ADMIN.phpにskinableADMIN.phpを統合

[nucleus-jp/nucleus-next.git] / nucleus / libs / PLUGINADMIN.php

<?php\r
\r
/*\r
 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
 * Copyright (C) 2002-2012 The Nucleus Group\r
 *\r
 * This program is free software; you can redistribute it and/or\r
 * modify it under the terms of the GNU General Public License\r
 * as published by the Free Software Foundation; either version 2\r
 * of the License, or (at your option) any later version.\r
 * (see nucleus/documentation/index.html#license for more info)\r
 */\r
/**\r
 * code to make it easier to create plugin admin areas\r
 *\r
 * @license http://nucleuscms.org/license.txt GNU General Public License\r
 * @copyright Copyright (C) 2002-2012 The Nucleus Group\r
 * @version $Id: PLUGINADMIN.php 1626 2012-01-09 15:46:54Z sakamocchi $\r
 */\r
\r
class PluginAdmin\r
{\r
        var $strFullName;               // NP_SomeThing\r
        var $plugin;                    // ref. to plugin object\r
        var $bValid;                    // evaluates to true when object is considered valid\r
        var $admin;                             // ref to an admin object\r
        \r
        function PluginAdmin($pluginName)\r
        {\r
                global $manager;\r
                include_once($DIR_LIBS . 'ADMIN.php');\r
                include_libs('ADMIN.php',true,true);\r
\r
                $this->strFullName = 'NP_' . $pluginName;\r
\r
                // check if plugin exists and is installed\r
                if ( !$manager->pluginInstalled($this->strFullName) )\r
                {\r
                        doError(_ERROR_INVALID_PLUGIN);\r
                }\r
\r
                $this->plugin =& $manager->getPlugin($this->strFullName);\r
                $this->bValid = $this->plugin;\r
\r
                if ( !$this->bValid )\r
                {\r
                        doError(_ERROR_INVALID_PLUGIN);\r
                }\r
\r
                $this->admin = new Admin();\r
                $this->admin->action = 'plugin_' . $pluginName;\r
        }\r
\r
        function start($extraHead = '')\r
        {\r
                global $CONF;\r
                $strBaseHref  = '<base href="' . Entity::hsc($CONF['AdminURL']) . '" />';\r
                $extraHead .= $strBaseHref;\r
\r
                $this->admin->pagehead($extraHead);\r
        }\r
\r
        function end()\r
        {\r
                $this->_AddTicketByJS();\r
                $this->admin->pagefoot();\r
        }\r
\r
/** \r
 * Add ticket when not used in plugin's admin page\r
 * to avoid CSRF.\r
 */\r
        function _AddTicketByJS(){\r
                global $CONF,$ticketforplugin;\r
                if ( !($ticket=$ticketforplugin['ticket']) ) \r
                {\r
                        //echo "\n<!--TicketForPlugin skipped-->\n";\r
                        return;\r
                }\r
                $ticket=Entity::hsc($ticket);\r
 \r
?><script type="text/javascript">\r
/*<![CDATA[*/\r
/* Add tickets for available links (outside blog excluded) */\r
for (i=0;document.links[i];i++){\r
  if (document.links[i].href.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0\r
    && !(document.links[i].href.indexOf('//',0)<0)) continue;\r
  if ((j=document.links[i].href.indexOf('?',0))<0) continue;\r
  if (document.links[i].href.indexOf('ticket=',j)>=0) continue;\r
  document.links[i].href=document.links[i].href.substring(0,j+1)+'ticket=<?php echo $ticket; ?>&'+document.links[i].href.substring(j+1);\r
}\r
/* Add tickets for forms (outside blog excluded) */\r
for (i=0;document.forms[i];i++){\r
  /* check if ticket is already used */\r
  for (j=0;document.forms[i].elements[j];j++) {\r
    if (document.forms[i].elements[j].name=='ticket') {\r
      j=-1;\r
      break;\r
    }\r
  }\r
  if (j==-1) continue;\r
 \r
  /* check if the modification works */\r
  try{document.forms[i].innerHTML+='';}catch(e){\r
    /* Modificaion falied: this sometime happens on IE */\r
    if (!document.forms[i].action.name && document.forms[i].method.toUpperCase()=="POST") {\r
      /* <input name="action"/> is not used for POST method*/\r
      if (document.forms[i].action.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0\r
        && !(document.forms[i].action.indexOf('//',0)<0)) continue;\r
      if (0<(j=document.forms[i].action.indexOf('?',0))) if (0<document.forms[i].action.indexOf('ticket=',j)) continue;\r
      if (j<0) document.forms[i].action+='?'+'ticket=<?php echo $ticket; ?>';\r
      else document.forms[i].action+='&'+'ticket=<?php echo $ticket; ?>';\r
      continue;\r
    }\r
    document.write('<?php echo _PLUGINADMIN_TICKETS_JAVASCRIPT ?>');\r
    j=document.forms[i].outerHTML;\r
    while (j!=j.replace('<','&lt;')) j=j.replace('<','&lt;');\r
    document.write('<p>'+j+'</p>');\r
    continue;\r
  }\r
  /* check the action paramer in form tag */\r
  /* note that <input name="action"/> may be used here */\r
  j=document.forms[i].innerHTML;\r
  document.forms[i].innerHTML='';\r
  if ((document.forms[i].action+'').indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0\r
      && !((document.forms[i].action+'').indexOf('//',0)<0)) {\r
    document.forms[i].innerHTML=j;\r
    continue;\r
  }\r
  /* add ticket */\r
  document.forms[i].innerHTML=j+'<input type="hidden" name="ticket" value="<?php echo $ticket; ?>"/>';\r
}\r
/*]]>*/\r
</script><?php\r
 \r
        }\r
}\r
\r