function Finder() { global $page, $config, $dataDir; $page->head .= "\n" . '<link rel="stylesheet" type="text/css" media="screen" href="' . common::GetDir('/include/thirdparty/finder/css/finder.css') . '">'; $page->head .= "\n" . '<link rel="stylesheet" type="text/css" media="screen" href="' . common::GetDir('/include/thirdparty/finder/style.css') . '">'; $page->head .= "\n" . '<script type="text/javascript" src="' . common::GetDir('/include/thirdparty/finder/js/finder.js') . '"></script>'; $page->head .= "\n" . '<script type="text/javascript" src="' . common::GetDir('/include/thirdparty/finder/config.js') . '"></script>'; echo '<div id="finder"></div>'; common::LoadComponents('selectable,draggable,droppable,resizable,dialog,slider,button'); //get the finder language $language = $config['langeditor']; if ($language == 'inherit') { $language = $config['language']; } $lang_file = '/include/thirdparty/finder/js/i18n/' . $language . '.js'; $lang_full = $dataDir . $lang_file; if (file_exists($lang_full)) { $page->head .= "\n" . '<script type="text/javascript" src="' . common::GetDir($lang_file) . '"></script>'; } else { $language = 'en'; } $this->finder_opts['lang'] = $language; $this->finder_opts['customData']['verified'] = common::new_nonce('post', true); $this->finder_opts['uiOptions'] = array('toolbar' => array(array('back', 'forward', 'up', 'reload'), array('home', 'netmount'), array('mkdir', 'upload'), array('open', 'download', 'getfile'), array('info'), array('quicklook'), array('copy', 'cut', 'paste'), array('rm'), array('duplicate', 'rename', 'edit', 'resize'), array('extract', 'archive'), array('search'), array('view', 'sort'), array('help')), 'tree' => array('openRootOnLoad' => true, 'syncTree' => true), 'navbar' => array('minWidth' => 150, 'maxWidth' => 500), 'cwd' => array('oldSchool' => false)); $this->FinderPrep(); $this->finder_opts = gpPlugin::Filter('FinderOptionsClient', array($this->finder_opts)); gpSettingsOverride('finder_options_client', $this->finder_opts); $page->head_script .= "\n" . 'var finder_opts = ' . json_encode($this->finder_opts) . ';'; }
public static function getStuff() { $config = self::getConfig(); if (common::LoggedIn()) { if ($config['wysiwygEnabled']) { global $addonPathCode, $page; require_once $addonPathCode . "/Renderer.php"; $renderer = new Renderer($config, $addonPathCode . "/lib/parsedown"); print $renderer->render($_REQUEST['content']); //haha, very secure. NOT! $nonce_str = 'EasyMark4Life!'; //TODO: sanitize $config stuff //"stuff" is defined in edit.js print "<script>"; print "var nonceStr = '" . $nonce_str . "';"; print "var postNonce = '" . common::new_nonce('post', true) . "';"; print "setTimeout(stuff, " . htmlspecialchars($config['wysiwygDelay']) . "*1000);"; print "</script>"; // cleanup old page object unset($page); } } else { print "Have to be logged in to use this feature"; } }
function LoginForm() { global $langmessage; $_REQUEST += array('file' => ''); echo '<div id="loginform">'; echo '<div id="login_timeout" class="nodisplay">Log in Timeout: ' . common::Link('Admin', 'Reload to continue...') . '</div>'; echo '<form action="' . common::GetUrl('Admin') . '" method="post" id="login_form">'; echo '<input type="hidden" name="file" value="' . htmlspecialchars($_REQUEST['file']) . '">'; //for redirection echo '<div>'; echo '<input type="hidden" name="cmd" value="login" />'; echo '<input type="hidden" name="login_nonce" value="' . htmlspecialchars(common::new_nonce('login_nonce', true, 300)) . '" />'; echo '</div>'; echo '<p class="login_text">'; echo '<input type="text" name="username" value="' . htmlspecialchars($_POST['username']) . '" placeholder="' . htmlspecialchars($langmessage['username']) . '" />'; echo '<input type="hidden" name="user_sha" value="" />'; echo '</p>'; echo '<p class="login_text">'; echo '<input type="password" class="password" name="password" value="" placeholder="' . htmlspecialchars($langmessage['password']) . '"/>'; echo '<input type="hidden" name="pass_md5" value="" />'; echo '<input type="hidden" name="pass_sha" value="" />'; echo '<input type="hidden" name="pass_sha512" value="" />'; echo '</p>'; echo '<p>'; echo '<input type="submit" class="login_submit" value="' . $langmessage['login'] . '" />'; echo ' '; echo common::Link('', $langmessage['cancel']); echo '</p>'; echo '<p>'; echo '<label>'; echo '<input type="checkbox" name="remember" ' . $this->checked('remember') . '/> '; echo '<span>' . $langmessage['remember_me'] . '</span>'; echo '</label> '; echo '<label>'; echo '<input type="checkbox" name="encrypted" ' . $this->checked('encrypted') . '/> '; echo '<span>' . $langmessage['send_encrypted'] . '</span>'; echo '</label>'; echo '</p>'; echo '<div>'; echo '<label>'; $url = common::GetUrl('Admin', 'cmd=forgotten'); echo sprintf($langmessage['forgotten_password'], $url); echo '</label>'; echo '</div>'; echo '</form>'; echo '</div>'; }
private function renderContent() { if (common::LoggedIn()) { if ($this->settings['wysiwygEnabled']) { global $addonPathCode, $page; require_once $addonPathCode . "/Renderer.php"; $renderer = new Renderer($this->settings, $addonPathCode . "/lib/parsedown"); print $renderer->render($_REQUEST['content']); //haha, very secure. NOT! $nonce_str = 'EasyMark4Life!'; //TODO: sanitize $config stuff //"getPostResponseEasyMark" is defined in edit.js print "<script>"; print "var postNonce = '" . common::new_nonce('post', true) . "';"; print "setTimeout(gp_editor.getPostResponseEasyMark, " . htmlspecialchars($this->settings['wysiwygDelay']) . "*1000);"; print "</script>"; // cleanup old page object unset($page); } } else { print "Have to be logged in to use this feature"; } }
/** * Prepare and output any inline Javascript for the current page * @static */ static function GetHead_InlineJS() { global $page, $linkPrefix, $GP_INLINE_VARS; ob_start(); if (gpdebugjs) { if (is_string(gpdebugjs)) { $GP_INLINE_VARS['debugjs'] = 'send'; } else { $GP_INLINE_VARS['debugjs'] = true; } } if (common::LoggedIn()) { $GP_INLINE_VARS += array('isadmin' => true, 'gpBLink' => common::HrefEncode($linkPrefix, false), 'post_nonce' => common::new_nonce('post', true)); gpsession::GPUIVars(); } if (count($GP_INLINE_VARS) > 0) { echo 'var '; $comma = ''; foreach ($GP_INLINE_VARS as $key => $value) { echo $comma . $key . '=' . json_encode($value); $comma = ','; } echo ';'; } $inline = ob_get_clean(); if (!empty($inline)) { echo "\n<script>\n" . $inline . "\n</script>"; } ob_start(); echo $page->head_script; if (!empty($page->jQueryCode)) { echo '$(function(){'; echo $page->jQueryCode; echo '});'; } $inline = ob_get_clean(); $inline = ltrim($inline); if (!empty($inline)) { echo "\n<script>\n" . $inline . "\n</script>\n"; } }
static function GetUrl($href = '', $query = '', $ampersands = true, $nonce_action = false) { global $linkPrefix, $config; $filtered = gpPlugin::Filter('GetUrl', array(array($href, $query))); if (is_array($filtered)) { list($href, $query) = $filtered; } $href = common::SpecialHref($href); //home page link if (isset($config['homepath']) && $href == $config['homepath']) { $href = $linkPrefix; if (!$_SERVER['gp_rewrite']) { $href = common::DirName($href); } $href = rtrim($href, '/') . '/'; } else { $href = $linkPrefix . '/' . ltrim($href, '/'); } $query = common::QueryEncode($query, $ampersands); if ($nonce_action) { $nonce = common::new_nonce($nonce_action); if (!empty($query)) { $query .= '&'; //in the cases where $ampersands is false, nonces are not used } $query .= '_gpnonce=' . $nonce; } if (!empty($query)) { $query = '?' . ltrim($query, '?'); } return common::HrefEncode($href, $ampersands) . $query; }
function LoginForm() { global $langmessage, $gp_index, $page; $page->head .= "\n<script type=\"text/javascript\">var IE_LT_8 = false;</script><!--[if lt IE 8]>\n<script type=\"text/javascript\">IE_LT_8=true;</script>\n<![endif]-->"; $page->head_js[] = '/include/js/login.js'; $page->head_js[] = '/include/js/md5_sha.js'; $page->css_admin[] = '/include/css/login.css'; $_POST += array('username' => ''); $page->admin_js = true; includeFile('tool/sessions.php'); gpsession::cookie('g', 2); $action = 'Admin_Main'; if (isset($_REQUEST['file']) && isset($gp_index[$_REQUEST['file']])) { $action = $_REQUEST['file']; } echo '<div class="req_script nodisplay" id="login_container">'; echo '<div id="browser_warning" class="nodisplay">'; echo '<div><b>' . $langmessage['Browser Warning'] . '</b></div>'; echo '<p>'; echo $langmessage['Browser !Supported']; echo '</p>'; echo '<p>'; echo '<a href="http://www.mozilla.com/">Firefox</a>'; echo '<a href="http://www.google.com/chrome">Chrome</a>'; echo '<a href="http://www.apple.com/safari">Safari</a>'; echo '<a href="http://www.microsoft.com/windows/internet-explorer/default.aspx">Explorer</a>'; echo '</p>'; echo '</div>'; echo '<div id="loginform">'; echo '<p><b>' . $langmessage['LOGIN_REQUIRED'] . '</b></p>'; echo '<div id="login_timeout" class="nodisplay">Log in Timeout: ' . common::Link('Admin_Main', 'Reload to continue...') . '</div>'; echo '<form action="' . common::GetUrl($action) . '" method="post" id="login_form">'; echo '<div>'; echo '<input type="hidden" name="cmd" value="login" />'; if (isset($_REQUEST['file']) && isset($gp_index[$_REQUEST['file']])) { echo '<input type="hidden" name="file" value="' . htmlspecialchars($_REQUEST['file']) . '" />'; } echo '<input type="hidden" name="login_nonce" value="' . htmlspecialchars(common::new_nonce('login_nonce', true, 300)) . '" />'; echo '</div>'; echo '<label>'; echo $langmessage['username']; echo '<input type="text" class="login_text" name="username" value="' . htmlspecialchars($_POST['username']) . '" />'; echo '<input type="hidden" name="user_sha" value="" />'; echo '</label>'; echo '<label>'; echo $langmessage['password']; echo '<input type="password" class="login_text password" name="password" value="" />'; echo '<input type="hidden" name="pass_md5" value="" />'; echo '<input type="hidden" name="pass_sha" value="" />'; echo '</label>'; echo '<input type="submit" class="login_submit" name="aa" value="' . $langmessage['login'] . '" />'; echo '<p>'; echo '<label>'; echo '<input type="checkbox" name="remember" ' . $this->checked('remember') . '/> '; echo '<span>' . $langmessage['remember_me'] . '</span>'; echo '</label> '; echo '<label>'; echo '<input type="checkbox" name="encrypted" ' . $this->checked('encrypted') . '/> '; echo '<span>' . $langmessage['send_encrypted'] . '</span>'; echo '</label>'; echo '</p>'; echo '<p>'; echo '<label>'; $url = common::GetUrl('Admin', 'cmd=forgotten'); echo sprintf($langmessage['forgotten_password'], $url); echo '</label>'; echo '</p>'; echo '</form>'; echo '</div>'; echo '</div>'; echo '<div class="without_script" id="javascript_warning">'; echo '<p><b>' . $langmessage['JAVASCRIPT_REQ'] . '</b></p>'; echo '<p>'; echo $langmessage['INCOMPAT_BROWSER']; echo ' '; echo $langmessage['MODERN_BROWSER']; echo '</p>'; echo '</div>'; }
/** * Perform admin only changes to the content buffer * */ function AdminBuffer($buffer) { global $gp_random, $wbErrorBuffer, $gp_admin_html; $nonce = common::new_nonce('post', true); // Add a generic admin nonce field to each post form // Admin nonces are also added with javascript if needed $count = preg_match_all('#<form[^<>]+method=[\'"]post[\'"][^<>]+>#i', $buffer, $matches); if ($count) { $matches[0] = array_unique($matches[0]); foreach ($matches[0] as $match) { //make sure it's a local action if (preg_match('#action=[\'"]([^\'"]+)[\'"]#i', $match, $sub_matches)) { $action = $sub_matches[1]; if (substr($action, 0, 2) === '//') { continue; } elseif (strpos($action, '://')) { continue; } } $replacement = $match . '<span class="nodisplay"><input type="hidden" name="verified" value="' . $nonce . '"/></span>'; $buffer = str_replace($match, $replacement, $buffer); } } //add error notice if there was a fatal error if (!gpdebug && function_exists('error_get_last')) { //check for fatal error $fatal_errors = array(E_ERROR, E_PARSE); $last_error = error_get_last(); if (is_array($last_error) && in_array($last_error['type'], $fatal_errors)) { showError($last_error['type'], $last_error['message'], $last_error['file'], $last_error['line'], false); $buffer .= '<p>An error occurred while generating this page.<p> ' . '<p>If you are the site administrator, you can troubleshoot the problem turning debugging "on" or bypass it by enabling safe mode.</p>' . '<p>More information is available in the <a href="http://docs.gpeasy.com/Main/Troubleshooting">gpEasy documentation</a>.</p>' . common::ErrorBuffer(true, false); } } //add $gp_admin_html to the document if (strlen($gp_admin_html)) { $pos = false; $pos_admin_html = strpos($buffer, 'id="gp_admin_html"'); $pos_body = strpos($buffer, '<body'); if ($pos_admin_html !== false) { $pos = $pos_admin_html; } elseif ($pos_body !== false) { $gp_admin_html = '<div id="gp_admin_html" class="a2">' . $gp_admin_html . '</div>'; $pos = $pos_body; } if ($pos !== false) { $pos = strpos($buffer, '>', $pos); $buffer = substr_replace($buffer, $gp_admin_html, $pos + 1, 0); } } return $buffer; }
/** * Output single comment * */ private function OutputComment($key, $comment) { global $langmessage; echo '<div class="comment_area">'; echo '<p class="name">'; if (SimpleBlogCommon::$data['commenter_website'] == 'nofollow' && !empty($comment['website'])) { echo '<b><a href="' . $comment['website'] . '" rel="nofollow">' . $comment['name'] . '</a></b>'; } elseif (SimpleBlogCommon::$data['commenter_website'] == 'link' && !empty($comment['website'])) { echo '<b><a href="' . $comment['website'] . '">' . $comment['name'] . '</a></b>'; } else { echo '<b>' . $comment['name'] . '</b>'; } echo ' '; echo '<span>'; echo strftime(SimpleBlogCommon::$data['strftime_format'], $comment['time']); echo '</span>'; if (common::LoggedIn()) { echo ' '; $attr = 'class="delete gpconfirm" title="' . $langmessage['delete_confirm'] . '" name="postlink" data-nonce= "' . common::new_nonce('post', true) . '"'; echo SimpleBlogCommon::PostLink($this->post_id, $langmessage['delete'], 'cmd=delete_comment&comment_index=' . $key, $attr); } echo '</p>'; echo '<p class="comment">'; echo $comment['comment']; echo '</p>'; echo '</div>'; }
/** * Perform admin only changes to the content buffer * This will happen before gpOutput::BufferOut() * */ static function AdminBuffer($buffer) { global $wbErrorBuffer, $gp_admin_html; //check for html document $html_doc = true; if (strpos($buffer, '<!-- get_head_placeholder ' . gp_random . ' -->') === false) { $html_doc = false; } // Add a generic admin nonce field to each post form // Admin nonces are also added with javascript if needed $count = preg_match_all('#<form[^<>]*method=[\'"]post[\'"][^<>]*>#i', $buffer, $matches); if ($count) { $nonce = common::new_nonce('post', true); $matches[0] = array_unique($matches[0]); foreach ($matches[0] as $match) { //make sure it's a local action if (preg_match('#action=[\'"]([^\'"]+)[\'"]#i', $match, $sub_matches)) { $action = $sub_matches[1]; if (substr($action, 0, 2) === '//') { continue; } elseif (strpos($action, '://')) { continue; } } $replacement = '<span class="nodisplay"><input type="hidden" name="verified" value="' . $nonce . '"/></span>'; $pos = strpos($buffer, $match) + strlen($match); $buffer = substr_replace($buffer, $replacement, $pos, 0); } } //add $gp_admin_html to the document $pos_body = strpos($buffer, '</body'); if ($html_doc && $pos_body) { $buffer = substr_replace($buffer, "\n<div id=\"gp_admin_html\">" . $gp_admin_html . gpOutput::$editlinks . "</div><div id=\"gp_admin_fixed\"></div>\n", $pos_body, 0); } return $buffer; }
/** * Show the comment form * */ function CommentForm($showCaptcha = false) { $_POST += array('name' => '', 'website' => 'http://', 'comment' => ''); echo '<div class="easy_comment_form">'; echo '<h3>'; echo gpOutput::GetAddonText('Leave Comment'); echo '</h3>'; echo '<form method="post" action="' . common::GetUrl($this->current_title) . '">'; echo '<table>'; echo '<tr>'; echo '<td>'; echo '<div>'; echo gpOutput::GetAddonText('Name'); echo '</div>'; echo '<input type="text" name="name" class="text" value="' . htmlspecialchars($_POST['name']) . '" />'; echo '</td>'; echo '</tr>'; if (!empty($this->config['commenter_website'])) { echo '<tr>'; echo '<td>'; echo '<div>'; echo gpOutput::GetAddonText('Website'); echo '</div>'; echo '<input type="text" name="website" class="text" value="' . htmlspecialchars($_POST['website']) . '" />'; echo '</td>'; echo '</tr>'; } echo '<tr>'; echo '<td>'; echo '<div>'; echo gpOutput::GetAddonText('Comment'); echo '</div>'; echo '<textarea name="comment" cols="30" rows="7" >'; echo htmlspecialchars($_POST['comment']); echo '</textarea>'; echo '</td>'; echo '</tr>'; if ($this->config['comment_captcha'] && gp_recaptcha::isActive()) { echo '<tr>'; echo '<td>'; echo '<div>'; echo gpOutput::GetAddonText('captcha'); echo '</div>'; gp_recaptcha::Form(); echo '</td></tr>'; } echo '<tr>'; echo '<td>'; echo '<input type="hidden" name="nonce" value="' . htmlspecialchars(common::new_nonce('easy_comments:' . count($this->comment_data), true)) . '" />'; echo '<input type="hidden" name="cmd" value="easy_comment_add" />'; $html = '<input type="submit" name="" class="submit" value="%s" />'; echo gpOutput::GetAddonText('Add Comment', $html); echo '</td>'; echo '</tr>'; echo '</table>'; echo '</form>'; echo '</div>'; }
/** * Prepare and output any inline Javascript for the current page * @static */ function GetHead_InlineJS() { global $page, $linkPrefix; ob_start(); if (gpdebugjs) { echo 'var debugjs=true;'; } if (common::LoggedIn()) { echo 'var isadmin=true'; echo ',gpBLink="' . common::HrefEncode($linkPrefix) . '"'; //here because of index.php gpsession::GPUIVars(); if (!admin_tools::CanRemoteInstall()) { echo ',gpRem=false'; } echo ',post_nonce="' . common::new_nonce('post', true) . '"'; echo ';'; gpOutput::GP_STYLES(); } echo $page->head_script; if (!empty($page->jQueryCode)) { echo '$(function(){'; echo $page->jQueryCode; echo '});'; } $inline = ob_get_clean(); if (!empty($inline)) { echo "\n<script type=\"text/javascript\">/* <![CDATA[ */\n"; echo $inline; echo "\n/* ]]> */</script>"; } }
function GetUrl($href = '', $query = '', $ampersands = true, $nonce_action = false) { global $linkPrefix, $config, $gp_index; //translate special pages from key to title if (!isset($gp_index[$href]) && strpos($href, 'Special_') === 0 && ($index_title = common::IndexToTitle(strtolower($href)))) { $href = $index_title; } //home page link if (isset($config['homepath']) && $href == $config['homepath']) { $href = ''; } //redirects won't work with & $href = $linkPrefix . '/' . ltrim($href, '/'); if ($ampersands) { $href = common::Ampersands($href); $query = common::Ampersands($query); } if ($nonce_action) { $nonce = common::new_nonce($nonce_action); if (!empty($query)) { $query .= '&'; //in the cases where $ampersands is false, nonces are not used } $query .= '_gpnonce=' . $nonce; } if (!empty($query)) { $query = '?' . ltrim($query, '?'); } return common::HrefEncode($href) . $query; }
function ShowForm() { global $page, $langmessage, $config; $attr = ''; if ($this->sent) { $attr = ' readonly="readonly" '; } $_GET += array('name' => '', 'email' => '', 'subject' => '', 'message' => ''); $_POST += array('name' => $_GET['name'], 'email' => $_GET['email'], 'subject' => $_GET['subject'], 'message' => $_GET['message']); $require_email =& $config['require_email']; echo '<form class="contactform" action="' . common::GetUrl($page->title) . '" method="post">'; //nonce fields echo '<div style="display:none !important">'; echo '<input type="hidden" name="contact_nonce" value="' . htmlspecialchars(common::new_nonce('contact_post', true)) . '" />'; echo '<input type="text" name="contact_void" value="" />'; echo '</div>'; echo '<label for="contact_name"><span class="title">'; echo gpOutput::ReturnText('your_name'); echo '</span><input id="contact_name" class="input text" type="text" name="name" value="' . htmlspecialchars($_POST['name']) . '" ' . $attr . ' />'; echo '</label>'; echo '<label for="contact_email"><span class="title">'; echo gpOutput::ReturnText('your_email'); if (strpos($require_email, 'email') !== false) { echo '*'; } echo '</span><input id="contact_email" class="input text" type="text" name="email" value="' . htmlspecialchars($_POST['email']) . '" ' . $attr . '/>'; echo '</label>'; echo '<label for="contact_subject"><span class="title">'; echo gpOutput::ReturnText('subject'); if (strpos($require_email, 'none') === false) { echo '*'; } echo '</span><input id="contact_subject" class="input text" type="text" name="subject" value="' . htmlspecialchars($_POST['subject']) . '" ' . $attr . '/>'; echo '</label>'; echo '<label for="contact_message">'; echo gpOutput::ReturnText('message'); if (strpos($require_email, 'none') === false) { echo '*'; } echo '</label>'; echo '<textarea id="contact_message" name="message" ' . $attr . ' rows="10" cols="10">'; echo htmlspecialchars($_POST['message']); echo '</textarea>'; gpPlugin::Action('contact_form_pre_captcha'); if (!$this->sent && gp_recaptcha::isActive()) { echo '<div class="captchaForm">'; echo gpOutput::ReturnText('captcha'); gp_recaptcha::Form(); echo '</div>'; } if ($this->sent) { echo gpOutput::ReturnText('message_sent', '%s', 'message_sent'); } else { echo '<input type="hidden" name="cmd" value="gp_send_message" />'; $key = 'send_message'; $text = gpOutput::SelectText($key); if (gpOutput::ShowEditLink('Admin_Theme_Content')) { $query = 'cmd=edittext&key=' . urlencode($key); echo gpOutput::EditAreaLink($edit_index, 'Admin_Theme_Content', $langmessage['edit'], $query, ' title="' . $key . '" data-cmd="gpabox" '); echo '<input type="submit" class="submit editable_area" id="ExtraEditArea' . $edit_index . '" name="aaa" value="' . $text . '" />'; } else { echo '<input type="submit" class="submit" name="aaa" value="' . $text . '" />'; } } echo '</form>'; }