4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
5 * Copyright (C) 2002-2009 The Nucleus Group
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * (see nucleus/documentation/index.html#license for more info)
14 * code to make it easier to create plugin admin areas
16 * @license http://nucleuscms.org/license.txt GNU General Public License
17 * @copyright Copyright (C) 2002-2009 The Nucleus Group
19 * $NucleusJP: PLUGINADMIN.php,v 1.8.2.2 2007/10/23 22:48:56 kmorimatsu Exp $
22 global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS;
\r
23 $aVarsToCheck = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS', 'HTTP_SESSION_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS', 'GLOBALS', 'argv', 'argc', '_GET', '_POST', '_COOKIE', '_ENV', '_SESSION', '_SERVER', '_FILES', 'DIR_LIBS');
\r
25 foreach ($aVarsToCheck as $varName)
\r
27 if (phpversion() >= '4.1.0')
\r
29 if ( isset($_GET[$varName])
\r
30 || isset($_POST[$varName])
\r
31 || isset($_COOKIE[$varName])
\r
32 || isset($_ENV[$varName])
\r
33 || isset($_SESSION[$varName])
\r
34 || isset($_FILES[$varName])
\r
36 die('Sorry. An error occurred.');
\r
39 if ( isset($HTTP_GET_VARS[$varName])
\r
40 || isset($HTTP_POST_VARS[$varName])
\r
41 || isset($HTTP_COOKIE_VARS[$varName])
\r
42 || isset($HTTP_ENV_VARS[$varName])
\r
43 || isset($HTTP_SESSION_VARS[$varName])
\r
44 || isset($HTTP_POST_FILES[$varName])
\r
46 die('Sorry. An error occurred.');
\r
51 if (!isset($DIR_LIBS)) {
\r
55 include($DIR_LIBS . 'ADMIN.php');
\r
59 var $strFullName; // NP_SomeThing
\r
60 var $plugin; // ref. to plugin object
\r
61 var $bValid; // evaluates to true when object is considered valid
\r
62 var $admin; // ref to an admin object
\r
64 function PluginAdmin($pluginName)
\r
68 $this->strFullName = 'NP_' . $pluginName;
\r
70 // check if plugin exists and is installed
\r
71 if (!$manager->pluginInstalled($this->strFullName))
\r
72 doError(_ERROR_INVALID_PLUGIN);
\r
74 $this->plugin =& $manager->getPlugin($this->strFullName);
\r
75 $this->bValid = $this->plugin;
\r
78 doError(_ERROR_INVALID_PLUGIN);
\r
80 $this->admin = new ADMIN();
\r
81 $this->admin->action = 'plugin_' . $pluginName;
\r
84 function start($extraHead = '')
\r
87 $strBaseHref = '<base href="' . htmlspecialchars($CONF['AdminURL']) . '" />';
\r
88 $extraHead .= $strBaseHref;
\r
90 $this->admin->pagehead($extraHead);
\r
95 $this->_AddTicketByJS();
\r
96 $this->admin->pagefoot();
\r
100 * Add ticket when not used in plugin's admin page
\r
103 function _AddTicketByJS(){
\r
104 global $CONF,$ticketforplugin;
\r
105 if (!($ticket=$ticketforplugin['ticket'])) {
\r
106 //echo "\n<!--TicketForPlugin skipped-->\n";
\r
109 $ticket=htmlspecialchars($ticket,ENT_QUOTES);
\r
111 ?><script type="text/javascript">
\r
113 /* Add tickets for available links (outside blog excluded) */
\r
114 for (i=0;document.links[i];i++){
\r
115 if (document.links[i].href.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0
\r
116 && !(document.links[i].href.indexOf('//',0)<0)) continue;
\r
117 if ((j=document.links[i].href.indexOf('?',0))<0) continue;
\r
118 if (document.links[i].href.indexOf('ticket=',j)>=0) continue;
\r
119 document.links[i].href=document.links[i].href.substring(0,j+1)+'ticket=<?php echo $ticket; ?>&'+document.links[i].href.substring(j+1);
\r
121 /* Add tickets for forms (outside blog excluded) */
\r
122 for (i=0;document.forms[i];i++){
\r
123 /* check if ticket is already used */
\r
124 for (j=0;document.forms[i].elements[j];j++) {
\r
125 if (document.forms[i].elements[j].name=='ticket') {
\r
130 if (j==-1) continue;
\r
132 /* check if the modification works */
\r
133 try{document.forms[i].innerHTML+='';}catch(e){
\r
134 /* Modificaion falied: this sometime happens on IE */
\r
135 if (!document.forms[i].action.name && document.forms[i].method.toUpperCase()=="POST") {
\r
136 /* <input name="action"/> is not used for POST method*/
\r
137 if (document.forms[i].action.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0
\r
138 && !(document.forms[i].action.indexOf('//',0)<0)) continue;
\r
139 if (0<(j=document.forms[i].action.indexOf('?',0))) if (0<document.forms[i].action.indexOf('ticket=',j)) continue;
\r
140 if (j<0) document.forms[i].action+='?'+'ticket=<?php echo $ticket; ?>';
\r
141 else document.forms[i].action+='&'+'ticket=<?php echo $ticket; ?>';
\r
144 document.write('<?php echo _PLUGINADMIN_TICKETS_JAVASCRIPT ?>');
\r
145 j=document.forms[i].outerHTML;
\r
146 while (j!=j.replace('<','<')) j=j.replace('<','<');
\r
147 document.write('<p>'+j+'</p>');
\r
150 /* check the action paramer in form tag */
\r
151 /* note that <input name="action"/> may be used here */
\r
152 j=document.forms[i].innerHTML;
\r
153 document.forms[i].innerHTML='';
\r
154 if ((document.forms[i].action+'').indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0
\r
155 && !((document.forms[i].action+'').indexOf('//',0)<0)) {
\r
156 document.forms[i].innerHTML=j;
\r
160 document.forms[i].innerHTML=j+'<input type="hidden" name="ticket" value="<?php echo $ticket; ?>"/>';
\r