// // $Id: page-previsualization.php,v 1.5 2010/03/08 16:41:19 sebastien Exp $ /** * PHP page : page previsualization * Used to view the page edited data. * * @package Automne * @subpackage admin * @author Antoine Pouch <*****@*****.**> & * @author Sébastien Pauchet <*****@*****.**> */ require_once dirname(__FILE__) . '/../../cms_rc_admin.php'; $currentPage = sensitiveIO::request('currentPage', 'sensitiveIO::isPositiveInteger', CMS_session::getPageID()); $draft = sensitiveIO::request('draft') ? true : false; //unset request to avoid it to have interaction with page code sensitiveIO::unsetRequest(array('draft', 'currentPage')); //CHECKS if (!SensitiveIO::isPositiveInteger($currentPage)) { die("Invalid page"); } //view edited or edition mode ? $cms_visual_mode = $draft ? PAGE_VISUALMODE_HTML_EDITION : PAGE_VISUALMODE_HTML_EDITED; $cms_page = CMS_tree::getPageByID($currentPage); if (!$cms_user->hasPageClearance($cms_page->getID(), CLEARANCE_PAGE_EDIT)) { die('No rigths on page ...'); exit; } //unset vars to avoid interraction with page unset($currentPage); unset($draft); echo $cms_page->getContent($cms_language, $cms_visual_mode);
// $Id: templates-rows.php,v 1.4 2010/03/08 16:41:22 sebastien Exp $ /** * PHP page : template default rows * Used to view and set the default template rows * * @package Automne * @subpackage admin * @author Antoine Pouch <*****@*****.**> & * @author Sébastien Pauchet <*****@*****.**> */ require_once dirname(__FILE__) . '/../../cms_rc_admin.php'; define("MESSAGE_PAGE_TITLE", 852); $view = CMS_view::getInstance(); $templateId = sensitiveIO::request('template', 'sensitiveIO::isPositiveInteger'); //unset request to avoid it to have interaction with page code sensitiveIO::unsetRequest(array('template')); //CHECKS if (!SensitiveIO::isPositiveInteger($templateId)) { die("Invalid template"); } $template = CMS_pageTemplatesCatalog::getByID($templateId); if (!is_object($template) || $template->hasError()) { die("Invalid template or template error"); } //RIGHTS CHECK if (!$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDIT_TEMPLATES)) { //templates die("User has no rights on template edition"); } $dummy_page = CMS_tree::getRoot(); $dummy_page->setTitle($cms_language->getMessage(MESSAGE_PAGE_TITLE, array($template->getLabel())), $cms_user);
//block flash $width = sensitiveIO::request('flashwidth'); $height = sensitiveIO::request('flashheight'); $name = sensitiveIO::request('flashname'); $version = sensitiveIO::request('flashversion'); $params = sensitiveIO::request('flashparams'); $flashvars = sensitiveIO::request('flashvars'); $attributes = sensitiveIO::request('flashattributes'); //block image $imagelink = sensitiveIO::request('imagelink'); $imagelabel = sensitiveIO::request('imagelabel'); $zoomname = sensitiveIO::request('zoomname'); //block link $linktext = sensitiveIO::request('link'); //unset requests to avoid them to have interaction with evaluated page codes sensitiveIO::unsetRequest(array_keys($_REQUEST)); //try to instanciate the requested page $cms_page = CMS_tree::getPageByID($currentPage); //instanciate page and check if user has view rights on it if (isset($cms_page) && $cms_page->hasError()) { CMS_grandFather::raiseError('Error on page : ' . $cms_page->getID()); $view->show(); } //check for edit rights for user if (!$cms_user->hasPageClearance($cms_page->getID(), CLEARANCE_PAGE_EDIT)) { CMS_grandFather::raiseError('Error, user has no rights on page : ' . $cms_page->getID()); $view->show(); } //check for lock if ($cms_page->getLock() && $cms_page->getLock() != $cms_user->getUserId()) { CMS_grandFather::raiseError('Page ' . $currentPage . ' is currently locked by another user and can\'t be updated.');
// $Id: page-content.php,v 1.5 2010/03/08 16:41:19 sebastien Exp $ /** * PHP page : page previsualization * Used to view the page edited data. * * @package Automne * @subpackage admin * @author Antoine Pouch <*****@*****.**> & * @author Sébastien Pauchet <*****@*****.**> */ require_once dirname(__FILE__) . '/../../cms_rc_admin.php'; $cms_view = CMS_view::getInstance(); $currentPage = sensitiveIO::request('page', 'sensitiveIO::isPositiveInteger', CMS_session::getPageID()); $action = sensitiveIO::request('action'); //unset request to avoid it to have interaction with page code sensitiveIO::unsetRequest(array('action', 'page')); //CHECKS if (!SensitiveIO::isPositiveInteger($currentPage)) { die("Invalid page"); } $cms_page = CMS_tree::getPageByID($currentPage); if (!is_object($cms_page) || $cms_page->hasError()) { die("Invalid page or page error"); } //set page to context CMS_session::setPage($cms_page); //RIGHTS CHECK if (!$cms_user->hasPageClearance($cms_page->getID(), CLEARANCE_PAGE_EDIT) || !$cms_user->hasModuleClearance(MOD_STANDARD_CODENAME, CLEARANCE_MODULE_EDIT)) { die("User has no rights on page"); } elseif (!$action && !$cms_page->getLock()) { $cms_page->lock($cms_user);