
        $data = '';
        $attrstr = $this->getAttrs();
        $selected = explode(',', $this->data_value);
        loader_import('saf.Misc.RPC');
        echo rpc_init('return false');
        $mult = 'false';
        if ($this->size) {
            $multiple = ' size="' . $this->size . '"';
            $braces = '';
            if ($this->multiple) {
                $multiple = ' multiple="multiple"' . $multiple;
                $braces = '[]';
                $mult = 'true';
            }
        } else {
            $multiple = '';
            $braces = '';
        }
        if (session_is_resource($this->table) && !session_allowed($this->table, 'rw', 'resource')) {
            $allowed = false;
        } else {
            $allowed = true;
        }
        if ($allowed) {
            loader_import('saf.GUI.Prompt');
            if ($this->title) {
                page_add_script('
			var cms_' . $this->name . '_form;

			var cms_' . $this->name . '_oldhandler;

			function cms_' . $this->name . '_add_handler (words) {
				f = cms_' . $this->name . '_form;

				// 2. add the selected keywords to the list
				for (i = 0; i < words.length; i++) {
					if (document.all) {
						f.elements[\'' . $this->name . $braces . '\'].options[f.elements[\'' . $this->name . $braces . '\'].options.length + 1] = new Option (words[i].text, words[i].value, false, true);
					} else {
						o = document.createElement (\'option\');
						o.text = words[i].text;
						o.value = words[i].value;
						f.elements[\'' . $this->name . $braces . '\'].add (o, null);
					}
				}

				rpc_handler = null;
				rpc_handler = cms_' . $this->name . '_oldhandler;
			}

			function cms_' . $this->name . '_add (f) {
				cms_' . $this->name . '_form = f;

				// 0. collect our new items(s) from the user
				prompt (
					\'New items(s) -- separate multiple with commas (one, two, three)\',
					\'\',
					function (word) {
						if (word == null || word.length == 0 || word == false) {
							return false;
						}
						words = word.split (/, ?/);

						cms_' . $this->name . '_oldhandler = rpc_handler;
						rpc_handler = null;
						rpc_handler = cms_' . $this->name . '_add_handler;

						// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
						rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->addAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&title=' . $this->title . '&items=\' + word);
					}
				);

				// 3. cancel the click
				return false;
			}

			function cms_' . $this->name . '_remove (f) {
				// 0. collect the selected items from the "items" field
				word = \'\';
				show = \'\';
				sep = \'\';
				for (i = 0; i < f.elements[\'' . $this->name . $braces . '\'].options.length; i++) {
					if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
						word = word + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].value;
						show = show + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].text;
						sep = \',\';
					}
				}

				// 0.1. confirm that they want to delete the selected list
				c = confirm (\'' . intl_get('Are you sure you want to remove these items?') . '  \' + show);
				if (! c) {
					return false;
				}

				// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
				rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->removeAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&title=' . $this->title . '&items=\' + word);

				// 2. remove the selected keywords from the list
				multiple = ' . $mult . ';
				for (i = f.elements[\'' . $this->name . $braces . '\'].options.length - 1; i >= 0; i--) {
					if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
						// remove
						if (document.all) {
							f.elements[\'' . $this->name . $braces . '\'].options.remove (i);
						} else {
							f.elements[\'' . $this->name . $braces . '\'].options[i] = null;
						}
						if (! multiple) {
							break;
						}
					}
				}

				// 3. cancel the click
				return false;
			}
		');
            } else {
                page_add_script('
			function cms_' . $this->name . '_add (f) {
				cms_' . $this->name . '_form = f;

				// 0. collect our new items(s) from the user
				prompt (
					\'New items(s) -- separate multiple with commas (one, two, three)\',
					\'\',
					function (word) {
						if (word == null || word.length == 0 || word == false) {
							return false;
						}
						words = word.split (/, ?/);

						f = cms_' . $this->name . '_form;

						// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
						rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->addAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&items=\' + word);

						// 2. add the selected keywords to the list
						for (i = 0; i < words.length; i++) {
							if (document.all) {
								f.elements[\'' . $this->name . $braces . '\'].options[f.elements[\'' . $this->name . $braces . '\'].options.length + 1] = new Option (words[i], words[i], false, true);
							} else {
								o = document.createElement (\'option\');
								o.text = words[i];
								o.value = words[i];
								f.elements[\'' . $this->name . $braces . '\'].add (o, null);
							}
						}
					}
				);

				// 3. cancel the click
				return false;
			}

			function cms_' . $this->name . '_remove (f) {
				// 0. collect the selected items from the "items" field
				word = \'\';
				sep = \'\';
				for (i = 0; i < f.elements[\'' . $this->name . $braces . '\'].options.length; i++) {
					if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
						word = word + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].value;
						sep = \',\';
					}
				}

				// 0.1. confirm that they want to delete the selected list
				c = confirm (\'' . intl_get('Are you sure you want to remove these items?') . '  \' + word);
				if (! c) {
					return false;
				}

				// 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup
				rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->removeAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&items=\' + word);

				// 2. remove the selected keywords from the list
				multiple = ' . $mult . ';
				for (i = f.elements[\'' . $this->name . $braces . '\'].options.length - 1; i >= 0; i--) {
					if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) {
						// remove
						if (document.all) {
							f.elements[\'' . $this->name . $braces . '\'].options.remove (i);
						} else {
							f.elements[\'' . $this->name . $braces . '\'].options[i] = null;
						}
						if (! multiple) {
							break;
						}
					}
				}

				// 3. cancel the click
				return false;
			}
		');
            }
            // end title
        }
        // end allowed
        if ($generate_html) {
            $data .= '<tr>
				<td class="label"' . $this->invalid() . ' valign="top">
					<label for="' . $this->name . '" id="' . $this->name . '-label">' . template_simple($this->label_template, $this, '', true) . '</label>
				</td>
				<td class="field">
					<table border="0" cellpadding="3" cellspacing="0">
						<tr>
							<td valign="top">
					<select name="' . $this->name . $braces . '" ' . $multiple . $attrstr . ' ' . $this->extra . '>' . NEWLINE;
            foreach ($this->getList() as $obj) {
                if (!$this->title) {
                    $key = $obj->{$this->key};
                    $keyword = $obj->{$this->key};
                } else {
                    $key = $obj->{$this->key};
                    $keyword = $obj->{$this->title};
                }
                $data .= TABx2 . TABx2 . TABx2 . '<option value="' . $key . '"';
                if (in_array($key, $selected)) {
                    $data .= ' selected="selected"';
                }
                $data .= '>' . $keyword . '</option>' . NEWLINE;
            }
            $data .= '</select>
							</td>' . NEWLINE;
            if ($allowed) {
                $data .= '				<td valign="top" width="100%">
					<input type="submit" value="' . intl_get('Add') . '" onclick="return cms_' . $this->name . '_add (this.form)" /><br />
					<input type="submit" value="' . intl_get('Remove') . '" onclick="return cms_' . $this->name . '_remove (this.form)" />
							</td>
						</tr>
					</table>
				</td>' . NEWLINE;
            } else {
                $data .= '</tr></table></td>';
            }
            $data .= '			</tr>' . NEWLINEx2;
        } else {
        }
        return $data;
    }
Esempio n. 19
0
}
if ($cgi->multiple == 'yes') {
    $multiple = true;
} else {
    $multiple = false;
}
$sitesearch_allowed = array();
$sitesearch_highlight = array();
loader_import('saf.File.Directory');
foreach (Dir::fetch('inc/app/cms/conf/collections') as $file) {
    if (strpos($file, '.') === 0 || @is_dir('inc/app/cms/conf/collections/' . $file)) {
        continue;
    }
    $config = ini_parse('inc/app/cms/conf/collections/' . $file);
    if (isset($config['Collection']['sitesearch_url'])) {
        if (isset($config['Collection']['sitesearch_access']) && session_allowed($config['Collection']['sitesearch_access'], 'r', 'access')) {
            $sitesearch_allowed[] = $config['Collection']['name'];
        }
        $sitesearch_highlight[$config['Collection']['name']] = $config['Collection']['name'];
        if (isset($config['Collection']['sitesearch_highlight']) && !$config['Collection']['sitesearch_highlight']) {
            unset($sitesearch_highlight[$config['Collection']['name']]);
        }
    }
}
$folders = ini_parse('inc/app/sitesearch/conf/folders.ini.php');
$domains = array(site_domain() => site_domain());
foreach ($folders as $name => $folder) {
    if (isset($folder['domain'])) {
        $domains[$folder['domain']] = $folder['domain'];
    } else {
        $sitesearch_allowed[] = $name;
Esempio n. 20
0
 /**
  * Returns the display HTML for this widget.  The optional
  * parameter determines whether or not to automatically display the widget
  * nicely, or whether to simply return the widget (for use in a template).
  * 
  * @access	public
  * @param	boolean	$generate_html
  * @return	string
  * 
  */
 function display($generate_html = 0)
 {
     $data = '';
     $attrstr = $this->getAttrs();
     $selected = explode(',', $this->data_value);
     if (session_is_resource($this->table) && !session_allowed($this->table, 'rw', 'resource')) {
         $allowed = false;
     } else {
         $allowed = true;
     }
     $this->_list = $this->getList();
     $this->_selected = $this->getSelected();
     foreach ($this->_list as $k => $v) {
         if (in_array($v->id, $this->_selected)) {
             $this->_list[$k]->selected = true;
         } else {
             $this->_list[$k]->selected = false;
         }
     }
     if (!$this->id) {
         $this->_id = $this->id;
         $this->id = 'false';
     }
     static $loaded = false;
     if (!$loaded) {
         page_add_style($this->_style);
         page_add_script(site_prefix() . '/js/rpc-compressed.js');
     }
     $this->loaded = $loaded;
     page_add_script(template_simple($this->_script, $this));
     $loaded = true;
     if (isset($this->_id)) {
         $this->id = $this->_id;
         unset($this->_id);
     }
     return template_simple($this->_output, $this);
 }