/**
* Perform admin only changes to the content buffer
* This will happen before \gp\tool\Output::BufferOut()
*
*/
public static function AdminBuffer($buffer)
{
global $wbErrorBuffer, $gp_admin_html;
//add $gp_admin_html to the document
if (strpos($buffer, '<!-- get_head_placeholder ' . gp_random . ' -->') !== false) {
$buffer = \gp\tool\Output::AddToBody($buffer, '<div id="gp_admin_html">' . $gp_admin_html . \gp\tool\Output::$editlinks . '</div><div id="gp_admin_fixed"></div>');
}
// Add a generic admin nonce field to each post form
// Admin nonces are also added with javascript if needed
$count = preg_match_all('#<form[^<>]*method=[\'"]post[\'"][^<>]*>#i', $buffer, $matches);
if ($count) {
$nonce = \gp\tool::new_nonce('post', true);
$matches[0] = array_unique($matches[0]);
foreach ($matches[0] as $match) {
//make sure it's a local action
if (preg_match('#action=[\'"]([^\'"]+)[\'"]#i', $match, $sub_matches)) {
$action = $sub_matches[1];
if (substr($action, 0, 2) === '//') {
continue;
} elseif (strpos($action, '://')) {
continue;
}
}
$replacement = '<span class="nodisplay"><input type="hidden" name="verified" value="' . $nonce . '"/></span>';
$pos = strpos($buffer, $match) + strlen($match);
$buffer = substr_replace($buffer, $replacement, $pos, 0);
}
}
return $buffer;
}
