@ -1,6 +1,6 @@
/* Cookies Directive - The rewrite. Now a jQuery plugin
* Version: 2.0.1
* Author: Ollie Phillips
* Author: Ollie Phillips test
* 24 October 2013

@ -330,13 +330,9 @@ if( sizeof($_GET) == 0 && isset($_POST['save_search']) )
elseif( sizeof($_GET) > 0)
$itemtypeReq = $_GET['itemtype'];
$itemidReq = $_GET['itemid'];
// Do we have the request parameters we need to fetch search values of stored search ?
if( (isset($itemtypeReq) && strlen($itemtypeReq)>0) &&
(isset($itemidReq) && strlen($itemidReq)>0)
$itemtypeReq = (isset($itemtypeReq))?$_GET['itemtype']:'';
$itemidReq = (isset($itemidReq))?$_GET['itemid']:'';
if(strlen($itemtypeReq) > 0 && strlen($itemidReq) > 0) {
$searchResults = getSearchResults($itemidReq, $itemtypeReq);
$sSearchStr_tmp = $searchResults[$save_title];
$iSearchID_tmp = $searchResults[$save_id];
@ -403,13 +399,13 @@ if ($iSearchID_tmp > 0) {
// Date
if ($sSearchStrDateType_tmp != 'n/a') {
if (($sSearchStrDateFromDay_tmp > 0) && ($sSearchStrDateFromMonth_tmp > 0) && ($sSearchStrDateFromYear_tmp > 0)) {
if (!empty($sSearchStrDateFromDay_tmp) && !empty($sSearchStrDateFromMonth_tmp) && !empty($sSearchStrDateFromYear_tmp)) {
$sSearchStrDateFrom = $sSearchStrDateFromYear_tmp.'-'.$sSearchStrDateFromMonth_tmp.'-'.$sSearchStrDateFromDay_tmp.' 00:00:00';
} else {
$sSearchStrDateFrom = '';
if (($sSearchStrDateToDay_tmp > 0) && ($sSearchStrDateToMonth_tmp > 0) && ($sSearchStrDateToYear_tmp > 0)) {
if (!empty($sSearchStrDateToDay_tmp) && !empty($sSearchStrDateToMonth_tmp) && !empty($sSearchStrDateToYear_tmp)) {
$sSearchStrDateTo = $sSearchStrDateToYear_tmp.'-'.$sSearchStrDateToMonth_tmp.'-'.$sSearchStrDateToDay_tmp.' 23:59:59';
} else {
$sSearchStrDateTo = '';
@ -623,8 +619,10 @@ if (empty($where) || $iAffectedRows <= 0) {
// fuer den ersten gefundenen Artikel die Werte fuer CategoryID und TemplateID merken
if ($i == 0) {
$iIDCat = $idcat;
if(!empty($idtpl)) {
$iIDTpl = $idtpl;
/* Funktion zum umwandeln in Startartikel/normale Artikel*/
if ($perm->have_perm_area_action_item("con", "con_makestart",$idcat) && 0 == 1) {
@ -637,8 +635,10 @@ if (empty($where) || $iAffectedRows <= 0) {
} else {
if( $startidartlang == $idartlang ) {
$sFlagTitle = i18n('Flag as normal article');
$makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><img src=\"images/isstart1.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></td>";
} else {
$sFlagTitle = i18n('Flag as start article');
$makeStartarticle = "<td nowrap=\"nowrap\" class=\"bordercell\"><img src=\"images/isstart0.gif\" border=\"0\" title=\"{$sFlagTitle}\" alt=\"{$sFlagTitle}\"></td>";
@ -703,7 +703,7 @@ if (empty($where) || $iAffectedRows <= 0) {
if ($perm->have_perm_area_action_item("con", "con_deleteart",$idcat)) {
$delete = "<a href=\"javascript://\" onclick=\"box.confirm(&quot;$sDeleteArticle&quot;, &quot;$sDeleteArticleQuestion:<br><br><b>$db->f('title')</b>&quot;, &quot;deleteArticle($idart,$idcat)&quot;)\" title=\"$sDeleteArticle\"><img src=\"images/delete.gif\" title=\"$sDeleteArticle\" alt=\"$sDeleteArticle\" border=\"0\"></a>";
$delete = "<a href=\"javascript://\" onclick=\"box.confirm(&quot;$sDeleteArticle&quot;, &quot;$sDeleteArticleQuestion:<br><br><b>".$db->f('title')."</b>&quot;, &quot;deleteArticle($idart,$idcat)&quot;)\" title=\"$sDeleteArticle\"><img src=\"images/delete.gif\" title=\"$sDeleteArticle\" alt=\"$sDeleteArticle\" border=\"0\"></a>";
}else {
$delete = "";
@ -717,8 +717,6 @@ if (empty($where) || $iAffectedRows <= 0) {
<td nowrap=\"nowrap\" class=\"bordercell\">$sTemplateName</td>
<td nowrap=\"nowrap\" class=\"bordercell\">
<a id=\"m1\" onclick=\"javascript:window.open('main.php?subject=$todoListeSubject&amp;area=todo&amp;frame=1&amp;itemtype=idart&amp;itemid=$idart&amp;contenido=$sSession', 'todo', 'scrollbars=yes, height=300, width=550');\" alt=\"$sReminder\" title=\"$sReminder\" href=\"#\"><img id=\"m2\" style=\"padding-left: 2px; padding-right: 2px;\" alt=\"$sReminder\" src=\"images/but_setreminder.gif\" border=\"0\"></a>
@ -746,7 +744,7 @@ if (empty($where) || $iAffectedRows <= 0) {
# Save Search Parameters
if($bHit && sizeof($_GET) == 0 && isset($_POST) ) {
if(!empty($bHit) && sizeof($_GET) == 0 && isset($_POST) ) {
// Build form with hidden fields that contain all search parameters to be stored using generic db
$searchForm = '<form id="save_search" target="right_bottom" method="post" action="backend_search.php">';
// Meta for Contenido

@ -247,11 +247,13 @@ class Article extends Item
* @param string Property name
* @return mixed Property value
public function getField($name)
public function getField($name) {
if(!is_null($name) && !empty($this->values[$name])) {
return urldecode($this->values[$name]);
* Get content(s) from an article

@ -33,11 +33,11 @@ if (!defined('CON_FRAMEWORK')) {
$bDebug = false;
if (!$idcat) {
if (!$idcat && !empty($_REQUEST['idcat'])) {
$idcat = Contenido_Security::toInteger($_REQUEST['idcat']);
$sCatlist = Contenido_Security::toString($_REQUEST['wholelist']);
$sCatlist = (!empty($_REQUEST['wholelist']))?Contenido_Security::toString($_REQUEST['wholelist']):'';
if ($sCatlist != '') {
$aCatlist = explode(',', $sCatlist);
} else {

@ -736,7 +736,7 @@ function conMakeCatOnline($idcat, $lang, $status)
WHERE idcat = '".Contenido_Security::toInteger($idcat)."' AND idlang = '".Contenido_Security::toInteger($lang)."'";
if ($cfg["pathresolve_heapcache"] == true && !$status = 0)
if (isset($cfg["pathresolve_heapcache"]) && $cfg["pathresolve_heapcache"] == true && !$status = 0)
$pathresolve_tablename = $cfg["sql"]["sqlprefix"]."_pathresolve_cache";
$sql = "DELETE FROM %s WHERE idlang = '%s' AND idcat = '%s'";

@ -860,13 +860,14 @@ if (is_numeric($idcat) && ($idcat >= 0)) {
if ($perm->have_perm_area_action("str_tplcfg","str_tplcfg") ||
$perm->have_perm_area_action_item("str_tplcfg","str_tplcfg",$lidcat)) */
if (($perm->have_perm_area_action_item("con", "con_tplcfg_edit", $idcat) || $perm->have_perm_area_action("con", "con_tplcfg_edit"))) {
if (($perm->have_perm_area_action_item("con", "con_tplcfg_edit", $idcat)
|| $perm->have_perm_area_action("con", "con_tplcfg_edit"))) {
if (0 != $idcat) {
$tpl->set('s', 'CATEGORY', $cat_name);
$tpl->set('s', 'CATEGORY_CONF', $tmp_img);
$tpl->set('s', 'CATEGORY_LINK', $tmp_link);
$tpl->set('s', 'CATEGORY_CONF', (!empty($tmp_img))?$tmp_img:'');
$tpl->set('s', 'CATEGORY_LINK', (!empty($tmp_link))?$tmp_link:'');
} else {
$tpl->set('s', 'CATEGORY', $cat_name);
$tpl->set('s', 'CATEGORY_CONF', '&nbsp;');

@ -1,14 +1,161 @@
* Project:
* Contenido Content Management System
* Description:
* Display files from specified directory
* Requirements:
* @con_php_req 5.0
* @package Contenido Backend includes
* @version 1.0.2
* @author Olaf Niemann, Willi Mann
* @copyright four for business AG <www.4fb.de>
* @license http://www.contenido.org/license/LIZENZ.txt
* @link http://www.4fb.de
* @link http://www.contenido.org
* @since file available since contenido release <= 4.6
* {@internal
* created 2003-04-20
* modified 2008-06-27, Frederic Schneider, add security fix
* $Id$:
* }}
if(!defined('CON_FRAMEWORK')) {
die('Illegal call');
cInclude("includes", "functions.file.php");
$oDirList = new cGuiFileList($cfgClient[$client]["js"]["path"], 'js');
if (!(int) $client > 0) {
#if there is no client selected, display empty page
$oPage = new cPage;
$path = $cfgClient[$client]["js"]["path"];
$sFileType = "js";
$sSession = $sess->id;
$sArea = 'js';
$sActionDelete = 'js_delete';
$sActionEdit = 'js_edit';
$sScriptTemplate = '
<script type="text/javascript" src="scripts/rowMark.js"></script>
<script type="text/javascript" src="scripts/general.js"></script>
<script type="text/javascript" src="scripts/messageBox.js.php?contenido='.$sSession.'"></script>
<script type="text/javascript">
/* Create messageBox instance */
box = new messageBox("", "", "", 0, 0);
function deleteFile(file)
url = "main.php?area='.$sArea.'";
url += "&action='.$sActionDelete.'";
url += "&frame=2";
url += "&delfile=" + file;
url += "&contenido='.$sSession.'";
window.location.href = url;
parent.parent.frames["right"].frames["right_bottom"].location.href = "main.php?area='.$sArea.'&frame=4&contenido='.$sSession.'";
$tpl->set('s', 'JAVASCRIPT', $sScriptTemplate);
# delete file
if ($action == $sActionDelete)
if (!strrchr($_REQUEST['delfile'], "/"))
if (file_exists($path.$_REQUEST['delfile']))
removeFileInformation($client, $_REQUEST['delfile'], 'js', $db);
if ($handle = opendir($path))
$aFiles = array();
while ($file = readdir($handle))
if(substr($file, (strlen($file) - (strlen($sFileType) + 1)), (strlen($sFileType) + 1)) == ".$sFileType" AND is_readable($path.$file))
$aFiles[] = $file;
}elseif (substr($file, (strlen($file) - (strlen($sFileType) + 1)), (strlen($sFileType) + 1)) == ".$sFileType" AND !is_readable($path.$file))
$notification->displayNotification("error", $file." ".i18n("is not readable!"));
// display files
if (is_array($aFiles))
foreach ($aFiles as $filename)
$bgcolor = ( is_int($tpl->dyn_cnt / 2) ) ? $cfg["color"]["table_light"] : $cfg["color"]["table_dark"];
$tpl->set('d', 'BGCOLOR', $bgcolor);
$tmp_mstr = '<a class=\"action\" href="javascript:conMultiLink(\'%s\', \'%s\', \'%s\', \'%s\')" title="%s" alt="%s">%s</a>';
$html_filename = sprintf($tmp_mstr, 'right_top',
$filename, $filename, clHtmlSpecialChars($filename));
$tpl->set('d', 'FILENAME', $html_filename);
$delTitle = i18n("Delete File");
$delDescr = sprintf(i18n("Do you really want to delete the following file:<br><br>%s<br>"),$filename);
if ($perm->have_perm_area_action('style', $sActionDelete))
$tpl->set('d', 'DELETE', '<a title="'.$delTitle.'" href="javascript://" onclick="box.confirm(\''.$delTitle.'\', \''.$delDescr.'\', \'deleteFile(\\\''.$filename.'\\\')\')"><img src="'.$cfg['path']['images'].'delete.gif" border="0" title="'.$delTitle.'"></a>');
$tpl->set('d', 'DELETE', '');
if (stripslashes($_REQUEST['file']) == $filename) {
$tpl->set('d', 'ID', 'id="marked"');
} else {
$tpl->set('d', 'ID', '');
if ((int) $client > 0) {
$notification->displayNotification("error", i18n("Directory is not existing or readable!")."<br>$path");
$tpl->generate($cfg['path']['templates'] . $cfg['templates']['files_overview']);

@ -164,7 +164,6 @@ if (($action == "tpl_new") && (!$perm->have_perm_area_action_anyitem($area, $act
$raw_code = ($oLayout->virgin) ? "" : $oLayout->getLayout();
tplPreparseLayout($idlay, $raw_code);
$tmp_returnstring = tplBrowseLayoutForContainers($idlay, $raw_code);
if(empty($tmp_returnstring)) {
$a_container = [];
} else {

@ -152,8 +152,7 @@ ini_set("error_log", $cfg['path']['conlite_logs'] . "errorlog.txt");
* @todo change first if to use a local config var for servername
if ($cfg["develop"]["show_errors"]
&& filter_input(INPUT_SERVER, 'SERVER_NAME', FILTER_SANITIZE_STRING) == "local.dceserver.de") {
if ($cfg["develop"]["show_errors"]) {
} else {
if ($cfg["develop"]["show_deprecated"]) {