remove_magic_quotes_gpc($birthday); remove_magic_quotes_gpc($firm); remove_magic_quotes_gpc($position); remove_magic_quotes_gpc($firm_street); remove_magic_quotes_gpc($firm_street_alt); remove_magic_quotes_gpc($firm_zip); remove_magic_quotes_gpc($firm_location); remove_magic_quotes_gpc($firm_state); remove_magic_quotes_gpc($firm_country); remove_magic_quotes_gpc($firm_email); remove_magic_quotes_gpc($firm_phone); remove_magic_quotes_gpc($firm_fax); remove_magic_quotes_gpc($firm_mobile); remove_magic_quotes_gpc($firm_pager); remove_magic_quotes_gpc($firm_homepage); remove_magic_quotes_gpc($comment); $tmp['FORM_OLDUSERNAME'] = htmlspecialchars($oldusername, ENT_COMPAT, 'UTF-8'); $tmp['FORM_USERNAME'] = htmlspecialchars($username, ENT_COMPAT, 'UTF-8'); $tmp['FORM_PASSWORD'] = htmlspecialchars($password, ENT_COMPAT, 'UTF-8'); $tmp['FORM_PASSWORDVALIDATE'] = htmlspecialchars($password_validate, ENT_COMPAT, 'UTF-8'); $tmp['FORM_NAME'] = htmlspecialchars($name, ENT_COMPAT, 'UTF-8'); $tmp['FORM_SURNAME'] = htmlspecialchars($surname, ENT_COMPAT, 'UTF-8'); $tmp['FORM_EMAIL'] = htmlspecialchars($email, ENT_COMPAT, 'UTF-8'); $tmp['FORM_DELETABLE'] = $deletable; $tmp['FORM_SALUTATION'] = htmlspecialchars($salutation, ENT_COMPAT, 'UTF-8'); $tmp['FORM_TITLE'] = htmlspecialchars($title, ENT_COMPAT, 'UTF-8'); $tmp['FORM_STREET'] = htmlspecialchars($street, ENT_COMPAT, 'UTF-8'); $tmp['FORM_STREET_ALT'] = htmlspecialchars($street_alt, ENT_COMPAT, 'UTF-8'); $tmp['FORM_ZIP'] = htmlspecialchars($zip, ENT_COMPAT, 'UTF-8'); $tmp['FORM_LOCATION'] = htmlspecialchars($location, ENT_COMPAT, 'UTF-8'); $tmp['FORM_STATE'] = htmlspecialchars($state, ENT_COMPAT, 'UTF-8');
$tmp['CELLSPACING'] = $cellspacing;
$tmp['BORDER'] = $border;
$tmp['LANG_NAME'] = $cms_lang['group_name'];
$tmp['LANG_DESCRIPTION'] = $cms_lang['group_description'];
// Formulareinstellungen
$tmp['FORM_URL'] = $sess->url('main.php');
if (!isset($name) && !empty($idgroup)) {
$sql = "SELECT name, description FROM " . $cms_db['groups'] . " WHERE idgroup='{$idgroup}' LIMIT 0, 1";
$db->query($sql);
$db->next_record();
$tmp['FORM_NAME'] = htmlspecialchars($db->f('name'), ENT_COMPAT, 'UTF-8');
$tmp['FORM_OLDNAME'] = htmlspecialchars($db->f('name'), ENT_COMPAT, 'UTF-8');
$tmp['FORM_DESCRIPTION'] = htmlspecialchars($db->f('description'), ENT_COMPAT, 'UTF-8');
} else {
remove_magic_quotes_gpc($name);
remove_magic_quotes_gpc($description);
$tmp['FORM_NAME'] = htmlspecialchars($name, ENT_COMPAT, 'UTF-8');
$tmp['FORM_DESCRIPTION'] = htmlspecialchars($description, ENT_COMPAT, 'UTF-8');
$tmp['FORM_OLDNAME'] = htmlspecialchars($oldname, ENT_COMPAT, 'UTF-8');
}
if (!is_array($group)) {
$group['0'] = $idgroup;
}
$tmp['BUTTON_SUBMIT_VALUE'] = $cms_lang['gen_save'];
$tmp['BUTTON_SUBMIT_TEXT'] = $cms_lang['gen_save_titletext'];
$tmp['BUTTON_APPLY_VALUE'] = $cms_lang['gen_apply'];
$tmp['BUTTON_APPLY_TEXT'] = $cms_lang['gen_apply_titletext'];
$tmp['BUTTON_CANCEL_URL'] = $sess->url("main.php?area=group&order={$order}&ascdesc={$ascdesc}");
$tmp['BUTTON_CANCEL_VALUE'] = $cms_lang['gen_cancel'];
$tmp['BUTTON_CANCEL_TEXT'] = $cms_lang['gen_cancel_titletext'];
$tmp['IDGROUP'] = $idgroup;
function plug_save($idplug, $name, $description, $plugversion, $plugcat, $idclient, $repid = '', $sql_install = '', $sql_uninstall = '', $sql_update = '', $root_name = 'hold_old_data', $index_file = 'hold_old_data')
{
global $db, $auth, $cms_db, $cfg_cms, $cms_lang, $cfg_client, $rep, $perm;
//ATTENTION!!! make idplug global / necessary for apply header
global $idplug;
// Eintrag in 'plug' Tabelle
if ($name == '') {
$name = $cms_lang['plug_defaultname'];
}
set_magic_quotes_gpc($name);
set_magic_quotes_gpc($description);
set_magic_quotes_gpc($plugversion);
set_magic_quotes_gpc($plugcat);
set_magic_quotes_gpc($root_name);
set_magic_quotes_gpc($index_file);
remove_magic_quotes_gpc($sql_install);
remove_magic_quotes_gpc($sql_uninstall);
remove_magic_quotes_gpc($sql_update);
$root_name = str_replace('plugins/', '', $root_name);
if ($root_name == 'name_des_verzeichnisses') {
$root_name = strtolower($name);
}
$repositoryid = $repid == '' ? $rep->gen_new_plug($name) : $repid;
if (!$idplug) {
// plugin existiert noch nicht
// todo:formcheck name, version usw.
$root_name = $root_name == 'hold_old_data' ? '' : $root_name;
$index_file = $index_file == 'hold_old_data' ? '' : $index_file;
$sql = "INSERT INTO\n\t\t\t " . $cms_db['plug'] . "\n\t\t\t (name, description, version, cat, author, created, lastmodified, repository_id, root_name, index_file,\n\t\t\t idclient)\n\t\t\t VALUES\n\t\t\t ('{$name}', '{$description}', '{$plugversion}', '{$plugcat}', '" . $auth->auth['uid'] . "', '" . time() . "', '\n\t\t\t " . time() . "', '{$repositoryid}', '{$root_name}', '{$index_file}', '{$idclient}')";
$db->query($sql);
$idplug = $last_id = $db->insert_id();
if ($rep->_plug_init($idplug)) {
$return = '1612';
} else {
$return = true !== (plug_new($root_name, $index_file) && $rep->_plug_init($idplug)) ? '1613' : '1612';
}
// Event
fire_event('plug_new', array('idplug' => $idplug, 'name' => $name));
} else {
$rep->plug_execute($idplug, 'this', 'update', 'install', $rep->decode_sql($sql_install));
$rep->plug_execute($idplug, 'this', 'update', 'uninstall', $rep->decode_sql($sql_uninstall));
$rep->plug_execute($idplug, 'this', 'update', 'update', $rep->decode_sql($sql_update));
$root_name = $root_name == 'hold_old_data' ? 'root_name' : "'{$root_name}'";
$index_file = $index_file == 'hold_old_data' ? 'index_file' : "'{$index_file}'";
$sql = "UPDATE\n\t\t\t " . $cms_db['plug'] . "\n\t\t\t SET\n\t\t\t name='{$name}', description='{$description}', version = '{$plugversion}', cat = '{$plugcat}', author='\n\t\t\t " . $auth->auth['uid'] . "', lastmodified='" . time() . "', root_name={$root_name}, repository_id = '{$repositoryid}',\n\t\t\t index_file={$index_file} WHERE idplug={$idplug} OR source_id={$idplug}";
$db->query($sql);
//todo:checken in wie weit die rechte der installierten Plugins betroffen sind!
// Rechte setzen
if ($perm->have_perm('6', 'plug', $idplug)) {
global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben;
$perm->set_group_rights('plug', $idplug, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 0x38afd);
}
// Event
fire_event('plug_edit', array('idplug' => $idplug, 'name' => $name));
$return = '1612';
}
return $return;
}
function js_editfile()
{
global $fm, $idclient, $client, $idjsfile, $jsfilename, $jsfiledescription, $jsfilecontent, $js_directory, $js_filetype, $perm, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben;
if (!$perm->have_perm(2, 'area_js', '0') && !$perm->have_perm(3, 'js_file', $idjsfile) && !$perm->have_perm(3, 'area_js', '0')) {
return '1701';
}
$fileclient = empty($idclient) ? 0 : $client;
// check necessary values
if (empty($idjsfile) && empty($jsfilename) || !$fm->validate_filename($jsfilename)) {
return '1201';
}
// filename is missing
//take care for extentions
$pos = strpos($jsfilename, "." . $js_filetype);
if ($pos === false) {
$jsfilename .= "." . $js_filetype;
}
// check if the filename is already in use
// since there is no way to change a js-filename we have to check the duplicate only for new files
if (empty($idjsfile) && is_duplicate_filename($fileclient, $jsfilename, $js_directory, $idjsfile)) {
return '1202';
}
$status = 1;
// create a db-entry for a js-file
// uses cms_upl to store the information needed
if (!empty($idjsfile)) {
// js-file is existing, so update it
update_jscontent($idjsfile, $jsfilecontent, $status);
// update js-file record, if not in import area
if (!empty($fileclient)) {
$tmp_data = get_jscontent_data($idjsfile, 0);
$fm->update_file2((int) $tmp_data['idupl'], (int) $tmp_data['idclient'], $tmp_data['filename'], (int) $tmp_data['iddirectory'], (int) $tmp_data['idfiletype'], 5, $jsfiledescription, '');
if (!empty($fm->errno)) {
return '1218';
}
// update file data failed, if this happens we have a big problem ... :(
// perms to be set, check if user got the perms to change perms
if ($perm->have_perm('6', 'js_file', $idjsfile)) {
$perm->set_group_rights('js_file', $idjsfile, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 4294967295.0, '0');
}
}
} else {
// js-file is new, so create an entry in cms_upl
$idupl = $fm->insert_file((int) $fileclient, $jsfilename, $js_directory, $js_filetype, (int) 5, $jsfiledescription);
// insert js-file-content in cms_js
if (empty($idupl)) {
return '1203';
}
$idjsfile = insert_jscontent($idupl, $fileclient, $jsfilecontent, 1, '', 0);
if (!empty($idjsfile)) {
$perm->set_owner_rights('js_file', $idjsfile, 0x31b7);
// set ownerrights for current language and user
} else {
// insert js-file content failed, ensure db integrity and return errno
$fm->delete_file($idupl, $fileclient, false, 'path');
return '1203';
}
}
if (!empty($idclient)) {
remove_magic_quotes_gpc($jsfilecontent);
$fm->write_file_fs($js_directory, $jsfilename, $jsfilecontent, 'path');
}
return !empty($fm->errno) ? '1417' : '';
// write js-file failed, file could not be written else no errno
}
$db->next_record();
$name = $db->f('name');
$description = $db->f('description');
$rewrite_use_automatic = $db->f('rewrite_use_automatic');
$rewrite_alias = $db->f('rewrite_alias');
} else {
remove_magic_quotes_gpc($name);
remove_magic_quotes_gpc($description);
if (!$idcat && !$action) {
// new page
$rewrite_use_automatic = 1;
} else {
//on change
remove_magic_quotes_gpc($rewrite_use_automatic);
}
remove_magic_quotes_gpc($rewrite_alias);
}
// URL REWRITE
$have_rewrite_perm = is_numeric($idcat) ? $perm->have_perm(15, 'cat', $idcat) : $perm->have_perm(15, 'area_con', 0);
if ($cfg_client['url_rewrite'] == '2' && $have_rewrite_perm) {
$tpl->setCurrentBlock('URL_REWRITE');
$tpl_data['REWRITE_USE_AUTOMATIC_CHECKED'] = $rewrite_use_automatic == 1 ? 'checked="checked" ' : '';
$tpl_data['REWRITE_URL_DISABLED'] = $rewrite_use_automatic == 1 ? 'disabled="disabled" ' : '';
$tpl_data['LNG_REWRITE_PAGE-URL'] = $cms_lang['con_cat_page_url'];
$tpl_data['LNG_REWRITE_URL-OF-THIS-PAGE'] = $cms_lang['con_cat_urlofthiscat'];
$tpl_data['LNG_REWRITE_AUTO-URL'] = $cms_lang['con_cat_rwpath_autourl'];
$tpl_data['REWRITE_ALIAS'] = htmlentities($rewrite_alias, ENT_COMPAT, 'UTF-8');
$tpl_data['REWRITE_ERROR'] = $rewrite_error = $sf_is_rewrite_error ? '<p class="errormsg">' . $sf_rewrite_error_message . '</p>' : '';
$tpl_data['REWRITE_CURRENT_URL'] = $rewrite_alias == '' ? rewriteGetPath($idcat, $lang, true) . '<em>' . $cms_lang['con_cat_rwpath_thiscat'] . '</em>/' : rewriteGetPath($idcat, $lang, true);
$tpl_data['REWRITE_CURRENT_URL'] = 'http://<em>{domain.xyz}</em>/' . $tpl_data['REWRITE_CURRENT_URL'];
$tpl->setVariable($tpl_data);
$jsfileauthor = '';
$idjsfile = 0;
}
// Speziell für JS-Dateien wegen maskierten Zeichen notwendig
if (get_magic_quotes_gpc() != 0) {
$jsfilecontent = str_replace('\\', '\\\\', $jsfilecontent);
}
if (get_magic_quotes_gpc() == 0) {
$jsfilecontent = str_replace('\\', '\\\\', $jsfilecontent);
}
} else {
// Speziell für JS-Dateien wegen maskierten Zeichen notwendig
if (get_magic_quotes_gpc() == 0) {
$jsfilecontent = str_replace('\\', '\\\\', $jsfilecontent);
} else {
remove_magic_quotes_gpc($jsfilecontent);
}
}
/*
** start form
*/
$tmp['FORM_ACTION'] = $sess->url("main.php");
$tmp['IDJS'] = $idjsfile;
$tmp['IDCLIENT'] = $idclient;
$tmp['FOOTER_LICENSE'] = $cms_lang['login_licence'];
/*
** name of the js-file
*/
$tmp['EDIT_JSFILENAME'] = $cms_lang["js_filename"];
$tmp['EDIT_JSFILE'] = $jsfilename && $idjsfile != 0 ? $jsfilename . '<input type="hidden" name="jsfilename" value="' . $jsfilename . '">' : '<input class="w800" type="text" maxlength="255" id="jsfilename" name="jsfilename" size="120" value="' . $jsfilename . '">';
/*
$perm->check(3, 'area_mod', 0);
}
$modname2 = $modname;
$modverbose2 = $modverbose;
$description2 = $description;
$modversion2 = $modversion;
$modcat2 = $modcat;
$input2 = $input;
$output2 = $output;
remove_magic_quotes_gpc($modname2);
remove_magic_quotes_gpc($modverbose2);
remove_magic_quotes_gpc($description2);
remove_magic_quotes_gpc($modversion2);
remove_magic_quotes_gpc($modcat2);
remove_magic_quotes_gpc($input2);
remove_magic_quotes_gpc($output2);
if ((($errno = $rep->mod_test($input2, $idmod) || $rep->mod_test($output2, $idmod) ? '0423' : false) || ($errno = empty($input2) && empty($output2) ? '0424' : false)) && !$s_overide || '0412' != ($errno = mod_save($idmod, $modname, $modverbose, $description, $modversion, $modcat, $input, $output, $idclient, $repository_id, $install_sql, $uninstall_sql, $update_sql, $mod_rebuild_sql, $source, $mod_no_wedding, false, $mod_config_takeover))) {
if (empty($modname) || $modname == '') {
$modname = $cms_lang['mod_defaultname'];
}
if (empty($modversion) || $modversion == '') {
$modversion = '1.0';
}
$s_modul = array('name' => $modname2, 'verbose' => $modverbose2, 'description' => $description2, 'version' => $modversion2, 'cat' => $modcat2, 'input' => $input2, 'output' => $output2);
$sess->register('s_modul');
// merke:erst ein value kann gespeichert werden ;)
$sess->freeze();
header('Location:' . $sess->urlRaw("main.php?area=mod_edit&idmod=" . $idmod . "&idclient=" . $idclient . "&errno=" . $errno));
exit;
} else {
if (isset($_REQUEST['sf_apply'])) {
function extract_plugconfig($in)
{
$keyandvalues = preg_split("/&/", $in);
foreach ($keyandvalues as $kandv) {
$extracted_pairs = explode('=', $kandv);
$key = $extracted_pairs['0'];
$value = $extracted_pairs['1'];
$out[$key] = urldecode($value);
remove_magic_quotes_gpc($out[$key]);
}
return $out;
}
function quoteSaveText(&$code)
{
remove_magic_quotes_gpc($code);
$code = str_replace('"', '"', $code);
}
