diff --git a/conlite/external/frontend/config.php b/conlite/external/frontend/config.php deleted file mode 100644 index 4714600..0000000 --- a/conlite/external/frontend/config.php +++ /dev/null @@ -1,53 +0,0 @@ - - * - * Requirements: - * @con_php_req 5 - * @con_template - * @con_notice - * - * - * @package ContenidoBackendArea - * @version - * @author - * @copyright four for business AG - * @license http://www.contenido.org/license/LIZENZ.txt - * @link http://www.4fb.de - * @link http://www.contenido.org - * - * - * - * {@internal - * created - * modified 2008-07-04, bilal arslan, added security fix - * - * $Id$: - * }} - * - */ - if(!defined('CON_FRAMEWORK')) { - die('Illegal call'); -} - -// Relative path to contenido directory, for all inclusions, in most cases: "../contenido/" -$contenido_path = "!PATH!"; - -// If language isn't specified, set this client and language (ID) -$load_lang = "!LANG!"; -$load_client = "!CLIENT!"; - -/* Various debugging options */ -$frontend_debug["container_display"] = false; -$frontend_debug["module_display"] = false; -$frontend_debug["module_timing"] = false; -$frontend_debug["module_timing_summary"] = false; - -/* Set to 1 to brute-force module regeneration */ -$force = 0; - -?> diff --git a/conlite/external/frontend/dbfs.php b/conlite/external/frontend/dbfs.php index 20566d8..6c8d42a 100644 --- a/conlite/external/frontend/dbfs.php +++ b/conlite/external/frontend/dbfs.php @@ -8,9 +8,11 @@ * * Requirements: * @con_php_req 5 + * @con_template + * @con_notice + * * * @package ContenidoBackendArea - * @version * @author unknown * @copyright four for business AG * @license http://www.contenido.org/license/LIZENZ.txt @@ -20,15 +22,17 @@ * * * {@internal - * created unknown - * modified 2008-06-16, H. Librenz - Hotfix: checking for potential unsecure calling - * modified 2008-07-04, bilal arslan, added security fix + * created unknown + * modified 2008-06-16, H. Librenz - Hotfix: checking for potential unsecure calling + * modified 2008-07-03, bilal arslan, added security fix + * modified 2010-05-20, Murat Purc, standardized Contenido startup and security check invocations, see [#CON-307] * * $Id$: * }} * */ - if (!defined("CON_FRAMEWORK")) { + +if (!defined("CON_FRAMEWORK")) { define("CON_FRAMEWORK", true); } @@ -36,12 +40,8 @@ $contenido_path = ''; # include the config file of the frontend to init the Client and Language Id include_once ("config.php"); -// include security class and check request variables -include_once ($contenido_path . 'classes/class.security.php'); -Contenido_Security::checkRequests(); - -include_once ($contenido_path . "includes/startup.php"); -cInclude("includes", "functions.general.php"); +// Contenido startup process +include_once ($contenido_path . 'includes/startup.php'); if ($contenido) { diff --git a/conlite/external/frontend/front_content.php b/conlite/external/frontend/front_content.php index 27fbc7f..5056912 100644 --- a/conlite/external/frontend/front_content.php +++ b/conlite/external/frontend/front_content.php @@ -1,4 +1,5 @@ Fatal Error
Couldn't include ConLite startup."); +} +include_once($contenido_path . 'includes/startup.php'); cInclude("includes", "functions.con.php"); cInclude("includes", "functions.con2.php"); cInclude("includes", "functions.api.php"); cInclude("includes", "functions.pathresolver.php"); -if ($cfg["use_pseudocron"] == true) -{ +if ($cfg["use_pseudocron"] == true) { /* Include cronjob-Emulator */ $oldpwd = getcwd(); - chdir($cfg["path"]["contenido"].$cfg["path"]["cronjobs"]); + chdir($cfg["path"]["contenido"] . $cfg["path"]["cronjobs"]); cInclude("includes", "pseudo-cron.inc.php"); chdir($oldpwd); } @@ -100,53 +93,40 @@ if ($cfg["use_pseudocron"] == true) * PHPLIB application development toolkit * @see http://sourceforge.net/projects/phplib */ -if ($contenido) -{ +if (!empty($contenido)) { //Backend - page_open(array ('sess' => 'Contenido_Session', 'auth' => 'Contenido_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm')); - i18nInit($cfg["path"]["contenido"].$cfg["path"]["locale"], $belang); -} -else -{ + page_open(array('sess' => 'Contenido_Session', 'auth' => 'Contenido_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm')); + i18nInit($cfg["path"]["contenido"] . $cfg["path"]["locale"], $belang); +} else { //Frontend - page_open(array ('sess' => 'Contenido_Frontend_Session', 'auth' => 'Contenido_Frontend_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm')); + page_open(array('sess' => 'Contenido_Frontend_Session', 'auth' => 'Contenido_Frontend_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm')); } -/** - * Bugfix - * @see http://contenido.org/forum/viewtopic.php?t=18291 - * - * added by H. Librenz (2007-12-07) - */ -//includePluginConf(); -/** - * fixed bugfix - using functions brokes variable scopes! - * - * added by H. Librenz (2007-12-21) based on an idea of A. Lindner - */ require_once $cfg['path']['contenido'] . $cfg['path']['includes'] . 'functions.includePluginConf.php'; -$db = new DB_ConLite; +// Call hook after plugins are loaded, added by Murat Purc, 2008-09-07 +CEC_Hook::execute('Contenido.Frontend.AfterLoadPlugins'); + +$db = new DB_ConLite(); $sess->register("cfgClient"); $sess->register("errsite_idcat"); $sess->register("errsite_idart"); $sess->register("encoding"); -if ($cfgClient["set"] != "set") -{ +if (empty($cfgClient["set"]) || $cfgClient["set"] != "set") { rereadClients(); } # Check if this request is for a compressed file -if ($_GET['action'] == 'get_compressed') { +if (isset($_GET['action']) && $_GET['action'] == 'get_compressed') { # Get the calling parameters - $sFilename = ((isset($_GET['f'])) ? $_GET['f'] : $_GET['amp;f']); - $sContentType = ((isset($_GET['c'])) ? $_GET['c'] : $_GET['amp;c']); - + $sFilename = ((isset($_GET['f'])) ? $_GET['f'] : $_GET['amp;f']); + $sContentType = ((isset($_GET['c'])) ? $_GET['c'] : $_GET['amp;c']); + # Output the file using the class output() function Output_Compressor::output($cfgClient[$client]['path']['frontend'] . 'cache/', $sFilename, $sContentType); - + # Don't do anything else exit(); } @@ -154,8 +134,7 @@ if ($_GET['action'] == 'get_compressed') { // Call hook after plugins are loaded, added by Murat Purc, 2008-09-07 CEC_Hook::execute('Contenido.Frontend.AfterLoadPlugins'); -if (!isset($encoding) || !is_array($encoding) || count($encoding) == 0) -{ +if (!isset($encoding) || !is_array($encoding) || count($encoding) == 0) { // get encodings of all languages $encoding = array(); $sql = "SELECT idlang, encoding FROM " . $cfg["tab"]["lang"]; @@ -170,27 +149,25 @@ if (!isset($encoding) || !is_array($encoding) || count($encoding) == 0) // @TODO: Should be outsourced into startup process but requires a better detection (frontend or backend) Contenido_Security::checkFrontendGlobals(); - // update urlbuilder set http base path Contenido_Url::getInstance()->getUrlBuilder()->setHttpBasePath($cfgClient[$client]['htmlpath']['frontend']); - // Initialize language if (!isset($lang)) { // if there is an entry load_lang in frontend/config.php use it, else use the first language of this client - if(isset($load_lang)){ + if (isset($load_lang)) { // load_client is set in frontend/config.php $lang = $load_lang; - }else{ + } else { $sql = "SELECT B.idlang FROM - ".$cfg["tab"]["clients_lang"]." AS A, - ".$cfg["tab"]["lang"]." AS B + " . $cfg["tab"]["clients_lang"] . " AS A, + " . $cfg["tab"]["lang"] . " AS B WHERE - A.idclient='".Contenido_Security::toInteger($client)."' AND + A.idclient='" . Contenido_Security::toInteger($client) . "' AND A.idlang = B.idlang LIMIT 0,1"; @@ -202,11 +179,12 @@ if (!isset($lang)) { } } -if (!$sess->is_registered("lang") ) $sess->register("lang"); -if (!$sess->is_registered("client") ) $sess->register("client"); +if (!$sess->is_registered("lang")) + $sess->register("lang"); +if (!$sess->is_registered("client")) + $sess->register("client"); -if (isset ($username)) -{ +if (isset($username)) { $auth->login_if(true); } @@ -219,8 +197,7 @@ header("Content-Type: text/html; charset={$encoding[$lang]}"); * if http global logout is set e.g. front_content.php?logout=true * log out the current user. */ -if (isset ($logout)) -{ +if (isset($logout)) { $auth->logout(true); $auth->unauth(true); $auth->auth["uname"] = "nobody"; @@ -229,8 +206,7 @@ if (isset ($logout)) /* * local configuration */ -if (file_exists("config.local.php")) -{ +if (file_exists("config.local.php")) { @ include ("config.local.php"); } @@ -238,101 +214,86 @@ if (file_exists("config.local.php")) * If the path variable was passed, try to resolve it to a Category Id * e.g. front_content.php?path=/company/products/ */ -if (isset($path) && strlen($path) > 1) -{ +if (isset($path) && strlen($path) > 1) { /* Which resolve method is configured? */ - if ($cfg["urlpathresolve"] == true) - { + if ($cfg["urlpathresolve"] == true) { $iLangCheck = 0; $idcat = prResolvePathViaURLNames($path, $iLangCheck); - - } - else - { + } else { $iLangCheck = 0; $idcat = prResolvePathViaCategoryNames($path, $iLangCheck); - if(($lang != $iLangCheck) && ((int)$iLangCheck != 0)){ + if (($lang != $iLangCheck) && ((int) $iLangCheck != 0)) { $lang = $iLangCheck; } - } } // error page -$aParams = array ( - 'client' => $client, 'idcat' => $errsite_idcat[$client], 'idart' => $errsite_idart[$client], - 'lang' => $lang, 'error'=> '1' +$aParams = array( + 'client' => $client, 'idcat' => $errsite_idcat[$client], 'idart' => $errsite_idart[$client], + 'lang' => $lang, 'error' => '1' ); $errsite = 'Location: ' . Contenido_Url::getInstance()->buildRedirect($aParams); - /* * Try to initialize variables $idcat, $idart, $idcatart, $idartlang * Note: These variables can be set via http globals e.g. front_content.php?idcat=41&idart=34&idcatart=35&idartlang=42 * If not the values will be computed. */ -if ($idart && !$idcat && !$idcatart) -{ +if ($idart && !$idcat && !$idcatart) { /* Try to fetch the first idcat */ - $sql = "SELECT idcat FROM ".$cfg["tab"]["cat_art"]." WHERE idart = '".Contenido_Security::toInteger($idart)."'"; + $sql = "SELECT idcat FROM " . $cfg["tab"]["cat_art"] . " WHERE idart = '" . Contenido_Security::toInteger($idart) . "'"; $db->query($sql); - if ($db->next_record()) - { + if ($db->next_record()) { $idcat = $db->f("idcat"); } } -unset ($code); -unset ($markscript); +unset($code); +unset($markscript); -if (!$idcatart) -{ - if (!$idart) - { - if (!$idcat) - { +if (empty($idcatart)) { + if (empty($idart)) { + if (empty($idcat)) { # Note: In earlier Contenido versions the information if an article is startarticle of a category has been stored # in relation con_cat_art. - if ($cfg["is_start_compatible"] == true) - { + if ($cfg["is_start_compatible"] == true) { $sql = "SELECT idart, B.idcat FROM - ".$cfg["tab"]["cat_art"]." AS A, - ".$cfg["tab"]["cat_tree"]." AS B, - ".$cfg["tab"]["cat"]." AS C + " . $cfg["tab"]["cat_art"] . " AS A, + " . $cfg["tab"]["cat_tree"] . " AS B, + " . $cfg["tab"]["cat"] . " AS C WHERE A.idcat=B.idcat AND B.idcat=C.idcat AND is_start='1' AND - idclient='".Contenido_Security::toInteger($client)."' + idclient='" . Contenido_Security::toInteger($client) . "' ORDER BY idtree ASC"; - } - else - { + } else { # Note: Now the information if an article is startarticle of a category is stored in relation con_cat_lang. $sql = "SELECT A.idart, B.idcat FROM - ".$cfg["tab"]["cat_art"]." AS A, - ".$cfg["tab"]["cat_tree"]." AS B, - ".$cfg["tab"]["cat"]." AS C, - ".$cfg["tab"]["cat_lang"]." AS D, - ".$cfg["tab"]["art_lang"]." AS E + " . $cfg["tab"]["cat_art"] . " AS A, + " . $cfg["tab"]["cat_tree"] . " AS B, + " . $cfg["tab"]["cat"] . " AS C, + " . $cfg["tab"]["cat_lang"] . " AS D, + " . $cfg["tab"]["art_lang"] . " AS E WHERE A.idcat=B.idcat AND B.idcat=C.idcat AND D.startidartlang = E.idartlang AND - D.idlang='".Contenido_Security::toInteger($lang)."' AND + D.idlang='" . Contenido_Security::toInteger($lang) . "' AND E.idart=A.idart AND - E.idlang='".Contenido_Security::toInteger($lang)."' AND - idclient='".Contenido_Security::toInteger($client)."' + E.idlang='" . Contenido_Security::toInteger($lang) . "' AND + idclient='" . Contenido_Security::toInteger($client) . "' ORDER BY idtree ASC"; } @@ -343,40 +304,34 @@ if (!$idcatart) $idart = $db->f("idart"); $idcat = $db->f("idcat"); } else { - if($contenido) { + if (!empty($contenido)) { cInclude("includes", "functions.i18n.php"); die(i18n("No start article for this category")); } else { - if($error == 1) { + if ($error == 1) { die("Fatal error: Could not display error page. Error to display was: 'No start article in this category'"); } else { header($errsite); - exit; + exit; } } } } else { $idart = -1; - if ($cfg["is_start_compatible"] == true) - { - $sql = "SELECT idart FROM ".$cfg["tab"]["cat_art"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' AND is_start='1'"; + if ($cfg["is_start_compatible"] == true) { + $sql = "SELECT idart FROM " . $cfg["tab"]["cat_art"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' AND is_start='1'"; $db->query($sql); - if ($db->next_record()) - { + if ($db->next_record()) { $idart = $db->f("idart"); } - } - else - { - $sql = "SELECT startidartlang FROM ".$cfg["tab"]["cat_lang"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' AND idlang='".Contenido_Security::toInteger($lang)."'"; + } else { + $sql = "SELECT startidartlang FROM " . $cfg["tab"]["cat_lang"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); - if ($db->next_record()) - { - if ($db->f("startidartlang") != 0) - { - $sql = "SELECT idart FROM ".$cfg["tab"]["art_lang"]." WHERE idartlang='".Contenido_Security::toInteger($db->f("startidartlang"))."'"; + if ($db->next_record()) { + if ($db->f("startidartlang") != 0) { + $sql = "SELECT idart FROM " . $cfg["tab"]["art_lang"] . " WHERE idartlang='" . Contenido_Security::toInteger($db->f("startidartlang")) . "'"; $db->query($sql); $db->next_record(); $idart = $db->f("idart"); @@ -384,36 +339,26 @@ if (!$idcatart) } } - if ($idart != -1) - { - } - else - { + if ($idart != -1) { + + } else { // error message in backend - if ($contenido) - { + if ($contenido) { cInclude("includes", "functions.i18n.php"); die(i18n("No start article for this category")); - } - else - { - if ($error == 1) - { + } else { + if ($error == 1) { echo "Fatal error: Could not display error page. Error to display was: 'No start article in this category'"; - } - else - { + } else { header($errsite); - exit; + exit; } } } } } -} -else -{ - $sql = "SELECT idcat, idart FROM ".$cfg["tab"]["cat_art"]." WHERE idcatart='".Contenido_Security::toInteger($idcatart)."'"; +} else { + $sql = "SELECT idcat, idart FROM " . $cfg["tab"]["cat_art"] . " WHERE idcatart='" . Contenido_Security::toInteger($idcatart) . "'"; $db->query($sql); $db->next_record(); @@ -423,9 +368,8 @@ else } /* Get idcatart */ -if (0 != $idart && 0 != $idcat) -{ - $sql = "SELECT idcatart FROM ".$cfg["tab"]["cat_art"]." WHERE idart = '".Contenido_Security::toInteger($idart)."' AND idcat = '".Contenido_Security::toInteger($idcat)."'"; +if (0 != $idart && 0 != $idcat) { + $sql = "SELECT idcatart FROM " . $cfg["tab"]["cat_art"] . " WHERE idart = '" . Contenido_Security::toInteger($idart) . "' AND idcat = '" . Contenido_Security::toInteger($idcat) . "'"; $db->query($sql); $db->next_record(); @@ -435,10 +379,9 @@ if (0 != $idart && 0 != $idcat) $idartlang = getArtLang($idart, $lang); -if ($idartlang === false) -{ +if ($idartlang === false) { header($errsite); - exit; + exit; } /* @@ -454,8 +397,6 @@ if ($cfg["cache"]["disable"] != '1') { $oCacheHandler->start($iStartTime); // $iStartTime ist optional und ist die startzeit des scriptes, z. b. am anfang von fron_content.php } // END: concache - - ############################################## # BACKEND / FRONTEND EDITING ############################################## @@ -470,44 +411,39 @@ if ($cfg["cache"]["disable"] != '1') { * The reason is to avoid cross-site scripting errors in the backend, if the backend domain differs from * the frontend domain. */ -if ($contenido) -{ +if ($contenido) { $perm->load_permissions(); /* Change mode edit / view */ - if (isset ($changeview)) - { + if (isset($changeview)) { $sess->register("view"); $view = $changeview; } $col = new InUseCollection; - if ($overrideid != "" && $overridetype != "") - { + if ($overrideid != "" && $overridetype != "") { $col->removeItemMarks($overridetype, $overrideid); } /* Remove all own marks */ $col->removeSessionMarks($sess->id); /* If the override flag is set, override a specific InUseItem */ - list ($inUse, $message) = $col->checkAndMark("article", $idartlang, true, i18n("Article is in use by %s (%s)"), true, $cfg['path']['contenido_fullhtml']."external/backendedit/front_content.php?changeview=edit&action=con_editart&idartlang=$idartlang&type=$type&typenr=$typenr&idart=$idart&idcat=$idcat&idcatart=$idcatart&client=$client&lang=$lang"); + list ($inUse, $message) = $col->checkAndMark("article", $idartlang, true, i18n("Article is in use by %s (%s)"), true, $cfg['path']['contenido_fullhtml'] . "external/backendedit/front_content.php?changeview=edit&action=con_editart&idartlang=$idartlang&type=$type&typenr=$typenr&idart=$idart&idcat=$idcat&idcatart=$idcatart&client=$client&lang=$lang"); $sHtmlInUse = ''; $sHtmlInUseMessage = ''; - if ($inUse == true) - { + if ($inUse == true) { $disabled = 'disabled="disabled"'; - $sHtmlInUseCss = ''; + $sHtmlInUseCss = ''; $sHtmlInUseMessage = $message; } - $sql = "SELECT locked FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".Contenido_Security::toInteger($idart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; + $sql = "SELECT locked FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); $db->next_record(); $locked = $db->f("locked"); - if ($locked == 1) - { + if ($locked == 1) { $inUse = true; $disabled = 'disabled="disabled"'; } @@ -515,47 +451,40 @@ if ($contenido) // CEC to check if the user has permission to edit articles in this category CEC_Hook::setBreakCondition(false, true); // break at "false", default value "true" $allow = CEC_Hook::executeWhileBreakCondition( - 'Contenido.Frontend.AllowEdit', $lang, $idcat, $idart, $auth->auth['uid'] + 'Contenido.Frontend.AllowEdit', $lang, $idcat, $idart, $auth->auth['uid'] ); - if ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat) && $inUse == false && $allow == true) - { + if ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat) && $inUse == false && $allow == true) { /* Create buttons for editing */ $edit_preview = ''; - if ($view == "edit") - { + if ($view == "edit") { $edit_preview = ''; - } - else - { + } else { $edit_preview = ''; } /* Display articles */ - if ($cfg["is_start_compatible"] == true) - { - $sql = "SELECT idart, is_start FROM ".$cfg["tab"]["cat_art"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' ORDER BY idart"; + if ($cfg["is_start_compatible"] == true) { + $sql = "SELECT idart, is_start FROM " . $cfg["tab"]["cat_art"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' ORDER BY idart"; $db->query($sql); - } - else - { - $sql = "SELECT idart FROM ".$cfg["tab"]["cat_art"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' ORDER BY idart"; + } else { + $sql = "SELECT idart FROM " . $cfg["tab"]["cat_art"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' ORDER BY idart"; $db->query($sql); } @@ -564,53 +493,41 @@ if ($contenido) $edit_preview .= '
- Preview + Preview - Preview + Preview
- Preview + Preview - Edit + Edit
Articles in category:
'; - while ($db->next_record() && ($db->affected_rows() != 1)) - { + while ($db->next_record() && ($db->affected_rows() != 1)) { $class = "font-family:'Verdana'; font-size:10; color:#000000; text-decoration: underline; font-weight:normal"; - if (!isset ($idart)) - { - if (isStartArticle(getArtLang($idart, $lang), $idcat, $lang)) - { + if (!isset($idart)) { + if (isStartArticle(getArtLang($idart, $lang), $idcat, $lang)) { $class = "font-family: verdana; font-size:10; color:#000000; text-decoration: underline ;font-weight:bold"; } - } - else - { - if ($idart == $db->f("idart")) - { + } else { + if ($idart == $db->f("idart")) { $class = "font-family: verdana; font-size:10; color:#000000; text-decoration: underline; font-weight:bold"; } } - $edit_preview .= "url("front_content.php?idart=".$db->f("idart")."&idcat=$idcat")."\">$a "; - $a ++; + $edit_preview .= "url("front_content.php?idart=" . $db->f("idart") . "&idcat=$idcat") . "\">$a "; + $a++; } $edit_preview .= '
'; - } - } // end if $contenido /* If mode is 'edit' and user has permission to edit articles in the current category */ -if ($inUse == false && $allow == true && $view == "edit" && ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat))) -{ +if (empty($inUse) && (isset($allow) && $allow == true) && $view == "edit" && ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat))) { cInclude("includes", "functions.tpl.php"); cInclude("includes", "functions.con.php"); - include ($cfg["path"]["contenido"].$cfg["path"]["includes"]."include.con_editcontent.php"); -} -else -{ + include ($cfg["path"]["contenido"] . $cfg["path"]["includes"] . "include.con_editcontent.php"); +} else { ############################################## # FRONTEND VIEW ############################################## /* Mark submenuitem 'Preview' in the Contenido Backend (Area: Contenido --> Articles --> Preview) */ - if ($contenido) - { + if ($contenido) { $markscript = markSubMenuItem(4, true); } @@ -620,10 +537,10 @@ else $sql = "SELECT createcode FROM - ".$cfg["tab"]["cat_art"]." + " . $cfg["tab"]["cat_art"] . " WHERE - idcat = '".Contenido_Security::toInteger($idcat)."' AND - idart = '".Contenido_Security::toInteger($idart)."'"; + idcat = '" . Contenido_Security::toInteger($idcat) . "' AND + idart = '" . Contenido_Security::toInteger($idart) . "'"; $db->query($sql); $db->next_record(); @@ -633,47 +550,36 @@ else ############################################## /* Check if code is expired, create new code if needed */ - if ($db->f("createcode") == 0 && $force == 0 && $cfg['dceModEdit']['use'] !== true) - { - $sql = "SELECT code FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; + if ($db->f("createcode") == 0 && $force == 0 && $cfg['dceModEdit']['use'] !== true && $cfg['dceLayEdit']['use'] !== true) { + $sql = "SELECT code FROM " . $cfg["tab"]["code"] . " WHERE idcatart = '" . Contenido_Security::toInteger($idcatart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); - if ($db->num_rows() == 0) - { + if ($db->num_rows() == 0) { /* Include here for performance reasons */ cInclude("includes", "functions.tpl.php"); conGenerateCode($idcat, $idart, $lang, $client); - $sql = "SELECT code FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; + $sql = "SELECT code FROM " . $cfg["tab"]["code"] . " WHERE idcatart = '" . Contenido_Security::toInteger($idcatart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); } - if ($db->next_record()) - { + if ($db->next_record()) { $code = stripslashes($db->f("code")); - } - else - { + } else { if ($contenido) $code = "echo \"No code available.\";"; - else - { - if ($error == 1) - { + else { + if ($error == 1) { echo "Fatal error: Could not display error page. Error to display was: 'No code available'"; - } - else - { + } else { header($errsite); - exit; + exit; } } } - } - else - { - $sql = "DELETE FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."'"; + } else { + $sql = "DELETE FROM " . $cfg["tab"]["code"] . " WHERE idcatart = '" . Contenido_Security::toInteger($idcatart) . "'"; $db->query($sql); cInclude("includes", "functions.con.php"); @@ -682,7 +588,7 @@ else conGenerateCode($idcat, $idart, $lang, $client); - $sql = "SELECT code FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; + $sql = "SELECT code FROM " . $cfg["tab"]["code"] . " WHERE idcatart = '" . Contenido_Security::toInteger($idcatart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); $db->next_record(); @@ -691,16 +597,18 @@ else } /* Add mark Script to code if user is in the backend */ - $code = preg_replace("/<\/head>/i", "$markscript\n", $code, 1); + if(!empty($markscript)) { + $code = preg_replace("/<\/head>/i", "$markscript\n", $code, 1); + } /* If article is in use, display notification */ - if ($sHtmlInUseCss && $sHtmlInUseMessage) { + if (!empty($sHtmlInUseCss) && !empty($sHtmlInUseMessage)) { $code = preg_replace("/<\/head>/i", "$sHtmlInUseCss\n", $code, 1); $code = preg_replace("/(]*)>/i", "\${1}> \n $sHtmlInUseMessage", $code, 1); } /* Check if category is public */ - $sql = "SELECT public FROM ".$cfg["tab"]["cat_lang"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' AND idlang='".Contenido_Security::toInteger($lang)."'"; + $sql = "SELECT public FROM " . $cfg["tab"]["cat_lang"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); $db->next_record(); @@ -710,80 +618,68 @@ else ############################################## # protected categories ############################################## - if ($public == 0) - { - if ($auth->auth["uid"] == "nobody") - { - $sql = "SELECT user_id, value FROM ".$cfg["tab"]["user_prop"]." WHERE type='frontend' and name='allowed_ip'"; + if ($public == 0) { + if ($auth->auth["uid"] == "nobody") { + $sql = "SELECT user_id, value FROM " . $cfg["tab"]["user_prop"] . " WHERE type='frontend' and name='allowed_ip'"; $db->query($sql); - while ($db->next_record()) - { + while ($db->next_record()) { $user_id = $db->f("user_id"); $range = urldecode($db->f("value")); $slash = strpos($range, "/"); - if ($slash == false) - { + if ($slash == false) { $netmask = "255.255.255.255"; $network = $range; - } - else - { + } else { $network = substr($range, 0, $slash); - $netmask = substr($range, $slash +1, strlen($range) - $slash -1); + $netmask = substr($range, $slash + 1, strlen($range) - $slash - 1); } - if (IP_match($network, $netmask, $_SERVER["REMOTE_ADDR"])) - { + if (IP_match($network, $netmask, $_SERVER["REMOTE_ADDR"])) { $sql = "SELECT idright - FROM ".$cfg["tab"]["rights"]." AS A, - ".$cfg["tab"]["actions"]." AS B, - ".$cfg["tab"]["area"]." AS C - WHERE B.name = 'front_allow' AND C.name = 'str' AND A.user_id = '".Contenido_Security::escapeDB($user_id, $db2)."' AND A.idcat = '".Contenido_Security::toInteger($idcat)."' + FROM " . $cfg["tab"]["rights"] . " AS A, + " . $cfg["tab"]["actions"] . " AS B, + " . $cfg["tab"]["area"] . " AS C + WHERE B.name = 'front_allow' AND C.name = 'str' AND A.user_id = '" . Contenido_Security::escapeDB($user_id, $db2) . "' AND A.idcat = '" . Contenido_Security::toInteger($idcat) . "' AND A.idarea = C.idarea AND B.idaction = A.idaction"; - $db2 = new DB_ConLite; + $db2 = new DB_ConLite(); $db2->query($sql); - if ($db2->num_rows() > 0) - { + if ($db2->num_rows() > 0) { $auth->auth["uid"] = $user_id; $validated = 1; } } } - if ($validated != 1) - { + if ($validated != 1) { // CEC to check category access CEC_Hook::setBreakCondition(true, false); // break at "true", default value "false" $allow = CEC_Hook::executeWhileBreakCondition( - 'Contenido.Frontend.CategoryAccess', $lang, $idcat, $auth->auth['uid'] + 'Contenido.Frontend.CategoryAccess', $lang, $idcat, $auth->auth['uid'] ); $auth->login_if(!$allow); } - } - else - { + } else { // CEC to check category access CEC_Hook::setBreakCondition(true, false); // break at "true", default value "false" $allow = CEC_Hook::executeWhileBreakCondition( - 'Contenido.Frontend.CategoryAccess', $lang, $idcat, $auth->auth['uid'] + 'Contenido.Frontend.CategoryAccess', $lang, $idcat, $auth->auth['uid'] ); /* - added 2008-11-18 Timo Trautmann - in backendeditmode also check if logged in backenduser has permission to view preview of page - */ + added 2008-11-18 Timo Trautmann + in backendeditmode also check if logged in backenduser has permission to view preview of page + */ if ($allow == false && $contenido && $perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat)) { $allow = true; } - if (!$allow) - { + if (!$allow) { header($errsite); - exit; + exit; } } } @@ -791,47 +687,24 @@ else ############################################## # statistic ############################################## - /* Sanity: If the statistic table doesn't contain an entry, create one */ - $sql = "SELECT idcatart FROM ".$cfg["tab"]["stat"]." WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."' AND idlang='".Contenido_Security::toInteger($lang)."'"; - $db->query($sql); - - if ($db->next_record()) - { - /* Update the statistics. */ - $sql = "UPDATE ".$cfg["tab"]["stat"]." SET visited = visited + 1 WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."' AND idclient = '".Contenido_Security::toInteger($client)."' - AND idlang = '".Contenido_Security::toInteger($lang)."'"; - $db->query($sql); - } - else - { - /* Insert new record */ - $next = $db->nextid($cfg["tab"]["stat"]); - $sql = "INSERT INTO ".$cfg["tab"]["stat"]." (visited, idcatart, idlang, idstat, idclient) VALUES ('1', '".Contenido_Security::toInteger($idcatart)."', '".Contenido_Security::toInteger($lang)."', - '".Contenido_Security::toInteger($next)."', '".Contenido_Security::toInteger($client)."')"; - $db->query($sql); - } + $oStatCol = new cApiStatCollection(); + $oStatCol->trackView($idcatart); /* * Check if an article is start article of the category */ - if ($cfg["is_start_compatible"] == true) - { - $sql = "SELECT is_start FROM ".$cfg["tab"]["cat_art"]." WHERE idcatart='".Contenido_Security::toInteger($idcatart)."'"; + if ($cfg["is_start_compatible"] == true) { + $sql = "SELECT is_start FROM " . $cfg["tab"]["cat_art"] . " WHERE idcatart='" . Contenido_Security::toInteger($idcatart) . "'"; $db->query($sql); $db->next_record(); $isstart = $db->f("is_start"); - } - else - { - $sql = "SELECT startidartlang FROM ".$cfg["tab"]["cat_lang"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; + } else { + $sql = "SELECT startidartlang FROM " . $cfg["tab"]["cat_lang"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); $db->next_record(); - if ($db->f("idartlang") == $idartlang) - { + if ($db->f("idartlang") == $idartlang) { $isstart = 1; - } - else - { + } else { $isstart = 0; } } @@ -839,18 +712,15 @@ else ############################################## # time management ############################################## - $sql = "SELECT timemgmt FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".Contenido_Security::toInteger($idart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; + $sql = "SELECT timemgmt FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); $db->next_record(); - if (($db->f("timemgmt") == "1") && ($isstart != 1)) - { - $sql = "SELECT online, redirect, redirect_url FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".Contenido_Security::toInteger($idart)."' AND idlang = '".Contenido_Security::toInteger($lang)."' + if (($db->f("timemgmt") == "1") && ($isstart != 1)) { + $sql = "SELECT online, redirect, redirect_url FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "' AND NOW() > datestart AND NOW() < dateend"; - } - else - { - $sql = "SELECT online, redirect, redirect_url FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".Contenido_Security::toInteger($idart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; + } else { + $sql = "SELECT online, redirect, redirect_url FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'"; } $db->query($sql); @@ -860,15 +730,14 @@ else $redirect = $db->f("redirect"); $redirect_url = $db->f("redirect_url"); - @ eval ("\$"."redirect_url = \"$redirect_url\";"); // transform variables + @ eval("\$" . "redirect_url = \"$redirect_url\";"); // transform variables $insert_base = getEffectiveSetting('generator', 'basehref', "true"); /* * generate base url */ - if ($insert_base == "true") - { + if ($insert_base == "true") { $is_XHTML = getEffectiveSetting('generator', 'xhtml', "false"); $str_base_uri = $cfgClient[$client]["path"]["htmlpath"]; @@ -877,21 +746,19 @@ else $str_base_uri = CEC_Hook::executeAndReturn('Contenido.Frontend.BaseHrefGeneration', $str_base_uri); if ($is_XHTML == "true") { - $baseCode = ''; + $baseCode = ''; } else { - $baseCode = ''; + $baseCode = ''; } - $code = str_ireplace_once("", "\n".$baseCode, $code); + $code = str_ireplace_once("", "\n" . $baseCode, $code); } /* * Handle online (offline) articles */ - if ($online) - { - if ($redirect == '1' && $redirect_url != '') - { + if ($online) { + if ($redirect == '1' && $redirect_url != '') { page_close(); /* * Redirect to the URL defined in article properties @@ -907,12 +774,9 @@ else } header("Location: $redirect_url"); exit; - } - else - { - if ($cfg["debug"]["codeoutput"]) - { - echo ""; + } else { + if ($cfg["debug"]["codeoutput"]) { + echo ""; } /* @@ -923,11 +787,11 @@ else $aExclude = explode(',', getEffectiveSetting('frontend.no_outputbuffer', 'idart', '')); if (in_array(Contenido_Security::toInteger($idart), $aExclude)) { - eval ("?>\n".$code."\n\n" . $code . "\n\n".$code."\n\n" . $code . "\n\n".$code."\n\n" . $code . "\ndisconnect(); -page_close(); -?> \ No newline at end of file +page_close(); \ No newline at end of file diff --git a/conlite/external/frontend/front_crcloginform.inc.php b/conlite/external/frontend/front_crcloginform.inc.php index 929dff0..663897c 100644 --- a/conlite/external/frontend/front_crcloginform.inc.php +++ b/conlite/external/frontend/front_crcloginform.inc.php @@ -1,40 +1,25 @@ - * - * Requirements: - * @con_php_req 5 - * @con_template - * @con_notice - * - * - * @package ContenidoBackendArea - * @version + * @package ConLite + * @subpackage Frontend + * @version $Rev$ + * @author Ortwin Pinke + * @copyright conrepo.org + * @link http://conlite.conrepo.org * @author Jan Lengowski * @copyright four for business AG * @license http://www.contenido.org/license/LIZENZ.txt * @link http://www.4fb.de * @link http://www.contenido.org - * - * - * - * {@internal - * created 2003-01-21 - * modified 2005-09-29, Andreas Lindner - * modified 2008-07-04, bilal arslan, added security fix - * modified 2008-11-18, Murat Purc, add usage of Contenido_Url to create urls to frontend pages and redesign of HTML markup - * modified 2009-01-03, Murat Purc, synchronized with cms/front_crcloginform.inc.php - * modified 2011-02-07, Dominik Ziegler, fixed check of but_ok.gif and changed input type button to submit * * $Id$: - * }} - * */ +/** + * security check + */ if(!defined('CON_FRAMEWORK')) { die('Illegal call'); } @@ -108,18 +93,17 @@ if ( file_exists($cfgClient[$client]['path']['frontend'] . 'images/but_ok.gif') } ?> - + - + :: :: :: :: Contenido Login - - + @@ -156,13 +140,14 @@ if ( file_exists($cfgClient[$client]['path']['frontend'] . 'images/but_ok.gif') - - + - + \ No newline at end of file diff --git a/conlite/external/frontend/includes/class.input.helper.php b/conlite/external/frontend/includes/class.input.helper.php index c19fcf2..bd0bc52 100644 --- a/conlite/external/frontend/includes/class.input.helper.php +++ b/conlite/external/frontend/includes/class.input.helper.php @@ -1,4 +1,5 @@ 0) - { - $sSQL = "SELECT tblArtLang.title AS title, tblArtLang.idartlang AS idartlang, tblCatArt.idcat AS idcat, "; - $sSQL .= "tblCatArt.idcatart AS idcatart, tblCatArt.is_start AS isstart, tblArtLang.online AS online, "; - $sSQL .= "tblCatLang.startidartlang as idstartartlang "; - $sSQL .= "FROM ".$cfg["tab"]["art_lang"]." AS tblArtLang, ".$cfg["tab"]["cat_art"]." AS tblCatArt, "; - $sSQL .= $cfg["tab"]["cat_lang"]." AS tblCatLang "; - $sSQL .= "WHERE tblCatArt.idcat = '".Contenido_Security::toInteger($iIDCat)."' AND tblCatLang.idcat = tblCatArt.idcat AND tblCatLang.idlang = tblArtLang.idlang AND "; + if (is_numeric($iIDCat) && $iIDCat > 0) { + $sSQL = "SELECT tblArtLang.title AS title, tblArtLang.idartlang AS idartlang, tblCatArt.idcat AS idcat, "; + $sSQL .= "tblCatArt.idcatart AS idcatart, tblCatArt.is_start AS isstart, tblArtLang.online AS online, "; + $sSQL .= "tblCatLang.startidartlang as idstartartlang "; + $sSQL .= "FROM " . $cfg["tab"]["art_lang"] . " AS tblArtLang, " . $cfg["tab"]["cat_art"] . " AS tblCatArt, "; + $sSQL .= $cfg["tab"]["cat_lang"] . " AS tblCatLang "; + $sSQL .= "WHERE tblCatArt.idcat = '" . Contenido_Security::toInteger($iIDCat) . "' AND tblCatLang.idcat = tblCatArt.idcat AND tblCatLang.idlang = tblArtLang.idlang AND "; - if ($bArtOnline) { - $sSQL .= "tblArtLang.online = '1' AND "; - } + if ($bArtOnline) { + $sSQL .= "tblArtLang.online = '1' AND "; + } - $sSQL .= "tblArtLang.idart = tblCatArt.idart AND tblArtLang.idlang = '".Contenido_Security::escapeDB($lang, $oDB)."' "; - if ($cfg["is_start_compatible"] == true) { - $sSQL .= "ORDER BY tblCatArt.is_start DESC, tblArtLang.title"; // Getting start article as first article - } else { - $sSQL .= "ORDER BY tblArtLang.title"; - } + $sSQL .= "tblArtLang.idart = tblCatArt.idart AND tblArtLang.idlang = '" . Contenido_Security::escapeDB($lang, $oDB) . "' "; + if ($cfg["is_start_compatible"] == true) { + $sSQL .= "ORDER BY tblCatArt.is_start DESC, tblArtLang.title"; // Getting start article as first article + } else { + $sSQL .= "ORDER BY tblArtLang.title"; + } - $oDB->query($sSQL); + $oDB->query($sSQL); - $iCount = $oDB->num_rows(); - if ($iCount == 0) { - return 0; - } else { - $iCounter = count($this->_options); - while ($oDB->next_record()) - { - // Generate new option element - $oOption = new cHTMLOptionElement($sSpaces."   ".substr(urldecode($oDB->f("title")), 0, 32), $oDB->f("idcatart")); + $iCount = $oDB->num_rows(); + if ($iCount == 0) { + return 0; + } else { + $iCounter = count($this->_options); + while ($oDB->next_record()) { + // Generate new option element + $oOption = new cHTMLOptionElement($sSpaces . "   " . substr(urldecode($oDB->f("title")), 0, 32), $oDB->f("idcatart")); - if ($bColored) - { - $bIsStartArticle = false; - if ($cfg["is_start_compatible"] == true && $oDB->f("isstart") == 1) { - // Compatible mode and "start article" flag is set - $bIsStartArticle = true; - } else if ($cfg["is_start_compatible"] != true && $oDB->f("idstartartlang") == $oDB->f("idartlang")) { - // No compatible mode and current article is start article (idstartartlang is the same for all records within a category) - $bIsStartArticle = true; - } + if ($bColored) { + $bIsStartArticle = false; + if ($cfg["is_start_compatible"] == true && $oDB->f("isstart") == 1) { + // Compatible mode and "start article" flag is set + $bIsStartArticle = true; + } else if ($cfg["is_start_compatible"] != true && $oDB->f("idstartartlang") == $oDB->f("idartlang")) { + // No compatible mode and current article is start article (idstartartlang is the same for all records within a category) + $bIsStartArticle = true; + } - if ($bIsStartArticle) - { - if ($oDB->f("online") == 0) { - // Start article, but offline -> red - $oOption->setStyle("color: #ff0000;"); - } else { - // Start article -> blue - $oOption->setStyle("color: #0000ff;"); - } - } else if ($oDB->f("online") == 0) { - // Offline article -> grey - $oOption->setStyle("color: #666666;"); - } - } + if ($bIsStartArticle) { + if ($oDB->f("online") == 0) { + // Start article, but offline -> red + $oOption->setStyle("color: #ff0000;"); + } else { + // Start article -> blue + $oOption->setStyle("color: #0000ff;"); + } + } else if ($oDB->f("online") == 0) { + // Offline article -> grey + $oOption->setStyle("color: #666666;"); + } + } - // Add option element to the list - $this->addOptionElement($iCounter, $oOption); - $iCounter++; - } - return $iCount; - } - } else { - return 0; - } - } + // Add option element to the list + $this->addOptionElement($iCounter, $oOption); + $iCounter++; + } + return $iCount; + } + } else { + return 0; + } + } - /** - * Function addCategories. Adds category elements (optionally including articles) to select box values. - * Note: Using "with articles" adds the articles also - but the categories will get a negative value! - * There is no way to distinguish between a category id and an article id... - * - * @param int $iMaxLevel Max. level shown (to be exact: except this level) - * @param bool $bColored Add color information to option elements - * @param bool $bCatVisible If true, only add idcat as value, if cat is visible - * @param bool $bCatPublic If true, only add idcat as value, if cat is public - * @param bool $bWithArt Add also articles per category - * @param bool $bArtOnline If true, show only online articles - * - * @return int Number of items added - **/ - function addCategories ($iMaxLevel = 0, $bColored = false, $bCatVisible = true, $bCatPublic = true, - $bWithArt = false, $bArtOnline = true) - { - global $cfg, $client, $lang; + /** + * Function addCategories. Adds category elements (optionally including articles) to select box values. + * Note: Using "with articles" adds the articles also - but the categories will get a negative value! + * There is no way to distinguish between a category id and an article id... + * + * @param int $iMaxLevel Max. level shown (to be exact: except this level) + * @param bool $bColored Add color information to option elements + * @param bool $bCatVisible If true, only add idcat as value, if cat is visible + * @param bool $bCatPublic If true, only add idcat as value, if cat is public + * @param bool $bWithArt Add also articles per category + * @param bool $bArtOnline If true, show only online articles + * + * @return int Number of items added + * */ + function addCategories($iMaxLevel = 0, $bColored = false, $bCatVisible = true, $bCatPublic = true, + $bWithArt = false, $bArtOnline = true) { + global $cfg, $client, $lang; - $oDB = new DB_ConLite; + $oDB = new DB_Contenido; - $sSQL = "SELECT tblCat.idcat AS idcat, tblCatLang.name AS name, "; - $sSQL .= "tblCatLang.visible AS visible, tblCatLang.public AS public, tblCatTree.level AS level "; - $sSQL .= "FROM ".$cfg["tab"]["cat"]." AS tblCat, ".$cfg["tab"]["cat_lang"]." AS tblCatLang, "; - $sSQL .= $cfg["tab"]["cat_tree"]." AS tblCatTree "; - $sSQL .= "WHERE tblCat.idclient = '".Contenido_Security::escapeDB($client, $oDB)."' AND tblCatLang.idlang = '".Contenido_Security::escapeDB($lang, $oDB)."' AND "; - $sSQL .= "tblCatLang.idcat = tblCat.idcat AND tblCatTree.idcat = tblCat.idcat "; + $sSQL = "SELECT tblCat.idcat AS idcat, tblCatLang.name AS name, "; + $sSQL .= "tblCatLang.visible AS visible, tblCatLang.public AS public, tblCatTree.level AS level "; + $sSQL .= "FROM " . $cfg["tab"]["cat"] . " AS tblCat, " . $cfg["tab"]["cat_lang"] . " AS tblCatLang, "; + $sSQL .= $cfg["tab"]["cat_tree"] . " AS tblCatTree "; + $sSQL .= "WHERE tblCat.idclient = '" . Contenido_Security::escapeDB($client, $oDB) . "' AND tblCatLang.idlang = '" . Contenido_Security::escapeDB($lang, $oDB) . "' AND "; + $sSQL .= "tblCatLang.idcat = tblCat.idcat AND tblCatTree.idcat = tblCat.idcat "; - if ($iMaxLevel > 0) { - $sSQL .= "AND tblCatTree.level < '".Contenido_Security::escapeDB($iMaxLevel, $oDB)."' "; - } - $sSQL .= "ORDER BY tblCatTree.idtree"; + if ($iMaxLevel > 0) { + $sSQL .= "AND tblCatTree.level < '" . Contenido_Security::escapeDB($iMaxLevel, $oDB) . "' "; + } + $sSQL .= "ORDER BY tblCatTree.idtree"; - $oDB->query($sSQL); + $oDB->query($sSQL); - $iCount = $oDB->num_rows(); - if ($iCount == 0) { - return false; - } else { - $iCounter = count($this->_options); - while ($oDB->next_record()) - { - $sSpaces = ""; - $sStyle = ""; - $iID = $oDB->f("idcat"); + $iCount = $oDB->num_rows(); + if ($iCount == 0) { + return false; + } else { + $iCounter = count($this->_options); + while ($oDB->next_record()) { + $sSpaces = ""; + $sStyle = ""; + $iID = $oDB->f("idcat"); - for ($i = 0; $i < $oDB->f("level"); $i++) { - $sSpaces .= "   "; - } + for ($i = 0; $i < $oDB->f("level"); $i++) { + $sSpaces .= "   "; + } - // Generate new option element - if (($bCatVisible && $oDB->f("visible") == 0) || - ($bCatPublic && $oDB->f("public") == 0)) { - // If category has to be visible or public and it isn't, don't add value - $sValue = ""; - } else if ($bWithArt) { - // If article will be added, set negative idcat as value - $sValue = "-".$iID; - } else { - // Show only categories - and everything is fine... - $sValue = $iID; - } - $oOption = new cHTMLOptionElement($sSpaces."> ".urldecode($oDB->f("name")), $sValue); + // Generate new option element + if (($bCatVisible && $oDB->f("visible") == 0) || ($bCatPublic && $oDB->f("public") == 0)) { + // If category has to be visible or public and it isn't, don't add value + $sValue = ""; + } else if ($bWithArt) { + // If article will be added, set negative idcat as value + $sValue = "-" . $iID; + } else { + // Show only categories - and everything is fine... + $sValue = $iID; + } + $oOption = new cHTMLOptionElement($sSpaces . "> " . urldecode($oDB->f("name")), $sValue); - // Coloring option element, restricted shows grey color - $oOption->setStyle("background-color: #EFEFEF"); - if ($bColored && ($oDB->f("visible") == 0 || $oDB->f("public") == 0)) { - $oOption->setStyle("color: #666666;"); - } + // Coloring option element, restricted shows grey color + $oOption->setStyle("background-color: #EFEFEF"); + if ($bColored && ($oDB->f("visible") == 0 || $oDB->f("public") == 0)) { + $oOption->setStyle("color: #666666;"); + } - // Add option element to the list - $this->addOptionElement($iCounter, $oOption); + // Add option element to the list + $this->addOptionElement($iCounter, $oOption); - if ($bWithArt) { - $iArticles = $this->addArticles($iID, $bColored, $bArtOnline, $sSpaces); - $iCount += $iArticles; - } - $iCounter = count($this->_options); - } - } - return $iCount; - } + if ($bWithArt) { + $iArticles = $this->addArticles($iID, $bColored, $bArtOnline, $sSpaces); + $iCount += $iArticles; + } + $iCounter = count($this->_options); + } + } + return $iCount; + } - /** - * Function addTypesFromArt. Adds types and type ids which are available for the specified article - * - * @param int $iIDCatArt Article id - * @param string $sTypeRange Komma separated list of Contenido type ids which may be in the resulting list (e.g. '1','17','28') - * - * @return int Number of items added - **/ - function addTypesFromArt ($iIDCatArt, $sTypeRange = "") - { - global $cfg, $lang; + /** + * Function addTypesFromArt. Adds types and type ids which are available for the specified article + * + * @param int $iIDCatArt Article id + * @param string $sTypeRange Komma separated list of Contenido type ids which may be in the resulting list (e.g. '1','17','28') + * + * @return int Number of items added + * */ + function addTypesFromArt($iIDCatArt, $sTypeRange = "") { + global $cfg, $lang; - $oDB = new DB_ConLite; + $oDB = new DB_Contenido; - if (is_numeric($iIDCatArt) && $iIDCatArt > 0) - { - $sSQL = "SELECT tblContent.typeid AS typeid, tblContent.idtype AS idtype, tblType.type AS type, tblType.description AS description, "; - $sSQL .= "tblContent.value AS value "; - $sSQL .= "FROM ".$cfg["tab"]["content"]." AS tblContent, ".$cfg["tab"]["art_lang"]." AS tblArtLang, "; - $sSQL .= $cfg["tab"]["cat_art"]." AS tblCatArt, ".$cfg["tab"]["type"]." AS tblType "; - $sSQL .= "WHERE tblContent.idtype = tblType.idtype AND tblContent.idartlang = tblArtLang.idartlang AND "; - $sSQL .= "tblArtLang.idart = tblCatArt.idart AND tblArtLang.idlang = '". Contenido_Security::escapeDB($lang, $oDB)."' AND tblCatArt.idcatart = '". Contenido_Security::toInteger($iIDCatArt)."' "; + if (is_numeric($iIDCatArt) && $iIDCatArt > 0) { + $sSQL = "SELECT tblContent.typeid AS typeid, tblContent.idtype AS idtype, tblType.type AS type, tblType.description AS description, "; + $sSQL .= "tblContent.value AS value "; + $sSQL .= "FROM " . $cfg["tab"]["content"] . " AS tblContent, " . $cfg["tab"]["art_lang"] . " AS tblArtLang, "; + $sSQL .= $cfg["tab"]["cat_art"] . " AS tblCatArt, " . $cfg["tab"]["type"] . " AS tblType "; + $sSQL .= "WHERE tblContent.idtype = tblType.idtype AND tblContent.idartlang = tblArtLang.idartlang AND "; + $sSQL .= "tblArtLang.idart = tblCatArt.idart AND tblArtLang.idlang = '" . Contenido_Security::escapeDB($lang, $oDB) . "' AND tblCatArt.idcatart = '" . Contenido_Security::toInteger($iIDCatArt) . "' "; - if ($sTypeRange != "") { - $sSQL .= "AND tblContent.idtype IN (". Contenido_Security::escapeDB($sTypeRange, $oDB).") "; - } + if ($sTypeRange != "") { + $sSQL .= "AND tblContent.idtype IN (" . Contenido_Security::escapeDB($sTypeRange, $oDB) . ") "; + } - $sql .= "ORDER BY tblContent.idtype, tblContent.typeid"; + $sql .= "ORDER BY tblContent.idtype, tblContent.typeid"; - $oDB->query($sSQL); + $oDB->query($sSQL); - $iCount = $oDB->num_rows(); - if ($iCount == 0) { - return false; - } else { - while ($oDB->next_record()) - { - $sTypeIdentifier = "tblData.idtype = '".$oDB->f('idtype')."' AND tblData.typeid = '".$oDB->f('typeid')."'"; + $iCount = $oDB->num_rows(); + if ($iCount == 0) { + return false; + } else { + while ($oDB->next_record()) { + $sTypeIdentifier = "tblData.idtype = '" . $oDB->f('idtype') . "' AND tblData.typeid = '" . $oDB->f('typeid') . "'"; - // Generate new option element - $oOption = new cHTMLOptionElement($oDB->f('type')."[".$oDB->f('typeid')."]: ".substr(strip_tags(urldecode($oDB->f("value"))), 0, 50), $sTypeIdentifier); + // Generate new option element + $oOption = new cHTMLOptionElement($oDB->f('type') . "[" . $oDB->f('typeid') . "]: " . substr(strip_tags(urldecode($oDB->f("value"))), 0, 50), $sTypeIdentifier); - // Add option element to the list - $this->addOptionElement($sTypeIdentifier, $oOption); - } - return $iCount; - } - } else { - return false; - } - } + // Add option element to the list + $this->addOptionElement($sTypeIdentifier, $oOption); + } + return $iCount; + } + } else { + return false; + } + } + + /** + * Selects specified elements as selected + * + * @param array $aElements Array with "values" of the cHTMLOptionElement to set + * + * @return none + */ + function setSelected($aElements) { + if (is_array($this->_options) && is_array($aElements)) { + foreach ($this->_options as $sKey => $oOption) { + if (in_array($oOption->getAttribute("value"), $aElements)) { + $oOption->setSelected(true); + $this->_options[$sKey] = $oOption; + } else { + $oOption->setSelected(false); + $this->_options[$sKey] = $oOption; + } + } + } + } - /** - * Selects specified elements as selected - * - * @param array $aElements Array with "values" of the cHTMLOptionElement to set - * - * @return none - */ - function setSelected($aElements) - { - if (is_array($this->_options) && is_array($aElements)) - { - foreach ($this->_options as $sKey => $oOption) - { - if (in_array($oOption->getAttribute("value"), $aElements)) - { - $oOption->setSelected(true); - $this->_options[$sKey] = $oOption; - } else { - $oOption->setSelected(false); - $this->_options[$sKey] = $oOption; - } - } - } - } } -class UI_Config_Table -{ - var $_sTplCellCode; - var $_sTplTableFile; - - var $_sWidth; - var $_sBorder; - var $_sBorderColor; - var $_bSolidBorder; - var $_sPadding; - var $_aCells; - var $_aCellAlignment; - var $_aCellVAlignment; - var $_aCellColSpan; - var $_aCellClass; - var $_aRowBgColor; - var $_aRowExtra; - var $_bAddMultiSelJS; - - var $_sColorLight; - var $_sColorDark; +class UI_Config_Table { - function UI_Config_Table() - { - global $cfg; + var $_sTplCellCode; + var $_sTplTableFile; + var $_sWidth; + var $_sBorder; + var $_sBorderColor; + var $_bSolidBorder; + var $_sPadding; + var $_aCells; + var $_aCellAlignment; + var $_aCellVAlignment; + var $_aCellColSpan; + var $_aCellClass; + var $_aRowBgColor; + var $_aRowExtra; + var $_bAddMultiSelJS; + var $_sColorLight; + var $_sColorDark; - $this->_sPadding = 2; - $this->_sBorder = 0; - $this->_sBorderColor = $cfg['color']['table_border']; - $this->_sTplCellCode = ' {CONTENT}'."\n"; - $this->_sTplTableFile = $cfg['path']['contenido'].$cfg['path']['templates'].$cfg['templates']['generic_list']; - $this->_sColorLight = $cfg['color']['table_light']; - $this->_sColorDark = $cfg['color']['table_dark']; - } + function __construct() { + global $cfg; - function setCellTemplate($sCode) - { - $this->_sTplCellCode = $sCode; - } + $this->_sPadding = 2; + $this->_sBorder = 0; + $this->_sBorderColor = $cfg['color']['table_border']; + $this->_sTplCellCode = ' {CONTENT}' . "\n"; + $this->_sTplTableFile = $cfg['path']['contenido'] . $cfg['path']['templates'] . $cfg['templates']['generic_list']; + $this->_sColorLight = $cfg['color']['table_light']; + $this->_sColorDark = $cfg['color']['table_dark']; + } + function setCellTemplate($sCode) { + $this->_sTplCellCode = $sCode; + } - function setTableTemplateFile($sPath) - { - $this->_sTplTableFile = $sPath; - } - - function setLightColor($sColor) - { - $this->_sColorLight = $sColor; - } - - function setDarkColor($sColor) - { - $this->_sColorDark = $sColor; - } + function setTableTemplateFile($sPath) { + $this->_sTplTableFile = $sPath; + } - function setAddMultiSelJS($bEnabled = true) - { - $this->_bAddMultiSelJS = (bool)$bEnabled; - } + function setLightColor($sColor) { + $this->_sColorLight = $sColor; + } - function setWidth ($sWidth) - { - $this->_sWidth = $sWidth; - } - - function setPadding ($sPadding) - { - $this->_sPadding = $sPadding; - } + function setDarkColor($sColor) { + $this->_sColorDark = $sColor; + } - function setBorder ($sBorder) - { - $this->_sBorder = $sBorder; - } + function setAddMultiSelJS($bEnabled = true) { + $this->_bAddMultiSelJS = (bool) $bEnabled; + } - function setBorderColor ($sBorderColor) - { - $this->_sBorderColor = $sBorderColor; - } - - function setSolidBorder ($bSolidBorder = true) - { - $this->_bSolidBorder = (bool)$bSolidBorder; - } + function setWidth($sWidth) { + $this->_sWidth = $sWidth; + } - function setCell ($sRow, $sCell, $sContent) - { - $this->_aCells[$sRow][$sCell] = $sContent; - $this->_aCellAlignment[$sRow][$sCell] = ""; - } + function setPadding($sPadding) { + $this->_sPadding = $sPadding; + } - function setCellAlignment ($sRow, $sCell, $sAlignment) - { - $this->_aCellAlignment[$sRow][$sCell] = $sAlignment; - } + function setBorder($sBorder) { + $this->_sBorder = $sBorder; + } - function setCellVAlignment ($sRow, $sCell, $sAlignment) - { - $this->_aCellVAlignment[$sRow][$sCell] = $sAlignment; - } + function setBorderColor($sBorderColor) { + $this->_sBorderColor = $sBorderColor; + } - function setCellColspan ($sRow, $sCell, $iColSpan) - { - $this->_aCellColSpan[$sRow][$sCell] = $iColSpan; - } + function setSolidBorder($bSolidBorder = true) { + $this->_bSolidBorder = (bool) $bSolidBorder; + } - function setCellClass ($sRow, $sCell, $sClass) - { - $this->_aCellClass[$sRow][$sCell] = $sClass; - } + function setCell($sRow, $sCell, $sContent) { + $this->_aCells[$sRow][$sCell] = $sContent; + $this->_aCellAlignment[$sRow][$sCell] = ""; + } - function setRowBgColor ($sRow, $sColor) - { - $this->_aRowBgColor[$sRow] = $sColor; - } - - function setRowExtra ($sRow, $sExtra) - { - $this->_aRowExtra[$sRow] = $sExtra; - } + function setCellAlignment($sRow, $sCell, $sAlignment) { + $this->_aCellAlignment[$sRow][$sCell] = $sAlignment; + } - function _addMultiSelJS() - { - // Trick: To save multiple selections in -Element, add some JS which saves the + // selection, comma separated in a hidden input field on change. + // Try ... catch prevents error messages, if function is added more than once + // if (!fncUpdateSel) in JS has not worked... - if ($this->_bSolidBorder) - { - if ($iCount < count($aCells)) - { - if ($iColCount < count($this->_aCells)) { - $sTplCell = str_replace('{EXTRA}', 'border: 0px; border-right: 1px; border-bottom: 1px; border-color: '.$this->_sBorderColor.'; border-style: solid;', $sTplCell); - } else { - $sTplCell = str_replace('{EXTRA}', 'border: 0px; border-right: 1px; border-color: '.$this->_sBorderColor.'; border-style: solid;', $sTplCell); - } - } else if ($iColCount < count($this->_aCells)) { - $sTplCell = str_replace('{EXTRA}', 'border: 0px; border-bottom: 1px; border-color: '.$this->_sBorderColor.'; border-style: solid;', $sTplCell); - } else { - $sTplCell = str_replace('{EXTRA}', '', $sTplCell); - } - } - - if ($this->_aCellAlignment[$sRow][$sCell] != "") { - $sTplCell = str_replace('{ALIGN}', $this->_aCellAlignment[$sRow][$sCell], $sTplCell); - } else { - $sTplCell = str_replace('{ALIGN}', 'left', $sTplCell); - } - - if ($this->_aCellVAlignment[$sRow][$sCell] != "") { - $sTplCell = str_replace('{VALIGN}', $this->_aCellVAlignment[$sRow][$sCell], $sTplCell); - } else { - $sTplCell = str_replace('{VALIGN}', 'top', $sTplCell); - } + $sSkript = ' ' . "\n"; - if ($this->_aCellColSpan[$sRow][$sCell] != "") { - $sTplCell = str_replace('{COLSPAN}', $this->_aCellColSpan[$sRow][$sCell], $sTplCell); - } else { - $sTplCell = str_replace('{COLSPAN}', '1', $sTplCell); - } + return $sSkript; + } - if ($this->_aCellClass[$sRow][$sCell] != "") { - $sTplCell = str_replace('{CLASS}', $this->_aCellClass[$sRow][$sCell], $sTplCell); - } else { - $sTplCell = str_replace('{CLASS}', 'text', $sTplCell); - } + function render($bPrint = false) { + $oTable = new Template; + $oTable->reset(); - // Multi selection javascript - if ($this->_bAddMultiSelJS) { - $sData = $this->_addMultiSelJS() . $sData; - $this->_bAddMultiSelJS = false; - } + $oTable->set('s', 'CELLPADDING', $this->_sPadding); + $oTable->set('s', 'BORDER', $this->_sBorder); + $oTable->set('s', 'BORDERCOLOR', $this->_sBorderColor); + + $iColCount = 0; + $bDark = false; + $sBgColor = ""; + $bMultiSelJSAdded = false; + if (is_array($this->_aCells)) { + foreach ($this->_aCells as $sRow => $aCells) { + $iColCount++; + //$bDark = !$bDark; + $sLine = ""; + $iCount = 0; + + foreach ($aCells as $sCell => $sData) { + $iCount++; + $sTplCell = $this->_sTplCellCode; + + if ($this->_bSolidBorder) { + if ($iCount < count($aCells)) { + if ($iColCount < count($this->_aCells)) { + $sTplCell = str_replace('{EXTRA}', 'border: 0px; border-right: 1px; border-bottom: 1px; border-color: ' . $this->_sBorderColor . '; border-style: solid;', $sTplCell); + } else { + $sTplCell = str_replace('{EXTRA}', 'border: 0px; border-right: 1px; border-color: ' . $this->_sBorderColor . '; border-style: solid;', $sTplCell); + } + } else if ($iColCount < count($this->_aCells)) { + $sTplCell = str_replace('{EXTRA}', 'border: 0px; border-bottom: 1px; border-color: ' . $this->_sBorderColor . '; border-style: solid;', $sTplCell); + } else { + $sTplCell = str_replace('{EXTRA}', '', $sTplCell); + } + } + + if ($this->_aCellAlignment[$sRow][$sCell] != "") { + $sTplCell = str_replace('{ALIGN}', $this->_aCellAlignment[$sRow][$sCell], $sTplCell); + } else { + $sTplCell = str_replace('{ALIGN}', 'left', $sTplCell); + } + + if ($this->_aCellVAlignment[$sRow][$sCell] != "") { + $sTplCell = str_replace('{VALIGN}', $this->_aCellVAlignment[$sRow][$sCell], $sTplCell); + } else { + $sTplCell = str_replace('{VALIGN}', 'top', $sTplCell); + } + + if ($this->_aCellColSpan[$sRow][$sCell] != "") { + $sTplCell = str_replace('{COLSPAN}', $this->_aCellColSpan[$sRow][$sCell], $sTplCell); + } else { + $sTplCell = str_replace('{COLSPAN}', '1', $sTplCell); + } + + if ($this->_aCellClass[$sRow][$sCell] != "") { + $sTplCell = str_replace('{CLASS}', $this->_aCellClass[$sRow][$sCell], $sTplCell); + } else { + $sTplCell = str_replace('{CLASS}', 'text', $sTplCell); + } + + // Multi selection javascript + if ($this->_bAddMultiSelJS) { + $sData = $this->_addMultiSelJS() . $sData; + $this->_bAddMultiSelJS = false; + } + + $sTplCell = str_replace('{CONTENT}', $sData, $sTplCell); + $sLine .= $sTplCell; + } + + // Row + $oTable->set('d', 'ROWS', $sLine); + + if ($this->_aRowBgColor[$sRow] != "") { + $sBgColor = $this->_aRowBgColor[$sRow]; + } else if ($sBgColor == $this->_sColorLight) { + $sBgColor = $this->_sColorDark; + } else { + $sBgColor = $this->_sColorLight; + } + $oTable->set('d', 'BGCOLOR', $sBgColor); + + if ($this->_aRowExtra[$sRow] != "") { + $oTable->set('d', 'EXTRA', $this->_aRowExtra[$sRow]); + } else { + $oTable->set('d', 'EXTRA', ''); + } + + $oTable->next(); + } + } + + if ($this->_sWidth) { + // Table: Width + $oTable->set('s', 'EXTRA', 'width: ' . $this->_sWidth . ';'); + } else { + $oTable->set('s', 'EXTRA', ''); + } + $sRendered = $oTable->generate($this->_sTplTableFile, true, false); + + if ($bPrint == true) { + echo $sRendered; + } else { + return $sRendered; + } + } - $sTplCell = str_replace('{CONTENT}', $sData, $sTplCell); - $sLine .= $sTplCell; - } - - // Row - $oTable->set('d', 'ROWS', $sLine); - - if ($this->_aRowBgColor[$sRow] != "") { - $sBgColor = $this->_aRowBgColor[$sRow]; - } else if ($sBgColor == $this->_sColorLight) { - $sBgColor = $this->_sColorDark; - } else { - $sBgColor = $this->_sColorLight; - } - $oTable->set('d', 'BGCOLOR', $sBgColor); - - if ($this->_aRowExtra[$sRow] != "") { - $oTable->set('d', 'EXTRA', $this->_aRowExtra[$sRow]); - } else { - $oTable->set('d', 'EXTRA', ''); - } - - $oTable->next(); - } - } - - if ($this->_sWidth) { - // Table: Width - $oTable->set('s', 'EXTRA', 'width: '.$this->_sWidth.';'); - } else { - $oTable->set('s', 'EXTRA', ''); - } - $sRendered = $oTable->generate($this->_sTplTableFile, true, false); - - if ($bPrint == true) { - echo $sRendered; - } else { - return $sRendered; - } - } } + ?> \ No newline at end of file diff --git a/nbproject/project.properties b/nbproject/project.properties index 43d66d2..efdf308 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -1,6 +1,6 @@ auxiliary.org-netbeans-modules-php-smarty.smarty-framework=true include.path=${php.global.include.path} -php.version=PHP_80 +php.version=PHP_81 source.encoding=UTF-8 src.dir=. tags.asp=false