예제 #1
0
파일: plugin.php 프로젝트: fka2004/webkit
function user_can_access_admin_page()
{
    global $pagenow;
    global $menu;
    global $submenu;
    global $_wp_menu_nopriv;
    global $_wp_submenu_nopriv;
    global $plugin_page;
    global $_registered_pages;
    $parent = get_admin_page_parent();
    if (!isset($plugin_page) && isset($_wp_submenu_nopriv[$parent][$pagenow])) {
        return false;
    }
    if (isset($plugin_page)) {
        if (isset($_wp_submenu_nopriv[$parent][$plugin_page])) {
            return false;
        }
        $hookname = get_plugin_page_hookname($plugin_page, $parent);
        if (!isset($_registered_pages[$hookname])) {
            return false;
        }
    }
    if (empty($parent)) {
        if (isset($_wp_menu_nopriv[$pagenow])) {
            return false;
        }
        if (isset($_wp_submenu_nopriv[$pagenow][$pagenow])) {
            return false;
        }
        if (isset($plugin_page) && isset($_wp_submenu_nopriv[$pagenow][$plugin_page])) {
            return false;
        }
        if (isset($plugin_page) && isset($_wp_menu_nopriv[$plugin_page])) {
            return false;
        }
        foreach (array_keys($_wp_submenu_nopriv) as $key) {
            if (isset($_wp_submenu_nopriv[$key][$pagenow])) {
                return false;
            }
            if (isset($plugin_page) && isset($_wp_submenu_nopriv[$key][$plugin_page])) {
                return false;
            }
        }
        return true;
    }
    if (isset($plugin_page) && $plugin_page == $parent && isset($_wp_menu_nopriv[$plugin_page])) {
        return false;
    }
    if (isset($submenu[$parent])) {
        foreach ($submenu[$parent] as $submenu_array) {
            if (isset($plugin_page) && $submenu_array[2] == $plugin_page) {
                if (current_user_can($submenu_array[1])) {
                    return true;
                } else {
                    return false;
                }
            } else {
                if ($submenu_array[2] == $pagenow) {
                    if (current_user_can($submenu_array[1])) {
                        return true;
                    } else {
                        return false;
                    }
                }
            }
        }
    }
    foreach ($menu as $menu_array) {
        if ($menu_array[2] == $parent) {
            if (current_user_can($menu_array[1])) {
                return true;
            } else {
                return false;
            }
        }
    }
    return true;
}
 /**
  * Determine which menu item matches the currently open admin page.
  *
  * @uses self::$reverse_item_lookup
  * @return array|null Menu item in the internal format, or NULL if no matching item can be found.
  */
 private function get_current_menu_item()
 {
     if (!is_admin() || empty($this->reverse_item_lookup)) {
         if (!is_admin()) {
             $this->log_security_note('This is not an admin page. is_admin() returns false.');
         } else {
             if (empty($this->reverse_item_lookup)) {
                 $this->log_security_note('Warning: reverse_item_lookup is empty!');
             }
         }
         return null;
     }
     //The current menu item doesn't change during a request, so we can cache it
     //and avoid searching the entire menu every time.
     static $cached_item = null;
     if ($cached_item !== null) {
         return $cached_item;
     }
     //Find an item where *all* query params match the current ones, with as few extraneous params as possible,
     //preferring sub-menu items. This is intentionally more strict than what we do in menu-highlight-fix.js,
     //since this function is used to check menu access.
     //TODO: Use get_current_screen() to determine the current post type and taxonomy.
     $best_item = null;
     $best_extra_params = PHP_INT_MAX;
     $base_site_url = get_site_url();
     if (preg_match('@(^\\w+://[^/]+)@', $base_site_url, $matches)) {
         //Extract scheme + hostname.
         $base_site_url = $matches[1];
     }
     //Calling admin_url() once and then manually appending each page's path is measurably faster than calling it
     //for each menu, but it means the "admin_url" filter is only called once. If there is a plugin that changes
     //the admin_url for some pages but not others, this could lead to bugs (no such plugins are known at this time).
     $base_admin_url = admin_url();
     $admin_url_is_filtered = has_filter('admin_url');
     $current_url = $base_site_url . remove_query_arg('___ame_dummy_param___');
     $this->log_security_note(sprintf('Current URL: "%s"', htmlentities($current_url)));
     $current_url = $this->parse_url($current_url);
     //Hook-based submenu pages can be accessed via both "parent-page.php?page=foo" and "admin.php?page=foo".
     //WP has a private API function for determining the canonical parent page for the current request.
     if ($this->endsWith($current_url['path'], '/admin.php') && is_callable('get_admin_page_parent')) {
         $real_parent = get_admin_page_parent('admin.php');
         if (!empty($real_parent) && $real_parent !== 'admin.php') {
             $current_url['alt_path'] = str_replace('/admin.php', '/' . $real_parent, $current_url['path']);
         }
     }
     foreach ($this->reverse_item_lookup as $url => $item) {
         $item_url = $url;
         //Convert to absolute URL. Caution: directory traversal (../, etc) is not handled.
         if (strpos($item_url, '://') === false) {
             if (substr($item_url, 0, 1) == '/') {
                 $item_url = $base_site_url . $item_url;
             } else {
                 if ($admin_url_is_filtered) {
                     $item_url = admin_url($item_url);
                 } else {
                     $item_url = $base_admin_url . ltrim($item_url, '/');
                 }
             }
         }
         $item_url = $this->parse_url($item_url);
         //Must match scheme, host, port, user, pass and path or alt_path.
         $components = array('scheme', 'host', 'port', 'user', 'pass');
         $is_close_match = $this->urlPathsMatch($current_url['path'], $item_url['path']);
         if (!$is_close_match && isset($current_url['alt_path'])) {
             $is_close_match = $this->urlPathsMatch($current_url['alt_path'], $item_url['path']);
             //Technically, we should also compare current[path] vs item[alt_path],
             //but generating the alt_path for each menu item would be complicated.
         }
         foreach ($components as $component) {
             $is_close_match = $is_close_match && $current_url[$component] == $item_url[$component];
             if (!$is_close_match) {
                 break;
             }
         }
         //The current URL must match all query parameters of the item URL.
         $different_params = array_diff_assoc($item_url['params'], $current_url['params']);
         //The current URL must have as few extra parameters as possible.
         $extra_params = array_diff_assoc($current_url['params'], $item_url['params']);
         if ($is_close_match && count($different_params) == 0 && count($extra_params) < $best_extra_params) {
             $best_item = $item;
             $best_extra_params = count($extra_params);
         }
     }
     $cached_item = $best_item;
     return $best_item;
 }
function get_plugin_page_hookname($plugin_page, $parent_page)
{
    global $admin_page_hooks;
    $parent = get_admin_page_parent();
    if (empty($parent_page) || 'admin.php' == $parent_page) {
        if (isset($admin_page_hooks[$plugin_page])) {
            $page_type = 'toplevel';
        } else {
            if (isset($admin_page_hooks[$parent])) {
                $page_type = $admin_page_hooks[$parent];
            }
        }
    } else {
        if (isset($admin_page_hooks[$parent_page])) {
            $page_type = $admin_page_hooks[$parent_page];
        } else {
            $page_type = 'admin';
        }
    }
    $plugin_name = preg_replace('!\\.php!', '', $plugin_page);
    return $page_type . '_page_' . $plugin_name;
}
예제 #4
0
 *
 * @since MU
 *
 * @param string $parent_file The parent file.
 */
$parent_file = apply_filters('parent_file', $parent_file);
/**
 * Filter the file of an admin menu sub-menu item.
 *
 * @since 4.4.0
 *
 * @param string $submenu_file The submenu file.
 * @param string $parent_file  The submenu item's parent file.
 */
$submenu_file = apply_filters('submenu_file', $submenu_file, $parent_file);
get_admin_page_parent();
/**
 * Display menu.
 *
 * @access private
 * @since 2.7.0
 *
 * @global string $self
 * @global string $parent_file
 * @global string $submenu_file
 * @global string $plugin_page
 * @global string $typenow
 *
 * @param array $menu
 * @param array $submenu
 * @param bool  $submenu_as_parent
예제 #5
0
 /**
  * Generates the Shopp admin menus
  *
  * @author Jonathan Davis
  * @since 1.1
  *
  * @return void
  **/
 public function menus()
 {
     global $menu, $plugin_page;
     $access = 'shopp_menu';
     if (Shopp::maintenance()) {
         $access = 'manage_options';
     }
     // Add main menus
     $position = shopp_admin_add_menu(Shopp::__('Shopp'), 'orders', 40, false, 'shopp_orders', Shopp::clearpng());
     shopp_admin_add_menu(Shopp::__('Catalog'), 'products', $position, false, 'shopp_products', Shopp::clearpng());
     // Add after the Shopp menus to avoid being purged by the duplicate separator check
     $menu[$position - 1] = array('', 'read', 'separator-shopp', '', 'wp-menu-separator');
     // Add menus to WordPress admin
     foreach ($this->pages as $page) {
         $this->submenus($page);
     }
     $parent = get_admin_page_parent();
     if (isset($this->menus[$parent]) && false === strpos($this->menus[$parent], 'toplevel')) {
         $current_page = $plugin_page;
         $plugin_page = $parent;
         add_action('adminmenu', create_function('', 'global $plugin_page; $plugin_page = "' . $current_page . '";'));
     }
 }
예제 #6
0
function user_can_access_admin_page() {
	global $pagenow;
	global $menu;
	global $submenu;
	global $_wp_menu_nopriv;
	global $_wp_submenu_nopriv;
	global $plugin_page;

	$parent = get_admin_page_parent();

	if ( isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
		return false;

	if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
		return false;

	if ( empty( $parent) ) {
		if ( isset( $_wp_menu_nopriv[$pagenow] ) )
			return false;
		if ( isset( $_wp_submenu_nopriv[$pagenow][$pagenow] ) )
			return false;
		if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$pagenow][$plugin_page] ) )
			return false;
		foreach (array_keys( $_wp_submenu_nopriv ) as $key ) {
			if ( isset( $_wp_submenu_nopriv[$key][$pagenow] ) )
				return false;
			if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$key][$plugin_page] ) )
			return false;
		}
		return true;
	}

	if ( isset( $submenu[$parent] ) ) {
		foreach ( $submenu[$parent] as $submenu_array ) {
			if ( isset( $plugin_page ) && ( $submenu_array[2] == $plugin_page ) ) {
				if ( current_user_can( $submenu_array[1] ))
					return true;
				else
					return false;
			} else if ( $submenu_array[2] == $pagenow ) {
				if ( current_user_can( $submenu_array[1] ))
					return true;
				else
					return false;
			}
		}
	}

	foreach ( $menu as $menu_array ) {
		if ( $menu_array[2] == $parent) {
			if ( current_user_can( $menu_array[1] ))
				return true;
			else
				return false;
		}
	}

	return true;
}
예제 #7
0
 /**
  * Load CSS and JS files in wp-admin area
  *
  * @since 1.1
  */
 public static function dslc_load_scripts_admin($hook)
 {
     /* Check current screen id and set var accordingly */
     $current_screen = '';
     if ('post-new.php' === $hook || 'post.php' === $hook) {
         $current_screen = 'post-editing';
     }
     if (false !== strpos($hook, 'dslc_plugin_options') || false !== strpos($hook, 'dslc_getting_started') || 'dslc_plugin_options' === get_admin_page_parent()) {
         $current_screen = 'dslc-options';
     }
     if ('toplevel_page_livecomposer_editor' === $hook) {
         $current_screen = 'dslc-editing-screen';
     }
     /* Define some variables affecting further scripts loading */
     // Load minimized scripts and css resources.
     $min_suffix = '';
     if (!SCRIPT_DEBUG) {
         $min_suffix = '.min';
     }
     // What protocol to use.
     $protocol = 'http';
     if (is_ssl()) {
         $protocol = 'https';
     }
     /* If current screen is Live Composer editing screen */
     if ('dslc-editing-screen' === $current_screen && is_user_logged_in() && current_user_can(DS_LIVE_COMPOSER_CAPABILITY)) {
         global $dslc_active;
         /**
          * Live Composer Active
          */
         wp_enqueue_media();
         /**
          * CSS
          */
         wp_enqueue_style('dslc-builder-main-css', DS_LIVE_COMPOSER_URL . 'css/builder/builder.main.css', array(), DS_LIVE_COMPOSER_VER);
         wp_enqueue_style('dslc-builder-plugins-css', DS_LIVE_COMPOSER_URL . 'css/builder/builder.plugins.css', array(), DS_LIVE_COMPOSER_VER);
         wp_enqueue_style('dslc-font-awesome', DS_LIVE_COMPOSER_URL . 'css/font-awesome' . $min_suffix . '.css', array(), DS_LIVE_COMPOSER_VER);
         /**
          * JavaScript
          */
         wp_enqueue_script('jquery-ui-core');
         wp_enqueue_script('jquery-ui-sortable');
         wp_enqueue_script('jquery-ui-draggable');
         wp_enqueue_script('jquery-ui-droppable');
         wp_enqueue_script('jquery-effects-core');
         wp_enqueue_script('jquery-ui-resizable');
         wp_enqueue_script('wp-mediaelement');
         wp_enqueue_script('imagesloaded');
         // Need this for Masonry.
         wp_enqueue_script('jquery-masonry');
         wp_enqueue_script('dslc-builder-plugins-js', DS_LIVE_COMPOSER_URL . 'js/builder/builder.plugins.js', array('jquery'), DS_LIVE_COMPOSER_VER);
         if (!SCRIPT_DEBUG) {
             wp_enqueue_script('dslc-builder-main-js', DS_LIVE_COMPOSER_URL . 'js/builder.all.min.js', array('jquery'), DS_LIVE_COMPOSER_VER);
         } else {
             self::load_scripts('builder', 'dslc-builder-main-js');
         }
         wp_localize_script('dslc-builder-main-js', 'DSLCAjax', array('ajaxurl' => admin_url('admin-ajax.php', $protocol)));
         $translation_array = array('str_confirm' => __('Confirm', 'live-composer-page-builder'), 'str_ok' => __('OK', 'live-composer-page-builder'), 'str_import' => __('IMPORT', 'live-composer-page-builder'), 'str_exit_title' => __('You are about to exit Live Composer', 'live-composer-page-builder'), 'str_exit_descr' => __('If you have unsaved changed they will be lost.<br>If the "Publish Changes" button is shown in bottom right corner click it to save.', 'live-composer-page-builder'), 'str_area_helper_text' => __('MODULES AREA', 'live-composer-page-builder'), 'str_row_helper_text' => __('MODULES ROW', 'live-composer-page-builder'), 'str_import_row_title' => __('Import Row', 'live-composer-page-builder'), 'str_import_row_descr' => __('Copy the row export code bellow.', 'live-composer-page-builder'), 'str_del_module_title' => __('Delete Module', 'live-composer-page-builder'), 'str_del_module_descr' => __('Are you sure you want to delete this module?', 'live-composer-page-builder'), 'str_del_area_title' => __('Delete Area/Column', 'live-composer-page-builder'), 'str_del_area_descr' => __('Are you sure you want to delete this modules area?', 'live-composer-page-builder'), 'str_del_row_title' => __('Delete Row', 'live-composer-page-builder'), 'str_del_row_descr' => __('Are you sure you want to delete this row?', 'live-composer-page-builder'), 'str_export_row_title' => __('Export Row', 'live-composer-page-builder'), 'str_export_row_descr' => __('The code bellow is the importable code for this row.', 'live-composer-page-builder'), 'str_module_curr_edit_title' => __('You are currently editing a module', 'live-composer-page-builder'), 'str_module_curr_edit_descr' => __('You need to either <strong>confirm</strong> or <strong>cancel</strong> those changes before continuing.', 'live-composer-page-builder'), 'str_row_curr_edit_title' => __('You are currently editing a modules row', 'live-composer-page-builder'), 'str_row_curr_edit_descr' => __('You need to either <strong>confirm</strong> or <strong>cancel</strong> those changes before continuing.', 'live-composer-page-builder'), 'str_refresh_title' => __('You are about to refresh the page', 'live-composer-page-builder'), 'str_refresh_descr' => __('If you have unsaved changed they will be lost.<br>If the "Publish Changes" button is shown in bottom right corner click it to save.', 'live-composer-page-builder'), 'str_res_tablet' => __('Tablet', 'live-composer-page-builder'), 'str_res_phone' => __('Phone', 'live-composer-page-builder'));
         // Allow devs to alter available fonts.
         $fonts_array = apply_filters('dslc_available_fonts', self::$fonts_array);
         wp_localize_script('dslc-builder-main-js', 'DSLCString', $translation_array);
         wp_localize_script('dslc-builder-main-js', 'DSLCFonts', self::$fonts_array);
         // Array of icons available to be used.
         global $dslc_var_icons;
         wp_localize_script('dslc-builder-main-js', 'DSLCIcons', $dslc_var_icons);
     }
     /* If current screen is standard post editing screen in WP Admin */
     if ('post-editing' === $current_screen) {
         wp_enqueue_script('dslc-post-options-js-admin', DS_LIVE_COMPOSER_URL . 'includes/post-options-framework/js/main' . $min_suffix . '.js', array('jquery', 'jquery-ui-core', 'jquery-ui-datepicker'), DS_LIVE_COMPOSER_VER);
         if ('page' === get_post_type(get_the_ID()) && 'post.php' === $hook) {
             wp_localize_script('dslc-post-options-js-admin', 'tabData', array('tabTitle' => __('Page Builder', 'live-composer-page-builder')));
         }
         wp_enqueue_style('jquery-ui-datepicker', '//ajax.googleapis.com/ajax/libs/jqueryui/1.8.18/themes/smoothness/jquery-ui.css');
         wp_enqueue_style('dslc-post-options-css-admin', DS_LIVE_COMPOSER_URL . 'includes/post-options-framework/css/main' . $min_suffix . '.css', array(), DS_LIVE_COMPOSER_VER);
         /* If Yoast WP is active */
         if (defined('WPSEO_VERSION')) {
             wp_enqueue_script('dslc-yoast-seo-admin', DS_LIVE_COMPOSER_URL . 'js/builder.wpadmin/builder.yoast-seo.js', array(), DS_LIVE_COMPOSER_VER, true);
         }
     }
     /* If current screen is Live Composer options page */
     if ('dslc-options' === $current_screen) {
         wp_enqueue_script('dslc-plugin-options-js-admin', DS_LIVE_COMPOSER_URL . 'includes/plugin-options-framework/js/main' . $min_suffix . '.js', array('jquery'), DS_LIVE_COMPOSER_VER);
         wp_enqueue_style('dslc-plugin-options-css-admin', DS_LIVE_COMPOSER_URL . 'includes/plugin-options-framework/css/main' . $min_suffix . '.css', array(), DS_LIVE_COMPOSER_VER);
         wp_localize_script('dslc-plugin-options-js-admin', 'dslcajax', array('nonce' => wp_create_nonce('dslc-optionspanel-ajax')));
     }
 }
function get_admin_page_title() {
	global $title;
	global $menu;
	global $submenu;
	global $pagenow;
	global $plugin_page;

	if (isset($title) && ! empty($title)) {
		return $title;
	}

	$parent = get_admin_page_parent();
	if (empty($parent)) {
		foreach ($menu as $menu_array) {
			if (isset($menu_array[3])) {
				if ($menu_array[2] == $pagenow) {
					$title = $menu_array[3];
					return $menu_array[3];
				} else if (isset($plugin_page) && ($plugin_page == $menu_array[2])) {
					$title = $menu_array[3];
					return $menu_array[3];
				}
			}
		}
	} else {
		foreach (array_keys($submenu) as $parent) {
			foreach ($submenu[$parent] as $submenu_array) {
				if (isset($submenu_array[3])) {
					if ($submenu_array[2] == $pagenow) {
						$title = $submenu_array[3];
						return $submenu_array[3];
					} else if (isset($plugin_page) && ($plugin_page == $submenu_array[2])) {
						$title = $submenu_array[3];
						return $submenu_array[3];
					}
				}
			}
		}
	}

	return '';
}