*/\r
private $variables;\r
\r
-\r
+ public $objAdmin;\r
/**\r
* Creates a new PAGEFACTORY object\r
* @param int $blog_id\r
*/\r
- public function __construct($blog_id)\r
+ public function __construct($blog_id, $type = '', $skin = '', $objAdmin = '')\r
{\r
# Call constructor of superclass first\r
parent::__construct();\r
\r
+ if ( $objAdmin )\r
+ {\r
+ $this->objAdmin = $objAdmin;\r
+ }\r
+ else\r
+ {\r
+ $this->objAdmin = new Admin();\r
+ }\r
global $manager;\r
+ $item = false;\r
+ if ( !$blogid && intRequestVar('itemid') && $type == 'itemedit' )\r
+ {\r
+ $itemid = intRequestVar('itemid');\r
+ $blogid = getBlogIDFromItemID($itemid);\r
+ $item =& $manager->getItem($itemid, 1, 1);\r
+ $manager->notify(\r
+ 'PrepareItemForEdit',\r
+ array(\r
+ 'item' => &$item\r
+ )\r
+ );\r
+ }\r
$this->blog =& $manager->getBlog($blog_id);\r
-\r
+ if ( $item && $this->blog->convertBreaks() && $type == 'itemedit' )\r
+ {\r
+ $item['body'] = removeBreaks($item['body']);\r
+ $item['more'] = removeBreaks($item['more']);\r
+ }\r
+ $contents = array();\r
+ if ( $type == 'itemedit' )\r
+ {\r
+ $contents = $item;\r
+ }\r
+ elseif ( $type == 'createitem' )\r
+ {\r
+ $manager->notify(\r
+ 'PreAddItemForm',\r
+ array(\r
+ 'contents' => &$contents,\r
+ 'blog' => &$this->blog\r
+ )\r
+ );\r
+ }\r
+ $this->variables = $contents;\r
+ \r
// TODO: move the definition of actions to the createXForm methods\r
$this->actions = array(\r
- 'actionurl',\r
- 'title',\r
- 'body',\r
- 'more',\r
- 'blogid',\r
- 'bloglink',\r
- 'blogname',\r
- 'authorname',\r
- 'checkedonval',\r
- 'helplink',\r
- 'currenttime',\r
- 'itemtime',\r
- 'init',\r
- 'text',\r
- 'jsinput',\r
- 'jsbuttonbar',\r
- 'categories',\r
- 'contents',\r
- 'ifblogsetting',\r
- 'ifitemproperty',\r
- 'else',\r
- 'endif',\r
- 'pluginextras',\r
- 'itemoptions',\r
- 'extrahead',\r
- 'ticket',\r
- 'autosave',\r
- 'autosaveinfo',\r
- 'ifautosave',\r
- );\r
+ 'actionurl',\r
+ 'title',\r
+ 'body',\r
+ 'more',\r
+ 'blogid',\r
+ 'bloglink',\r
+ 'blogname',\r
+ 'authorname',\r
+ 'checkedonval',\r
+ 'helplink',\r
+ 'currenttime',\r
+ 'itemtime',\r
+ 'init',\r
+ 'text',\r
+ 'jsinput',\r
+ 'jsbuttonbar',\r
+ 'categories',\r
+ 'contents',\r
+ 'ifblogsetting',\r
+ 'ifitemproperty',\r
+ 'else',\r
+ 'endif',\r
+ 'pluginextras',\r
+ 'itemoptions',\r
+ 'extrahead',\r
+ 'ticket',\r
+ 'autosave',\r
+ 'autosaveinfo',\r
+ 'ifautosave',\r
+ );\r
+\r
+ $skinActions = AdminActions::get_allowed_actions_for_type($type);\r
+ $this->actions = array_merge($skinActions, $formActions);\r
+// $adminActions = skinableACTIONS::getDefinedActions();\r
+// $this->actions = array_merge($skinActions, $adminActions, $formActions);\r
\r
# TODO: maybe add 'skin' later on?\r
# TODO: maybe add other pages from admin area\r
- $this->allowed_types = array('bookmarklet', 'admin');\r
+// $this->allowed_types = array('bookmarklet', 'admin');\r
}\r
\r
\r
+/***** The bottom isn't used from here. *****/\r
+\r
/**\r
* Creates an "add item" form for a given type of page\r
* @param string $type - 'admin' or 'bookmarklet'\r
$this->method = 'add';\r
\r
global $manager;\r
- $manager->notify('PreAddItemForm', array('contents' => &$contents, 'blog' => &$this->blog));\r
+ $manager->notify(\r
+ 'PreAddItemForm',\r
+ array(\r
+ 'contents' => &$contents,\r
+ 'blog' => &$this->blog\r
+ )\r
+ );\r
\r
$this->createForm($contents);\r
}\r
\r
\r
if ($extrabuttons) {\r
- $btns = i18n::explode('+',$extrabuttons);\r
+ $btns = preg_split('#\+#',$extrabuttons);\r
$this->_jsbuttonspacer();\r
foreach ($btns as $button) {\r
switch($button) {\r
\r
\r
if ($extrabuttons) {\r
- $btns = i18n::explode('+',$extrabuttons);\r
+ $btns = preg_split('#\+#',$extrabuttons);\r
$this->_jsbuttonspacer();\r
foreach ($btns as $button) {\r
switch($button) {\r
if ( !$parsed )\r
{\r
/* default implementation */\r
- $data = i18n::explode("/", $virtualpath );\r
+ $data = preg_split("#/#", $virtualpath );\r
for ( $i = 0; $i < sizeof($data); $i++ )\r
{\r
switch ( $data[$i] )\r
* @param string $page_type\r
* @param string $charset Deprecated. This has no meaning.\r
*/\r
- function sendContentType($content_type, $page_type = '', $charset = _CHARSET)\r
+ function sendContentType($content_type, $page_type = '', $charset = '')\r
{\r
global $manager, $CONF;\r
- \r
+\r
+ if ( empty($charset) )\r
+ {\r
+ $charset = i18n::get_current_charset();\r
+ }\r
if ( !headers_sent() )\r
{\r
// if content type is application/xhtml+xml, only send it to browsers\r
'PreSendContentType',\r
array(\r
'contentType' => &$content_type,\r
- 'charset' => i18n::get_current_charset(),\r
+ 'charset' => $charset,\r
'pageType' => $page_type\r
)\r
);\r
\r
// strip strange characters\r
$content_type = preg_replace('|[^a-z0-9-+./]|i', '', $content_type);\r
- header('Content-Type: ' . $content_type . '; charset=' . i18n::get_current_charset());\r
+ header('Content-Type: ' . $content_type . '; charset=' . $charset);\r
} // end if\r
\r
}\r
return array();\r
}\r
\r
- $aHighlight = i18n::explode(' ', $query);\r
+ $aHighlight = preg_split('# #', $query);\r
\r
for ( $i = 0; $i < count($aHighlight); $i++ )\r
{\r
}\r
\r
/**\r
- * @param $querystr\r
- * querystring to alter (e.g. foo=1&bar=2&x=y)\r
- * @param $param\r
- * name of parameter to change (e.g. 'foo')\r
- * @param $value\r
- * New value for that parameter (e.g. 3)\r
- * @result\r
- * altered query string (for the examples above: foo=3&bar=2&x=y)\r
+ * alterQueryStr()\r
+ * \r
+ * @param string $querystr querystring to alter (e.g. foo=1&bar=2&x=y)\r
+ * @param string $param name of parameter to change (e.g. 'foo')\r
+ * @param string $value New value for that parameter (e.g. 3)\r
+ * @result string altered query string (for the examples above: foo=3&bar=2&x=y)\r
*/\r
- function alterQueryStr($querystr, $param, $value) {\r
- $vars = i18n::explode('&', $querystr);\r
- $set = false;\r
- \r
- for ($i = 0; $i < count($vars); $i++) {\r
- $v = i18n::explode('=', $vars[$i]);\r
- \r
- if ($v[0] == $param) {\r
- $v[1] = $value;\r
- $vars[$i] = implode('=', $v);\r
- $set = true;\r
- break;\r
- }\r
- }\r
- \r
- if (!$set) {\r
- $vars[] = $param . '=' . $value;\r
- }\r
- \r
- return ltrim(implode('&', $vars), '&');\r
+ function alterQueryStr($querystr, $param, $value)\r
+ {\r
+ $vars = preg_split('#&#', $querystr);\r
+ $set = FALSE;\r
+ \r
+ for ( $i = 0; $i < count($vars); $i++ )\r
+ {\r
+ $v = preg_split('#=#', $vars[$i]);\r
+ \r
+ if ( $v[0] == $param )\r
+ {\r
+ $v[1] = $value;\r
+ $vars[$i] = implode('=', $v);\r
+ $set = true;\r
+ break;\r
+ }\r
+ }\r
+ if ( !$set )\r
+ {\r
+ $vars[] = "{$param}={$value}";\r
+ }\r
+ return ltrim(implode('&', $vars), '&');\r
}\r
\r
// passes one variable as hidden input field (multiple fields for arrays)\r
}\r
\r
/**\r
+ * ticketForPlugin()\r
+ * \r
* Check ticket when not checked in plugin's admin page\r
* to avoid CSRF.\r
* Also avoid the access to plugin/index.php by guest user.\r
// Resolve URI and QUERY_STRING\r
if ($uri = serverVar('REQUEST_URI') )\r
{\r
- list($uri, $qstring) = i18n::explode('?', $uri);\r
+ list($uri, $qstring) = preg_split('#\?#', $uri);\r
}\r
else\r
{\r
\r
/* Create new ticket */\r
$ticket=$manager->addTicketToUrl('');\r
- $ticketforplugin['ticket']=i18n::substr($ticket,i18n::strpos($ticket,'ticket=')+7);\r
+ $ticketforplugin['ticket'] = preg_split($ticket, i18n::strpos($ticket, 'ticket=') + 7);\r
+ return;\r
}\r
\r
function _addInputTags(&$keys,$prefix=''){\r
}\r
\r
/**\r
+ * serverStringToArray()\r
* Convert the server string such as $_SERVER['REQUEST_URI']\r
* to arry like arry['blogid']=1 and array['page']=2 etc.\r
+ * \r
+ * @param string $str string\r
+ * @param string $array \r
+ * @param string $frontParam \r
*/\r
function serverStringToArray($str, &$array, &$frontParam)\r
{\r
- // init param\r
- $array = array();\r
- $frontParam = "";\r
- \r
- // split front param, e.g. /index.php, and others, e.g. blogid=1&page=2\r
- if (strstr($str, "?")){\r
- list($frontParam, $args) = preg_split("/\?/", $str, 2);\r
- }\r
- else {\r
- $args = $str;\r
- $frontParam = "";\r
- }\r
- \r
- // If there is no args like blogid=1&page=2, return\r
- if (!strstr($str, "=") && !i18n::strlen($frontParam)) {\r
- $frontParam = $str;\r
- return;\r
- }\r
- \r
- $array = i18n::explode("&", $args);\r
+ // init param\r
+ $array = array();\r
+ $frontParam = "";\r
+ \r
+ // split front param, e.g. /index.php, and others, e.g. blogid=1&page=2\r
+ if ( i18n::strpos($str, "?") > 0 )\r
+ {\r
+ list($frontParam, $args) = preg_split("#\?#", $str, 2);\r
+ }\r
+ else\r
+ {\r
+ $args = $str;\r
+ $frontParam = "";\r
+ }\r
+ \r
+ // If there is no args like blogid=1&page=2, return\r
+ if ( i18n::strpos($str, "=") == FALSE && !i18n::strlen($frontParam) )\r
+ {\r
+ $frontParam = $str;\r
+ return;\r
+ }\r
+ \r
+ $array = preg_split("#&#", $args);\r
+ return;\r
}\r
\r
/**\r
}\r
\r
/**\r
+ * sanitizeArray()\r
* Sanitize array parameters.\r
* This function checks both key and value.\r
* - check key if it inclues " (double quote), remove from array\r
* - check value if it includes \ (escape sequece), remove remaining string\r
+ * \r
+ * @param array &$array \r
+ * @return void\r
*/\r
function sanitizeArray(&$array)\r
{\r
- $excludeListForSanitization = array('query');\r
- // $excludeListForSanitization = array();\r
- \r
- foreach ($array as $k => $v) {\r
- \r
- // split to key and value\r
- list($key, $val) = preg_split("/=/", $v, 2);\r
- if (!isset($val)) {\r
- continue;\r
- }\r
- \r
- // when magic quotes is on, need to use stripslashes,\r
- // and then addslashes\r
- if (get_magic_quotes_gpc()) {\r
- $val = stripslashes($val);\r
- }\r
+ $excludeListForSanitization = array('query');\r
+ \r
+ foreach ( $array as $k => $v )\r
+ {\r
+ // split to key and value\r
+ list($key, $val) = preg_split("#=#", $v, 2);\r
+ if ( !isset($val) )\r
+ {\r
+ continue;\r
+ }\r
+ \r
+ // when magic quotes is on, need to use stripslashes,\r
+ // and then addslashes\r
+ if ( get_magic_quotes_gpc() )\r
+ {\r
+ $val = stripslashes($val);\r
+ }\r
// note that we must use addslashes here because this function is called before the db connection is made\r
// and sql_real_escape_string needs a db connection\r
- $val = addslashes($val);\r
- \r
- // if $key is included in exclude list, skip this param\r
- if (!in_array($key, $excludeListForSanitization)) {\r
- \r
- // check value\r
- if (i18n::strpos($val, '\\')) {\r
- list($val, $tmp) = i18n::explode('\\', $val);\r
- }\r
- \r
- // remove control code etc.\r
- $val = strtr($val, "\0\r\n<>'\"", " ");\r
- \r
- // check key\r
- if (preg_match('/\"/i', $key)) {\r
- unset($array[$k]);\r
- continue;\r
- }\r
- \r
- // set sanitized info\r
- $array[$k] = sprintf("%s=%s", $key, $val);\r
- }\r
- }\r
+ $val = addslashes($val);\r
+ \r
+ // if $key is included in exclude list, skip this param\r
+ if ( !in_array($key, $excludeListForSanitization) )\r
+ {\r
+ // check value\r
+ if ( i18n::strpos($val, '\\') )\r
+ {\r
+ list($val, $tmp) = preg_split('#\\\\#', $val);\r
+ }\r
+ \r
+ // remove control code etc.\r
+ $val = strtr($val, "\0\r\n<>'\"", " ");\r
+ \r
+ // check key\r
+ if ( preg_match('#\"#', $key) )\r
+ {\r
+ unset($array[$k]);\r
+ continue;\r
+ }\r
+ \r
+ // set sanitized info\r
+ $array[$k] = sprintf("%s=%s", $key, $val);\r
+ }\r
+ }\r
+ return;\r
}\r
\r
/**\r