Merge branch 'skinnable-master'

[nucleus-jp/nucleus-next.git] / nucleus / libs / PLUGINADMIN.php

diff --git a/nucleus/libs/PLUGINADMIN.php b/nucleus/libs/PLUGINADMIN.php
index 9d2b208..e1fce52 100644 (file)
--- a/nucleus/libs/PLUGINADMIN.php
+++ b/nucleus/libs/PLUGINADMIN.php
@@ -1,3 +1,165 @@
+<<<<<<< HEAD
+<?php\r
+\r
+/*\r
+ * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
+ * Copyright (C) 2002-2012 The Nucleus Group\r
+ *\r
+ * This program is free software; you can redistribute it and/or\r
+ * modify it under the terms of the GNU General Public License\r
+ * as published by the Free Software Foundation; either version 2\r
+ * of the License, or (at your option) any later version.\r
+ * (see nucleus/documentation/index.html#license for more info)\r
+ */\r
+/**\r
+ * code to make it easier to create plugin admin areas\r
+ *\r
+ * @license http://nucleuscms.org/license.txt GNU General Public License\r
+ * @copyright Copyright (C) 2002-2012 The Nucleus Group\r
+ * @version $Id: PLUGINADMIN.php 1626 2012-01-09 15:46:54Z sakamocchi $\r
+ */\r
+\r
+class PluginAdmin\r
+{\r
+       public $strFullName;            // NP_SomeThing\r
+       public $plugin;                 // ref. to plugin object\r
+       public $bValid;                 // evaluates to true when object is considered valid\r
+       public $admin;                          // ref to an admin object\r
+       \r
+       public function __construct($pluginName)\r
+       {\r
+               global $manager, $DIR_LIBS;\r
+               \r
+               if ( !class_exists('Admin', FALSE) )\r
+               {\r
+                       include($DIR_LIBS . 'ADMIN.php');\r
+               }\r
+               \r
+               $this->strFullName = "NP_{$pluginName}";\r
+               \r
+               // check if plugin exists and is installed\r
+               if ( !$manager->pluginInstalled($this->strFullName) )\r
+               {\r
+                       doError(_ERROR_INVALID_PLUGIN);\r
+               }\r
+               \r
+               $this->plugin =& $manager->getPlugin($this->strFullName);\r
+               $this->bValid = $this->plugin;\r
+               \r
+               if ( !$this->bValid )\r
+               {\r
+                       doError(_ERROR_INVALID_PLUGIN);\r
+               }\r
+               \r
+               $this->admin = new Admin();\r
+               $this->admin->action = "plugin_{$pluginName}";\r
+               return;\r
+       }\r
+       \r
+       /**\r
+        * PluginAdmin::start()\r
+        * \r
+        * @param       string  $extraHead      child elements for header element\r
+        * @return      void\r
+        */\r
+       public function start($extraHead = '')\r
+       {\r
+               global $CONF;\r
+               $strBaseHref  = '<base href="' . Entity::hsc($CONF['AdminURL']) . '" />';\r
+               $extraHead .= $strBaseHref;\r
+               \r
+               $this->admin->pagehead($extraHead);\r
+               return;\r
+       }\r
+       \r
+       /**\r
+        * PluginAdmin::end()\r
+        * \r
+        * @param       void\r
+        * @return      void\r
+        */\r
+       public function end()\r
+       {\r
+               $this->_AddTicketByJS();\r
+               $this->admin->pagefoot();\r
+               return;\r
+       }\r
+       \r
+       /**\r
+        * PluginAdmin::_AddTicketByJS()\r
+        * Add ticket when not used in plugin's admin page\r
+        * to avoid CSRF.\r
+        * \r
+        * @param       void\r
+        * @return      void\r
+        */\r
+       public function _AddTicketByJS()\r
+       {\r
+               global $CONF,$ticketforplugin;\r
+               if ( !($ticket=$ticketforplugin['ticket']) ) \r
+               {\r
+                       return;\r
+               }\r
+               $ticket=Entity::hsc($ticket);\r
+\r
+?><script type="text/javascript">\r
+/*<![CDATA[*/\r
+/* Add tickets for available links (outside blog excluded) */\r
+for (i=0;document.links[i];i++){\r
+  if (document.links[i].href.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0\r
+    && !(document.links[i].href.indexOf('//',0)<0)) continue;\r
+  if ((j=document.links[i].href.indexOf('?',0))<0) continue;\r
+  if (document.links[i].href.indexOf('ticket=',j)>=0) continue;\r
+  document.links[i].href=document.links[i].href.substring(0,j+1)+'ticket=<?php echo $ticket; ?>&'+document.links[i].href.substring(j+1);\r
+}\r
+/* Add tickets for forms (outside blog excluded) */\r
+for (i=0;document.forms[i];i++){\r
+  /* check if ticket is already used */\r
+  for (j=0;document.forms[i].elements[j];j++) {\r
+    if (document.forms[i].elements[j].name=='ticket') {\r
+      j=-1;\r
+      break;\r
+    }\r
+  }\r
+  if (j==-1) continue;\r
+ \r
+  /* check if the modification works */\r
+  try{document.forms[i].innerHTML+='';}catch(e){\r
+    /* Modificaion falied: this sometime happens on IE */\r
+    if (!document.forms[i].action.name && document.forms[i].method.toUpperCase()=="POST") {\r
+      /* <input name="action"/> is not used for POST method*/\r
+      if (document.forms[i].action.indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0\r
+        && !(document.forms[i].action.indexOf('//',0)<0)) continue;\r
+      if (0<(j=document.forms[i].action.indexOf('?',0))) if (0<document.forms[i].action.indexOf('ticket=',j)) continue;\r
+      if (j<0) document.forms[i].action+='?'+'ticket=<?php echo $ticket; ?>';\r
+      else document.forms[i].action+='&'+'ticket=<?php echo $ticket; ?>';\r
+      continue;\r
+    }\r
+    document.write('<?php echo _PLUGINADMIN_TICKETS_JAVASCRIPT ?>');\r
+    j=document.forms[i].outerHTML;\r
+    while (j!=j.replace('<','&lt;')) j=j.replace('<','&lt;');\r
+    document.write('<p>'+j+'</p>');\r
+    continue;\r
+  }\r
+  /* check the action paramer in form tag */\r
+  /* note that <input name="action"/> may be used here */\r
+  j=document.forms[i].innerHTML;\r
+  document.forms[i].innerHTML='';\r
+  if ((document.forms[i].action+'').indexOf('<?php echo $CONF['PluginURL']; ?>',0)<0\r
+      && !((document.forms[i].action+'').indexOf('//',0)<0)) {\r
+    document.forms[i].innerHTML=j;\r
+    continue;\r
+  }\r
+  /* add ticket */\r
+  document.forms[i].innerHTML=j+'<input type="hidden" name="ticket" value="<?php echo $ticket; ?>"/>';\r
+}\r
+/*]]>*/\r
+</script><?php\r
+       return;\r
+       }\r
+}\r
+\r
+=======
 <?php
 
 /*
@@ -165,3 +327,4 @@ for (i=0;document.forms[i];i++){
        }
 }
 
+>>>>>>> skinnable-master