/** * System plugin admin */ public static function main() { if (Session::exists('user_role') && in_array(Session::get('user_role'), array('admin'))) { $filters = Filter::$filters; $plugins = Plugin::$plugins; $components = Plugin::$components; $actions = Action::$actions; // Get pages table $pages = new Table('pages'); // Get system timezone $system_timezone = Option::get('timezone'); // Get languages files $language_files = File::scan(PLUGINS_BOX . DS . 'system' . DS . 'languages' . DS, '.lang.php'); foreach ($language_files as $language) { $parts = explode('.', $language); $languages_array[$parts[0]] = I18n::$locales[$parts[0]]; } // Get all pages $pages_array = array(); $pages_list = $pages->select('[slug!="error404" and parent="" and status="published"]'); foreach ($pages_list as $page) { $pages_array[$page['slug']] = Html::toText($page['title']); } // Create Sitemap // ------------------------------------- if (Request::get('sitemap') == 'create') { if (Security::check(Request::get('token'))) { Notification::set('success', __('Sitemap created', 'system')); Sitemap::create(); Request::redirect('index.php?id=system'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Delete temporary files // ------------------------------------- if (Request::get('temporary_files') == 'delete') { if (Security::check(Request::get('token'))) { Monstra::cleanTmp(); if (count(File::scan(MINIFY, array('css', 'js', 'php'))) == 0 && count(Dir::scan(CACHE)) == 0) { Notification::set('success', __('Temporary files deleted', 'system')); Request::redirect('index.php?id=system'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Set maintenance state on or off // ------------------------------------- if (Request::get('maintenance')) { if (Security::check(Request::get('token'))) { if ('on' == Request::get('maintenance')) { Option::update('maintenance_status', 'on'); Request::redirect('index.php?id=system'); } if ('off' == Request::get('maintenance')) { Option::update('maintenance_status', 'off'); Request::redirect('index.php?id=system'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Edit settings // ------------------------------------- if (Request::post('edit_settings')) { if (Security::check(Request::post('csrf'))) { // Add trailing slashes $_site_url = Request::post('system_url'); Option::update(array('sitename' => Request::post('site_name'), 'keywords' => Request::post('site_keywords'), 'description' => Request::post('site_description'), 'slogan' => Request::post('site_slogan'), 'defaultpage' => Request::post('site_default_page'), 'siteurl' => $_site_url, 'timezone' => Request::post('system_timezone'), 'system_email' => Request::post('system_email'), 'language' => Request::post('system_language'), 'maintenance_message' => Request::post('site_maintenance_message'))); Notification::set('success', __('Your changes have been saved.', 'system')); Request::redirect('index.php?id=system'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Its mean that you can add your own actions for this plugin Action::run('admin_system_extra_actions'); // Display view View::factory('box/system/views/backend/index')->assign('pages_array', $pages_array)->assign('languages_array', $languages_array)->display(); } else { Request::redirect('index.php?id=users&action=edit&user_id=' . Session::get('user_id')); } }
/** * Protected Construct */ protected function __construct() { /** * Load core defines */ Monstra::loadDefines(); /** * Compress HTML with gzip */ if (MONSTRA_GZIP) { if (!ob_start("ob_gzhandler")) { ob_start(); } } else { ob_start(); } /** * Send default header and set internal encoding */ header('Content-Type: text/html; charset=UTF-8'); function_exists('mb_language') and mb_language('uni'); function_exists('mb_regex_encoding') and mb_regex_encoding('UTF-8'); function_exists('mb_internal_encoding') and mb_internal_encoding('UTF-8'); /** * Gets the current configuration setting of magic_quotes_gpc * and kill magic quotes */ if (get_magic_quotes_gpc()) { function stripslashesGPC(&$value) { $value = stripslashes($value); } array_walk_recursive($_GET, 'stripslashesGPC'); array_walk_recursive($_POST, 'stripslashesGPC'); array_walk_recursive($_COOKIE, 'stripslashesGPC'); array_walk_recursive($_REQUEST, 'stripslashesGPC'); } /** * Set Gelato Display Errors to False for Production environment. */ if (Monstra::$environment == Monstra::PRODUCTION) { define('GELATO_DEVELOPMENT', false); } /** * Define Monstra Folder for Gelato Logs */ define('GELATO_LOGS_PATH', LOGS); /** * Include Gelato Library */ include ROOT . DS . 'libraries' . DS . 'Gelato' . DS . 'Gelato.php'; /** * Map Monstra Engine Directory */ ClassLoader::directory(ROOT . DS . 'engine' . DS); /** * Map all Monstra Classes */ ClassLoader::mapClasses(array('Security' => ROOT . DS . 'engine' . DS . 'Security.php', 'Uri' => ROOT . DS . 'engine' . DS . 'Uri.php', 'Site' => ROOT . DS . 'engine' . DS . 'Site.php', 'Alert' => ROOT . DS . 'engine' . DS . 'Alert.php', 'XML' => ROOT . DS . 'engine' . DS . 'Xmldb' . DS . 'XML.php', 'DB' => ROOT . DS . 'engine' . DS . 'Xmldb' . DS . 'DB.php', 'Table' => ROOT . DS . 'engine' . DS . 'Xmldb' . DS . 'Table.php', 'Plugin' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'Plugin.php', 'Frontend' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'Frontend.php', 'Backend' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'Backend.php', 'Action' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'Action.php', 'Filter' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'Filter.php', 'View' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'View.php', 'I18n' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'I18n.php', 'Stylesheet' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'Stylesheet.php', 'Javascript' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'Javascript.php', 'Navigation' => ROOT . DS . 'engine' . DS . 'Plugin' . DS . 'Navigation.php', 'Option' => ROOT . DS . 'engine' . DS . 'Option.php', 'Shortcode' => ROOT . DS . 'engine' . DS . 'Shortcode.php', 'ORM' => ROOT . DS . 'libraries' . DS . 'Idiorm' . DS . 'ORM.php', 'PHPMailer' => ROOT . DS . 'libraries' . DS . 'PHPMailer' . DS . 'PHPMailer.php')); /** * Start session */ Session::start(); /** * Init Idiorm */ if (defined('MONSTRA_DB_DSN')) { ORM::configure(MONSTRA_DB_DSN); ORM::configure('username', MONSTRA_DB_USER); ORM::configure('password', MONSTRA_DB_PASSWORD); ORM::configure('driver_options', array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8')); } /** * Auto cleanup if DEVELOPMENT environment */ if (Monstra::$environment == Monstra::DEVELOPMENT) { Monstra::cleanTmp(); } /** * Set Cache dir */ Cache::configure('cache_dir', CACHE); /** * Init Options API module */ Option::init(); /** * Set default timezone */ @ini_set('date.timezone', Option::get('timezone')); if (function_exists('date_default_timezone_set')) { date_default_timezone_set(Option::get('timezone')); } else { putenv('TZ=' . Option::get('timezone')); } /** * Sanitize URL to prevent XSS - Cross-site scripting */ Security::runSanitizeURL(); /** * Load default */ Monstra::loadPluggable(); /** * Init I18n */ I18n::init(Option::get('language')); /** * Init Plugins API */ Plugin::init(); /** * Init Notification service */ Notification::init(); /** * Init site module */ if (!BACKEND) { Site::init(); } }
/** * Themes plugin admin */ public static function main() { // Get current themes $current_site_theme = Option::get('theme_site_name'); $current_admin_theme = Option::get('theme_admin_name'); // Init vars $themes_site = Themes::getSiteThemes(); $themes_admin = Themes::getAdminThemes(); $templates = Themes::getTemplates(); $chunks = Themes::getChunks(); $styles = Themes::getStyles(); $scripts = Themes::getScripts(); $errors = array(); $chunk_path = THEMES_SITE . DS . $current_site_theme . DS; $template_path = THEMES_SITE . DS . $current_site_theme . DS; $style_path = THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS; $script_path = THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS; // Save site theme if (Request::post('save_site_theme')) { if (Security::check(Request::post('csrf'))) { Option::update('theme_site_name', Request::post('themes')); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles and Javascript version Stylesheet::stylesVersionIncrement(); Javascript::javascriptVersionIncrement(); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save site theme if (Request::post('save_admin_theme')) { if (Security::check(Request::post('csrf'))) { Option::update('theme_admin_name', Request::post('themes')); // Clean Monstra TMP folder. Monstra::cleanTmp(); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Its mean that you can add your own actions for this plugin Action::run('admin_themes_extra_actions'); // Check for get actions // ------------------------------------- if (Request::get('action')) { // Switch actions // ------------------------------------- switch (Request::get('action')) { // Add chunk // ------------------------------------- case "add_chunk": if (Request::post('add_file') || Request::post('add_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($chunk_path . Security::safeName(Request::post('name'), null, false) . '.chunk.php')) { $errors['file_exists'] = __('This chunk already exists', 'themes'); } if (count($errors) == 0) { // Save chunk File::setContent($chunk_path . Security::safeName(Request::post('name'), null, false) . '.chunk.php', Request::post('content')); Notification::set('success', __('Your changes to the chunk <i>:name</i> have been saved.', 'themes', array(':name' => Security::safeName(Request::post('name'), null, false)))); if (Request::post('add_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_chunk&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save fields if (Request::post('name')) { $name = Request::post('name'); } else { $name = ''; } if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } // Display view View::factory('box/themes/views/backend/add')->assign('name', $name)->assign('content', $content)->assign('errors', $errors)->assign('action', 'chunk')->display(); break; // Add template // ------------------------------------- // Add template // ------------------------------------- case "add_template": if (Request::post('add_file') || Request::post('add_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($template_path . Security::safeName(Request::post('name'), null, false) . '.template.php')) { $errors['file_exists'] = __('This template already exists', 'themes'); } if (count($errors) == 0) { // Save chunk File::setContent($template_path . Security::safeName(Request::post('name'), null, false) . '.template.php', Request::post('content')); Notification::set('success', __('Your changes to the chunk <i>:name</i> have been saved.', 'themes', array(':name' => Security::safeName(Request::post('name'), null, false)))); if (Request::post('add_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_template&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save fields if (Request::post('name')) { $name = Request::post('name'); } else { $name = ''; } if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } // Display view View::factory('box/themes/views/backend/add')->assign('name', $name)->assign('content', $content)->assign('errors', $errors)->assign('action', 'template')->display(); break; // Add styles // ------------------------------------- // Add styles // ------------------------------------- case "add_styles": if (Request::post('add_file') || Request::post('add_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($style_path . Security::safeName(Request::post('name'), null, false) . '.css')) { $errors['file_exists'] = __('This styles already exists', 'themes'); } if (count($errors) == 0) { // Save chunk File::setContent($style_path . Security::safeName(Request::post('name'), null, false) . '.css', Request::post('content')); Notification::set('success', __('Your changes to the styles <i>:name</i> have been saved.', 'themes', array(':name' => Security::safeName(Request::post('name'), null, false)))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles version Stylesheet::stylesVersionIncrement(); if (Request::post('add_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_styles&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save fields if (Request::post('name')) { $name = Request::post('name'); } else { $name = ''; } if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } // Display view View::factory('box/themes/views/backend/add')->assign('name', $name)->assign('content', $content)->assign('errors', $errors)->assign('action', 'styles')->display(); break; // Add script // ------------------------------------- // Add script // ------------------------------------- case "add_script": if (Request::post('add_file') || Request::post('add_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($script_path . Security::safeName(Request::post('name'), null, false) . '.js')) { $errors['file_exists'] = __('This script already exists', 'themes'); } if (count($errors) == 0) { // Save chunk File::setContent($script_path . Security::safeName(Request::post('name'), null, false) . '.js', Request::post('content')); Notification::set('success', __('Your changes to the script <i>:name</i> have been saved.', 'themes', array(':name' => Security::safeName(Request::post('name'), null, false)))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Javascript version Javascript::javascriptVersionIncrement(); if (Request::post('add_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_script&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Save fields if (Request::post('name')) { $name = Request::post('name'); } else { $name = ''; } if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } // Display view View::factory('box/themes/views/backend/add')->assign('name', $name)->assign('content', $content)->assign('errors', $errors)->assign('action', 'script')->display(); break; // Edit chunk // ------------------------------------- // Edit chunk // ------------------------------------- case "edit_chunk": // Save current chunk action if (Request::post('edit_file') || Request::post('edit_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($chunk_path . Security::safeName(Request::post('name'), null, false) . '.chunk.php') and Security::safeName(Request::post('chunk_old_name'), null, false) !== Security::safeName(Request::post('name'), null, false)) { $errors['file_exists'] = __('This chunk already exists', 'themes'); } // Save fields if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } if (count($errors) == 0) { $chunk_old_filename = $chunk_path . Request::post('chunk_old_name') . '.chunk.php'; $chunk_new_filename = $chunk_path . Security::safeName(Request::post('name'), null, false) . '.chunk.php'; if (!empty($chunk_old_filename)) { if ($chunk_old_filename !== $chunk_new_filename) { rename($chunk_old_filename, $chunk_new_filename); $save_filename = $chunk_new_filename; } else { $save_filename = $chunk_new_filename; } } else { $save_filename = $chunk_new_filename; } // Save chunk File::setContent($save_filename, Request::post('content')); Notification::set('success', __('Your changes to the chunk <i>:name</i> have been saved.', 'themes', array(':name' => basename($save_filename, '.chunk.php')))); if (Request::post('edit_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_chunk&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('name')) { $name = Request::post('name'); } else { $name = File::name(Request::get('filename')); } $content = File::getContent($chunk_path . Request::get('filename') . '.chunk.php'); // Display view View::factory('box/themes/views/backend/edit')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->assign('action', 'chunk')->display(); break; // Edit Template // ------------------------------------- // Edit Template // ------------------------------------- case "edit_template": // Save current chunk action if (Request::post('edit_file') || Request::post('edit_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($template_path . Security::safeName(Request::post('name'), null, false) . '.template.php') and Security::safeName(Request::post('template_old_name'), null, false) !== Security::safeName(Request::post('name'), null, false)) { $errors['template_exists'] = __('This template already exists', 'themes'); } // Save fields if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } if (count($errors) == 0) { $template_old_filename = $template_path . Request::post('template_old_name') . '.template.php'; $template_new_filename = $template_path . Security::safeName(Request::post('name'), null, false) . '.template.php'; if (!empty($template_old_filename)) { if ($template_old_filename !== $template_new_filename) { rename($template_old_filename, $template_new_filename); $save_filename = $template_new_filename; } else { $save_filename = $template_new_filename; } } else { $save_filename = $template_new_filename; } // Save chunk File::setContent($save_filename, Request::post('content')); Notification::set('success', __('Your changes to the template <i>:name</i> have been saved.', 'themes', array(':name' => basename($save_filename, '.template.php')))); if (Request::post('edit_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_template&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('name')) { $name = Request::post('name'); } else { $name = File::name(Request::get('filename')); } $content = File::getContent($chunk_path . Request::get('filename') . '.template.php'); // Display view View::factory('box/themes/views/backend/edit')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->assign('action', 'template')->display(); break; // Edit Styles // ------------------------------------- // Edit Styles // ------------------------------------- case "edit_styles": // Save current chunk action if (Request::post('edit_file') || Request::post('edit_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($style_path . Security::safeName(Request::post('name'), null, false) . '.css') and Security::safeName(Request::post('styles_old_name'), null, false) !== Security::safeName(Request::post('name'), null, false)) { $errors['file_exists'] = __('This styles already exists', 'themes'); } // Save fields if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } if (count($errors) == 0) { $styles_old_filename = $style_path . Request::post('styles_old_name') . '.css'; $styles_new_filename = $style_path . Security::safeName(Request::post('name'), null, false) . '.css'; if (!empty($styles_old_filename)) { if ($styles_old_filename !== $styles_new_filename) { rename($styles_old_filename, $styles_new_filename); $save_filename = $styles_new_filename; } else { $save_filename = $styles_new_filename; } } else { $save_filename = $styles_new_filename; } // Save chunk File::setContent($save_filename, Request::post('content')); Notification::set('success', __('Your changes to the styles <i>:name</i> have been saved.', 'themes', array(':name' => basename($save_filename, '.css')))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles version Stylesheet::stylesVersionIncrement(); if (Request::post('edit_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_styles&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('name')) { $name = Request::post('name'); } else { $name = File::name(Request::get('filename')); } $content = File::getContent($style_path . Request::get('filename') . '.css'); // Display view View::factory('box/themes/views/backend/edit')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->assign('action', 'styles')->display(); break; // Edit Script // ------------------------------------- // Edit Script // ------------------------------------- case "edit_script": // Save current chunk action if (Request::post('edit_file') || Request::post('edit_file_and_exit')) { if (Security::check(Request::post('csrf'))) { if (trim(Request::post('name')) == '') { $errors['file_empty_name'] = __('Required field', 'themes'); } if (file_exists($script_path . Security::safeName(Request::post('name'), null, false) . '.js') and Security::safeName(Request::post('script_old_name'), null, false) !== Security::safeName(Request::post('name'), null, false)) { $errors['file_exists'] = __('This script already exists', 'themes'); } // Save fields if (Request::post('content')) { $content = Request::post('content'); } else { $content = ''; } if (count($errors) == 0) { $script_old_filename = $script_path . Request::post('script_old_name') . '.js'; $script_new_filename = $script_path . Security::safeName(Request::post('name'), null, false) . '.js'; if (!empty($script_old_filename)) { if ($script_old_filename !== $script_new_filename) { rename($script_old_filename, $script_new_filename); $save_filename = $script_new_filename; } else { $save_filename = $script_new_filename; } } else { $save_filename = $script_new_filename; } // Save chunk File::setContent($save_filename, Request::post('content')); Notification::set('success', __('Your changes to the script <i>:name</i> have been saved.', 'themes', array(':name' => basename($save_filename, '.js')))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Javascript version Javascript::javascriptVersionIncrement(); if (Request::post('edit_file_and_exit')) { Request::redirect('index.php?id=themes'); } else { Request::redirect('index.php?id=themes&action=edit_script&filename=' . Security::safeName(Request::post('name'), null, false)); } } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } if (Request::post('name')) { $name = Request::post('name'); } else { $name = File::name(Request::get('filename')); } $content = File::getContent($script_path . Request::get('filename') . '.js'); // Display view View::factory('box/themes/views/backend/edit')->assign('content', $content)->assign('name', $name)->assign('errors', $errors)->assign('action', 'script')->display(); break; // Delete chunk // ------------------------------------- // Delete chunk // ------------------------------------- case "delete_chunk": if (Security::check(Request::get('token'))) { File::delete($chunk_path . Request::get('filename') . '.chunk.php'); Notification::set('success', __('Chunk <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } break; // Delete styles // ------------------------------------- // Delete styles // ------------------------------------- case "delete_styles": if (Security::check(Request::get('token'))) { File::delete($style_path . Request::get('filename') . '.css'); Notification::set('success', __('Styles <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles version Stylesheet::stylesVersionIncrement(); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } break; // Delete script // ------------------------------------- // Delete script // ------------------------------------- case "delete_script": if (Security::check(Request::get('token'))) { File::delete($script_path . Request::get('filename') . '.js'); Notification::set('success', __('Script <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Javascript version Javascript::javascriptVersionIncrement(); Request::redirect('index.php?id=themes'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } break; // Delete template // ------------------------------------- // Delete template // ------------------------------------- case "delete_template": if (Security::check(Request::get('token'))) { File::delete($template_path . Request::get('filename') . '.template.php'); Notification::set('success', __('Template <i>:name</i> deleted', 'themes', array(':name' => File::name(Request::get('filename'))))); Request::redirect('index.php?id=themes'); } break; // Clone styles // ------------------------------------- // Clone styles // ------------------------------------- case "clone_styles": if (Security::check(Request::get('token'))) { File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') . '_clone_' . date("Ymd_His") . '.css', File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'css' . DS . Request::get('filename') . '.css')); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles version Stylesheet::stylesVersionIncrement(); Request::redirect('index.php?id=themes'); } break; // Clone script // ------------------------------------- // Clone script // ------------------------------------- case "clone_script": if (Security::check(Request::get('token'))) { File::setContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') . '_clone_' . date("Ymd_His") . '.js', File::getContent(THEMES_SITE . DS . $current_site_theme . DS . 'js' . DS . Request::get('filename') . '.js')); // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Javascript version Javascript::javascriptVersionIncrement(); Request::redirect('index.php?id=themes'); } break; // Clone template // ------------------------------------- // Clone template // ------------------------------------- case "clone_template": if (Security::check(Request::get('token'))) { File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '_clone_' . date("Ymd_His") . '.template.php', File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.template.php')); Request::redirect('index.php?id=themes'); } break; // Clone chunk // ------------------------------------- // Clone chunk // ------------------------------------- case "clone_chunk": if (Security::check(Request::get('token'))) { File::setContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '_clone_' . date("Ymd_His") . '.chunk.php', File::getContent(THEMES_SITE . DS . $current_site_theme . DS . Request::get('filename') . '.chunk.php')); Request::redirect('index.php?id=themes'); } break; } } else { // Display view View::factory('box/themes/views/backend/index')->assign('themes_site', $themes_site)->assign('themes_admin', $themes_admin)->assign('templates', $templates)->assign('chunks', $chunks)->assign('styles', $styles)->assign('scripts', $scripts)->assign('current_site_theme', $current_site_theme)->assign('current_admin_theme', $current_admin_theme)->display(); } }
/** * Plugins admin */ public static function main() { // Get siteurl $site_url = Option::get('siteurl'); // Get installed plugin from $plugins array $installed_plugins = Plugin::$plugins; // Get installed users plugins $_users_plugins = array(); foreach (Plugin::$plugins as $plugin) { if ($plugin['privilege'] !== 'box') { $_users_plugins[] = $plugin['id']; } } // Get plugins table $plugins = new Table('plugins'); // Delete plugin // ------------------------------------- if (Request::get('delete_plugin')) { if (Security::check(Request::get('token'))) { // Nobody cant remove box plugins if ($installed_plugins[Text::lowercase(str_replace("Plugin", "", Request::get('delete_plugin')))]['privilege'] !== 'box') { // Run plugin uninstaller file $plugin_name = Request::get('delete_plugin'); if (File::exists(PLUGINS . DS . $plugin_name . DS . 'install' . DS . $plugin_name . '.uninstall.php')) { include PLUGINS . DS . $plugin_name . DS . 'install' . DS . $plugin_name . '.uninstall.php'; } // Clean Monstra TMP folder. Monstra::cleanTmp(); // Increment Styles and Javascript version Stylesheet::stylesVersionIncrement(); Javascript::javascriptVersionIncrement(); // Delete plugin form plugins table $plugins->deleteWhere('[name="' . Request::get('delete_plugin') . '"]'); // Redirect Request::redirect('index.php?id=plugins'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Install new plugin // ------------------------------------- if (Request::get('install')) { if (Security::check(Request::get('token'))) { // Load plugin install xml file $plugin_xml = XML::loadFile(PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . Request::get('install')); // Add plugin to plugins table $plugins->insert(array('name' => basename(Request::get('install'), '.manifest.xml'), 'location' => (string) $plugin_xml->plugin_location, 'status' => (string) $plugin_xml->plugin_status, 'priority' => (int) $plugin_xml->plugin_priority)); // Clean Monstra TMP folder. Monstra::cleanTmp(); Stylesheet::stylesVersionIncrement(); Javascript::javascriptVersionIncrement(); // Run plugin installer file $plugin_name = str_replace(array("Plugin", ".manifest.xml"), "", Request::get('install')); if (File::exists(PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php')) { include PLUGINS . DS . basename(Text::lowercase(Request::get('install')), '.manifest.xml') . DS . 'install' . DS . $plugin_name . '.install.php'; } Request::redirect('index.php?id=plugins'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Delete plugin from server // ------------------------------------- if (Request::get('delete_plugin_from_server')) { if (Security::check(Request::get('token'))) { // Clean Monstra TMP folder. Monstra::cleanTmp(); Stylesheet::stylesVersionIncrement(); Javascript::javascriptVersionIncrement(); Dir::delete(PLUGINS . DS . basename(Request::get('delete_plugin_from_server'), '.manifest.xml')); Request::redirect('index.php?id=plugins'); } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Upload & extract plugin archive // ------------------------------------- if (Request::post('upload_file')) { if (Security::check(Request::post('csrf'))) { if ($_FILES['file']) { if (in_array(File::ext($_FILES['file']['name']), array('zip'))) { $tmp_dir = ROOT . DS . 'tmp' . DS . uniqid('plugin_'); $error = 'Plugin was not uploaded'; if (Dir::create($tmp_dir)) { $file_locations = Zip::factory()->extract($_FILES['file']['tmp_name'], $tmp_dir); if (!empty($file_locations)) { $manifest = ''; foreach ($file_locations as $filepath) { if (substr($filepath, -strlen('.manifest.xml')) === '.manifest.xml') { $manifest = $filepath; break; } } if (!empty($manifest) && basename(dirname($manifest)) === 'install') { $manifest_file = pathinfo($manifest, PATHINFO_BASENAME); $plugin_name = str_replace('.manifest.xml', '', $manifest_file); if (Dir::create(PLUGINS . DS . $plugin_name)) { $tmp_plugin_dir = dirname(dirname($manifest)); Dir::copy($tmp_plugin_dir, PLUGINS . DS . $plugin_name); Notification::set('success', __('Plugin was uploaded', 'plugins')); $error = false; } } } } else { $error = 'System error'; } } else { $error = 'Forbidden plugin file type'; } } else { $error = 'Plugin was not uploaded'; } if ($error) { Notification::set('error', __($error, 'plugins')); } if (Request::post('dragndrop')) { Request::shutdown(); } else { Request::redirect($site_url . '/admin/index.php?id=plugins#installnew'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Installed plugins $plugins_installed = array(); // New plugins $plugins_new = array(); // Plugins to install $plugins_to_intall = array(); // Scan plugins directory for .manifest.xml $plugins_new = File::scan(PLUGINS, '.manifest.xml'); // Get installed plugins from plugins table $plugins_installed = $plugins->select(null, 'all', null, array('location', 'priority'), 'priority', 'ASC'); // Update $plugins_installed array. extract plugins names foreach ($plugins_installed as $plg) { $_plg[] = basename($plg['location'], 'plugin.php') . 'manifest.xml'; } // Diff $plugins_to_install = array_diff($plugins_new, $_plg); // Create array of plugins to install $count = 0; foreach ($plugins_to_install as $plugin) { $plg_path = PLUGINS . DS . Text::lowercase(basename($plugin, '.manifest.xml')) . DS . 'install' . DS . $plugin; if (file_exists($plg_path)) { $plugins_to_intall[$count]['path'] = $plg_path; $plugins_to_intall[$count]['plugin'] = $plugin; $count++; } } // Draw template View::factory('box/plugins/views/backend/index')->assign('installed_plugins', $installed_plugins)->assign('plugins_to_intall', $plugins_to_intall)->assign('_users_plugins', $_users_plugins)->assign('fileuploader', array('uploadUrl' => $site_url . '/admin/index.php?id=plugins', 'csrf' => Security::token(), 'errorMsg' => __('Upload server error', 'filesmanager')))->display(); }