2016-10-06 15:57:01 +00:00
< ? php
2021-05-06 10:59:46 +00:00
2016-10-06 15:57:01 +00:00
/**
* Project :
* Contenido Content Management System
*
* Description :
* Defines the " mod " related functions
*
* Requirements :
* @ con_php_req 5.0
*
*
* @ package Contenido Backend includes
* @ version 1.0 . 2
* @ author Olaf Niemann , Jan Lengowski
* @ copyright four for business AG < www . 4 fb . de >
* @ license http :// www . contenido . org / license / LIZENZ . txt
* @ link http :// www . 4 fb . de
* @ link http :// www . contenido . org
* @ since file available since contenido release <= 4.6
*
* { @ internal
* created 2003
* modified 2008 - 06 - 26 , Frederic Schneider , add security fix
* modified 2010 - 08 - 13 , Dominik Ziegler , fixed CON - 337 - added update of lastmodified
*
2019-07-03 11:58:28 +00:00
* $Id $ :
2016-10-06 15:57:01 +00:00
* }}
*
*/
2021-05-06 10:59:46 +00:00
if ( ! defined ( 'CON_FRAMEWORK' )) {
die ( 'Illegal call' );
2016-10-06 15:57:01 +00:00
}
2021-05-06 10:59:46 +00:00
cInclude ( " includes " , " functions.tpl.php " );
cInclude ( " includes " , " functions.con.php " );
2016-10-06 15:57:01 +00:00
function modEditModule ( $idmod , $name , $description , $input , $output , $template , $type = " " ) {
global $db , $client , $cfgClient , $auth , $cfg , $sess , $area_tree , $perm , $frame ;
2021-05-06 10:59:46 +00:00
$date = date ( " Y-m-d H:i:s " );
2016-10-06 15:57:01 +00:00
$author = $auth -> auth [ " uname " ];
/**
2021-05-06 10:59:46 +00:00
* START TRACK VERSION
* */
$oVersion = new VersionModule ( $idmod , $cfg , $cfgClient , $db , $client , $area , $frame );
// Create new Module Version in cms/version/module/
$oVersion -> createNewVersion ();
/**
* END TRACK VERSION
* */
if ( ! $idmod ) {
$cApiModuleCollection = new cApiModuleCollection ;
$cApiModule = $cApiModuleCollection -> create ( $name );
$idmod = $cApiModule -> get ( " idmod " );
cInclude ( " includes " , " functions.rights.php " );
2016-10-06 15:57:01 +00:00
createRightsForElement ( " mod " , $idmod );
2021-05-06 10:59:46 +00:00
} else {
$cApiModule = new cApiModule ;
$cApiModule -> loadByPrimaryKey ( $idmod );
}
2016-10-06 15:57:01 +00:00
/* dceModFileEdit (c)2009-2011 www.dceonline.de */
if ( $cfg [ 'dceModEdit' ][ 'use' ]
|| $cApiModule -> get ( " name " ) != stripslashes ( $name )
2021-05-06 10:59:46 +00:00
|| $cApiModule -> get ( " output " ) != stripslashes ( $output )
|| $cApiModule -> get ( " template " ) != stripslashes ( $template )
|| $cApiModule -> get ( " description " ) != stripslashes ( $description )
|| $cApiModule -> get ( " input " ) != stripslashes ( $input )
|| $cApiModule -> get ( " type " ) != stripslashes ( $type )) {
2016-10-06 15:57:01 +00:00
$cApiModule -> set ( " name " , $name );
2021-05-06 09:31:33 +00:00
$cApiModule -> set ( " output " , $cApiModule -> escape ( $output ));
2016-10-06 15:57:01 +00:00
$cApiModule -> set ( " template " , $template );
$cApiModule -> set ( " description " , $description );
2021-05-06 09:31:33 +00:00
$cApiModule -> set ( " input " , $cApiModule -> escape ( $input ));
2016-10-06 15:57:01 +00:00
$cApiModule -> set ( " type " , $type );
$cApiModule -> set ( " lastmodified " , $date );
2021-05-06 10:59:46 +00:00
2016-10-06 15:57:01 +00:00
$cApiModule -> store ();
2021-05-06 10:59:46 +00:00
}
2016-10-06 15:57:01 +00:00
return $idmod ;
}
2021-05-06 10:59:46 +00:00
function modDeleteModule ( $idmod ) {
2016-10-06 15:57:01 +00:00
# Global vars
global $db , $sess , $client , $cfg , $area_tree , $perm ;
2021-05-06 10:59:46 +00:00
$sql = " DELETE FROM " . $cfg [ " tab " ][ " mod " ] . " WHERE idmod = ' " . Contenido_Security :: toInteger ( $idmod ) . " ' AND idclient = ' " . Contenido_Security :: toInteger ( $client ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
// delete rights for element
2021-05-06 10:59:46 +00:00
cInclude ( " includes " , " functions.rights.php " );
deleteRightsForElement ( " mod " , $idmod );
2016-10-06 15:57:01 +00:00
}
// $code: Code to evaluate
// $id: Unique ID for the test function
// $mode: true if start in php mode, otherwise false
// Returns true or false
2021-05-06 10:59:46 +00:00
function modTestModule ( $code , $id , $output = false ) {
global $cfg , $modErrorMessage ;
2016-10-06 15:57:01 +00:00
2021-05-06 10:59:46 +00:00
$db = new DB_ConLite ();
2016-10-06 15:57:01 +00:00
2021-05-06 10:59:46 +00:00
$sql = " SELECT type FROM " . $cfg [ " tab " ][ " type " ];
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
2021-05-06 10:59:46 +00:00
while ( $db -> next_record ()) {
$code = str_replace ( $db -> f ( " type " ) . '[' , '$' . $db -> f ( " type " ) . '[' , $code );
2016-10-06 15:57:01 +00:00
}
$code = preg_replace ( ',\[(\d+)?CMS_VALUE\[(\d+)\](\d+)?\],i' , '[\1\2\3]' , $code );
2021-05-06 10:59:46 +00:00
$code = str_replace ( 'CMS_VALUE' , '$CMS_VALUE' , $code );
$code = str_replace ( 'CMS_VAR' , '$CMS_VAR' , $code );
2016-10-06 15:57:01 +00:00
2021-05-06 10:59:46 +00:00
if ( $output == true ) {
$code = " ?> \n " . $code . " \n <?php " ;
2016-10-06 15:57:01 +00:00
}
2021-05-06 10:59:46 +00:00
$code = " function foo " . $id . " () { " . $code ;
2016-10-06 15:57:01 +00:00
$code .= " \n } \n " ;
2021-05-06 10:59:46 +00:00
if ( defined ( 'PHP_MAJOR_VERSION' ) && PHP_MAJOR_VERSION >= 5 ) {
try {
eval ( $code );
} catch ( ParseError $err ) {
$modErrorMessage = $err -> getMessage () . " (line: " . ( $err -> getLine () - 1 ) . " ) " ;
return false ;
}
return true ;
2016-10-06 15:57:01 +00:00
} else {
2021-05-06 10:59:46 +00:00
// To parse the error message, we prepend and append a phperror tag in front of the output
$sErs = ini_get ( " error_prepend_string " ); // Save current setting (see below)
$sEas = ini_get ( " error_append_string " ); // Save current setting (see below)
@ ini_set ( " error_prepend_string " , " <phperror> " );
@ ini_set ( " error_append_string " , " </phperror> " );
// Turn off output buffering and error reporting, eval the code
ob_start ();
$display_errors = ini_get ( " display_errors " );
@ ini_set ( " display_errors " , true );
$output = eval ( $code );
@ ini_set ( " display_errors " , $display_errors );
// Get the buffer contents and turn it on again
$output = ob_get_contents ();
ob_end_clean ();
@ ini_set ( " error_prepend_string " , $sErs ); // Restoring settings (see above)
@ ini_set ( " error_append_string " , $sEas ); // Restoring settings (see above)
// Strip out the error message
$start = strpos ( $output , " <phperror> " );
$end = strpos ( $output , " </phperror> " );
// More stripping: Users shouldnt see where the file is located, but they should see the error line
if ( $start !== false ) {
$start = strpos ( $output , " eval() " );
$modErrorMessage = substr ( $output , $start , $end - $start );
// Kill that HTML formatting
$modErrorMessage = str_replace ( " <b> " , " " , $modErrorMessage );
$modErrorMessage = str_replace ( " </b> " , " " , $modErrorMessage );
$modErrorMessage = str_replace ( " <br> " , " " , $modErrorMessage );
$modErrorMessage = str_replace ( " <br /> " , " " , $modErrorMessage );
}
// check if there are any php short tags in code, and display error
$bHasShortTags = false ;
if ( preg_match ( '/<\?\s+/' , $code ) && $magicvalue == 941 ) {
$bHasShortTags = true ;
$modErrorMessage = i18n ( 'Please do not use short open Tags. (Use <?php instead of <?).' );
}
if ( $bHasShortTags ) {
return false ;
} else {
return true ;
}
2016-10-06 15:57:01 +00:00
}
}