/** * Add access permission for a record to the backend user * * @param int $id * @param string $accessField * @param string $permissionField * * @return bool If current record in a new record */ protected function addNewRecordPermissions($id, $accessField, $permissionField) { /** @type \BackendUser|object $user */ $user = \BackendUser::getInstance(); $session = \Session::getInstance(); $db = \Database::getInstance(); $groups = deserialize($user->groups); $newRecords = $session->get('new_records'); if (is_array($newRecords['tl_iso_group']) && in_array($id, $newRecords['tl_iso_group'])) { if ($user->inherit == 'custom' || empty($groups)) { // Add permissions on user level $objUser = $db->prepare("SELECT id, {$accessField}, {$permissionField} FROM tl_user WHERE id=?")->execute($user->id); $this->addCreatePermission($id, $permissionField, $accessField, 'tl_user', $objUser); } elseif (!empty($groups) && is_array($groups)) { // Add permissions on group level $objGroups = $db->execute("\n SELECT id, {$accessField}, {$permissionField}\n FROM tl_user_group\n WHERE " . $db->findInSet('id', $groups)); while ($objGroups->next()) { if ($this->addCreatePermission($id, $permissionField, $accessField, 'tl_user_group', $objGroups)) { break; } } } return true; } return false; }
public function executePostActionsHook($strAction, \DataContainer $dc) { if ($strAction !== static::$uploadAction) { return false; } // Check whether the field is allowed for regular users if (!isset($GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]) || $GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]['exclude'] && !\BackendUser::getInstance()->hasAccess($dc->table . '::' . \Input::post('field'), 'alexf')) { \System::log('Field "' . \Input::post('field') . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR); $objResponse = new ResponseError(); $objResponse->setMessage('Bad Request'); $objResponse->output(); } $this->name = \Input::post('field'); $this->id = \Input::post('field'); $this->field = \Input::post('field'); if ($dc->activeRecord === null) { $dc->activeRecord = General::getModelInstance($dc->table, $dc->id); } // add dca attributes $this->addAttributes(\Widget::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$this->name], $this->name)); $objResponse = $this->upload(); /** @var Response */ if ($objResponse instanceof Response) { $objResponse->output(); } }
/** * Generate product filter buttons and return them as HTML * @return string */ public static function generateFilterButtons() { if (\Input::get('id') > 0) { return ''; } $session = \Session::getInstance()->getData(); $intPage = $session['filter']['tl_iso_product']['iso_page']; $blnGroups = true; // Check permission if (!\BackendUser::getInstance()->isAdmin) { $groups = deserialize(\BackendUser::getInstance()->iso_groups); if (!is_array($groups) || empty($groups)) { $blnGroups = false; } // Allow to manage groups if (is_array(\BackendUser::getInstance()->iso_groupp) && !empty(\BackendUser::getInstance()->iso_groupp)) { $blnGroups = true; } } return ' <div class="tl_filter iso_filter tl_subpanel"> ' . ($blnGroups ? '<input type="button" id="groupFilter" class="tl_submit' . (\Session::getInstance()->get('iso_products_gid') ? ' active' : '') . '" onclick="Backend.getScrollOffset();Isotope.openModalGroupSelector({\'width\':765,\'title\':\'' . specialchars($GLOBALS['TL_LANG']['tl_iso_product']['product_groups'][0]) . '\',\'url\':\'system/modules/isotope/group.php?do=' . \Input::get('do') . '&table=' . \Isotope\Model\Group::getTable() . '&field=gid&value=' . \Session::getInstance()->get('iso_products_gid') . '\',\'action\':\'filterGroups\'});return false" value="' . specialchars($GLOBALS['TL_LANG']['MSC']['filterByGroups']) . '">' : '') . ' <input type="button" id="pageFilter" class="tl_submit' . ($intPage > 0 ? ' active' : '') . '" onclick="Backend.getScrollOffset();Isotope.openModalPageSelector({\'width\':765,\'title\':\'' . specialchars($GLOBALS['TL_LANG']['MOD']['page'][0]) . '\',\'url\':\'contao/page.php?do=' . \Input::get('do') . '&table=tl_iso_product_category&field=page_id&value=' . $intPage . '\',\'action\':\'filterPages\'});return false" value="' . specialchars($GLOBALS['TL_LANG']['MSC']['filterByPages']) . '"> </div>'; }
/** * {@inheritDoc} */ protected function loadFiletree(DataContainerInterface $objDc) { $table = $objDc->getEnvironment()->getDataDefinition()->getName(); $arrData['strTable'] = $table; $arrData['id'] = self::getAjaxName() ?: $objDc->getId(); $arrData['name'] = self::getPost('name'); /** @var \FileTree $objWidget */ $objWidget = new $GLOBALS['BE_FFL']['fileTree']($arrData, $objDc); // Load a particular node. if (self::getPost('folder', true) != '') { echo $objWidget->generateAjax(self::getPost('folder', true), self::getPost('field'), intval(self::getPost('level'))); } else { // Reload the whole tree. $user = \BackendUser::getInstance(); $strTree = ''; $path = $GLOBALS['TL_DCA'][$table]['fields'][self::getPost('field')]['eval']['path']; // Set a custom path. if (strlen($GLOBALS['TL_DCA'][$table]['fields'][self::getPost('field')]['eval']['path'])) { $strTree = $objWidget->generateAjax($GLOBALS['TL_DCA'][$table]['fields'][self::getPost('field')]['eval']['path'], self::getPost('field'), intval(self::getPost('level'))); } elseif ($user->isAdmin) { $strTree = $objWidget->generateAjax($GLOBALS['TL_CONFIG']['uploadPath'], self::getPost('field'), intval(self::getPost('level'))); } else { foreach ($this->eliminateNestedPaths($this->User->filemounts) as $node) { $strTree .= $objWidget->generateAjax($node, self::getPost('field'), intval(self::getPost('level')), true); } } echo $strTree; } exit; }
public function compressSingleImage(\DataContainer $dc) { $objUser = \BackendUser::getInstance(); if (!$objUser->hasAccess('f5', 'fop')) { $url = $this->Environment->base . '/contao/main.php?do=files'; $this->redirect($url); } $strDecoded = rawurldecode($_GET['id']); if (is_dir(TL_ROOT . '/' . $strDecoded)) { $url = $this->Environment->base . '/contao/main.php?do=files'; $this->redirect($url); } $objFile = new \File($strDecoded, true); $compressableFiles = array('jpg', 'jpeg', 'png'); if (in_array($objFile->extension, $compressableFiles)) { if (isset($GLOBALS['TL_CONFIG']['krakenIo_enable']) && $GLOBALS['TL_CONFIG']['krakenIo_enable'] == true) { if (isset($GLOBALS['TL_CONFIG']['krakenIo_apiKey']) && isset($GLOBALS['TL_CONFIG']['krakenIo_apiSecret'])) { $krakenIoApi = new KrakenIoApi($GLOBALS['TL_CONFIG']['krakenIo_apiKey'], $GLOBALS['TL_CONFIG']['krakenIo_apiSecret']); $params = array('file' => TL_ROOT . '/' . $_GET['id'], 'wait' => true); if (isset($GLOBALS['TL_CONFIG']['krakenIo_enable']) && $GLOBALS['TL_CONFIG']['krakenIo_enable'] == true) { $params['lossy'] = true; } $krakenIoApiResponse = $krakenIoApi->upload($params); $this->parseKrakenIoResponse($krakenIoApiResponse, $_GET['id']); } else { \System::log($GLOBALS['TL_LANG']['ERR']['krakenIo_404'], 'krakenIoInterface parseKrakenIoResponse()', TL_ERROR); } } } $url = $this->Environment->base . '/contao/main.php?do=files'; $this->redirect($url); }
/** * Constructor */ public function __construct() { // If we are in the Backend-Mode use the BackendUser. if (TL_MODE == 'FE') { $this->user = \FrontendUser::getInstance(); } else { $this->user = \BackendUser::getInstance(); } // Language \Controller::loadLanguageFile("default"); \Controller::loadLanguageFile('tl_synccto_clients'); // Instance a list for regex from the blacklist for folders. $this->arrPreparedBlacklistFolder = array(); foreach ($this->getBlacklistFolder() as $key => $value) { $this->arrPreparedBlacklistFolder[$key] = str_replace($this->arrSearch, $this->arrReplace, $value); } // Instance a list for regex from the blacklist for files. $this->arrPreparedBlacklistFiles = array(); foreach ($this->getBlacklistFile() as $key => $value) { $this->arrPreparedBlacklistFiles[$key] = str_replace($this->arrSearch, $this->arrReplace, $value); } // Instance a list for regex from the hidden table list. $this->arrPreparedHiddenTablePlaceholder = array(); foreach ($this->getHiddenTablePlaceholder() as $key => $value) { $this->arrPreparedHiddenTablePlaceholder[$key] = str_replace($this->arrSearch, $this->arrReplace, $value); } // Replace some elements in TL_ROOT for regex. $this->strPreparedTlRoot = str_replace('\\', '\\\\', TL_ROOT); }
public function addBackendAdminMenu($strBuffer, $strTemplate) { if ($strTemplate != 'be_main' || !\BackendUser::getInstance()->isAdmin) { return $strBuffer; } // replace the scripts before processing -> https://code.google.com/archive/p/phpquery/issues/212 $arrScripts = StringUtil::replaceScripts($strBuffer); $objDoc = \phpQuery::newDocumentHTML($arrScripts['content']); $objMenu = new BackendTemplate($this->strTemplate); $arrActions = array(); $arrActiveActions = deserialize(\Config::get('backendAdminMenuActiveActions'), true); foreach (empty($arrActiveActions) ? array_keys(\Config::get('backendAdminMenuActions')) : $arrActiveActions as $strAction) { $arrActionData = $GLOBALS['TL_CONFIG']['backendAdminMenuActions'][$strAction]; $objAction = new BackendTemplate($this->strEntryTemplate); $objAction->setData($arrActionData); // href = callback? if (is_array($arrActionData['href']) || is_callable($arrActionData['href'])) { $strClass = $arrActionData['href'][0]; $strMethod = $arrActionData['href'][1]; $objInstance = \Controller::importStatic($strClass); $objAction->href = $objInstance->{$strMethod}(); } $objAction->class = $strAction; $arrActions[] = $objAction->parse(); } $objMenu->actions = $arrActions; $objDoc['#tmenu']->prepend($objMenu->parse()); $strBuffer = StringUtil::unreplaceScripts($objDoc->htmlOuter(), $arrScripts['scripts']); // avoid double escapings introduced by phpquery :-( $strBuffer = preg_replace('@&([^;]{2,4};)@i', '&$1', $strBuffer); return $strBuffer; }
public static function hasAccessToField($strTable, $strField) { if (($objUser = \BackendUser::getInstance()) === null || !is_array(\BackendUser::getInstance()->alexf)) { return false; } return $objUser->isAdmin || in_array($strTable . '::' . $strField, \BackendUser::getInstance()->alexf); }
/** * Initialize the object * @param string */ public function __construct($strTable) { $this->import('Session'); $this->intGroupId = (int) \Session::getInstance()->get('iso_products_gid'); // Check if the group exists if ($this->intGroupId > 0) { $objGroup = \Isotope\Model\Group::findByPk($this->intGroupId); if (null === $objGroup) { if (\BackendUser::getInstance()->isAdmin || !is_array(\BackendUser::getInstance()->iso_groups)) { $this->intGroupId = 0; } elseif (!\BackendUser::getInstance()->isAdmin) { $this->intGroupId = (int) \Database::getInstance()->prepare("SELECT id FROM " . \Isotope\Model\Group::getTable() . " WHERE id IN ('" . implode("','", \BackendUser::getInstance()->iso_groups) . "') ORDER BY " . \Database::getInstance()->findInSet('id', \BackendUser::getInstance()->iso_groups))->limit(1)->execute()->id; } } } // Redirect if the product was not found if (isset($_GET['id'])) { $objProduct = \Database::getInstance()->prepare("SELECT id FROM " . $strTable . " WHERE id=?")->limit(1)->execute(\Input::get('id', true)); if (!$objProduct->numRows) { \Controller::redirect(preg_replace('/(&)?id=[^&]*/i', '', \Environment::get('request'))); } } $arrClipboard = $this->Session->get('CLIPBOARD'); // Cut all records if ($arrClipboard[$strTable]['mode'] == 'cutAll' && \Input::get('act') != 'cutAll') { \Controller::redirect(\Backend::addToUrl('&act=cutAll')); } parent::__construct($strTable); }
public function addSystemMessages() { if ($GLOBALS['TL_CONFIG']['be_rss_src'] == '') { return ''; } $feed = new \SimplePie(); $feed->set_feed_url(html_entity_decode($GLOBALS['TL_CONFIG']['be_rss_src'])); $feed->set_output_encoding(\Config::get('characterSet')); $feed->set_cache_location(TL_ROOT . '/system/tmp'); $feed->enable_cache(true); if (!$feed->init()) { $this->log('Error importing RSS feed "' . $this->rss_feed . '"', __METHOD__, TL_ERROR); return ''; } $items = $feed->get_items(0, $GLOBALS['TL_CONFIG']['be_rss_max'] ? $GLOBALS['TL_CONFIG']['be_rss_max'] : 3); $output = ''; if ($items) { $user = \BackendUser::getInstance(); foreach ($items as $item) { $template = new \BackendTemplate('be_rss_item'); $template->title = $item->get_title(); $template->link = $item->get_link(); $template->content = $item->get_content(); $template->date = $item->get_date($GLOBALS['TL_CONFIG']['datimFormat']); $template->class = $item->get_date('U') > $user->lastLogin ? 'new' : 'message'; $output .= $template->parse(); } } $template = new \BackendTemplate('be_rss'); $template->headline = $GLOBALS['TL_CONFIG']['be_rss_headline']; $template->items = $output; return $template->parse(); }
/** * Check permissions to edit table. */ public function checkPermission() { if (!\BackendUser::getInstance()->isAdmin) { \System::log('Not enough permissions to access leads export ID "' . \Input::get('id') . '"', __METHOD__, TL_ERROR); \Controller::redirect('contao/main.php?act=error'); } }
/** * Get all articles and return them as array * @param \DataContainer * @return array */ public function getAllArticles(\DataContainer $dc) { $user = \BackendUser::getInstance(); $pids = array(); $articles = array(); // Limit pages to the user's pagemounts if ($user->isAdmin) { $objArticle = \Database::getInstance()->execute("SELECT a.id, a.pid, a.title, a.inColumn, p.title AS parent FROM tl_article a LEFT JOIN tl_page p ON p.id=a.pid ORDER BY parent, a.sorting"); } else { foreach ($user->pagemounts as $id) { $pids[] = $id; $pids = array_merge($pids, \Database::getInstance()->getChildRecords($id, 'tl_page')); } if (empty($pids)) { return $articles; } $objArticle = \Database::getInstance()->execute("SELECT a.id, a.pid, a.title, a.inColumn, p.title AS parent FROM tl_article a LEFT JOIN tl_page p ON p.id=a.pid WHERE a.pid IN(" . implode(',', array_map('intval', array_unique($pids))) . ") ORDER BY parent, a.sorting"); } // Edit the result if ($objArticle->numRows) { \Controller::loadLanguageFile('tl_article'); while ($objArticle->next()) { $key = $objArticle->parent . ' (ID ' . $objArticle->pid . ')'; $articles[$key][$objArticle->id] = $objArticle->title . ' (' . ($GLOBALS['TL_LANG']['tl_article'][$objArticle->inColumn] ?: $objArticle->inColumn) . ', ID ' . $objArticle->id . ')'; } } return $articles; }
/** * Return the export config icon. * * @param string * @param string * @param string * * @return string */ public function exportConfigIcon($href, $label, $title, $class, $attributes) { if (!\BackendUser::getInstance()->isAdmin) { return ''; } return '<a href="contao/main.php?do=form&table=tl_lead_export&id=' . Input::get('master') . '" class="' . $class . '" title="' . specialchars($title) . '"' . $attributes . '>' . $label . '</a> '; }
public function addSystemMessages() { $objUser = \BackendUser::getInstance(); if ($GLOBALS['TL_CONFIG']['be_changelog_src'] == '') { return ''; } $strFile = file_get_contents($GLOBALS['TL_CONFIG']['be_changelog_src']); if ($strFile == '') { return ''; } $objJson = json_decode($strFile); $objTemplate = new \BackendTemplate('be_changelog'); $objTemplate->strTitle = 'Changelog'; $arrEntries = array(); foreach ($objJson as $objEntry) { $objTemplateEntry = new \BackendTemplate('be_changelog_entry'); $objTemplateEntry->strCssClass = $objUser->lastLogin > $objEntry->timestamp ? '' : ' tl_info'; $objTemplateEntry->strDate = \Date::parse(\Config::get('datimFormat'), $objEntry->timestamp); $objTemplateEntry->strVersion = $objEntry->version; $objTemplateEntry->strEntries = '<li style="padding-bottom: 5px;">' . implode('</li><li style="padding-bottom: 5px;">', $objEntry->entries) . '</li>'; $arrEntries[$objEntry->timestamp] = $objTemplateEntry->parse(); } krsort($arrEntries); $objTemplate->strEntries = implode('', $arrEntries); return $objTemplate->parse(); }
/** * Initialize the object */ public function __construct() { \BackendUser::getInstance()->authenticate(); parent::__construct(); $this->loadLanguageFile('default'); $this->objSyncCtoHelper = SyncCtoHelper::getInstance(); $this->initGetParams(); }
/** * Initialize the controller. * * The workflow is: * 1. Import user. * 2. Call parent constructor * 3. Authenticate user * 4. Load language files * DO NOT CHANGE THIS ORDER! */ public function __construct() { $this->User = \BackendUser::getInstance(); parent::__construct(); $this->User->authenticate(); $this->loadLanguageFile('default'); $this->loadLanguageFile('modules'); }
public function getGlobals() { $globals = array('REQUEST_TOKEN' => REQUEST_TOKEN, '_session' => new ContaoTwigGlobalAccessObject('_SESSION'), '_lang' => new ContaoTwigGlobalAccessObject('TL_LANG'), '_dca' => new ContaoTwigGlobalAccessObject('TL_DCA'), '_config' => new ContaoTwigGlobalAccessObject('TL_CONFIG'), '_env' => new ContaoTwigEnvironmentAccessObject(), '_referer' => new ContaoTwigRefererAccessObject(), '_db' => Database::getInstance(), '_page' => $GLOBALS['objPage'], '_member' => TL_MODE == 'FE' && FE_USER_LOGGED_IN ? FrontendUser::getInstance() : false, '_user' => TL_MODE == 'BE' && BE_USER_LOGGED_IN ? BackendUser::getInstance() : false); if (version_compare(VERSION, '3.1', '>=')) { $globals['REFERER_ID'] = TL_REFERER_ID; } return $globals; }
/** * Adds first steps and fundraising hints */ protected function addIntroduction(&$return) { if (\BackendUser::getInstance()->isAdmin) { $objTemplate = new \BackendTemplate('be_iso_introduction'); $return['introduction']['label'] =& $GLOBALS['TL_LANG']['MSC']['isotopeIntroductionLegend']; $return['introduction']['html'] = $objTemplate->parse(); } }
/** * Generate the module * @return string */ public function generate() { if (!\BackendUser::getInstance()->isAdmin) { return '<p class="tl_gerror">' . $GLOBALS['TL_LANG']['tl_iso_integrity']['permission'] . '</p>'; } \System::loadLanguageFile('tl_iso_integrity'); return parent::generate(); }
/** * Return the send button * * @param array * @param string * @param string * @param string * @param string * @param string * * @return string */ public function sendMessageButton($href, $label, $title, $icon, $attributes) { $user = \BackendUser::getInstance(); if (!($user->isAdmin || $user->hasAccess('send', 'avisota_newsletter_permissions'))) { $label = $GLOBALS['TL_LANG']['orm_avisota_message']['view_only'][0]; $title = $GLOBALS['TL_LANG']['orm_avisota_message']['view_only'][1]; } return '   ::   <a href="' . $this->addToUrl($href . '&id=' . $this->Input->get('id')) . '" title="' . specialchars($title) . '"' . $attributes . ' class="header_send">' . $label . '</a> '; }
/** * Get the current Contao user. * * @return \BackendUser|\FrontendUser|null */ public static function getUser() { if (TL_MODE == 'BE') { return \BackendUser::getInstance(); } elseif (TL_MODE == 'FE') { return \FrontendUser::getInstance(); } return null; }
/** * Initialize the controller. * * Sequence is: * 1. Import the user. * 2. Call the parent constructor * 3. Authenticate the user * 4. Load the language files * DO NOT CHANGE THIS ORDER! */ public function __construct() { \BackendUser::getInstance(); \Config::getInstance(); \Session::getInstance(); \Database::getInstance(); \BackendUser::getInstance()->authenticate(); \System::loadLanguageFile('default'); \Backend::setStaticUrls(); }
/** * Constructor */ public function __construct() { parent::__construct(); $this->objBackendUser = BackendUser::getInstance(); // Check if we have 'BackendUserHistory' if (in_array('backendUserHistory', Config::getInstance()->getActiveModules())) { $this->blnUserBackendHistory = true; $this->objBackendHistory = BackendUserHistory::getInstance(); } }
/** * @param $strType * @param null $strForceLanguage */ public function __construct($strType, $strForceLanguage = null) { if (in_array($strType, $GLOBALS['TL_EMAIL'])) { $this->strType = $strType; } $this->strForceLanguage = $strForceLanguage; // Set default parameters $this->addParameter('host', \Idna::decode(\Environment::get('host'))); $this->addParameter('admin_name', \BackendUser::getInstance()->name); }
/** * check if font awesome is active * * @return bool */ public function isActive() { if (TL_MODE != 'BE' || TL_SCRIPT === 'contao/install.php') { return false; } if ($this->isActive === null) { \BackendUser::getInstance()->authenticate(); $this->isActive = $GLOBALS['TL_CONFIG']['requireFontAwesome'] || $GLOBALS['TL_CONFIG']['forceFontAwesome'] || \BackendUser::getInstance()->useFontAwesome == '1'; } return $this->isActive; }
/** * Returns the proper user object for the current context. * * @return BackendUser|FrontendUser|null the BackendUser when TL_MODE == 'BE', the FrontendUser when TL_MODE == 'FE' or null otherwise */ protected static function getUser() { if (TL_MODE == 'BE') { return BackendUser::getInstance(); } else { if (TL_MODE == 'FE') { return FrontendUser::getInstance(); } } return null; }
/** * Constructor */ public function __construct() { $this->BackendUser = BackendUser::getInstance(); parent::__construct(); $this->Encryption = Encryption::getInstance(); $this->Config = Config::getInstance(); $this->objSyncCtoFiles = SyncCtoFiles::getInstance(); $this->objSyncCtoDatabase = SyncCtoDatabase::getInstance(); $this->objSyncCtoHelper = SyncCtoHelper::getInstance(); $this->loadLanguageFile("default"); $this->arrDebug = array(); }
/** * Add the source options depending on the allowed fields * * @param array $arrOptions * @param \DataContainer $dc * * @return array */ public function addSourceOptions(array $arrOptions = array(), \DataContainer $dc) { if (\BackendUser::getInstance()->isAdmin) { $arrOptions[] = 'modal'; return $arrOptions; } // Add the "modal" option if (\BackendUser::getInstance()->hasAccess('tl_disclaimer::modal', 'alexf')) { $arrOptions[] = 'modal'; } return $arrOptions; }
/** * Get the page cache service. * * @return PageCache */ public function service() { if ($this->service === null) { // Create the Contao stack. Why isn't is part of system/initialize.php? if (TL_MODE === 'FE') { \FrontendUser::getInstance(); } else { \BackendUser::getInstance(); } $this->service = new PageCache(Database::getInstance(), Files::getInstance()); } return $this->service; }
public function outputBackendTemplate($content, $template) { $objUser = \BackendUser::getInstance(); if ($objUser->username != '' && \Environment::get('script') == 'contao/main.php') { $objTemplate = new \BackendTemplate('be_formbox_button'); $objTemplate->strButtonText = $GLOBALS['TL_CONFIG']['be_formbox_button_text']; $objTemplate->strLink = 'contao/main.php?do=undo&key=be-formbox&popup=1&nb=1&rt=' . REQUEST_TOKEN . '&link=' . base64_encode(\Environment::get('request')); if (!\Input::get('popup')) { $content = preg_replace('~<body[^>]*>~', '$0' . $objTemplate->parse(), $content); } $content = str_replace('</head>', '<link rel="stylesheet" href="system/modules/be-formbox/assets/css/backend.css"></head>', $content); } return $content; }