/** * Perform admin only changes to the content buffer * This will happen before \gp\tool\Output::BufferOut() * */ public static function AdminBuffer($buffer) { global $wbErrorBuffer, $gp_admin_html; //add $gp_admin_html to the document if (strpos($buffer, '<!-- get_head_placeholder ' . gp_random . ' -->') !== false) { $buffer = \gp\tool\Output::AddToBody($buffer, '<div id="gp_admin_html">' . $gp_admin_html . \gp\tool\Output::$editlinks . '</div><div id="gp_admin_fixed"></div>'); } // Add a generic admin nonce field to each post form // Admin nonces are also added with javascript if needed $count = preg_match_all('#<form[^<>]*method=[\'"]post[\'"][^<>]*>#i', $buffer, $matches); if ($count) { $nonce = \gp\tool::new_nonce('post', true); $matches[0] = array_unique($matches[0]); foreach ($matches[0] as $match) { //make sure it's a local action if (preg_match('#action=[\'"]([^\'"]+)[\'"]#i', $match, $sub_matches)) { $action = $sub_matches[1]; if (substr($action, 0, 2) === '//') { continue; } elseif (strpos($action, '://')) { continue; } } $replacement = '<span class="nodisplay"><input type="hidden" name="verified" value="' . $nonce . '"/></span>'; $pos = strpos($buffer, $match) + strlen($match); $buffer = substr_replace($buffer, $replacement, $pos, 0); } } return $buffer; }