ConLite
/
ConLite
1
0
Fork 0
Code Issues 22 Pull-Requests Projekte 2 Releases 2 Wiki Aktivität

fixed FS#171; added cSecurity class

Dieser Commit ist enthalten in:
Oldperl 2017-07-06 09:57:53 +00:00
Ursprung 1f9cd68695
Commit b5e9523eea
7 geänderte Dateien mit 1262 neuen und 1494 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

114
conlite/classes/class.security.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php
/**
* Project:
* Contenido Content Management System
@ -19,17 +20,15 @@
* merge them...
*
*/
if (!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
/**
* Contenido Security exception class
*/
class Contenido_Security_Exception extends Exception
{
class Contenido_Security_Exception extends Exception {
/**
* Logging flag. Set to true for logging invalid calls.
* @access protected
@ -41,13 +40,12 @@ class Contenido_Security_Exception extends Exception
/**
* @see Exception::__construct()
*/
public function __construct($sMessage, $sParamName)
{
public function __construct($sMessage, $sParamName) {
parent::__construct($sMessage);
// check if logging is enabled
if ( self::$_logging == true ) {
$sLogFile = realpath( dirname(__FILE__) . '/../logs/') . '/security.txt';
if (self::$_logging == true) {
$sLogFile = realpath(dirname(__FILE__) . '/../logs/') . '/security.txt';
$sFileContent = '---------' . PHP_EOL;
$sFileContent .= "Invalid call caused by parameter '" . $sParamName . "' at " . date("c") . PHP_EOL;
@ -58,17 +56,21 @@ class Contenido_Security_Exception extends Exception
}
// strictly die here
die( $sMessage );
die($sMessage);
exit;
}
}
class Contenido_Security extends cSecurity {
}
/**
* Contenido Security class
*/
class Contenido_Security
{
class cSecurity {
/**
* Accepted backend languages
* @var array
@ -90,36 +92,30 @@ class Contenido_Security
*/
protected static $_forbiddenParameters = array('cfg', 'cfgClient', 'contenido_path', '_PHPLIB', 'db', 'sess');
/**
* Returns accepted backend language values
*
* @return array
*/
public static function getAcceptedBelangValues()
{
public static function getAcceptedBelangValues() {
return self::$_acceptedBelangValues;
}
/**
* Returns must be numeric request parameters
*
* @return array
*/
public static function getMustbeNumericParameters()
{
public static function getMustbeNumericParameters() {
return self::$_mustbeNumericParameters;
}
/**
* Returns forbidden request parameters
*
* @return array
*/
public static function getForbiddenParameters()
{
public static function getForbiddenParameters() {
return self::$_forbiddenParameters;
}
@ -131,8 +127,7 @@ class Contenido_Security
* @param DB_ConLite $oDb Contenido database object
* @return string Filtered string
*/
public static function filter($sString, $oDb)
{
public static function filter($sString, $oDb) {
$sString = self::toString($sString);
if (defined('CONTENIDO_STRIPSLASHES')) {
$sString = stripslashes($sString);
@ -147,8 +142,7 @@ class Contenido_Security
* @param string $sString Input string
* @return string Unfiltered string
*/
public static function unFilter($sString)
{
public static function unFilter($sString) {
$sString = self::toString($sString);
return urldecode(htmldecode(self::unEscapeDB($sString)));
}
@ -160,9 +154,8 @@ class Contenido_Security
* @param string $sVar Input string
* @return boolean Check state
*/
public static function isBoolean($sVar)
{
$sTempVar = $sVar;
public static function isBoolean($sVar) {
$sTempVar = $sVar;
$sTemp2Var = self::toBoolean($sVar);
return ($sTempVar === $sTemp2Var);
}
@ -174,8 +167,7 @@ class Contenido_Security
* @param string $sVar Input string
* @return boolean Check state
*/
public static function isInteger($sVar)
{
public static function isInteger($sVar) {
return (preg_match('/^[0-9]+$/', $sVar));
}
@ -186,11 +178,10 @@ class Contenido_Security
* @param string $sVar Input string
* @return boolean Check state
*/
public static function isString($sVar)
{
public static function isString($sVar) {
return (is_string($sVar));
}
/**
* Check: Is the variable formatted as MySQL DATE 'YYYY-MM-DD'
* @static
@ -205,15 +196,15 @@ class Contenido_Security
public static function isMySQLDate($sVar, $bCheckValid = false) {
$sVar = trim($sVar);
$bFormatOk = preg_match("/^\d{4}-\d{2}-\d{2}$/", $sVar);
if($bCheckValid && $bFormatOk) {
if ($bCheckValid && $bFormatOk) {
$aDateParts = explode("-", $sVar);
return checkdate($aDateParts[1], $aDateParts[2], $aDateParts[0]);
} elseif($bFormatOk) {
} elseif ($bFormatOk) {
return true;
}
return false;
}
/**
* Check: Is the variable formatted as MySQL DATETIME 'YYYY-MM-DD HH:MM:SS'
* @static
@ -226,13 +217,13 @@ class Contenido_Security
* @return boolean true|false
*/
public static function isMySQLDateTime($sVar, $bCheckValid = false) {
$sVar = trim($sVar);
$sVar = trim($sVar);
$bFormatOk = preg_match("/^\d{4}-\d{2}-\d{2} [0-2][0-3]:[0-5][0-9]:[0-5][0-9]$/", $sVar);
if($bCheckValid && $bFormatOk) {
if ($bCheckValid && $bFormatOk) {
$aDateTimeParts = explode(" ", $sVar);
$aDateParts = explode("-", $aDateTimeParts[0]);
return checkdate($aDateParts[1], $aDateParts[2], $aDateParts[0]);
} elseif($bFormatOk) {
} elseif ($bFormatOk) {
return true;
}
return false;
@ -247,8 +238,7 @@ class Contenido_Security
* @param string $sString Input string
* @return boolean Type casted input string
*/
public static function toBoolean($sString)
{
public static function toBoolean($sString) {
return (bool) $sString;
}
@ -261,8 +251,7 @@ class Contenido_Security
* @param string $sString Input string
* @return integer Type casted input string
*/
public static function toInteger($sString)
{
public static function toInteger($sString) {
return (int) $sString;
}
@ -275,8 +264,7 @@ class Contenido_Security
* @param string $sAllowableTags Allowable tags if $bHTML is true
* @return string Converted string
*/
public static function toString($sString, $bHTML = false, $sAllowableTags = '')
{
public static function toString($sString, $bHTML = false, $sAllowableTags = '') {
$sString = (string) $sString;
if ($bHTML == true) {
$sString = strip_tags(stripslashes($sString), $sAllowableTags);
@ -291,8 +279,7 @@ class Contenido_Security
* @return bool|void True on success otherwhise nothing.
* @throws Contenido_Security_Exception if one of the checks fails
*/
public static function checkRequests()
{
public static function checkRequests() {
// Check backend language
self::checkRequestBelang();
@ -314,8 +301,7 @@ class Contenido_Security
* @return bool|void True on success otherwhise nothing.
* @throws Contenido_Security_Exception if existing backend language parameter is not valid
*/
public static function checkRequestBelang()
{
public static function checkRequestBelang() {
if (isset($_REQUEST['belang'])) {
$_REQUEST['belang'] = strval($_REQUEST['belang']);
if (!in_array($_REQUEST['belang'], self::$_acceptedBelangValues)) {
@ -331,8 +317,7 @@ class Contenido_Security
* @return bool|void True on success otherwhise nothing.
* @throws Contenido_Security_Exception if the request contains one of forbidden parameters.
*/
public static function checkRequestForbiddenParameter()
{
public static function checkRequestForbiddenParameter() {
foreach (self::$_forbiddenParameters as $param) {
if (isset($_REQUEST[$param])) {
throw new Contenido_Security_Exception('Invalid call!', $param);
@ -349,12 +334,11 @@ class Contenido_Security
*
* @return bool Just true
*/
public static function checkRequestMustbeNumericParameter()
{
public static function checkRequestMustbeNumericParameter() {
foreach (self::$_mustbeNumericParameters as $sParamName) {
if ( isset($_REQUEST[$sParamName]) ) {
if (isset($_REQUEST[$sParamName])) {
$sValue = $_REQUEST[$sParamName];
if ( strlen($sValue) > 0 && self::isInteger($sValue) == false ) {
if (strlen($sValue) > 0 && self::isInteger($sValue) == false) {
throw new Contenido_Security_Exception('Invalid call', $sParamName);
}
}
@ -368,8 +352,7 @@ class Contenido_Security
* @return bool|void True on success otherwhise nothing.
* @throws Contenido_Security_Exception if contenido parameter in request don't matches the required format
*/
public static function checkRequestSession()
{
public static function checkRequestSession() {
if (isset($_REQUEST['contenido']) && !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['contenido'])) {
if ($_REQUEST['contenido'] != '') {
throw new Contenido_Security_Exception('Invalid call', 'contenido');
@ -387,8 +370,7 @@ class Contenido_Security
* @deprecated Use checkRequestSession() instead due to better naming conventions
* @TODO: Should be removed, but later in few years...
*/
public static function checkSession()
{
public static function checkSession() {
return self::checkRequestSession();
}
@ -405,15 +387,14 @@ class Contenido_Security
*
* @return void
*/
public static function checkFrontendGlobals()
{
public static function checkFrontendGlobals() {
global $tmpchangelang, $savedlang, $lang, $changelang, $load_lang, $changeclient, $client, $load_client;
if (isset($tmpchangelang) && is_numeric($tmpchangelang) && $tmpchangelang > 0) {
// savelang is needed to set language before closing the page, see
// {frontend_clientdir}/front_content.php before page_close()
$savedlang = $lang;
$lang = $tmpchangelang;
$lang = $tmpchangelang;
}
// Check basic incomming data
@ -431,7 +412,7 @@ class Contenido_Security
}
// Change client
if (isset($changeclient)){
if (isset($changeclient)) {
$client = $changeclient;
unset($lang);
unset($load_lang);
@ -458,8 +439,7 @@ class Contenido_Security
* @param boolean $bUndoAddSlashes Flag for undo addslashes (optional, default: true)
* @return string Converted string
*/
public static function escapeDB($sString, $oDB = null, $bUndoAddSlashes = true)
{
public static function escapeDB($sString, $oDB = null, $bUndoAddSlashes = true) {
if (!is_object($oDB)) {
return self::escapeString($sString);
} else {
@ -477,8 +457,7 @@ class Contenido_Security
* @param string $sString Input string
* @return string Converted string
*/
public static function escapeString($sString)
{
public static function escapeString($sString) {
$sString = (string) $sString;
if (defined('CONTENIDO_STRIPSLASHES')) {
$sString = stripslashes($sString);
@ -493,8 +472,7 @@ class Contenido_Security
* @param string $sString Input string
* @return string Converted string
*/
public static function unescapeDB($sString)
{
public static function unescapeDB($sString) {
return stripslashes($sString);
}

2257
conlite/classes/class.ui.php
Datei anzeigen

Datei-Diff unterdrückt, da er zu groß ist Diff laden

11
conlite/classes/widgets/class.widgets.page.php
Datei anzeigen

@ -128,17 +128,6 @@ class cPage extends cHTML {
}
}
/**
* old constructor
*
* @deprecated since version 2.0.0
* @param obj $object
*/
public function cPage($object = false) {
cDeprecated(__FILE__, __LINE__, "Deprecated method call, use __construct()");
self::__construct($object);
}
/**
* use HTML5 for page output
*/

3
conlite/includes/functions.general.php
Datei anzeigen

@ -787,8 +787,7 @@ function setSystemProperty($type, $name, $value, $idsystemprop = 0) {
}
$idsystemprop = Contenido_Security::toInteger($idsystemprop);
$db_systemprop = new DB_ConLite;
$db_systemprop = new DB_ConLite();
if ($idsystemprop == 0) {
$sql = "SELECT idsystemprop FROM " . $cfg["tab"]["system_prop"] . " WHERE type='" . Contenido_Security::escapeDB($type, $db_systemprop) . "' AND name='" . Contenido_Security::escapeDB($name, $db_systemprop) . "'";

191
conlite/includes/include.clientsettings.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php
/**
* Project:
* Contenido Content Management System
@ -28,71 +29,67 @@
* }}
*
*/
if(!defined('CON_FRAMEWORK')) {
die('Illegal call');
if (!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
$oPage = new cPage;
$oPage = new cPage();
$oList = new cScrollList;
$idclient = $_GET['idclient'];
if (strlen($idclient) == 0)
{
$idclient = $_POST['idclient'];
if (strlen($idclient) == 0) {
$idclient = $_POST['idclient'];
}
$oFrmRange = new UI_Table_Form('range');
$oFrmRange->setVar('area',$area);
$oFrmRange->setVar('area', $area);
$oFrmRange->setVar('frame', $frame);
$oFrmRange->setVar('idclient', $idclient);
$oFrmRange->addHeader(i18n('Select range'));
$oSelRange = new cHTMLSelectElement ('idclientslang');
$oOption = new cHTMLOptionElement(i18n("Language independent"), 0);
$oSelRange = new cHTMLSelectElement('idclientslang');
$oOption = new cHTMLOptionElement(i18n("Language independent"), 0);
$oSelRange->addOptionElement(0, $oOption);
$sSQL = "SELECT A.name AS name, A.idlang AS idlang, B.idclientslang AS idclientslang
FROM
".$cfg["tab"]["lang"]." AS A,
".$cfg["tab"]["clients_lang"]." AS B
" . $cfg["tab"]["lang"] . " AS A,
" . $cfg["tab"]["clients_lang"] . " AS B
WHERE
A.idlang=B.idlang AND
B.idclient='".Contenido_Security::toInteger($idclient)."'
B.idclient='" . Contenido_Security::toInteger($idclient) . "'
ORDER BY A.idlang";
$db->query($sSQL);
while ($db->next_record()) {
$iID = $db->f("idclientslang");
$oOption = new cHTMLOptionElement($db->f("name")." (".$db->f("idlang").")", $iID);
$oSelRange->addOptionElement($iID, $oOption);
$iID = $db->f("idclientslang");
$oOption = new cHTMLOptionElement($db->f("name") . " (" . $db->f("idlang") . ")", $iID);
$oSelRange->addOptionElement($iID, $oOption);
}
if (is_numeric($_REQUEST["idclientslang"])) {
$oSelRange->setDefault($_REQUEST["idclientslang"]);
$oSelRange->setDefault($_REQUEST["idclientslang"]);
}
$oSelRange->setStyle('border:1px;border-style:solid;border-color:black;');
$oSelRange->setEvent("onchange", "document.forms.range.submit();");
$oFrmRange->add(i18n('Range'),$oSelRange->render());
$oFrmRange->add(i18n('Range'), $oSelRange->render());
if (!is_numeric($_REQUEST["idclientslang"]) || $_REQUEST["idclientslang"] == 0) {
$oClient = new cApiClient($idclient);
$oClient = new cApiClient($idclient);
} else {
$oClient = new cApiClientLanguage();
$oClient->loadByPrimaryKey($_REQUEST["idclientslang"]);
$oClient = new cApiClientLanguage();
$oClient->loadByPrimaryKey($_REQUEST["idclientslang"]);
}
if ($_POST['action'] == 'clientsettings_save_item')
{
$oClient->setProperty($_POST['cstype'], $_POST['csname'], $_POST['csvalue'], $_POST['csidproperty']);
if ($_POST['action'] == 'clientsettings_save_item') {
$oClient->setProperty(trim($_POST['cstype']), trim($_POST['csname']), trim($_POST['csvalue']), trim($_POST['csidproperty']));
}
if ($_GET['action'] == 'clientsettings_delete_item')
{
$oClient->deletePropertyById($_GET['idprop']);
if ($_GET['action'] == 'clientsettings_delete_item') {
$oClient->deletePropertyById($_GET['idprop']);
}
$oList->setHeader(i18n('Type'), i18n('Name'), i18n('Value'), '&nbsp;');
@ -101,108 +98,108 @@ $oList->objRow->updateAttributes(array('valign' => 'top'));
$aItems = $oClient->getProperties();
if ($aItems !== false)
{
if ($aItems !== false) {
$oLnkDelete = new Link;
$oLnkDelete->setCLink($area, $frame, "clientsettings_delete_item");
$oLnkDelete->setContent('<img src="'.$cfg["path"]["contenido_fullhtml"].$cfg['path']['images'].'delete.gif" alt="'.i18n("Delete").'" title="'.i18n("Delete").'">');
$oLnkDelete->setContent('<img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'delete.gif" alt="' . i18n("Delete") . '" title="' . i18n("Delete") . '">');
$oLnkDelete->setCustom("idclient", $idclient);
$oLnkDelete->setCustom("idclientslang", $_REQUEST["idclientslang"]);
$oLnkEdit = new Link;
$oLnkEdit->setCLink($area, $frame, "clientsettings_edit_item");
$oLnkEdit->setContent('<img src="'.$cfg["path"]["contenido_fullhtml"].$cfg['path']['images'].'editieren.gif" alt="'.i18n("Edit").'" title="'.i18n("Edit").'">');
$oLnkEdit->setCustom("idclient", $idclient);
$oLnkEdit->setCustom("idclientslang", $_REQUEST["idclientslang"]);
$iCounter = 0;
foreach($aItems as $iKey => $aValue)
{
$oLnkDelete->setCustom("idprop", $iKey);
$oLnkEdit->setCustom("idprop", $iKey);
if (($_GET['action'] == "clientsettings_edit_item") && ($_GET['idprop'] == $iKey))
{
$oForm = new UI_Form("clientsettings");
$oForm->setVar("area",$area);
$oForm->setVar("frame", $frame);
$oForm->setVar("action", "clientsettings_save_item");
$oForm->setVar("idclient", $idclient);
$oForm->setVar("idclientslang", $_REQUEST["idclientslang"]);
$oInputboxValue = new cHTMLTextbox ("csvalue", $aValue['value']);
$oInputboxValue->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxName = new cHTMLTextbox ("csname", $aValue['name']);
$oInputboxName->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxType = new cHTMLTextbox ("cstype", $aValue['type']);
$oInputboxType->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$hidden = '<input type="hidden" name="csidproperty" value="'.$iKey.'">';
$sSubmit = ' <input type="image" style="vertical-align:top;" value="submit" src="'.$cfg["path"]["contenido_fullhtml"].$cfg['path']['images'].'submit.gif">';
$oList->setData($iCounter, $oInputboxType->render(), $oInputboxName->render(), $oInputboxValue->render().$hidden.$sSubmit, $oLnkEdit->render() . '&nbsp;&nbsp;&nbsp;' . $oLnkDelete->render());
} else
{
$oLnkEdit = new Link;
$oLnkEdit->setCLink($area, $frame, "clientsettings_edit_item");
$oLnkEdit->setContent('<img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'editieren.gif" alt="' . i18n("Edit") . '" title="' . i18n("Edit") . '">');
$oLnkEdit->setCustom("idclient", $idclient);
$oLnkEdit->setCustom("idclientslang", $_REQUEST["idclientslang"]);
$iCounter = 0;
foreach ($aItems as $iKey => $aValue) {
$oLnkDelete->setCustom("idprop", $iKey);
$oLnkEdit->setCustom("idprop", $iKey);
if (($_GET['action'] == "clientsettings_edit_item") && ($_GET['idprop'] == $iKey)) {
$oForm = new UI_Form("clientsettings");
$oForm->setVar("area", $area);
$oForm->setVar("frame", $frame);
$oForm->setVar("action", "clientsettings_save_item");
$oForm->setVar("idclient", $idclient);
$oForm->setVar("idclientslang", $_REQUEST["idclientslang"]);
$oInputboxValue = new cHTMLTextbox("csvalue", cSecurity::escapeString(clHtmlSpecialChars($aValue['value'])));
$oInputboxValue->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxName = new cHTMLTextbox("csname", cSecurity::escapeString(clHtmlSpecialChars($aValue['name'])));
$oInputboxName->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxType = new cHTMLTextbox("cstype", cSecurity::escapeString(clHtmlSpecialChars($aValue['type'])));
$oInputboxType->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$hidden = '<input type="hidden" name="csidproperty" value="' . $iKey . '">';
$sSubmit = ' <input type="image" style="vertical-align:top;" value="submit" src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'submit.gif">';
$oList->setData($iCounter, $oInputboxType->render(), $oInputboxName->render(), $oInputboxValue->render() . $hidden . $sSubmit, $oLnkEdit->render() . '&nbsp;&nbsp;&nbsp;' . $oLnkDelete->render());
} else {
$sMouseoverTemplate = '<span onmouseover="Tip(\'%s\', BALLOON, true, ABOVE, true);">%s</span>';
if (strlen($aValue['type']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['type'], 35));
$aValue['type'] = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($aValue['type']), ENT_QUOTES), $sShort);
$aValue['type'] = sprintf($sMouseoverTemplate, cSecurity::escapeString(clHtmlSpecialChars($aValue['type'])), cSecurity::escapeString($sShort));
} else {
$aValue['type'] = clHtmlEntities($aValue['type']);
}
if (strlen($aValue['value']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['value'], 35));
$aValue['value'] = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($aValue['value']), ENT_QUOTES), $sShort);
}
if (strlen($aValue['name']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['name'], 35));
$aValue['name'] = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($aValue['name']), ENT_QUOTES), $sShort);
$aValue['name'] = sprintf($sMouseoverTemplate, cSecurity::escapeString(clHtmlSpecialChars($aValue['name'])), cSecurity::escapeString($sShort));
} else {
$aValue['name'] = clHtmlEntities($aValue['name']);
}
$oList->setData($iCounter, $aValue['type'], $aValue['name'], $aValue['value'], $oLnkEdit->render() . '&nbsp;&nbsp;&nbsp;' . $oLnkDelete->render());
}
$iCounter++;
if (strlen($aValue['value']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['value'], 35));
$aValue['value'] = sprintf($sMouseoverTemplate, cSecurity::escapeString(clHtmlSpecialChars($aValue['value'])), cSecurity::escapeString($sShort));
} else {
$aValue['value'] = clHtmlEntities($aValue['value']);
}
$oList->setData($iCounter, $aValue['type'], $aValue['name'], $aValue['value'], $oLnkEdit->render() . '&nbsp;&nbsp;&nbsp;' . $oLnkDelete->render());
}
$iCounter++;
}
} else
{
$oList->objItem->updateAttributes(array('colspan' => 4));
$oList->setData(0, i18n("No defined properties"));
} else {
$oList->objItem->updateAttributes(array('colspan' => 4));
$oList->setData(0, i18n("No defined properties"));
}
$oForm = new UI_Table_Form('clientsettings');
$oForm->setVar('area',$area);
$oForm->setVar('area', $area);
$oForm->setVar('frame', $frame);
$oForm->setVar('action', 'clientsettings_save_item');
$oForm->setVar('idclient', $idclient);
$oForm->setVar('idclientslang', $_REQUEST["idclientslang"]);
$oForm->addHeader(i18n('Add new variable'));
$oInputbox = new cHTMLTextbox ('cstype');
$oInputbox = new cHTMLTextbox('cstype');
$oInputbox->setStyle('border:1px;border-style:solid;border-color:black;');
$oForm->add(i18n('Type'),$oInputbox->render());
$oForm->add(i18n('Type'), $oInputbox->render());
$oInputbox = new cHTMLTextbox ('csname');
$oInputbox = new cHTMLTextbox('csname');
$oInputbox->setStyle('border:1px;border-style:solid;border-color:black;');
$oForm->add(i18n('Name'),$oInputbox->render());
$oForm->add(i18n('Name'), $oInputbox->render());
$oInputbox = new cHTMLTextbox ('csvalue');
$oInputbox = new cHTMLTextbox('csvalue');
$oInputbox->setStyle('border:1px;border-style:solid;border-color:black;');
$oForm->add(i18n('Value'),$oInputbox->render());
$oForm->add(i18n('Value'), $oInputbox->render());
if (($_GET['action'] == "clientsettings_edit_item"))
{
if (($_GET['action'] == "clientsettings_edit_item")) {
$oForm2 = new UI_Form("clientsettings");
$oForm2->setVar("area",$area);
$oForm2->setVar("area", $area);
$oForm2->setVar("frame", $frame);
$oForm2->setVar("action", "clientsettings_save_item");
$oForm2->setVar("idclient", $idclient);
$oForm2->setVar("idclientslang", $_REQUEST["idclientslang"]);
$oForm2->add('list', $oList->render());
$sSettingsList = $oForm2->render();
$sSettingsList = $oForm2->render();
} else {
$sSettingsList = $oList->render();
}
@ -211,6 +208,6 @@ $sTooltippScript = '<script type="text/javascript" src="scripts/wz_tooltip.js"><
<script type="text/javascript" src="scripts/tip_balloon.js"></script>';
$oPage->addScript('tooltippstyle', '<link rel="stylesheet" type="text/css" href="styles/tip_balloon.css" />');
$oPage->setContent($sTooltippScript."\n".$oFrmRange->render() . '<br>' . $sSettingsList . '<br>' . $oForm->render());
$oPage->setContent($sTooltippScript . "\n" . $oFrmRange->render() . '<br>' . $sSettingsList . '<br>' . $oForm->render());
$oPage->render();
?>

178
conlite/includes/include.systemsettings.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php
/**
* Project:
* Contenido Content Management System
@ -28,159 +29,153 @@
* }}
*
*/
if(!defined('CON_FRAMEWORK')) {
die('Illegal call');
if (!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
$aManagedValues = array('versioning_prune_limit', 'update_check', 'update_news_feed', 'versioning_path', 'versioning_activated',
'update_check_period', 'system_clickmenu', 'system_mail_host', 'system_mail_sender',
'system_mail_sender_name', 'pw_request_enable', 'maintenance_mode', 'edit_area_activated',
'backend_preferred_idclient', 'generator_basehref', 'generator_xhtml', 'imagemagick_available',
'system_insight_editing_activated');
$aManagedValues = array('versioning_prune_limit', 'update_check', 'update_news_feed', 'versioning_path', 'versioning_activated',
'update_check_period', 'system_clickmenu', 'system_mail_host', 'system_mail_sender',
'system_mail_sender_name', 'pw_request_enable', 'maintenance_mode', 'edit_area_activated',
'backend_preferred_idclient', 'generator_basehref', 'generator_xhtml', 'imagemagick_available',
'system_insight_editing_activated');
if ($action == "systemsettings_save_item")
{
if (!in_array($systype.'_'.$sysname, $aManagedValues)) {
setSystemProperty ($systype, $sysname, $sysvalue, $csidsystemprop);
if ($action == "systemsettings_save_item") {
if (!in_array($systype . '_' . $sysname, $aManagedValues)) {
setSystemProperty($systype, $sysname, $sysvalue, $csidsystemprop);
} else {
$sWarning = $notification->returnNotification("warning", i18n('Please set this property in systemsettings directly'), 1).'<br>';
$sWarning = $notification->returnNotification("warning", i18n('Please set this property in systemsettings directly'), 1) . '<br>';
}
}
if ($action == "systemsettings_delete_item")
{
deleteSystemProperty($systype, $sysname);
if ($action == "systemsettings_delete_item") {
deleteSystemProperty($systype, $sysname);
}
$settings = getSystemProperties(1);
$list = new UI_List;
$list->setSolidBorder(true);
$list->setCell(1,1, i18n("Type"));
$list->setCell(1,2, i18n("Name"));
$list->setCell(1,3, i18n("Value"));
$list->setCell(1,4, "&nbsp;");
$list->setBgColor(1,$cfg['color']['table_header']);
$list->setCell(1, 1, i18n("Type"));
$list->setCell(1, 2, i18n("Name"));
$list->setCell(1, 3, i18n("Value"));
$list->setCell(1, 4, "&nbsp;");
$list->setBgColor(1, $cfg['color']['table_header']);
$list->setBorder(1);
$count = 2;
$oLinkEdit = new Link;
$oLinkEdit->setCLink($area, $frame, "systemsettings_edit_item");
$oLinkEdit->setContent('<img src="'.$cfg["path"]["contenido_fullhtml"].$cfg['path']['images'].'editieren.gif" alt="'.i18n("Edit").'" title="'.i18n("Edit").'">');
$oLinkEdit->setContent('<img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'editieren.gif" alt="' . i18n("Edit") . '" title="' . i18n("Edit") . '">');
$oLinkForward = new Link;
$oLinkForward->setCLink('system_configuration', $frame, "");
$oLinkForward->setContent('<img src="'.$cfg["path"]["contenido_fullhtml"].$cfg['path']['images'].'editieren.gif" alt="'.i18n("Edit").'" title="'.i18n("Edit").'">');
$oLinkForward->setContent('<img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'editieren.gif" alt="' . i18n("Edit") . '" title="' . i18n("Edit") . '">');
$oLinkDelete = new Link;
$oLinkDelete->setCLink($area, $frame, "systemsettings_delete_item");
$oLinkDelete->setContent('<img src="'.$cfg["path"]["contenido_fullhtml"].$cfg['path']['images'].'delete.gif" alt="'.i18n("Delete").'" title="'.i18n("Delete").'">');
$oLinkDelete->setContent('<img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'delete.gif" alt="' . i18n("Delete") . '" title="' . i18n("Delete") . '">');
$oLinkDeleteForward = '<img src="'.$cfg["path"]["contenido_fullhtml"].$cfg['path']['images'].'delete_inact.gif" alt="'.i18n("Delete").'" title="'.i18n("Delete").'">';
$oLinkDeleteForward = '<img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'delete_inact.gif" alt="' . i18n("Delete") . '" title="' . i18n("Delete") . '">';
$spacer = new cHTMLImage;
$spacer->setWidth(5);
if (is_array($settings))
{
foreach ($settings as $key => $types)
{
foreach ($types as $type => $value)
{
$oLinkEdit->setCustom("sysname", urlencode($type));
$oLinkEdit->setCustom("systype", urlencode($key));
$oLinkDelete->setCustom("sysname", urlencode($type));
$oLinkDelete->setCustom("systype", urlencode($key));
if (is_array($settings)) {
foreach ($settings as $key => $types) {
foreach ($types as $type => $value) {
$oLinkEdit->setCustom("sysname", urlencode($type));
$oLinkEdit->setCustom("systype", urlencode($key));
$oLinkDelete->setCustom("sysname", urlencode($type));
$oLinkDelete->setCustom("systype", urlencode($key));
$link = $oLinkEdit;
$dlink = $oLinkDelete->render();
if (in_array($key.'_'.$type, $aManagedValues)) {
if (in_array($key . '_' . $type, $aManagedValues)) {
#ignore record
} else if (($action == "systemsettings_edit_item") && (stripslashes($systype) == $key) && (stripslashes($sysname) == $type)) {
$oInputboxValue = new cHTMLTextbox ("sysvalue", $value['value']);
$oInputboxValue->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxName = new cHTMLTextbox ("sysname", $type);
$oInputboxName->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxType = new cHTMLTextbox ("systype", $key);
$oInputboxType->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$hidden = '<input type="hidden" name="csidsystemprop" value="'.$value['idsystemprop'].'">';
$sSubmit = '<input type="image" style="vertical-align:top;" value="submit" src="'.$cfg["path"]["contenido_fullhtml"].$cfg['path']['images'].'submit.gif">';
$list->setCell($count,1, $oInputboxType->render(true));
$list->setCell($count,2, $oInputboxName->render(true));
$list->setCell($count,3, $oInputboxValue->render(true).$hidden.$sSubmit);
} else {
$oInputboxValue = new cHTMLTextbox("sysvalue", $value['value']);
$oInputboxValue->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxName = new cHTMLTextbox("sysname", $type);
$oInputboxName->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxType = new cHTMLTextbox("systype", $key);
$oInputboxType->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$hidden = '<input type="hidden" name="csidsystemprop" value="' . $value['idsystemprop'] . '">';
$sSubmit = '<input type="image" style="vertical-align:top;" value="submit" src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'submit.gif">';
$list->setCell($count, 1, $oInputboxType->render(true));
$list->setCell($count, 2, $oInputboxName->render(true));
$list->setCell($count, 3, $oInputboxValue->render(true) . $hidden . $sSubmit);
} else {
$sMouseoverTemplate = '<span onmouseover="Tip(\'%s\', BALLOON, true, ABOVE, true);">%s</span>';
if (strlen($key) > 35) {
$sShort = htmlspecialchars(capiStrTrimHard($key, 35));
$key = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($key), ENT_QUOTES), $sShort);
} else {
$key = cSecurity::escapeString($key);
}
if (strlen($type) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($type, 35));
$type = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($type), ENT_QUOTES), $sShort);
} else {
$type = cSecurity::escapeString($type);
}
if (strlen($value['value']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($value['value'], 35));
$value['value'] = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($value['value']), ENT_QUOTES), $sShort);
$value['value'] = sprintf($sMouseoverTemplate, clHtmlEntities(addslashes($value['value'])), $sShort);
} else {
$value['value'] = clHtmlEntities($value['value']);
}
if (strlen($key) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($key, 35));
$key = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($key), ENT_QUOTES), $sShort);
}
!strlen(trim($value['value'])) ? $sValue = '&nbsp;' : $sValue = $value['value'];
$list->setCell($count,1, $key);
$list->setCell($count,2, $type);
$list->setCell($count,3, $sValue);
}
if (!in_array($key.'_'.$type, $aManagedValues)) {
$list->setCell($count,4, $spacer->render().$link->render().$spacer->render().$dlink.$spacer->render());
!strlen(trim($value['value'])) ? $sValue = '&nbsp;' : $sValue = $value['value'];
$list->setCell($count, 1, $key);
$list->setCell($count, 2, $type);
$list->setCell($count, 3, $sValue);
}
if (!in_array($key . '_' . $type, $aManagedValues)) {
$list->setCell($count, 4, $spacer->render() . $link->render() . $spacer->render() . $dlink . $spacer->render());
$count++;
}
}
}
}
}
if ($count == 2)
{
$list->setCell($count, 4, "");
$list->setCell($count, 1, i18n("No defined properties"));
$list->setCell($count, 2, "");
$list->setCell($count, 3, "");
if ($count == 2) {
$list->setCell($count, 4, "");
$list->setCell($count, 1, i18n("No defined properties"));
$list->setCell($count, 2, "");
$list->setCell($count, 3, "");
}
unset($form);
$form = new UI_Table_Form("systemsettings");
$form->setVar("area",$area);
$form->setVar("area", $area);
$form->setVar("frame", $frame);
$form->setVar("action", "systemsettings_save_item");
$form->addHeader(i18n("Add new variable"));
$inputbox = new cHTMLTextbox ("systype");
$inputbox = new cHTMLTextbox("systype");
$inputbox->setStyle("border:1px;border-style:solid;border-color:black;");
$form->add(i18n("Type"),$inputbox->render());
$form->add(i18n("Type"), $inputbox->render());
$inputbox = new cHTMLTextbox ("sysname");
$inputbox = new cHTMLTextbox("sysname");
$inputbox->setStyle("border:1px;border-style:solid;border-color:black;");
$form->add(i18n("Name"),$inputbox->render());
$form->add(i18n("Name"), $inputbox->render());
$inputbox = new cHTMLTextbox ("sysvalue");
$inputbox = new cHTMLTextbox("sysvalue");
$inputbox->setStyle("border:1px;border-style:solid;border-color:black;");
$form->add(i18n("Value"),$inputbox->render());
$form->add(i18n("Value"), $inputbox->render());
if ($action == "systemsettings_edit_item")
{
if ($action == "systemsettings_edit_item") {
$form2 = new UI_Form("systemsettings");
$form2->setVar("area",$area);
$form2->setVar("area", $area);
$form2->setVar("frame", $frame);
$form2->setVar("action", "systemsettings_save_item");
$form2->add('list', $list->render());
@ -194,7 +189,6 @@ $sTooltippScript = '<script type="text/javascript" src="scripts/wz_tooltip.js"><
<script type="text/javascript" src="scripts/tip_balloon.js"></script>';
$page->addScript('tooltippstyle', '<link rel="stylesheet" type="text/css" href="styles/tip_balloon.css" />');
$page->setContent($sWarning.$sTooltippScript."\n".$sListstring."<br>".$form->render());
$page->setContent($sWarning . $sTooltippScript . "\n" . $sListstring . "<br>" . $form->render());
$page->render();
?>

2
data/config/production/config.autoloader.php
Datei anzeigen

@ -31,7 +31,7 @@
* @since file available since Contenido release >= 4.8.15
*
* {@internal
* created 2017-03-09
* created 2017-06-09
* }}
*/