function generate_content(&$title)
{
global $serendipity;
$title = $this->get_config('title', $title);
$login_url = $this->get_config('login_url');
$logout_url = $this->get_config('logout_url');
if ($login_url == "") {
$login_url = serendipity_currentURL();
}
if ($logout_url == "") {
$logout_url = serendipity_currentURL();
}
if (isset($serendipity['POST']['action']) && !isset($serendipity['POST']['logout']) && !serendipity_userLoggedIn()) {
echo '<div class="serendipity_center serendipity_msg_important">' . WRONG_USERNAME_OR_PASSWORD . '</div>';
} elseif (serendipity_userLoggedIn()) {
echo '<div class="serendipity_center">' . WELCOME_BACK . ' ' . $_SESSION['serendipityUser'] . '</div>';
echo '<form id="loginform" action="' . $logout_url . '" method="post">';
echo '<input type="hidden" name="serendipity[logout]" value="true" />';
echo '<input type="submit" name="serendipity[action]" value="' . LOGOUT . ' >" />';
$show_entry = false;
$show_media = false;
if (function_exists('serendipity_checkPermission')) {
if (serendipity_checkPermission('adminEntries')) {
$show_entry = true;
}
if (serendipity_checkPermission('adminImages') && serendipity_checkPermission('adminImagesAdd')) {
$show_media = true;
}
} elseif (!$serendipity['no_create']) {
$show_entry = true;
$show_media = true;
}
if ($show_entry) {
echo '<div class="loginform_link_entry"><a href="' . $serendipity['baseURL'] . 'serendipity_admin.php?serendipity[adminModule]=entries&serendipity[adminAction]=new">' . NEW_ENTRY . '</a></div>';
}
if ($show_media) {
echo '<div class="loginform_link_media"><a href="' . $serendipity['baseURL'] . 'serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect">' . ADD_MEDIA . '</a></div>';
}
echo '</form>';
return true;
}
// Logout is performed in bundled event plugin!
echo '<form id="loginform" action="' . $login_url . '" method="post">';
echo '<fieldset id="loginform_userdata" style="border: none;">';
echo '<label for="username">' . USERNAME . '</label>';
echo '<input id="username" type="text" name="serendipity[user]" value="" />';
echo '<label for="s9ypassw">' . PASSWORD . '</label>';
echo '<input id="s9ypassw" type="password" name="serendipity[pass]" value="" />';
echo '</fieldset>';
echo '<fieldset id="loginform_login" style="border: none;">';
echo '<input id="autologin" type="checkbox" name="serendipity[auto]" /><label for="autologin"> ' . AUTOMATIC_LOGIN . '</label>';
echo '<input type="submit" id="loginform_submit" name="serendipity[action]" value="' . LOGIN . ' >" />';
echo '</fieldset>';
echo '</form>';
if (class_exists('serendipity_event_forgotpassword')) {
echo '<div class="forgot_password"><a href="' . $serendipity['baseURL'] . '/serendipity_admin.php?forgotpassword=1">' . PLUGIN_EVENT_FORGOTPASSWORD_LOST_PASSWORD . '</a></div>';
}
return true;
}
function check()
{
global $serendipity;
if (function_exists('serendipity_checkPermission')) {
return serendipity_checkPermission('adminCategories');
} elseif ($serendipity['serendipityUserlevel'] < USERLEVEL_CHIEF) {
return false;
} else {
return true;
}
}
/**
* Approve a comment
*
* LONG
*
* @access public
* @param int The ID of the comment to approve
* @param int The ID of the entry a comment belongs to
* @param boolean Whether to force approving a comment despite of its current status
* @param boolean If set to true, a comment will be moderated instead of approved.
+ * @param string The 32 character token [if using token based moderation]
* @return boolean Success or failure
*/
function serendipity_approveComment($cid, $entry_id, $force = false, $moderate = false, $token = false)
{
global $serendipity;
$goodtoken = serendipity_checkCommentToken($token, $cid);
/* Get data about the comment, we need this query because this function can be called from anywhere */
/* This also makes sure we are either the author of the comment, or a USERLEVEL_ADMIN */
$sql = "SELECT c.*, e.title, a.email as authoremail, a.mail_comments, e.timestamp AS entry_timestamp, e.last_modified AS entry_last_modified\n FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n LEFT JOIN {$serendipity['dbPrefix']}authors a ON (e.authorid = a.authorid)\n WHERE c.id = '" . (int) $cid . "'\n " . (!serendipity_checkPermission('adminEntriesMaintainOthers') && $force !== true && !$goodtoken ? "AND e.authorid = '" . (int) $serendipity['authorid'] . "'" : '') . "\n " . ($force === true ? "" : "AND status = 'pending'");
$rs = serendipity_db_query($sql, true);
if ($moderate) {
$sql = "UPDATE {$serendipity['dbPrefix']}comments SET status = 'pending' WHERE id = " . (int) $cid;
} else {
$sql = "UPDATE {$serendipity['dbPrefix']}comments SET status = 'approved' WHERE id = " . (int) $cid;
}
serendipity_db_query($sql);
$field = $rs['type'] == 'NORMAL' ? 'comments' : 'trackbacks';
// Check when the entry was published. If it is older than max_last_modified allows, the last_modified date of that entry
// will not be pushed. With this we make sure that an RSS feed will not be updated on a client's reader and marked as new
// only because someone made an comment to an old entry.
if ($rs['entry_timestamp'] > time() - $serendipity['max_last_modified']) {
$lm = time();
} else {
$lm = (int) $rs['entry_last_modified'];
}
$counter_comments = serendipity_db_query("SELECT count(id) AS counter \n FROM {$serendipity['dbPrefix']}comments \n WHERE status = 'approved' \n AND type = 'NORMAL'\n AND entry_id = " . (int) $entry_id . "\n GROUP BY entry_id", true);
$counter_tb = serendipity_db_query("SELECT count(id) AS counter \n FROM {$serendipity['dbPrefix']}comments \n WHERE status = 'approved' \n AND (type = 'TRACKBACK' or type = 'PINGBACK')\n AND entry_id = " . (int) $entry_id . "\n GROUP BY entry_id", true);
$query = "UPDATE {$serendipity['dbPrefix']}entries \n SET comments = " . (int) $counter_comments['counter'] . ",\n trackbacks = " . (int) $counter_tb['counter'] . ", \n last_modified = " . $lm . " \n WHERE id = " . (int) $entry_id;
serendipity_db_query($query);
/* It's already approved, don't spam people */
if ($rs === false) {
return false;
}
if (!$moderate) {
if ($serendipity['allowSubscriptions'] === 'fulltext') {
serendipity_mailSubscribers($entry_id, $rs['author'], $rs['email'], $rs['title'], $rs['authoremail'], $cid, $rs['body']);
} elseif (serendipity_db_bool($serendipity['allowSubscriptions'])) {
serendipity_mailSubscribers($entry_id, $rs['author'], $rs['email'], $rs['title'], $rs['authoremail'], $cid);
}
serendipity_plugin_api::hook_event('backend_approvecomment', $rs);
}
return true;
}
/**
* Checks whether a user has access to write into a directory
*
* @access public
* @param string Directory to check
* @return boolean
*/
function serendipity_checkDirUpload($dir)
{
global $serendipity;
/*
if (serendipity_checkPermission('adminImagesMaintainOthers')) {
return true;
}
*/
$allowed = serendipity_ACLGet(0, 'directory', 'write', $dir);
$mygroups = serendipity_checkPermission(null, null, true);
// Usergroup "0" always means that access is granted. If no array exists, no ACL restrictions have been set and all is fine.
if (!is_array($allowed) || isset($allowed[0])) {
return true;
}
if (!is_array($mygroups)) {
return true;
}
foreach ($mygroups as $grpid => $grp) {
if (isset($allowed[$grpid])) {
return true;
break;
}
}
return false;
}
if ($serendipity['GET']['adminAction'] == 'save' && serendipity_checkFormToken()) {
$config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
if ((!serendipity_checkPermission('adminUsersEditUserlevel') || !serendipity_checkPermission('adminUsersMaintainOthers')) && (int) $_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
} elseif (empty($_POST['username'])) {
echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . USERCONF_CHECK_USERNAME_ERROR . '</div>';
} elseif (!empty($_POST['password']) && $_POST['check_password'] != $_SESSION['serendipityPassword'] && serendipity_passwordhash($_POST['check_password']) != $_SESSION['serendipityPassword']) {
echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . USERCONF_CHECK_PASSWORD_ERROR . '</div>';
} else {
$valid_groups = serendipity_getGroups($serendipity['authorid'], true);
foreach ($config as $category) {
foreach ($category['items'] as $item) {
if (in_array('groups', $item['flags'])) {
if (serendipity_checkPermission('adminUsersMaintainOthers')) {
// Void, no fixing neccessarry
} elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
if (!is_array($_POST[$item['var']])) {
continue;
}
// Check that no user may assign groups he's not allowed to.
foreach ($_POST[$item['var']] as $groupkey => $groupval) {
if (in_array($groupval, $valid_groups)) {
continue;
} elseif ($groupval == 2 && in_array(3, $valid_groups)) {
// Admin is allowed to assign users to chief editors
continue;
} elseif ($groupval == 1 && in_array(2, $valid_groups)) {
// Chief is allowed to assign users to editors
continue;
}
unset($_POST[$item['var']][$groupkey]);
/**
* Show the list of plugins
*
* Shows a HTML list of all installed plugins, complete with config/delete/sort order options
*
* @access public
* @param boolean Indicates if event plugins (TRUE) or sidebar plugins (FALSE) shall be shown
* @return null
*/
function show_plugins($event_only = false, $sidebars = null)
{
global $serendipity;
$sql_filter = '';
if (is_array($sidebars)) {
foreach ($sidebars as $sidebar) {
$up = strtoupper($sidebar);
if ($sidebar == 'hide') {
$opts[$sidebar] = HIDDEN;
} elseif (defined('SIDEBAR_' . $up)) {
$opts[$sidebar] = constant('SIDEBAR_' . $up);
} elseif (defined($up)) {
$opts[$sidebar] = constant($up);
} else {
$opts[$sidebar] = $up;
}
$sql_filter .= "AND placement != '" . serendipity_db_escape_string($sidebar) . "' ";
}
}
if (!$event_only) {
$sql = "SELECT * from {$serendipity['dbPrefix']}plugins\n WHERE placement != 'event'\n AND placement != 'eventh'\n " . $sql_filter;
$invisible_plugins = serendipity_db_query($sql);
if (is_array($invisible_plugins)) {
$sidebars[] = 'NONE';
$opts['NONE'] = NONE;
}
}
$opts['event'] = PLUGIN_ACTIVE;
$opts['eventh'] = PLUGIN_INACTIVE;
$data['event_only'] = $event_only;
if (!$event_only) {
$data['is_first'] = true;
}
$data['serendipity_setFormToken'] = serendipity_setFormToken();
$data['serendipity_setFormTokenUrl'] = serendipity_setFormToken('url');
/* Block display the plugins per placement location. */
if ($event_only) {
$plugin_placements = array('event', 'eventh');
} else {
$plugin_placements = $sidebars;
}
$data['plugin_placements'] = $plugin_placements;
static $users = array();
if (empty($users)) {
$users = serendipity_fetchUsers('', 'hidden');
}
$data['users'] = $users;
$i = 0;
foreach ($plugin_placements as $plugin_placement) {
if (!$event_only && $plugin_placement == 'NONE') {
$is_invisible = true;
} else {
$is_invisible = false;
}
$data['placement'][$plugin_placement]['ptitle'] = $ptitle = $opts[$plugin_placement];
$data['placement'][$plugin_placement]['pid'] = $pid = $plugin_placement;
if ($is_invisible) {
$plugins = $invisible_plugins;
} else {
$plugins = serendipity_plugin_api::enum_plugins($plugin_placement);
}
if (!is_array($plugins)) {
continue;
}
$sort_idx = 0;
foreach ($plugins as $plugin_data) {
$i++;
$plugin =& serendipity_plugin_api::load_plugin($plugin_data['name'], $plugin_data['authorid']);
$key = urlencode($plugin_data['name']);
$css_key = 's9ycid' . str_replace('%', '-', $key);
$is_plugin_owner = $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers');
$is_plugin_editable = $is_plugin_owner || $plugin_data['authorid'] == '0';
$cname = explode(':', $plugin_data['name']);
if (!is_object($plugin)) {
$name = $title = ERROR . '!';
$desc = ERROR . ': ' . $plugin_data['name'];
$can_configure = false;
} else {
/* query for its name, description and configuration data */
$bag = new serendipity_property_bag();
$plugin->introspect($bag);
$name = serendipity_specialchars($bag->get('name'));
$desc = '<details class="plugin_data">';
$desc .= '<summary><var class="perm_name">' . $cname[0] . '</var></summary>';
$desc .= '<div class="plugin_desc clearfix">' . serendipity_specialchars($bag->get('description')) . '</div>';
$desc .= '<span class="block_level">' . VERSION . ': ' . $bag->get('version') . '</span>';
$desc .= '</details>';
$title = serendipity_plugin_api::get_plugin_title($plugin, '[' . $name . ']');
if ($bag->is_set('configuration') && ($plugin->protected === FALSE || $plugin_data['authorid'] == '0' || $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'))) {
$can_configure = true;
} else {
$can_configure = false;
}
}
if ($opts === null) {
$opts = array('left' => LEFT, 'right' => RIGHT, 'hide' => HIDDEN);
}
$event_opts = array('event' => PLUGIN_ACTIVE, 'eventh' => PLUGIN_INACTIVE);
if ($event_only) {
$gopts = $event_opts;
} else {
$gopts = $opts;
}
$data['placement'][$plugin_placement]['plugin_data'][$i]['sort_idx'] = $sort_idx;
$data['placement'][$plugin_placement]['plugin_data'][$i]['css_key'] = $css_key;
$data['placement'][$plugin_placement]['plugin_data'][$i]['is_plugin_editable'] = $is_plugin_editable;
$data['placement'][$plugin_placement]['plugin_data'][$i]['is_plugin_owner'] = $is_plugin_owner;
$data['placement'][$plugin_placement]['plugin_data'][$i]['name'] = $plugin_data['name'];
$data['placement'][$plugin_placement]['plugin_data'][$i]['authorid'] = $plugin_data['authorid'];
$data['placement'][$plugin_placement]['plugin_data'][$i]['can_configure'] = $can_configure;
$data['placement'][$plugin_placement]['plugin_data'][$i]['key'] = $key;
$data['placement'][$plugin_placement]['plugin_data'][$i]['title'] = $title;
$data['placement'][$plugin_placement]['plugin_data'][$i]['desc'] = $desc;
$data['placement'][$plugin_placement]['plugin_data'][$i]['placement'] = $plugin_data['placement'];
$data['placement'][$plugin_placement]['plugin_data'][$i]['gopts'] = $gopts;
$sort_idx++;
}
}
$data['total'] = $i;
return serendipity_smarty_show('admin/show_plugins.fnc.tpl', $data);
}
/**
* Check if a member of a group has permissions to execute a plugin
*
* @param string Pluginname
* @param int ID of the group of which the members should be checked
* @return boolean
*/
function serendipity_hasPluginPermissions($plugin, $groupid = null)
{
static $forbidden = null;
global $serendipity;
if (empty($serendipity['authorid'])) {
return true;
}
if ($forbidden === null || $groupid !== null && !isset($forbidden[$groupid])) {
$forbidden = array();
if ($groupid === null) {
$groups = serendipity_checkPermission(null, null, 'all');
} else {
$groups = array($groupid => serendipity_fetchGroup($groupid));
}
foreach ($groups as $idx => $group) {
if ($idx == 'membership') {
continue;
}
foreach ($group as $key => $val) {
if (substr($key, 0, 2) == 'f_') {
$forbidden[$groupid][$key] = true;
}
}
}
}
if (isset($forbidden[$groupid]['f_' . $plugin])) {
return false;
} else {
return true;
}
}
function event_hook($event, &$bag, &$eventData, $addData = null)
{
global $serendipity;
static $is_cache = null;
static $use_groups = null;
static $use_users = null;
static $ext_joins = null;
$hooks =& $bag->get('event_hooks');
if ($is_cache === null) {
$is_cache = serendipity_db_bool($this->get_config('cache', 'true'));
$use_groups = serendipity_db_bool($this->get_config('use_groups'));
$use_users = serendipity_db_bool($this->get_config('use_users'));
$ext_joins = serendipity_db_bool($this->get_config('use_ext_joins'));
}
if (isset($hooks[$event])) {
switch ($event) {
case 'frontend_entryproperties_query':
$eventData['and'] = $this->returnQueryCondition($is_cache);
return true;
break;
case 'backend_display':
$is_sticky = isset($eventData['properties']['ep_is_sticky']) && serendipity_db_bool($eventData['properties']['ep_is_sticky']) || isset($serendipity['POST']['properties']['is_sticky']) && serendipity_db_bool($serendipity['POST']['properties']['is_sticky']) ? 'checked="checked"' : '';
$no_frontpage = isset($eventData['properties']['ep_no_frontpage']) && serendipity_db_bool($eventData['properties']['ep_no_frontpage']) || isset($serendipity['POST']['properties']['no_frontpage']) && serendipity_db_bool($serendipity['POST']['properties']['no_frontpage']) ? 'checked="checked"' : '';
$hiderss = isset($eventData['properties']['ep_hiderss']) && serendipity_db_bool($eventData['properties']['ep_hiderss']) || isset($serendipity['POST']['properties']['hiderss']) && serendipity_db_bool($serendipity['POST']['properties']['hiderss']) ? 'checked="checked"' : '';
$access_values = array(PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PRIVATE => 'private', PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_PUBLIC => 'public', PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS_MEMBERS => 'member');
if (isset($eventData['properties']['ep_access'])) {
$access = $eventData['properties']['ep_access'];
} elseif (isset($serendipity['POST']['properties']['access'])) {
$access = $serendipity['POST']['properties']['access'];
} else {
$access = $this->get_config('default_read', 'public');
}
if (isset($eventData['properties']['ep_access_groups'])) {
$access_groups = explode(';', $eventData['properties']['ep_access_groups']);
} elseif (isset($serendipity['POST']['properties']['access_groups'])) {
$access_groups = $serendipity['POST']['properties']['access_groups'];
} else {
$access_groups = array();
}
if (isset($eventData['properties']['ep_access_users'])) {
$access_users = explode(';', $eventData['properties']['ep_access_users']);
} elseif (isset($serendipity['POST']['properties']['access_users'])) {
$access_users = $serendipity['POST']['properties']['access_users'];
} else {
$access_users = array();
}
if (isset($eventData['properties']['ep_entrypassword'])) {
$password = $eventData['properties']['ep_entrypassword'];
} elseif (isset($serendipity['POST']['properties']['entrypassword'])) {
$password = $serendipity['POST']['properties']['entrypassword'];
} else {
$password = '';
}
?>
<div class="entryproperties">
<input type="hidden" name="serendipity[propertyform]" value="true" />
<h3><?php
echo PLUGIN_EVENT_ENTRYPROPERTIES_TITLE;
?>
</h3>
<?php
$elements = explode(',', $this->get_config('sequence'));
foreach ($elements as $element) {
$this->showBackend($element, $eventData, $is_sticky, $no_frontpage, $hiderss, $access_values, $access, $password, $use_groups, $access_groups, $use_users, $access_users);
}
?>
</div>
<?php
return true;
break;
case 'backend_maintenance':
if ($is_cache && $serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN) {
echo '<section id="maintenance_buildcache" class="equal_heights quick_list">';
echo '<h3>' . PLUGIN_EVENT_ENTRYPROPERTY_BUILDCACHE . '</h3>';
echo '<a class="button_link build_cache" href="?serendipity[adminModule]=event_display&serendipity[adminAction]=buildcache" data-delmsg="' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNEXT . '">' . PLUGIN_EVENT_ENTRYPROPERTY_BUILDCACHE . '</a></section>';
}
return true;
break;
case 'backend_import_entry':
//TODO: (ph) Maybe handle caching?
if (is_array($addData) && !$addData['nl2br']) {
$props = array();
$props['no_nl2br'] = 'true';
$this->addProperties($props, $eventData);
}
break;
case 'backend_sidebar_entries_event_display_buildcache':
if ($is_cache) {
$per_fetch = 25;
$page = isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1;
$from = ($page - 1) * $per_fetch;
$to = $page * $per_fetch;
printf('<h2>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNO, $from, $to);
$entries = serendipity_fetchEntries(null, true, $per_fetch, false, false, 'timestamp DESC', '', true);
$total = serendipity_getTotalEntries();
printf(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_TOTAL . '</h2>', $total);
if (is_array($entries)) {
echo '<ul class="plainList">';
foreach ($entries as $idx => $entry) {
printf('<li>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_BUILDING, $entry['id'], serendipity_specialchars($entry['title']));
$this->updateCache($entry);
echo ' ' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHED . '</li>';
}
echo '</ul>';
}
if ($to < $total) {
?>
<script>
if (confirm("<?php
echo serendipity_specialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_FETCHNEXT);
?>
")) {
location.href = "?serendipity[adminModule]=event_display&serendipity[adminAction]=buildcache&serendipity[page]=<?php
echo $page + 1;
?>
";
} else {
alert("<?php
echo serendipity_specialchars(PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_ABORTED);
?>
");
}
</script>
<?php
} else {
echo '<span class="msg_notice"><span class="icon-info-circled"></span>' . PLUGIN_EVENT_ENTRYPROPERTIES_CACHE_DONE . '</span>';
}
}
return true;
break;
case 'backend_cache_entries':
if (!$is_cache) {
return true;
}
$entries = serendipity_fetchEntries(null, true, $serendipity['fetchLimit'], false, false, 'timestamp DESC', '', true);
if (is_array($entries) && !empty($entries)) {
foreach ($entries as $idx => $entry) {
$this->updateCache($entry);
}
}
return true;
break;
case 'backend_cache_purge':
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE property LIKE 'ep_cache_%'");
break;
case 'backend_entry_presave':
if (is_array($serendipity['POST']['properties'])) {
$this->applyProperties($serendipity['POST']['properties']);
}
break;
case 'backend_publish':
case 'backend_save':
if (!isset($eventData['id'])) {
return true;
}
if (!empty($serendipity['POST']['change_author']) && $serendipity['POST']['change_author'] != $eventData['id']) {
// Check again if the POSTed value is an author that the current user has "access" to.
$avail_users =& $this->getValidAuthors();
$new_authorid = (int) $serendipity['POST']['change_author'];
foreach ($avail_users as $user) {
if ($new_authorid == $user['authorid']) {
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}entries SET authorid = " . $new_authorid . " WHERE id = " . (int) $eventData['id']);
}
}
}
if ($is_cache) {
// Previous calls to frontend_display used the "no_scramble" atteribute to not tinker with the data.
// We now need to call those plugins that have not yet operated before.
$to_addData = array('from' => 'entryproperties:' . $event);
serendipity_plugin_api::hook_event('frontend_display_cache', $eventData, $to_addData);
$serendipity['POST']['properties']['cache_body'] = $eventData['body'];
$serendipity['POST']['properties']['cache_extended'] = $eventData['extended'];
}
if (is_array($serendipity['POST']['properties']['access_groups']) && $serendipity['POST']['properties']['access'] != 'member') {
unset($serendipity['POST']['properties']['access_groups']);
}
if (is_array($serendipity['POST']['properties']['access_users']) && $serendipity['POST']['properties']['access'] != 'member') {
unset($serendipity['POST']['properties']['access_users']);
}
$this->addProperties($serendipity['POST']['properties'], $eventData);
return true;
break;
case 'frontend_configure':
if (isset($serendipity['POST']['id']) && empty($serendipity['GET']['id'])) {
$serendipity['GET']['id'] =& $serendipity['POST']['id'];
$serendipity['GET']['subpage'] =& $serendipity['POST']['subpage'];
}
break;
case 'frontend_entryproperties':
$and = $this->returnQueryCondition($is_cache);
$q = "SELECT entryid, property, value FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid IN (" . implode(', ', array_keys($addData)) . ") {$and}";
$properties = serendipity_db_query($q);
if (!is_array($properties)) {
return true;
}
foreach ($properties as $idx => $row) {
$eventData[$addData[$row['entryid']]]['properties'][$row['property']] = $row['value'];
}
return true;
break;
case 'entry_display':
// PH: This is done after Garvins suggestion to patchup $eventData in case an entry
// is in the process of being created. This must be done for the extended properties
// to be applied in the preview.
if (isset($serendipity['GET']['id']) && isset($eventData[0]['properties']['ep_entrypassword'])) {
if ($_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] == md5($eventData[0]['properties']['ep_entrypassword']) || $eventData[0]['properties']['ep_entrypassword'] == $serendipity['POST']['entrypassword']) {
// Do not show login form again, once we have first enabled it.
$_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] = md5($eventData[0]['properties']['ep_entrypassword']);
} else {
if (is_array($eventData)) {
$eventData['clean_page'] = true;
} else {
$eventData = array('clean_page' => true);
}
$this->showPasswordForm = true;
}
}
if ($addData['preview'] && is_array($serendipity['POST']['properties']) && count($serendipity['POST']['properties']) > 0) {
$parr = array();
$supported_properties = serendipity_event_entryproperties::getSupportedProperties();
foreach ($supported_properties as $prop_key) {
if (isset($serendipity['POST']['properties'][$prop_key])) {
$eventData[0]['properties']['ep_' . $prop_key] = $serendipity['POST']['properties'][$prop_key];
}
}
}
break;
case 'entries_header':
if ($this->showPasswordForm) {
echo $this->showPasswordform();
}
break;
case 'frontend_fetchentries':
case 'frontend_fetchentry':
$joins = array();
$conds = array();
if (!$ext_joins) {
return true;
}
if ($_SESSION['serendipityAuthedUser'] === true) {
$conds[] = " (ep_access.property IS NULL OR ep_access.value = 'member' OR ep_access.value = 'public' OR (ep_access.value = 'private' AND e.authorid = " . (int) $serendipity['authorid'] . ")) ";
if ($use_groups) {
$mygroups = serendipity_checkPermission(null, null, true);
$groupcond = array();
foreach ((array) $mygroups as $mygroup) {
$groupcond[] .= "ep_access_groups.value LIKE '%;{$mygroup};%'";
}
if (count($groupcond) > 0) {
$conds[] = " (ep_access_groups.property IS NULL OR (ep_access.value = 'member' AND (" . implode(' OR ', $groupcond) . ")))";
}
}
if ($use_users) {
$conds[] = " (ep_access_users.property IS NULL OR (ep_access.value = 'member' AND (ep_access_users.value LIKE '%;" . (int) $serendipity['authorid'] . ";%' OR e.authorid = " . (int) $serendipity['authorid'] . "))) ";
}
} else {
$conds[] = " (ep_access.property IS NULL OR ep_access.value = 'public')";
}
if (!isset($serendipity['GET']['viewAuthor']) && !isset($serendipity['plugin_vars']['tag']) && !isset($serendipity['GET']['category']) && !isset($serendipity['GET']['adminModule']) && $event == 'frontend_fetchentries' && $addData['source'] != 'search') {
$conds[] = " (ep_no_frontpage.property IS NULL OR ep_no_frontpage.value != 'true') ";
$joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_no_frontpage\n ON (e.id = ep_no_frontpage.entryid AND ep_no_frontpage.property = 'ep_no_frontpage')";
}
if (count($conds) > 0) {
$cond = implode(' AND ', $conds);
if (empty($eventData['and'])) {
$eventData['and'] = " WHERE {$cond} ";
} else {
$eventData['and'] .= " AND {$cond} ";
}
}
$conds = array();
if ((!isset($addData['noSticky']) || $addData['noSticky'] !== true) && !isset($serendipity['skipSticky'])) {
$conds[] = 'ep_sticky.value AS orderkey,';
} else {
$conds[] = 'e.isdraft AS orderkey,';
}
if ($is_cache && (!isset($addData['noCache']) || !$addData['noCache'])) {
$conds[] = 'ep_cache_extended.value AS ep_cache_extended,';
$conds[] = 'ep_cache_body.value AS ep_cache_body,';
}
$cond = implode("\n", $conds);
if (empty($eventData['addkey'])) {
$eventData['addkey'] = $cond;
} else {
$eventData['addkey'] .= $cond;
}
if ($serendipity['dbType'] == 'postgres') {
// PostgreSQL is a bit weird here. Empty columns with NULL or "" content for
// orderkey would get sorted on top when using DESC, and only after those
// the "true" content would be inserted. Thus we order ASC in postgreSQL,
// and silently wonder. Thanks to Nate Johnston for working this out!
$cond = 'orderkey ASC';
} else {
$cond = 'orderkey DESC';
}
if (empty($eventData['orderby'])) {
$eventData['orderby'] = $cond;
} else {
$eventData['orderby'] = $cond . ', ' . $eventData['orderby'];
}
if ($is_cache && (!isset($addData['noCache']) || !$addData['noCache'])) {
$joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_cache_extended\n ON (e.id = ep_cache_extended.entryid AND ep_cache_extended.property = 'ep_cache_extended')";
$joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_cache_body\n ON (e.id = ep_cache_body.entryid AND ep_cache_body.property = 'ep_cache_body')";
}
$joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access\n ON (e.id = ep_access.entryid AND ep_access.property = 'ep_access')";
if ($use_groups) {
$joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access_groups\n ON (e.id = ep_access_groups.entryid AND ep_access_groups.property = 'ep_access_groups')";
}
if ($use_users) {
$joins[] = " LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties ep_access_users\n ON (e.id = ep_access_users.entryid AND ep_access_users.property = 'ep_access_users')";
}
if ((!isset($addData['noSticky']) || $addData['noSticky'] !== true) && !isset($serendipity['skipSticky'])) {
$joins[] = " LEFT JOIN {$serendipity['dbPrefix']}entryproperties ep_sticky\n ON (e.id = ep_sticky.entryid AND ep_sticky.property = 'ep_is_sticky')";
}
$cond = implode("\n", $joins);
if (empty($eventData['joins'])) {
$eventData['joins'] = $cond;
} else {
$eventData['joins'] .= $cond;
}
return true;
break;
case 'frontend_entries_rss':
if (is_array($eventData)) {
foreach ($eventData as $idx => $entry) {
if (is_array($entry['properties']) && isset($entry['properties']['ep_hiderss']) && $entry['properties']['ep_hiderss']) {
unset($eventData[$idx]['body']);
unset($eventData[$idx]['extended']);
unset($eventData[$idx]['exflag']);
}
}
}
return true;
break;
case 'backend_plugins_new_instance':
// This hook will always push the entryproperties plugin as last in queue.
// Happens always when a new plugin is added.
// This is important because of its caching mechanism!
// Fetch maximum sort_order value. This will be the new value of our current plugin.
$q = "SELECT MAX(sort_order) as sort_order_max FROM {$serendipity['dbPrefix']}plugins WHERE placement = '" . $addData['default_placement'] . "'";
$rs = serendipity_db_query($q, true, 'num');
// Fetch current sort_order of current plugin.
$q = "SELECT sort_order FROM {$serendipity['dbPrefix']}plugins WHERE name = '" . $this->instance . "'";
$cur = serendipity_db_query($q, true, 'num');
// Decrease sort_order of all plugins after current plugin by one.
$q = "UPDATE {$serendipity['dbPrefix']}plugins SET sort_order = sort_order - 1 WHERE placement = '" . $addData['default_placement'] . "' AND sort_order > " . intval($cur[0]);
serendipity_db_query($q);
// Set current plugin as last plugin in queue.
$q = "UPDATE {$serendipity['dbPrefix']}plugins SET sort_order = " . intval($rs[0]) . " WHERE name = '" . $this->instance . "'";
serendipity_db_query($q);
return true;
break;
default:
return false;
break;
}
} else {
return false;
}
}
</a></li>
<?php
}
if (serendipity_checkPermission('adminImport')) {
?>
<li class="serendipitySideBarMenuLink serendipitySideBarMenuUserManagementLinks"><a href="serendipity_admin.php?serendipity[adminModule]=import"><?php
echo IMPORT_ENTRIES;
?>
</a></li>
<li class="serendipitySideBarMenuLink serendipitySideBarMenuUserManagementLinks"><a href="serendipity_admin.php?serendipity[adminModule]=export"><?php
echo EXPORT_ENTRIES;
?>
</a></li>
<?php
}
if (serendipity_checkPermission('siteConfiguration') || serendipity_checkPermission('blogConfiguration')) {
?>
<li class="serendipitySideBarMenuLink serendipitySideBarMenuUserManagementLinks"><a href="serendipity_admin.php?serendipity[adminModule]=integrity"><?php
echo INTEGRITY;
?>
</a></li>
<?php
}
?>
<?php
if ($serendipity['no_create'] !== true) {
serendipity_plugin_api::hook_event('backend_sidebar_admin', $serendipity);
}
?>
<li class="serendipitySideBarMenuFoot serendipitySideBarMenuUserManagement" style="display:none"></li>
</ul>
function showMediaLibrary($messages = false, $addvar_check = false)
{
global $serendipity;
if (!serendipity_checkPermission('adminImagesView')) {
return;
}
if (!empty($messages)) {
echo '<div class="imageMessage"><ul>';
foreach ($messages as $message) {
echo '<li>' . $message . '</li>';
}
echo '</ul></div>';
}
// After upload, do not show the list to be able to proceed to
// media selection.
if ($addvar_check && !empty($GLOBALS['image_selector_addvars'])) {
return true;
}
?>
<script type="text/javascript" language="javascript">
<!--
function rename(id, fname) {
if(newname = prompt('<?php
echo ENTER_NEW_NAME;
?>
' + fname, fname)) {
location.href='?<?php
echo serendipity_setFormToken('url');
?>
&serendipity[adminModule]=images&serendipity[adminAction]=rename&serendipity[fid]='+ escape(id) + '&serendipity[newname]='+ escape(newname);
}
}
//-->
</script>
<?php
if (!isset($serendipity['thumbPerPage'])) {
$serendipity['thumbPerPage'] = 2;
}
serendipity_displayImageList(isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1, $serendipity['thumbPerPage'], true);
}
$totalComments = $sql['total'];
$pages = $commentsPerPage == COMMENTS_FILTER_ALL ? 1 : ceil($totalComments / (int) $commentsPerPage);
$page = (int) $serendipity['GET']['page'];
if ($page == 0 || $page > $pages) {
$page = 1;
}
$linkPrevious = 'serendipity_admin.php?serendipity[adminModule]=comments&serendipity[page]=' . ($page - 1) . $searchString;
$linkNext = 'serendipity_admin.php?serendipity[adminModule]=comments&serendipity[page]=' . ($page + 1) . $searchString;
$filter_vals = array(10, 20, 50, COMMENTS_FILTER_ALL);
if ($commentsPerPage == COMMENTS_FILTER_ALL) {
$limit = '';
} else {
$limit = serendipity_db_limit_sql(serendipity_db_limit(($page - 1) * (int) $commentsPerPage, (int) $commentsPerPage));
}
$sql = serendipity_db_query("SELECT c.*, e.title FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n WHERE 1 = 1 " . ($c_type !== null ? " AND c.type = '{$c_type}' " : '') . $and . (!serendipity_checkPermission('adminEntriesMaintainOthers') ? 'AND e.authorid = ' . (int) $serendipity['authorid'] : '') . "\n ORDER BY c.id DESC {$limit}");
if (serendipity_checkPermission('adminComments')) {
ob_start();
# This event has to get send here so the spamblock-plugin can block an author now and the comment_page show that on this pageload
serendipity_plugin_api::hook_event('backend_comments_top', $sql);
$data['backend_comments_top'] = ob_get_contents();
ob_end_clean();
}
$data['commentsPerPage'] = $commentsPerPage;
$data['totalComments'] = $totalComments;
$data['pages'] = $pages;
$data['page'] = $page;
$data['linkPrevious'] = $linkPrevious;
$data['linkNext'] = $linkNext;
$data['searchString'] = $searchString;
$data['filter_vals'] = $filter_vals;
$data['sql'] = $sql;
/**
* event hook: backend_sidebar_entries_event_display_managetags
* uses global object array eventData
*/
function displayManageTags()
{
global $serendipity;
if ($this->get_config('dbversion', 1) != 2) {
$this->install();
$this->set_config('dbversion', 2);
}
$full_permission = serendipity_checkPermission('adminPlugins');
// AFAIS, BY USERLEVEL permission checks are being deprecated
if ($serendipity['version'][0] < 2) {
?>
<div style="border: 1px solid #000;" class="freetagMenu">
<ul>
<?php
} else {
?>
<h2><?php
echo PLUGIN_EVENT_FREETAG_MANAGETAGS;
?>
</h2>
<div class="freetagMenu">
<ul class="plainList clearfix">
<?php
}
?>
<li><a class="button_link" href="<?php
echo FREETAG_MANAGE_URL;
?>
&serendipity[tagview]=all" title="<?php
echo PLUGIN_EVENT_FREETAG_MANAGE_ALL;
?>
">ALL</a></li>
<li><a class="button_link" href="<?php
echo FREETAG_MANAGE_URL;
?>
&serendipity[tagview]=leaf" title="<?php
echo PLUGIN_EVENT_FREETAG_MANAGE_LEAF;
?>
">LEAF</a></li>
<?php
if ($full_permission === true) {
?>
<li><a class="button_link" href="<?php
echo FREETAG_MANAGE_URL;
?>
&serendipity[tagview]=entryuntagged" title="<?php
echo PLUGIN_EVENT_FREETAG_MANAGE_UNTAGGED;
?>
">NOTAG</a></li>
<li><a class="button_link" href="<?php
echo FREETAG_MANAGE_URL;
?>
&serendipity[tagview]=entryleaf" title="<?php
echo PLUGIN_EVENT_FREETAG_MANAGE_LEAFTAGGED;
?>
">LEAFTAG</a></li>
<li><a class="button_link" href="<?php
echo FREETAG_MANAGE_URL;
?>
&serendipity[tagview]=keywords" title="<?php
echo PLUGIN_EVENT_FREETAG_KEYWORDS;
?>
">KEYWORD</a></li>
<li><a class="button_link" href="<?php
echo FREETAG_MANAGE_URL;
?>
&serendipity[tagview]=cat2tag" title="<?php
echo PLUGIN_EVENT_FREETAG_GLOBALLINKS;
?>
">CAT2TAG</a></li>
<li><a class="button_link" href="<?php
echo FREETAG_MANAGE_URL;
?>
&serendipity[tagview]=tagupdate" onclick="return confirm('<?php
echo htmlspecialchars(PLUGIN_EVENT_FREETAG_REBUILD_DESC, ENT_COMPAT, LANG_CHARSET);
?>
');" title="<?php
echo PLUGIN_EVENT_FREETAG_REBUILD;
?>
">AUTOTAG</a></li>
<li><a class="button_link" href="<?php
echo FREETAG_MANAGE_URL;
?>
&serendipity[tagview]=cleanupmappings" title="<?php
echo PLUGIN_EVENT_FREETAG_MANAGE_CLEANUP;
?>
">CLEAN</a></li>
<?php
}
?>
</ul>
</div>
<?php
if (isset($this->eventData['GET']['tagaction']) && !empty($this->eventData['GET']['tagaction'])) {
$this->displayTagAction($full_permission);
}
// backend menu cases
if (isset($this->eventData['GET']['tagview'])) {
switch ($this->eventData['GET']['tagview']) {
case 'all':
// 1
$tags = (array) $this->getAllTags();
$this->displayEditTags($tags);
break;
case 'leaf':
// 2
$tags = (array) $this->getLeafTags();
$this->displayEditTags($tags);
break;
case 'entryuntagged':
// 3
if ($full_permission === true) {
$this->displayUntaggedEntries();
}
break;
case 'entryleaf':
// 4
if ($full_permission === true) {
$this->displayLeafTaggedEntries();
}
break;
case 'keywords':
// 5
if ($full_permission === true) {
$tags = (array) $this->getAllTags();
$this->displayKeywordAssignment($tags);
}
break;
case 'cat2tag':
// 6
if ($full_permission === true) {
$this->displayCategoryToTags();
}
break;
case 'tagupdate':
// 7
if ($full_permission === true) {
break;
}
if (!serendipity_db_bool($this->get_config('keyword2tag', 'false'))) {
echo '<span class="msg_notice"><span class="icon-info-circled"></span>The option "' . PLUGIN_EVENT_FREETAG_KEYWORDS . '" is not set!</span>' . "\n";
// i18n?
break;
}
$this->displayTagUpdate();
break;
case 'cleanupmappings':
// 8
if ($full_permission === true) {
$this->cleanupTagAssignments();
}
break;
default:
if (!empty($this->eventData['GET']['tagview'])) {
echo '<span class="msg_notice"><span class="icon-info-circled"></span> ' . "Can't execute tagview</span>\n";
}
break;
}
}
return true;
}
/* Paging */
$sql = serendipity_db_query("SELECT COUNT(*) AS total FROM {$serendipity['dbPrefix']}comments c WHERE 1 = 1 " . ($c_type !== null ? " AND c.type = '{$c_type}' " : '') . $and, true);
$totalComments = $sql['total'];
$pages = $commentsPerPage == COMMENTS_FILTER_ALL ? 1 : ceil($totalComments / (int) $commentsPerPage);
$page = (int) $serendipity['GET']['page'];
if ($page == 0 || $page > $pages) {
$page = 1;
}
$linkPrevious = 'serendipity_admin.php?serendipity[adminModule]=comments&serendipity[page]=' . ($page - 1) . $searchString;
$linkNext = 'serendipity_admin.php?serendipity[adminModule]=comments&serendipity[page]=' . ($page + 1) . $searchString;
if ($commentsPerPage == COMMENTS_FILTER_ALL) {
$limit = '';
} else {
$limit = serendipity_db_limit_sql(serendipity_db_limit(($page - 1) * (int) $commentsPerPage, (int) $commentsPerPage));
}
$sql = serendipity_db_query("SELECT c.*, e.title FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n WHERE 1 = 1 " . ($c_type !== null ? " AND c.type = '{$c_type}' " : '') . $and . (!serendipity_checkPermission('adminEntriesMaintainOthers') ? 'AND e.authorid = ' . (int) $serendipity['authorid'] : '') . "\n ORDER BY c.id DESC {$limit}");
if (!empty($errormsg)) {
echo '<p class="serendipityAdminMsgError serendipity_backend_msg_notice"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . $errormsg . '</p>';
}
// closing admin messages
?>
<script type="text/javascript">
function FT_toggle(id) {
if ( document.getElementById(id + '_full').style.display == '' ) {
document.getElementById(id + '_full').style.display='none';
document.getElementById(id + '_summary').style.display='';
document.getElementById(id + '_text').innerHTML = '<?php
echo VIEW_FULL;
?>
';
} else {
$data['messages'] = '<span class="msg_notice"><span class="icon-info-circled"></span> ' . MEDIA_RESIZE_EXISTS . '</span>';
} else {
$data['print_SCALING_IMAGE'] = sprintf(SCALING_IMAGE, $file['path'] . $file['name'] . '.' . $file['extension'], (int) $serendipity['GET']['width'], (int) $serendipity['GET']['height']);
$data['extraParems'] = serendipity_generateImageSelectorParems();
$scaleImg = serendipity_scaleImg($serendipity['GET']['fid'], $serendipity['GET']['width'], $serendipity['GET']['height']);
if (!empty($scaleImg) && is_string($scaleImg)) {
$data['scaleImgError'] = $scaleImg;
}
$data['is_done'] = true;
}
// fall back
$data['showML'] = showMediaLibrary();
break;
case 'scaleSelect':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
if (!is_array($file) || !serendipity_checkPermission('adminImagesDelete') || !serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid']) {
return;
}
$data['extraParems'] = serendipity_generateImageSelectorParems('form');
$data['case_scaleSelect'] = true;
$s = getimagesize($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $file['name'] . ($file['extension'] ? '.' . $file['extension'] : ""));
$data['img_width'] = $s[0];
$data['img_height'] = $s[1];
$data['print_RESIZE_BLAHBLAH'] = sprintf(RESIZE_BLAHBLAH, serendipity_specialchars($serendipity['GET']['fname']));
$data['print_ORIGINAL_SIZE'] = sprintf(ORIGINAL_SIZE, $s[0], $s[1]);
$data['formtoken'] = serendipity_setFormToken();
$data['file'] = $serendipity['uploadHTTPPath'] . $file['path'] . $file['name'] . ($file['extension'] ? '.' . $file['extension'] : "");
break;
case 'choose':
$file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
$media['file'] =& $file;
function event_hook($event, &$bag, &$eventData, $addData = null)
{
global $serendipity;
$hooks =& $bag->get('event_hooks');
if (isset($hooks[$event])) {
switch ($event) {
case 'external_plugin':
//catch learnAction here because the GET-Params prevent
//the normal switch/case to find this
if (strpos($eventData, 'learnAction') !== false) {
if (!serendipity_checkPermission('adminComments')) {
return;
}
$this->learnAction($_REQUEST['id'], $_REQUEST['category'], $_REQUEST['action'], $_REQUEST['entry_id']);
echo DONE;
return true;
break;
}
switch ($eventData) {
case 'learncomment':
if (!serendipity_checkPermission('adminComments')) {
break;
}
$category = $_REQUEST['category'];
$ids = $_REQUEST['id'];
$ids = explode(';', $ids);
foreach ($ids as $id) {
$comment = $this->getComment($id);
if (is_array($comment)) {
$comment = $comment['0'];
$entry_id = $comment['entry_id'];
}
$this->startLearn($comment, $category);
//Ham shall be approved, Spam deleted
if ($category == 'ham') {
serendipity_approveComment($id, $entry_id);
} elseif ($category == 'spam') {
if ($this->get_config('method', 'moderate') == 'custom') {
$spamBarrier = min(array($this->get_config('moderateBarrier', 70) / 100, $this->get_config('blockBarrier', 90) / 100));
} else {
$spamBarrier = 0.7;
}
//spam shall not get through the filter twice - so make sure, it really is marked as spam
$loop = 0;
while ($this->startClassify($comment) < $spamBarrier && $loop < 5) {
$this->startLearn($comment, $category);
//prevent infinite loop
$loop++;
}
if ($this->get_config('recycler', true)) {
$this->recycleComment($id, $entry_id);
}
serendipity_deleteComment($id, $entry_id);
}
}
break;
case 'spamblock_bayes.load.gif':
header('Content-Type: image/gif');
echo file_get_contents(dirname(__FILE__) . '/img/spamblock_bayes.load.gif');
break;
case 'spamblock_bayes.spam.png':
header('Content-Type: image/png');
echo file_get_contents(dirname(__FILE__) . '/img/spamblock_bayes.spam.png');
break;
case 'jquery.tablesorter.js':
header('Content-Type: text/javascript');
echo file_get_contents(dirname(__FILE__) . '/jquery.tablesorter.js');
break;
case 'jquery.heatcolor.js':
header('Content-Type: text/javascript');
echo file_get_contents(dirname(__FILE__) . '/jquery.heatcolor.js');
break;
case 'jquery.excerpt.js':
header('Content-Type: text/javascript');
echo file_get_contents(dirname(__FILE__) . '/jquery.excerpt.js');
break;
case 'serendipity_event_spamblock_bayes.js':
header('Content-Type: text/javascript');
echo file_get_contents(dirname(__FILE__) . '/serendipity_event_spamblock_bayes.js');
break;
case 'getRating':
$ids = $_REQUEST['id'];
$ids = explode(';', $ids);
//we get the comments in wrong order
$comments = array_reverse($this->getComment($ids));
$i = 0;
foreach ($comments as $comment) {
$ratings .= preg_replace('/\\..*/', '', $this->startClassify($comment) * 100) . '%;' . $ids[$i] . ';';
$i++;
}
echo $ratings;
break;
case 'bayesMenuLearn':
if (!serendipity_checkPermission('adminComments')) {
break;
}
//the POST-Data of the form is almost exactly like the result of the database-query
$comment = $_POST;
if (serendipity_db_bool($comment['ham'])) {
$category = 'ham';
} else {
$category = 'spam';
}
$this->startLearn($comment, $category);
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=3';
$url .= '&serendipity[success]=Learned comment as ' . $category . '">';
echo $redirect . $url;
break;
case 'bayesLearnFromOld':
if (!serendipity_checkPermission('adminComments')) {
break;
}
$this->learnFromOld();
#redirect the user back to the menu
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=2';
$url .= '&serendipity[success]=Learning Done">';
echo $redirect . $url;
break;
case 'bayesDeleteDatabase':
if (!serendipity_checkPermission('adminComments')) {
break;
}
$this->deleteDB();
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=2';
$url .= '&serendipity[success]=Database deleted">';
echo $redirect . $url;
break;
case 'bayesSetupDatabase':
if (!serendipity_checkPermission('adminComments')) {
break;
}
$this->setupDB();
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=2';
$url .= '&serendipity[success]=Database created">';
echo $redirect . $url;
break;
case 'bayesRecycler':
if (!serendipity_checkPermission('adminComments')) {
break;
}
if (!empty($_REQUEST['serendipity']['selected'])) {
$ids = array_keys($_REQUEST['serendipity']['selected']);
} else {
if (!empty($_REQUEST['serendipity']['comments'])) {
$ids = array_keys($_REQUEST['serendipity']['comments']);
}
}
if (isset($_REQUEST['restore'])) {
if (!empty($ids)) {
$ids = array_keys($_REQUEST['serendipity']['selected']);
#When restoring a comment we can be pretty sure it's a valid one
$comments = $this->getRecyclerComment($ids);
foreach ($comments as $comment) {
$this->startLearn($comment, 'ham');
}
$this->restoreComments($ids);
if (in_array(0, $ids)) {
#this happened when the recyclercode was broken
$msg = "Not able to restore comment with id 0";
$msgtype = 'error';
}
if (count($ids) > 1) {
$msg = 'Comments ' . implode(', ', $ids) . ' restored';
} else {
$msg = 'Comment ' . implode(', ', $ids) . ' restored';
}
$msgtype = 'success';
} else {
$msg = 'No comment selected';
$msgtype = 'message';
}
}
if (isset($_REQUEST['empty'])) {
if (isset($_REQUEST['recyclerSpam'])) {
if ($this->get_config('emptyAll', false)) {
$comments = $this->getAllRecyclerComments();
} else {
$comments = $this->getRecyclerComment($ids);
}
foreach ($comments as $comment) {
$this->startLearn($comment, 'spam');
}
}
if ($this->get_config('emptyAll', false)) {
$success = $this->emptyRecycler();
} else {
$success = $this->deleteFromRecycler($ids);
}
if (serendipity_db_bool($success)) {
$msg = 'Recycler emptied';
$msgtype = 'success';
} else {
$msg = urlencode($success);
$msgtype = 'error';
}
}
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=1';
if (!empty($msgtype)) {
$url .= '&serendipity[' . $msgtype . ']=' . $msg . '">';
} else {
$url .= '" />';
}
echo $redirect . $url;
break;
case 'bayesAnalyse':
if (isset($_REQUEST['comments'])) {
$comment_ids = array_keys($_REQUEST['comments']);
} else {
$msg = 'Please select at least one comment';
$msgtype = 'message';
}
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=4';
if (isset($_REQUEST['comments'])) {
foreach ($comment_ids as $comment) {
$url .= '&serendipity[comments][' . $comment . ']';
}
}
if (!empty($msgtype)) {
$url .= '&serendipity[' . $msgtype . ']=' . $msg . '"/>';
} else {
$url .= '" />';
}
echo $redirect . $url;
break;
case 'bayesImport':
#Showing the menu
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=5';
echo $redirect . $url;
break;
case 'spamblock_bayes_import':
if (!serendipity_checkPermission('adminComments')) {
break;
}
$this->setupDB();
#starting the import
$importDatabase = $this->getCsvDatabase($_FILES['importcsv']['tmp_name']);
$result = $this->importDatabase($importDatabase);
if ($result === true) {
$msg = "Database imported";
$msgtype = "success";
} else {
$msg = $result;
$msgtype = "error";
}
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=2';
$url .= '&serendipity[' . $msgtype . ']=' . $msg . '">';
echo $redirect . $url;
break;
case 'bayesExportDatabase':
$key = $_POST['key'];
$exportKey = $this->get_config('exportKey', "");
if (!(serendipity_checkPermission('adminComments') || !$exportKey == "" && $exportKey == $key)) {
break;
}
$this->set_config('exportKey', "");
$this->exportDatabase();
header('Content-type: application/x-download');
header('Content-Disposition: attachment; filename=spamblock_bayes.csv');
echo file_get_contents($serendipity['serendipityPath'] . 'templates_c/spamblock_bayes.csv');
break;
case 'bayesTrojaGetKey':
$publicTrojaKey = openssl_get_publickey(file_get_contents(dirname(__FILE__) . '/publicTrojaKey.pem'));
header('HTTP/1.1 200 OK');
$key = mt_rand();
$this->set_config('exportKey', $key);
openssl_public_encrypt($key, $enc_key, $publicTrojaKey, OPENSSL_PKCS1_PADDING);
echo base64_encode($enc_key);
break;
case 'bayesTrojaRegister':
if (!serendipity_checkPermission('adminComments')) {
break;
}
$this->set_config('awaitingTrojaRequest', true);
$this->set_config('troja_registered', true);
$trojaUrlTarget = $this->trojaUrl . 'register';
$data = array('url' => $serendipity['baseURL']);
$trojaUrlTarget .= "?" . http_build_query($data);
$response = $this->getRequest($trojaUrlTarget);
parse_str($response, $params);
$registered = urldecode($params['registered']);
if ($registered == 1) {
$msg = "Registered";
$msgtype = "success";
} else {
$msg = "Could not register this blog (already registered?)";
$msgtype = "error";
}
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=5';
$url .= '&serendipity[' . $msgtype . ']=' . $msg . '">';
echo $redirect . $url;
break;
case 'bayesTrojaRemove':
if (!serendipity_checkPermission('adminComments')) {
break;
}
$this->set_config('awaitingTrojaRequest', true);
$this->set_config('troja_registered', false);
$trojaUrlTarget = $this->trojaUrl . 'remove';
$data = array('url' => $serendipity['baseURL']);
$trojaUrlTarget .= "?" . http_build_query($data);
$response = $this->getRequest($trojaUrlTarget);
parse_str($response, $params);
$removed = urldecode($params['removed']);
if ($removed == 1) {
$msg = "Removed";
$msgtype = "success";
} else {
$msg = "Could not remove this blog";
$msgtype = "error";
}
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=5';
$url .= '&serendipity[' . $msgtype . ']=' . $msg . '">';
echo $redirect . $url;
break;
case 'bayesTrojaAccept':
$waiting = serendipity_db_bool($this->get_config('awaitingTrojaRequest', false));
if ($waiting === true) {
header('HTTP/1.1 200 OK');
$this->set_config('awaitingTrojaRequest', false);
} else {
header('HTTP/1.1 403 Forbidden');
}
echo "";
break;
case 'bayesTrojaRequestDB':
if (!serendipity_checkPermission('adminComments')) {
break;
}
$trojaUrlTarget = $this->trojaUrl . 'requestDB';
$url = $serendipity['baseURL'];
$try = 0;
while (trim($url) == $serendipity['baseURL']) {
$try++;
$response = $this->getRequest($trojaUrlTarget);
parse_str($response, $params);
$url = urldecode($params['url']);
if ($try > 3) {
break;
}
}
$key = $params['key'];
$error = false;
if (trim($url) == "http://" . $serendipity['baseURL'] || trim($url) == $serendipity['baseURL']) {
$msg = "Got only this blog as target to import from";
$msgtype = "error";
$error = true;
}
if ($url == "") {
$msg = "Got no target to import from";
$msgtype = "error";
$error = true;
}
if ($error) {
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=5';
$url .= '&serendipity[' . $msgtype . ']=' . $msg . '">';
echo $redirect . $url;
return;
} else {
$msg = "Imported from {$url}";
$msgtype = "success";
}
$this->fetchDatabase(trim($url), $key);
$redirect = '<meta http-equiv="REFRESH" content="0;url=';
$url = 'serendipity_admin.php?serendipity[adminModule]=event_display';
$url .= '&serendipity[adminAction]=spamblock_bayes';
$url .= '&serendipity[subpage]=5';
$url .= '&serendipity[' . $msgtype . ']=' . $msg . '">';
echo $redirect . $url;
break;
}
return true;
break;
case 'frontend_saveComment':
if (!is_array($eventData) || serendipity_db_bool($eventData['allow_comments'])) {
$serendipity['csuccess'] = 'true';
$comment = array($this->type['url'] => $addData['url'], $this->type['body'] => $addData['comment'], $this->type['name'] => $addData['name'], $this->type['email'] => $addData['email'], $this->type['ip'] => serendipity_db_escape_string(isset($addData['ip']) ? $addData['ip'] : $_SERVER['REMOTE_ADDR']), $this->type['referrer'] => substr(isset($_SESSION['HTTP_REFERER']) ? serendipity_db_escape_string($_SESSION['HTTP_REFERER']) : '', 0, 200));
if ($this->checkIfSpam($comment)) {
$method = $this->get_config('method', 'moderate');
if ($method == 'moderate') {
$this->moderate($eventData, $addData);
return false;
} elseif ($method == 'block') {
$this->block($eventData, $addData);
return false;
}
}
$blockBarrier = $this->get_config('blockBarrier', 90) / 100;
$moderateBarrier = $this->get_config('moderateBarrier', 70) / 100;
//now this either wasn't spam or method custom is selected.
if ($this->lastRating > $blockBarrier) {
$this->block($eventData, $addData);
return false;
} elseif ($this->lastRating > $moderateBarrier) {
$this->moderate($eventData, $addData);
return false;
}
}
return true;
break;
case 'backend_view_comment':
$path = $this->path = $this->get_config('path', $serendipity['serendipityHTTPPath'] . 'plugins/serendipity_event_spamblock_bayes/');
if (!empty($path) && $path != 'default' && $path != 'none' && $path != 'empty') {
$path_defined = true;
$imgpath = $path . 'img/';
} else {
$path_defined = false;
$imgpath = $serendipity['baseURL'] . 'index.php?/plugin/';
}
$comment = $eventData;
//change $comment into the needed form
$comment[$this->type['body']] = $comment['fullBody'];
unset($comment['fullBody']);
if ($serendipity['version'][0] == '1') {
$eventData['action_more'] = '<a id="ham' . $comment['id'] . '"
class="serendipityIconLink spamblockBayesControls"
onclick="return ham(' . $comment['id'] . ');"
title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . ': ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAM . '"
href="' . $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=approve&category=ham&id=' . $eventData['id'] . '&entry_id=' . $eventData['entry_id'] . '"
><img
src="' . serendipity_getTemplateFile('admin/img/accept.png') . '"
alt="" />' . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAM . '</a> <a
id="spam' . $comment['id'] . '"
class="serendipityIconLink spamblockBayesControls"
onclick="return spam(' . $comment['id'] . ');"
title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . ': ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAM . '"
href="' . $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=delete&category=spam&id=' . $eventData['id'] . '&entry_id=' . $eventData['entry_id'] . '"
><img src="' . $imgpath . 'spamblock_bayes.spam.png' . '" alt="" />' . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAM . '</a>
<span class="spamblockBayesRating">
<a href="serendipity_admin.php?serendipity[adminModule]=event_display&serendipity[adminAction]=spamblock_bayes&serendipity[subpage]=4&serendipity[comments][' . $comment['id'] . ']">
<span id="' . $comment['id'] . '_rating">' . preg_replace('/\\..*/', '', $this->startClassify($comment) * 100) . '%</span>
</a>
<img src="' . serendipity_getTemplateFile('admin/img/admin_msg_note.png') . '" title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_RATING_EXPLANATION . '" />
</span>
';
} else {
$eventData['action_more'] = '<ul id="bayes_actions" class="plainList clearfix actions">
<li>
<a id="ham' . $comment['id'] . '"
class="button_link spamblockBayesControls"
onclick="return ham(' . $comment['id'] . ');"
title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . ': ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAM . '"
href="' . $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=approve&category=ham&id=' . $eventData['id'] . '&entry_id=' . $eventData['entry_id'] . '"
><span class="icon-ok-circled"></span><span class="visuallyhidden"> ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAM . '</span></a>
</li>
<li>
<a id="spam' . $comment['id'] . '"
class="button_link spamblockBayesControls"
onclick="return spam(' . $comment['id'] . ');"
title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . ': ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAM . '"
href="' . $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=delete&category=spam&id=' . $eventData['id'] . '&entry_id=' . $eventData['entry_id'] . '"
><span class="icon-cancel"></span><span class="visuallyhidden"> ' . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAM . '</span></a>
</li>
<li class="bayes_spamrating">
<a href="serendipity_admin.php?serendipity[adminModule]=event_display&serendipity[adminAction]=spamblock_bayes&serendipity[subpage]=4&serendipity[comments][' . $comment['id'] . ']" title="' . PLUGIN_EVENT_SPAMBLOCK_BAYES_RATING_EXPLANATION . '">
<span id="' . $comment['id'] . '_rating"> ' . preg_replace('/\\..*/', '', $this->startClassify($comment) * 100) . '%</span>
</a>
</li>
</ul>
';
}
return true;
break;
case 'backend_sendcomment':
$delete = PLUGIN_EVENT_SPAMBLOCK_BAYES_DELETE . ': ';
$delete .= $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=delete&category=spam&id=' . $eventData['comment_id'] . '&entry_id=' . $eventData['entry_id'];
$eventData['action_more']['delete'] = $delete;
if (!empty($eventData['moderate_comment']) && $eventData['moderate_comment']) {
$approve = PLUGIN_EVENT_SPAMBLOCK_BAYES_APPROVE . ': ';
$approve .= $serendipity['baseURL'] . 'index.php?/plugin/learnAction&action=approve&category=ham&id=' . $eventData['comment_id'] . '&entry_id=' . $eventData['entry_id'];
$eventData['action_more']['approve'] = $approve;
}
return true;
break;
case 'backend_comments_top':
$path = $this->path = $this->get_config('path', $serendipity['serendipityHTTPPath'] . 'plugins/serendipity_event_spamblock_bayes/');
if (!empty($path) && $path != 'default' && $path != 'none' && $path != 'empty') {
$path_defined = true;
$imgpath = $path . 'img/';
} else {
$path_defined = false;
$imgpath = $serendipity['baseURL'] . 'index.php?/plugin/';
}
echo "<style>\n .spamblockBayesControls {\n cursor: pointer;\n }\n .spamblockBayesRating {\n float: right;\n }\n .spamblockBayesRating img {\n vertical-align: middle;\n }\n </style>\n <script>\n var learncommentPath = '{$serendipity['baseURL']}index.php?/plugin/learncomment';\n var ratingPath = '{$serendipity['baseURL']}index.php?/plugin/getRating';\n var bayesCharset = '" . LANG_CHARSET . "';\n var bayesDone = '" . DONE . "';\n var bayesHelpImage = '" . serendipity_getTemplateFile('admin/img/admin_msg_note.png') . "';\n var bayesHelpTitle = '" . PLUGIN_EVENT_SPAMBLOCK_BAYES_RATING_EXPLANATION . "';\n var bayesLoadIndicator = '{$imgpath}spamblock_bayes.load.gif';\n var bayesSpambutton = '" . PLUGIN_EVENT_SPAMBLOCK_BAYES_SPAMBUTTON . "';\n var bayesHambutton = '" . PLUGIN_EVENT_SPAMBLOCK_BAYES_HAMBUTTON . "';\n var bayesPlugin = '" . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . "';\n </script>\n <script type=\"text/javascript\" src=\"{$path}bayes_commentlist.js\"></script>\n ";
return true;
break;
case 'backend_sidebar_entries':
if (!serendipity_checkPermission('adminComments')) {
break;
}
if ($serendipity['version'][0] == '1') {
if ($this->get_config('menu', true)) {
echo '<li class="serendipitySideBarMenuLink serendipitySideBarMenuEntryLinks">
<a href="?serendipity[adminModule]=event_display&serendipity[adminAction]=spamblock_bayes&serendipity[subpage]=1">
' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . '
</a>
</li>';
}
} else {
}
return true;
break;
case 'backend_sidebar_admin_appearance':
if (!serendipity_checkPermission('adminComments')) {
break;
}
if ($serendipity['version'][0] == '1') {
} else {
if ($this->get_config('menu', true)) {
echo '<li><a href="?serendipity[adminModule]=event_display&serendipity[adminAction]=spamblock_bayes&serendipity[subpage]=1">' . PLUGIN_EVENT_SPAMBLOCK_BAYES_NAME . '</a></li>';
}
}
return true;
break;
case 'backend_sidebar_entries_event_display_spamblock_bayes':
if (!serendipity_checkPermission('adminComments')) {
break;
}
$path = $this->path = $this->get_config('path', $serendipity['serendipityHTTPPath'] . 'plugins/serendipity_event_spamblock_bayes/');
if (!empty($path) && $path != 'default' && $path != 'none' && $path != 'empty') {
$path_defined = true;
$imgpath = $path . 'img/';
} else {
$path_defined = false;
$imgpath = $serendipity['baseURL'] . 'index.php?/plugin/';
}
global $serendipity;
if (isset($serendipity['GET']['message'])) {
if ($serendipity['version'][0] == '1') {
echo '<p class="serendipityAdminMsgNote">' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['message']) : htmlspecialchars($serendipity['GET']['message'], ENT_COMPAT, LANG_CHARSET)) . '</p>';
} else {
echo '<span class="msg_notice"><span class="icon-info-circled"></span> ' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['message']) : htmlspecialchars($serendipity['GET']['message'], ENT_COMPAT, LANG_CHARSET)) . '</span>';
}
}
if (isset($serendipity['GET']['success'])) {
if ($serendipity['version'][0] == '1') {
echo '<p class="serendipityAdminMsgSuccess">' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['success']) : htmlspecialchars($serendipity['GET']['success'], ENT_COMPAT, LANG_CHARSET)) . '</p>';
} else {
echo '<span class="msg_success"><span class="icon-ok-circled"></span> ' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['success']) : htmlspecialchars($serendipity['GET']['success'], ENT_COMPAT, LANG_CHARSET)) . '</span>';
}
}
if (isset($serendipity['GET']['error'])) {
if ($serendipity['version'][0] == '1') {
echo '<p class="serendipityAdminMsgError">' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['error']) : htmlspecialchars($serendipity['GET']['error'], ENT_COMPAT, LANG_CHARSET)) . '</p>';
} else {
echo '<span class="msg_error"><span class="icon-attention-circled"></span> ' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($serendipity['GET']['error']) : htmlspecialchars($serendipity['GET']['error'], ENT_COMPAT, LANG_CHARSET)) . '</span>';
}
}
$this->get = $serendipity['GET'];
$this->displayMenu($serendipity['GET']['subpage']);
return true;
break;
case 'xmlrpc_comment_spam':
$entry_id = $addData['id'];
$comment_id = $addData['cid'];
if ($this->get_config('method', 'moderate') == 'custom') {
$spamBarrier = min(array($this->get_config('moderateBarrier', 70) / 100, $this->get_config('blockBarrier', 90) / 100));
} else {
$spamBarrier = 0.7;
}
//spam shall not get through the filter twice - so make sure, it really is marked as spam
$loop = 0;
while ($this->startClassify($eventData) < $spamBarrier && $loop < 5) {
$this->startLearn($eventData, 'spam');
//prevent infinite loop
$loop++;
}
if ($this->get_config('recycler', true)) {
$this->recycleComment($comment_id, $entry_id);
}
serendipity_deleteComment($comment_id, $entry_id);
return true;
break;
case 'xmlrpc_comment_ham':
$this->startLearn($eventData, 'ham');
$comment_id = $addData['cid'];
$entry_id = $addData['id'];
//moderated ham-comments should be instantly approved, that's why they need an id:
serendipity_approveComment($comment_id, $entry_id);
return true;
break;
default:
return false;
break;
}
} else {
return false;
}
}
<?php
if (IN_serendipity !== true) {
die("Don't hack!");
}
$probelang = dirname(__FILE__) . '/' . $serendipity['charset'] . 'lang_' . $serendipity['lang'] . '.inc.php';
if (file_exists($probelang)) {
include $probelang;
}
include dirname(__FILE__) . '/lang_en.inc.php';
$serendipity['smarty']->assign(array('currpage' => "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']));
$template_config = array(array('var' => 'feedburner', 'name' => FEEDBURNER_102, 'type' => 'string', 'default' => ''), array('var' => 'delicious', 'name' => DELICIOUS_102, 'type' => 'string', 'default' => ''), array('var' => 'flickr', 'name' => 'flickr URI', 'type' => 'string', 'default' => ''), array('var' => 'technorati', 'name' => 'technorati URI', 'type' => 'string', 'default' => ''), array('var' => 'addthiswidget', 'name' => 'addthis.com Bookmark Widget', 'type' => 'boolean', 'default' => 'false'), array('var' => 'addthisaccount', 'name' => 'addthis.com Account', 'type' => 'string', 'default' => ''), array('var' => 'amount', 'name' => NAVLINK_AMOUNT, 'type' => 'string', 'default' => '5'));
$template_loaded_config = serendipity_loadThemeOptions($template_config, $serendipity['smarty_vars']['template_option']);
if (isset($_POST['serendipity']['template']['amount']) && serendipity_userLoggedIn() && serendipity_checkPermission('adminTemplates')) {
$temp_post = $_POST['serendipity']['template']['amount'];
if (is_numeric($temp_post)) {
$template_loaded_config['amount'] = $temp_post;
}
}
$navlinks = array();
for ($i = 0; $i < $template_loaded_config['amount']; $i++) {
$navlinks[] = array('title' => $template_loaded_config['navlink' . $i . 'text'], 'href' => $template_loaded_config['navlink' . $i . 'url'], 'akey' => $template_loaded_config['navlink' . $i . 'key']);
$template_config[] = array('var' => 'navlink' . $i . 'text', 'name' => NAV_LINK_TEXT . ' #' . $i, 'type' => 'string', 'default' => 'Link #' . $i);
$template_config[] = array('var' => 'navlink' . $i . 'url', 'name' => NAV_LINK_URL . ' #' . $i, 'type' => 'string', 'default' => '#');
$template_config[] = array('var' => 'navlink' . $i . 'key', 'name' => NAV_LINK_KEY . ' #' . $i, 'type' => 'string', 'default' => $i);
}
$serendipity['smarty']->assign_by_ref('navlinks', $navlinks);
function showElementCommentlist($where, $limit)
{
global $serendipity;
$summaryLength = 200;
$i = 0;
if (version_compare(substr($serendipity['version'], 0, 3), '1.6') >= 0) {
$comments = serendipity_fetchComments(null, $limit, 'co.id DESC', true, 'NORMAL', $where);
} else {
$comments = serendipity_db_query("SELECT c.*, e.title FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n WHERE 1 = 1 " . $where . (!serendipity_checkPermission('adminEntriesMaintainOthers') ? 'AND e.authorid = ' . (int) $serendipity['authorid'] : '') . "\n ORDER BY c.id DESC LIMIT {$limit}");
}
if (!is_array($comments)) {
return;
}
if (count($comments) == 0) {
return;
}
echo '<table width="100%" cellpadding="3" border="0" cellspacing="0">';
foreach ($comments as $rs) {
$i++;
$comment = array('fullBody' => $rs['body'], 'summary' => serendipity_mb('substr', $rs['body'], 0, $summaryLength), 'status' => $rs['status'], 'type' => $rs['type'], 'id' => $rs['id'], 'title' => $rs['title'], 'timestamp' => $rs['timestamp'], 'referer' => $rs['referer'], 'url' => $rs['url'], 'ip' => $rs['ip'], 'entry_url' => serendipity_archiveURL($rs['entry_id'], $rs['title']), 'email' => $rs['email'], 'author' => empty($rs['author']) ? ANONYMOUS : $rs['author'], 'entry_id' => $rs['entry_id']);
$entrylink = serendipity_archiveURL($comment['entry_id'], 'comments', 'serendipityHTTPPath', true) . '#c' . $comment['id'];
if (strlen($comment['fullBody']) > strlen($comment['summary'])) {
$comment['summary'] .= ' ...';
$comment['excerpt'] = true;
// When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML.
$comment['fullBody'] = nl2br(function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['fullBody']) : htmlspecialchars($comment['fullBody'], ENT_COMPAT, LANG_CHARSET));
$comment['summary'] = nl2br(strip_tags($comment['summary']));
} else {
$comment['excerpt'] = false;
$comment['fullBody'] = $comment['summary'] = nl2br(function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['fullBody']) : htmlspecialchars($comment['fullBody'], ENT_COMPAT, LANG_CHARSET));
}
#serendipity_plugin_api::hook_event('backend_view_comment', $comment, '&serendipity[page]='. $page . $searchString);
$class = 'serendipity_admin_list_item_' . ($i % 2 == 0 ? 'even' : 'uneven');
if ($comment['status'] == 'pending' || $comment['status'] === 'confirm') {
$class .= ' serendipity_admin_comment_pending';
}
$header_class = $comment['status'] == 'pending' || $comment['status'] === 'confirm' ? 'serendipityAdminMsgNote serendipity_admin_comment_pending_header' : '';
?>
<tr>
<td class="<?php
echo $header_class;
?>
">
<?php
if ($header_class == 'serendipityAdminMsgNote serendipity_admin_comment_pending_header') {
?>
<img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="<?php
echo serendipity_getTemplateFile('admin/img/admin_msg_note.png');
?>
" alt="" />
<?php
}
?>
<a name="c<?php
echo $comment['id'];
?>
"></a>
<?php
echo ($comment['type'] == 'NORMAL' ? COMMENT : ($comment['type'] == 'TRACKBACK' ? TRACKBACK : PINGBACK)) . ' #' . $comment['id'] . ', ' . IN_REPLY_TO . ' <strong><a href="' . $comment['entry_url'] . '">' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['title']) : htmlspecialchars($comment['title'], ENT_COMPAT, LANG_CHARSET)) . '</a></strong>, ' . ON . ' ' . serendipity_formatTime('%b %e %Y, %H:%M', $comment['timestamp']);
?>
</td>
</tr>
<tr>
<td class="serendipity_admin_list_item <?php
echo $class;
?>
" id="comment_<?php
echo $comment['id'];
?>
">
<table width="100%" cellspacing="0" cellpadding="3" border="0">
<tr>
<td width="40%"><strong><?php
echo AUTHOR;
?>
</strong>: <?php
echo (function_exists('serendipity_specialchars') ? serendipity_specialchars(serendipity_truncateString($comment['author'], 30)) : htmlspecialchars(serendipity_truncateString($comment['author'], 30), ENT_COMPAT, LANG_CHARSET)) . $comment['action_author'];
?>
</td>
<td><strong><?php
echo EMAIL;
?>
</strong>:
<?php
if (empty($comment['email'])) {
echo 'N/A';
} else {
?>
<a href="mailto:<?php
echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['email']) : htmlspecialchars($comment['email'], ENT_COMPAT, LANG_CHARSET);
?>
" title="<?php
echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['email']) : htmlspecialchars($comment['email'], ENT_COMPAT, LANG_CHARSET);
?>
"><?php
echo function_exists('serendipity_specialchars') ? serendipity_specialchars(serendipity_truncateString($comment['email'], 30)) : htmlspecialchars(serendipity_truncateString($comment['email'], 30), ENT_COMPAT, LANG_CHARSET);
?>
</a>
<?php
}
?>
<?php
echo $comment['action_email'];
?>
</td>
</tr>
<tr>
<td width="40%"><strong>IP</strong>:
<?php
if (empty($comment['ip'])) {
echo '0.0.0.0';
} else {
echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['ip']) : htmlspecialchars($comment['ip'], ENT_COMPAT, LANG_CHARSET);
}
?>
<?php
echo $comment['action_ip'];
?>
</td>
<td><strong><?php
echo URL;
?>
</strong>:
<?php
if (empty($comment['url'])) {
echo 'N/A';
} else {
?>
<a href="<?php
echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['url']) : htmlspecialchars($comment['url'], ENT_COMPAT, LANG_CHARSET);
?>
" title="<?php
echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['url']) : htmlspecialchars($comment['url'], ENT_COMPAT, LANG_CHARSET);
?>
" target="_blank"><?php
echo function_exists('serendipity_specialchars') ? serendipity_specialchars(serendipity_truncateString($comment['url'], 30)) : htmlspecialchars(serendipity_truncateString($comment['url'], 30), ENT_COMPAT, LANG_CHARSET);
?>
</a>
<?php
}
?>
<?php
echo $comment['action_url'];
?>
</td>
</tr>
<tr>
<td width="40%"> </td>
<td><strong><?php
echo REFERER;
?>
</strong>:
<?php
if (empty($comment['referer'])) {
echo 'N/A';
} else {
?>
<a href="<?php
echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['referer']) : htmlspecialchars($comment['referer'], ENT_COMPAT, LANG_CHARSET);
?>
" title="<?php
echo function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['referer']) : htmlspecialchars($comment['referer'], ENT_COMPAT, LANG_CHARSET);
?>
" target="_blank"><?php
echo function_exists('serendipity_specialchars') ? serendipity_specialchars(serendipity_truncateString($comment['referer'], 30)) : htmlspecialchars(serendipity_truncateString($comment['referer'], 30), ENT_COMPAT, LANG_CHARSET);
?>
</a>
<?php
}
?>
<?php
echo $comment['action_referer'];
?>
</td>
<tr>
<td style="border-top: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC" colspan="3">
<div id="<?php
echo $comment['id'];
?>
_summary"><?php
echo $comment['summary'];
?>
</div>
<div id="<?php
echo $comment['id'];
?>
_full" style="display: none"><?php
echo $comment['fullBody'];
?>
</div>
</td>
</tr>
</table>
<?php
if (($comment['status'] == 'pending' || $comment['status'] === 'confirm') && !serendipity_db_bool($this->get_config('read_only'))) {
?>
<a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=approve&serendipity[id]=<?php
echo $comment['id'];
?>
&<?php
echo serendipity_setFormToken('url');
?>
" class="serendipityIconLink" title="<?php
echo APPROVE;
?>
"><img src="<?php
echo serendipity_getTemplateFile('admin/img/accept.png');
?>
" alt="<?php
echo APPROVE;
?>
" /><?php
echo APPROVE;
?>
</a>
<?php
}
?>
<?php
if ($comment['status'] == 'approved' && !serendipity_db_bool($this->get_config('read_only'))) {
?>
<a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=pending&serendipity[id]=<?php
echo $comment['id'];
?>
&<?php
echo serendipity_setFormToken('url');
?>
" class="serendipityIconLink" title="<?php
echo SET_TO_MODERATED;
?>
"><img src="<?php
echo serendipity_getTemplateFile('admin/img/clock.png');
?>
" alt="<?php
echo SET_TO_MODERATED;
?>
" /><?php
echo SET_TO_MODERATED;
?>
</a>
<?php
}
?>
<?php
if ($comment['excerpt']) {
?>
<a href="#c<?php
echo $comment['id'];
?>
" onclick="FT_toggle(<?php
echo $comment['id'];
?>
); return false;" title="<?php
echo VIEW;
?>
" class="serendipityIconLink"><img src="<?php
echo serendipity_getTemplateFile('admin/img/zoom.png');
?>
" alt="<?php
echo TOGGLE_ALL;
?>
" /><span id="<?php
echo $comment['id'];
?>
_text"><?php
echo TOGGLE_ALL;
?>
</span></a>
<?php
}
?>
<a target="_blank" href="<?php
echo $entrylink;
?>
" title="<?php
echo VIEW;
?>
" class="serendipityIconLink"><img src="<?php
echo serendipity_getTemplateFile('admin/img/zoom.png');
?>
" alt="<?php
echo VIEW;
?>
" /><?php
echo VIEW;
?>
</a>
<a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=edit&serendipity[id]=<?php
echo $comment['id'];
?>
&serendipity[entry_id]=<?php
echo $comment['entry_id'];
?>
&<?php
echo serendipity_setFormToken('url');
?>
" title="<?php
echo EDIT;
?>
" class="serendipityIconLink"><img src="<?php
echo serendipity_getTemplateFile('admin/img/edit.png');
?>
" alt="<?php
echo EDIT;
?>
" /><?php
echo EDIT;
?>
</a>
<?php
if (!serendipity_db_bool($this->get_config('read_only'))) {
?>
<a href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=delete&serendipity[id]=<?php
echo $comment['id'];
?>
&serendipity[entry_id]=<?php
echo $comment['entry_id'];
?>
&<?php
echo serendipity_setFormToken('url');
?>
" onclick='return confirm("<?php
echo sprintf(COMMENT_DELETE_CONFIRM, $comment['id'], function_exists('serendipity_specialchars') ? serendipity_specialchars($comment['author']) : htmlspecialchars($comment['author'], ENT_COMPAT, LANG_CHARSET));
?>
")' title="<?php
echo DELETE;
?>
" class="serendipityIconLink"><img src="<?php
echo serendipity_getTemplateFile('admin/img/delete.png');
?>
" alt="<?php
echo DELETE;
?>
" /><?php
echo DELETE;
?>
</a>
<?php
}
?>
<a target="_blank" onclick="cf = window.open(this.href, 'CommentForm', 'width=800,height=600,toolbar=no,scrollbars=1,scrollbars,resize=1,resizable=1'); cf.focus(); return false;" href="?serendipity[action]=admin&serendipity[adminModule]=comments&serendipity[adminAction]=reply&serendipity[id]=<?php
echo $comment['id'];
?>
&serendipity[entry_id]=<?php
echo $comment['entry_id'];
?>
&serendipity[noBanner]=true&serendipity[noSidebar]=true&<?php
echo serendipity_setFormToken('url');
?>
" title="<?php
echo REPLY;
?>
" class="serendipityIconLink"><img src="<?php
echo serendipity_getTemplateFile('admin/img/user_editor.png');
?>
" alt="<?php
echo REPLY;
?>
" /><?php
echo REPLY;
?>
</a>
<?php
echo $comment['action_more'];
?>
</td>
</tr>
<?php
}
echo '</table>';
}
<?php
# $Id$
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die("Don't hack!");
}
if (!serendipity_checkPermission('adminTemplates')) {
return;
}
class template_option
{
var $config = null;
var $values = null;
var $keys = null;
function introspect_config_item($item, &$bag)
{
foreach ($this->config[$item] as $key => $val) {
$bag->add($key, $val);
}
}
function get_config($item)
{
return $this->values[$item];
}
function set_config($item, $value)
{
global $serendipity;
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options\n WHERE okey = 't_" . serendipity_db_escape_string($serendipity['template']) . "'\n AND name = '" . serendipity_db_escape_string($item) . "'");
if ($this->config[$item]['scope'] == 'global') {
/**
* Get a list of Sidebar plugins and pass them to Smarty
*
* @access public
* @param string The side of plugins to show (left/right/hide/event/eventh)
* @param string deprecated: Indicated which wrapping HTML element to use for plugins
* @param boolean Indicates whether only all plugins should be shown that are not in the $side list
* @param string Only show plugins of this plugin class
* @param string Only show a plugin with this instance ID
* @return string Smarty HTML output
*/
function generate_plugins($side, $tag = '', $negate = false, $class = null, $id = null, $tpl = 'sidebar.tpl')
{
global $serendipity;
/* $tag parameter is deprecated and used in Smarty templates instead. Only use it in function
* header for layout.php BC.
*/
$plugins = serendipity_plugin_api::enum_plugins($side, $negate, $class, $id);
if (!is_array($plugins)) {
return;
}
if (!isset($serendipity['smarty'])) {
$serendipity['smarty_raw_mode'] = true;
serendipity_smarty_init();
}
$pluginData = array();
$addData = func_get_args();
serendipity_plugin_api::hook_event('frontend_generate_plugins', $plugins, $addData);
if (count($plugins) == 0) {
$serendipity['prevent_sidebar_plugins_' . $side] = true;
}
$loggedin = false;
if (serendipity_userLoggedIn() && serendipity_checkPermission('adminPlugins')) {
$loggedin = true;
}
foreach ($plugins as $plugin_data) {
$plugin =& serendipity_plugin_api::load_plugin($plugin_data['name'], $plugin_data['authorid'], $plugin_data['path']);
if (is_object($plugin)) {
$class = get_class($plugin);
$title = '';
/* TODO: make generate_content NOT echo its output */
ob_start();
$show_plugin = $plugin->generate_content($title);
$content = ob_get_contents();
ob_end_clean();
if ($loggedin) {
$content .= '<div class="serendipity_edit_nugget"><a href="' . $serendipity['serendipityHTTPPath'] . 'serendipity_admin.php?serendipity[adminModule]=plugins&serendipity[plugin_to_conf]=' . htmlentities($plugin->instance) . '">' . EDIT . '</a></div>';
}
if ($show_plugin !== false) {
$pluginData[] = array('side' => $side, 'class' => $class, 'title' => $title, 'content' => $content, 'id' => $plugin->instance);
}
} else {
$pluginData[] = array('side' => $side, 'title' => ERROR, 'class' => $class, 'content' => sprintf(INCLUDE_ERROR, $plugin_data['name']));
}
}
serendipity_plugin_api::hook_event('frontend_sidebar_plugins', $pluginData, $addData);
$serendipity['smarty']->assign_by_ref('plugindata', $pluginData);
$serendipity['smarty']->assign('pluginside', ucfirst($side));
return serendipity_smarty_fetch('sidebar_' . $side, $tpl, true);
}
/**
* When paths or other options are changed in the s9y configuration, update the core files
*
* @access public
* @return boolean
*/
function serendipity_updateConfiguration()
{
global $serendipity, $umask;
// Save all basic config variables to the database
$config = serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE);
if (isset($_POST['sqlitedbName']) && !empty($_POST['sqlitedbName'])) {
$_POST['dbName'] = $_POST['sqlitedbName'];
}
// Password can be hidden in re-configuring, but we need to store old password
if (empty($_POST['dbPass']) && !empty($serendipity['dbPass'])) {
$_POST['dbPass'] = $serendipity['dbPass'];
}
foreach ($config as $category) {
foreach ($category['items'] as $item) {
/* Don't save trash */
if (!serendipity_checkConfigItemFlags($item, 'configuration')) {
continue;
}
if (!isset($item['userlevel'])) {
$item['userlevel'] = USERLEVEL_ADMIN;
}
// Check permission set. Changes to blogConfiguration or siteConfiguration items
// always required authorid = 0, so that it be not specific to a userlogin
if ($serendipity['serendipityUserlevel'] >= $item['userlevel'] || IS_installed === false) {
$authorid = 0;
} elseif ($item['permission'] == 'blogConfiguration' && serendipity_checkPermission('blogConfiguration')) {
$authorid = 0;
} elseif ($item['permission'] == 'siteConfiguration' && serendipity_checkPermission('siteConfiguration')) {
$authorid = 0;
} else {
$authorid = $serendipity['authorid'];
}
if (is_array($_POST[$item['var']])) {
// Arrays not allowed. Use first index value.
list($a_key, $a_val) = each($_POST[$item['var']]);
$_POST[$item['var']] = $a_key;
// If it still is an array, munge it all together.
if (is_array($_POST[$item['var']])) {
$_POST[$item['var']] = @implode(',', $_POST[$item['var']]);
}
}
serendipity_set_config_var($item['var'], $_POST[$item['var']], $authorid);
}
}
if (IS_installed === false || serendipity_checkPermission('siteConfiguration')) {
return serendipity_updateLocalConfig($_POST['dbName'], $_POST['dbPrefix'], $_POST['dbHost'], $_POST['dbUser'], $_POST['dbPass'], $_POST['dbType'], $_POST['dbPersistent']);
} else {
return true;
}
}
if ($bag->is_set('configuration')) {
/* Only play with the plugin if there is something to play with */
echo '<script type="text/javascript">location.href = \'' . $serendipity['baseurl'] . '?serendipity[adminModule]=plugins&serendipity[plugin_to_conf]=' . $inst . '\';</script>';
die;
} else {
/* If no config is available, redirect to plugin overview, because we do not want that a user can install the plugin a second time via accidental browser refresh */
echo '<script type="text/javascript">location.href = \'' . $serendipity['baseurl'] . '?serendipity[adminModule]=plugins\';</script>';
die;
}
}
}
if (isset($_POST['REMOVE']) && serendipity_checkFormToken()) {
if (is_array($_POST['serendipity']['plugin_to_remove'])) {
foreach ($_POST['serendipity']['plugin_to_remove'] as $key) {
$plugin =& serendipity_plugin_api::load_plugin($key);
if ($plugin->serendipity_owner == '0' || $plugin->serendipity_owner == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers')) {
serendipity_plugin_api::remove_plugin_instance($key);
}
}
}
}
?>
<?php
if (isset($_POST['SAVE'])) {
?>
<div class="serendipityAdminMsgSuccess"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="<?php
echo serendipity_getTemplateFile('admin/img/admin_msg_success.png');
?>
" alt="" /><?php
echo DONE . ': ' . sprintf(SETTINGS_SAVED_AT, serendipity_strftime('%H:%M:%S'));
/**
* Show the list of plugins
*
* Shows a HTML list of all installed plugins, complete with config/delete/sort order options
*
* @access public
* @param boolean Indicates if event plugins (TRUE) or sidebar plugins (FALSE) shall be shown
* @return null
*/
function show_plugins($event_only = false, $sidebars = null)
{
static $opts = array('event' => PLUGIN_ACTIVE, 'eventh' => PLUGIN_INACTIVE);
global $serendipity;
$sql_filter = '';
if (is_array($sidebars)) {
foreach ($sidebars as $sidebar) {
$up = strtoupper($sidebar);
if ($sidebar == 'hide') {
$opts[$sidebar] = HIDDEN;
} elseif (defined('SIDEBAR_' . $up)) {
$opts[$sidebar] = constant('SIDEBAR_' . $up);
} elseif (defined($up)) {
$opts[$sidebar] = constant($up);
} else {
$opts[$sidebar] = $up;
}
$sql_filter .= "AND placement != '" . serendipity_db_escape_string($sidebar) . "' ";
}
}
if (!$event_only) {
$sql = "SELECT * from {$serendipity['dbPrefix']}plugins\n WHERE placement != 'event'\n AND placement != 'eventh'\n " . $sql_filter;
$invisible_plugins = serendipity_db_query($sql);
if (is_array($invisible_plugins)) {
$sidebars[] = 'NONE';
$opts['NONE'] = NONE;
}
}
$eyecandy = !isset($serendipity['eyecandy']) || serendipity_db_bool($serendipity['eyecandy']);
if (!$eyecandy) {
echo ' <form action="?serendipity[adminModule]=plugins" method="post">';
} elseif (!$event_only) {
echo '<script type="text/javascript"> function templatePluginMoverInit() { ';
$is_first = true;
foreach ($sidebars as $sidebar) {
?>
<?php
echo $is_first ? 'var ' : '';
?>
list = document.getElementById("<?php
echo $sidebar;
?>
_col");
DragDrop.makeListContainer(list, 'g1');
list.onDragOver = function() { this.style["border"] = "1px solid #4d759b"; };
list.onDragOut = function() { this.style["border"] = "none"; };
<?php
$is_first = false;
}
echo ' } addLoadEvent(templatePluginMoverInit);</script>';
echo ' <form action="?serendipity[adminModule]=plugins" method="post" onsubmit="pluginMovergetSort(); return true">';
echo ' <input type="hidden" name="serendipity[pluginorder]" id="order" value="" />';
} else {
echo '<script type="text/javascript">addLoadEvent(pluginMoverInitEvent);</script>';
echo ' <form action="?serendipity[adminModule]=plugins" method="post" onsubmit="pluginMovergetSortEvent(); return true">';
echo ' <input type="hidden" name="serendipity[pluginorder]" id="eventorder" value="" />';
}
echo serendipity_setFormToken();
?>
<table class="pluginmanager" border="0" cellpadding="5" cellspacing="3" width="100%">
<tr>
<?php
$errors = array();
/* Block display the plugins per placement location. */
if ($event_only) {
$plugin_placements = array('event', 'eventh');
} else {
$plugin_placements = $sidebars;
}
$total = 0;
foreach ($plugin_placements as $plugin_placement) {
if (!$event_only && $plugin_placement == 'NONE') {
$is_invisible = true;
} else {
$is_invisible = false;
}
$ptitle = $opts[$plugin_placement];
$pid = $plugin_placement;
echo '<td class="pluginmanager_side pluginmanager_' . ($event_only ? 'event' : 'sidebar') . '">';
echo '<div class="heading">' . $ptitle . '</div>';
echo '<ol id="' . $pid . '_col" class="pluginmanager_container">';
if ($is_invisible) {
$plugins = $invisible_plugins;
} else {
$plugins = serendipity_plugin_api::enum_plugins($plugin_placement);
}
if (!is_array($plugins)) {
continue;
}
$sort_idx = 0;
foreach ($plugins as $plugin_data) {
$total++;
$plugin =& serendipity_plugin_api::load_plugin($plugin_data['name'], $plugin_data['authorid']);
$key = urlencode($plugin_data['name']);
$css_key = 's9ycid' . str_replace('%', '-', $key);
$is_plugin_owner = $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers');
$is_plugin_editable = $is_plugin_owner || $plugin_data['authorid'] == '0';
if (!is_object($plugin)) {
$name = $title = ERROR . '!';
$desc = ERROR . ': ' . $plugin_data['name'];
$can_configure = false;
} else {
/* query for its name, description and configuration data */
$bag = new serendipity_property_bag();
$plugin->introspect($bag);
$name = htmlspecialchars($bag->get('name'));
$desc = htmlspecialchars($bag->get('description'));
$desc .= '<br />' . VERSION . ': <em>' . $bag->get('version') . '</em>';
$title = serendipity_plugin_api::get_plugin_title($plugin, '[' . $name . ']');
if ($bag->is_set('configuration') && ($plugin->protected === FALSE || $plugin_data['authorid'] == '0' || $plugin_data['authorid'] == $serendipity['authorid'] || serendipity_checkPermission('adminPluginsMaintainOthers'))) {
$can_configure = true;
} else {
$can_configure = false;
}
}
if ($event_only) {
$place = placement_box('serendipity[placement][' . $plugin_data['name'] . ']', $plugin_data['placement'], $is_plugin_editable, true, $opts);
$event_only_uri = '&serendipity[event_plugin]=true';
} else {
$place = placement_box('serendipity[placement][' . $plugin_data['name'] . ']', $plugin_data['placement'], $is_plugin_editable, false, $opts);
$event_only_uri = '';
}
/* Only display UP/DOWN links if there's somewhere for the plugin to go */
if ($sort_idx == 0) {
$moveup = ' ';
} else {
$moveup = '<a href="?' . serendipity_setFormToken('url') . '&serendipity[adminModule]=plugins&submit=move+up&serendipity[plugin_to_move]=' . $key . $event_only_uri . '" style="border: 0"><img src="' . serendipity_getTemplateFile('admin/img/uparrow.png') . '" height="16" width="16" border="0" alt="' . UP . '" /></a>';
}
if ($sort_idx == count($plugins) - 1) {
$movedown = ' ';
} else {
$movedown = ($moveup != '' ? ' ' : '') . '<a href="?' . serendipity_setFormToken('url') . '&serendipity[adminModule]=plugins&submit=move+down&serendipity[plugin_to_move]=' . $key . $event_only_uri . '" style="border: 0"><img src="' . serendipity_getTemplateFile('admin/img/downarrow.png') . '" height="16" width="16" alt="' . DOWN . '" border="0" /></a>';
}
?>
<li class="pluginmanager_item_<?php
echo $sort_idx % 2 ? 'even' : 'uneven';
?>
" id="<?php
echo $css_key;
?>
">
<div id="g<?php
echo $css_key;
?>
" class="pluginmanager_grablet">
<a href="#" id="grab<?php
echo $css_key;
?>
"></a>
</div>
<?php
if ($is_plugin_editable) {
?>
<input class="input_checkbox" type="checkbox" name="serendipity[plugin_to_remove][]" value="<?php
echo $plugin_data['name'];
?>
" />
<?php
}
?>
<?php
if ($can_configure) {
?>
<a class="pluginmanager_configure" href="?serendipity[adminModule]=plugins&serendipity[plugin_to_conf]=<?php
echo $key;
?>
"><img src="<?php
echo serendipity_getTemplateFile('admin/img/configure.png');
?>
" style="border: 0; vertical-align: bottom;" alt="[C]" /></a>
<?php
}
?>
<span class="pluginmanager_title">
<?php
if ($can_configure) {
?>
<a title="<?php
echo $plugin_data['name'];
?>
" href="?serendipity[adminModule]=plugins&serendipity[plugin_to_conf]=<?php
echo $key;
?>
"><?php
echo $title;
?>
</a>
<?php
} else {
?>
<?php
echo $title;
?>
<?php
}
?>
</span><br />
<div class="pluginmanager_description" style="font-size: 8pt"><?php
echo $desc;
?>
</div>
<div class="pluginmanager_ownership"><?php
ownership($plugin_data['authorid'], $plugin_data['name'], $is_plugin_owner);
?>
</div>
<?php
echo $eyecandy ? '<noscript>' : '';
?>
<div class="pluginmanager_place"><?php
echo $place;
?>
</div>
<div class="pluginmanager_move"><?php
echo $moveup;
?>
<?php
echo $movedown;
?>
</div>
<?php
echo $eyecandy ? '</noscript>' : '';
?>
</li>
<?php
$sort_idx++;
}
echo '</ol></td>';
}
?>
</tr>
<tr>
<td colspan="3" align="right"><?php
printf(PLUGIN_AVAILABLE_COUNT, $total);
?>
</td>
</tr>
</table>
<br />
<div>
<input type="submit" name="REMOVE" title="<?php
echo DELETE;
?>
" value="<?php
echo REMOVE_TICKED_PLUGINS;
?>
" class="serendipityPrettyButton input_button" />
<input type="submit" name="SAVE" title="<?php
echo SAVE_CHANGES_TO_LAYOUT;
?>
" value="<?php
echo SAVE;
?>
" class="serendipityPrettyButton input_button" />
</div>
</form>
<?php
}
function showMediaLibrary($messages = false, $addvar_check = false, $smarty_vars = array())
{
global $serendipity;
if (!serendipity_checkPermission('adminImagesView')) {
return;
}
$output = "";
// After upload, do not show the list to be able to proceed to
// media selection.
if ($addvar_check && !empty($GLOBALS['image_selector_addvars'])) {
return true;
}
if (!isset($serendipity['thumbPerPage'])) {
$serendipity['thumbPerPage'] = 2;
}
$smarty_vars = array('textarea' => isset($serendipity['GET']['textarea']) ? $serendipity['GET']['textarea'] : false, 'htmltarget' => isset($serendipity['GET']['htmltarget']) ? $serendipity['GET']['htmltarget'] : '', 'filename_only' => isset($serendipity['GET']['filename_only']) ? $serendipity['GET']['filename_only'] : false);
$show_upload = isset($serendipity['GET']['showUpload']) ? $serendipity['GET']['showUpload'] : false;
$output .= serendipity_displayImageList(isset($serendipity['GET']['page']) ? $serendipity['GET']['page'] : 1, $serendipity['thumbPerPage'], isset($serendipity['GET']['showMediaToolbar']) ? serendipity_db_bool($serendipity['GET']['showMediaToolbar']) : true, NULL, $show_upload, NULL, $smarty_vars);
return $output;
}
function universal_updateComment($cid, $entry_id, $entry_authorid, &$comment)
{
global $serendipity;
// Check for adminEntriesMaintainOthers
if ($entry_authorid != $serendipity['authorid'] && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
return false;
// wrong user having no adminEntriesMaintainOthers right
}
$sql = "UPDATE {$serendipity['dbPrefix']}comments\n SET\n author = '" . serendipity_db_escape_string($comment['author']) . "',\n email = '" . serendipity_db_escape_string($comment['email']) . "',\n url = '" . serendipity_db_escape_string($comment['url']) . "',\n body = '" . serendipity_db_escape_string($comment['body']) . "'\n WHERE id = " . (int) $cid . " AND entry_id = " . (int) $entry_id;
serendipity_db_query($sql);
serendipity_plugin_api::hook_event('backend_updatecomment', $comment, $cid);
return true;
}
global $serendipity;
$data = array();
switch ($serendipity['POST']['adminAction']) {
case 'publish':
if (!serendipity_checkFormToken()) {
break;
}
$success = serendipity_updertEntry(array('id' => serendipity_specialchars($serendipity['POST']['id']), 'timestamp' => time(), 'isdraft' => 0));
if (is_numeric($success)) {
$data['published'] = $success;
} else {
$data['error_publish'] = $success;
}
break;
case 'updateCheckDisable':
if (!serendipity_checkFormToken() || !serendipity_checkPermission('blogConfiguration')) {
break;
}
serendipity_set_config_var('updateCheck', false);
break;
}
$user = serendipity_fetchAuthor($serendipity['authorid']);
// chrome-compatible, from Oliver Gassner, adapted from TextPattern. Hi guys, keep it up. :-)
$bookmarklet = "javascript:var%20d=document,w=window,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),f='" . $serendipity['baseURL'] . "',l=d.location,e=encodeURIComponent,p='serendipity_admin.php?serendipity[adminModule]=entries&serendipity[adminAction]=new&serendipity[title]='+e(d.title)+'&serendipity[body]='+e(s)+'&serendipity[url]='+location.href,u=f+p;a=function(){%20%20if(!w.open(u,'t','toolbar=0,resizable=1,scrollbars=1,status=1,width=800,height=800'))%20%20%20%20l.href=u;};if(/Firefox/.test(navigator.userAgent))%20%20setTimeout(a,0);else%20%20a();void(0)";
$data['bookmarklet'] = $bookmarklet;
$data['username'] = $user[0]['realname'];
$data['js_failure_file'] = serendipity_getTemplateFile('admin/serendipity_editor.js');
$output = array();
serendipity_plugin_api::hook_event('backend_frontpage_display', $output);
$data['backend_frontpage_display'] = $output['more'];
$data['usedVersion'] = $serendipity['version'];
function template_options($template, $catid)
{
global $serendipity, $template_config;
if (!serendipity_checkPermission('adminTemplates')) {
return;
}
$template = str_replace('.', '', urldecode($template));
$catid = (int) $catid;
$tpl_path = $serendipity['serendipityPath'] . $serendipity['templatePath'] . $template;
if (!is_dir($tpl_path)) {
return false;
}
$serendipity['GET']['adminModule'] == 'templates';
$serendipity['smarty_vars']['template_option'] = $template . '_' . $catid;
echo '<h3>' . STYLE_OPTIONS . '</h3>';
if (file_exists($tpl_path . '/config.inc.php')) {
serendipity_smarty_init();
include_once $tpl_path . '/config.inc.php';
}
if (is_array($template_config)) {
serendipity_plugin_api::hook_event('backend_templates_configuration_top', $template_config);
if ($serendipity['POST']['adminSubAction'] == 'configure') {
foreach ($serendipity['POST']['template'] as $option => $value) {
categorytemplate_option::set_config($option, $value, $serendipity['smarty_vars']['template_option']);
}
echo '<div class="serendipityAdminMsgSuccess"><img style="height: 22px; width: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_success.png') . '" alt="" />' . DONE . ': ' . sprintf(SETTINGS_SAVED_AT, serendipity_strftime('%H:%M:%S')) . '</div>';
}
echo '<form method="post" action="serendipity_admin.php">';
echo '<input type="hidden" name="serendipity[adminModule]" value="templates" />';
echo '<input type="hidden" name="serendipity[adminSubAction]" value="configure" />';
echo '<input type="hidden" name="serendipity[adminAction]" value="cattemplate" />';
echo '<input type="hidden" name="serendipity[adminModule]" value="event_display" />';
echo '<input type="hidden" name="serendipity[catid]" value="' . $catid . '" />';
echo '<input type="hidden" name="serendipity[cat_template]" value="' . urlencode($template) . '" />';
include S9Y_INCLUDE_PATH . 'include/functions_plugins_admin.inc.php';
$template_vars =& serendipity_loadThemeOptions($template_config, $serendipity['smarty_vars']['template_option']);
$template_options = new categorytemplate_option();
$template_options->import($template_config);
$template_options->values =& $template_vars;
serendipity_plugin_config($template_options, $template_vars, $serendipity['template'], $serendipity['template'], $template_options->keys, true, true, true, true, 'template');
echo '</form><br />';
serendipity_plugin_api::hook_event('backend_templates_configuration_bottom', $template_config);
} else {
echo '<p>' . STYLE_OPTIONS_NONE . '</p>';
serendipity_plugin_api::hook_event('backend_templates_configuration_none', $template_config);
}
}
<?php
# $Id: entries.inc.php 2546 2009-07-10 15:45:18Z garvinhicking $
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die("Don't hack!");
}
if (!serendipity_checkPermission('adminEntries')) {
return;
}
$sort_order = array('timestamp' => DATE, 'isdraft' => PUBLISH . '/' . DRAFT, 'a.realname' => AUTHOR, 'category_name' => CATEGORY, 'last_modified' => LAST_UPDATED, 'title' => TITLE, 'id' => 'ID');
$per_page = array('12', '16', '50', '100');
/**
* Shows the entry panel overview
*
* Shows a list of existing entries, with pagination and cookie-remember settings.
*
* @access public
* @return null
*/
function serendipity_drawList()
{
global $serendipity, $sort_order, $per_page;
$filter_import = array('author', 'category', 'isdraft');
$sort_import = array('perPage', 'ordermode', 'order');
foreach ($filter_import as $f_import) {
serendipity_restoreVar($serendipity['COOKIE']['entrylist_filter_' . $f_import], $serendipity['GET']['filter'][$f_import]);
serendipity_JSsetCookie('entrylist_filter_' . $f_import, $serendipity['GET']['filter'][$f_import]);
}
foreach ($sort_import as $s_import) {
echo DIAGNOSTIC_ERROR;
echo '<div class="serendipityAdminMsgError">- <img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . implode('<br />', $res) . '</div><br /><br />';
} else {
/* If we have new rewrite rules, then install them */
$permalinkOld = array($oldConfig['serendipityHTTPPath'], $oldConfig['serendipityPath'], $oldConfig['baseURL'], $oldConfig['indexFile'], $oldConfig['rewrite']);
$permalinkNew = array($serendipity['serendipityHTTPPath'], $serendipity['serendipityPath'], $serendipity['baseURL'], $serendipity['indexFile'], $serendipity['rewrite']);
// Compare all old permalink section values against new one. A change in any of those
// will force to update the .htaccess for rewrite rules.
$permconf = serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE);
if (is_array($permconf) && is_array($permconf['permalinks']['items'])) {
foreach ($permconf['permalinks']['items'] as $permitem) {
$permalinkOld[] = $oldConfig[$permitem['var']];
$permalinkNew[] = $serendipity[$permitem['var']];
}
}
if (serendipity_checkPermission('siteConfiguration') && serialize($permalinkOld) != serialize($permalinkNew)) {
printf(ATTEMPT_WRITE_FILE, $serendipity['serendipityPath'] . '.htaccess');
$res = serendipity_installFiles($serendipity['serendipityPath']);
if (is_array($res)) {
echo implode('<br />', $res);
} else {
echo DONE . '<br />';
}
serendipity_buildPermalinks();
}
echo '<br /><div class="serendipityAdminMsgSuccess"><img style="height: 22px; width: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_success.png') . '" alt="" />' . WRITTEN_N_SAVED . '</div>';
}
break;
default:
$from =& $serendipity;
$t = serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE);
if (!serendipity_checkPermission('adminEntries')) {
break;
}
include S9Y_INCLUDE_PATH . 'include/admin/entries.inc.php';
$admin_section = ADMIN_ENTRIES;
break;
case 'comments':
if (!serendipity_checkPermission('adminComments')) {
break;
}
include S9Y_INCLUDE_PATH . 'include/admin/comments.inc.php';
$admin_section = COMMENTS;
break;
case 'category':
case 'categories':
if (!serendipity_checkPermission('adminCategories')) {
break;
}
include S9Y_INCLUDE_PATH . 'include/admin/category.inc.php';
$admin_section = CATEGORIES;
break;
case 'logout':
echo LOGGEDOUT;
break;
case 'event_display':
if ($serendipity['no_create'] !== true) {
serendipity_plugin_api::hook_event('backend_sidebar_entries_event_display_' . $serendipity['GET']['adminAction'], $serendipity);
}
break;
case 'maintenance':
include S9Y_INCLUDE_PATH . 'include/admin/maintenance.inc.php';
/**
* Delete an entry and everything that belongs to it (comments)
*
* @access public
* @param int The Entry ID to delete
* @return mixed FALSE or NULL on error
*/
function serendipity_deleteEntry($id)
{
global $serendipity;
if (!is_numeric($id)) {
return false;
}
// Purge the daily/monthly entries so they can be rebuilt
$result = serendipity_db_query("SELECT timestamp, authorid FROM {$serendipity['dbPrefix']}entries WHERE id = '" . (int) $id . "'", true);
if ($result[1] != $serendipity['authorid'] && !serendipity_checkPermission('adminEntriesMaintainOthers')) {
// Only admins and chief users can delete entries which do not belong to the author
return;
}
serendipity_purgeEntry($id, $result[0]);
serendipity_plugin_api::hook_event('backend_delete_entry', $id);
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entries WHERE id={$id}");
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entrycat WHERE entryid={$id}");
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid={$id}");
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}comments WHERE entry_id={$id}");
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}references WHERE entry_id='{$id}' AND type = ''");
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}permalinks WHERE entry_id='{$id}'");
}