function doedit() { $fname = string::hstripslashes(str_replace('*', '.', $this->get[2])); $dir = str_replace('*', '.', $this->get[3]); if ($this->post['fname'] != "") { $fname = $this->post['fname']; } if ($this->post['dir'] != "") { $dir = $this->post['dir']; } if (!is_writeable($fname)) { $this->message($this->view->lang['file'] . ' ' . $fname . ' ' . $this->view->lang['cannot_write_edit_online']); } if ($this->post['dosubmit']) { $content = $this->post['content']; if ($content) { $content = str_replace(array('\\n', '\\r'), array(chr(10), chr(13)), $content); } file_put_contents($fname, stripslashes($content)); $this->message($this->view->lang['operation_success'], "index.php?admin_filemanager-default-" . urlencode($dir)); } else { $content = file_get_contents($fname); $filemtime = date("Y-m-d H:i:s", filemtime($fname)); $this->view->assign("fname", $fname); $this->view->assign("dir", $dir); $this->view->assign("content", $content); $this->view->display('admin_fileedit'); } }
function dosavetemp() { //将参数写入临时文件,等待模板“保存修改”时调用参数,存入到数据库。 $iseidt = isset($this->post['bid']); //编辑时 $bid = $iseidt ? $this->post['bid'] : uniqid('hd'); file_exists($this->tempfile) && (include $this->tempfile); if (strtoupper(WIKI_CHARSET) == 'GBK' && isset($this->post['params'])) { //ajax在gbk下传过来的值是utf8的,所以gbk下需要转码。 //array_walk($this->post['params'],string::hiconv()); foreach ($this->post['params'] as $key => $val) { $this->post['params'][$key] = string::hiconv($val); } } $this->post = string::hstripslashes($this->post); if ($this->post['tplcontent']) { $tplc = $this->post['tplcontent']; unset($this->post['tplcontent']); } if ($iseidt) { if (is_numeric($bid)) { //如果是数字,则有可能是第一次编辑,临时表中,并没有他的数据。那么交给get_setting去处理。 $data = $_ENV['theme']->get_setting($bid); $temp[$bid]['block'] = $data['block']; $temp[$bid]['fun'] = $data['fun']; } $temp[$bid]['params'] = $this->post['params']; $cls = $temp[$bid]['block']; $fun = $temp[$bid]['fun']; } else { $cls = $this->post['block']; $fun = $this->post['fun']; $temp[$bid] = $this->post; } $contents = '<?php $temp='; $contents .= var_export($temp, true) . ' ?>'; file::writetofile($this->tempfile, $contents); $this->view->setlang($this->setting['lang_name'], 'front'); //得到数据 $blockfile = $_ENV['global']->block_file($GLOBALS['theme'], "/{$cls}/{$cls}.php"); if (is_file($blockfile)) { include_once $blockfile; $obj = new $cls($this); if (method_exists($obj, $fun)) { $blockdata = $obj->{$fun}($this->post['params']); } else { $blockdata = array(); } } //将数据赋值给模板。显示替换上数据的html代码。 $this->view->assign('bid', $bid); $this->view->assign('data', $blockdata); //2010-11-8模板代码编辑将文件内容写入临时文件,目的是给下面的预览时模板调用使用。 $tplfile = HDWIKI_ROOT . "/data/tmp/" . $GLOBALS['theme'] . ".{$cls}.{$fun}.htm"; isset($tplc) && file::writetofile($tplfile, $tplc); if (file_exists($tplfile)) { $tplfile = "file://data/tmp/" . $GLOBALS['theme'] . ".{$cls}.{$fun}"; } else { if (!file_exists(HDWIKI_ROOT . '/block/' . $GLOBALS['theme'] . "/{$cls}/{$fun}.htm")) { $tplfile = "file://block/default/{$cls}/{$fun}"; } else { $tplfile = 'file://block/' . $GLOBALS['theme'] . "/{$cls}/{$fun}"; } } $this->view->display($tplfile); }
function donoticemail() { if (!isset($this->post['submit'])) { if (isset($this->setting['noticemail']) && isset($this->setting['noticemailtpl'])) { $config = unserialize($this->setting['noticemail']); $this->view->assign('doc_create', explode(',', $config['doc-create'])); $this->view->assign('doc_edit', explode(',', $config['doc-edit'])); $this->view->assign('comment_add', explode(',', $config['comment_add'])); $configtpl = unserialize($this->setting['noticemailtpl']); $this->view->assign('noticemailtpl', $configtpl); } else { $this->view->assign('doc_create', array()); $this->view->assign('doc_edit', array()); } $this->load('usergroup'); $groups = $_ENV['usergroup']->get_all_list(-1, 'type asc'); $this->view->assign('groups', $groups); $this->view->display("admin_noticemail"); } else { $config['noticemail'] = serialize(array('doc-create' => empty($this->post['doc-create']) ? '' : implode(',', $this->post['doc-create']), 'doc-edit' => empty($this->post['doc-edit']) ? '' : implode(',', $this->post['doc-edit']), 'comment_add' => empty($this->post['comment_add']) ? '' : implode(',', $this->post['comment_add']))); $this->post['noticemailtpl'] = string::hstripslashes($this->post['noticemailtpl']); // foreach($this->post['noticemailtpl'] as $key => $val) { //由于已经在base里执行了 addslashes,此处必须先去掉slashes // $this->post['noticemailtpl'][$key] = stripslashes($val); // } $config['noticemailtpl'] = addslashes(serialize($this->post['noticemailtpl'])); $_ENV['setting']->update_setting($config); $this->cache->removecache('setting'); $this->message($this->view->lang['commonSuccess'], 'BACK'); } }
function editsql($datacall) { if (empty($datacall)) { return false; } else { $datacall['desc'] = !trim($datacall['desc']) ? $this->base->view->lang['sqlcall'] : trim($datacall['desc']); $datacall['desc'] = string::substring($datacall['desc'], 0, 80); $datacall['param']['tplcode'] = !trim($datacall['param']['tplcode']) ? '' : trim($datacall['param']['tplcode']); $datacall['param']['empty_tplcode'] = !trim($datacall['param']['empty_tplcode']) ? '' : trim($datacall['param']['empty_tplcode']); $param_str = string::haddslashes(serialize(string::hstripslashes($datacall['param'])), 1); $classname = 'sql'; $function = 'sql'; $type = 'sql'; if (isset($datacall['editflag'])) { $sql = "UPDATE `" . DB_TABLEPRE . "datacall` SET "; $sql .= "`name`='" . $datacall['name'] . "',`category`='" . $datacall['category'] . "', `classname`='" . $classname . "', `function`='" . $function . "', `desc`='" . $datacall['desc'] . "', `param`='" . $param_str . "', `cachetime`='" . $datacall['cachetime'] . "'"; $sql .= " WHERE `id`='" . $datacall['id'] . "'"; } else { $sql = 'INSERT INTO ' . DB_TABLEPRE . 'datacall (`name`,`type`, `category`, `classname`, `function`, `desc`, `param`, `cachetime`) '; $sql .= " SELECT '" . $datacall['name'] . "','" . $type . "','" . $datacall['category'] . "','" . $classname . "','" . $function . "', "; $sql .= "'" . $datacall['desc'] . "', '" . $param_str . "', '" . $datacall['cachetime'] . "'"; $sql .= " FROM dual WHERE not exists (SELECT * FROM " . DB_TABLEPRE . "datacall WHERE name= '" . $datacall['name'] . "' )"; } return $this->db->query($sql); } }