public static function delete_article($articleid) { $db = cmsms()->GetDb(); //Now remove the article $query = "DELETE FROM " . cms_db_prefix() . "module_news WHERE news_id = ?"; $db->Execute($query, array($articleid)); // Delete it from the custom fields $query = 'DELETE FROM ' . cms_db_prefix() . 'module_news_fieldvals WHERE news_id = ?'; $db->Execute($query, array($articleid)); // delete any files... $config = cmsms()->GetConfig; $p = cms_join_path($config['uploads_path'], 'news', 'id', $articleid); if (is_dir($p)) { recursive_delete($p); } news_admin_ops::delete_static_route($articleid); //Update search index $mod = cms_utils::get_module('News'); $module = cms_utils::get_module('Search'); if ($module != FALSE) { $module->DeleteWords($mod->GetName(), $articleid, 'article'); } @$mod->SendEvent('NewsArticleDeleted', array('news_id' => $articleid)); // put mention into the admin log audit($articleid, 'News: ' . $articleid, 'Article deleted'); }
protected function fetch($name, &$source, &$mtime) { debug_buffer('start global_content_get_template'); $gCms = cmsms(); $config = $gCms->GetConfig(); $gcbops = $gCms->GetGlobalContentOperations(); $oneblob = $gcbops->LoadHtmlBlobByName($name); if ($oneblob) { $text = $oneblob->content; $source = $text; $mtime = $oneblob->modified_date; // So no one can do anything nasty, take out the php smarty tags. Use a user // defined plugin instead. if (!(isset($config["use_smarty_php_tags"]) && $config["use_smarty_php_tags"] == true)) { $source = preg_replace("/\\{\\/?php\\}/", "", $source); } } else { $source = "<!-- Html blob '" . $name . "' does not exist -->"; // put mention into the admin log audit('', 'Global Content Block: ' . $name, 'Can not open or does not exist!'); $mtime = time(); } debug_buffer('end global_content_get_template'); return true; }
/** * @param array $data * @param int $level * @param bool $deprovisioning * * @return bool */ protected function audit($data = [], $level = 6, $deprovisioning = false) { if (function_exists('audit')) { // Put instance ID into the correct place isset($data['instance']) && ($data['dfe'] = ['instance_id' => $data['instance']->instance_id_text]); return audit($data, $level, ($deprovisioning ? 'de' : null) . 'provision'); } return false; }
function cms_shutdown_function() { $error = error_get_last(); if ($error['type'] == E_ERROR || $error['type'] == E_USER_ERROR) { $str = 'ERROR DETECTED: ' . $error['message'] . ' at ' . $error['file'] . ':' . $error['line']; debug_to_log($str); $db = cmsms()->GetDb(); if (is_object($db)) { // put mention into the admin log audit('', 'ERROR', $str); } } }
/** * A function to send lost password recovery email to a specified admin user (by name) * * @internal * @access private * @param string the username * @return results from the attempt to send a message. */ function send_recovery_email($username) { $gCms = cmsms(); $config = $gCms->GetConfig(); $userops = $gCms->GetUserOperations(); $user = $userops->LoadUserByUsername($username); $obj = cms_utils::get_module('CMSMailer'); if ($obj == null) { return false; } $obj->AddAddress($user->email, html_entity_decode($user->firstname . ' ' . $user->lastname)); $obj->SetSubject(lang('lostpwemailsubject', html_entity_decode(get_site_preference('sitename', 'CMSMS Site')))); $url = $config['admin_url'] . '/login.php?recoverme=' . md5(md5($config['root_path'] . '--' . $user->username . md5($user->password))); $body = lang('lostpwemail', html_entity_decode(get_site_preference('sitename', 'CMSMS Site')), $user->username, $url); $obj->SetBody($body); audit('', 'Core', 'Sent Lost Password Email for ' . $username); return $obj->Send(); }
function deldir($dir) { $handle = opendir($dir); while (false !== ($FolderOrFile = readdir($handle))) { if ($FolderOrFile != "." && $FolderOrFile != "..") { if (@is_dir("{$dir}/{$FolderOrFile}")) { deldir("{$dir}/{$FolderOrFile}"); } else { unlink("{$dir}/{$FolderOrFile}"); } } } closedir($handle); if (rmdir($dir)) { // put mention into the admin log audit('', 'Image Manager', 'Removed Directory ' . $dir); $success = true; } return $success; }
protected function after_uploaded_file($fileobject) { // here we may do image handling, and other cruft. if (is_object($fileobject) && $fileobject->name != '') { $mod = cms_utils::get_module('FileManager'); $parms = array(); $parms['file'] = filemanager_utils::join_path(filemanager_utils::get_full_cwd(), $fileobject->name); if ($mod->GetPreference('create_thumbnails')) { $thumb = cms_utils::generate_thumbnail($parms['file']); if ($thumb) { $params['thumb'] = $thumb; } } $str = $fileobject->name . ' uploaded to ' . filemanager_utils::get_full_cwd(); if (isset($params['thumb'])) { $str .= ' and a thumbnail was generated'; } audit('', $mod->GetName(), $str); $mod->SendEvent('OnFileUploaded', $parms); } }
} if ($validinfo) { $onetemplate = $templateops->LoadTemplateByID($template_id); $onetemplate->name = $template; $onetemplate->content = $content; $onetemplate->stylesheet = $stylesheet; $onetemplate->encoding = $encoding; $onetemplate->active = $active; Events::SendEvent('Core', 'EditTemplatePre', array('template' => &$onetemplate)); $result = $onetemplate->Save(); if ($result) { #Make sure the new name is used if this is an apply $orig_template = $template; Events::SendEvent('Core', 'EditTemplatePost', array('template' => &$onetemplate)); // put mention into the admin log audit($template_id, 'HTML-template: ' . $onetemplate->name, 'Edited'); if (!$apply) { switch ($from) { case 'content': redirect("listcontent.php" . $urlext); break; case 'cssassoc': redirect('templatecss.php' . $urlext . '&id=' . $cssid . '&type=template'); break; case 'module_TemplateManager': redirect('moduleinterface.php' . $urlext . '&module=TemplateManager'); break; default: redirect("listtemplates.php" . $urlext); break; }
//eval('function testfunction'.rand().'() {'.$code.'}'); $buffer = ob_get_clean(); //add error $error[] = preg_replace('/<br \\/>/', '', $buffer); $validinfo = false; } else { ob_get_clean(); } } if ($validinfo) { Events::SendEvent('Core', 'EditUserDefinedTagPre', array('id' => $userplugin_id, 'name' => &$plugin_name, 'code' => &$code)); $query = "UPDATE " . cms_db_prefix() . "userplugins SET userplugin_name = " . $db->qstr($plugin_name) . ", code = " . $db->qstr($code) . ", modified_date = " . $db->DBTimeStamp(time()) . " WHERE userplugin_id = " . $db->qstr($userplugin_id); $result = $db->Execute($query); if ($result) { Events::SendEvent('Core', 'EditUserDefinedTagPost', array('id' => $userplugin_id, 'name' => &$plugin_name, 'code' => &$code)); audit($userplugin_id, $plugin_name, 'Edited User Defined Tag'); if (!isset($_POST['apply'])) { redirect("listusertags.php" . $urlext . "&message=usertagupdated"); return; } } else { $error[] = lang('errorupdatingusertag'); } } if ($ajax) { header('Content-Type: text/xml'); print '<?xml version="1.0" encoding="UTF-8"?>'; print '<EditUserPlugin>'; if (sizeof($error)) { print '<Response>Error</Response>'; print '<Details><![CDATA[';
/** * _SetModuleAdminInterfaces * * This function sets up data structures to place modules in the proper Admin sections * for display on section pages and menus. * * @since 1.10 * @access private * @ignore */ private function _SetModuleAdminInterfaces() { if (is_array($this->_sectionCount)) { return; } $this->_sectionCount = array(); $this->_modulesBySection = array(); // get the info from the cache $usermoduleinfo = $this->_get_user_module_info(); if (!is_array($usermoduleinfo)) { // put mention into the admin log audit(get_userid(FALSE), 'Admin Theme', 'No module information found for user'); } // Are there any modules with an admin interface? foreach ($usermoduleinfo as $key => $rec) { $section = $rec['adminsection']; if ($section == '') { $section == 'extensions'; } if (!isset($this->_sectionCount[$section])) { $this->_sectionCount[$section] = 0; } $data = array(); $data['key'] = $key; $data['friendlyname'] = isset($rec['friendlyname']) ? $rec['friendlyname'] : $key; $data['name'] = $data['friendlyname']; $data['description'] = $rec['admindescription'] != '' ? $rec['admindescription'] : ''; $config = cmsms()->GetConfig(); $tmp = array("modules/{$key}/images/icon.gif", "modules/{$key}/icons/icons.gif", "modules/{$key}/images/icon.png", "modules/{$key}/icons/icons.png"); foreach ($tmp as $one) { $fn = cms_join_path($config['root_path'], $one); if (file_exists($fn)) { $data['icon'] = $config['root_url'] . '/' . $one; break; } } $this->_modulesBySection[$section][] = $data; $this->_sectionCount[$section]++; } }
set_preference($userid, 'syntaxhighlighter', $syntaxhighlighter); set_preference($userid, 'default_cms_language', $default_cms_lang); set_preference($userid, 'admintheme', $admintheme); set_preference($userid, 'bookmarks', $bookmarks); set_preference($userid, 'hide_help_links', $hide_help_links); set_preference($userid, 'indent', $indent); set_preference($userid, 'enablenotifications', $enablenotifications); set_preference($userid, 'paging', $paging); set_preference($userid, 'date_format_string', $date_format_string); set_preference($userid, 'default_parent', $default_parent); set_preference($userid, 'homepage', $homepage); set_preference($userid, 'ignoredmodules', implode(',', $ignoredmodules)); set_preference($userid, 'listtemplates_pagelimit', $listtemplates_pagelimit); set_preference($userid, 'liststylesheets_pagelimit', $liststylesheets_pagelimit); set_preference($userid, 'listgcbs_pagelimit', $listgcbs_pagelimit); audit(-1, '', 'Edited User Preferences'); $page_message = lang('prefsupdated'); #redirect("index.php"); #return; } else { if (!isset($_POST["edituserprefs"])) { $gcb_wysiwyg = get_preference($userid, 'gcb_wysiwyg', 1); $wysiwyg = get_preference($userid, 'wysiwyg'); $syntaxhighlighter = get_preference($userid, 'syntaxhighlighter'); $default_cms_lang = get_preference($userid, 'default_cms_language'); $old_default_cms_lang = $default_cms_lang; $admintheme = get_preference($userid, 'admintheme'); $bookmarks = get_preference($userid, 'bookmarks'); $indent = get_preference($userid, 'indent', true); $enablenotifications = get_preference($userid, 'enablenotifications', 1); $paging = get_preference($userid, 'paging', 0);
if ($access && strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') { try { if ($submit || $apply) { // Fill contentobj with parameters $contentobj->SetAddMode(); $contentobj->FillParams($_POST); $contentobj->SetOwner($userid); $error = $contentobj->ValidateData(); if ($error === FALSE) { $contentobj->Save(); $gCms = cmsms(); $contentops = $gCms->GetContentOperations(); $contentops->SetAllHierarchyPositions(); if ($submit) { // put mention into the admin log audit($contentobj->Id(), 'Content Item: ' . $contentobj->Name(), 'Added'); redirect('listcontent.php' . $urlext . '&message=contentadded'); } } } else { $contentobj->FillParams($_POST); } } catch (CmsEditContentException $e) { $error = $e->getMessage(); } } if (!$access) { echo "<div class=\"pageerrorcontainer pageoverflow\"><p class=\"pageerror\">" . lang('noaccessto', array(lang('addcontent'))) . "</p></div>"; } else { $tabnames = $contentobj->TabNames(); // Get a list of content_types and build the dropdown to select one
</div> </div> <?php } else { redirect('listtemplates.php' . $urlext); } } else { if ($action == 'dodelete') { $userid = get_userid(); $access = check_permission($userid, 'Remove Templates'); if ($access) { foreach ($nodelist as $node) { $id = $node->id; $title = $node->name; $node->Delete(); audit($id, $title, 'Deleted Template'); } } redirect("listtemplates.php" . $urlext); } else { if ($action == 'inactive') { $userid = get_userid(); $permission = check_permission($userid, 'Modify Templates'); foreach ($nodelist as $node) { if ($permission) { if ($node->active) { $node->active = false; $node->Save(); } } }
error_log($msg); continue; } $new[] = $role; } $orig = $user->roles; if ($new != $orig) { array_push($audit_changes, sprintf("Roles = <%s>", implode(", ", $new))); $user->roles = $new; } if (count($audit_changes) == 0) { $renderer->flash_success("No changes were made"); header("Location: user-list.php"); exit(0); } $errors = $user->errors(); if (count($errors) == 0) { if (!$user->save()) { array_push($errors, "Unknown error trying to save a user! Try again or contact support."); } } if (count($errors) == 0) { audit($action, sprintf("User %s [%s]", $userid, implode("; ", $audit_changes))); $renderer->flash_success("Saved user"); header("Location: user-list.php"); } else { $renderer->variable("errors", $errors); $renderer->variable("mod_user", $user); $renderer->variable("title", sprintf("Editing %s", $user->login)); $renderer->render("user-form"); }
if (isset($params['prefix'])) { $prefix = trim($params['prefix']); } if (!isset($params['templatecontent']) || empty($params['templatecontent'])) { $module->SetError($this->Lang('error_missingparam')); $module->RedirectToTab($id, $this->_current_tab, '', $the_action); return; } if ($template == "" || $prefix == "") { $module->SetError($this->Lang('error_missingparam')); $module->RedirectToTab($id, $this->_current_tab, '', $the_action); return; } $newtemplate = $prefix . $template; // check if this template already exists $txt = trim($module->GetTemplate($newtemplate)); if ($txt != "") { $module->SetError($this->Lang('error_templatenameexists')); $module->RedirectToTab($id, $this->_current_tab, '', $the_action); return; } // we're ready to set it $text = $params['templatecontent']; //$text = cms_html_entity_decode($params['templatecontent'],ENT_QUOTES,get_encoding()); $module->SetTemplate($newtemplate, $text); audit('', $module->GetName(), 'Added Template ' . $newtemplate); if ($this->_current_tab != '') { $module->RedirectToTab($id, $this->_current_tab, '', $the_action); return; } $module->Redirect($id, $the_action);
} if ($types != '') { $types = substr($types, 0, -2); #strip last space and comma } else { $types = ''; } $newstylesheet->media_type = $types; Events::SendEvent('Core', 'AddStylesheetPre', array('stylesheet' => &$newstylesheet)); $result = $newstylesheet->Save(); # we now have to check that everything went well if ($result) { #Sent the post event Events::SendEvent('Core', 'AddStylesheetPost', array('stylesheet' => &$newstylesheet)); # it's ok, we record the operation in the admin log audit($newstylesheet->id, 'Stylesheet: ' . $css_name, 'Added'); # and goes back to the css list redirect("listcss.php" . $urlext); return; } else { $error .= "<li>" . lang('errorinsertingcss') . "</li>"; } } } } include_once "header.php"; #****************************************************************************** # the user does not have access : error message #****************************************************************************** if (!$access) { echo "<div class=\"pageerrorcontainer\"><p class=\"pageerror\">" . lang('noaccessto', array(lang('addstylesheet'))) . "</p></div>";
Events::SendEvent('Core', 'ChangeGroupAssignPre', array('group' => $thisGroup, 'users' => $userops->LoadUsersInGroup($thisGroup->id))); $query = "DELETE FROM " . cms_db_prefix() . "user_groups WHERE group_id = ? AND user_id != ?"; $result = $db->Execute($query, array($thisGroup->id, $userid)); $iquery = "INSERT INTO " . cms_db_prefix() . "user_groups (group_id, user_id, create_date, modified_date) VALUES (?,?,?,?)"; foreach ($_POST as $key => $value) { if (strpos($key, "ug") == 0 && strpos($key, "ug") !== false) { $keyparts = explode('_', $key); if ($keyparts[2] == $thisGroup->id && $value == '1') { $result = $db->Execute($iquery, array($thisGroup->id, $keyparts[1], $db->DBTimeStamp(time()), $db->DBTimeStamp(time()))); } } } Events::SendEvent('Core', 'ChangeGroupAssignPost', array('group' => $thisGroup, 'users' => $userops->LoadUsersInGroup($thisGroup->id))); audit($group_id, 'Group ID', lang('assignmentchanged')); } audit($userid, 'Group ID', lang('assignmentchanged')); $message = lang('assignmentchanged'); } $query = "SELECT u.user_id, u.username, ug.group_id FROM " . cms_db_prefix() . "users u LEFT JOIN " . cms_db_prefix() . "user_groups ug ON u.user_id = ug.user_id ORDER BY u.username"; $result = $db->Execute($query); $user_struct = array(); while ($result && ($row = $result->FetchRow())) { if (isset($user_struct[$row['user_id']])) { $str =& $user_struct[$row['user_id']]; $str->group[$row['group_id']] = 1; } else { $thisUser = new stdClass(); $thisUser->group = array(); if (!empty($row['group_id'])) { $thisUser->group[$row['group_id']] = 1; }
foreach ($_POST as $key => $value) { if (strpos($key, "pg") == 0 && strpos($key, "pg") !== false) { $keyparts = explode('_', $key); $keyparts[1] = (int) $keyparts[1]; if ($keyparts[1] > 0 && $keyparts[2] != '1' && $value == '1') { $new_id = $db->GenID(cms_db_prefix() . "group_perms_seq"); $result = $db->Execute($iquery, array($new_id, $keyparts[2], $keyparts[1])); if (!$result) { echo "FATAL: " . $db->ErrorMsg() . '<br/>' . $db->sql; exit; } } } } // put mention into the admin log audit($userid, 'Permission Group ID: ' . $userid, 'Changed'); $message = lang('permissionschanged'); $gCms->clear_cached_files(); } $query = "SELECT p.permission_id, p.permission_text, up.group_id FROM " . cms_db_prefix() . "permissions p LEFT JOIN " . cms_db_prefix() . "group_perms up ON p.permission_id = up.permission_id ORDER BY p.permission_text"; $result = $db->Execute($query); $perm_struct = array(); while ($result && ($row = $result->FetchRow())) { if (isset($perm_struct[$row['permission_id']])) { $str =& $perm_struct[$row['permission_id']]; $str->group[$row['group_id']] = 1; } else { $thisPerm = new stdClass(); $thisPerm->group = array(); if (!empty($row['group_id'])) { $thisPerm->group[$row['group_id']] = 1;
# but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Or read it online: http://www.gnu.org/licenses/licenses.html#GPL # #------------------------------------------------------------------------- #END_LICENSE if (!isset($gCms)) { return; } $outp = cgsi_utils::process_image($params); $silent = $this->GetPreference('silent', 0); if (isset($params['silent'])) { $silent = (int) $params['silent']; } if (isset($outp['error']) && $outp['error'] != '') { if (!$silent) { trigger_error($outp['error']); } audit('', $this->GetName(), $outp['error']); return; } if (isset($outp['output'])) { echo $outp['output']; } # # EOF #
$classname = ""; if (is_object($contentobj)) { $classname = get_class($contentobj); } if ($submit || $apply) { #Fill contentobj with parameters // $contentobj->SetProperties(); // calguy should not be necessary $contentobj->FillParams($_POST); $error = $contentobj->ValidateData(); if ($error === FALSE) { $contentobj->SetLastModifiedBy(get_userid()); $contentobj->Save(); global $gCms; $contentops =& $gCms->GetContentOperations(); $contentops->SetAllHierarchyPositions(); audit($contentobj->Id(), $contentobj->Name(), 'Edited Content'); if ($submit) { redirect("listcontent.php" . $urlext . "&page=" . $pagelist_id . '&message=contentupdated'); } } if ($ajax) { header('Content-Type: text/xml'); print '<?xml version="1.0" encoding="UTF-8"?>'; print '<EditContent>'; if ($error !== false) { print '<Response>Error</Response>'; print '<Details><![CDATA['; if (!is_array($error)) { $error = array($error); } print '<li>' . join('</li><li>', $error) . '</li>';
die('<br/>Destination module not set'); } $module =& $this->GetModuleInstance($params['destmodule']); if (!is_object($module)) { stack_trace(); die('<br/>Could not find destination module'); } if (isset($params['resettodefault']) && isset($params['prefname']) && isset($params['filename'])) { $fn = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . $module->GetName() . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR . $params['filename']; if (file_exists($fn)) { $template = @file_get_contents($fn); $module->SetTemplate($params['prefname'], $template); $module->RemovePreference($params['prefname']); // clear old cruft. audit('', $module->GetName(), 'Reset the default template for ' . $params['prefname']); } } else { if (isset($params['submit']) && isset($params['prefname'])) { $module->SetTemplate($params['prefname'], $params['input_template']); $module->RemovePreference($params['prefname']); // clear old cruft. audit('', $module->GetName(), 'Template ' . $params['prefname'] . ' was edited'); } } $module->SetCurrentTab($this->_current_tab); $the_action = 'defaultadmin'; if (isset($params['destaction'])) { $the_action = trim($params['destaction']); } $module->RedirectToTab($id, '', '', $the_action); // EOF
</div> <?php } else { redirect('listtemplates.php' . $urlext); } } else { if ($action == 'dodelete') { $userid = get_userid(); $access = check_permission($userid, 'Remove Templates'); if ($access) { foreach ($nodelist as $node) { $id = $node->id; $title = $node->name; $node->Delete(); // put mention into the admin log audit($id, 'HTML-template: ' . $title, 'Deleted'); } } redirect("listtemplates.php" . $urlext); } else { if ($action == 'inactive') { $userid = get_userid(); $permission = check_permission($userid, 'Modify Templates'); foreach ($nodelist as $node) { if ($permission) { if ($node->active) { $node->active = false; $node->Save(); } } }
function display_hierarchy(&$root, &$userid, $modifyall, &$users, &$menupos, &$openedArray, &$pagelist, &$image_true, &$image_set_false, &$image_set_true, &$upImg, &$downImg, &$viewImg, &$editImg, &$copyImg, &$deleteImg, &$expandImg, &$contractImg, &$mypages, &$page, $columnstodisplay, $author_allpages) { global $thisurl; global $urlext; global $currow; global $config; global $page; global $indent; if (empty($currow)) { $currow = 'row1'; } $children = $root->getChildren(false, true); $one = $root->getContent(); $thelist = ''; if (!(isset($one) && $one != NULL)) { audit($root->get_tag('id'), 'Core', 'failed to get content for valid content id ' . $root->get_tag('id')); return; } if (!array_key_exists($one->Owner(), $users)) { $userops = cmsms()->GetUserOperations(); $users[$one->Owner()] = $userops->LoadUserById($one->Owner()); } $display = 'none'; if (check_modify_all($userid) || check_ownership($userid, $one->Id()) || quick_check_authorship($one->Id(), $mypages)) { $display = 'edit'; } else { if (check_children($root, $mypages, $userid)) { $display = 'view'; } else { if (check_permission($userid, 'Manage All Content')) { $display = 'structure'; } } } $columns = array(); if ($display != 'none') { $thelist .= "<tr id=\"tr_" . $one->Id() . "\" class=\"{$currow}\">\n"; /* expand/collapse column */ $columns['expand'] = ' '; if ($columnstodisplay['expand']) { $txt = ''; if ($root->hasChildren()) { if (!in_array($one->Id(), $openedArray)) { $txt .= "<a class=\"expand\" href=\"{$thisurl}&content_id=" . $one->Id() . "&col=0&page=" . $page . "\" onclick=\"xajax_content_toggleexpand(" . $one->Id() . ", 'false'); return false;\">"; $txt .= $expandImg; $txt .= "</a>"; } else { $txt .= "<a class=\"contract\" href=\"{$thisurl}&content_id=" . $one->Id() . "&col=1&page=" . $page . "\" onclick=\"xajax_content_toggleexpand(" . $one->Id() . ", 'true'); return false;\">"; $txt .= $contractImg; $txt .= "</a>"; } } if (!empty($txt)) { $columns['expand'] = $txt; } } /* hierarchy column */ if ($columnstodisplay['hier']) { $columns['hier'] = $one->Hierarchy(); } /* page column */ if ($columnstodisplay['page']) { $columns['page'] = ' '; $txt = ''; if ($one->MenuText() != CMS_CONTENT_HIDDEN_NAME) { if ($indent) { for ($i = 0; $i < $root->getLevel(); $i++) { $txt .= "- "; } } $str = $one->MenuText(); if (get_site_preference('listcontent_showtitle', 0)) { $str = $one->Name(); } if ($display == 'edit') { $txt .= '<a class="tooltip" href="editcontent.php' . $urlext . '&content_id=' . $one->Id() . '&page=' . $page . '" title="' . cms_htmlentities($one->Name() . ' (' . $one->Alias() . ')', '', '', true) . '" onmouseover="document.getElementById(\'' . $one->Id() . '_info\').style.display = \'inline-block\';" onmouseout="document.getElementById(\'' . $one->Id() . '_info\').style.display = \'none\';"> ' . cms_htmlentities($str, '', '', true) . '<span id="' . $one->Id() . '_info"><strong>' . lang('content_id') . ':</strong> ' . $one->Id() . '<br /> <strong>' . lang('title') . ':</strong> ' . cms_htmlentities($one->Name()) . '<br /> <strong>' . lang('pagealias') . ':</strong> ' . $one->Alias() . '</span></a>'; } else { $txt .= cms_htmlentities($str, '', '', true); } } if (!empty($txt)) { $columns['page'] = $txt; } } /* alias column */ if ($columnstodisplay['alias']) { $columns['alias'] = ' '; $txt = ''; if ($one->HasUsableLink() && $one->Alias() != '') { $txt = $one->Alias(); } if (!empty($txt)) { $columns['alias'] = $txt; } } /* url column */ if ($columnstodisplay['url']) { $columns['url'] = ' '; $txt = ''; if ($one->HasUsableLink() && $one->URL() != '') { $url = $one->URL(); if (strlen($url) > 30) { $url = '...' . substr($url, strlen($url) - 27); } $txt = $url; } if (!empty($txt)) { if (!prettyurls_ok()) { $txt = '<span style="color: red;" title="' . lang('prettyurls_noeffect') . '">' . $txt . '<span>'; } } if (!empty($txt)) { $columns['url'] = $txt; } } /* template column */ if ($columnstodisplay['template']) { $columns['template'] = ' '; $txt = ''; if ($one->Type() != 'pagelink' && $one->Type() != 'link' && $one->Type() != 'sectionheader' && $one->Type() != 'separator') { $template = TemplateOperations::get_instance()->LoadTemplateById($one->TemplateId()); if ($template && check_permission($userid, 'Modify Template')) { $txt .= "<a title=\"" . lang('edittemplate') . "\" href=\"edittemplate.php" . $urlext . "&template_id=" . $one->TemplateId() . "&from=content\">" . cms_htmlentities($template->name, '', '', true) . "</a>"; } else { if ($template) { $txt .= $template->name; } } } if (!empty($txt)) { $columns['template'] = $txt; } } /* friendly name column */ if ($columnstodisplay['friendlyname']) { $columns['friendlyname'] = $one->FriendlyName(); } /* owner column */ if ($columnstodisplay['owner']) { $columns['owner'] = ' '; if ($one->Owner() > -1) { $columns['owner'] = $users[$one->Owner()]->username; } } /* active column */ if ($columnstodisplay['active']) { $columns['active'] = ' '; $txt = ''; if (check_permission($userid, 'Manage All Content') && $one->Type() != 'errorpage') { if ($one->Active()) { $txt = $one->DefaultContent() ? $image_true : "<a href=\"{$thisurl}&setinactive=" . $one->Id() . "\" onclick=\"xajax_content_setinactive(" . $one->Id() . ");return false;\">" . $image_set_false . "</a>"; } else { $txt = "<a href=\"{$thisurl}&setactive=" . $one->Id() . "\" onclick=\"xajax_content_setactive(" . $one->Id() . ");return false;\">" . $image_set_true . "</a>"; } } if (!empty($txt)) { $columns['active'] = $txt; } } /* default content */ if ($columnstodisplay['default']) { $columns['default'] = ' '; $txt = ''; if (check_permission($userid, 'Manage All Content')) { if ($one->IsDefaultPossible()) { $txt = $one->DefaultContent() ? $image_true : "<a href=\"{$thisurl}&makedefault=" . $one->Id() . "\" onclick=\"if(confirm('" . cms_html_entity_decode_utf8(lang("confirmdefault", $one->Name()), true) . "')) xajax_content_setdefault(" . $one->Id() . ");return false;\">" . $image_set_true . "</a>"; } } if (!empty($txt)) { $columns['default'] = $txt; } } /* move column */ if ($columnstodisplay['move']) { // code for move up is simple $columns['move'] = ' '; $txt = ''; if (check_permission($userid, 'Manage All Content') || $author_allpages) { $sameLevel = $root->getSiblingCount(); if ($sameLevel > 1) { if ($one->ItemOrder() - 1 <= 0) { $txt .= "<a onclick=\"xajax_content_move(" . $one->Id() . ", " . $one->ParentId() . ", 'down'); return false;\" href=\"{$thisurl}&direction=down&content_id=" . $one->Id() . "&parent_id=" . $one->ParentId() . "&page=" . $page . "\">"; $txt .= $downImg; $txt .= "</a> "; } else { if ($one->ItemOrder() - 1 == $sameLevel - 1) { $txt .= " <a class=\"move_up\" onclick=\"xajax_content_move(" . $one->Id() . ", " . $one->ParentId() . ", 'up'); return false;\" href=\"{$thisurl}&direction=up&content_id=" . $one->Id() . "&parent_id=" . $one->ParentId() . "&page=" . $page . "\">"; $txt .= $upImg; $txt .= "</a>"; } else { $txt .= "<a onclick=\"xajax_content_move(" . $one->Id() . ", " . $one->ParentId() . ", 'down'); return false;\" href=\"{$thisurl}&direction=down&content_id=" . $one->Id() . "&parent_id=" . $one->ParentId() . "&page=" . $page . "\">"; $txt .= $downImg; $txt .= "</a> <a onclick=\"xajax_content_move(" . $one->Id() . ", " . $one->ParentId() . ", 'up'); return false;\" href=\"{$thisurl}&direction=up&content_id=" . $one->Id() . "&parent_id=" . $one->ParentId() . "&page=" . $page . "\">"; $txt .= $upImg; $txt .= "</a>"; } } } // $txt .= '<input clsss="hidden" type="text" name="order-'. $one->Id().'" value="'.$one->ItemOrder().'" class="order" />'; } if (!empty($txt)) { $columns['move'] = $txt; } // end of move code } /* view column */ if ($columnstodisplay['view']) { $columns['view'] = ' '; $txt = ''; $url = $one->GetURL(); if ($url != '' && $url != '#' && $one->IsViewable() && $one->Active()) { $txt .= "<a href=\"" . $url . "\" rel=\"external\" target=\"_blank\">"; $txt .= $viewImg . "</a>"; } if (!empty($txt)) { $columns['view'] = $txt; } } /* copy column */ if ($columnstodisplay['copy']) { $columns['copy'] = ' '; $txt = ''; if ($one->IsCopyable() && (check_permission($userid, 'Add Pages') && (check_ownership($userid, $one->Id()) || quick_check_authorship($one->Id(), $mypages)) || check_permission($userid, 'Manage All Content'))) { $txt .= '<a href="copycontent.php' . $urlext . '&content_id=' . $one->Id() . '">'; $txt .= $copyImg . "</a>"; } if (!empty($txt)) { $columns['copy'] = $txt; } } /* edit column */ if ($columnstodisplay['edit']) { $columns['edit'] = ' '; $txt = ''; if (check_modify_all($userid) || check_ownership($userid, $one->Id()) || quick_check_authorship($one->Id(), $mypages) || check_permission($userid, 'Manage All Content')) { // edit link $txt .= "<a href=\"editcontent.php" . $urlext . "&content_id=" . $one->Id() . "\">"; $txt .= $editImg; $txt .= "</a>"; } if (!empty($txt)) { $columns['edit'] = $txt; } } /* delete column */ if ($columnstodisplay['delete']) { $columns['delete'] = ' '; $txt = ''; if ($one->DefaultContent() != true) { if ($root->getChildrenCount() == 0 && (check_permission($userid, 'Remove Pages') && (check_ownership($userid, $one->Id()) || quick_check_authorship($one->Id(), $mypages)) || check_permission($userid, 'Manage All Content'))) { //$txt .= "<a href=\"{$thisurl}&deletecontent=".$one->Id()."\" onclick=\"confirm('".cms_html_entity_decode_utf8(lang('deleteconfirm', $one->mName), true)."');\">"; $txt .= "<a href=\"{$thisurl}&deletecontent=" . $one->Id() . "\" onclick=\"if (confirm('" . cms_html_entity_decode_utf8(lang('deleteconfirm', $one->Name()), true) . "')) xajax_content_delete(" . $one->Id() . "); return false;\">"; $txt .= $deleteImg; $txt .= "</a>"; } } if (!empty($txt)) { $columns['delete'] = $txt; } } if ($columnstodisplay['multiselect']) { /* multiselect */ $columns['multiselect'] = ' '; $txt = ''; $remove = check_permission($userid, 'Remove Pages') ? 1 : 0; $structure = check_permission($userid, 'Manage All Content') ? 1 : 0; $editperms = check_permission($userid, 'Modify Any Page') || quick_check_authorship($one->Id(), $mypages) || check_ownership($userid, $one->Id()) ? 1 : 0; if (($structure == 1 || $remove == 1 && $editperms == 1) && $one->Type() != 'errorpage') { $txt .= '<label class="invisible" for="multicontent-' . $one->Id() . '">' . lang('toggle') . '</label><input type="checkbox" id="multicontent-' . $one->Id() . '" name="multicontent-' . $one->Id() . '" title="' . lang('toggle') . '"/>'; } if (!empty($txt)) { $columns['multiselect'] = $txt; } } /* done */ foreach ($columns as $name => $value) { if (!$columnstodisplay[$name]) { continue; } switch ($name) { case 'edit': case 'default': case 'view': case 'copy': case 'delete': case 'active': $thelist .= '<td class="pagepos">' . $value . "</td>\n"; break; case 'move': $thelist .= '<td class="move">' . $value . "</td>\n"; break; case 'multiselect': $thelist .= '<td class="checkbox">' . $value . "</td>\n"; break; default: $thelist .= '<td>' . $value . "</td>\n"; break; } } $thelist .= "</tr>\n"; $currow == "row1" ? $currow = "row2" : ($currow = "row1"); } $pagelist[] = $thelist; $indent = get_preference($userid, 'indent', true); if (in_array($one->Id(), $openedArray) && is_array($children) && count($children)) { // count through all the children and see if we can display the move column. $author_allpages = check_permission($userid, 'Reorder Content') && check_peer_authorship($userid, $children[0]->getId()); foreach ($children as $child) { display_hierarchy($child, $userid, $modifyall, $users, $menupos, $openedArray, $pagelist, $image_true, $image_set_false, $image_set_true, $upImg, $downImg, $viewImg, $editImg, $copyImg, $deleteImg, $expandImg, $contractImg, $mypages, $page, $columnstodisplay, $author_allpages); } } }
?> " class="pagebutton" onmouseover="this.className='pagebuttonhover'" onmouseout="this.className='pagebutton'" /> </p> </div> </form> </div> </div> <?php } else { redirect('listcss.php' . $urlext); } } else { if ($action == 'dodelete') { $userid = get_userid(); $access = check_permission($userid, 'Remove Stylesheets'); if ($access) { foreach ($nodelist as $node) { $id = $node->id; $title = $node->name; $node->Delete(); audit($id, $title, 'Deleted Stylesheet'); } } redirect("listcss.php" . $urlext); } else { redirect("listcss.php" . $urlext); } } } include_once "footer.php"; # vim:ts=4 sw=4 noet
// Display a warning sitedownwarning $sitedown_message = lang('sitedownwarning', TMP_CACHE_LOCATION . '/SITEDOWN'); $sitedown_file = TMP_CACHE_LOCATION . '/SITEDOWN'; if (file_exists($sitedown_file)) { $themeObject->AddNotification(1, 'Core', $sitedown_message); } $timelastchecked = get_site_preference('lastcmsversioncheck', 0); if (get_site_preference('checkversion', 1) && time() - $timelastchecked > 24 * 60 * 60 || isset($_GET['forceversioncheck'])) { $req = new cms_http_request(); $req->setTimeout(10); $req->execute(CMS_DEFAULT_VERSIONCHECK_URL); if ($req->getStatus() == 200) { $remote_ver = trim($req->getResult()); if (strpos($remote_ver, ':') !== FALSE) { list($tmp, $remote_ver) = explode(':', $remote_ver, 2); $remote_ver = trim($remote_ver); } if (version_compare(CMS_VERSION, $remote_ver) < 0) { set_site_preference('cms_is_uptodate', 0); $themeObject->AddNotification(1, 'Core', lang('new_version_available')); audit('', 'Core', 'CMSMS version ' . $remote_ver . ' is available'); } else { set_site_preference('cms_is_uptodate', 1); audit('', 'Core', 'Tested for newer CMSMS Version. None Available.'); } } set_site_preference('lastcmsversioncheck', mktime(23, 59, 55)); } } $themeObject->do_header(); }
} $query = 'SELECT count(*) as thecount FROM ' . cms_db_prefix() . 'content WHERE parent_id = ' . $db->qstr($parentid); $result =& $db->Execute($query); while ($result && !$result->EOF) { $childcount = $result->fields['thecount']; $result->MoveNext(); } $node->Delete(); #See if this is the last child... if so, remove #the expand for it if ($childcount == 1 && $parentid > -1) { toggleexpand($parentid, true); } #Do the same with this page as well toggleexpand($id, true); audit($id, $title, 'Deleted Content'); } ContentManager::SetAllHierarchyPositions(); $bulk = true; } //include_once("footer.php"); if (!$bulk) { redirect("listcontent.php" . $urlext . '&message=no_bulk_performed'); } redirect("listcontent.php" . $urlext . '&message=bulk_success'); } else { if ($action == 'inactive') { $userid = get_userid(); $modifyall = check_permission($userid, 'Modify Any Page'); foreach ($nodelist as $node) { $permission = $modifyall || check_ownership($userid, $node->Id()) || check_authorship($userid, $node->Id()) || check_persmission($userid, 'Manage All Content');
} else { $userops = $gCms->GetUserOperations(); $thisuser =& $userops->LoadUserByID($_GET["toggleactive"]); if ($thisuser) { //modify users, is this enough? $userid = get_userid(); $permission = check_permission($userid, 'Modify Users'); $result = false; if ($permission) { $thisuser->active == 1 ? $thisuser->active = 0 : ($thisuser->active = 1); Events::SendEvent('Core', 'EditUserPre', array('user' => $thisuser)); $result = $thisuser->save(); } if ($result) { // put mention into the admin log audit($userid, 'Admin Username: '******'Edited'); Events::SendEvent('Core', 'EditUserPost', array('user' => $thisuser)); } else { $error .= "<li>" . lang('errorupdatinguser') . "</li>"; } } } } if (FALSE == empty($error)) { echo $themeObject->ShowErrors('<ul class="error">' . $error . '</ul>'); } ?> <div class="pagecontainer"> <div class="pageoverflow">
/** * Error console * * @param object Exception $e * @return html * @author Stikki */ public function errorConsole(Exception $e) { $config = cmsms()->GetConfig(); $odir = $this->template_dir; $this->force_compile = true; $this->debugging = true; $this->template_dir = cms_join_path($config['root_path'], 'lib', 'smarty'); $this->assign('e_line', $e->getLine()); $this->assign('e_file', $e->getFile()); $this->assign('e_message', $e->getMessage()); $this->assign('e_trace', htmlentities($e->getTraceAsString())); // put mention into the admin log audit('', 'Error: ' . substr($e->getMessage(), 0, 50), 'has occured'); $output = $this->fetch('error-console.tpl'); $this->force_compile = false; $this->debugging = false; $this->template_dir = $odir; return $output; }
require_once __DIR__ . "/includes/root.php"; must_allow("modify users"); $user = User::find($_GET["id"]); if ($user == NULL) { $renderer->flash_alert("Can't find a user by the given id!"); header("Location: user-list.php"); exit; } $curruser = get_user(); if ($curruser->id == $user->id) { $renderer->flash_alert("You cannot delete yourself!"); header("Location: user-list.php"); exit; } foreach ($user->roles as $role) { if (!can_give_role($curruser, $role)) { $renderer->flash_alert("You cannot delete users with the '{$role}' role"); header("Location: user-list.php"); exit; } } if ($user->id == 1) { $renderer->flash_alert("You cannot delete user 1"); header("Location: user-list.php"); exit; } $user->delete(); audit("delete user", $user->login); $renderer->flash_success("Deleted {$user->login}"); header("Location: user-list.php");
$result = $onestylesheet->Save(); // Update the css hash // deprecated: this was used by the stylesheet.php function which we no longer distribute // as of CMSMS 1.10. $config = $gCms->GetConfig(); $hashfile = cms_join_path($config['root_path'], 'tmp', 'cache', 'csshash.dat'); $md5sum = md5($css_text); $csshash = csscache_csvfile_to_hash($hashfile); $csshash[$css_id] = $md5sum; csscache_hash_to_csvfile($hashfile, $csshash); if ($result) { #Start using new name, just in case this is an apply $orig_css_name = $css_name; Events::SendEvent('Core', 'EditStylesheetPost', array('stylesheet' => &$onestylesheet)); // put mention into the admin log audit($css_id, 'Stylesheet: ' . $css_name, 'Changed'); # we now have to check which templates are associated with this CSS and update their modified date. $cssquery = "SELECT assoc_to_id FROM " . cms_db_prefix() . "css_assoc\n\t\t\t\t\tWHERE\tassoc_type\t\t= 'template'\n\t\t\t\t\tAND\t\tassoc_css_id\t= ?"; $cssresult = $db->Execute($cssquery, array($css_id)); # now updating templates while ($cssresult && ($line = $cssresult->FetchRow())) { $query = "UPDATE " . cms_db_prefix() . "templates SET modified_date = " . $db->DBTimeStamp(time()) . " \n\t\t\t\t\t\tWHERE template_id = '" . $line["assoc_to_id"] . "'"; $result = $db->Execute($query); if (FALSE == $result) { $error .= "<li>" . lang('errorupdatingtemplate') . "</li>"; } } if (!isset($_POST["apply"])) { if ($from == 'templatecssassoc') { redirect("listcssassoc.php" . $urlext . "&type=template&id=" . $templateid); } else {