function webfiles_request() { $info = parse_url(urldecode($_SERVER['REQUEST_URI'])); $path = array_pop(preg_split('/\\/method.(copy|delete|edit|get|list|mkdir|move|put|search|lock|unlock|statuses|access-levels|teams)/', $info['path'], 2)); $path = rtrim($path, '/'); // check permissions if (!session_allowed('sitellite_filesystem', 'rw', 'resource')) { return webfiles_error(403, 'Forbidden'); } // disallow .. references if (strpos($path, '..') !== false) { return webfiles_error(403, 'Forbidden'); } // only post requests contain a body if ($_SERVER['REQUEST_METHOD'] != 'POST' && $_SERVER['REQUEST_METHOD'] != 'PUT') { return strtolower($path); } // fetch the body and return array(path, body) $body = ''; $stream = fopen('php://input', 'r'); while (!feof($stream)) { $body .= fread($stream, 4096); } fclose($stream); $path = strtolower($path); return array($path, $body); }
} // END KEEPOUT CHECKING global $cgi; loader_import('cms.Versioning.Rex'); $rex = new Rex($cgi->collection); session_set('imagechooser_path', '/pix'); if (!$rex->collection) { page_title(intl_get('Error: Collection not found!')); echo '<p><a href="' . $_SERVER['HTTP_REFERER'] . '">' . intl_get('Back') . '</a></p>'; return; } if (!session_allowed('add', 'rw', 'resource')) { header('Location: ' . site_prefix() . '/index/cms-cpanel-action'); exit; } if (session_is_resource($cgi->collection) && !session_allowed($cgi->collection, 'r', 'resource')) { header('Location: ' . site_prefix() . '/index/cms-cpanel-action'); exit; } if (isset($rex->info['Collection']['add'])) { list($call, $name) = explode(':', $rex->info['Collection']['add']); if ($call == 'box') { echo loader_box($name); } elseif ($call == 'form') { echo loader_form($name); } else { echo loader_form($call); } return; } else { class CmsAddForm extends MailForm
$pg = new Pager($cgi->offset, $limit); $pg->url = site_current() . '?collection=' . urlencode($cgi->collection); $res = $rex->getDeleted($limit, $cgi->offset, $acl); if (!$res) { $res = array(); $rex->total = 0; } $pg->total = $rex->total; $res2 = array(); foreach ($res as $k => $v) { $res2[$v->{$rex->key}] = $v; } function pretty_date($date) { loader_import('saf.Date'); return Date::timestamp($date, 'M j, Y - g:ia'); } $pg->setData($res2); $pg->update(); //page_title (intl_get ('Browsing') . ': ' . $rex->info['Collection']['display']); $data['collection_name'] = $rex->info['Collection']['display']; $data['title_field'] = $rex->info['Collection']['title_field']; if (!session_allowed('approved', 'w', 'status')) { $data['restore'] = false; } else { $data['restore'] = true; } echo template_simple(CMS_JS_ALERT_MESSAGE, $GLOBALS['cgi']); echo loader_box('cms/nav'); template_simple_register('pager', $pg); echo template_simple('deleted_items.spt', $data);
/** * Returns the display HTML for this widget. The optional * parameter determines whether or not to automatically display the widget * nicely, or whether to simply return the widget (for use in a template). * * @access public * @param boolean $generate_html * @return string * */ function display($generate_html = 0) { foreach (array_keys(parse_ini_file('inc/conf/auth/status/index.php')) as $status) { if (session_allowed($status, 'w', 'status')) { if ($status == 'parallel' && $this->collection != 'sitellite_page') { continue; } $this->value[$status] = ucfirst($status); } } if ($this->nullable) { $this->value[''] = 'BLANK'; } return parent::display($generate_html); }
<?php if (!session_allowed('imagechooser_delete', 'rw', 'resource')) { die('Delete not permitted.'); } $res = db_shift_array('select id from sitellite_page where body like ?', '%' . $parameters['location'] . '/' . $parameters['src'] . '%'); if (count($res) > 0) { $parameters['deleted'] = false; page_title(intl_get('Image in Use') . ': ' . $parameters['location'] . '/' . $parameters['src']); $parameters['err'] = intl_get('Unable to delete image because it is still in use on the following pages:'); $parameters['list'] = $res; } else { if (!@unlink(site_docroot() . $parameters['location'] . '/' . $parameters['src'])) { $parameters['deleted'] = false; page_title(intl_get('Delete Failed') . ': ' . $parameters['location'] . '/' . $parameters['src']); $parameters['err'] = intl_get('Unable to delete image. Check your server filesystem permissions and try again.'); } else { $parameters['deleted'] = true; page_title(intl_get('Image Deleted') . ': ' . $parameters['location'] . '/' . $parameters['src']); } } if ($parameters['admin']) { $app = '-admin-action'; } else { $app = '-app'; } global $cgi; if ($parameters['err']) { session_set('imagechooser_err', $parameters['err']); session_set('imagechooser_pagelist', $parameters['list']); } else {
/** * Checks recursively in the form directory and parent directories * until it checks $formPath finally for an access.php file. It then * parses that file as an INI file and determines whether the form is * accessible by the current user. If a template is specified in the * access.php file, that template name is returned on success, otherwise * a boolean true value is returned on success. False is always returned * if the user is not allowed. * * @access public * @param string $name * @param string $context * @return mixed * */ function formAllowed($name, $context = 'normal') { $app = $this->getApp($name); $name = $this->removeApp($name, $app); if (session_admin() && session_is_resource('app_' . $app) && !session_allowed('app_' . $app, 'rw', 'resource')) { return false; } if (isset($this->applications[$app]) && !$this->applications[$app]) { // app is disabled return false; } $dir = $this->prefix . '/' . $app . '/' . $this->formPath . '/' . $name; while ($dir != $this->prefix . '/' . $app . '/' . $this->formPath) { if (@file_exists($dir . '/access.php')) { $access = parse_ini_file($dir . '/access.php'); $this->formAccess = $access; if (!session_allowed($access['sitellite_access'], 'r', 'access')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context == 'action' && !$access['sitellite_action']) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context != 'normal' && isset($access['sitellite_' . $context]) && !$access['sitellite_' . $context]) { return false; // } elseif ($context == 'inline' && ! $access['sitellite_inline']) { // return false; } else { if (isset($access['sitellite_template_set'])) { page_template_set($access['sitellite_template_set']); } if (isset($access['sitellite_template'])) { return $access['sitellite_template']; } else { return true; } } } $dir = preg_split('/\\//', $dir); array_pop($dir); $dir = join('/', $dir); } // check for a global access.php file if (@file_exists($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php')) { $access = parse_ini_file($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php'); $this->formAccess = $access; if (!session_allowed($access['sitellite_access'], 'r', 'access')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context == 'action' && !$access['sitellite_action']) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context == 'inline' && !$access['sitellite_inline']) { return false; } else { if (isset($access['sitellite_template_set'])) { page_template_set($access['sitellite_template_set']); } if (isset($access['sitellite_template'])) { return $access['sitellite_template']; } else { return true; } } } // no access.php found at all, revert to logical defaults if ($context == 'action') { return false; } return true; }
<?php global $cgi; loader_import('saf.Misc.RPC'); if (!$cgi->table || !$cgi->items || !$cgi->key) { echo rpc_response(false); exit; } if (!$cgi->verify('table', 'regex', '/^[a-zA-Z0-9_-]+$/')) { echo rpc_response(false); exit; } if (!$cgi->verify('key', 'regex', '/^[a-zA-Z0-9_-]+$/')) { echo rpc_response(false); exit; } if (session_is_resource($cgi->table) && !session_allowed($cgi->table, 'rw', 'resource')) { echo rpc_response(false); exit; } $items = preg_split('/, ?/', $cgi->items); foreach ($items as $item) { db_execute('insert into ' . $cgi->table . ' (' . $cgi->key . ') values (?)', $item); } echo rpc_response(true); exit;
} $data['links'] = array(); foreach ($rex->info as $key => $vals) { if (strpos($key, 'link:') === 0) { $perms = $vals['requires']; switch ($perms) { case 'r': case 'w': case 'rw': if (session_is_resource($cgi->collection) && !session_allowed($cgi->collection, $perms, 'resource')) { continue; } break; } if (isset($vals['requires resource'])) { if (session_is_resource($vals['requires resource']) && !session_allowed($vals['requires resource'], 'rw', 'resource')) { continue; } } $vals['text'] = intl_get($vals['text']); if (strpos($vals['url'], '/index/') === 0) { $vals['url'] = site_prefix() . $vals['url']; } $data['links'][] = $vals; } } echo template_simple(CMS_JS_ALERT_MESSAGE, $GLOBALS['cgi']); echo loader_box('cms/nav'); template_simple_register('pager', $pg); template_simple_register('locks', $locks); template_simple_register('editable', $editable);
$pg->update(); function pretty_date($date) { loader_import('saf.Date'); return Date::timestamp($date, 'M j, Y - g:ia'); } $cur = $rex->getCurrent($cgi->_key); if (!$cur) { $title = $cgi->_key; } else { $title = $cur->{$rex->info['Collection']['title_field']}; } if (!session_allowed('approved', 'w', 'status')) { //isset ($cur->sitellite_access) && ! session_allowed ($cur->sitellite_access, 'w', 'access')) { $editable = false; } elseif (isset($cur->sitellite_access) && !session_allowed($cur->sitellite_access, 'w', 'access')) { $editable = false; } elseif (isset($cur->sitellite_status) && !session_allowed($cur->sitellite_status, 'w', 'status')) { $editable = false; } elseif (isset($cur->sitellite_team) && !session_allowed($cur->sitellite_team, 'w', 'team')) { $editable = false; } else { $editable = true; } if ($cgi->offset == 0) { $cgi->_current = $history[0]->sv_autoid; } $pg->url = site_current() . '?_collection=' . urlencode($cgi->_collection) . '&_key=' . urlencode($cgi->_key) . '&_return=' . urlencode($cgi->_return) . '&_current=' . urlencode($cgi->_current); page_title(intl_get('Change History') . ': ' . $rex->info['Collection']['display'] . ' / ' . $title); template_simple_register('pager', $pg); echo template_simple('history.spt', array('history' => $history, 'current' => $cgi->_current, 'editable' => $editable));
/** * Returns the display HTML for this widget. The optional * parameter determines whether or not to automatically display the widget * nicely, or whether to simply return the widget (for use in a template). * * @access public * @param boolean $generate_html * @return string * */ function display($generate_html = 0) { foreach (array_keys(parse_ini_file('inc/conf/auth/access/index.php')) as $access) { if (session_allowed($access, 'w', 'access')) { $this->value[$access] = ucfirst($access); } } if ($this->nullable) { $this->value[''] = 'BLANK'; } return parent::display($generate_html); }
$parameters['inline'] = true; } if (!isset($parameters['return']) && $parameters['collection'] == 'sitellite_page') { $parameters['return'] = site_current(); } $parameters['return_v1'] = site_current(); loader_import('cms.Workflow.Lock'); lock_init(); if (lock_exists($parameters['collection'], $parameters['id'])) { $parameters['editable'] = false; $lock_info = lock_info($parameters['collection'], $parameters['id']); $parameters['lock_owner'] = $lock_info->user; $parameters['lock_expires'] = $lock_info->expires; loader_import('cms.Filters'); } if (session_is_resource('delete') && !session_allowed('delete', 'rw', 'resource')) { $parameters['deletable'] = false; } if ($rex->isVersioned && $parameters['editable']) { //session_allowed ('approved', 'w', 'status')) { $parameters['history'] = true; } else { $parameters['history'] = false; } if ($parameters['collection'] == 'sitellite_page') { $c = $rex->getCurrent($parameters['id']); if ($c->sitellite_status == 'draft' || $c->sitellite_status == 'pending') { //$parameters['status'] = $c->sitellite_status; $p = $rex->getSource($parameters['id']); if ($p == $c) { $parameters['draft'] = false;
$c = 0; foreach ($one as $k => $v) { $ct = str_replace(site_prefix() . '/index/cms-browse-action?collection=', '', $k); $r = new Rex($ct); if ($r->info['Collection']['icon']) { $icon = site_prefix() . '/' . $r->info['Collection']['icon']; } else { $icon = site_prefix() . '/inc/app/cms/pix/icons/content-type.gif'; } $data['content_panel']['icons'][] = array('href' => $k, 'src' => $icon, 'alt' => $v); $c++; if ($c >= 3) { break; } } if (session_is_resource('app_usradm') && !session_allowed('app_usradm', 'rw', 'resource')) { $data['admin_panel'] = array('name' => 'admin', 'caption' => intl_get('Admin'), 'action' => '#', 'method' => 'get', 'select' => 'list', 'selected' => '', 'select-extra' => 'disabled="disabled"', 'options' => array(array()), 'icons' => array(array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/users_disabled.gif', 'alt' => intl_get('Users')), array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/roles_disabled.gif', 'alt' => intl_get('Roles')), array('href' => '#', 'src' => site_prefix() . '/inc/app/cms/pix/icons/teams_disabled.gif', 'alt' => intl_get('Teams')))); if (!appconf('panels_show_disabled')) { $data['admin_panel']['icons'] = array(); } } else { $data['admin_panel'] = array('name' => 'admin', 'caption' => intl_get('Admin'), 'action' => site_prefix() . '/index/usradm-browse-action', 'method' => 'get', 'select' => 'list', 'selected' => '', 'select-extra' => 'onchange="this.form.submit ()"', 'options' => array(array(site_prefix() . '/index/usradm-browse-action?list=accesslevels' => intl_get('Access Levels'), site_prefix() . '/index/usradm-browse-action?list=log' => intl_get('Activity Log'), site_prefix() . '/index/usradm-applications-action' => intl_get('Applications'), site_prefix() . '/index/usradm-cache-form' => intl_get('Cache Settings'), site_prefix() . '/index/usradm-browse-action?list=prefs' => intl_get('Preferences'), site_prefix() . '/index/usradm-browse-action?list=resources' => intl_get('Resources')), array(site_prefix() . '/index/usradm-browse-action?list=roles' => intl_get('Roles'), site_prefix() . '/index/usradm-settings-form' => intl_get('Site Settings'), site_prefix() . '/index/usradm-browse-action?list=statuses' => intl_get('Statuses'), site_prefix() . '/index/usradm-browse-action?list=teams' => intl_get('Teams'), site_prefix() . '/index/usradm-browse-action?list=users' => intl_get('Users'), site_prefix() . '/index/usradm-workflow-action' => intl_get('Workflow Services'))), 'icons' => array(array('href' => site_prefix() . '/index/usradm-browse-action?list=users', 'src' => site_prefix() . '/inc/app/cms/pix/icons/users.gif', 'alt' => intl_get('Users')), array('href' => site_prefix() . '/index/usradm-browse-action?list=roles', 'src' => site_prefix() . '/inc/app/cms/pix/icons/roles.gif', 'alt' => intl_get('Roles')), array('href' => site_prefix() . '/index/usradm-browse-action?list=teams', 'src' => site_prefix() . '/inc/app/cms/pix/icons/teams.gif', 'alt' => intl_get('Teams')))); } $apps = loader_box('cms/admintools'); $apps = explode(NEWLINE, $apps); $c = 0; foreach ($apps as $k => $v) { if (empty($v)) { unset($apps[$k]); continue; }
$page = new StdClass(); $page->user = $user; $page->title = intl_get('Your Homepage'); $page->template = appconf('homepage_default_template'); $page->body = intl_get('Edit your homepage to change this text.'); } else { $page = new StdClass(); $page->user = $user; $page->title = $user . '\'s ' . intl_get('Homepage'); $page->template = appconf('homepage_default_template'); $page->body = intl_get('This user has not yet created a home page.'); } } if ($context == 'action') { page_title($page->title); if (!empty($page->template)) { page_template($page->template); } $default_template = appconf('homepage_template'); if ($default_template) { page_template($default_template); } } if ($self && session_allowed('sitellite_homepage', 'w', 'resource')) { echo '<p><a href="' . site_prefix() . '/index/sitemember-homepage-form?user='******'">' . intl_get('Edit Homepage') . '</a></p>'; } if ($context != 'action') { echo '<p><strong>' . intl_get('Title') . ': ' . $page->title . '</strong></p>'; } $GLOBALS['page']->body_parts = preg_split('|<hr[^>]*>|is', $page->body); echo $page->body;
/** * PROPPATCH method handler * * @param array general parameter passing array * @return bool true on success */ function PROPPATCH(&$options) { $options['path'] = $this->_path(); $path = $options["path"]; //info ($options); $info = $this->rex->getCurrent(trim($path, '/')); if (!session_allowed($info, 'rw')) { foreach ($options['props'] as $k => $v) { $options['props'][$k]['status'] = '403 Forbidden'; } return ''; } unset($info); $update = array(); foreach ($options["props"] as $key => $prop) { if ($prop["ns"] == "DAV:") { $options["props"][$key]['status'] = "403 Forbidden"; } elseif ($prop['ns'] == 'WebFiles') { // known properties by sitellite if (isset($prop['val'])) { switch ($prop['name']) { case 'status': case 'access': case 'owner': case 'team': $update['sitellite_' . $prop['name']] = $prop['val']; break; case 'keywords': case 'description': $update[$prop['name']] = $prop['val']; break; } } else { // todo: delete property value } } } //info ($update); // todo: update rex with $update... return ''; }
<?php if (!session_admin()) { return; } $applications = parse_ini_file('inc/conf/auth/applications/index.php'); loader_import('saf.File.Directory'); $d = new Dir('inc/app'); $apps = array(); foreach ($d->read_all() as $file) { if (strpos($file, '.') === 0 || !@is_dir('inc/app/' . $file) || !@file_exists('inc/app/' . $file . '/conf/config.ini.php') || in_array($file, array('cms', 'usradm'))) { continue; } if (session_is_resource('app_' . $file) && !session_allowed('app_' . $file, 'rw', 'resource')) { continue; } if (isset($applications[$file]) && !$applications[$file]) { continue; } $c = @parse_ini_file('inc/app/' . $file . '/conf/config.ini.php'); if (!isset($c['admin_handler']) || !isset($c['admin_handler_type']) || isset($c['admin']) && !$c['admin']) { continue; } if (!isset($c['app_name'])) { $c['app_name'] = $file; } if ($c['admin_handler_type'] == 'box') { $type = 'action'; } else { $type = $c['admin_handler_type']; }
<?php global $page, $cgi; if (!session_admin()) { return; } if (!isset($parameters['collection'])) { $parameters['collection'] = 'sitellite_page'; } if (!session_allowed('add', 'rw', 'resource')) { return; } if (session_is_resource($parameters['collection']) && !session_allowed($parameters['collection'], 'rw', 'resource')) { return; } loader_import('cms.Versioning.Rex'); $rex = new Rex($parameters['collection']); if (!$rex->collection) { return; } $parameters['type'] = intl_get($rex->info['Collection']['singular']); echo template_simple('buttons/add.spt', $parameters);
// end if $_devnotes $title = 'DevNotes'; if (isset($parameters['title'])) { $title = $parameters['title']; } echo '<a name="devnotes"></a><h1>' . intl_get($title) . '</h1>'; if (session_admin()) { if ($inframe) { $target = ' target="_parent"'; } else { $target = ''; } echo template_simple('<p><a href="{site/prefix}/index/devnotes-admin-action"' . $target . '>{intl DevNotes Admin}</a></p>'); } if ($_devnotes) { if (!isset($parameters['posting']) || isset($parameters['posting']) && session_allowed($parameters['posting'], 'rw', 'access')) { // display add form $dn->listFields('distinct name'); $dn->orderBy('ts asc'); $users1 = $dn->find(array()); if (!is_array($users1)) { $users1 = array(); } $users = array(); foreach ($users1 as $key => $value) { $users[] = $value->name; } echo template_simple('form.spt', array('users' => $users, 'appname' => $appname)); } // end $parameters['posting'] check }
/** * Returns the display HTML for this widget. The optional * parameter determines whether or not to automatically display the widget * nicely, or whether to simply return the widget (for use in a template). * * @access public * @param boolean $generate_html * @return string * */ function display($generate_html = 0) { $data = ''; $attrstr = $this->getAttrs(); $selected = explode(',', $this->data_value); loader_import('saf.Misc.RPC'); echo rpc_init('return false'); $mult = 'false'; if ($this->size) { $multiple = ' size="' . $this->size . '"'; $braces = ''; if ($this->multiple) { $multiple = ' multiple="multiple"' . $multiple; $braces = '[]'; $mult = 'true'; } } else { $multiple = ''; $braces = ''; } if (session_is_resource($this->table) && !session_allowed($this->table, 'rw', 'resource')) { $allowed = false; } else { $allowed = true; } if ($allowed) { loader_import('saf.GUI.Prompt'); if ($this->title) { page_add_script(' var cms_' . $this->name . '_form; var cms_' . $this->name . '_oldhandler; function cms_' . $this->name . '_add_handler (words) { f = cms_' . $this->name . '_form; // 2. add the selected keywords to the list for (i = 0; i < words.length; i++) { if (document.all) { f.elements[\'' . $this->name . $braces . '\'].options[f.elements[\'' . $this->name . $braces . '\'].options.length + 1] = new Option (words[i].text, words[i].value, false, true); } else { o = document.createElement (\'option\'); o.text = words[i].text; o.value = words[i].value; f.elements[\'' . $this->name . $braces . '\'].add (o, null); } } rpc_handler = null; rpc_handler = cms_' . $this->name . '_oldhandler; } function cms_' . $this->name . '_add (f) { cms_' . $this->name . '_form = f; // 0. collect our new items(s) from the user prompt ( \'New items(s) -- separate multiple with commas (one, two, three)\', \'\', function (word) { if (word == null || word.length == 0 || word == false) { return false; } words = word.split (/, ?/); cms_' . $this->name . '_oldhandler = rpc_handler; rpc_handler = null; rpc_handler = cms_' . $this->name . '_add_handler; // 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->addAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&title=' . $this->title . '&items=\' + word); } ); // 3. cancel the click return false; } function cms_' . $this->name . '_remove (f) { // 0. collect the selected items from the "items" field word = \'\'; show = \'\'; sep = \'\'; for (i = 0; i < f.elements[\'' . $this->name . $braces . '\'].options.length; i++) { if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) { word = word + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].value; show = show + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].text; sep = \',\'; } } // 0.1. confirm that they want to delete the selected list c = confirm (\'' . intl_get('Are you sure you want to remove these items?') . ' \' + show); if (! c) { return false; } // 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->removeAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&title=' . $this->title . '&items=\' + word); // 2. remove the selected keywords from the list multiple = ' . $mult . '; for (i = f.elements[\'' . $this->name . $braces . '\'].options.length - 1; i >= 0; i--) { if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) { // remove if (document.all) { f.elements[\'' . $this->name . $braces . '\'].options.remove (i); } else { f.elements[\'' . $this->name . $braces . '\'].options[i] = null; } if (! multiple) { break; } } } // 3. cancel the click return false; } '); } else { page_add_script(' function cms_' . $this->name . '_add (f) { cms_' . $this->name . '_form = f; // 0. collect our new items(s) from the user prompt ( \'New items(s) -- separate multiple with commas (one, two, three)\', \'\', function (word) { if (word == null || word.length == 0 || word == false) { return false; } words = word.split (/, ?/); f = cms_' . $this->name . '_form; // 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->addAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&items=\' + word); // 2. add the selected keywords to the list for (i = 0; i < words.length; i++) { if (document.all) { f.elements[\'' . $this->name . $braces . '\'].options[f.elements[\'' . $this->name . $braces . '\'].options.length + 1] = new Option (words[i], words[i], false, true); } else { o = document.createElement (\'option\'); o.text = words[i]; o.value = words[i]; f.elements[\'' . $this->name . $braces . '\'].add (o, null); } } } ); // 3. cancel the click return false; } function cms_' . $this->name . '_remove (f) { // 0. collect the selected items from the "items" field word = \'\'; sep = \'\'; for (i = 0; i < f.elements[\'' . $this->name . $braces . '\'].options.length; i++) { if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) { word = word + sep + f.elements[\'' . $this->name . $braces . '\'].options[i].value; sep = \',\'; } } // 0.1. confirm that they want to delete the selected list c = confirm (\'' . intl_get('Are you sure you want to remove these items?') . ' \' + word); if (! c) { return false; } // 1. call {site/prefix}/index/' . str_replace('/', '-', $this->addAction) . '-action in a popup rpc_call (\'' . site_prefix() . '/index/' . str_replace('/', '-', $this->removeAction) . '-action?table=' . $this->table . '&key=' . $this->key . '&items=\' + word); // 2. remove the selected keywords from the list multiple = ' . $mult . '; for (i = f.elements[\'' . $this->name . $braces . '\'].options.length - 1; i >= 0; i--) { if (f.elements[\'' . $this->name . $braces . '\'].options[i].selected) { // remove if (document.all) { f.elements[\'' . $this->name . $braces . '\'].options.remove (i); } else { f.elements[\'' . $this->name . $braces . '\'].options[i] = null; } if (! multiple) { break; } } } // 3. cancel the click return false; } '); } // end title } // end allowed if ($generate_html) { $data .= '<tr> <td class="label"' . $this->invalid() . ' valign="top"> <label for="' . $this->name . '" id="' . $this->name . '-label">' . template_simple($this->label_template, $this, '', true) . '</label> </td> <td class="field"> <table border="0" cellpadding="3" cellspacing="0"> <tr> <td valign="top"> <select name="' . $this->name . $braces . '" ' . $multiple . $attrstr . ' ' . $this->extra . '>' . NEWLINE; foreach ($this->getList() as $obj) { if (!$this->title) { $key = $obj->{$this->key}; $keyword = $obj->{$this->key}; } else { $key = $obj->{$this->key}; $keyword = $obj->{$this->title}; } $data .= TABx2 . TABx2 . TABx2 . '<option value="' . $key . '"'; if (in_array($key, $selected)) { $data .= ' selected="selected"'; } $data .= '>' . $keyword . '</option>' . NEWLINE; } $data .= '</select> </td>' . NEWLINE; if ($allowed) { $data .= ' <td valign="top" width="100%"> <input type="submit" value="' . intl_get('Add') . '" onclick="return cms_' . $this->name . '_add (this.form)" /><br /> <input type="submit" value="' . intl_get('Remove') . '" onclick="return cms_' . $this->name . '_remove (this.form)" /> </td> </tr> </table> </td>' . NEWLINE; } else { $data .= '</tr></table></td>'; } $data .= ' </tr>' . NEWLINEx2; } else { } return $data; }
} if ($cgi->multiple == 'yes') { $multiple = true; } else { $multiple = false; } $sitesearch_allowed = array(); $sitesearch_highlight = array(); loader_import('saf.File.Directory'); foreach (Dir::fetch('inc/app/cms/conf/collections') as $file) { if (strpos($file, '.') === 0 || @is_dir('inc/app/cms/conf/collections/' . $file)) { continue; } $config = ini_parse('inc/app/cms/conf/collections/' . $file); if (isset($config['Collection']['sitesearch_url'])) { if (isset($config['Collection']['sitesearch_access']) && session_allowed($config['Collection']['sitesearch_access'], 'r', 'access')) { $sitesearch_allowed[] = $config['Collection']['name']; } $sitesearch_highlight[$config['Collection']['name']] = $config['Collection']['name']; if (isset($config['Collection']['sitesearch_highlight']) && !$config['Collection']['sitesearch_highlight']) { unset($sitesearch_highlight[$config['Collection']['name']]); } } } $folders = ini_parse('inc/app/sitesearch/conf/folders.ini.php'); $domains = array(site_domain() => site_domain()); foreach ($folders as $name => $folder) { if (isset($folder['domain'])) { $domains[$folder['domain']] = $folder['domain']; } else { $sitesearch_allowed[] = $name;
/** * Returns the display HTML for this widget. The optional * parameter determines whether or not to automatically display the widget * nicely, or whether to simply return the widget (for use in a template). * * @access public * @param boolean $generate_html * @return string * */ function display($generate_html = 0) { $data = ''; $attrstr = $this->getAttrs(); $selected = explode(',', $this->data_value); if (session_is_resource($this->table) && !session_allowed($this->table, 'rw', 'resource')) { $allowed = false; } else { $allowed = true; } $this->_list = $this->getList(); $this->_selected = $this->getSelected(); foreach ($this->_list as $k => $v) { if (in_array($v->id, $this->_selected)) { $this->_list[$k]->selected = true; } else { $this->_list[$k]->selected = false; } } if (!$this->id) { $this->_id = $this->id; $this->id = 'false'; } static $loaded = false; if (!$loaded) { page_add_style($this->_style); page_add_script(site_prefix() . '/js/rpc-compressed.js'); } $this->loaded = $loaded; page_add_script(template_simple($this->_script, $this)); $loaded = true; if (isset($this->_id)) { $this->id = $this->_id; unset($this->_id); } return template_simple($this->_output, $this); }