MERGE: リビジョン1991。Adminクラスにおける<%skinfile%>の引数を修正

[nucleus-jp/nucleus-next.git] / nucleus / libs / PLUGINADMIN.php

<?php

/*
 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
 * Copyright (C) 2002-2012 The Nucleus Group
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * (see nucleus/documentation/index.html#license for more info)
 */
/**
 * code to make it easier to create plugin admin areas
 *
 * @license http://nucleuscms.org/license.txt GNU General Public License
 * @copyright Copyright (C) 2002-2012 The Nucleus Group
 * @version $Id: PLUGINADMIN.php 1886 2012-06-17 08:27:27Z sakamocchi $
 */

class PluginAdmin
{
        public $strFullName;    // NP_SomeThing
        public $plugin;         // ref. to plugin object
        public $bValid;         // evaluates to true when object is considered valid
        public $admin;                  // ref to an admin object

        private $skinContents;  // PluginAdmin contents
        private $extrahead;             // extrahead

        public function __construct($pluginName)
        {
                global $manager, $DIR_LIBS;
                
                if ( !class_exists('Admin', FALSE) )
                {
                        include($DIR_LIBS . 'ADMIN.php');
                }
                
                $this->strFullName = "NP_{$pluginName}";
                
                // check if plugin exists and is installed
                if ( !$manager->pluginInstalled($this->strFullName) )
                {
                        doError(_ERROR_INVALID_PLUGIN);
                        return;
                }
                
                $this->plugin = &$manager->getPlugin($this->strFullName);
                $this->bValid =  $this->plugin;
                
                if ( !$this->bValid )
                {
                        doError(_ERROR_INVALID_PLUGIN);
                        return;
                }
                
                Admin::initialize();
                Admin::$action = "plugin_{$pluginName}";
                
                return;
        }
        
        /**
         * PluginAdmin::start()
         * 
         * @param       string  $extraHead      child elements for header element
         * @return      void
         */
        public function start($extraHead = '')
        {
                global $CONF;
                $this->extrahead = $extraHead . '<base href="' . Entity::hsc($CONF['AdminURL']) . '" />' . "\n";
                ob_start();
                return;
        }
        
        /**
         * PluginAdmin::end()
         * 
         * @param       void
         * @return      void
         */
        public function end()
        {
                $this->AddTicketByJS();
                $contents = ob_get_contents();
                ob_end_clean();
                $this->skinContents = '<%pagehead%>' . $contents . '<%pagefoot%>';
                Admin::action_PluginAdmin($this->skinContents, $this->extrahead);
                return;
        }
        
        /**
         * PluginAdmin::_AddTicketByJS()
         * Add ticket when not used in plugin's admin page
         * to avoid CSRF.
         * 
         * @param       void
         * @return      void
         */
        private function AddTicketByJS()
        {
                global $CONF,$ticketforplugin;
                if ( !($ticket = $ticketforplugin['ticket']) )
                {
                        return;
                }
                $ticket=Entity::hsc($ticket);

?><script type="text/javascript">
/*<![CDATA[*/
/* Add tickets for available links (outside blog excluded) */
for (i=0;document.links[i];i++){
  if (document.links[i].href.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0
    && !(document.links[i].href.indexOf('//',0)<0)) continue;
  if ((j=document.links[i].href.indexOf('?',0))<0) continue;
  if (document.links[i].href.indexOf('ticket=',j)>=0) continue;
  document.links[i].href=document.links[i].href.substring(0,j+1)+'ticket=<?php echo $ticket; ?>&'+document.links[i].href.substring(j+1);
}
/* Add tickets for forms (outside blog excluded) */
for (i=0;document.forms[i];i++){
  /* check if ticket is already used */
  for (j=0;document.forms[i].elements[j];j++) {
    if (document.forms[i].elements[j].name=='ticket') {
      j=-1;
      break;
    }
  }
  if (j==-1) continue;
 
  /* check if the modification works */
  try{document.forms[i].innerHTML+='';}catch(e){
    /* Modificaion falied: this sometime happens on IE */
    if (!document.forms[i].action.name && document.forms[i].method.toUpperCase()=="POST") {
      /* <input name="action"/> is not used for POST method*/
      if (document.forms[i].action.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0
        && !(document.forms[i].action.indexOf('//',0)<0)) continue;
      if (0<(j=document.forms[i].action.indexOf('?',0))) if (0<document.forms[i].action.indexOf('ticket=',j)) continue;
      if (j<0) document.forms[i].action+='?'+'ticket=<?php echo $ticket; ?>';
      else document.forms[i].action+='&'+'ticket=<?php echo $ticket; ?>';
      continue;
    }
    document.write('<?php echo _PLUGINADMIN_TICKETS_JAVASCRIPT ?>');
    j=document.forms[i].outerHTML;
    while (j!=j.replace('<','&lt;')) j=j.replace('<','&lt;');
    document.write('<p>'+j+'</p>');
    continue;
  }
  /* check the action paramer in form tag */
  /* note that <input name="action"/> may be used here */
  j=document.forms[i].innerHTML;
  document.forms[i].innerHTML='';
  if ((document.forms[i].action+'').indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0
      && !((document.forms[i].action+'').indexOf('//',0)<0)) {
    document.forms[i].innerHTML=j;
    continue;
  }
  /* add ticket */
  document.forms[i].innerHTML=j+'<input type="hidden" name="ticket" value="<?php echo $ticket; ?>"/>';
}
/*]]>*/
</script><?php
        return;
        }
}