/** * @todo document this */ function action_pluginoptionsupdate() { global $member, $manager; // check if allowed $member->isAdmin() or $this->disallow(); $pid = intRequestVar('plugid'); if (!$manager->pidInstalled($pid)) { $this->error(_ERROR_NOSUCHPLUGIN); } $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions); $manager->notify('PostPluginOptionsUpdate', array('context' => 'global', 'plugid' => $pid)); $this->action_pluginoptions(_PLUGS_OPTIONS_UPDATED); }
function showOperationList() { global $manager; ?> <div class="batchoperations"> <?php echo _BATCH_WITH_SEL; ?> <select name="batchaction"> <?php $options = array(); switch ($this->type) { case 'item': $options = array('delete' => _BATCH_ITEM_DELETE, 'move' => _BATCH_ITEM_MOVE); break; case 'member': $options = array('delete' => _BATCH_MEMBER_DELETE, 'setadmin' => _BATCH_MEMBER_SET_ADM, 'unsetadmin' => _BATCH_MEMBER_UNSET_ADM); break; case 'team': $options = array('delete' => _BATCH_TEAM_DELETE, 'setadmin' => _BATCH_TEAM_SET_ADM, 'unsetadmin' => _BATCH_TEAM_UNSET_ADM); break; case 'category': $options = array('delete' => _BATCH_CAT_DELETE, 'move' => _BATCH_CAT_MOVE); break; case 'comment': $options = array('delete' => _BATCH_COMMENT_DELETE); break; } foreach ($options as $option => $label) { echo '<option value="', $option, '">', $label, '</option>'; } ?> </select> <input type="hidden" name="action" value="batch<?php echo $this->type; ?> " /> <?php $manager->addTicketHidden(); // add hidden fields for 'team' and 'comment' batchlists if ($this->type == 'team') { echo '<input type="hidden" name="blogid" value="', intRequestVar('blogid'), '" />'; } if ($this->type == 'comment') { echo '<input type="hidden" name="itemid" value="', intRequestVar('itemid'), '" />'; } echo '<input type="submit" value="', _BATCH_EXEC, '" />'; ?> ( <a href="" onclick="if (event && event.preventDefault) event.preventDefault(); return batchSelectAll(1); "><?php echo _BATCH_SELECTALL; ?> </a> - <a href="" onclick="if (event && event.preventDefault) event.preventDefault(); return batchSelectAll(0); "><?php echo _BATCH_DESELECTALL; ?> </a> ) </div> <?php }
function action_pathupdate() { global $oPluginAdmin; $o_oid = intRequestVar('oid'); $o_bid = intRequestVar('obd'); $o_param = requestVar('opr'); $o_name = requestVar('name'); $newPath = requestVar('path'); $action = requestVar('ret'); $msg = $this->plugin->RegistPath($o_oid, $newPath, $o_bid, $o_param, $o_name); if ($msg) { $this->error($msg); if ($msg[0] != 0) { return; exit; } } $mesage = _UPDATE_SUCCESS; switch ($action) { case 'catoverview': if ($o_param == 'subcategory') { $bid = getBlogIDFromCatID($o_bid); } else { $bid = $o_bid; } $this->action_categoryview($bid, _UPDATE_SUCCESS); break; case 'memberview': $this->action_memberview(_UPDATE_SUCCESS); break; case 'blogview': $this->action_blogview(_UPDATE_SUCCESS); break; case 'itemview': $this->action_itemview($o_bid, _UPDATE_SUCCESS); break; default: echo _UPDATE_SUCCESS; break; } return; }
function media_select() { global $member, $CONF, $DIR_MEDIA, $manager; // show 10 files + navigation buttons // show msg when no files // show upload form // files sorted according to last modification date // currently selected collection $currentCollection = requestVar('collection'); if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection)) { $tinymce = $manager->getPlugin('NP_TinyMCE'); switch ($tinymce->getOption('def_dir_mode')) { case 'fix': $currentCollection = $tinymce->getOption('def_dir'); break; default: $currentCollection = $member->getID(); } } // avoid directory travarsal and accessing invalid directory if (!MEDIA::isValidCollection($currentCollection)) { media_doError(_ERROR_DISALLOWED); } media_head(); // get collection list $collections = MEDIA::getCollectionList(); if (sizeof($collections) > 1) { ?> <form method="post" action="media.php"><div> <label for="media_collection"><?php echo htmlspecialchars(_MEDIA_COLLECTION_LABEL); ?> </label> <select name="collection" id="media_collection" onchange="return form.submit()"> <?php foreach ($collections as $dirname => $description) { echo '<option value="', htmlspecialchars($dirname), '"'; if ($dirname == $currentCollection) { echo ' selected="selected"'; } echo '>', htmlspecialchars($description), '</option>'; } ?> </select> <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_TO); ?> " title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK); ?> " class="button" /> <?php $manager->addTicketHidden(); ?> </div></form> <?php } else { ?> <form method="post" action="media.php" style="float:right"><div> <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection); ?> " /> <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_NEW); ?> " title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK); ?> " class="button" /> <?php $manager->addTicketHidden(); ?> </div></form> <?php } // if sizeof $filter = requestVar('filter'); $offset = intRequestVar('offset'); $arr = MEDIA::getMediaListByCollection($currentCollection, $filter); ?> <form method="post" action="media.php"><div> <label for="media_filter"><?php echo htmlspecialchars(_MEDIA_FILTER_LABEL); ?> </label> <input id="media_filter" type="text" name="filter" value="<?php echo htmlspecialchars($filter); ?> " /> <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_FILTER_APPLY); ?> " class="button" /> <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection); ?> " /> <input type="hidden" name="offset" value="<?php echo intval($offset); ?> " /> </div></form> <?php ?> <table width="100%"> <caption><?php echo _MEDIA_COLLECTION_LABEL . htmlspecialchars($collections[$currentCollection]); ?> </caption> <tr> <th><?php echo _MEDIA_MODIFIED; ?> </th><th><?php echo _MEDIA_FILENAME; ?> </th><th><?php echo _MEDIA_DIMENSIONS; ?> </th> </tr> <?php if (sizeof($arr) > 0) { if ($offset + $CONF['MediaPerPage'] >= sizeof($arr)) { $offset = sizeof($arr) - $CONF['MediaPerPage']; } if ($offset < 0) { $offset = 0; } $idxStart = $offset; $idxEnd = $offset + $CONF['MediaPerPage']; $idxNext = $idxEnd; $idxPrev = $idxStart - $CONF['MediaPerPage']; if ($idxPrev < 0) { $idxPrev = 0; } if ($idxEnd > sizeof($arr)) { $idxEnd = sizeof($arr); } for ($i = $idxStart; $i < $idxEnd; $i++) { $obj = $arr[$i]; $filename = $DIR_MEDIA . $currentCollection . '/' . $obj->filename; $old_level = error_reporting(0); $size = @GetImageSize($filename); error_reporting($old_level); $width = $size[0]; $height = $size[1]; $filetype = $size[2]; echo "<tr>"; echo "<td>" . date("Y-m-d", $obj->timestamp) . "</td>"; // strings for javascript $jsCurrentCollection = str_replace("'", "\\'", $currentCollection); $jsFileName = str_replace("'", "\\'", $obj->filename); if ($filetype != 0) { // image (gif/jpg/png/swf) echo "<td><span style=\"cursor:pointer;\" onclick=\"chooseImage('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'," . "'", htmlspecialchars($width), "','", htmlspecialchars($height), "'" . ")\" title=\"" . htmlspecialchars($obj->filename) . "\">" . htmlspecialchars(shorten($obj->filename, 25, '...')) . "</span>"; echo ' (<a href="', htmlspecialchars($CONF['MediaURL'] . $currentCollection . '/' . $obj->filename), '" onclick="window.open(this.href); return false;" title="', htmlspecialchars(_MEDIA_VIEW_TT), '">', _MEDIA_VIEW, '</a>)'; echo "</td>"; } else { // no image (e.g. mpg) echo "<td><span style=\"cursor:pointer;\" onclick=\"chooseOther('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'" . ")\" title=\"" . htmlspecialchars($obj->filename) . "\">" . htmlspecialchars(shorten($obj->filename, 30, '...')) . "</span></td>"; } echo '<td>', htmlspecialchars($width), 'x', htmlspecialchars($height), '</td>'; echo '</tr>'; } } // if (sizeof($arr)>0) ?> </table> <?php if ($idxStart > 0) { echo "<a href='media.php?offset={$idxPrev}&collection=" . urlencode($currentCollection) . "'>" . _LISTS_PREV . "</a> "; } if ($idxEnd < sizeof($arr)) { echo "<a href='media.php?offset={$idxNext}&collection=" . urlencode($currentCollection) . "'>" . _LISTS_NEXT . "</a> "; } ?> <input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" class="radio" /><label for="typeradio0"><?php echo _MEDIA_INLINE; ?> </label> <input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" class="radio" /><label for="typeradio1"><?php echo _MEDIA_POPUP; ?> </label> <?php media_foot(); }
function convertLocalTrackbackURL($data) { global $manager, $CONF; $ping_urls_count = 0; $ping_urls = array(); $localflag = array(); $ping_url = requestVar('trackback_ping_url'); if (trim($ping_url)) { $ping_urlsTemp = array(); $ping_urlsTemp = preg_split("/[\\s,]+/", trim($ping_url)); for ($i = 0; $i < count($ping_urlsTemp); $i++) { $ping_urls[] = trim($ping_urlsTemp[$i]); $ping_urls_count++; } } $tb_url_amount = intRequestVar('tb_url_amount'); for ($i = 0; $i < $tb_url_amount; $i++) { $tb_temp_url = requestVar('tb_url_' . $i); if ($tb_temp_url) { $ping_urls[$ping_urls_count] = $tb_temp_url; $localflag[$ping_urls_count] = requestVar('tb_url_' . $i . '_local') == 'on' ? 1 : 0; $ping_urls_count++; } } if ($ping_urls_count <= 0) { return; } $blog_id = getBlogidFromItemID(intval($data['itemid'])); for ($i = 0; $i < count($ping_urls); $i++) { if ($localflag[$i]) { $tmp_url = parse_url($ping_urls[$i]); $tmp_url['path'] = trim($tmp_url['path'], '/'); $path_arr = explode("/", $tmp_url['path']); $tail = end($path_arr); $linkObj = array('linkparam' => 'item', 'bid' => $blog_id); if (substr($tail, -10) == '.trackback') { $pathName = substr($tail, 0, -10); if (substr($pathName, -5) == '.html') { $linkObj['name'] = $pathName; } else { $linkObj['name'] = $pathName . '.html'; } } else { $linkObj['name'] = $tail; } $item_id = $this->getRequestPathInfo($linkObj); if ($item_id) { $ping_urls[$i] = $CONF['ActionURL'] . '?action=plugin&name=TrackBack&tb_id=' . $item_id; } } } $_REQUEST['trackback_ping_url'] = implode("\n", $ping_urls); }
/** * Tries to create an item from the data in the current request (comes from * bookmarklet or admin area * * Returns an array with status info: * status = 'added', 'error', 'newcategory' * * @static */ function createFromRequest() { global $member, $manager; $i_author = $member->getID(); $i_body = postVar('body'); $i_title = postVar('title'); $i_more = postVar('more'); $i_actiontype = postVar('actiontype'); $i_closed = intPostVar('closed'); $i_hour = intPostVar('hour'); $i_minutes = intPostVar('minutes'); $i_month = intPostVar('month'); $i_day = intPostVar('day'); $i_year = intPostVar('year'); $i_catid = postVar('catid'); $i_draftid = intPostVar('draftid'); if (!$member->canAddItem($i_catid)) { return array('status' => 'error', 'message' => _ERROR_DISALLOWED); } if (!$i_actiontype) { $i_actiontype = 'addnow'; } switch ($i_actiontype) { case 'adddraft': $i_draft = 1; break; case 'addfuture': case 'addnow': default: $i_draft = 0; } if (!trim($i_body)) { return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS); } // create new category if needed if (strstr($i_catid, 'newcat')) { // get blogid list($i_blogid) = sscanf($i_catid, "newcat-%d"); // create $blog =& $manager->getBlog($i_blogid); $i_catid = $blog->createNewCategory(); // show error when sth goes wrong if (!$i_catid) { return array('status' => 'error', 'message' => 'Could not create new category'); } } else { // force blogid (must be same as category id) $i_blogid = getBlogIDFromCatID($i_catid); $blog =& $manager->getBlog($i_blogid); } if ($i_actiontype == 'addfuture') { $posttime = mktime($i_hour, $i_minutes, 0, $i_month, $i_day, $i_year); // make sure the date is in the future, unless we allow past dates if (!$blog->allowPastPosting() && $posttime < $blog->getCorrectTime()) { $posttime = $blog->getCorrectTime(); } } else { // time with offset, or 0 for drafts $posttime = $i_draft ? 0 : $blog->getCorrectTime(); } if ($posttime > $blog->getCorrectTime()) { $posted = 0; $blog->setFuturePost(); } else { $posted = 1; } $itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft, $posted); //Setting the itemOptions $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions, $itemid); $manager->notify('PostPluginOptionsUpdate', array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid))); if ($i_draftid > 0) { // delete permission is checked inside ITEM::delete() ITEM::delete($i_draftid); } // success if ($i_catid != intRequestVar('catid')) { return array('status' => 'newcategory', 'itemid' => $itemid, 'catid' => $i_catid); } else { return array('status' => 'added', 'itemid' => $itemid); } }
// get all variables that can come from the request and put them in the global scope $blogid = requestVar('blogid'); $itemid = intRequestVar('itemid'); $catid = intRequestVar('catid'); $skinid = requestVar('skinid'); $memberid = requestVar('memberid'); $archivelist = requestVar('archivelist'); $imagepopup = requestVar('imagepopup'); $archive = requestVar('archive'); $query = requestVar('query'); $highlight = requestVar('highlight'); $amount = requestVar('amount'); $action = requestVar('action'); $nextaction = requestVar('nextaction'); $maxresults = requestVar('maxresults'); $startpos = intRequestVar('startpos'); $errormessage = ''; $error = ''; $special = requestVar('special'); $virtualpath = getVar('virtualpath') != null ? getVar('virtualpath') : serverVar('PATH_INFO'); if (!headers_sent()) { header('Generator: Nucleus CMS ' . $nucleus['version']); } // include core classes that are needed for login & plugin handling include_once $DIR_LIBS . 'mysql.php'; // added for 3.5 sql_* wrapper global $MYSQL_HANDLER; if (!isset($MYSQL_HANDLER)) { $MYSQL_HANDLER = array('mysql', ''); } if ($MYSQL_HANDLER[0] == '') {
$oPluginAdmin = new PluginAdmin('Views'); $oPluginAdmin->start(); global $CONF, $manager; echo '<h2>NP_Views Counter Management</h2>'; $doaction = getVar('doaction'); if ($doaction == 'resetall') { $resetaction = $CONF['ActionURL'] . '?action=plugin&name=Views&type=resetallview'; echo "You are about to reset all view counts!!!"; echo "<form method=\"POST\" name=\"selectform\" action=\"" . $resetaction . "\">"; echo "<input type=\"submit\" value=\"Confirm Reset View Counts\" name=\"doaction\" />"; echo "</form>"; $oPluginAdmin->end(); exit; } echo '<a href="' . $CONF['PluginURL'] . 'views/index.php/?doaction=resetall">Reset all view counts</a>'; $offset = intRequestVar('offset'); $sorting = 'id'; // views, id $sortby = getVar('sort'); if ($sortby != '') { $sorting = $sortby; } $order = 'inc'; // default incrument ordering $orderby = getVar('order'); if ($orderby != '') { $order = $orderby; } $offset = 0; $offsetby = getVar('offset'); if ($offsetby != '') {
/** * Parse skinvar image */ function parse_image($what = 'imgtag') { global $CONF; $imagetext = htmlspecialchars(requestVar('imagetext')); $imagepopup = requestVar('imagepopup'); $width = intRequestVar('width'); $height = intRequestVar('height'); $fullurl = htmlspecialchars($CONF['MediaURL'] . $imagepopup); switch ($what) { case 'url': echo $fullurl; break; case 'width': echo $width; break; case 'height': echo $height; break; case 'caption': case 'text': echo $imagetext; break; case 'imgtag': default: echo "<img src=\"{$fullurl}\" width=\"{$width}\" height=\"{$height}\" alt=\"{$imagetext}\" title=\"{$imagetext}\" />"; break; } }
function bm_doEditForm() { global $member, $manager; $itemid = intRequestVar('itemid'); if (!$manager->existsItem($itemid, 0, 0)) { bm_doError(_ERROR_NOSUCHITEM); } if (!$member->canAlterItem($itemid)) { bm_doError(_ERROR_DISALLOWED); } $item =& $manager->getItem($itemid, 1, 1); $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); $manager->notify('PrepareItemForEdit', array('item' => &$item)); if ($blog->convertBreaks()) { $item['body'] = removeBreaks($item['body']); $item['more'] = removeBreaks($item['more']); } $formfactory = new PAGEFACTORY($blog->getID()); $formfactory->createEditForm('bookmarklet', $item); }