-<?php
-
-/*
- * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
- * Copyright (C) 2002-2009 The Nucleus Group
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- * (see nucleus/documentation/index.html#license for more info)
- */
-/**
- * code to make it easier to create plugin admin areas
- *
- * @license http://nucleuscms.org/license.txt GNU General Public License
- * @copyright Copyright (C) 2002-2009 The Nucleus Group
- * @version $Id: PLUGINADMIN.php 1626 2012-01-09 15:46:54Z sakamocchi $
- */
-
-class PluginAdmin {
-
- var $strFullName; // NP_SomeThing
- var $plugin; // ref. to plugin object
- var $bValid; // evaluates to true when object is considered valid
- var $admin; // ref to an admin object
-
- function PluginAdmin($pluginName)
- {
- global $manager;
- //include_once($DIR_LIBS . 'ADMIN.php');
- include_libs('ADMIN.php',true,true);
-
- $this->strFullName = 'NP_' . $pluginName;
-
- // check if plugin exists and is installed
- if ( !$manager->pluginInstalled($this->strFullName) )
- {
- doError(_ERROR_INVALID_PLUGIN);
- }
-
- $this->plugin =& $manager->getPlugin($this->strFullName);
- $this->bValid = $this->plugin;
-
- if ( !$this->bValid )
- {
- doError(_ERROR_INVALID_PLUGIN);
- }
-
- $this->admin = new ADMIN();
- $this->admin->action = 'plugin_' . $pluginName;
- }
-
- function start($extraHead = '')
- {
- global $CONF;
- $strBaseHref = '<base href="' . ENTITY::hsc($CONF['AdminURL']) . '" />';
- $extraHead .= $strBaseHref;
-
- $this->admin->pagehead($extraHead);
- }
-
- function end()
- {
- $this->_AddTicketByJS();
- $this->admin->pagefoot();
- }
-
-/**
- * Add ticket when not used in plugin's admin page
- * to avoid CSRF.
- */
- function _AddTicketByJS(){
- global $CONF,$ticketforplugin;
- if ( !($ticket=$ticketforplugin['ticket']) )
- {
- //echo "\n<!--TicketForPlugin skipped-->\n";
- return;
- }
- $ticket=ENTITY::hsc($ticket);
-
-?><script type="text/javascript">
-/*<![CDATA[*/
-/* Add tickets for available links (outside blog excluded) */
-for (i=0;document.links[i];i++){
- if (document.links[i].href.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0
- && !(document.links[i].href.indexOf('//',0)<0)) continue;
- if ((j=document.links[i].href.indexOf('?',0))<0) continue;
- if (document.links[i].href.indexOf('ticket=',j)>=0) continue;
- document.links[i].href=document.links[i].href.substring(0,j+1)+'ticket=<?php echo $ticket; ?>&'+document.links[i].href.substring(j+1);
-}
-/* Add tickets for forms (outside blog excluded) */
-for (i=0;document.forms[i];i++){
- /* check if ticket is already used */
- for (j=0;document.forms[i].elements[j];j++) {
- if (document.forms[i].elements[j].name=='ticket') {
- j=-1;
- break;
- }
- }
- if (j==-1) continue;
-
- /* check if the modification works */
- try{document.forms[i].innerHTML+='';}catch(e){
- /* Modificaion falied: this sometime happens on IE */
- if (!document.forms[i].action.name && document.forms[i].method.toUpperCase()=="POST") {
- /* <input name="action"/> is not used for POST method*/
- if (document.forms[i].action.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0
- && !(document.forms[i].action.indexOf('//',0)<0)) continue;
- if (0<(j=document.forms[i].action.indexOf('?',0))) if (0<document.forms[i].action.indexOf('ticket=',j)) continue;
- if (j<0) document.forms[i].action+='?'+'ticket=<?php echo $ticket; ?>';
- else document.forms[i].action+='&'+'ticket=<?php echo $ticket; ?>';
- continue;
- }
- document.write('<?php echo _PLUGINADMIN_TICKETS_JAVASCRIPT ?>');
- j=document.forms[i].outerHTML;
- while (j!=j.replace('<','<')) j=j.replace('<','<');
- document.write('<p>'+j+'</p>');
- continue;
- }
- /* check the action paramer in form tag */
- /* note that <input name="action"/> may be used here */
- j=document.forms[i].innerHTML;
- document.forms[i].innerHTML='';
- if ((document.forms[i].action+'').indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0
- && !((document.forms[i].action+'').indexOf('//',0)<0)) {
- document.forms[i].innerHTML=j;
- continue;
- }
- /* add ticket */
- document.forms[i].innerHTML=j+'<input type="hidden" name="ticket" value="<?php echo $ticket; ?>"/>';
-}
-/*]]>*/
-</script><?php
-
- }
-}
-
+<?php\r
+\r
+/*\r
+ * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
+ * Copyright (C) 2002-2009 The Nucleus Group\r
+ *\r
+ * This program is free software; you can redistribute it and/or\r
+ * modify it under the terms of the GNU General Public License\r
+ * as published by the Free Software Foundation; either version 2\r
+ * of the License, or (at your option) any later version.\r
+ * (see nucleus/documentation/index.html#license for more info)\r
+ */\r
+/**\r
+ * code to make it easier to create plugin admin areas\r
+ *\r
+ * @license http://nucleuscms.org/license.txt GNU General Public License\r
+ * @copyright Copyright (C) 2002-2009 The Nucleus Group\r
+ * @version $Id: PLUGINADMIN.php 1626 2012-01-09 15:46:54Z sakamocchi $\r
+ */\r
+\r
+class PluginAdmin {\r
+\r
+ var $strFullName; // NP_SomeThing\r
+ var $plugin; // ref. to plugin object\r
+ var $bValid; // evaluates to true when object is considered valid\r
+ var $admin; // ref to an admin object\r
+\r
+ function PluginAdmin($pluginName)\r
+ {\r
+ global $manager;\r
+ //include_once($DIR_LIBS . 'ADMIN.php');\r
+ include_libs('ADMIN.php',true,true);\r
+\r
+ $this->strFullName = 'NP_' . $pluginName;\r
+\r
+ // check if plugin exists and is installed\r
+ if ( !$manager->pluginInstalled($this->strFullName) )\r
+ {\r
+ doError(_ERROR_INVALID_PLUGIN);\r
+ }\r
+\r
+ $this->plugin =& $manager->getPlugin($this->strFullName);\r
+ $this->bValid = $this->plugin;\r
+\r
+ if ( !$this->bValid )\r
+ {\r
+ doError(_ERROR_INVALID_PLUGIN);\r
+ }\r
+\r
+ $this->admin = new ADMIN();\r
+ $this->admin->action = 'plugin_' . $pluginName;\r
+ }\r
+\r
+ function start($extraHead = '')\r
+ {\r
+ global $CONF;\r
+ $strBaseHref = '<base href="' . ENTITY::hsc($CONF['AdminURL']) . '" />';\r
+ $extraHead .= $strBaseHref;\r
+\r
+ $this->admin->pagehead($extraHead);\r
+ }\r
+\r
+ function end()\r
+ {\r
+ $this->_AddTicketByJS();\r
+ $this->admin->pagefoot();\r
+ }\r
+\r
+/** \r
+ * Add ticket when not used in plugin's admin page\r
+ * to avoid CSRF.\r
+ */\r
+ function _AddTicketByJS(){\r
+ global $CONF,$ticketforplugin;\r
+ if ( !($ticket=$ticketforplugin['ticket']) ) \r
+ {\r
+ //echo "\n<!--TicketForPlugin skipped-->\n";\r
+ return;\r
+ }\r
+ $ticket=ENTITY::hsc($ticket);\r
+ \r
+?><script type="text/javascript">\r
+/*<![CDATA[*/\r
+/* Add tickets for available links (outside blog excluded) */\r
+for (i=0;document.links[i];i++){\r
+ if (document.links[i].href.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0\r
+ && !(document.links[i].href.indexOf('//',0)<0)) continue;\r
+ if ((j=document.links[i].href.indexOf('?',0))<0) continue;\r
+ if (document.links[i].href.indexOf('ticket=',j)>=0) continue;\r
+ document.links[i].href=document.links[i].href.substring(0,j+1)+'ticket=<?php echo $ticket; ?>&'+document.links[i].href.substring(j+1);\r
+}\r
+/* Add tickets for forms (outside blog excluded) */\r
+for (i=0;document.forms[i];i++){\r
+ /* check if ticket is already used */\r
+ for (j=0;document.forms[i].elements[j];j++) {\r
+ if (document.forms[i].elements[j].name=='ticket') {\r
+ j=-1;\r
+ break;\r
+ }\r
+ }\r
+ if (j==-1) continue;\r
+ \r
+ /* check if the modification works */\r
+ try{document.forms[i].innerHTML+='';}catch(e){\r
+ /* Modificaion falied: this sometime happens on IE */\r
+ if (!document.forms[i].action.name && document.forms[i].method.toUpperCase()=="POST") {\r
+ /* <input name="action"/> is not used for POST method*/\r
+ if (document.forms[i].action.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0\r
+ && !(document.forms[i].action.indexOf('//',0)<0)) continue;\r
+ if (0<(j=document.forms[i].action.indexOf('?',0))) if (0<document.forms[i].action.indexOf('ticket=',j)) continue;\r
+ if (j<0) document.forms[i].action+='?'+'ticket=<?php echo $ticket; ?>';\r
+ else document.forms[i].action+='&'+'ticket=<?php echo $ticket; ?>';\r
+ continue;\r
+ }\r
+ document.write('<?php echo _PLUGINADMIN_TICKETS_JAVASCRIPT ?>');\r
+ j=document.forms[i].outerHTML;\r
+ while (j!=j.replace('<','<')) j=j.replace('<','<');\r
+ document.write('<p>'+j+'</p>');\r
+ continue;\r
+ }\r
+ /* check the action paramer in form tag */\r
+ /* note that <input name="action"/> may be used here */\r
+ j=document.forms[i].innerHTML;\r
+ document.forms[i].innerHTML='';\r
+ if ((document.forms[i].action+'').indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0\r
+ && !((document.forms[i].action+'').indexOf('//',0)<0)) {\r
+ document.forms[i].innerHTML=j;\r
+ continue;\r
+ }\r
+ /* add ticket */\r
+ document.forms[i].innerHTML=j+'<input type="hidden" name="ticket" value="<?php echo $ticket; ?>"/>';\r
+}\r
+/*]]>*/\r
+</script><?php\r
+ \r
+ }\r
+}\r
+\r
OSDN Git Service
