ConLite
/
ConLite
1
0
Fork 0
Code Issues 22 Pull-Requests Projekte 2 Releases 2 Wiki Aktivität

fixed FS#171; added cSecurity class

Dieser Commit ist enthalten in:
Oldperl 2017-07-06 09:57:53 +00:00
Ursprung 1f9cd68695
Commit b5e9523eea
7 geänderte Dateien mit 1262 neuen und 1494 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

84
conlite/classes/class.security.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php <?php
/** /**
* Project: * Project:
* Contenido Content Management System * Contenido Content Management System
@ -19,17 +20,15 @@
* merge them... * merge them...
* *
*/ */
if (!defined('CON_FRAMEWORK')) { if (!defined('CON_FRAMEWORK')) {
die('Illegal call'); die('Illegal call');
} }
/** /**
* Contenido Security exception class * Contenido Security exception class
*/ */
class Contenido_Security_Exception extends Exception class Contenido_Security_Exception extends Exception {
{
/** /**
* Logging flag. Set to true for logging invalid calls. * Logging flag. Set to true for logging invalid calls.
* @access protected * @access protected
@ -41,8 +40,7 @@ class Contenido_Security_Exception extends Exception
/** /**
* @see Exception::__construct() * @see Exception::__construct()
*/ */
public function __construct($sMessage, $sParamName) public function __construct($sMessage, $sParamName) {
{
parent::__construct($sMessage); parent::__construct($sMessage);
// check if logging is enabled // check if logging is enabled
@ -61,14 +59,18 @@ class Contenido_Security_Exception extends Exception
die($sMessage); die($sMessage);
exit; exit;
} }
} }
class Contenido_Security extends cSecurity {
}
/** /**
* Contenido Security class * Contenido Security class
*/ */
class Contenido_Security class cSecurity {
{
/** /**
* Accepted backend languages * Accepted backend languages
* @var array * @var array
@ -90,36 +92,30 @@ class Contenido_Security
*/ */
protected static $_forbiddenParameters = array('cfg', 'cfgClient', 'contenido_path', '_PHPLIB', 'db', 'sess'); protected static $_forbiddenParameters = array('cfg', 'cfgClient', 'contenido_path', '_PHPLIB', 'db', 'sess');
/** /**
* Returns accepted backend language values * Returns accepted backend language values
* *
* @return array * @return array
*/ */
public static function getAcceptedBelangValues() public static function getAcceptedBelangValues() {
{
return self::$_acceptedBelangValues; return self::$_acceptedBelangValues;
} }
/** /**
* Returns must be numeric request parameters * Returns must be numeric request parameters
* *
* @return array * @return array
*/ */
public static function getMustbeNumericParameters() public static function getMustbeNumericParameters() {
{
return self::$_mustbeNumericParameters; return self::$_mustbeNumericParameters;
} }
/** /**
* Returns forbidden request parameters * Returns forbidden request parameters
* *
* @return array * @return array
*/ */
public static function getForbiddenParameters() public static function getForbiddenParameters() {
{
return self::$_forbiddenParameters; return self::$_forbiddenParameters;
} }
@ -131,8 +127,7 @@ class Contenido_Security
* @param DB_ConLite $oDb Contenido database object * @param DB_ConLite $oDb Contenido database object
* @return string Filtered string * @return string Filtered string
*/ */
public static function filter($sString, $oDb) public static function filter($sString, $oDb) {
{
$sString = self::toString($sString); $sString = self::toString($sString);
if (defined('CONTENIDO_STRIPSLASHES')) { if (defined('CONTENIDO_STRIPSLASHES')) {
$sString = stripslashes($sString); $sString = stripslashes($sString);
@ -147,8 +142,7 @@ class Contenido_Security
* @param string $sString Input string * @param string $sString Input string
* @return string Unfiltered string * @return string Unfiltered string
*/ */
public static function unFilter($sString) public static function unFilter($sString) {
{
$sString = self::toString($sString); $sString = self::toString($sString);
return urldecode(htmldecode(self::unEscapeDB($sString))); return urldecode(htmldecode(self::unEscapeDB($sString)));
} }
@ -160,8 +154,7 @@ class Contenido_Security
* @param string $sVar Input string * @param string $sVar Input string
* @return boolean Check state * @return boolean Check state
*/ */
public static function isBoolean($sVar) public static function isBoolean($sVar) {
{
$sTempVar = $sVar; $sTempVar = $sVar;
$sTemp2Var = self::toBoolean($sVar); $sTemp2Var = self::toBoolean($sVar);
return ($sTempVar === $sTemp2Var); return ($sTempVar === $sTemp2Var);
@ -174,8 +167,7 @@ class Contenido_Security
* @param string $sVar Input string * @param string $sVar Input string
* @return boolean Check state * @return boolean Check state
*/ */
public static function isInteger($sVar) public static function isInteger($sVar) {
{
return (preg_match('/^[0-9]+$/', $sVar)); return (preg_match('/^[0-9]+$/', $sVar));
} }
@ -186,8 +178,7 @@ class Contenido_Security
* @param string $sVar Input string * @param string $sVar Input string
* @return boolean Check state * @return boolean Check state
*/ */
public static function isString($sVar) public static function isString($sVar) {
{
return (is_string($sVar)); return (is_string($sVar));
} }
@ -247,8 +238,7 @@ class Contenido_Security
* @param string $sString Input string * @param string $sString Input string
* @return boolean Type casted input string * @return boolean Type casted input string
*/ */
public static function toBoolean($sString) public static function toBoolean($sString) {
{
return (bool) $sString; return (bool) $sString;
} }
@ -261,8 +251,7 @@ class Contenido_Security
* @param string $sString Input string * @param string $sString Input string
* @return integer Type casted input string * @return integer Type casted input string
*/ */
public static function toInteger($sString) public static function toInteger($sString) {
{
return (int) $sString; return (int) $sString;
} }
@ -275,8 +264,7 @@ class Contenido_Security
* @param string $sAllowableTags Allowable tags if $bHTML is true * @param string $sAllowableTags Allowable tags if $bHTML is true
* @return string Converted string * @return string Converted string
*/ */
public static function toString($sString, $bHTML = false, $sAllowableTags = '') public static function toString($sString, $bHTML = false, $sAllowableTags = '') {
{
$sString = (string) $sString; $sString = (string) $sString;
if ($bHTML == true) { if ($bHTML == true) {
$sString = strip_tags(stripslashes($sString), $sAllowableTags); $sString = strip_tags(stripslashes($sString), $sAllowableTags);
@ -291,8 +279,7 @@ class Contenido_Security
* @return bool|void True on success otherwhise nothing. * @return bool|void True on success otherwhise nothing.
* @throws Contenido_Security_Exception if one of the checks fails * @throws Contenido_Security_Exception if one of the checks fails
*/ */
public static function checkRequests() public static function checkRequests() {
{
// Check backend language // Check backend language
self::checkRequestBelang(); self::checkRequestBelang();
@ -314,8 +301,7 @@ class Contenido_Security
* @return bool|void True on success otherwhise nothing. * @return bool|void True on success otherwhise nothing.
* @throws Contenido_Security_Exception if existing backend language parameter is not valid * @throws Contenido_Security_Exception if existing backend language parameter is not valid
*/ */
public static function checkRequestBelang() public static function checkRequestBelang() {
{
if (isset($_REQUEST['belang'])) { if (isset($_REQUEST['belang'])) {
$_REQUEST['belang'] = strval($_REQUEST['belang']); $_REQUEST['belang'] = strval($_REQUEST['belang']);
if (!in_array($_REQUEST['belang'], self::$_acceptedBelangValues)) { if (!in_array($_REQUEST['belang'], self::$_acceptedBelangValues)) {
@ -331,8 +317,7 @@ class Contenido_Security
* @return bool|void True on success otherwhise nothing. * @return bool|void True on success otherwhise nothing.
* @throws Contenido_Security_Exception if the request contains one of forbidden parameters. * @throws Contenido_Security_Exception if the request contains one of forbidden parameters.
*/ */
public static function checkRequestForbiddenParameter() public static function checkRequestForbiddenParameter() {
{
foreach (self::$_forbiddenParameters as $param) { foreach (self::$_forbiddenParameters as $param) {
if (isset($_REQUEST[$param])) { if (isset($_REQUEST[$param])) {
throw new Contenido_Security_Exception('Invalid call!', $param); throw new Contenido_Security_Exception('Invalid call!', $param);
@ -349,8 +334,7 @@ class Contenido_Security
* *
* @return bool Just true * @return bool Just true
*/ */
public static function checkRequestMustbeNumericParameter() public static function checkRequestMustbeNumericParameter() {
{
foreach (self::$_mustbeNumericParameters as $sParamName) { foreach (self::$_mustbeNumericParameters as $sParamName) {
if (isset($_REQUEST[$sParamName])) { if (isset($_REQUEST[$sParamName])) {
$sValue = $_REQUEST[$sParamName]; $sValue = $_REQUEST[$sParamName];
@ -368,8 +352,7 @@ class Contenido_Security
* @return bool|void True on success otherwhise nothing. * @return bool|void True on success otherwhise nothing.
* @throws Contenido_Security_Exception if contenido parameter in request don't matches the required format * @throws Contenido_Security_Exception if contenido parameter in request don't matches the required format
*/ */
public static function checkRequestSession() public static function checkRequestSession() {
{
if (isset($_REQUEST['contenido']) && !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['contenido'])) { if (isset($_REQUEST['contenido']) && !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['contenido'])) {
if ($_REQUEST['contenido'] != '') { if ($_REQUEST['contenido'] != '') {
throw new Contenido_Security_Exception('Invalid call', 'contenido'); throw new Contenido_Security_Exception('Invalid call', 'contenido');
@ -387,8 +370,7 @@ class Contenido_Security
* @deprecated Use checkRequestSession() instead due to better naming conventions * @deprecated Use checkRequestSession() instead due to better naming conventions
* @TODO: Should be removed, but later in few years... * @TODO: Should be removed, but later in few years...
*/ */
public static function checkSession() public static function checkSession() {
{
return self::checkRequestSession(); return self::checkRequestSession();
} }
@ -405,8 +387,7 @@ class Contenido_Security
* *
* @return void * @return void
*/ */
public static function checkFrontendGlobals() public static function checkFrontendGlobals() {
{
global $tmpchangelang, $savedlang, $lang, $changelang, $load_lang, $changeclient, $client, $load_client; global $tmpchangelang, $savedlang, $lang, $changelang, $load_lang, $changeclient, $client, $load_client;
if (isset($tmpchangelang) && is_numeric($tmpchangelang) && $tmpchangelang > 0) { if (isset($tmpchangelang) && is_numeric($tmpchangelang) && $tmpchangelang > 0) {
@ -458,8 +439,7 @@ class Contenido_Security
* @param boolean $bUndoAddSlashes Flag for undo addslashes (optional, default: true) * @param boolean $bUndoAddSlashes Flag for undo addslashes (optional, default: true)
* @return string Converted string * @return string Converted string
*/ */
public static function escapeDB($sString, $oDB = null, $bUndoAddSlashes = true) public static function escapeDB($sString, $oDB = null, $bUndoAddSlashes = true) {
{
if (!is_object($oDB)) { if (!is_object($oDB)) {
return self::escapeString($sString); return self::escapeString($sString);
} else { } else {
@ -477,8 +457,7 @@ class Contenido_Security
* @param string $sString Input string * @param string $sString Input string
* @return string Converted string * @return string Converted string
*/ */
public static function escapeString($sString) public static function escapeString($sString) {
{
$sString = (string) $sString; $sString = (string) $sString;
if (defined('CONTENIDO_STRIPSLASHES')) { if (defined('CONTENIDO_STRIPSLASHES')) {
$sString = stripslashes($sString); $sString = stripslashes($sString);
@ -493,8 +472,7 @@ class Contenido_Security
* @param string $sString Input string * @param string $sString Input string
* @return string Converted string * @return string Converted string
*/ */
public static function unescapeDB($sString) public static function unescapeDB($sString) {
{
return stripslashes($sString); return stripslashes($sString);
} }

619
conlite/classes/class.ui.php
Datei anzeigen

Datei-Diff unterdrückt, da er zu groß ist Diff laden

11
conlite/classes/widgets/class.widgets.page.php
Datei anzeigen

@ -128,17 +128,6 @@ class cPage extends cHTML {
} }
} }
/**
* old constructor
*
* @deprecated since version 2.0.0
* @param obj $object
*/
public function cPage($object = false) {
cDeprecated(__FILE__, __LINE__, "Deprecated method call, use __construct()");
self::__construct($object);
}
/** /**
* use HTML5 for page output * use HTML5 for page output
*/ */

3
conlite/includes/functions.general.php
Datei anzeigen

@ -787,8 +787,7 @@ function setSystemProperty($type, $name, $value, $idsystemprop = 0) {
} }
$idsystemprop = Contenido_Security::toInteger($idsystemprop); $idsystemprop = Contenido_Security::toInteger($idsystemprop);
$db_systemprop = new DB_ConLite();
$db_systemprop = new DB_ConLite;
if ($idsystemprop == 0) { if ($idsystemprop == 0) {
$sql = "SELECT idsystemprop FROM " . $cfg["tab"]["system_prop"] . " WHERE type='" . Contenido_Security::escapeDB($type, $db_systemprop) . "' AND name='" . Contenido_Security::escapeDB($name, $db_systemprop) . "'"; $sql = "SELECT idsystemprop FROM " . $cfg["tab"]["system_prop"] . " WHERE type='" . Contenido_Security::escapeDB($type, $db_systemprop) . "' AND name='" . Contenido_Security::escapeDB($name, $db_systemprop) . "'";

59
conlite/includes/include.clientsettings.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php <?php
/** /**
* Project: * Project:
* Contenido Content Management System * Contenido Content Management System
@ -28,18 +29,16 @@
* }} * }}
* *
*/ */
if (!defined('CON_FRAMEWORK')) { if (!defined('CON_FRAMEWORK')) {
die('Illegal call'); die('Illegal call');
} }
$oPage = new cPage; $oPage = new cPage();
$oList = new cScrollList; $oList = new cScrollList;
$idclient = $_GET['idclient']; $idclient = $_GET['idclient'];
if (strlen($idclient) == 0) if (strlen($idclient) == 0) {
{
$idclient = $_POST['idclient']; $idclient = $_POST['idclient'];
} }
@ -85,13 +84,11 @@ if (!is_numeric($_REQUEST["idclientslang"]) || $_REQUEST["idclientslang"] == 0)
$oClient->loadByPrimaryKey($_REQUEST["idclientslang"]); $oClient->loadByPrimaryKey($_REQUEST["idclientslang"]);
} }
if ($_POST['action'] == 'clientsettings_save_item') if ($_POST['action'] == 'clientsettings_save_item') {
{ $oClient->setProperty(trim($_POST['cstype']), trim($_POST['csname']), trim($_POST['csvalue']), trim($_POST['csidproperty']));
$oClient->setProperty($_POST['cstype'], $_POST['csname'], $_POST['csvalue'], $_POST['csidproperty']);
} }
if ($_GET['action'] == 'clientsettings_delete_item') if ($_GET['action'] == 'clientsettings_delete_item') {
{
$oClient->deletePropertyById($_GET['idprop']); $oClient->deletePropertyById($_GET['idprop']);
} }
@ -101,8 +98,7 @@ $oList->objRow->updateAttributes(array('valign' => 'top'));
$aItems = $oClient->getProperties(); $aItems = $oClient->getProperties();
if ($aItems !== false) if ($aItems !== false) {
{
$oLnkDelete = new Link; $oLnkDelete = new Link;
$oLnkDelete->setCLink($area, $frame, "clientsettings_delete_item"); $oLnkDelete->setCLink($area, $frame, "clientsettings_delete_item");
$oLnkDelete->setContent('<img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'delete.gif" alt="' . i18n("Delete") . '" title="' . i18n("Delete") . '">'); $oLnkDelete->setContent('<img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'delete.gif" alt="' . i18n("Delete") . '" title="' . i18n("Delete") . '">');
@ -116,13 +112,11 @@ if ($aItems !== false)
$oLnkEdit->setCustom("idclientslang", $_REQUEST["idclientslang"]); $oLnkEdit->setCustom("idclientslang", $_REQUEST["idclientslang"]);
$iCounter = 0; $iCounter = 0;
foreach($aItems as $iKey => $aValue) foreach ($aItems as $iKey => $aValue) {
{
$oLnkDelete->setCustom("idprop", $iKey); $oLnkDelete->setCustom("idprop", $iKey);
$oLnkEdit->setCustom("idprop", $iKey); $oLnkEdit->setCustom("idprop", $iKey);
if (($_GET['action'] == "clientsettings_edit_item") && ($_GET['idprop'] == $iKey)) if (($_GET['action'] == "clientsettings_edit_item") && ($_GET['idprop'] == $iKey)) {
{
$oForm = new UI_Form("clientsettings"); $oForm = new UI_Form("clientsettings");
$oForm->setVar("area", $area); $oForm->setVar("area", $area);
$oForm->setVar("frame", $frame); $oForm->setVar("frame", $frame);
@ -130,44 +124,48 @@ if ($aItems !== false)
$oForm->setVar("idclient", $idclient); $oForm->setVar("idclient", $idclient);
$oForm->setVar("idclientslang", $_REQUEST["idclientslang"]); $oForm->setVar("idclientslang", $_REQUEST["idclientslang"]);
$oInputboxValue = new cHTMLTextbox ("csvalue", $aValue['value']); $oInputboxValue = new cHTMLTextbox("csvalue", cSecurity::escapeString(clHtmlSpecialChars($aValue['value'])));
$oInputboxValue->setStyle("border:1px;border-style:solid;border-color:black;width:200px;"); $oInputboxValue->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxName = new cHTMLTextbox ("csname", $aValue['name']); $oInputboxName = new cHTMLTextbox("csname", cSecurity::escapeString(clHtmlSpecialChars($aValue['name'])));
$oInputboxName->setStyle("border:1px;border-style:solid;border-color:black;width:200px;"); $oInputboxName->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$oInputboxType = new cHTMLTextbox ("cstype", $aValue['type']); $oInputboxType = new cHTMLTextbox("cstype", cSecurity::escapeString(clHtmlSpecialChars($aValue['type'])));
$oInputboxType->setStyle("border:1px;border-style:solid;border-color:black;width:200px;"); $oInputboxType->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
$hidden = '<input type="hidden" name="csidproperty" value="' . $iKey . '">'; $hidden = '<input type="hidden" name="csidproperty" value="' . $iKey . '">';
$sSubmit = ' <input type="image" style="vertical-align:top;" value="submit" src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'submit.gif">'; $sSubmit = ' <input type="image" style="vertical-align:top;" value="submit" src="' . $cfg["path"]["contenido_fullhtml"] . $cfg['path']['images'] . 'submit.gif">';
$oList->setData($iCounter, $oInputboxType->render(), $oInputboxName->render(), $oInputboxValue->render() . $hidden . $sSubmit, $oLnkEdit->render() . '&nbsp;&nbsp;&nbsp;' . $oLnkDelete->render()); $oList->setData($iCounter, $oInputboxType->render(), $oInputboxName->render(), $oInputboxValue->render() . $hidden . $sSubmit, $oLnkEdit->render() . '&nbsp;&nbsp;&nbsp;' . $oLnkDelete->render());
} else } else {
{
$sMouseoverTemplate = '<span onmouseover="Tip(\'%s\', BALLOON, true, ABOVE, true);">%s</span>'; $sMouseoverTemplate = '<span onmouseover="Tip(\'%s\', BALLOON, true, ABOVE, true);">%s</span>';
if (strlen($aValue['type']) > 35) { if (strlen($aValue['type']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['type'], 35)); $sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['type'], 35));
$aValue['type'] = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($aValue['type']), ENT_QUOTES), $sShort); $aValue['type'] = sprintf($sMouseoverTemplate, cSecurity::escapeString(clHtmlSpecialChars($aValue['type'])), cSecurity::escapeString($sShort));
} } else {
$aValue['type'] = clHtmlEntities($aValue['type']);
if (strlen($aValue['value']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['value'], 35));
$aValue['value'] = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($aValue['value']), ENT_QUOTES), $sShort);
} }
if (strlen($aValue['name']) > 35) { if (strlen($aValue['name']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['name'], 35)); $sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['name'], 35));
$aValue['name'] = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($aValue['name']), ENT_QUOTES), $sShort); $aValue['name'] = sprintf($sMouseoverTemplate, cSecurity::escapeString(clHtmlSpecialChars($aValue['name'])), cSecurity::escapeString($sShort));
} else {
$aValue['name'] = clHtmlEntities($aValue['name']);
}
if (strlen($aValue['value']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($aValue['value'], 35));
$aValue['value'] = sprintf($sMouseoverTemplate, cSecurity::escapeString(clHtmlSpecialChars($aValue['value'])), cSecurity::escapeString($sShort));
} else {
$aValue['value'] = clHtmlEntities($aValue['value']);
} }
$oList->setData($iCounter, $aValue['type'], $aValue['name'], $aValue['value'], $oLnkEdit->render() . '&nbsp;&nbsp;&nbsp;' . $oLnkDelete->render()); $oList->setData($iCounter, $aValue['type'], $aValue['name'], $aValue['value'], $oLnkEdit->render() . '&nbsp;&nbsp;&nbsp;' . $oLnkDelete->render());
} }
$iCounter++; $iCounter++;
} }
} else } else {
{
$oList->objItem->updateAttributes(array('colspan' => 4)); $oList->objItem->updateAttributes(array('colspan' => 4));
$oList->setData(0, i18n("No defined properties")); $oList->setData(0, i18n("No defined properties"));
} }
@ -192,8 +190,7 @@ $oInputbox = new cHTMLTextbox ('csvalue');
$oInputbox->setStyle('border:1px;border-style:solid;border-color:black;'); $oInputbox->setStyle('border:1px;border-style:solid;border-color:black;');
$oForm->add(i18n('Value'), $oInputbox->render()); $oForm->add(i18n('Value'), $oInputbox->render());
if (($_GET['action'] == "clientsettings_edit_item")) if (($_GET['action'] == "clientsettings_edit_item")) {
{
$oForm2 = new UI_Form("clientsettings"); $oForm2 = new UI_Form("clientsettings");
$oForm2->setVar("area", $area); $oForm2->setVar("area", $area);
$oForm2->setVar("frame", $frame); $oForm2->setVar("frame", $frame);

44
conlite/includes/include.systemsettings.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php <?php
/** /**
* Project: * Project:
* Contenido Content Management System * Contenido Content Management System
@ -28,7 +29,6 @@
* }} * }}
* *
*/ */
if (!defined('CON_FRAMEWORK')) { if (!defined('CON_FRAMEWORK')) {
die('Illegal call'); die('Illegal call');
} }
@ -39,8 +39,7 @@ $aManagedValues = array('versioning_prune_limit', 'update_check', 'update_news_f
'backend_preferred_idclient', 'generator_basehref', 'generator_xhtml', 'imagemagick_available', 'backend_preferred_idclient', 'generator_basehref', 'generator_xhtml', 'imagemagick_available',
'system_insight_editing_activated'); 'system_insight_editing_activated');
if ($action == "systemsettings_save_item") if ($action == "systemsettings_save_item") {
{
if (!in_array($systype . '_' . $sysname, $aManagedValues)) { if (!in_array($systype . '_' . $sysname, $aManagedValues)) {
setSystemProperty($systype, $sysname, $sysvalue, $csidsystemprop); setSystemProperty($systype, $sysname, $sysvalue, $csidsystemprop);
} else { } else {
@ -48,8 +47,7 @@ if ($action == "systemsettings_save_item")
} }
} }
if ($action == "systemsettings_delete_item") if ($action == "systemsettings_delete_item") {
{
deleteSystemProperty($systype, $sysname); deleteSystemProperty($systype, $sysname);
} }
@ -83,12 +81,9 @@ $oLinkDeleteForward = '<img src="'.$cfg["path"]["contenido_fullhtml"].$cfg['path
$spacer = new cHTMLImage; $spacer = new cHTMLImage;
$spacer->setWidth(5); $spacer->setWidth(5);
if (is_array($settings)) if (is_array($settings)) {
{ foreach ($settings as $key => $types) {
foreach ($settings as $key => $types) foreach ($types as $type => $value) {
{
foreach ($types as $type => $value)
{
$oLinkEdit->setCustom("sysname", urlencode($type)); $oLinkEdit->setCustom("sysname", urlencode($type));
$oLinkEdit->setCustom("systype", urlencode($key)); $oLinkEdit->setCustom("systype", urlencode($key));
@ -100,7 +95,6 @@ if (is_array($settings))
if (in_array($key . '_' . $type, $aManagedValues)) { if (in_array($key . '_' . $type, $aManagedValues)) {
#ignore record #ignore record
} else if (($action == "systemsettings_edit_item") && (stripslashes($systype) == $key) && (stripslashes($sysname) == $type)) { } else if (($action == "systemsettings_edit_item") && (stripslashes($systype) == $key) && (stripslashes($sysname) == $type)) {
$oInputboxValue = new cHTMLTextbox("sysvalue", $value['value']); $oInputboxValue = new cHTMLTextbox("sysvalue", $value['value']);
$oInputboxValue->setStyle("border:1px;border-style:solid;border-color:black;width:200px;"); $oInputboxValue->setStyle("border:1px;border-style:solid;border-color:black;width:200px;");
@ -117,25 +111,28 @@ if (is_array($settings))
$list->setCell($count, 1, $oInputboxType->render(true)); $list->setCell($count, 1, $oInputboxType->render(true));
$list->setCell($count, 2, $oInputboxName->render(true)); $list->setCell($count, 2, $oInputboxName->render(true));
$list->setCell($count, 3, $oInputboxValue->render(true) . $hidden . $sSubmit); $list->setCell($count, 3, $oInputboxValue->render(true) . $hidden . $sSubmit);
} else { } else {
$sMouseoverTemplate = '<span onmouseover="Tip(\'%s\', BALLOON, true, ABOVE, true);">%s</span>'; $sMouseoverTemplate = '<span onmouseover="Tip(\'%s\', BALLOON, true, ABOVE, true);">%s</span>';
if (strlen($key) > 35) {
$sShort = htmlspecialchars(capiStrTrimHard($key, 35));
$key = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($key), ENT_QUOTES), $sShort);
} else {
$key = cSecurity::escapeString($key);
}
if (strlen($type) > 35) { if (strlen($type) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($type, 35)); $sShort = clHtmlSpecialChars(capiStrTrimHard($type, 35));
$type = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($type), ENT_QUOTES), $sShort); $type = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($type), ENT_QUOTES), $sShort);
} else {
$type = cSecurity::escapeString($type);
} }
if (strlen($value['value']) > 35) { if (strlen($value['value']) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($value['value'], 35)); $sShort = clHtmlSpecialChars(capiStrTrimHard($value['value'], 35));
$value['value'] = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($value['value']), ENT_QUOTES), $sShort); $value['value'] = sprintf($sMouseoverTemplate, clHtmlEntities(addslashes($value['value'])), $sShort);
} else {
$value['value'] = clHtmlEntities($value['value']);
} }
if (strlen($key) > 35) {
$sShort = clHtmlSpecialChars(capiStrTrimHard($key, 35));
$key = sprintf($sMouseoverTemplate, clHtmlSpecialChars(addslashes($key), ENT_QUOTES), $sShort);
}
!strlen(trim($value['value'])) ? $sValue = '&nbsp;' : $sValue = $value['value']; !strlen(trim($value['value'])) ? $sValue = '&nbsp;' : $sValue = $value['value'];
$list->setCell($count, 1, $key); $list->setCell($count, 1, $key);
@ -151,8 +148,7 @@ if (is_array($settings))
} }
} }
if ($count == 2) if ($count == 2) {
{
$list->setCell($count, 4, ""); $list->setCell($count, 4, "");
$list->setCell($count, 1, i18n("No defined properties")); $list->setCell($count, 1, i18n("No defined properties"));
$list->setCell($count, 2, ""); $list->setCell($count, 2, "");
@ -177,8 +173,7 @@ $inputbox = new cHTMLTextbox ("sysvalue");
$inputbox->setStyle("border:1px;border-style:solid;border-color:black;"); $inputbox->setStyle("border:1px;border-style:solid;border-color:black;");
$form->add(i18n("Value"), $inputbox->render()); $form->add(i18n("Value"), $inputbox->render());
if ($action == "systemsettings_edit_item") if ($action == "systemsettings_edit_item") {
{
$form2 = new UI_Form("systemsettings"); $form2 = new UI_Form("systemsettings");
$form2->setVar("area", $area); $form2->setVar("area", $area);
$form2->setVar("frame", $frame); $form2->setVar("frame", $frame);
@ -196,5 +191,4 @@ $sTooltippScript = '<script type="text/javascript" src="scripts/wz_tooltip.js"><
$page->addScript('tooltippstyle', '<link rel="stylesheet" type="text/css" href="styles/tip_balloon.css" />'); $page->addScript('tooltippstyle', '<link rel="stylesheet" type="text/css" href="styles/tip_balloon.css" />');
$page->setContent($sWarning . $sTooltippScript . "\n" . $sListstring . "<br>" . $form->render()); $page->setContent($sWarning . $sTooltippScript . "\n" . $sListstring . "<br>" . $form->render());
$page->render(); $page->render();
?> ?>

2
data/config/production/config.autoloader.php
Datei anzeigen

@ -31,7 +31,7 @@
* @since file available since Contenido release >= 4.8.15 * @since file available since Contenido release >= 4.8.15
* *
* {@internal * {@internal
* created 2017-03-09 * created 2017-06-09
* }} * }}
*/ */