1
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
317
+ − 5
* Version 1.0.3 (Dyrad)
1
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
class template {
+ − 16
var $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list, $named_theme_list, $default_theme, $default_style, $plugin_blocks, $namespace_string, $style_list, $theme_loaded;
30
+ − 17
+ − 18
/**
+ − 19
* Set to true if the site is disabled and thus a message needs to be shown. This should ONLY be changed by common.php.
+ − 20
* @var bool
+ − 21
* @access private
+ − 22
*/
+ − 23
+ − 24
var $site_disabled = false;
+ − 25
53
+ − 26
/**
+ − 27
* One of the absolute best parts of Enano :-P
+ − 28
* @var string
+ − 29
*/
+ − 30
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
diff
changeset
+ − 31
var $fading_button = '';
53
+ − 32
1
+ − 33
function __construct()
+ − 34
{
+ − 35
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 36
$this->tpl_bool = Array();
+ − 37
$this->tpl_strings = Array();
+ − 38
$this->sidebar_extra = '';
+ − 39
$this->toolbar_menu = '';
+ − 40
$this->additional_headers = '';
+ − 41
$this->plugin_blocks = Array();
+ − 42
$this->theme_loaded = false;
+ − 43
201
+ − 44
$this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto 5px auto;">
87
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
diff
changeset
+ − 45
<a href="http://enanocms.org/" onclick="window.open(this.href); return false;"><img style="border-width: 0;" alt=" " src="'.scriptPath.'/images/about-powered-enano.png" onmouseover="domOpacity(this, 100, 0, 500);" onmouseout="domOpacity(this, 0, 100, 500);" /></a>
570f68c3fe36
Redid stupid fading button code and fixed several RC2 bugs in the upgrade schema; 1.0.1 release candidate
Dan
diff
changeset
+ − 46
</div>';
54
84b56303cab5
Bugfixes: Login system properly handles blank password situation (returns ""); fading button now works right with relative URLs
Dan
diff
changeset
+ − 47
1
+ − 48
$this->theme_list = Array();
+ − 49
$this->named_theme_list = Array();
+ − 50
$e = $db->sql_query('SELECT theme_id,theme_name,enabled,default_style FROM '.table_prefix.'themes WHERE enabled=1 ORDER BY theme_order;');
+ − 51
if(!$e) $db->_die('The list of themes could not be selected.');
+ − 52
for($i=0;$i < $db->numrows(); $i++)
+ − 53
{
+ − 54
$this->theme_list[$i] = $db->fetchrow();
+ − 55
$this->named_theme_list[$this->theme_list[$i]['theme_id']] = $this->theme_list[$i];
+ − 56
}
+ − 57
$db->free_result();
+ − 58
$this->default_theme = $this->theme_list[0]['theme_id'];
+ − 59
$dir = ENANO_ROOT.'/themes/'.$this->default_theme.'/css/';
+ − 60
$list = Array();
+ − 61
// Open a known directory, and proceed to read its contents
+ − 62
if (is_dir($dir)) {
+ − 63
if ($dh = opendir($dir)) {
+ − 64
while (($file = readdir($dh)) !== false) {
+ − 65
if(preg_match('#^(.*?)\.css$#i', $file) && $file != '_printable.css') {
+ − 66
$list[] = substr($file, 0, strlen($file)-4);
+ − 67
}
+ − 68
}
+ − 69
closedir($dh);
+ − 70
}
+ − 71
}
+ − 72
+ − 73
$def = ENANO_ROOT.'/themes/'.$this->default_theme.'/css/'.$this->named_theme_list[$this->default_theme]['default_style'];
+ − 74
if(file_exists($def))
+ − 75
{
+ − 76
$this->default_style = substr($this->named_theme_list[$this->default_theme]['default_style'], 0, strlen($this->named_theme_list[$this->default_theme]['default_style'])-4);
+ − 77
} else {
+ − 78
$this->default_style = $list[0];
+ − 79
}
+ − 80
+ − 81
$this->style_list = $list;
+ − 82
+ − 83
}
+ − 84
function sidebar_widget($t, $h)
+ − 85
{
+ − 86
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 87
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 88
{
+ − 89
$this->load_theme($session->theme, $session->style);
+ − 90
}
+ − 91
if(!$this->sidebar_widgets)
+ − 92
$this->sidebar_widgets = '';
+ − 93
$tplvars = $this->extract_vars('elements.tpl');
+ − 94
$parser = $this->makeParserText($tplvars['sidebar_section_raw']);
+ − 95
$parser->assign_vars(Array('TITLE'=>$t,'CONTENT'=>$h));
+ − 96
$this->plugin_blocks[$t] = $h;
+ − 97
$this->sidebar_widgets .= $parser->run();
+ − 98
}
+ − 99
function add_header($html)
+ − 100
{
+ − 101
$this->additional_headers .= "\n" . $html;
+ − 102
}
+ − 103
function get_css($s = false)
+ − 104
{
+ − 105
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 106
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 107
$this->load_theme($session->theme, $session->style);
+ − 108
$path = ( $s ) ? 'css/'.$s : 'css/'.$this->style.'.css';
+ − 109
if ( !file_exists(ENANO_ROOT . '/themes/' . $this->theme . '/' . $path) )
+ − 110
{
+ − 111
echo "/* WARNING: Falling back to default file because file $path does not exist */\n";
+ − 112
$path = 'css/' . $this->style_list[0] . '.css';
+ − 113
}
+ − 114
return $this->process_template($path);
+ − 115
}
+ − 116
function load_theme($name = false, $css = false)
+ − 117
{
+ − 118
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 119
$this->theme = ( $name ) ? $name : $session->theme;
+ − 120
$this->style = ( $css ) ? $css : $session->style;
+ − 121
if ( !$this->theme )
+ − 122
{
+ − 123
$this->theme = $this->theme_list[0]['theme_id'];
+ − 124
$this->style = substr($this->theme_list[0]['default_style'], 0, strlen($this->theme_list[0]['default_style'])-4);
+ − 125
}
+ − 126
$this->theme_loaded = true;
+ − 127
}
+ − 128
+ − 129
function init_vars()
+ − 130
{
+ − 131
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 132
global $email;
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 133
global $lang;
1
+ − 134
+ − 135
if(!$this->theme || !$this->style)
+ − 136
{
+ − 137
$this->load_theme();
+ − 138
}
+ − 139
+ − 140
if(defined('ENANO_TEMPLATE_LOADED'))
+ − 141
{
+ − 142
die_semicritical('Illegal call', '<p>$template->load_theme was called multiple times, this is not supposed to happen. Exiting with fatal error.</p>');
+ − 143
}
+ − 144
+ − 145
define('ENANO_TEMPLATE_LOADED', '');
+ − 146
+ − 147
$tplvars = $this->extract_vars('elements.tpl');
+ − 148
+ − 149
if(isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE'))
+ − 150
{
+ − 151
$this->add_header('
+ − 152
<!--[if lt IE 7]>
+ − 153
<script language="JavaScript">
+ − 154
function correctPNG() // correctly handle PNG transparency in Win IE 5.5 & 6.
+ − 155
{
86
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 156
var arVersion = navigator.appVersion.split("MSIE");
c162ca39db8f
Finished pagination code (was incomplete in previous revision) and added a few hacks for an upcoming theme
Dan
diff
changeset
+ − 157
var version = parseFloat(arVersion[1]);
1
+ − 158
if (version >= 5.5 && typeof(document.body.filters) == "object")
+ − 159
{
+ − 160
for(var i=0; i<document.images.length; i++)
+ − 161
{
+ − 162
var img = document.images[i];
+ − 163
continue;
+ − 164
var imgName = img.src.toUpperCase();
+ − 165
if (imgName.substring(imgName.length-3, imgName.length) == "PNG")
+ − 166
{
+ − 167
var imgID = (img.id) ? "id=\'" + img.id + "\' " : "";
+ − 168
var imgClass = (img.className) ? "class=\'" + img.className + "\' " : "";
+ − 169
var imgTitle = (img.title) ? "title=\'" + img.title + "\' " : "title=\'" + img.alt + "\' ";
+ − 170
var imgStyle = "display:inline-block;" + img.style.cssText;
+ − 171
if (img.align == "left") imgStyle = "float:left;" + imgStyle;
+ − 172
if (img.align == "right") imgStyle = "float:right;" + imgStyle;
+ − 173
if (img.parentElement.href) imgStyle = "cursor:hand;" + imgStyle;
+ − 174
var strNewHTML = "<span " + imgID + imgClass + imgTitle + " style=\\"" + "width:" + img.width + "px; height:" + img.height + "px;" + imgStyle + ";" + "filter:progid:DXImageTransform.Microsoft.AlphaImageLoader" + "(src=\\\'" + img.src + "\\\', sizingMethod=\'scale\');\\"></span>";
+ − 175
img.outerHTML = strNewHTML;
+ − 176
i = i-1;
+ − 177
}
+ − 178
}
+ − 179
}
+ − 180
}
+ − 181
window.attachEvent("onload", correctPNG);
+ − 182
</script>
+ − 183
<![endif]-->
+ − 184
');
+ − 185
}
+ − 186
+ − 187
// Get the "article" button text (depends on namespace)
+ − 188
switch($paths->namespace) {
+ − 189
case "Article":
+ − 190
default:
211
+ − 191
$ns = $lang->get('onpage_lbl_page_article');
1
+ − 192
break;
+ − 193
case "Admin":
211
+ − 194
$ns = $lang->get('onpage_lbl_page_admin');
1
+ − 195
break;
+ − 196
case "System":
211
+ − 197
$ns = $lang->get('onpage_lbl_page_system');
1
+ − 198
break;
+ − 199
case "File":
211
+ − 200
$ns = $lang->get('onpage_lbl_page_file');
1
+ − 201
break;
+ − 202
case "Help":
211
+ − 203
$ns = $lang->get('onpage_lbl_page_help');
1
+ − 204
break;
+ − 205
case "User":
211
+ − 206
$ns = $lang->get('onpage_lbl_page_user');
1
+ − 207
break;
+ − 208
case "Special":
211
+ − 209
$ns = $lang->get('onpage_lbl_page_special');
1
+ − 210
break;
+ − 211
case "Template":
211
+ − 212
$ns = $lang->get('onpage_lbl_page_template');
1
+ − 213
break;
+ − 214
case "Project":
211
+ − 215
$ns = $lang->get('onpage_lbl_page_project');
1
+ − 216
break;
+ − 217
case "Category":
211
+ − 218
$ns = $lang->get('onpage_lbl_page_category');
1
+ − 219
break;
312
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 220
case "Anonymous":
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 221
$ns = 'external page';
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 222
break;
1
+ − 223
}
+ − 224
$this->namespace_string = $ns;
211
+ − 225
unset($ns);
1
+ − 226
$code = $plugins->setHook('page_type_string_set');
+ − 227
foreach ( $code as $cmd )
+ − 228
{
+ − 229
eval($cmd);
+ − 230
}
+ − 231
$ns =& $this->namespace_string;
+ − 232
+ − 233
// Initialize the toolbar
+ − 234
$tb = '';
+ − 235
+ − 236
// Create "xx page" button
+ − 237
+ − 238
$btn_selected = ( isset($tplvars['toolbar_button_selected'])) ? $tplvars['toolbar_button_selected'] : $tplvars['toolbar_button'];
+ − 239
$parser = $this->makeParserText($btn_selected);
+ − 240
312
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 241
if ( true || !$paths->anonymous_page )
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 242
{
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 243
$parser->assign_vars(array(
313
+ − 244
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxReset()); return false; }" title="' . $lang->get('onpage_tip_article') . '" accesskey="a"',
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 245
'PARENTFLAGS' => 'id="mdgToolbar_article"',
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 246
'HREF' => makeUrl($paths->page, null, true),
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 247
'TEXT' => $this->namespace_string
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 248
));
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 249
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 250
$tb .= $parser->run();
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 251
}
1
+ − 252
+ − 253
$button = $this->makeParserText($tplvars['toolbar_button']);
+ − 254
+ − 255
// Page toolbar
+ − 256
// Comments button
+ − 257
if ( $session->get_permissions('read') && getConfig('enable_comments')=='1' && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $paths->cpage['comments_on'] == 1 )
+ − 258
{
+ − 259
322
+ − 260
$e = $db->sql_query('SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$paths->page_id.'\' AND namespace=\''.$paths->namespace.'\';');
1
+ − 261
if ( !$e )
+ − 262
{
+ − 263
$db->_die();
+ − 264
}
+ − 265
$nc = $db->numrows();
+ − 266
$nu = 0;
+ − 267
$na = 0;
+ − 268
+ − 269
while ( $r = $db->fetchrow() )
+ − 270
{
+ − 271
if ( !$r['approved'] )
+ − 272
{
+ − 273
$nu++;
+ − 274
}
+ − 275
else
+ − 276
{
+ − 277
$na++;
+ − 278
}
+ − 279
}
+ − 280
+ − 281
$db->free_result();
+ − 282
$n = ( $session->get_permissions('mod_comments') ) ? (string)$nc : (string)$na;
+ − 283
if ( $session->get_permissions('mod_comments') && $nu > 0 )
+ − 284
{
211
+ − 285
$subst = array(
+ − 286
'num_comments' => $nc,
+ − 287
'num_unapp' => $nu
+ − 288
);
+ − 289
$btn_text = $lang->get('onpage_btn_discussion_unapp', $subst);
+ − 290
}
+ − 291
else
+ − 292
{
+ − 293
$subst = array(
+ − 294
'num_comments' => $nc
+ − 295
);
+ − 296
$btn_text = $lang->get('onpage_btn_discussion', $subst);
1
+ − 297
}
+ − 298
+ − 299
$button->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 300
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxComments()); return false; }" title="' . $lang->get('onpage_tip_comments') . '" accesskey="c"',
1
+ − 301
'PARENTFLAGS' => 'id="mdgToolbar_discussion"',
+ − 302
'HREF' => makeUrl($paths->page, 'do=comments', true),
211
+ − 303
'TEXT' => $btn_text,
1
+ − 304
));
+ − 305
+ − 306
$tb .= $button->run();
+ − 307
}
+ − 308
// Edit button
349
fdaf9070566c
More progress on the installer. At this point it can install and import the language, but does not rename config files. Still much work to be done, most notably localization and creation of MySQL users and databases.
Dan
diff
changeset
+ − 309
if($session->get_permissions('read') && ($paths->namespace != 'Special' && $paths->namespace != 'Admin' && $paths->namespace != 'Anonymous') && ( $session->get_permissions('edit_page') && ( ( $paths->page_protected && $session->get_permissions('even_when_protected') ) || !$paths->page_protected ) ) )
1
+ − 310
{
+ − 311
$button->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 312
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxEditor()); return false; }" title="' . $lang->get('onpage_tip_edit') . '" accesskey="e"',
1
+ − 313
'PARENTFLAGS' => 'id="mdgToolbar_edit"',
+ − 314
'HREF' => makeUrl($paths->page, 'do=edit', true),
211
+ − 315
'TEXT' => $lang->get('onpage_btn_edit')
1
+ − 316
));
+ − 317
$tb .= $button->run();
+ − 318
// View source button
+ − 319
}
349
fdaf9070566c
More progress on the installer. At this point it can install and import the language, but does not rename config files. Still much work to be done, most notably localization and creation of MySQL users and databases.
Dan
diff
changeset
+ − 320
else if($session->get_permissions('view_source') && ( !$session->get_permissions('edit_page') || !$session->get_permissions('even_when_protected') && $paths->page_protected ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $paths->namespace != 'Anonymous')
1
+ − 321
{
+ − 322
$button->assign_vars(array(
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 323
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxEditor()); return false; }" title="' . $lang->get('onpage_tip_viewsource') . '" accesskey="e"',
1
+ − 324
'PARENTFLAGS' => 'id="mdgToolbar_edit"',
+ − 325
'HREF' => makeUrl($paths->page, 'do=viewsource', true),
211
+ − 326
'TEXT' => $lang->get('onpage_btn_viewsource')
1
+ − 327
));
+ − 328
$tb .= $button->run();
+ − 329
}
+ − 330
// History button
+ − 331
if ( $session->get_permissions('read') /* && $paths->wiki_mode */ && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('history_view') )
+ − 332
{
+ − 333
$button->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 334
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxHistory()); return false; }" title="' . $lang->get('onpage_tip_history') . '" accesskey="h"',
1
+ − 335
'PARENTFLAGS' => 'id="mdgToolbar_history"',
+ − 336
'HREF' => makeUrl($paths->page, 'do=history', true),
211
+ − 337
'TEXT' => $lang->get('onpage_btn_history')
1
+ − 338
));
+ − 339
$tb .= $button->run();
+ − 340
}
+ − 341
+ − 342
$menubtn = $this->makeParserText($tplvars['toolbar_menu_button']);
+ − 343
+ − 344
// Additional actions menu
+ − 345
// Rename button
+ − 346
if ( $session->get_permissions('read') && $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 347
{
+ − 348
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 349
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxRename()); return false; }" title="' . $lang->get('onpage_tip_rename') . '" accesskey="r"',
1
+ − 350
'HREF' => makeUrl($paths->page, 'do=rename', true),
211
+ − 351
'TEXT' => $lang->get('onpage_btn_rename'),
1
+ − 352
));
+ − 353
$this->toolbar_menu .= $menubtn->run();
+ − 354
}
+ − 355
+ − 356
// Vote-to-delete button
+ − 357
if ( $paths->wiki_mode && $session->get_permissions('vote_delete') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin')
+ − 358
{
+ − 359
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 360
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDelVote()); return false; }" title="' . $lang->get('onpage_tip_delvote') . '" accesskey="d"',
1
+ − 361
'HREF' => makeUrl($paths->page, 'do=delvote', true),
211
+ − 362
'TEXT' => $lang->get('onpage_btn_votedelete'),
1
+ − 363
));
+ − 364
$this->toolbar_menu .= $menubtn->run();
+ − 365
}
+ − 366
+ − 367
// Clear-votes button
+ − 368
if ( $session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0)
+ − 369
{
+ − 370
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 371
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxResetDelVotes()); return false; }" title="' . $lang->get('onpage_tip_resetvotes') . '" accesskey="y"',
1
+ − 372
'HREF' => makeUrl($paths->page, 'do=resetvotes', true),
211
+ − 373
'TEXT' => $lang->get('onpage_btn_votedelete_reset'),
1
+ − 374
));
+ − 375
$this->toolbar_menu .= $menubtn->run();
+ − 376
}
+ − 377
+ − 378
// Printable page button
+ − 379
if ( $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 380
{
+ − 381
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 382
'FLAGS' => 'title="' . $lang->get('onpage_tip_printable') . '"',
1
+ − 383
'HREF' => makeUrl($paths->page, 'printable=yes', true),
211
+ − 384
'TEXT' => $lang->get('onpage_btn_printable'),
1
+ − 385
));
+ − 386
$this->toolbar_menu .= $menubtn->run();
+ − 387
}
+ − 388
+ − 389
// Protect button
+ − 390
if($session->get_permissions('read') && $paths->wiki_mode && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' && $session->get_permissions('protect'))
+ − 391
{
+ − 392
+ − 393
$label = $this->makeParserText($tplvars['toolbar_label']);
211
+ − 394
$label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_protect')));
1
+ − 395
$t0 = $label->run();
+ − 396
+ − 397
$ctmp = '';
+ − 398
if ( $paths->cpage['protected'] == 1 )
+ − 399
{
+ − 400
$ctmp=' style="text-decoration: underline;"';
+ − 401
}
+ − 402
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 403
'FLAGS' => 'accesskey="i" onclick="if ( !KILL_SWITCH ) { ajaxProtect(1); return false; }" id="protbtn_1" title="' . $lang->get('onpage_tip_protect_on') . '"'.$ctmp,
1
+ − 404
'HREF' => makeUrl($paths->page, 'do=protect&level=1', true),
211
+ − 405
'TEXT' => $lang->get('onpage_btn_protect_on')
1
+ − 406
));
+ − 407
$t1 = $menubtn->run();
+ − 408
+ − 409
$ctmp = '';
+ − 410
if ( $paths->cpage['protected'] == 0 )
+ − 411
{
+ − 412
$ctmp=' style="text-decoration: underline;"';
+ − 413
}
+ − 414
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 415
'FLAGS' => 'accesskey="o" onclick="if ( !KILL_SWITCH ) { ajaxProtect(0); return false; }" id="protbtn_0" title="' . $lang->get('onpage_tip_protect_off') . '"'.$ctmp,
1
+ − 416
'HREF' => makeUrl($paths->page, 'do=protect&level=0', true),
211
+ − 417
'TEXT' => $lang->get('onpage_btn_protect_off')
1
+ − 418
));
+ − 419
$t2 = $menubtn->run();
+ − 420
+ − 421
$ctmp = '';
+ − 422
if ( $paths->cpage['protected'] == 2 )
+ − 423
{
+ − 424
$ctmp = ' style="text-decoration: underline;"';
+ − 425
}
+ − 426
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 427
'FLAGS' => 'accesskey="p" onclick="if ( !KILL_SWITCH ) { ajaxProtect(2); return false; }" id="protbtn_2" title="' . $lang->get('onpage_tip_protect_semi') . '"'.$ctmp,
1
+ − 428
'HREF' => makeUrl($paths->page, 'do=protect&level=2', true),
211
+ − 429
'TEXT' => $lang->get('onpage_btn_protect_semi')
1
+ − 430
));
+ − 431
$t3 = $menubtn->run();
+ − 432
+ − 433
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0">
+ − 434
<tr>
+ − 435
<td>'.$t0.'</td>
+ − 436
<td>'.$t1.'</td>
+ − 437
<td>'.$t2.'</td>
+ − 438
<td>'.$t3.'</td>
+ − 439
</tr>
+ − 440
</table>';
+ − 441
}
+ − 442
+ − 443
// Wiki mode button
+ − 444
if($session->get_permissions('read') && $paths->page_exists && $session->get_permissions('set_wiki_mode') && $paths->namespace != 'Special' && $paths->namespace != 'Admin')
+ − 445
{
+ − 446
// label at start
+ − 447
$label = $this->makeParserText($tplvars['toolbar_label']);
211
+ − 448
$label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_wikimode')));
1
+ − 449
$t0 = $label->run();
+ − 450
+ − 451
// on button
+ − 452
$ctmp = '';
+ − 453
if ( $paths->cpage['wiki_mode'] == 1 )
+ − 454
{
+ − 455
$ctmp = ' style="text-decoration: underline;"';
+ − 456
}
+ − 457
$menubtn->assign_vars(array(
102
+ − 458
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(1); return false; }" id="wikibtn_1" title="Forces wiki functions to be allowed on this page."'. */ $ctmp,
1
+ − 459
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=1', true),
211
+ − 460
'TEXT' => $lang->get('onpage_btn_wikimode_on')
1
+ − 461
));
+ − 462
$t1 = $menubtn->run();
+ − 463
+ − 464
// off button
+ − 465
$ctmp = '';
+ − 466
if ( $paths->cpage['wiki_mode'] == 0 )
+ − 467
{
+ − 468
$ctmp=' style="text-decoration: underline;"';
+ − 469
}
+ − 470
$menubtn->assign_vars(array(
102
+ − 471
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(0); return false; }" id="wikibtn_0" title="Forces wiki functions to be disabled on this page."'. */ $ctmp,
1
+ − 472
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=0', true),
211
+ − 473
'TEXT' => $lang->get('onpage_btn_wikimode_off')
1
+ − 474
));
+ − 475
$t2 = $menubtn->run();
+ − 476
+ − 477
// global button
+ − 478
$ctmp = '';
+ − 479
if ( $paths->cpage['wiki_mode'] == 2 )
+ − 480
{
+ − 481
$ctmp=' style="text-decoration: underline;"';
+ − 482
}
+ − 483
$menubtn->assign_vars(array(
102
+ − 484
'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(2); return false; }" id="wikibtn_2" title="Causes this page to use the global wiki mode setting (default)"'. */ $ctmp,
1
+ − 485
'HREF' => makeUrl($paths->page, 'do=setwikimode&level=2', true),
211
+ − 486
'TEXT' => $lang->get('onpage_btn_wikimode_global')
1
+ − 487
));
+ − 488
$t3 = $menubtn->run();
+ − 489
+ − 490
// Tack it onto the list of buttons that are already there...
+ − 491
$this->toolbar_menu .= ' <table border="0" cellspacing="0" cellpadding="0">
+ − 492
<tr>
+ − 493
<td>'.$t0.'</td>
+ − 494
<td>'.$t1.'</td>
+ − 495
<td>'.$t2.'</td>
+ − 496
<td>'.$t3.'</td>
+ − 497
</tr>
+ − 498
</table>';
+ − 499
}
+ − 500
+ − 501
// Clear logs button
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 502
if ( $session->get_permissions('read') && $session->get_permissions('clear_logs') && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
1
+ − 503
{
+ − 504
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 505
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxClearLogs()); return false; }" title="' . $lang->get('onpage_tip_flushlogs') . '" accesskey="l"',
1
+ − 506
'HREF' => makeUrl($paths->page, 'do=flushlogs', true),
211
+ − 507
'TEXT' => $lang->get('onpage_btn_clearlogs'),
1
+ − 508
));
+ − 509
$this->toolbar_menu .= $menubtn->run();
+ − 510
}
+ − 511
+ − 512
// Delete page button
+ − 513
if ( $session->get_permissions('read') && $session->get_permissions('delete_page') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 514
{
211
+ − 515
$s = $lang->get('onpage_btn_deletepage');
1
+ − 516
if ( $paths->cpage['delvotes'] == 1 )
+ − 517
{
211
+ − 518
$subst = array(
+ − 519
'num_votes' => $paths->cpage['delvotes'],
+ − 520
'plural' => ''
+ − 521
);
+ − 522
$s .= $lang->get('onpage_btn_deletepage_votes', $subst);
1
+ − 523
}
+ − 524
else if ( $paths->cpage['delvotes'] > 1 )
+ − 525
{
211
+ − 526
$subst = array(
+ − 527
'num_votes' => $paths->cpage['delvotes'],
+ − 528
'plural' => $lang->get('meta_plural')
+ − 529
);
+ − 530
$s .= $lang->get('onpage_btn_deletepage_votes', $subst);
1
+ − 531
}
+ − 532
+ − 533
$menubtn->assign_vars(array(
314
+ − 534
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDeletePage()); return false; }" title="' . $lang->get('onpage_tip_deletepage') . '" accesskey="k"',
1
+ − 535
'HREF' => makeUrl($paths->page, 'do=deletepage', true),
+ − 536
'TEXT' => $s,
+ − 537
));
+ − 538
$this->toolbar_menu .= $menubtn->run();
+ − 539
+ − 540
}
+ − 541
+ − 542
// Password-protect button
+ − 543
if(isset($paths->cpage['password']))
+ − 544
{
+ − 545
if ( $paths->cpage['password'] == '' )
+ − 546
{
+ − 547
$a = $session->get_permissions('password_set');
+ − 548
}
+ − 549
else
+ − 550
{
+ − 551
$a = $session->get_permissions('password_reset');
+ − 552
}
+ − 553
}
+ − 554
else
+ − 555
{
+ − 556
$a = $session->get_permissions('password_set');
+ − 557
}
+ − 558
if ( $a && $session->get_permissions('read') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 559
{
+ − 560
// label at start
+ − 561
$label = $this->makeParserText($tplvars['toolbar_label']);
211
+ − 562
$label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_password')));
1
+ − 563
$t0 = $label->run();
+ − 564
+ − 565
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 566
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxSetPassword()); return false; }" title="' . $lang->get('onpage_tip_password') . '"',
1
+ − 567
'HREF' => '#',
211
+ − 568
'TEXT' => $lang->get('onpage_btn_password_set'),
1
+ − 569
));
+ − 570
$t = $menubtn->run();
+ − 571
+ − 572
$this->toolbar_menu .= '<table border="0" cellspacing="0" cellpadding="0"><tr><td>'.$t0.'</td><td><input type="password" id="mdgPassSetField" size="10" /></td><td>'.$t.'</td></tr></table>';
+ − 573
}
+ − 574
+ − 575
// Manage ACLs button
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 576
if ( !$paths->anonymous_page && ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN ) )
1
+ − 577
{
+ − 578
$menubtn->assign_vars(array(
265
7e0cdf71b1bb
Some (not much) progress with localizing tooltips on the pagebar. Still aways to go and committing so as to merge changes from stable
Dan
diff
changeset
+ − 579
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { return ajaxOpenACLManager(); }" title="' . $lang->get('onpage_tip_aclmanager') . '" accesskey="m"',
1
+ − 580
'HREF' => makeUrl($paths->page, 'do=aclmanager', true),
211
+ − 581
'TEXT' => $lang->get('onpage_btn_acl'),
1
+ − 582
));
+ − 583
$this->toolbar_menu .= $menubtn->run();
+ − 584
}
+ − 585
+ − 586
// Administer page button
+ − 587
if ( $session->user_level >= USER_LEVEL_ADMIN && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 588
{
+ − 589
$menubtn->assign_vars(array(
314
+ − 590
'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxAdminPage()); return false; }" title="' . $lang->get('onpage_tip_adminoptions') . '" accesskey="g"',
1
+ − 591
'HREF' => makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'PageManager', true),
211
+ − 592
'TEXT' => $lang->get('onpage_btn_admin'),
1
+ − 593
));
+ − 594
$this->toolbar_menu .= $menubtn->run();
+ − 595
}
+ − 596
+ − 597
if ( strlen($this->toolbar_menu) > 0 )
+ − 598
{
+ − 599
$button->assign_vars(array(
314
+ − 600
'FLAGS' => 'id="mdgToolbar_moreoptions" onclick="if ( !KILL_SWITCH ) { return false; }" title="' . $lang->get('onpage_tip_moreoptions') . '"',
1
+ − 601
'PARENTFLAGS' => '',
+ − 602
'HREF' => makeUrl($paths->page, 'do=moreoptions', true),
211
+ − 603
'TEXT' => $lang->get('onpage_btn_moreoptions')
1
+ − 604
));
+ − 605
$tb .= $button->run();
+ − 606
}
+ − 607
+ − 608
$is_opera = (isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'Opera')) ? true : false;
+ − 609
+ − 610
$this->tpl_bool = Array(
+ − 611
'auth_admin'=>$session->user_level >= USER_LEVEL_ADMIN ? true : false,
+ − 612
'user_logged_in'=>$session->user_logged_in,
+ − 613
'opera'=>$is_opera,
+ − 614
);
+ − 615
+ − 616
if($session->sid_super) { $ash = '&auth='.$session->sid_super; $asq = "?auth=".$session->sid_super; $asa = "&auth=".$session->sid_super; $as2 = htmlspecialchars(urlSeparator).'auth='.$session->sid_super; }
+ − 617
else { $asq=''; $asa=''; $as2 = ''; $ash = ''; }
+ − 618
+ − 619
$code = $plugins->setHook('compile_template');
+ − 620
foreach ( $code as $cmd )
+ − 621
{
+ − 622
eval($cmd);
+ − 623
}
+ − 624
+ − 625
// Some additional sidebar processing
+ − 626
if($this->sidebar_extra != '') {
+ − 627
$se = $this->sidebar_extra;
+ − 628
$parser = $this->makeParserText($tplvars['sidebar_section_raw']);
+ − 629
$parser->assign_vars(Array('TITLE'=>'Links','CONTENT'=>$se));
+ − 630
$this->sidebar_extra = $parser->run();
+ − 631
}
+ − 632
+ − 633
$this->sidebar_extra = $this->sidebar_extra.$this->sidebar_widgets;
+ − 634
+ − 635
$this->tpl_bool['fixed_menus'] = false;
+ − 636
/* if($this->sidebar_extra == '') $this->tpl_bool['right_sidebar'] = false;
+ − 637
else */ $this->tpl_bool['right_sidebar'] = true;
+ − 638
+ − 639
$this->tpl_bool['auth_rename'] = ( $paths->page_exists && ( $session->get_permissions('rename') && ( $paths->page_protected && $session->get_permissions('even_when_protected') || !$paths->page_protected ) ) && $paths->namespace != 'Special' && $paths->namespace != 'Admin');
+ − 640
+ − 641
$this->tpl_bool['enable_uploads'] = ( getConfig('enable_uploads') == '1' && $session->get_permissions('upload_files') ) ? true : false;
+ − 642
+ − 643
$this->tpl_bool['stupid_mode'] = false;
+ − 644
322
+ − 645
$this->tpl_bool['in_admin'] = ( ( $paths->page_id == 'Administration' && $paths->namespace == 'Special' ) || $paths->namespace == 'Admin' );
1
+ − 646
+ − 647
$p = ( isset($_GET['printable']) ) ? '/printable' : '';
+ − 648
+ − 649
// Add the e-mail address client code to the header
+ − 650
$this->add_header($email->jscode());
+ − 651
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 652
// Add language file
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 653
$lang_uri = makeUrlNS('Special', 'LangExportJSON/' . $lang->lang_id, false, true);
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 654
$this->add_header("<script type=\"text/javascript\" src=\"$lang_uri\"></script>");
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 655
1
+ − 656
// Generate the code for the Log out and Change theme sidebar buttons
+ − 657
// Once again, the new template parsing system can be used here
+ − 658
+ − 659
$parser = $this->makeParserText($tplvars['sidebar_button']);
+ − 660
+ − 661
$parser->assign_vars(Array(
+ − 662
'HREF'=>makeUrlNS('Special', 'Logout'),
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 663
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"',
215
+ − 664
'TEXT'=>$lang->get('sidebar_btn_logout'),
1
+ − 665
));
+ − 666
+ − 667
$logout_link = $parser->run();
+ − 668
+ − 669
$parser->assign_vars(Array(
+ − 670
'HREF'=>makeUrlNS('Special', 'Login/' . $paths->page),
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 671
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxStartLogin(); return false; }"',
215
+ − 672
'TEXT'=>$lang->get('sidebar_btn_login'),
1
+ − 673
));
+ − 674
+ − 675
$login_link = $parser->run();
+ − 676
+ − 677
$parser->assign_vars(Array(
+ − 678
'HREF'=>makeUrlNS('Special', 'ChangeStyle/'.$paths->page),
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 679
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxChangeStyle(); return false; }"',
215
+ − 680
'TEXT'=>$lang->get('sidebar_btn_changestyle'),
1
+ − 681
));
+ − 682
+ − 683
$theme_link = $parser->run();
+ − 684
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 685
$parser->assign_vars(Array(
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 686
'HREF'=>makeUrlNS('Special', 'Administration'),
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 687
'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { void(ajaxStartAdminLogin()); return false; }"',
215
+ − 688
'TEXT'=>$lang->get('sidebar_btn_administration'),
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 689
));
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 690
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 691
$admin_link = $parser->run();
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 692
1
+ − 693
$SID = ($session->sid_super) ? $session->sid_super : '';
+ − 694
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 695
$urlname_clean = str_replace('\'', '\\\'', str_replace('\\', '\\\\', dirtify_page_id($paths->fullpage)));
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 696
$urlname_clean = strtr( $urlname_clean, array( '<' => '<', '>' => '>' ) );
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 697
22
+ − 698
$urlname_jssafe = sanitize_page_id($paths->fullpage);
+ − 699
1
+ − 700
// Generate the dynamic javascript vars
+ − 701
$js_dynamic = ' <script type="text/javascript">// <![CDATA[
+ − 702
// This section defines some basic and very important variables that are used later in the static Javascript library.
+ − 703
// SKIN DEVELOPERS: The template variable for this code block is {JS_DYNAMIC_VARS}. This MUST be inserted BEFORE the tag that links to the main Javascript lib.
22
+ − 704
var title=\''. $urlname_jssafe .'\';
1
+ − 705
var page_exists='. ( ( $paths->page_exists) ? 'true' : 'false' ) .';
+ − 706
var scriptPath=\''. scriptPath .'\';
+ − 707
var contentPath=\''.contentPath.'\';
+ − 708
var ENANO_SID =\'' . $SID . '\';
+ − 709
var auth_level=' . $session->auth_level . ';
+ − 710
var USER_LEVEL_GUEST = ' . USER_LEVEL_GUEST . ';
+ − 711
var USER_LEVEL_MEMBER = ' . USER_LEVEL_MEMBER . ';
+ − 712
var USER_LEVEL_CHPREF = ' . USER_LEVEL_CHPREF . ';
+ − 713
var USER_LEVEL_MOD = ' . USER_LEVEL_MOD . ';
+ − 714
var USER_LEVEL_ADMIN = ' . USER_LEVEL_ADMIN . ';
+ − 715
var editNotice = \'' . ( (getConfig('wiki_edit_notice')=='1') ? str_replace("\n", "\\\n", RenderMan::render(getConfig('wiki_edit_notice_text'))) : '' ) . '\';
+ − 716
var prot = ' . ( ($paths->page_protected && !$session->get_permissions('even_when_protected')) ? 'true' : 'false' ) .'; // No, hacking this var won\'t work, it\'s re-checked on the server
+ − 717
var ENANO_SPECIAL_CREATEPAGE = \''. makeUrl($paths->nslist['Special'].'CreatePage') .'\';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 718
var ENANO_CREATEPAGE_PARAMS = \'_do=&pagename='. $urlname_clean .'&namespace=' . $paths->namespace . '\';
1
+ − 719
var ENANO_SPECIAL_CHANGESTYLE = \''. makeUrlNS('Special', 'ChangeStyle') .'\';
+ − 720
var namespace_list = new Array();
+ − 721
var AES_BITS = '.AES_BITS.';
+ − 722
var AES_BLOCKSIZE = '.AES_BLOCKSIZE.';
+ − 723
var pagepass = \''. ( ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '' ) .'\';
+ − 724
var ENANO_THEME_LIST = \'';
+ − 725
foreach($this->theme_list as $t) {
+ − 726
if($t['enabled'])
+ − 727
{
+ − 728
$js_dynamic .= '<option value="'.$t['theme_id'].'"';
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 729
// if($t['theme_id'] == $session->theme) $js_dynamic .= ' selected="selected"';
1
+ − 730
$js_dynamic .= '>'.$t['theme_name'].'</option>';
+ − 731
}
+ − 732
}
+ − 733
$js_dynamic .= '\';
210
2b283402e4e4
Added language export to JSON page and localization for Javascript using $lang.get(). Localized AJAX login interface.
Dan
diff
changeset
+ − 734
var ENANO_CURRENT_THEME = \''. $session->theme .'\';
212
30b857a6b811
Reworked comment system to not use HACKISH FIXES; AJAX comment framework is completely localized now
Dan
diff
changeset
+ − 735
var ENANO_LANG_ID = ' . $lang->lang_id . ';
30b857a6b811
Reworked comment system to not use HACKISH FIXES; AJAX comment framework is completely localized now
Dan
diff
changeset
+ − 736
var ENANO_PAGE_TYPE = "' . addslashes($this->namespace_string) . '";';
1
+ − 737
foreach($paths->nslist as $k => $c)
+ − 738
{
+ − 739
$js_dynamic .= "namespace_list['{$k}'] = '$c';";
+ − 740
}
+ − 741
$js_dynamic .= "\n //]]>\n </script>";
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 742
1
+ − 743
$tpl_strings = Array(
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 744
'PAGE_NAME'=>htmlspecialchars($paths->cpage['name']),
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 745
'PAGE_URLNAME'=> $urlname_clean,
40
+ − 746
'SITE_NAME'=>htmlspecialchars(getConfig('site_name')),
1
+ − 747
'USERNAME'=>$session->username,
40
+ − 748
'SITE_DESC'=>htmlspecialchars(getConfig('site_desc')),
1
+ − 749
'TOOLBAR'=>$tb,
+ − 750
'SCRIPTPATH'=>scriptPath,
+ − 751
'CONTENTPATH'=>contentPath,
+ − 752
'ADMIN_SID_QUES'=>$asq,
+ − 753
'ADMIN_SID_AMP'=>$asa,
+ − 754
'ADMIN_SID_AMP_HTML'=>$ash,
+ − 755
'ADMIN_SID_AUTO'=>$as2,
114
47393c6619ea
Nothing special, just syncing to Scribus, several bugs have been found with GET forms and a fix is in the works
Dan
diff
changeset
+ − 756
'ADMIN_SID_RAW'=> ( is_string($session->sid_super) ? $session->sid_super : '' ),
1
+ − 757
'ADDITIONAL_HEADERS'=>$this->additional_headers,
91
+ − 758
'COPYRIGHT'=>RenderMan::parse_internal_links(getConfig('copyright_notice')),
1
+ − 759
'TOOLBAR_EXTRAS'=>$this->toolbar_menu,
+ − 760
'REQUEST_URI'=>$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'],
+ − 761
'STYLE_LINK'=>makeUrlNS('Special', 'CSS'.$p, null, true), //contentPath.$paths->nslist['Special'].'CSS' . $p,
+ − 762
'LOGIN_LINK'=>$login_link,
+ − 763
'LOGOUT_LINK'=>$logout_link,
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 764
'ADMIN_LINK'=>$admin_link,
1
+ − 765
'THEME_LINK'=>$theme_link,
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 766
'SEARCH_ACTION'=>makeUrlNS('Special', 'Search'),
322
+ − 767
'INPUT_TITLE'=>( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars( $paths->nslist[$paths->namespace] . $paths->page_id ) . '" />' : ''),
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 768
'INPUT_AUTH'=>( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : ''),
1
+ − 769
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme,
+ − 770
'THEME_ID'=>$this->theme,
+ − 771
'STYLE_ID'=>$this->style,
+ − 772
'JS_DYNAMIC_VARS'=>$js_dynamic,
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 773
'UNREAD_PMS'=>$session->unread_pms,
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 774
'URL_ABOUT_ENANO' => makeUrlNS('Special', 'About_Enano', '', true),
315
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 775
'REPORT_URI' => makeUrl($paths->fullpage, 'do=sql_report', true)
1
+ − 776
);
+ − 777
+ − 778
foreach ( $paths->nslist as $ns_id => $ns_prefix )
+ − 779
{
+ − 780
$tpl_strings[ 'NS_' . strtoupper($ns_id) ] = $ns_prefix;
+ − 781
}
+ − 782
+ − 783
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings);
+ − 784
list($this->tpl_strings['SIDEBAR_LEFT'], $this->tpl_strings['SIDEBAR_RIGHT'], $min) = $this->fetch_sidebar();
+ − 785
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != $min) ? true : false;
+ − 786
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != $min) ? true : false;
+ − 787
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 788
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 789
$code = $plugins->setHook('template_var_init_end');
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 790
foreach ( $code as $cmd )
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 791
{
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 792
eval($cmd);
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 793
}
1
+ − 794
}
+ − 795
+ − 796
function header($simple = false)
+ − 797
{
+ − 798
global $db, $session, $paths, $template, $plugins; // Common objects
215
+ − 799
global $lang;
+ − 800
1
+ − 801
ob_start();
+ − 802
+ − 803
if(!$this->theme_loaded)
+ − 804
{
+ − 805
$this->load_theme($session->theme, $session->style);
+ − 806
}
+ − 807
+ − 808
$headers_sent = true;
+ − 809
if(!defined('ENANO_HEADERS_SENT'))
+ − 810
define('ENANO_HEADERS_SENT', '');
174
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 811
if ( !$this->no_headers )
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 812
{
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 813
$header = ( $simple ) ?
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 814
$this->process_template('simple-header.tpl') :
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 815
$this->process_template('header.tpl');
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 816
echo $header;
4c5c2b66a34d
SECURITY: remove debug message in session manager; implemented alternate MediaWiki syntax for template embedding; added Adobe Spry for "shake" effect on unsuccessful login
Dan
diff
changeset
+ − 817
}
1
+ − 818
if ( !$simple && $session->user_logged_in && $session->unread_pms > 0 )
+ − 819
{
+ − 820
echo $this->notify_unread_pms();
+ − 821
}
+ − 822
if ( !$simple && $session->sw_timed_out )
+ − 823
{
+ − 824
$login_link = makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, true);
+ − 825
echo '<div class="usermessage">';
215
+ − 826
echo $lang->get('user_msg_elev_timed_out', array( 'login_link' => $login_link ));
1
+ − 827
echo '</div>';
+ − 828
}
30
+ − 829
if ( $this->site_disabled && $session->user_level >= USER_LEVEL_ADMIN && ( $paths->page != $paths->nslist['Special'] . 'Administration' ) )
+ − 830
{
+ − 831
$admin_link = makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'GeneralConfig', true);
+ − 832
echo '<div class="usermessage"><b>The site is currently disabled and thus is only accessible to administrators.</b><br />
+ − 833
You can re-enable the site through the <a href="' . $admin_link . '">administration panel</a>.
+ − 834
</div>';
+ − 835
}
1
+ − 836
}
+ − 837
function footer($simple = false)
+ − 838
{
+ − 839
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 840
if(!$this->no_headers) {
+ − 841
+ − 842
if(!defined('ENANO_HEADERS_SENT'))
+ − 843
$this->header();
+ − 844
+ − 845
global $_starttime;
+ − 846
if(isset($_GET['sqldbg']) && $session->get_permissions('mod_misc'))
+ − 847
{
+ − 848
echo '<h3>Query list as requested on URI</h3><pre style="margin-left: 1em">';
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 849
echo htmlspecialchars($db->sql_backtrace());
1
+ − 850
echo '</pre>';
+ − 851
}
+ − 852
+ − 853
$f = microtime_float();
+ − 854
$f = $f - $_starttime;
+ − 855
$f = round($f, 4);
+ − 856
$dbg = 'Time: '.$f.'s | Queries: '.$db->num_queries;
+ − 857
$t = ( $simple ) ? $this->process_template('simple-footer.tpl') : $this->process_template('footer.tpl');
+ − 858
$t = str_replace('[[Stats]]', $dbg, $t);
+ − 859
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+ − 860
$t = str_replace('[[GenTime]]', (string)$f, $t);
+ − 861
echo $t;
+ − 862
+ − 863
ob_end_flush();
+ − 864
}
+ − 865
else return '';
+ − 866
}
+ − 867
function getHeader()
+ − 868
{
+ − 869
$headers_sent = true;
+ − 870
if(!defined('ENANO_HEADERS_SENT'))
+ − 871
define('ENANO_HEADERS_SENT', '');
+ − 872
if(!$this->no_headers) return $this->process_template('header.tpl');
+ − 873
}
+ − 874
function getFooter()
+ − 875
{
+ − 876
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 877
if(!$this->no_headers) {
+ − 878
global $_starttime;
+ − 879
$t = '';
+ − 880
+ − 881
if(isset($_GET['sqldbg']) && $session->get_permissions('mod_misc'))
+ − 882
{
+ − 883
$t .= '<h3>Query list as requested on URI</h3><pre style="margin-left: 1em">';
+ − 884
$t .= $db->sql_backtrace();
+ − 885
$t .= '</pre>';
+ − 886
}
+ − 887
+ − 888
$f = microtime_float();
+ − 889
$f = $f - $_starttime;
+ − 890
$f = round($f, 4);
+ − 891
$dbg = 'Time: '.$f.'s | Queries: '.$db->num_queries;
+ − 892
$t.= $this->process_template('footer.tpl');
+ − 893
$t = str_replace('[[Stats]]', $dbg, $t);
+ − 894
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+ − 895
$t = str_replace('[[GenTime]]', (string)$f, $t);
+ − 896
return $t;
+ − 897
}
+ − 898
else return '';
+ − 899
}
+ − 900
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 901
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 902
* Compiles and executes a template based on the current variables and booleans. Loads
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 903
* the theme and initializes variables if needed. This mostly just calls child functions.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 904
* @param string File to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 905
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 906
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 907
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 908
function process_template($file)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 909
{
1
+ − 910
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 911
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 912
{
+ − 913
$this->load_theme();
+ − 914
$this->init_vars();
+ − 915
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 916
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 917
$compiled = $this->compile_template($file);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 918
return eval($compiled);
1
+ − 919
}
+ − 920
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 921
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 922
* Loads variables from the specified template file. Returns an associative array containing the variables.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 923
* @param string Template file to process (elements.tpl)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 924
* @return array
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 925
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 926
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 927
function extract_vars($file)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 928
{
1
+ − 929
global $db, $session, $paths, $template, $plugins; // Common objects
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 930
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 931
// Sometimes this function gets called before the theme is loaded
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 932
// This is a bad coding practice so this function will always be picky.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 933
if ( !$this->theme )
1
+ − 934
{
+ − 935
die('$template->extract_vars(): theme not yet loaded, so we can\'t open template files yet...this is a bug and should be reported.<br /><br />Backtrace, most recent call first:<pre>'.enano_debug_print_backtrace(true).'</pre>');
+ − 936
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 937
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 938
// Full pathname of template file
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 939
$tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $file;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 940
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 941
// Make sure the template even exists
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 942
if ( !is_file($tpl_file_fullpath) )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 943
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 944
die_semicritical('Cannot find template file',
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 945
'<p>The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 946
the current theme.</p>
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 947
<p>Additional debugging information:<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 948
<b>Theme currently in use: </b>' . $this->theme . '<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 949
<b>Requested file: </b>' . $file . '
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 950
</p>');
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 951
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 952
// Retrieve file contents
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 953
$text = file_get_contents($tpl_file_fullpath);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 954
if ( !$text )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 955
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 956
return false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 957
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 958
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 959
// Get variables, regular expressions FTW
1
+ − 960
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches);
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 961
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 962
// Initialize return values
1
+ − 963
$tplvars = Array();
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 964
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 965
// Loop through each match, setting $tplvars[ $first_subpattern ] to $second_subpattern
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 966
for ( $i = 0; $i < sizeof($matches[1]); $i++ )
1
+ − 967
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 968
$tplvars[ $matches[1][$i] ] = $matches[2][$i];
1
+ − 969
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 970
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 971
// All done!
1
+ − 972
return $tplvars;
+ − 973
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 974
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 975
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 976
* Compiles a block of template code.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 977
* @param string The text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 978
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 979
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 980
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 981
function compile_tpl_code($text)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 982
{
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 983
global $db, $session, $paths, $template, $plugins; // Common objects
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 984
// A random seed used to salt tags
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 985
$seed = md5 ( microtime() . mt_rand() );
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 986
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 987
// Strip out PHP sections
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 988
preg_match_all('/<\?php(.+?)\?>/is', $text, $php_matches);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 989
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 990
foreach ( $php_matches[0] as $i => $match )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 991
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 992
// Substitute the PHP section with a random tag
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 993
$tag = "{PHP:$i:$seed}";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 994
$text = str_replace_once($match, $tag, $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 995
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 996
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 997
// Escape slashes and single quotes in template code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 998
$text = str_replace('\\', '\\\\', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 999
$text = str_replace('\'', '\\\'', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1000
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1001
// Initialize the PHP compiled code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1002
$text = 'ob_start(); echo \''.$text.'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1003
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1004
##
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1005
## Main rules
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1006
##
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1007
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1008
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1009
// Conditionals
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1010
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1011
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1012
$keywords = array('BEGIN', 'BEGINNOT', 'IFSET', 'IFPLUGIN');
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1013
$code = $plugins->setHook('template_compile_logic_keyword');
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1014
foreach ( $code as $cmd )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1015
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1016
eval($cmd);
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1017
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1018
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1019
$keywords = implode('|', $keywords);
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1020
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1021
// Matches
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1022
// 1 2 3 4 56 7 8
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1023
$regexp = '/(<!-- ('. $keywords .') ([A-z0-9_-]+) -->)(.*)((<!-- BEGINELSE \\3 -->)(.*))?(<!-- END \\3 -->)/isU';
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1024
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1025
/*
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1026
The way this works is: match all blocks using the standard form with a different keyword in the block each time,
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1027
and replace them with appropriate PHP logic. Plugin-extensible now. :-)
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1028
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1029
The while-loop is to bypass what is apparently a PCRE bug. It's hackish but it works. Properly written plugins should only need
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1030
to compile templates (using this method) once for each time the template file is changed.
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1031
*/
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1032
while ( preg_match($regexp, $text) )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1033
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1034
preg_match_all($regexp, $text, $matches);
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1035
for ( $i = 0; $i < count($matches[0]); $i++ )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1036
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1037
$start_tag =& $matches[1][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1038
$type =& $matches[2][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1039
$test =& $matches[3][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1040
$particle_true =& $matches[4][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1041
$else_tag =& $matches[6][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1042
$particle_else =& $matches[7][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1043
$end_tag =& $matches[8][$i];
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1044
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1045
switch($type)
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1046
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1047
case 'BEGIN':
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1048
$cond = "isset(\$this->tpl_bool['$test']) && \$this->tpl_bool['$test']";
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1049
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1050
case 'BEGINNOT':
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1051
$cond = "!isset(\$this->tpl_bool['$test']) || ( isset(\$this->tpl_bool['$test']) && !\$this->tpl_bool['$test'] )";
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1052
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1053
case 'IFPLUGIN':
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1054
$cond = "getConfig('plugin_$test') == '1'";
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1055
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1056
case 'IFSET':
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1057
$cond = "isset(\$this->tpl_strings['$test'])";
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1058
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1059
default:
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1060
$code = $plugins->setHook('template_compile_logic_cond');
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1061
foreach ( $code as $cmd )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1062
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1063
eval($cmd);
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1064
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1065
break;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1066
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1067
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1068
if ( !isset($cond) || ( isset($cond) && !is_string($cond) ) )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1069
continue;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1070
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1071
$tag_complete = <<<TPLCODE
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1072
';
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1073
/* START OF CONDITION: $type ($test) */
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1074
if ( $cond )
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1075
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1076
echo '$particle_true';
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1077
/* ELSE OF CONDITION: $type ($test) */
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1078
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1079
else
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1080
{
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1081
echo '$particle_else';
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1082
/* END OF CONDITION: $type ($test) */
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1083
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1084
echo '
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1085
TPLCODE;
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1086
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1087
$text = str_replace_once($matches[0][$i], $tag_complete, $text);
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1088
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1089
}
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1090
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1091
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1092
// For debugging ;-)
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1093
// die("<pre><?php\n" . htmlspecialchars($text."\n\n".print_r($matches,true)) . "\n\n?></pre>");
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1094
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1095
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1096
// Data substitution/variables
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1097
//
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1098
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1099
// System messages
320
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 1100
$text = preg_replace('/<!-- SYSMSG ([A-z0-9\._-]+?) -->/is', '\' . $this->tplWikiFormat($paths->sysMsg(\'\\1\')) . \'', $text);
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1101
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1102
// Template variables
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1103
$text = preg_replace('/\{([A-z0-9_-]+?)\}/is', '\' . $this->tpl_strings[\'\\1\'] . \'', $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1104
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1105
// Reinsert PHP
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1106
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1107
foreach ( $php_matches[1] as $i => $match )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1108
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1109
// Substitute the random tag with the "real" PHP code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1110
$tag = "{PHP:$i:$seed}";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1111
$text = str_replace_once($tag, "'; $match echo '", $text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1112
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1113
189
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1114
// echo('<pre>' . htmlspecialchars($text) . '</pre>');
fd0e9c7a7b28
Automatic set of state on Oxygen sidebar portlets should work now; reimplemented parts of the template parser (again) to workaround some PHP/PCRE issues and add support for parser plugins
Dan
diff
changeset
+ − 1115
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1116
return $text;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1117
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1118
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1119
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1120
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1121
* Compiles the contents of a given template file, possibly using a cached copy, and returns the compiled code.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1122
* @param string Filename of template (header.tpl)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1123
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1124
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1125
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1126
function compile_template($filename)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1127
{
1
+ − 1128
global $db, $session, $paths, $template, $plugins; // Common objects
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1129
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1130
// Full path to template file
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1131
$tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $filename;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1132
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1133
// Make sure the file exists
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1134
if ( !is_file($tpl_file_fullpath) )
1
+ − 1135
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1136
die_semicritical('Cannot find template file',
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1137
'<p>The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1138
the current theme.</p>
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1139
<p>Additional debugging information:<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1140
<b>Theme currently in use: </b>' . $this->theme . '<br />
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1141
<b>Requested file: </b>' . $file . '
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1142
</p>');
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1143
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1144
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1145
// Check for cached copy
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1146
// This will make filenames in the pattern of theme-file.tpl.php
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1147
$cache_file = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $filename) . '.php';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1148
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1149
// Only use cached copy if caching is enabled
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1150
// (it is enabled by default I think)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1151
if ( file_exists($cache_file) && getConfig('cache_thumbs') == '1' )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1152
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1153
// Cache files are auto-generated, but otherwise are normal PHP files
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1154
include($cache_file);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1155
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1156
// Fetch content of the ORIGINAL
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1157
$text = file_get_contents($tpl_file_fullpath);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1158
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1159
// $md5 will be set by the cached file
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1160
// This makes sure that a cached copy of the template is used only if its MD5
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1161
// matches the MD5 of the file that the compiled file was compiled from.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1162
if ( isset($md5) && $md5 == md5($text) )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1163
{
211
+ − 1164
return $this->compile_template_text_post(str_replace('\\"', '"', $tpl_text));
1
+ − 1165
}
+ − 1166
}
+ − 1167
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1168
// We won't use the cached copy here
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1169
$text = file_get_contents($tpl_file_fullpath);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1170
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1171
// This will be used later when writing the cached file
1
+ − 1172
$md5 = md5($text);
+ − 1173
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1174
// Preprocessing and checks complete - compile the code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1175
$text = $this->compile_tpl_code($text);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1176
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1177
// Perhaps caching is enabled and the admin has changed the template?
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1178
if ( is_writable( ENANO_ROOT . '/cache/' ) && getConfig('cache_thumbs') == '1' )
1
+ − 1179
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1180
$h = fopen($cache_file, 'w');
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1181
if ( !$h )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1182
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1183
// Couldn't open the file - silently ignore and return
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1184
return $text;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1185
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1186
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1187
// Escape the compiled code so it can be eval'ed
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1188
$text_escaped = addslashes($text);
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1189
$notice = <<<EOF
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1190
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1191
/*
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1192
* NOTE: This file was automatically generated by Enano and is based on compiled code. Do not edit this file.
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1193
* If you edit this file, any changes you make will be lost the next time the associated source template file is edited.
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1194
*/
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1195
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 1196
EOF;
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1197
// This is really just a normal PHP file that sets a variable or two and exits.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1198
// $tpl_text actually will contain the compiled code
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1199
fwrite($h, '<?php ' . $notice . ' $md5 = \'' . $md5 . '\'; $tpl_text = \'' . $text_escaped . '\'; ?>');
1
+ − 1200
fclose($h);
+ − 1201
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1202
211
+ − 1203
return $this->compile_template_text_post($text); //('<pre>'.htmlspecialchars($text).'</pre>');
1
+ − 1204
}
+ − 1205
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1206
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1207
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1208
* Compiles (parses) some template code with the current master set of variables and booleans.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1209
* @param string Text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1210
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1211
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1212
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1213
function compile_template_text($text)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1214
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1215
// this might do something else in the future, possibly cache large templates
211
+ − 1216
return $this->compile_template_text_post($this->compile_tpl_code($text));
1
+ − 1217
}
+ − 1218
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1219
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1220
* For convenience - compiles AND parses some template code.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1221
* @param string Text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1222
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1223
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1224
1
+ − 1225
function parse($text)
+ − 1226
{
+ − 1227
$text = $this->compile_template_text($text);
211
+ − 1228
$text = $this->compile_template_text_post($text);
1
+ − 1229
return eval($text);
+ − 1230
}
+ − 1231
211
+ − 1232
/**
+ − 1233
* Post-processor for template code. Basically what this does is it localizes {lang:foo} blocks.
+ − 1234
* @param string Mostly-processed TPL code
+ − 1235
* @return string
+ − 1236
*/
+ − 1237
+ − 1238
function compile_template_text_post($text)
+ − 1239
{
+ − 1240
global $lang;
+ − 1241
preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $text, $matches);
+ − 1242
foreach ( $matches[1] as $i => $string_id )
+ − 1243
{
+ − 1244
$string = $lang->get($string_id);
+ − 1245
$string = str_replace('\\', '\\\\', $string);
+ − 1246
$string = str_replace('\'', '\\\'', $string);
+ − 1247
$text = str_replace_once($matches[0][$i], $string, $text);
+ − 1248
}
+ − 1249
return $text;
+ − 1250
}
+ − 1251
1
+ − 1252
// Steps to turn this:
+ − 1253
// [[Project:Community Portal]]
+ − 1254
// into this:
+ − 1255
// <a href="/Project:Community_Portal">Community Portal</a>
+ − 1256
// Must be done WITHOUT creating eval'ed code!!!
+ − 1257
+ − 1258
// 1. preg_replace \[\[([a-zA-Z0-9 -_:]*?)\]\] with <a href="'.contentPath.'\\1">\\1</a>
+ − 1259
// 2. preg_match_all <a href="'.preg_quote(contentPath).'([a-zA-Z0-9 -_:]*?)">
+ − 1260
// 3. For each match, replace matches with identifiers
+ − 1261
// 4. For each match, str_replace ' ' with '_'
+ − 1262
// 5. For each match, str_replace match_id:random_val with $matches[$match_id]
+ − 1263
+ − 1264
// The template language is really a miniature programming language; with variables, conditionals, everything!
+ − 1265
// So you can implement custom logic into your sidebar if you wish.
+ − 1266
// "Real" PHP support coming soon :-D
+ − 1267
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1268
/**
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1269
* Takes a blob of HTML with the specially formatted template-oriented wikitext and formats it. Does not use eval().
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1270
* This function butchers every coding standard in Enano and should eventually be rewritten. The fact is that the
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1271
* code _works_ and does a good job of checking for errors and cleanly complaining about them.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1272
* @param string Text to process
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1273
* @param bool Ignored for backwards compatibility
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1274
* @param string File to get variables for sidebar data from
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1275
* @return string
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1276
*/
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1277
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1278
function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl')
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1279
{
1
+ − 1280
global $db, $session, $paths, $template, $plugins; // Common objects
215
+ − 1281
global $lang;
+ − 1282
1
+ − 1283
$filter_links = false;
+ − 1284
$tplvars = $this->extract_vars($filename);
+ − 1285
if($session->sid_super) $as = htmlspecialchars(urlSeparator).'auth='.$session->sid_super;
+ − 1286
else $as = '';
+ − 1287
error_reporting(E_ALL);
+ − 1288
$random_id = sha1(microtime().''); // A temp value
+ − 1289
+ − 1290
/*
+ − 1291
* PREPROCESSOR
+ − 1292
*/
+ − 1293
+ − 1294
// Variables
+ − 1295
+ − 1296
preg_match_all('#\$([A-Z_-]+)\$#', $message, $links);
+ − 1297
$links = $links[1];
+ − 1298
+ − 1299
for($i=0;$i<sizeof($links);$i++)
+ − 1300
{
+ − 1301
$message = str_replace('$'.$links[$i].'$', $this->tpl_strings[$links[$i]], $message);
+ − 1302
}
+ − 1303
+ − 1304
// Conditionals
+ − 1305
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1306
preg_match_all('#\{if ([A-Za-z0-9_ \(\)&\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links);
1
+ − 1307
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1308
// Temporary exception from coding standards - using tab length of 4 here for clarity
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1309
for ( $i = 0; $i < sizeof($links[1]); $i++ )
1
+ − 1310
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1311
$condition =& $links[1][$i];
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1312
$message = str_replace('{if '.$condition.'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message);
1
+ − 1313
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1314
// Time for some manual parsing...
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1315
$chk = false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1316
$current_id = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1317
$prn_level = 0;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1318
// Used to keep track of where we are in the conditional
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1319
// Object of the game: turn {if this && ( that OR !something_else )} ... {/if} into if( ( isset($this->tpl_bool['that']) && $this->tpl_bool['that'] ) && ...
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1320
// Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1321
$in_var_now = true;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1322
$in_var_last = false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1323
$current_var = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1324
$current_var_start_pos = 0;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1325
$current_var_end_pos = 0;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1326
$j = -1;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1327
$condition = $condition . ' ';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1328
$d = strlen($condition);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1329
while($j < $d)
1
+ − 1330
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1331
$j++;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1332
$in_var_last = $in_var_now;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1333
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1334
$char = substr($condition, $j, 1);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1335
$in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1336
if(!$in_var_last && $in_var_now)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1337
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1338
$current_var_start_pos = $j;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1339
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1340
if($in_var_last && !$in_var_now)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1341
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1342
$current_var_end_pos = $j;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1343
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1344
if($in_var_now)
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1345
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1346
$current_var .= $char;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1347
continue;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1348
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1349
// OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete.
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1350
if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9')
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1351
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1352
// XSS attack! Bail out
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1353
$errmsg = '<p><b>Error:</b> Syntax error (possibly XSS attack) caught in template code:</p>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1354
$errmsg .= '<pre>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1355
$errmsg .= '{if '.htmlspecialchars($condition).'}';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1356
$errmsg .= "\n ";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1357
for ( $k = 0; $k < $j; $k++ )
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1358
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1359
$errmsg .= " ";
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1360
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1361
// Show position of error
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1362
$errmsg .= '<span style="color: red;">^</span>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1363
$errmsg .= '</pre>';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1364
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $errmsg, $message);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1365
continue 2;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1366
}
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1367
if($current_var != '')
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1368
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1369
$cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1370
$cvt = substr($condition, 0, $current_var_start_pos) . $cd . substr($condition, $current_var_end_pos, strlen($condition));
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1371
$j = $j + strlen($cd) - strlen($current_var);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1372
$current_var = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1373
$condition = $cvt;
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1374
$d = strlen($condition);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1375
}
1
+ − 1376
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1377
$condition = substr($condition, 0, strlen($condition)-1);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1378
$condition = '$chk = ( '.$condition.' ) ? true : false;';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1379
eval($condition);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1380
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1381
if($chk)
1
+ − 1382
{
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1383
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}'));
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1384
else $c = $links[2][$i];
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1385
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
1
+ − 1386
}
162
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1387
else
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1388
{
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1389
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i]));
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1390
else $c = '';
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1391
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
e1a22031b5bd
Major revamps to the template parser. Fixed a few security holes that could allow PHP to be injected in untimely places in TPL code. Improved Ux for XSS attempt in tplWikiFormat. Documented many functions. Backported much cleaner parser from 2.0 branch. Beautified a lot of code in the depths of the template class. Pretty much a small-scale Extreme Makeover.
Dan
diff
changeset
+ − 1392
}
1
+ − 1393
}
+ − 1394
+ − 1395
preg_match_all('#\{!if ([A-Za-z_-]*)\}(.*?)\{\/if\}#is', $message, $links);
+ − 1396
+ − 1397
for($i=0;$i<sizeof($links[1]);$i++)
+ − 1398
{
+ − 1399
$message = str_replace('{!if '.$links[1][$i].'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message);
+ − 1400
if(isset($this->tpl_bool[$links[1][$i]]) && $this->tpl_bool[$links[1][$i]]) {
+ − 1401
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i]));
+ − 1402
else $c = '';
+ − 1403
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
+ − 1404
} else {
+ − 1405
if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}'));
+ − 1406
else $c = $links[2][$i];
+ − 1407
$message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message);
+ − 1408
}
+ − 1409
}
+ − 1410
215
+ − 1411
preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $message, $matches);
+ − 1412
foreach ( $matches[1] as $i => $string_id )
+ − 1413
{
+ − 1414
$string = $lang->get($string_id);
+ − 1415
$string = str_replace('\\', '\\\\', $string);
+ − 1416
$string = str_replace('\'', '\\\'', $string);
+ − 1417
$message = str_replace_once($matches[0][$i], $string, $message);
+ − 1418
}
+ − 1419
1
+ − 1420
/*
+ − 1421
* HTML RENDERER
+ − 1422
*/
+ − 1423
+ − 1424
// Images
+ − 1425
$j = preg_match_all('#\[\[:'.$paths->nslist['File'].'([\w\s0-9_\(\)!@%\^\+\|\.-]+?)\]\]#is', $message, $matchlist);
+ − 1426
$matches = Array();
+ − 1427
$matches['images'] = $matchlist[1];
+ − 1428
for($i=0;$i<sizeof($matchlist[1]);$i++)
+ − 1429
{
+ − 1430
if(isPage($paths->nslist['File'].$matches['images'][$i]))
+ − 1431
{
+ − 1432
$message = str_replace('[[:'.$paths->nslist['File'].$matches['images'][$i].']]',
+ − 1433
'<img alt="'.$matches['images'][$i].'" style="border: 0" src="'.makeUrlNS('Special', 'DownloadFile/'.$matches['images'][$i]).'" />',
+ − 1434
$message);
+ − 1435
}
+ − 1436
}
+ − 1437
+ − 1438
// Internal links
+ − 1439
+ − 1440
$text_parser = $this->makeParserText($tplvars['sidebar_button']);
+ − 1441
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1442
preg_match_all("#\[\[([^\|\]\n\a\r\t]*?)\]\]#is", $message, $il);
1
+ − 1443
for($i=0;$i<sizeof($il[1]);$i++)
+ − 1444
{
+ − 1445
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true);
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1446
$text_parser->assign_vars(Array(
1
+ − 1447
'HREF' => $href,
+ − 1448
'FLAGS' => '',
+ − 1449
'TEXT' => $il[1][$i]
+ − 1450
));
+ − 1451
$message = str_replace("[[{$il[1][$i]}]]", $text_parser->run(), $message);
+ − 1452
}
+ − 1453
133
af0f6ec48de3
Fully implemented password complexity enforcement; added encryption for passwords on registration form; some baby steps taken towards supporting international usernames - this is not working very well, we might need a hackish fix; TODO: implement password strength meter into installer UI and get international usernames 100% working
Dan
diff
changeset
+ − 1454
preg_match_all('#\[\[([^\|\]\n\a\r\t]*?)\|([^\]\r\n\a\t]*?)\]\]#is', $message, $il);
1
+ − 1455
for($i=0;$i<sizeof($il[1]);$i++)
+ − 1456
{
+ − 1457
$href = makeUrl(str_replace(' ', '_', $il[1][$i]), null, true);
+ − 1458
$text_parser->assign_vars(Array(
+ − 1459
'HREF' => $href,
+ − 1460
'FLAGS' => '',
+ − 1461
'TEXT' => $il[2][$i]
+ − 1462
));
+ − 1463
$message = str_replace("[[{$il[1][$i]}|{$il[2][$i]}]]", $text_parser->run(), $message);
+ − 1464
}
+ − 1465
+ − 1466
// External links
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1467
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?) ([^\]]+)\\]#', '<a href="\\1://\\2">\\3</a><br style="display: none;" />', $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1468
// $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', '<a href="\\1://\\2">\\1://\\2</a><br style="display: none;" />', $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1469
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
diff
changeset
+ − 1470
preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?) ([^\]]+)\]/is', $message, $ext_link);
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
diff
changeset
+ − 1471
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
diff
changeset
+ − 1472
// die('<pre>' . htmlspecialchars( print_r($ext_link, true) ) . '</pre>');
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1473
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1474
for ( $i = 0; $i < count($ext_link[0]); $i++ )
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1475
{
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1476
$text_parser->assign_vars(Array(
165
+ − 1477
'HREF' => $ext_link[1][$i],
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1478
'FLAGS' => '',
165
+ − 1479
'TEXT' => $ext_link[16][$i]
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1480
));
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1481
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1482
}
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1483
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
diff
changeset
+ − 1484
preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?)\]/is', $message, $ext_link);
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1485
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1486
for ( $i = 0; $i < count($ext_link[0]); $i++ )
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1487
{
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1488
$text_parser->assign_vars(Array(
165
+ − 1489
'HREF' => $ext_link[1][$i],
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1490
'FLAGS' => '',
165
+ − 1491
'TEXT' => htmlspecialchars($ext_link[1][$i])
59
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1492
));
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1493
$message = str_replace($ext_link[0][$i], $text_parser->run(), $message);
7c4a851fb5c5
Minor IE4 compatibility fix; template parser now properly handles external links in the sidebar
Dan
diff
changeset
+ − 1494
}
1
+ − 1495
+ − 1496
$parser1 = $this->makeParserText($tplvars['sidebar_section']);
+ − 1497
$parser2 = $this->makeParserText($tplvars['sidebar_section_raw']);
+ − 1498
60
71b50f8c8f85
Changed administration login request to use the AJAX login form; made high-level authentication more apparent in the AJAX box; recompiled Oxygen Mint
Dan
diff
changeset
+ − 1499
preg_match_all('#\{slider(2|)=([^\}]*?)\}(.*?)\{\/slider(2|)\}#is', $message, $sb);
1
+ − 1500
+ − 1501
// Modified to support the sweet new template var system
+ − 1502
for($i=0;$i<sizeof($sb[1]);$i++)
+ − 1503
{
+ − 1504
$p = ($sb[1][$i] == '2') ? $parser2 : $parser1;
+ − 1505
$p->assign_vars(Array('TITLE'=>$sb[2][$i],'CONTENT'=>$sb[3][$i]));
+ − 1506
$message = str_replace("{slider{$sb[1][$i]}={$sb[2][$i]}}{$sb[3][$i]}{/slider{$sb[4][$i]}}", $p->run(), $message);
+ − 1507
}
+ − 1508
+ − 1509
/*
+ − 1510
Extras ;-)
+ − 1511
$message = preg_replace('##is', '', $message);
+ − 1512
$message = preg_replace('##is', '', $message);
+ − 1513
$message = preg_replace('##is', '', $message);
+ − 1514
$message = preg_replace('##is', '', $message);
+ − 1515
$message = preg_replace('##is', '', $message);
+ − 1516
*/
+ − 1517
+ − 1518
//die('<pre>'.htmlspecialchars($message).'</pre>');
+ − 1519
//eval($message); exit;
+ − 1520
return $message;
+ − 1521
}
+ − 1522
+ − 1523
/**
+ − 1524
* Print a text field that auto-completes a username entered into it.
+ − 1525
* @param string $name - the name of the form field
+ − 1526
* @return string
+ − 1527
*/
+ − 1528
+ − 1529
function username_field($name, $value = false)
+ − 1530
{
+ − 1531
$randomid = md5( time() . microtime() . mt_rand() );
184
+ − 1532
$text = '<input name="'.$name.'" onkeyup="new AutofillUsername(this);" autocomplete="off" type="text" size="30" id="userfield_'.$randomid.'"';
1
+ − 1533
if($value) $text .= ' value="'.$value.'"';
+ − 1534
$text .= ' />';
+ − 1535
return $text;
+ − 1536
}
+ − 1537
+ − 1538
/**
+ − 1539
* Print a text field that auto-completes a page name entered into it.
+ − 1540
* @param string $name - the name of the form field
+ − 1541
* @return string
+ − 1542
*/
+ − 1543
+ − 1544
function pagename_field($name, $value = false)
+ − 1545
{
+ − 1546
$randomid = md5( time() . microtime() . mt_rand() );
+ − 1547
$text = '<input name="'.$name.'" onkeyup="ajaxPageNameComplete(this)" type="text" size="30" id="pagefield_'.$randomid.'"';
+ − 1548
if($value) $text .= ' value="'.$value.'"';
+ − 1549
$text .= ' />';
+ − 1550
$text .= '<script type="text/javascript">
+ − 1551
var inp = document.getElementById(\'pagefield_' . $randomid . '\');
+ − 1552
var f = get_parent_form(inp);
+ − 1553
if ( f )
+ − 1554
{
+ − 1555
if ( typeof(f.onsubmit) != \'function\' )
+ − 1556
{
+ − 1557
f.onsubmit = function() {
+ − 1558
if ( !submitAuthorized )
+ − 1559
{
+ − 1560
return false;
+ − 1561
}
+ − 1562
}
+ − 1563
}
+ − 1564
}</script>';
+ − 1565
return $text;
+ − 1566
}
+ − 1567
+ − 1568
/**
+ − 1569
* Sends a textarea that can be converted to and from a TinyMCE widget on the fly.
+ − 1570
* @param string The name of the form element
+ − 1571
* @param string The initial content. Optional, defaults to blank
+ − 1572
* @param int Rows in textarea
+ − 1573
* @param int Columns in textarea
+ − 1574
* @return string HTML and Javascript code.
+ − 1575
*/
+ − 1576
+ − 1577
function tinymce_textarea($name, $content = '', $rows = 20, $cols = 60)
+ − 1578
{
+ − 1579
$randomid = md5(microtime() . mt_rand());
+ − 1580
$html = '';
+ − 1581
$html .= '<textarea name="' . $name . '" rows="'.$rows.'" cols="'.$cols.'" style="width: 100%;" id="toggleMCEroot_'.$randomid.'">' . $content . '</textarea>';
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1582
$html .= '<div style="float: right; display: table;" id="mceSwitchAgent_' . $randomid . '">text editor | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">graphical editor</a></div>';
1
+ − 1583
$html .= '<script type="text/javascript">
+ − 1584
// <![CDATA[
+ − 1585
function toggleMCE_'.$randomid.'()
+ − 1586
{
+ − 1587
var the_obj = document.getElementById(\'toggleMCEroot_' . $randomid . '\');
+ − 1588
var panel = document.getElementById(\'mceSwitchAgent_' . $randomid . '\');
+ − 1589
if ( the_obj.dnIsMCE == "yes" )
+ − 1590
{
+ − 1591
$dynano(the_obj).destroyMCE();
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1592
panel.innerHTML = \'text editor | <a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">graphical editor</a>\';
1
+ − 1593
}
+ − 1594
else
+ − 1595
{
+ − 1596
$dynano(the_obj).switchToMCE();
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1597
panel.innerHTML = \'<a href="#" onclick="if ( !KILL_SWITCH ) { toggleMCE_'.$randomid.'(); return false; }">text editor</a> | graphical editor\';
1
+ − 1598
}
+ − 1599
}
+ − 1600
// ]]>
+ − 1601
</script>';
+ − 1602
return $html;
+ − 1603
}
+ − 1604
+ − 1605
/**
+ − 1606
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;)
+ − 1607
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class.
+ − 1608
* @param $filename the filename of the template to be parsed
+ − 1609
* @return object
+ − 1610
*/
+ − 1611
+ − 1612
function makeParser($filename)
+ − 1613
{
+ − 1614
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1615
$filename = ENANO_ROOT.'/themes/'.$template->theme.'/'.$filename;
+ − 1616
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist');
+ − 1617
$code = file_get_contents($filename);
+ − 1618
$parser = new templateIndividual($code);
+ − 1619
return $parser;
+ − 1620
}
+ − 1621
+ − 1622
/**
+ − 1623
* Same as $template->makeParser(), but takes a string instead of a filename.
+ − 1624
* @param $text the text to parse
+ − 1625
* @return object
+ − 1626
*/
+ − 1627
+ − 1628
function makeParserText($code)
+ − 1629
{
+ − 1630
$parser = new templateIndividual($code);
+ − 1631
return $parser;
+ − 1632
}
+ − 1633
+ − 1634
/**
+ − 1635
* Fetch the HTML for a plugin-added sidebar block
+ − 1636
* @param $name the plugin name
+ − 1637
* @return string
+ − 1638
*/
+ − 1639
+ − 1640
function fetch_block($id)
+ − 1641
{
+ − 1642
if(isset($this->plugin_blocks[$id])) return $this->plugin_blocks[$id];
+ − 1643
else return false;
+ − 1644
}
+ − 1645
+ − 1646
/**
+ − 1647
* Fetches the contents of both sidebars.
+ − 1648
* @return array - key 0 is left, key 1 is right
+ − 1649
* @example list($left, $right) = $template->fetch_sidebar();
+ − 1650
*/
+ − 1651
+ − 1652
function fetch_sidebar()
+ − 1653
{
+ − 1654
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1655
+ − 1656
$left = '';
+ − 1657
$right = '';
+ − 1658
+ − 1659
if ( !$this->fetch_block('Links') )
+ − 1660
$this->initLinksWidget();
+ − 1661
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1662
$q = $db->sql_query('SELECT item_id,sidebar_id,block_name,block_type,block_content FROM '.table_prefix.'sidebar' . "\n"
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1663
. ' WHERE item_enabled=1 ORDER BY sidebar_id ASC, item_order ASC;');
1
+ − 1664
if(!$q) $db->_die('The sidebar text data could not be selected.');
+ − 1665
+ − 1666
$vars = $this->extract_vars('elements.tpl');
+ − 1667
+ − 1668
if(isset($vars['sidebar_top']))
+ − 1669
{
+ − 1670
$left .= $this->parse($vars['sidebar_top']);
+ − 1671
$right .= $this->parse($vars['sidebar_top']);
+ − 1672
}
+ − 1673
while($row = $db->fetchrow())
+ − 1674
{
+ − 1675
switch($row['block_type'])
+ − 1676
{
+ − 1677
case BLOCK_WIKIFORMAT:
+ − 1678
default:
+ − 1679
$parser = $this->makeParserText($vars['sidebar_section']);
+ − 1680
$c = RenderMan::render($row['block_content']);
+ − 1681
break;
+ − 1682
case BLOCK_TEMPLATEFORMAT:
+ − 1683
$parser = $this->makeParserText($vars['sidebar_section']);
+ − 1684
$c = $this->tplWikiFormat($row['block_content']);
+ − 1685
break;
+ − 1686
case BLOCK_HTML:
+ − 1687
$parser = $this->makeParserText($vars['sidebar_section_raw']);
+ − 1688
$c = $row['block_content'];
+ − 1689
break;
+ − 1690
case BLOCK_PHP:
+ − 1691
$parser = $this->makeParserText($vars['sidebar_section_raw']);
+ − 1692
ob_start();
+ − 1693
@eval($row['block_content']);
+ − 1694
$c = ob_get_contents();
+ − 1695
ob_end_clean();
+ − 1696
break;
+ − 1697
case BLOCK_PLUGIN:
+ − 1698
$parser = $this->makeParserText($vars['sidebar_section_raw']);
+ − 1699
$c = (gettype($this->fetch_block($row['block_content'])) == 'string') ? $this->fetch_block($row['block_content']) : 'Can\'t find plugin block';
+ − 1700
break;
+ − 1701
}
+ − 1702
$parser->assign_vars(Array( 'TITLE'=>$this->tplWikiFormat($row['block_name']), 'CONTENT'=>$c ));
+ − 1703
if ($row['sidebar_id'] == SIDEBAR_LEFT ) $left .= $parser->run();
+ − 1704
elseif($row['sidebar_id'] == SIDEBAR_RIGHT) $right .= $parser->run();
+ − 1705
unset($parser);
+ − 1706
}
+ − 1707
$db->free_result();
+ − 1708
if(isset($vars['sidebar_bottom']))
+ − 1709
{
+ − 1710
$left .= $this->parse($vars['sidebar_bottom']);
+ − 1711
$right .= $this->parse($vars['sidebar_bottom']);
+ − 1712
}
+ − 1713
$min = '';
+ − 1714
if(isset($vars['sidebar_top']))
+ − 1715
{
+ − 1716
$min .= $this->parse($vars['sidebar_top']);
+ − 1717
}
+ − 1718
if(isset($vars['sidebar_bottom']))
+ − 1719
{
+ − 1720
$min .= $this->parse($vars['sidebar_bottom']);
+ − 1721
}
+ − 1722
return Array($left, $right, $min);
+ − 1723
}
+ − 1724
+ − 1725
function initLinksWidget()
+ − 1726
{
+ − 1727
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1728
// SourceForge/W3C buttons
+ − 1729
$ob = Array();
27
dd659f6ba891
Converting all tables on new installations to UTF-8; this may break MySQL 4.0 compatibility; several minor cosmetic fixes; set Powered button under Links to "on" by default
Dan
diff
changeset
+ − 1730
$admintitle = ( $session->user_level >= USER_LEVEL_ADMIN ) ? 'title="You may disable this button in the admin panel under General Configuration."' : '';
1
+ − 1731
if(getConfig('sflogo_enabled')=='1')
+ − 1732
{
203
+ − 1733
$sflogo_secure = ( isset($_SERVER['HTTPS']) ) ? 'https' : 'http';
+ − 1734
$ob[] = '<a style="text-align: center;" href="http://sourceforge.net/" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border-width: 0px;" alt="SourceForge.net Logo" src="' . $sflogo_secure . '://sflogo.sourceforge.net/sflogo.php?group_id='.getConfig('sflogo_groupid').'&type='.getConfig('sflogo_type').'" /></a>';
1
+ − 1735
}
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1736
if(getConfig('w3c_v32') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 3.2" src="http://www.w3.org/Icons/valid-html32" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1737
if(getConfig('w3c_v40') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.0" src="http://www.w3.org/Icons/valid-html40" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1738
if(getConfig('w3c_v401') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid HTML 4.01" src="http://www.w3.org/Icons/valid-html401" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1739
if(getConfig('w3c_vxhtml10')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.0" src="http://www.w3.org/Icons/valid-xhtml10" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1740
if(getConfig('w3c_vxhtml11')=='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid XHTML 1.1" src="http://www.w3.org/Icons/valid-xhtml11" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1741
if(getConfig('w3c_vcss') =='1') $ob[] = '<a style="text-align: center;" href="http://validator.w3.org/check?uri=referer" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="Valid CSS" src="http://www.w3.org/Icons/valid-css" /></a>';
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 1742
if(getConfig('dbd_button') =='1') $ob[] = '<a style="text-align: center;" href="http://www.defectivebydesign.org/join/button" onclick="if ( !KILL_SWITCH ) { window.open(this.href);return false; }"><img style="border: 0px solid #FFFFFF;" alt="DRM technology restricts what you can do with your computer" src="http://defectivebydesign.org/sites/nodrm.civicactions.net/files/images/dbd_sm_btn.gif" /><br /><small>Protect your freedom >></small></a>';
1
+ − 1743
+ − 1744
$code = $plugins->setHook('links_widget');
+ − 1745
foreach ( $code as $cmd )
+ − 1746
{
+ − 1747
eval($cmd);
+ − 1748
}
+ − 1749
71
+ − 1750
if(count($ob) > 0 || getConfig('powered_btn') == '1') $sb_links = '<div style="text-align: center; padding: 5px 0;">'. ( ( getConfig('powered_btn') == '1' ) ? $this->fading_button : '' ) . implode('<br />', $ob).'</div>';
1
+ − 1751
else $sb_links = '';
+ − 1752
+ − 1753
$this->sidebar_widget('Links', $sb_links);
+ − 1754
}
+ − 1755
+ − 1756
/**
+ − 1757
* Builds a box showing unread private messages.
+ − 1758
*/
+ − 1759
+ − 1760
function notify_unread_pms()
+ − 1761
{
+ − 1762
global $db, $session, $paths, $template, $plugins; // Common objects
322
+ − 1763
if ( ( $paths->page_id == 'PrivateMessages' || $paths->page_id == 'Preferences' ) && $paths->namespace == 'Special' )
1
+ − 1764
{
+ − 1765
return '';
+ − 1766
}
+ − 1767
$ob = '<div class="usermessage">'."\n";
+ − 1768
$s = ( $session->unread_pms == 1 ) ? '' : 's';
+ − 1769
$ob .= " <b>You have $session->unread_pms <a href=" . '"' . makeUrlNS('Special', 'PrivateMessages' ) . '"' . ">unread private message$s</a>.</b><br />\n Messages: ";
+ − 1770
$q = $db->sql_query('SELECT message_id,message_from,subject,date FROM '.table_prefix.'privmsgs WHERE message_to=\'' . $session->username . '\' AND message_read=0 ORDER BY date DESC;');
+ − 1771
if ( !$q )
+ − 1772
$db->_die();
+ − 1773
$messages = array();
+ − 1774
while ( $row = $db->fetchrow() )
+ − 1775
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1776
$messages[] = '<a href="' . makeUrlNS('Special', 'PrivateMessages/View/' . $row['message_id']) . '" title="Sent ' . enano_date('F d, Y h:i a', $row['date']) . ' by ' . $row['message_from'] . '">' . $row['subject'] . '</a>';
1
+ − 1777
}
+ − 1778
$ob .= implode(",\n " , $messages)."\n";
+ − 1779
$ob .= '</div>'."\n";
+ − 1780
return $ob;
+ − 1781
}
+ − 1782
+ − 1783
} // class template
+ − 1784
+ − 1785
/**
+ − 1786
* Handles parsing of an individual template file. Instances should only be created through $template->makeParser(). To use:
+ − 1787
* - Call $template->makeParser(template file name) - file name should be something.tpl, css/whatever.css, etc.
+ − 1788
* - Make an array of strings you want the template to access. $array['STRING'] would be referenced in the template like {STRING}
+ − 1789
* - Make an array of boolean values. These can be used for conditionals in the template (<!-- IF something --> whatever <!-- ENDIF something -->)
+ − 1790
* - Call assign_vars() to pass the strings to the template parser. Same thing with assign_bool().
+ − 1791
* - Call run() to parse the template and get your fully compiled HTML.
+ − 1792
* @access private
+ − 1793
*/
+ − 1794
+ − 1795
class templateIndividual extends template {
+ − 1796
var $tpl_strings, $tpl_bool, $tpl_code;
+ − 1797
var $compiled = false;
+ − 1798
/**
+ − 1799
* Constructor.
+ − 1800
*/
+ − 1801
function __construct($text)
+ − 1802
{
+ − 1803
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1804
$this->tpl_code = $text;
+ − 1805
$this->tpl_strings = $template->tpl_strings;
+ − 1806
$this->tpl_bool = $template->tpl_bool;
+ − 1807
}
+ − 1808
/**
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1809
* PHP 4 constructor. Deprecated in 1.1.x.
1
+ − 1810
*/
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1811
/*
1
+ − 1812
function templateIndividual($text)
+ − 1813
{
+ − 1814
$this->__construct($text);
+ − 1815
}
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1816
*/
1
+ − 1817
/**
+ − 1818
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file.
+ − 1819
* @param $vars array
+ − 1820
*/
+ − 1821
function assign_vars($vars)
+ − 1822
{
+ − 1823
$this->tpl_strings = array_merge($this->tpl_strings, $vars);
+ − 1824
}
+ − 1825
/**
+ − 1826
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements.
+ − 1827
* @param $vars array
+ − 1828
*/
+ − 1829
function assign_bool($vars)
+ − 1830
{
+ − 1831
$this->tpl_bool = array_merge($this->tpl_bool, $vars);
+ − 1832
}
+ − 1833
/**
+ − 1834
* Compiles and executes the template code.
+ − 1835
* @return string
+ − 1836
*/
+ − 1837
function run()
+ − 1838
{
+ − 1839
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1840
if(!$this->compiled)
+ − 1841
{
+ − 1842
$this->tpl_code = $this->compile_template_text($this->tpl_code);
+ − 1843
$this->compiled = true;
+ − 1844
}
+ − 1845
return eval($this->tpl_code);
+ − 1846
}
+ − 1847
}
+ − 1848
+ − 1849
/**
+ − 1850
* A version of the template compiler that does not rely at all on the other parts of Enano. Used during installation and for showing
+ − 1851
* "critical error" messages. ** REQUIRES ** the Oxygen theme.
+ − 1852
*/
+ − 1853
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1854
class template_nodb
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1855
{
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1856
var $fading_button, $tpl_strings, $tpl_bool, $theme, $style, $no_headers, $additional_headers, $sidebar_extra, $sidebar_widgets, $toolbar_menu, $theme_list;
1
+ − 1857
function __construct() {
+ − 1858
+ − 1859
$this->tpl_bool = Array();
+ − 1860
$this->tpl_strings = Array();
+ − 1861
$this->sidebar_extra = '';
+ − 1862
$this->sidebar_widgets = '';
+ − 1863
$this->toolbar_menu = '';
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1864
$this->additional_headers = '<style type="text/css">div.pagenav { border-top: 1px solid #CCC; padding-top: 7px; margin-top: 10px; }</style>';
1
+ − 1865
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1866
$this->fading_button = '<div style="background-image: url('.scriptPath.'/images/about-powered-enano-hover.png); background-repeat: no-repeat; width: 88px; height: 31px; margin: 0 auto 5px auto;">
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1867
<a href="http://enanocms.org/" onclick="window.open(this.href); return false;"><img style="border-width: 0;" alt=" " src="'.scriptPath.'/images/about-powered-enano.png" onmouseover="domOpacity(this, 100, 0, 500);" onmouseout="domOpacity(this, 0, 100, 500);" /></a>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1868
</div>';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1869
1
+ − 1870
$this->theme_list = Array(Array(
+ − 1871
'theme_id'=>'oxygen',
+ − 1872
'theme_name'=>'Oxygen',
+ − 1873
'theme_order'=>1,
+ − 1874
'enabled'=>1,
+ − 1875
));
+ − 1876
}
+ − 1877
function template() {
+ − 1878
$this->__construct();
+ − 1879
}
+ − 1880
function get_css($s = false) {
+ − 1881
if($s)
+ − 1882
return $this->process_template('css/'.$s);
+ − 1883
else
+ − 1884
return $this->process_template('css/'.$this->style.'.css');
+ − 1885
}
+ − 1886
function load_theme($name, $css, $auto_init = true) {
+ − 1887
$this->theme = $name;
+ − 1888
$this->style = $css;
+ − 1889
+ − 1890
$this->tpl_strings['SCRIPTPATH'] = scriptPath;
+ − 1891
if ( $auto_init )
+ − 1892
$this->init_vars();
+ − 1893
}
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1894
function add_header($html)
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1895
{
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1896
$this->additional_headers .= "\n<!-- ----------------------------------------------------------- -->\n\n " . $html;
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1897
}
1
+ − 1898
function init_vars()
+ − 1899
{
+ − 1900
global $sideinfo;
+ − 1901
global $this_page;
243
+ − 1902
global $lang;
1
+ − 1903
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1904
$tplvars = $this->extract_vars('elements.tpl');
+ − 1905
$tb = '';
+ − 1906
// Get the "article" button text (depends on namespace)
355
+ − 1907
if(defined('IN_ENANO_INSTALL') && is_object($lang)) $ns = $lang->get('meta_btn_article');
1
+ − 1908
else $ns = 'system error page';
243
+ − 1909
$t = str_replace('{FLAGS}', 'onclick="return false;" title="Hey! A button that doesn\'t do anything. Clever..." accesskey="a"', $tplvars['toolbar_button']);
1
+ − 1910
$t = str_replace('{HREF}', '#', $t);
+ − 1911
$t = str_replace('{TEXT}', $ns, $t);
+ − 1912
$tb .= $t;
+ − 1913
+ − 1914
// Page toolbar
+ − 1915
+ − 1916
$this->tpl_bool = Array(
+ − 1917
'auth_admin'=>true,
+ − 1918
'user_logged_in'=>true,
+ − 1919
'right_sidebar'=>false,
+ − 1920
);
+ − 1921
$this->tpl_bool['in_sidebar_admin'] = false;
+ − 1922
+ − 1923
$this->tpl_bool['auth_rename'] = false;
+ − 1924
+ − 1925
$asq = $asa = '';
+ − 1926
+ − 1927
$this->tpl_bool['fixed_menus'] = false;
+ − 1928
$slink = defined('IN_ENANO_INSTALL') ? scriptPath.'/install.php?mode=css' : makeUrlNS('Special', 'CSS');
+ − 1929
+ − 1930
$title = ( is_object($paths) ) ? $paths->page : 'Critical error';
+ − 1931
243
+ − 1932
$headers = '<style type="text/css">div.pagenav { border-top: 1px solid #CCC; padding-top: 7px; margin-top: 10px; }</style>';
244
+ − 1933
+ − 1934
$js_dynamic = '';
243
+ − 1935
if ( defined('IN_ENANO_INSTALL') )
+ − 1936
{
244
+ − 1937
$js_dynamic .= '<script type="text/javascript" src="install.php?mode=langjs"></script>';
243
+ − 1938
}
244
+ − 1939
$js_dynamic .= '<script type="text/javascript">var title="'. $title .'"; var scriptPath="'.scriptPath.'"; var ENANO_SID=""; var AES_BITS='.AES_BITS.'; var AES_BLOCKSIZE=' . AES_BLOCKSIZE . '; var pagepass=\'\'; var ENANO_LANG_ID = 1;</script>';
243
+ − 1940
1
+ − 1941
// The rewritten template engine will process all required vars during the load_template stage instead of (cough) re-processing everything each time around.
+ − 1942
$tpl_strings = Array(
+ − 1943
'PAGE_NAME'=>$this_page,
+ − 1944
'PAGE_URLNAME'=>'Null',
355
+ − 1945
'SITE_NAME'=> ( defined('IN_ENANO_INSTALL') && is_object($lang) ) ? $lang->get('meta_site_name') : 'Critical error',
1
+ − 1946
'USERNAME'=>'admin',
355
+ − 1947
'SITE_DESC'=>( defined('IN_ENANO_INSTALL') && is_object($lang) ) ? $lang->get('meta_site_desc') : 'This site is experiencing a problem and cannot load.',
1
+ − 1948
'TOOLBAR'=>$tb,
+ − 1949
'SCRIPTPATH'=>scriptPath,
+ − 1950
'CONTENTPATH'=>contentPath,
+ − 1951
'ADMIN_SID_QUES'=>$asq,
+ − 1952
'ADMIN_SID_AMP'=>$asa,
+ − 1953
'ADMIN_SID_AMP_HTML'=>'',
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1954
'ADDITIONAL_HEADERS'=>$this->additional_headers,
1
+ − 1955
'SIDEBAR_EXTRA'=>'',
355
+ − 1956
'COPYRIGHT'=>( defined('IN_ENANO_INSTALL') && is_object($lang) ) ? $lang->get('meta_enano_copyright') : ( defined('ENANO_CONFIG_FETCHED') ? getConfig('copyright_notice') : '' ),
1
+ − 1957
'TOOLBAR_EXTRAS'=>'',
125
+ − 1958
'REQUEST_URI'=>( isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '' ).$_SERVER['REQUEST_URI'],
1
+ − 1959
'STYLE_LINK'=>$slink,
+ − 1960
'LOGOUT_LINK'=>'',
+ − 1961
'THEME_LINK'=>'',
+ − 1962
'TEMPLATE_DIR'=>scriptPath.'/themes/'.$this->theme,
+ − 1963
'THEME_ID'=>$this->theme,
+ − 1964
'STYLE_ID'=>$this->style,
244
+ − 1965
'JS_DYNAMIC_VARS'=>$js_dynamic,
1
+ − 1966
'SIDEBAR_RIGHT'=>'',
287
+ − 1967
'REPORT_URI' => ''
1
+ − 1968
);
+ − 1969
$this->tpl_strings = array_merge($tpl_strings, $this->tpl_strings);
+ − 1970
+ − 1971
$sidebar = ( gettype($sideinfo) == 'string' ) ? $sideinfo : '';
+ − 1972
if($sidebar != '')
+ − 1973
{
+ − 1974
if(isset($tplvars['sidebar_top']))
+ − 1975
{
+ − 1976
$text = $this->makeParserText($tplvars['sidebar_top']);
+ − 1977
$top = $text->run();
+ − 1978
} else {
+ − 1979
$top = '';
+ − 1980
}
+ − 1981
$p = $this->makeParserText($tplvars['sidebar_section']);
+ − 1982
$p->assign_vars(Array(
243
+ − 1983
'TITLE'=>$lang->get('meta_sidebar_heading'),
1
+ − 1984
'CONTENT'=>$sidebar,
+ − 1985
));
+ − 1986
$sidebar = $p->run();
+ − 1987
if(isset($tplvars['sidebar_bottom']))
+ − 1988
{
+ − 1989
$text = $this->makeParserText($tplvars['sidebar_bottom']);
+ − 1990
$bottom = $text->run();
+ − 1991
} else {
+ − 1992
$bottom = '';
+ − 1993
}
+ − 1994
$sidebar = $top . $sidebar . $bottom;
+ − 1995
}
+ − 1996
$this->tpl_strings['SIDEBAR_LEFT'] = $sidebar;
+ − 1997
+ − 1998
$this->tpl_bool['sidebar_left'] = ( $this->tpl_strings['SIDEBAR_LEFT'] != '') ? true : false;
+ − 1999
$this->tpl_bool['sidebar_right'] = ( $this->tpl_strings['SIDEBAR_RIGHT'] != '') ? true : false;
+ − 2000
$this->tpl_bool['right_sidebar'] = $this->tpl_bool['sidebar_right']; // backward compatibility
+ − 2001
$this->tpl_bool['stupid_mode'] = true;
+ − 2002
}
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2003
function header($simple = false)
1
+ − 2004
{
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2005
$filename = ( $simple ) ? 'simple-header.tpl' : 'header.tpl';
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2006
if ( !$this->no_headers )
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2007
{
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2008
echo $this->process_template($filename);
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2009
}
1
+ − 2010
}
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2011
function footer($simple = false)
1
+ − 2012
{
+ − 2013
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2014
if(!$this->no_headers) {
+ − 2015
global $_starttime;
91
+ − 2016
1
+ − 2017
$f = microtime(true);
+ − 2018
$f = $f - $_starttime;
+ − 2019
$f = round($f, 4);
+ − 2020
if(defined('IN_ENANO_INSTALL')) $nq = 'N/A';
+ − 2021
else $nq = $db->num_queries;
+ − 2022
if($nq == 0) $nq = 'N/A';
+ − 2023
$dbg = 'Time: '.$f.'s | Queries: '.$nq;
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2024
$filename = ( $simple ) ? 'simple-footer.tpl' : 'footer.tpl';
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 2025
$t = $this->process_template($filename);
1
+ − 2026
$t = str_replace('[[Stats]]', $dbg, $t);
98
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2027
if ( is_object($db) )
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2028
{
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2029
$t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2030
}
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2031
else
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2032
{
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2033
$t = str_replace('[[NumQueries]]', '0', $t);
6457a9b983c6
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
Dan
diff
changeset
+ − 2034
}
91
+ − 2035
$t = str_replace('[[GenTime]]', (string)$f, $t);
+ − 2036
1
+ − 2037
echo $t;
+ − 2038
}
+ − 2039
else return '';
+ − 2040
}
+ − 2041
function getHeader()
+ − 2042
{
+ − 2043
if(!$this->no_headers) return $this->process_template('header.tpl');
+ − 2044
else return '';
+ − 2045
}
+ − 2046
function getFooter()
+ − 2047
{
+ − 2048
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2049
if(!$this->no_headers) {
+ − 2050
global $_starttime;
+ − 2051
$f = microtime(true);
+ − 2052
$f = $f - $_starttime;
+ − 2053
$f = round($f, 4);
+ − 2054
if(defined('IN_ENANO_INSTALL')) $nq = 'N/A';
+ − 2055
else $nq = $db->num_queries;
+ − 2056
if($nq == 0) $nq = 'N/A';
+ − 2057
$dbg = 'Time: '.$f.'s | Queries: '.$nq;
+ − 2058
if($nq == 0) $nq = 'N/A';
+ − 2059
$t = $this->process_template('footer.tpl');
+ − 2060
$t = str_replace('[[Stats]]', $dbg, $t);
+ − 2061
return $t;
+ − 2062
}
+ − 2063
else return '';
+ − 2064
}
+ − 2065
+ − 2066
function process_template($file) {
+ − 2067
+ − 2068
eval($this->compile_template($file));
+ − 2069
return $tpl_code;
+ − 2070
}
+ − 2071
+ − 2072
function extract_vars($file) {
+ − 2073
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2074
if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file)) die('Cannot find '.$file.' file for style "'.$this->theme.'", exiting');
+ − 2075
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file);
+ − 2076
preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches);
+ − 2077
$tplvars = Array();
+ − 2078
for($i=0;$i<sizeof($matches[1]);$i++)
+ − 2079
{
+ − 2080
$tplvars[$matches[1][$i]] = $matches[2][$i];
+ − 2081
}
+ − 2082
return $tplvars;
+ − 2083
}
+ − 2084
function compile_template($text) {
+ − 2085
global $sideinfo;
+ − 2086
$text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text);
+ − 2087
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection
+ − 2088
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;';
+ − 2089
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2090
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text);
+ − 2091
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text);
+ − 2092
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;">Enano critical error page</a></div></div>', $text);
+ − 2093
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text);
+ − 2094
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2095
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text);
+ − 2096
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text);
+ − 2097
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text);
+ − 2098
return $text; //('<pre>'.htmlspecialchars($text).'</pre>');
+ − 2099
}
+ − 2100
+ − 2101
function compile_template_text($text) {
+ − 2102
global $sideinfo;
+ − 2103
$text = str_replace('<script type="text/javascript" src="{SCRIPTPATH}/ajax.php?title={PAGE_URLNAME}&_mode=jsres"></script>', '', $text); // Remove the AJAX code - we don't need it, and it requires a database connection
+ − 2104
$text = '$tpl_code = \''.str_replace('\'', '\\\'', $text).'\'; return $tpl_code;';
+ − 2105
$text = preg_replace('#<!-- BEGIN (.*?) -->#is', '\'; if($this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2106
$text = preg_replace('#<!-- IFPLUGIN (.*?) -->#is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { $tpl_code .= \'', $text);
+ − 2107
if(defined('IN_ENANO_INSTALL')) $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">Installation progress</a></div><div class="slideblock">'.$sideinfo.'</div></div>', $text);
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 2108
else $text = str_replace('<!-- SYSMSG Sidebar -->', '<div class="slider"><div class="heading"><a class="head">System error</a></div><div class="slideblock"><a href="#" onclick="return false;>Enano critical error page</a></div></div>', $text);
1
+ − 2109
$text = preg_replace('#<!-- SYSMSG (.*?) -->#is', '', $text);
+ − 2110
$text = preg_replace('#<!-- BEGINNOT (.*?) -->#is', '\'; if(!$this->tpl_bool[\'\\1\']) { $tpl_code .= \'', $text);
+ − 2111
$text = preg_replace('#<!-- BEGINELSE (.*?) -->#is', '\'; } else { $tpl_code .= \'', $text);
+ − 2112
$text = preg_replace('#<!-- END (.*?) -->#is', '\'; } $tpl_code .= \'', $text);
+ − 2113
$text = preg_replace('#{([A-z0-9]*)}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text);
+ − 2114
return $text; //('<pre>'.htmlspecialchars($text).'</pre>');
+ − 2115
}
+ − 2116
+ − 2117
/**
+ − 2118
* Allows individual parsing of template files. Similar to phpBB but follows the spirit of object-oriented programming ;)
+ − 2119
* Returns on object of class templateIndividual. Usage instructions can be found in the inline docs for that class.
+ − 2120
* @param $filename the filename of the template to be parsed
+ − 2121
* @return object
+ − 2122
*/
+ − 2123
+ − 2124
function makeParser($filename)
+ − 2125
{
+ − 2126
$filename = ENANO_ROOT.'/themes/'.$this->theme.'/'.$filename;
+ − 2127
if(!file_exists($filename)) die('templateIndividual: file '.$filename.' does not exist');
+ − 2128
$code = file_get_contents($filename);
+ − 2129
$parser = new templateIndividualSafe($code, $this);
+ − 2130
return $parser;
+ − 2131
}
+ − 2132
+ − 2133
/**
+ − 2134
* Same as $template->makeParser(), but takes a string instead of a filename.
+ − 2135
* @param $text the text to parse
+ − 2136
* @return object
+ − 2137
*/
+ − 2138
+ − 2139
function makeParserText($code)
+ − 2140
{
+ − 2141
$parser = new templateIndividualSafe($code, $this);
+ − 2142
return $parser;
+ − 2143
}
+ − 2144
+ − 2145
} // class template_nodb
+ − 2146
+ − 2147
/**
+ − 2148
* Identical to templateIndividual, except extends template_nodb instead of template
+ − 2149
* @see class template
+ − 2150
*/
+ − 2151
+ − 2152
class templateIndividualSafe extends template_nodb {
+ − 2153
var $tpl_strings, $tpl_bool, $tpl_code;
+ − 2154
var $compiled = false;
+ − 2155
/**
+ − 2156
* Constructor.
+ − 2157
*/
+ − 2158
function __construct($text, $parent)
+ − 2159
{
+ − 2160
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2161
$this->tpl_code = $text;
+ − 2162
$this->tpl_strings = $parent->tpl_strings;
+ − 2163
$this->tpl_bool = $parent->tpl_bool;
+ − 2164
}
+ − 2165
/**
+ − 2166
* PHP 4 constructor.
+ − 2167
*/
+ − 2168
function templateIndividual($text)
+ − 2169
{
+ − 2170
$this->__construct($text);
+ − 2171
}
+ − 2172
/**
+ − 2173
* Assigns an array of string values to the template. Strings can be accessed from the template by inserting {KEY_NAME} in the template file.
+ − 2174
* @param $vars array
+ − 2175
*/
+ − 2176
function assign_vars($vars)
+ − 2177
{
+ − 2178
if(is_array($this->tpl_strings))
+ − 2179
$this->tpl_strings = array_merge($this->tpl_strings, $vars);
+ − 2180
else
+ − 2181
$this->tpl_strings = $vars;
+ − 2182
}
+ − 2183
/**
+ − 2184
* Assigns an array of boolean values to the template. These can be used for <!-- IF ... --> statements.
+ − 2185
* @param $vars array
+ − 2186
*/
+ − 2187
function assign_bool($vars)
+ − 2188
{
+ − 2189
$this->tpl_bool = array_merge($this->tpl_bool, $vars);
+ − 2190
}
+ − 2191
/**
+ − 2192
* Compiles and executes the template code.
+ − 2193
* @return string
+ − 2194
*/
+ − 2195
function run()
+ − 2196
{
+ − 2197
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2198
if(!$this->compiled)
+ − 2199
{
+ − 2200
$this->tpl_code = $this->compile_template_text($this->tpl_code);
+ − 2201
$this->compiled = true;
+ − 2202
}
+ − 2203
return eval($this->tpl_code);
+ − 2204
}
+ − 2205
}
+ − 2206
+ − 2207
?>