diff --git a/conlite/includes/functions.mod.php b/conlite/includes/functions.mod.php
index 837cf5c..f79d611 100644
--- a/conlite/includes/functions.mod.php
+++ b/conlite/includes/functions.mod.php
@@ -1,4 +1,5 @@
auth["uname"];
/**
- * START TRACK VERSION
- **/
- $oVersion = new VersionModule($idmod, $cfg, $cfgClient, $db, $client, $area, $frame);
-
- // Create new Module Version in cms/version/module/
- $oVersion->createNewVersion();
+ * START TRACK VERSION
+ * */
+ $oVersion = new VersionModule($idmod, $cfg, $cfgClient, $db, $client, $area, $frame);
- /**
- * END TRACK VERSION
- **/
-
- if (!$idmod) {
- $cApiModuleCollection = new cApiModuleCollection;
- $cApiModule = $cApiModuleCollection->create($name);
+ // Create new Module Version in cms/version/module/
+ $oVersion->createNewVersion();
- $idmod = $cApiModule->get("idmod");
-
- cInclude ("includes", "functions.rights.php");
+ /**
+ * END TRACK VERSION
+ * */
+ if (!$idmod) {
+ $cApiModuleCollection = new cApiModuleCollection;
+ $cApiModule = $cApiModuleCollection->create($name);
+
+ $idmod = $cApiModule->get("idmod");
+
+ cInclude("includes", "functions.rights.php");
createRightsForElement("mod", $idmod);
- } else {
- $cApiModule = new cApiModule;
- $cApiModule->loadByPrimaryKey($idmod);
- }
-
+ } else {
+ $cApiModule = new cApiModule;
+ $cApiModule->loadByPrimaryKey($idmod);
+ }
+
/* dceModFileEdit (c)2009-2011 www.dceonline.de */
if ($cfg['dceModEdit']['use']
|| $cApiModule->get("name") != stripslashes($name)
- || $cApiModule->get("output") != stripslashes($output)
- || $cApiModule->get("template") != stripslashes($template)
- || $cApiModule->get("description") != stripslashes($description)
- || $cApiModule->get("input") != stripslashes($input)
- || $cApiModule->get("type") != stripslashes($type)) {
-
+ || $cApiModule->get("output") != stripslashes($output)
+ || $cApiModule->get("template") != stripslashes($template)
+ || $cApiModule->get("description") != stripslashes($description)
+ || $cApiModule->get("input") != stripslashes($input)
+ || $cApiModule->get("type") != stripslashes($type)) {
+
$cApiModule->set("name", $name);
$cApiModule->set("output", $cApiModule->escape($output));
$cApiModule->set("template", $template);
@@ -83,24 +82,22 @@ function modEditModule($idmod, $name, $description, $input, $output, $template,
$cApiModule->set("input", $cApiModule->escape($input));
$cApiModule->set("type", $type);
$cApiModule->set("lastmodified", $date);
-
+
$cApiModule->store();
- }
+ }
return $idmod;
}
-function modDeleteModule($idmod)
-{
+function modDeleteModule($idmod) {
# Global vars
global $db, $sess, $client, $cfg, $area_tree, $perm;
- $sql = "DELETE FROM ".$cfg["tab"]["mod"]." WHERE idmod = '".Contenido_Security::toInteger($idmod)."' AND idclient = '".Contenido_Security::toInteger($client)."'";
+ $sql = "DELETE FROM " . $cfg["tab"]["mod"] . " WHERE idmod = '" . Contenido_Security::toInteger($idmod) . "' AND idclient = '" . Contenido_Security::toInteger($client) . "'";
$db->query($sql);
-
// delete rights for element
- cInclude ("includes", "functions.rights.php");
- deleteRightsForElement("mod", $idmod);
+ cInclude("includes", "functions.rights.php");
+ deleteRightsForElement("mod", $idmod);
}
// $code: Code to evaluate
@@ -108,107 +105,87 @@ function modDeleteModule($idmod)
// $mode: true if start in php mode, otherwise false
// Returns true or false
-function modTestModule ($code, $id, $output = false)
-{
- global $cfg, $modErrorMessage;
+function modTestModule($code, $id, $output = false) {
+ global $cfg, $modErrorMessage;
- $magicvalue = 0;
+ $db = new DB_ConLite();
- $db = new DB_ConLite;
-
- /* Put a $ in front of all CMS variables
- to prevent PHP error messages */
- $sql = "SELECT type FROM ".$cfg["tab"]["type"];
+ $sql = "SELECT type FROM " . $cfg["tab"]["type"];
$db->query($sql);
- while ($db->next_record())
- {
- $code = str_replace($db->f("type").'[','$'.$db->f("type").'[', $code);
+ while ($db->next_record()) {
+ $code = str_replace($db->f("type") . '[', '$' . $db->f("type") . '[', $code);
}
$code = preg_replace(',\[(\d+)?CMS_VALUE\[(\d+)\](\d+)?\],i', '[\1\2\3]', $code);
- $code = str_replace('CMS_VALUE','$CMS_VALUE', $code);
- $code = str_replace('CMS_VAR','$CMS_VAR', $code);
+ $code = str_replace('CMS_VALUE', '$CMS_VALUE', $code);
+ $code = str_replace('CMS_VAR', '$CMS_VAR', $code);
- /* If the module is an output module, escape PHP since
- all output modules enter php mode */
- if ($output == true)
- {
- $code = "?>\n" . $code . "\n\n" . $code . "\n= 5) {
+ try {
+ eval($code);
+ } catch (ParseError $err) {
+ $modErrorMessage = $err->getMessage() . " (line: " . ($err->getLine() - 1) . ")";
+ return false;
+ }
-
- /* Set the magic value */
- $code .= '$magicvalue = 941;';
-
- /* To parse the error message, we prepend and
- append a phperror tag in front of the output */
- $sErs = ini_get("error_prepend_string"); // Save current setting (see below)
- $sEas = ini_get("error_append_string"); // Save current setting (see below)
- @ini_set("error_prepend_string","");
- @ini_set("error_append_string","");
-
- /* Turn off output buffering and error reporting, eval the code */
- ob_start();
- $display_errors = ini_get("display_errors");
- @ini_set("display_errors", true);
- $output = eval($code);
- @ini_set("display_errors", $display_errors);
-
- /* Get the buffer contents and turn it on again */
- $output = ob_get_contents();
- ob_end_clean();
-
- /* Remove the prepend and append settings */
- /* 19.09.2006: Following lines have been disabled, as ini_restore has been disabled
- by some hosters as there is a security leak in PHP (PHP <= 5.1.6 & <= 4.4.4) */
- //ini_restore("error_prepend_string");
- //ini_restore("error_append_string");
- @ini_set("error_prepend_string", $sErs); // Restoring settings (see above)
- @ini_set("error_append_string", $sEas); // Restoring settings (see above)
-
- /* Strip out the error message */
- $start = strpos($output, "");
- $end = strpos($output, "");
-
- /* More stripping: Users shouldnt see where the file
- is located, but they should see the error line */
- if ($start !== false)
- {
- $start = strpos($output, "eval()");
-
- $modErrorMessage = substr($output, $start, $end - $start);
-
- /* Kill that HTML formatting */
- $modErrorMessage = str_replace("","",$modErrorMessage);
- $modErrorMessage = str_replace("","",$modErrorMessage);
- $modErrorMessage = str_replace("
","",$modErrorMessage);
- $modErrorMessage = str_replace("
","",$modErrorMessage);
- }
-
- /* check if there are any php short tags in code, and display error*/
- $bHasShortTags = false;
- if (preg_match('/<\?\s+/', $code) && $magicvalue == 941) {
- $bHasShortTags = true;
- $modErrorMessage = i18n('Please do not use short open Tags. (Use ");
+ @ini_set("error_append_string", "");
+
+ // Turn off output buffering and error reporting, eval the code
+ ob_start();
+ $display_errors = ini_get("display_errors");
+ @ini_set("display_errors", true);
+ $output = eval($code);
+ @ini_set("display_errors", $display_errors);
+
+ // Get the buffer contents and turn it on again
+ $output = ob_get_contents();
+ ob_end_clean();
+
+ @ini_set("error_prepend_string", $sErs); // Restoring settings (see above)
+ @ini_set("error_append_string", $sEas); // Restoring settings (see above)
+
+ // Strip out the error message
+ $start = strpos($output, "");
+ $end = strpos($output, "");
+
+ // More stripping: Users shouldnt see where the file is located, but they should see the error line
+ if ($start !== false) {
+ $start = strpos($output, "eval()");
+
+ $modErrorMessage = substr($output, $start, $end - $start);
+
+ // Kill that HTML formatting
+ $modErrorMessage = str_replace("", "", $modErrorMessage);
+ $modErrorMessage = str_replace("", "", $modErrorMessage);
+ $modErrorMessage = str_replace("
", "", $modErrorMessage);
+ $modErrorMessage = str_replace("
", "", $modErrorMessage);
+ }
+
+ // check if there are any php short tags in code, and display error
+ $bHasShortTags = false;
+ if (preg_match('/<\?\s+/', $code) && $magicvalue == 941) {
+ $bHasShortTags = true;
+ $modErrorMessage = i18n('Please do not use short open Tags. (Use
\ No newline at end of file