function end_page() { global $txp_user, $event, $app_mode, $theme; if ($app_mode != 'async' && $event != 'tag') { echo $theme->footer(); callback_event('admin_side', 'body_end'); echo n . '</body>' . n . '</html>'; } }
/** * Render the admin-side theme's footer partial via the "admin_side" > "footer" pluggable UI. * and send the "admin_side" > "body_end" event. */ function end_page() { global $txp_user, $event, $app_mode, $theme, $textarray_script; if ($app_mode != 'async' && $event != 'tag') { echo '</div><!-- /txp-body --><div class="txp-footer">'; echo pluggable_ui('admin_side', 'footer', $theme->footer()); callback_event('admin_side', 'body_end'); echo n . script_js('textpattern.textarray = ' . json_encode($textarray_script)) . n . '</div><!-- /txp-footer --></body>' . n . '</html>'; } }
/** * Renders the admin-side footer. * * The footer's default markup is provided by a theme. It can * be further customized via the "admin_side > footer" pluggable * UI callback event. * * In addition to the pluggable UI, this function also calls callback * events "admin_side > main_content_end" and "admin_side > body_end". */ function end_page() { global $event, $app_mode, $theme, $textarray_script; if ($app_mode != 'async' && $event != 'tag') { callback_event('admin_side', 'main_content_end'); echo n . '</main><!-- /txp-body -->' . n . '<footer role="contentinfo" class="txp-footer">'; echo pluggable_ui('admin_side', 'footer', $theme->footer()); callback_event('admin_side', 'body_end'); echo script_js('textpattern.textarray = ' . json_encode($textarray_script)) . n . '</footer><!-- /txp-footer -->' . n . '</body>' . n . '</html>'; } }
function end_page() { global $txp_user, $event; if ($event != 'tag') { echo '<div id="end_page">', navPop() . n, '<a href="http://www.textpattern.com"><img src="txp_img/carver.gif" width="60" height="48" border="0" alt="" /></a>' . n; echo graf('Textpattern · ' . txp_version) . n; echo $txp_user ? graf(gTxt('logged_in_as') . ' ' . span(htmlspecialchars($txp_user)) . br . '<a href="index.php?logout=1">' . gTxt('logout') . '</a>', ' id="moniker"') . n . '</div>' : '</div>'; callback_event('admin_side', 'body_end'); echo n . '</body>' . n . '</html>'; } }
function log_hit($status) { global $nolog, $logging; callback_event('log_hit'); if (!isset($nolog) && $status != '404') { if ($logging == 'refer') { logit('refer', $status); } elseif ($logging == 'all') { logit('', $status); } } }
/** * Renders the admin-side footer. * * The footer's default markup is provided by a theme. It can be further * customised via the "admin_side > footer" pluggable UI callback event. * * In addition to the pluggable UI, this function also calls callback events * "admin_side > main_content_end" and "admin_side > body_end". */ function end_page() { global $event, $app_mode, $theme, $textarray_script; if ($app_mode != 'async' && $event != 'tag') { callback_event('admin_side', 'main_content_end'); echo n . '</main><!-- /txp-body -->' . n . '<footer class="txp-footer">'; echo pluggable_ui('admin_side', 'footer', $theme->footer()); callback_event('admin_side', 'body_end'); gTxtScript(array('password_strength_0', 'password_strength_1', 'password_strength_2', 'password_strength_3', 'password_strength_4'), array(), array('admin', 'new_pass_form')); echo script_js('vendors/dropbox/zxcvbn/zxcvbn.js', TEXTPATTERN_SCRIPT_URL, array('admin', 'new_pass_form')) . script_js('textpattern.textarray = ' . json_encode($textarray_script)) . n . '</footer><!-- /txp-footer -->' . n . '</body>' . n . '</html>'; } }
function page_list($current) { $protected = safe_column('DISTINCT page', 'txp_section', '1=1') + array('error_default'); $criteria = 1; $criteria .= callback_event('admin_criteria', 'page_list', 0, $criteria); $rs = safe_rows_start('name', 'txp_page', "{$criteria} order by name asc"); while ($a = nextRow($rs)) { extract($a); $link = eLink('page', '', 'name', $name, $name); $dlink = !in_array($name, $protected) ? dLink('page', 'page_delete', 'name', $name) : ''; $out[] = $current == $name ? tr(td($name) . td($dlink)) : tr(td($link) . td($dlink)); } return startTable('', '', 'txp-list') . join(n, $out) . endTable(); }
/** * Constructor. * * Creates core Textfilters according to a preference and registers all * available filters with the core. * * This method triggers 'textfilter.register' callback * event. */ public function __construct() { if ($filters = get_pref('admin_textfilter_classes')) { foreach (do_list($filters) as $filter) { new $filter(); } } else { new Plain(); new Nl2Br(); new Textile(); } $this->filters = array(); callback_event('textfilter', 'register', 0, $this); }
function css_list($current, $default) { $out[] = startTable('', '', 'txp-list'); $criteria = 1; $criteria .= callback_event('admin_criteria', 'css_list', 0, $criteria); $rs = safe_rows_start('name', 'txp_css', $criteria); if ($rs) { while ($a = nextRow($rs)) { extract($a); $edit = $current != $name ? eLink('css', '', 'name', $name, $name) : txpspecialchars($name); $delete = $name != $default ? dLink('css', 'css_delete', 'name', $name) : ''; $out[] = tr(td($edit) . td($delete)); } $out[] = endTable(); return join('', $out); } }
function form_list($curname) { global $step, $essential_forms, $form_types; $types = formTypes('', false); $methods = array('changetype' => array('label' => gTxt('changetype'), 'html' => $types), 'delete' => gTxt('delete')); $out[] = '<p class="action-create">' . sLink('form', 'form_create', gTxt('create_new_form')) . '</p>'; $criteria = 1; $criteria .= callback_event('admin_criteria', 'form_list', 0, $criteria); $rs = safe_rows_start("*", "txp_form", "{$criteria} order by field(type,'" . join("','", array_keys($form_types)) . "') asc, name asc"); if ($rs) { $ctr = 1; $prev_type = ''; while ($a = nextRow($rs)) { extract($a); $editlink = $curname != $name ? eLink('form', 'form_edit', 'name', $name, $name) : txpspecialchars($name); $modbox = !in_array($name, $essential_forms) ? '<input type="checkbox" name="selected_forms[]" value="' . $name . '" />' : ''; if ($prev_type != $type) { $visipref = 'pane_form_' . $type . '_visible'; $group_start = '<div class="form-list-group ' . $type . '"><h3 class="lever' . (get_pref($visipref) ? ' expanded' : '') . '"><a href="#' . $type . '">' . $form_types[$type] . '</a></h3>' . n . '<div id="' . $type . '" class="toggle form-list" style="display:' . (get_pref($visipref) ? 'block' : 'none') . '">' . n . '<ul class="plain-list">' . n; $group_end = $ctr > 1 ? '</ul></div></div>' . n : ''; } else { $group_start = $group_end = ''; } $out[] = $group_end . $group_start; $out[] = '<li>' . n . '<span class="form-list-action">' . $modbox . '</span><span class="form-list-name">' . $editlink . '</span></li>'; $prev_type = $type; $ctr++; } $out[] = '</ul></div></div>'; $out[] = multi_edit($methods, 'form', 'form_multi_edit'); return form(join('', $out), '', '', 'post', '', '', 'allforms_form') . script_js(<<<EOS \t\t\t\t\$(document).ready(function() { \t\t\t\t\t\$('#allforms_form').txpMultiEditForm({ \t\t\t\t\t\t'checkbox' : 'input[name="selected_forms[]"][type=checkbox]', \t\t\t\t\t\t'row' : '.plain-list li, .form-list-name', \t\t\t\t\t\t'highlighted' : '.plain-list li' \t\t\t\t\t}); \t\t\t\t}); EOS ); } }
function css($atts) { global $css, $doctype; extract(lAtts(array('format' => 'url', 'media' => 'screen', 'n' => $css, 'name' => $css, 'rel' => 'stylesheet', 'title' => ''), $atts)); if (isset($atts['n'])) { $name = $n; trigger_error(gTxt('deprecated_attribute', array('{name}' => 'n')), E_USER_NOTICE); } if (empty($name)) { $name = 'default'; } if (has_handler('css.url')) { $url = callback_event('css.url', '', false, compact('name')); } else { $url = hu . 'css.php?n=' . urlencode($name); } if ($format == 'link') { return tag_void('link', array('rel' => $rel, 'type' => $doctype != 'html5' ? 'text/css' : '', 'media' => $media, 'title' => $title, 'href' => $url)); } return txpspecialchars($url); }
function rss() { global $prefs, $thisarticle; set_error_handler('feedErrorHandler'); ob_clean(); extract($prefs); extract(doSlash(gpsa(array('limit', 'area')))); // build filter criteria from a comma-separated list of sections and categories $feed_filter_limit = get_pref('feed_filter_limit', 10); $section = gps('section'); $category = gps('category'); if (!is_scalar($section) || !is_scalar($category)) { txp_die('Not Found', 404); } $section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array(); $category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array(); $st = array(); foreach ($section as $s) { $st[] = fetch_section_title($s); } $ct = array(); foreach ($category as $c) { $ct[] = fetch_category_title($c); } $sitename .= $section ? ' - ' . join(' - ', $st) : ''; $sitename .= $category ? ' - ' . join(' - ', $ct) : ''; $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; // feed header $out[] = tag('http://textpattern.com/?v=' . $version, 'generator'); $out[] = tag(doSpecial($sitename), 'title'); $out[] = tag(hu, 'link'); $out[] = '<atom:link href="' . pagelinkurl(array('rss' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" rel="self" type="application/rss+xml" />'; $out[] = tag(doSpecial($site_slogan), 'description'); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $out[] = tag(safe_strftime('rfc822', $last), 'pubDate'); $out[] = callback_event('rss_head'); // feed items $articles = array(); $section = doSlash($section); $category = doSlash($category); if (!$area or $area == 'article') { $sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : ''; $cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", "txp_section", "in_rss != '1'"); if ($frs) { foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } } $query[] = $sfilter; $query[] = $cfilter; $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') '; $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(LastMod) as uLastMod, unix_timestamp(Expires) as uExpires, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now()" . $expired . "order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event('rss_entry'); $a['posted'] = $uPosted; $permlink = permlinkurl($a); $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $Title = escape_title(strip_tags($Title)) . $count; $thisauthor = get_author_name($AuthorID); $item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb; $articles[$ID] = tag($item, 'item'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uPosted; } } } elseif ($area == 'link') { $cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate'); $articles[$id] = tag($item, 'item'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!$articles) { if ($section) { if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) { txp_die(gTxt('404_not_found'), '404'); } } elseif ($category) { switch ($area) { case 'link': if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; case 'article': default: if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; } } } else { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { // make sure notices/warnings/errors don't fudge up the feed // when compression is used $buf = ''; while ($b = @ob_get_clean()) { $buf .= $b; } @ob_start('ob_gzhandler'); echo $buf; } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id]) !== false) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { txp_status_header('304 Not Modified'); exit(0); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } } $out = array_merge($out, $articles); header("Content-Type: application/rss+xml; charset=utf-8"); if (isset($etag)) { header('ETag: "' . $etag . '"'); } return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>'; }
function output_file_download($filename) { global $file_error, $file_base_path, $pretext; callback_event('file_download'); if (!isset($file_error)) { $filename = sanitizeForFile($filename); $fullpath = build_file_path($file_base_path, $filename); if (is_file($fullpath)) { // Discard any error PHP messages. ob_clean(); $filesize = filesize($fullpath); $sent = 0; header('Content-Description: File Download'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $filename . '"; size = "' . $filesize . '"'); // Fix for IE6 PDF bug on servers configured to send cache headers. header('Cache-Control: private'); @ini_set("zlib.output_compression", "Off"); @set_time_limit(0); @ignore_user_abort(true); if ($file = fopen($fullpath, 'rb')) { while (!feof($file) and connection_status() == 0) { echo fread($file, 1024 * 64); $sent += 1024 * 64; ob_flush(); flush(); } fclose($file); // Record download. if (connection_status() == 0 and !connection_aborted()) { safe_update('txp_file', "downloads = downloads + 1", "id = " . intval($pretext['id'])); } else { $pretext['request_uri'] .= $sent >= $filesize ? '#aborted' : "#aborted-at-" . floor($sent * 100 / $filesize) . "%"; } log_hit('200'); } } else { $file_error = 404; } } // Deal with error. if (isset($file_error)) { switch ($file_error) { case 403: txp_die(gTxt('403_forbidden'), '403'); break; case 404: txp_die(gTxt('404_not_found'), '404'); break; default: txp_die(gTxt('500_internal_server_error'), '500'); break; } } }
function section_delete() { $selected = ps('selected'); $with_articles = safe_rows('Section, Count(*) AS count', 'textpattern', "Section in ('" . join("','", doSlash($selected)) . "') GROUP BY Section"); $protected[] = 'default'; $del['success'] = $del['error'] = array(); foreach ($with_articles as $row) { $protected[] = $row['Section']; } $protected = array_unique($protected); foreach ($selected as $item) { if (in_array($item, $protected)) { $del['error'][] = $item; } else { $ret = safe_delete('txp_section', "name = '" . doSlash($item) . "'"); if ($ret) { $del['success'][] = $item; } else { $del['error'][] = $item; } } } if ($del['success']) { callback_event('sections_deleted', '', 0, $del['success']); } $message = $del['success'] ? gTxt('section_deleted', array('{name}' => join(', ', $del['success']))) : ''; sec_section_list($message); }
/** * Processes multi-edit actions. * * Accessing requires 'admin.edit' privileges. */ function admin_multi_edit() { global $txp_user; require_privs('admin.edit'); $selected = ps('selected'); $method = ps('edit_method'); $changed = array(); $msg = ''; if (!$selected or !is_array($selected)) { return author_list(); } $names = safe_column('name', 'txp_users', "name IN (" . join(',', quote_list($selected)) . ") AND name != '" . doSlash($txp_user) . "'"); if (!$names) { return author_list(); } switch ($method) { case 'delete': $assign_assets = ps('assign_assets'); if (!$assign_assets) { $msg = array('must_reassign_assets', E_ERROR); } elseif (in_array($assign_assets, $names)) { $msg = array('cannot_assign_assets_to_deletee', E_ERROR); } elseif (remove_user($names, $assign_assets)) { $changed = $names; callback_event('authors_deleted', '', 0, $changed); $msg = 'author_deleted'; } break; case 'changeprivilege': if (change_user_group($names, ps('privs'))) { $changed = $names; $msg = 'author_updated'; } break; case 'resetpassword': foreach ($names as $name) { $passwd = generate_password(PASSWORD_LENGTH); if (change_user_password($name, $passwd)) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); if (send_new_password($passwd, $email, $name)) { $changed[] = $name; $msg = 'author_updated'; } else { return author_list(array(gTxt('could_not_mail') . ' ' . txpspecialchars($name), E_ERROR)); } } } break; } if ($changed) { return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed))))); } author_list($msg); }
function sanitizeForFile($text) { // any overrides? $out = callback_event('sanitize_for_file', '', 0, $text); if ($out !== '') { return $out; } // Remove control characters and " * \ : < > ? / | $text = preg_replace('/[\\x00-\\x1f\\x22\\x2a\\x2f\\x3a\\x3c\\x3e\\x3f\\x5c\\x7c\\x7f]+/', '', $text); // Remove duplicate dots and any leading or trailing dots/spaces $text = preg_replace('/[.]{2,}/', '.', trim($text, '. ')); return $text; }
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = getComment(); $evaluator =& get_comment_evaluator(); extract($in); if (!checkCommentsAllowed($parentid)) { txp_die(gTxt('comments_closed'), '403'); } $ip = serverset('REMOTE_ADDR'); if (!checkBan($ip)) { txp_die(gTxt('you_have_been_banned'), '403'); } $blacklisted = is_blacklisted($ip); if ($blacklisted) { txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403'); } $web = clean_url($web); $email = clean_url($email); if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) { setCookies($name, $email, $web); } else { destroyCookies(); } $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(strip_tags(deEntBrackets($web))); $email = doSlash(strip_tags(deEntBrackets($email))); $message = substr(trim($message), 0, 65535); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'"); if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) { $evaluator->add_estimate(RELOAD, 1); // The error-messages are added in the preview-code } if ($isdup) { $evaluator->add_estimate(RELOAD, 1); } // FIXME? Tell the user about dupe? if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) { callback_event('comment.save'); $visible = $evaluator->get_result(); if ($visible != RELOAD) { $parentid = assert_int($parentid); $rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'"); if ($prefs['comment_means_site_updated']) { update_lastmod(); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid, $rs); } $updated = update_comments_count($parentid); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage; if (defined('PARTLY_MESSY') and PARTLY_MESSY) { $backpage = permlinkurl_id($parentid); } $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0'); txp_status_header('302 Found'); if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } log_hit('302'); $evaluator->write_trace(); exit; } } } // Force another Preview $_POST['preview'] = RELOAD; //$evaluator->write_trace(); }
function log_list($message = '') { global $event, $log_list_pageby, $expire_logs_after; pagetop(gTxt('tab_logs'), $message); extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); if ($sort === '') { $sort = get_pref('log_sort_column', 'time'); } if ($dir === '') { $dir = get_pref('log_sort_dir', 'desc'); } $dir = $dir == 'asc' ? 'asc' : 'desc'; $expire_logs_after = assert_int($expire_logs_after); safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)"); switch ($sort) { case 'ip': $sort_sql = 'ip ' . $dir; break; case 'host': $sort_sql = 'host ' . $dir; break; case 'page': $sort_sql = 'page ' . $dir; break; case 'refer': $sort_sql = 'refer ' . $dir; break; case 'method': $sort_sql = 'method ' . $dir; break; case 'status': $sort_sql = 'status ' . $dir; break; default: $sort = 'time'; $sort_sql = 'time ' . $dir; break; } set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE); set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE); $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $criteria = 1; if ($search_method and $crit != '') { $verbatim = preg_match('/^"(.*)"$/', $crit, $m); $crit_escaped = doSlash($verbatim ? $m[1] : str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit)); $critsql = $verbatim ? array('ip' => "ip = '{$crit_escaped}'", 'host' => "host = '{$crit_escaped}'", 'page' => "page = '{$crit_escaped}'", 'refer' => "refer = '{$crit_escaped}'", 'method' => "method = '{$crit_escaped}'", 'status' => "status = '{$crit_escaped}'") : array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'"); if (array_key_exists($search_method, $critsql)) { $criteria = $critsql[$search_method]; $limit = 500; } else { $search_method = ''; $crit = ''; } } else { $search_method = ''; $crit = ''; } $criteria .= callback_event('admin_criteria', 'log_list', 0, $criteria); $total = safe_count('txp_log', "{$criteria}"); echo '<h1 class="txp-heading">' . gTxt('tab_logs') . '</h1>'; echo '<div id="' . $event . '_control" class="txp-control-panel">'; if ($total < 1) { if ($criteria != 1) { echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>'; } else { echo graf(gTxt('no_refers_recorded'), ' class="indicator"') . '</div>'; } return; } $limit = max($log_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); echo n . log_search_form($crit, $search_method) . '</div>'; $rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}"); if ($rs) { echo n . '<div id="' . $event . '_container" class="txp-container">'; echo n . n . '<form action="index.php" id="log_form" class="multi_edit_form" method="post" name="longform">' . n . '<div class="txp-listtables">' . n . startTable('', '', 'txp-list') . n . '<thead>' . n . tr(n . hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' title="' . gTxt('toggle_all_selected') . '" class="multi-edit"') . n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'date time') . n . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail ip') . n . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'host') . n . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'page') . n . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'refer') . n . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail method') . n . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail status')) . n . '</thead>'; echo '<tbody>'; while ($a = nextRow($rs)) { extract($a, EXTR_PREFIX_ALL, 'log'); if ($log_refer) { $log_refer = 'http://' . $log_refer; $log_refer = '<a href="' . txpspecialchars($log_refer) . '" target="_blank">' . txpspecialchars(soft_wrap($log_refer, 30)) . '</a>'; } if ($log_page) { $log_anchor = preg_replace('/\\/$/', '', $log_page); $log_anchor = soft_wrap(substr($log_anchor, 1), 30); $log_page = '<a href="' . txpspecialchars($log_page) . '" target="_blank">' . txpspecialchars($log_anchor) . '</a>'; if ($log_method == 'POST') { $log_page = '<strong>' . $log_page . '</strong>'; } } echo tr(n . td(fInput('checkbox', 'selected[]', $log_id), '', 'multi-edit') . td(gTime($log_uTime), '', 'date time') . td(txpspecialchars($log_ip), '', 'log_detail ip') . td(txpspecialchars(soft_wrap($log_host, 30)), '', 'host') . td($log_page, '', 'page') . td($log_refer, '', 'refer') . td(txpspecialchars($log_method), '', 'log_detail method') . td($log_status, '', 'log_detail status')); } echo '</tbody>', n, endTable(), n, '</div>', n, log_multiedit_form($page, $sort, $dir, $crit, $search_method), n, tInput(), n, '</form>', n, graf(toggle_box('log_detail'), ' class="detail-toggle"'), n, '<div id="' . $event . '_navigation" class="txp-navigation">', n, nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit), n, pageby_form('log', $log_list_pageby), n, '</div>', n, '</div>'; } }
define('TXP_UPDATE', 1); include txpath . '/update/_update.php'; } load_elements($event); register_element_tabs(); if (!empty($admin_side_plugins) and gps('event') != 'plugin') { load_plugins(1); } include txpath . '/lib/txplib_head.php'; // ugly hack, for the people that don't update their admin_config.php // Get rid of this when we completely remove admin_config and move privs to db if ($event == 'list') { require_privs('article'); } else { require_privs($event); } callback_event($event, $step, 1); // let elements override older /include/txp_foo.php admin pages if (!controller_name($event)) { $inc = txpath . '/include/txp_' . $event . '.php'; if (is_readable($inc)) { include $inc; } } callback_event($event, $step, 0); $microdiff = getmicrotime() - $microstart; echo n . comment(gTxt('runtime') . ': ' . substr($microdiff, 0, 6)); end_page(); } else { txp_die('DB-Connect was succesful, but the textpattern-table was not found.', '503 Service Unavailable'); }
function do_pings() { global $txpcfg, $prefs, $production_status; # only ping for Live sites if ($production_status !== 'live') { return; } include_once txpath . '/lib/IXRClass.php'; callback_event('ping'); if ($prefs['ping_textpattern_com']) { $tx_client = new IXR_Client('http://textpattern.com/xmlrpc/'); $tx_client->query('ping.Textpattern', $prefs['sitename'], hu); } if ($prefs['ping_weblogsdotcom'] == 1) { $wl_client = new IXR_Client('http://rpc.pingomatic.com/'); $wl_client->query('weblogUpdates.ping', $prefs['sitename'], hu); } }
/** * Processes multi-edit actions. */ function list_multi_edit() { global $txp_user, $statuses, $all_cats, $all_authors, $all_sections; extract(psa(array('selected', 'edit_method'))); if (!$selected || !is_array($selected)) { return list_list(); } $selected = array_map('assert_int', $selected); // Empty entry to permit clearing the categories. $categories = array(''); foreach ($all_cats as $row) { $categories[] = $row['name']; } $allowed = array(); $field = $value = ''; switch ($edit_method) { // Delete. case 'delete': if (!has_privs('article.delete')) { if (has_privs('article.delete.own')) { $allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'"); } $selected = $allowed; } if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) { safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")"); callback_event('articles_deleted', '', 0, $selected); callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value')); update_lastmod('articles_deleted', $selected); now('posted', true); now('expires', true); return list_list(messenger('article', join(', ', $selected), 'deleted')); } return list_list(); break; // Change author. // Change author. case 'changeauthor': $value = ps('AuthorID'); if (has_privs('article.edit') && in_array($value, $all_authors, true)) { $field = 'AuthorID'; } break; // Change category1. // Change category1. case 'changecategory1': $value = ps('Category1'); if (in_array($value, $categories, true)) { $field = 'Category1'; } break; // Change category2. // Change category2. case 'changecategory2': $value = ps('Category2'); if (in_array($value, $categories, true)) { $field = 'Category2'; } break; // Change comment status. // Change comment status. case 'changecomments': $field = 'Annotate'; $value = (int) ps('Annotate'); break; // Change section. // Change section. case 'changesection': $value = ps('Section'); if (in_array($value, $all_sections, true)) { $field = 'Section'; } break; // Change status. // Change status. case 'changestatus': $value = (int) ps('Status'); if (array_key_exists($value, $statuses)) { $field = 'Status'; } if (!has_privs('article.publish') && $value >= STATUS_LIVE) { $value = STATUS_PENDING; } break; } $selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")"); foreach ($selected as $item) { if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) { $allowed[] = $item['ID']; } } $selected = $allowed; if ($selected) { $message = messenger('article', join(', ', $selected), 'modified'); if ($edit_method === 'duplicate') { $rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")"); if ($rs) { while ($a = nextRow($rs)) { unset($a['ID'], $a['LastMod'], $a['LastModID'], $a['Expires']); $a['uid'] = md5(uniqid(rand(), true)); $a['AuthorID'] = $txp_user; foreach ($a as $name => &$value) { $value = "`{$name}` = '" . doSlash($value) . "'"; } if ($id = (int) safe_insert('textpattern', join(',', $a))) { safe_update('textpattern', "Title = CONCAT(Title, ' (', {$id}, ')'),\n url_title = CONCAT(url_title, '-', {$id}),\n Posted = NOW(),\n feed_time = NOW()", "ID = {$id}"); } } } $message = gTxt('duplicated_articles', array('{id}' => join(', ', $selected))); } elseif (!$field || safe_update('textpattern', "{$field} = '" . doSlash($value) . "'", "ID IN (" . join(',', $selected) . ")") === false) { return list_list(); } update_lastmod('articles_updated', compact('selected', 'field', 'value')); now('posted', true); now('expires', true); callback_event('multi_edited.articles', $edit_method, 0, compact('selected', 'field', 'value')); return list_list($message); } return list_list(); }
function atom() { global $thisarticle; extract($GLOBALS['prefs']); define("t_texthtml", ' type="text/html"'); define("t_text", ' type="text"'); define("t_html", ' type="html"'); define("t_xhtml", ' type="xhtml"'); define('t_appxhtml', ' type="xhtml"'); define("r_relalt", ' rel="alternate"'); define("r_relself", ' rel="self"'); $area = doSlash(gps('area')); extract(doSlash(gpsa(array('category', 'section', 'limit')))); $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod'); $sitename .= $section ? ' - ' . $section : ''; $sitename .= $category ? ' - ' . $category : ''; $pub = safe_row("RealName, email", "txp_users", "privs=1"); $out[] = tag(escape_output($sitename), 'title', t_text); $out[] = tag(escape_output($site_slogan), 'subtitle', t_text); $out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />'; $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />'; $articles = array(); //Atom feeds with mail or domain name $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id'); $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"'); $out[] = tag(safe_strftime("w3cdtf", $last), 'updated'); $auth[] = tag($pub['RealName'], 'name'); $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : ''; $auth[] = tag(hu, 'uri'); $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author'); if (!$area or $area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", "txp_section", "in_rss != '1'"); $query = array(); foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } $query[] = $sfilter; $query[] = $cfilter; $rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event('atom_entry'); $e = array(); $a['posted'] = $uPosted; if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $thisauthor = get_author_name($AuthorID); $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author'); $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published'); $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated'); $escaped_title = escape_output($Title); $e['title'] = tag($escaped_title . $count, 'title', t_html); $permlink = permlinkurl($a); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />'; $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id'); $e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : ''; $e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : ''; $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { # short feed: use body as summary if there's no excerpt if (!trim($summary)) { $summary = $content; } $content = ''; } if (trim($content)) { $e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html); } if (trim($summary)) { $e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html); } $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uLastMod; } } } elseif ($area == 'link') { $cfilter = $category ? "category='" . $category . "'" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc, id desc limit {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $e['title'] = tag(htmlspecialchars($linkname), 'title', t_html); $e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html); $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url); $url = preg_replace("/&((?U).*)=/", "&\\1=", $url); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />'; $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published'); $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated'); $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id'); $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!empty($articles)) { //turn on compression if we aren't using it already if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { @ob_start("ob_gzhandler"); } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if ($imsd >= $last) { txp_status_header("304 Not Modified"); exit; } header("Last-Modified: " . gmdate('D, d M Y H:i:s \\G\\M\\T', $last)); if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id])) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } else { if (isset($cut_etag)) { header("Vary: If-None-Match"); } else { if (isset($cut_time)) { header("Vary: If-Modified-Since"); } } } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { header("HTTP/1.1 304 Not Modified"); exit; } if ($etag) { header('ETag: "' . $etag . '"'); } if ($cutarticles) { //header("HTTP/1.1 226 IM Used"); //This should be used as opposed to 200, but Apache doesn't like it. //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } $out = array_merge($out, $articles); header('Content-type: application/atom+xml; charset=utf-8'); return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>'; } }
function pagetop($pagetitle, $message = "") { global $css_mode, $siteurl, $sitename, $txp_user, $event; $area = gps('area'); $event = !$event ? 'article' : $event; $bm = gps('bm'); $privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'"); $GLOBALS['privs'] = $privs; $areas = areas(); $area = false; foreach ($areas as $k => $v) { if (in_array($event, $v)) { $area = $k; break; } } if (gps('logout')) { $body_id = 'page-logout'; } elseif (!$txp_user) { $body_id = 'page-login'; } else { $body_id = 'page-' . $event; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo LANG; ?> " lang="<?php echo LANG; ?> " dir="<?php echo gTxt('lang_dir'); ?> "> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="noindex, nofollow" /> <title>Txp › <?php echo htmlspecialchars($sitename); ?> › <?php echo escape_title($pagetitle); ?> </title> <link href="textpattern.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="textpattern.js"></script> <script type="text/javascript"> <!-- var cookieEnabled = checkCookies(); if (!cookieEnabled) { confirm('<?php echo trim(gTxt('cookies_must_be_enabled')); ?> '); } <?php $edit = array(); if ($event == 'list') { $rs = safe_column('name', 'txp_section', "name != 'default'"); $edit['section'] = $rs ? selectInput('Section', $rs, '', true) : ''; $rs = getTree('root', 'article'); $edit['category1'] = $rs ? treeSelectInput('Category1', $rs, '') : ''; $edit['category2'] = $rs ? treeSelectInput('Category2', $rs, '') : ''; $edit['comments'] = onoffRadio('Annotate', safe_field('val', 'txp_prefs', "name = 'comments_on_default'")); $edit['status'] = selectInput('Status', array(1 => gTxt('draft'), 2 => gTxt('hidden'), 3 => gTxt('pending'), 4 => gTxt('live'), 5 => gTxt('sticky')), '', true); $rs = safe_column('name', 'txp_users', "privs not in(0,6)"); $edit['author'] = $rs ? selectInput('AuthorID', $rs, '', true) : ''; } if (in_array($event, array('image', 'file', 'link'))) { $rs = getTree('root', $event); $edit['category'] = $rs ? treeSelectInput('category', $rs, '') : ''; } if ($event == 'plugin') { $edit['order'] = selectInput('order', array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9), 5, false); } if ($event == 'admin') { $edit['privilege'] = privs(); } // output JavaScript ?> function poweredit(elm) { var something = elm.options[elm.selectedIndex].value; // Add another chunk of HTML var pjs = document.getElementById('js'); if (pjs == null) { var br = document.createElement('br'); elm.parentNode.appendChild(br); pjs = document.createElement('P'); pjs.setAttribute('id','js'); elm.parentNode.appendChild(pjs); } if (pjs.style.display == 'none' || pjs.style.display == '') { pjs.style.display = 'block'; } if (something != '') { switch (something) { <?php foreach ($edit as $key => $val) { echo "case 'change" . $key . "':" . n . t . "pjs.innerHTML = '<span>" . str_replace(array("\n", '-'), array('', '-'), addslashes($val)) . "</span>';" . n . t . 'break;' . n . n; } ?> default: pjs.style.display = 'none'; break; } } return false; } addEvent(window, 'load', cleanSelects); --> </script> <script type="text/javascript" src="jquery.js"></script> <?php callback_event('admin_side', 'head_end'); ?> </head> <body id="<?php echo $body_id; ?> "> <?php callback_event('admin_side', 'pagetop'); ?> <table id="pagetop" cellpadding="0" cellspacing="0"> <tr id="branding"><td><h1 id="textpattern">Textpattern</h1></td><td id="navpop"><?php echo navPop(1); ?> </td></tr> <tr id="nav-primary"><td align="center" class="tabs" colspan="2"> <?php if (!$bm) { echo '<table cellpadding="0" cellspacing="0" align="center"><tr> <td valign="middle" style="width:368px"> ' . $message . '</td>', has_privs('tab.content') ? areatab(gTxt('tab_content'), 'content', 'article', $area) : '', has_privs('tab.presentation') ? areatab(gTxt('tab_presentation'), 'presentation', 'page', $area) : '', has_privs('tab.admin') ? areatab(gTxt('tab_admin'), 'admin', 'admin', $area) : '', (has_privs('tab.extensions') and !empty($areas['extensions'])) ? areatab(gTxt('tab_extensions'), 'extensions', array_shift($areas['extensions']), $area) : '', '<td class="tabdown"><a href="' . hu . '" class="plain" target="_blank">' . gTxt('tab_view_site') . '</a></td>', '</tr></table>'; $secondary = tabsort($area, $event); if ($secondary) { echo '</td></tr><tr id="nav-secondary"><td align="center" class="tabs" colspan="2"> <table cellpadding="0" cellspacing="0" align="center"><tr>', $secondary, '</tr></table>'; } } echo '</td></tr></table>'; callback_event('admin_side', 'pagetop_end'); }
/** * Generates and outputs an Atom feed. * * This function can only be called once on a page. It outputs an Atom feed * based on the requested URL parameters. Accepts HTTP GET parameters 'limit', * 'area', 'section' and 'category'. */ function atom() { global $thisarticle, $prefs; set_error_handler('feedErrorHandler'); ob_clean(); extract($prefs); $last = fetch("UNIX_TIMESTAMP(val)", 'txp_prefs', 'name', 'lastmod'); extract(doSlash(gpsa(array('limit', 'area')))); // Build filter criteria from a comma-separated list of sections // and categories. $feed_filter_limit = get_pref('feed_filter_limit', 10); $section = gps('section'); $category = gps('category'); if (!is_scalar($section) || !is_scalar($category)) { txp_die('Not Found', 404); } $section = $section ? array_slice(do_list_unique($section), 0, $feed_filter_limit) : array(); $category = $category ? array_slice(do_list_unique($category), 0, $feed_filter_limit) : array(); $st = array(); foreach ($section as $s) { $st[] = fetch_section_title($s); } $ct = array(); foreach ($category as $c) { $ct[] = fetch_category_title($c); } $sitename .= $section ? ' - ' . join(' - ', $st) : ''; $sitename .= $category ? ' - ' . join(' - ', $ct) : ''; $pub = safe_row("RealName, email", 'txp_users', "privs = 1"); // Feed header. $out[] = tag(htmlspecialchars($sitename), 'title', t_text); $out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text); $out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />'; $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />'; // Atom feeds with mail or domain name. $dn = explode('/', $siteurl); $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0]; $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . join(',', $section) : '') . ($category ? '/' . join(',', $category) : ''), 'id'); $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"'); $out[] = tag(safe_strftime("w3cdtf", $last), 'updated'); $auth[] = tag($pub['RealName'], 'name'); $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : ''; $auth[] = tag(hu, 'uri'); $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author'); $out[] = callback_event('atom_head'); // Feed items. $articles = array(); $section = doSlash($section); $category = doSlash($category); if (!$area or $area == 'article') { $sfilter = !empty($section) ? "AND Section IN ('" . join("','", $section) . "')" : ''; $cfilter = !empty($category) ? "AND (Category1 IN ('" . join("','", $category) . "') OR Category2 IN ('" . join("','", $category) . "'))" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", 'txp_section', "in_rss != '1'"); $query = array(); foreach ($frs as $f) { $query[] = "AND Section != '" . doSlash($f) . "'"; } $query[] = $sfilter; $query[] = $cfilter; $expired = $publish_expired_articles ? " " : " AND (" . now('expires') . " <= Expires OR Expires = " . NULLDATETIME . ") "; $rs = safe_rows_start("*,\n ID AS thisid,\n UNIX_TIMESTAMP(Posted) AS uPosted,\n UNIX_TIMESTAMP(Expires) AS uExpires,\n UNIX_TIMESTAMP(LastMod) AS uLastMod", 'textpattern', "Status = 4 AND Posted <= " . now('posted') . $expired . join(' ', $query) . "ORDER BY Posted DESC LIMIT {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); populateArticleData($a); $cb = callback_event('atom_entry'); $e = array(); $a['posted'] = $uPosted; $a['expires'] = $uExpires; if ($show_comment_count_in_feed) { $count = $comments_count > 0 ? ' [' . $comments_count . ']' : ''; } else { $count = ''; } $thisauthor = get_author_name($AuthorID); $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author'); $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published'); $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated'); $escaped_title = htmlspecialchars($Title); $e['title'] = tag($escaped_title . $count, 'title', t_html); $permlink = permlinkurl($a); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />'; $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id'); $e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : ''; $e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : ''; $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink)); $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink)); if ($syndicate_body_or_excerpt) { // Short feed: use body as summary if there's no excerpt. if (!trim($summary)) { $summary = $content; } $content = ''; } if (trim($content)) { $e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html); } if (trim($summary)) { $e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html); } $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry'); $etags[$ID] = strtoupper(dechex(crc32($articles[$ID]))); $dates[$ID] = $uLastMod; } } } elseif ($area == 'link') { $cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*", 'txp_link', "{$cfilter} ORDER BY date DESC, id DESC LIMIT {$limit}"); if ($rs) { while ($a = nextRow($rs)) { extract($a); $e['title'] = tag(htmlspecialchars($linkname), 'title', t_html); $e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html); $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url); $url = preg_replace("/&((?U).*)=/", "&\\1=", $url); $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />'; $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published'); $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated'); $e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id'); $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry'); $etags[$id] = strtoupper(dechex(crc32($articles[$id]))); $dates[$id] = $date; } } } if (!$articles) { if ($section) { if (safe_field("name", 'txp_section', "name IN ('" . join("','", $section) . "')") == false) { txp_die(gTxt('404_not_found'), '404'); } } elseif ($category) { switch ($area) { case 'link': if (safe_field("id", 'txp_category', "name = '{$category}' AND type = 'link'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; case 'article': default: if (safe_field("id", 'txp_category', "name IN ('" . join("','", $category) . "') AND type = 'article'") == false) { txp_die(gTxt('404_not_found'), '404'); } break; } } } else { // Turn on compression if we aren't using it already. if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) { // Make sure notices/warnings/errors don't fudge up the feed when // compression is used. $buf = ''; while ($b = @ob_get_clean()) { $buf .= $b; } @ob_start('ob_gzhandler'); echo $buf; } handle_lastmod(); $hims = serverset('HTTP_IF_MODIFIED_SINCE'); $imsd = $hims ? strtotime($hims) : 0; if (is_callable('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers["A-IM"])) { $canaim = strpos($headers["A-IM"], "feed"); } else { $canaim = false; } } else { $canaim = false; } $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH')); $cutarticles = false; if ($canaim !== false) { foreach ($articles as $id => $thing) { if (strpos($hinm, $etags[$id])) { unset($articles[$id]); $cutarticles = true; $cut_etag = true; } if ($dates[$id] < $imsd) { unset($articles[$id]); $cutarticles = true; $cut_time = true; } } } if (isset($cut_etag) && isset($cut_time)) { header("Vary: If-None-Match, If-Modified-Since"); } elseif (isset($cut_etag)) { header("Vary: If-None-Match"); } elseif (isset($cut_time)) { header("Vary: If-Modified-Since"); } $etag = @join("-", $etags); if (strstr($hinm, $etag)) { txp_status_header('304 Not Modified'); exit(0); } if ($etag) { header('ETag: "' . $etag . '"'); } if ($cutarticles) { // header("HTTP/1.1 226 IM Used"); // This should be used as opposed to 200, but Apache doesn't like it. // http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the // status code should be 200. header("Cache-Control: no-store, im"); header("IM: feed"); } } $out = array_merge($out, $articles); header('Content-type: application/atom+xml; charset=utf-8'); return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . txpspecialchars($language) . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>'; }
function plugin_multi_edit() { $selected = ps('selected'); $method = ps('edit_method'); if (!$selected or !is_array($selected)) { return plugin_list(); } $where = "name IN ('" . join("','", doSlash($selected)) . "')"; switch ($method) { case 'delete': foreach ($selected as $name) { if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) { load_plugin($name, true); callback_event("plugin_lifecycle.{$name}", 'disabled'); callback_event("plugin_lifecycle.{$name}", 'deleted'); } } safe_delete('txp_plugin', $where); break; case 'changestatus': foreach ($selected as $name) { if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) { $status = safe_field('status', 'txp_plugin', "name ='" . doSlash($name) . "'"); load_plugin($name, true); // NB: won't show returned messages anywhere due to potentially overwhelming verbiage. callback_event("plugin_lifecycle.{$name}", $status ? 'disabled' : 'enabled'); } } safe_update('txp_plugin', 'status = (1-status)', $where); break; case 'changeorder': $order = min(max(intval(ps('order')), 1), 9); safe_update('txp_plugin', 'load_order = ' . $order, $where); break; } $message = gTxt('plugin_' . ($method == 'delete' ? 'deleted' : 'updated'), array('{name}' => join(', ', $selected))); plugin_list($message); }
function pagetop($pagetitle, $message = "") { global $siteurl, $sitename, $txp_user, $event, $step, $app_mode, $theme; if ($app_mode == 'async') { return; } $area = gps('area'); $event = !$event ? 'article' : $event; $bm = gps('bm'); $privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'"); $GLOBALS['privs'] = $privs; $areas = areas(); $area = false; foreach ($areas as $k => $v) { if (in_array($event, $v)) { $area = $k; break; } } if (gps('logout')) { $body_id = 'page-logout'; } elseif (!$txp_user) { $body_id = 'page-login'; } else { $body_id = 'page-' . htmlspecialchars($event); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo LANG; ?> " lang="<?php echo LANG; ?> " dir="<?php echo gTxt('lang_dir'); ?> "> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="noindex, nofollow" /> <title>Txp › <?php echo htmlspecialchars($sitename); ?> › <?php echo escape_title($pagetitle); ?> </title> <script src="jquery.js" type="text/javascript"></script> <?php echo script_js('var textpattern = {event: "' . htmlspecialchars($event) . '", step: "' . htmlspecialchars($step) . '"};'); ?> <script type="text/javascript" src="textpattern.js"></script> <script type="text/javascript"> <!-- var cookieEnabled = checkCookies(); if (!cookieEnabled) { confirm('<?php echo trim(gTxt('cookies_must_be_enabled')); ?> '); } <?php $edit = array(); if ($event == 'list') { $rs = safe_column('name', 'txp_section', "name != 'default'"); $edit['section'] = $rs ? selectInput('Section', $rs, '', true) : ''; $rs = getTree('root', 'article'); $edit['category1'] = $rs ? treeSelectInput('Category1', $rs, '') : ''; $edit['category2'] = $rs ? treeSelectInput('Category2', $rs, '') : ''; $edit['comments'] = onoffRadio('Annotate', safe_field('val', 'txp_prefs', "name = 'comments_on_default'")); $edit['status'] = selectInput('Status', array(1 => gTxt('draft'), 2 => gTxt('hidden'), 3 => gTxt('pending'), 4 => gTxt('live'), 5 => gTxt('sticky')), '', true); $rs = safe_column('name', 'txp_users', "privs not in(0,6) order by name asc"); $edit['author'] = $rs ? selectInput('AuthorID', $rs, '', true) : ''; } if (in_array($event, array('image', 'file', 'link'))) { $rs = getTree('root', $event); $edit['category'] = $rs ? treeSelectInput('category', $rs, '') : ''; $rs = safe_column('name', 'txp_users', "privs not in(0,6) order by name asc"); $edit['author'] = $rs ? selectInput('author', $rs, '', true) : ''; } if ($event == 'plugin') { $edit['order'] = selectInput('order', array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9), 5, false); } if ($event == 'admin') { $edit['privilege'] = privs(); $rs = safe_column('name', 'txp_users', '1=1'); $edit_assign_assets = $rs ? selectInput('assign_assets', $rs, '', true) : ''; } // output JavaScript ?> function poweredit(elm) { var something = elm.options[elm.selectedIndex].value; // Add another chunk of HTML var pjs = document.getElementById('js'); if (pjs == null) { var br = document.createElement('br'); elm.parentNode.appendChild(br); pjs = document.createElement('P'); pjs.setAttribute('id','js'); elm.parentNode.appendChild(pjs); } if (pjs.style.display == 'none' || pjs.style.display == '') { pjs.style.display = 'block'; } if (something != '') { switch (something) { <?php foreach ($edit as $key => $val) { echo "case 'change" . $key . "':" . n . t . "pjs.innerHTML = '<span>" . str_replace(array("\n", '-'), array('', '-'), str_replace('</', '<\\/', addslashes($val))) . "<\\/span>';" . n . t . 'break;' . n . n; } if (isset($edit_assign_assets)) { echo "case 'delete':" . n . t . "pjs.innerHTML = '<label for=\"assign_assets\">" . addslashes(gTxt('assign_assets_to')) . "</label><span>" . str_replace(array("\n", '-'), array('', '-'), str_replace('</', '<\\/', addslashes($edit_assign_assets))) . "<\\/span>';" . n . t . 'break;' . n . n; } ?> default: pjs.style.display = 'none'; break; } } return false; } addEvent(window, 'load', cleanSelects); --> </script> <?php echo $theme->html_head(); callback_event('admin_side', 'head_end'); ?> </head> <body id="<?php echo $body_id; ?> " class="<?php echo $area; ?> "> <?php callback_event('admin_side', 'pagetop'); $theme->set_state($area, $event, $bm, $message); echo pluggable_ui('admin_side', 'header', $theme->header()); callback_event('admin_side', 'pagetop_end'); }
/** * Remove all language strings for the given lang code. * * Removed language code is specified with 'lang_code' HTTP POST * parameter. */ function remove_language() { $lang_code = ps('lang_code'); $ret = safe_delete('txp_lang', "lang = '" . doSlash($lang_code) . "'"); if ($ret) { callback_event('lang_deleted', '', 0, $lang_code); $msg = gTxt($lang_code) . sp . gTxt('deleted'); } else { $msg = gTxt('cannot_delete', array('{thing}' => $lang_code)); } list_languages($msg); }
function link_multi_edit() { global $txp_user, $all_link_cats, $all_link_authors; // Empty entry to permit clearing the category $categories = array(''); foreach ($all_link_cats as $row) { $categories[] = $row['name']; } $selected = ps('selected'); if (!$selected or !is_array($selected)) { link_list(); return; } $selected = array_map('assert_int', $selected); $method = ps('edit_method'); $changed = array(); $key = ''; switch ($method) { case 'delete': if (!has_privs('link.delete')) { if (has_privs('link.delete.own')) { $selected = safe_column('id', 'txp_link', 'id IN (' . join(',', $selected) . ') AND author=\'' . doSlash($txp_user) . '\''); } else { $selected = array(); } } foreach ($selected as $id) { if (safe_delete('txp_link', 'id = ' . $id)) { $changed[] = $id; } } if ($changed) { callback_event('links_deleted', '', 0, $changed); } $key = ''; break; case 'changecategory': $val = ps('category'); if (in_array($val, $categories)) { $key = 'category'; } break; case 'changeauthor': $val = ps('author'); if (in_array($val, $all_link_authors)) { $key = 'author'; } break; default: $key = ''; $val = ''; break; } if ($selected and $key) { foreach ($selected as $id) { if (safe_update('txp_link', "{$key} = '" . doSlash($val) . "'", "id = {$id}")) { $changed[] = $id; } } } if ($changed) { update_lastmod(); link_list(gTxt($method == 'delete' ? 'links_deleted' : 'link_updated', array($method == 'delete' ? '{list}' : '{name}' => join(', ', $changed)))); return; } link_list(); }
function txp_die($msg, $status = '503') { // 503 status might discourage search engines from indexing or caching the error message //Make it possible to call this function as a tag, e.g. in an article <txp:txp_die status="410" /> if (is_array($msg)) { extract(lAtts(array('msg' => '', 'status' => '503'), $msg)); } // Intentionally incomplete - just the ones we're likely to use $codes = array('200' => 'OK', '301' => 'Moved Permanently', '302' => 'Found', '304' => 'Not Modified', '307' => 'Temporary Redirect', '401' => 'Unauthorized', '403' => 'Forbidden', '404' => 'Not Found', '410' => 'Gone', '414' => 'Request-URI Too Long', '500' => 'Internal Server Error', '501' => 'Not Implemented', '503' => 'Service Unavailable'); if ($status) { if (isset($codes[strval($status)])) { $status = strval($status) . ' ' . $codes[$status]; } txp_status_header($status); } $code = ''; if ($status and $parts = @explode(' ', $status, 2)) { $code = @$parts[0]; } callback_event('txp_die', $code); if (@$GLOBALS['connected']) { $out = safe_field('user_html', 'txp_page', "name='error_" . doSlash($code) . "'"); if (empty($out)) { $out = safe_field('user_html', 'txp_page', "name='error_default'"); } } if (empty($out)) { $out = <<<eod <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Textpattern Error: <txp:error_status /></title> </head> <body> <p align="center" style="margin-top:4em"><txp:error_message /></p> </body> </html> eod; } header("Content-type: text/html; charset=utf-8"); if (is_callable('parse')) { $GLOBALS['txp_error_message'] = $msg; $GLOBALS['txp_error_status'] = $status; $GLOBALS['txp_error_code'] = $code; set_error_handler("tagErrorHandler"); die(parse($out)); } else { $out = preg_replace(array('@<txp:error_status[^>]*/>@', '@<txp:error_message[^>]*/>@'), array($status, $msg), $out); die($out); } }
/** * Saves or clones a page template. */ function page_save() { extract(doSlash(array_map('assert_string', psa(array('savenew', 'html', 'copy'))))); $name = sanitizeForPage(assert_string(ps('name'))); $newname = sanitizeForPage(assert_string(ps('newname'))); $save_error = false; $message = ''; if (!$newname) { $message = array(gTxt('page_name_invalid'), E_ERROR); $save_error = true; } else { if ($copy && $name === $newname) { $newname .= '_copy'; $_POST['newname'] = $newname; } $exists = safe_field("name", 'txp_page', "name = '" . doSlash($newname) . "'"); if ($newname !== $name && $exists !== false) { $message = array(gTxt('page_already_exists', array('{name}' => $newname)), E_ERROR); if ($savenew) { $_POST['newname'] = ''; } $save_error = true; } else { if ($savenew or $copy) { if ($newname) { if (safe_insert('txp_page', "name = '" . doSlash($newname) . "', user_html = '{$html}'")) { update_lastmod('page_created', compact('newname', 'name', 'html')); $message = gTxt('page_created', array('{name}' => $newname)); } else { $message = array(gTxt('page_save_failed'), E_ERROR); $save_error = true; } } else { $message = array(gTxt('page_name_invalid'), E_ERROR); $save_error = true; } } else { if (safe_update('txp_page', "user_html = '{$html}', name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) { safe_update('txp_section', "page = '" . doSlash($newname) . "'", "page = '" . doSlash($name) . "'"); update_lastmod('page_saved', compact('newname', 'name', 'html')); $message = gTxt('page_updated', array('{name}' => $name)); } else { $message = array(gTxt('page_save_failed'), E_ERROR); $save_error = true; } } } } if ($save_error === true) { $_POST['save_error'] = '1'; } else { callback_event('page_saved', '', 0, $name, $newname); } page_edit($message); }