Error

* @license http://www.contenido.org/license/LIZENZ.txt * @link http://www.4fb.de * @link http://www.contenido.org * @since file available since contenido release <= 4.6 * * {@internal * created 2003 * modified 2008-06-16, Holger Librenz, Hotfix: check for illegal calls added * modified 2008-06-27, Frederic Schneider, add security fix * modified 2009-10-29, Murat Purc, replaced deprecated functions (PHP 5.3 ready) and some formatting * modified 2010-05-20, Murat Purc, removed request check during processing ticket [#CON-307] * * $Id$: * }} * */ if (!defined('CON_FRAMEWORK')) { die('Illegal call'); } $edit = "true"; $db2 = new DB_ConLite; $scripts = ""; if (isset($idcat)) { if ($action == 20 || $action == 10) { if ($data != "") { $data = explode("||", substr($data, 0, -2)); foreach ($data as $value) { $value = explode("|", $value); if ($value[3] == "%$%EMPTY%$%") { $value[3] = ""; } else { $value[3] = str_replace("%$%SEPERATOR%$%", "|", $value[3]); } conSaveContentEntry($value[0], "CMS_" . $value[1], $value[2], $value[3]); } conMakeArticleIndex($idartlang, $idart); // restore orginal values $data = $_REQUEST['data']; $value = $_REQUEST['value']; } conGenerateCodeForArtInAllCategories($idart); } if ($action == 10) { header("Location: " . $cfg["path"]["contenido_fullhtml"] . $cfg["path"]["includes"] . "include.backendedit.php?type=$type&typenr=$typenr&client=$client&lang=$lang&idcat=$idcat&idart=$idart&idartlang=$idartlang&contenido=$contenido&lang=$lang"); } else { $markSubItem = markSubMenuItem(3, true); //Include tiny class include ($cfg["path"]["contenido"] . 'external/wysiwyg/tinymce3/editorclass.php'); $oEditor = new cTinyMCEEditor('', ''); $oEditor->setToolbar('inline_edit'); //Get configuration for popup und inline tiny $sConfigInlineEdit = $oEditor->getConfigInlineEdit(); $sConfigFullscreen = $oEditor->getConfigFullscreen(); //Include tiny mce and con_tiny script for insight_editing $scripts .= "\n" . ''; $scripts .= "\n" . ''; $scripts .= "\n" . ''; $scripts .= "\n" . ''; $scripts .= "\n" . ''; $scripts .= "\n" . ''; $scripts .= "\n\n" . ''; //Script template for insight editing $scripts .= << .defaultSkin table.mceLayout {position: absolute; z-index: 10000;} .defaultSkin #mce_fullscreen_tbl {z-index: 20000;} .defaultSkin .mcePlaceHolder {position: absolute; z-index: 10000;} EOD; //Replace vars in Script $oScriptTpl = new Template(); //Set urls to file browsers $oScriptTpl->set('s', 'IMAGE', $cfg["path"]["contenido_fullhtml"] . 'frameset.php?area=upl&contenido=' . $sess->id . '&appendparameters=imagebrowser'); $oScriptTpl->set('s', 'FILE', $cfg["path"]["contenido_fullhtml"] . 'frameset.php?area=upl&contenido=' . $sess->id . '&appendparameters=filebrowser'); $oScriptTpl->set('s', 'FLASH', $cfg["path"]["contenido_fullhtml"] . 'frameset.php?area=upl&contenido=' . $sess->id . '&appendparameters=imagebrowser'); $oScriptTpl->set('s', 'MEDIA', $cfg["path"]["contenido_fullhtml"] . 'frameset.php?area=upl&contenido=' . $sess->id . '&appendparameters=imagebrowser'); $oScriptTpl->set('s', 'FRONTEND', $cfgClient[$client]["path"]["htmlpath"]); //Add tiny options and fill function leave_check() $oScriptTpl->set('s', 'TINY_OPTIONS', $sConfigInlineEdit); $oScriptTpl->set('s', 'TINY_FULLSCREEN', $sConfigFullscreen); $oScriptTpl->set('s', 'IDARTLANG', $idartlang); $oScriptTpl->set('s', 'CON_PATH', $cfg["path"]["contenido_fullhtml"]); $oScriptTpl->set('s', 'CLOSE', utf8_decode(i18n('Close editor'))); $oScriptTpl->set('s', 'SAVE', utf8_decode(i18n('Close editor and save changes'))); $oScriptTpl->set('s', 'QUESTION', utf8_decode(i18n('Do you want to save changes?'))); if (getEffectiveSetting('system', 'insight_editing_activated', 'true') == 'false') { $oScriptTpl->set('s', 'USE_TINY', ''); } else { $oScriptTpl->set('s', 'USE_TINY', 'swapTiny(this);'); } $scripts = $oScriptTpl->generate($scripts, 1); $contentform = ""; # # extract IDCATART # $sql = "SELECT idcatart FROM " . $cfg["tab"]["cat_art"] . " WHERE idcat = '" . $idcat . "' AND idart = '" . $idart . "'"; $db->query($sql); $db->next_record(); $idcatart = $db->f("idcatart"); # # Article is not configured, # if not check if the category # is configured. It neither the # article or the category is # configured, no code will be # created and an error occurs. # $sql = "SELECT a.idtplcfg AS idtplcfg FROM " . $cfg["tab"]["art_lang"] . " AS a, " . $cfg["tab"]["art"] . " AS b WHERE a.idart = '" . Contenido_Security::toInteger($idart) . "' AND a.idlang = '" . Contenido_Security::toInteger($lang) . "' AND b.idart = a.idart AND b.idclient = '" . Contenido_Security::toInteger($client) . "'"; $db->query($sql); $db->next_record(); if ($db->f("idtplcfg") != 0) { # # Article is configured # $idtplcfg = $db->f("idtplcfg"); $a_c = array(); $sql2 = "SELECT * FROM " . $cfg["tab"]["container_conf"] . " WHERE idtplcfg = '" . Contenido_Security::toInteger($idtplcfg) . "' ORDER BY number ASC"; $db2->query($sql2); while ($db2->next_record()) { $a_c[$db2->f("number")] = $db2->f("container"); } } else { # # Check whether category is # configured. # $sql = "SELECT a.idtplcfg AS idtplcfg FROM " . $cfg["tab"]["cat_lang"] . " AS a, " . $cfg["tab"]["cat"] . " AS b WHERE a.idcat = '" . Contenido_Security::toInteger($idcat) . "' AND a.idlang = '" . Contenido_Security::toInteger($lang) . "' AND b.idcat = a.idcat AND b.idclient = '" . Contenido_Security::toInteger($client) . "'"; $db->query($sql); $db->next_record(); if ($db->f("idtplcfg") != 0) { # # Category is configured, # extract varstring # $idtplcfg = $db->f("idtplcfg"); $a_c = array(); $sql2 = "SELECT * FROM " . $cfg["tab"]["container_conf"] . " WHERE idtplcfg = '" . Contenido_Security::toInteger($idtplcfg) . "' ORDER BY number ASC"; $db2->query($sql2); while ($db2->next_record()) { $a_c[$db2->f("number")] = $db2->f("container"); } } else { # # Article nor Category # is configured. Creation of # Code is not possible. Write # Errormsg to DB. # include_once ($cfg["path"]["contenido"] . $cfg["path"]["classes"] . "class.notification.php"); include_once ($cfg["path"]["contenido"] . $cfg["path"]["classes"] . "class.table.php"); if (!is_object($notification)) { $notification = new Contenido_Notification; } $sql = "SELECT title FROM " . $cfg["tab"]["art_lang"] . " WHERE idartlang = '" . Contenido_Security::toInteger($idartlang) . "'"; $db->query($sql); $db->next_record(); $art_name = $db->f("title"); $cat_name = ""; conCreateLocationString($idcat, " / ", $cat_name); $sql = "SELECT name FROM " . $cfg["tab"]["lang"] . " WHERE idlang = '" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); $db->next_record(); $lang_name = $db->f("name"); $sql = "SELECT name FROM " . $cfg["tab"]["clients"] . " WHERE idclient = '" . Contenido_Security::toInteger($client) . "'"; $db->query($sql); $db->next_record(); $client_name = $db->f("name"); $noti_html = '

' . i18n("No template assigned to the category and/or the article") . ' ' . i18n("The code for the following article couldnt be generated:") . '
' . i18n("Article") . ':	' . $art_name . '
' . i18n("Category") . ':	' . $cat_name . '
' . i18n("Language") . ':	' . $lang_name . '
' . i18n("Client") . ':	' . $client_name . '

'; $code = ' Error ' . $notification->returnNotification("error", $noti_html) . ' '; $sql = "SELECT * FROM " . $cfg["tab"]["code"] . " WHERE idcatart='" . Contenido_Security::toInteger($idcatart) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); if ($db->next_record()) { $sql = "UPDATE " . $cfg["tab"]["code"] . " SET code='" . Contenido_Security::escapeDB($code, $db) . "', idlang='" . Contenido_Security::toInteger($lang) . "', idclient='" . Contenido_Security::toInteger($client) . "' WHERE idcatart='" . Contenido_Security::toInteger($idcatart) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); } else { $sql = "INSERT INTO " . $cfg["tab"]["code"] . " (idcode, idcatart, code, idlang, idclient) VALUES ('" . Contenido_Security::toInteger($db->nextid($cfg["tab"]["code"])) . "', '" . Contenido_Security::toInteger($idcatart) . "', '" . Contenido_Security::escapeDB($code, $db) . "', '" . Contenido_Security::toInteger($lang) . "', '" . Contenido_Security::toInteger($client) . "')"; $db->query($sql); } echo $code; } } # # Get IDLAY and IDMOD array # $sql = "SELECT a.idlay AS idlay, a.idtpl AS idtpl FROM " . $cfg["tab"]["tpl"] . " AS a, " . $cfg["tab"]["tpl_conf"] . " AS b WHERE b.idtplcfg = '" . Contenido_Security::toInteger($idtplcfg) . "' AND b.idtpl = a.idtpl"; $db->query($sql); $db->next_record(); $idlay = $db->f("idlay"); $idtpl = $db->f("idtpl"); # # List of used modules # $sql = "SELECT number, idmod FROM " . $cfg["tab"]["container"] . " WHERE idtpl = '" . Contenido_Security::toInteger($idtpl) . "' ORDER BY number ASC"; $db->query($sql); while ($db->next_record()) { $a_d[$db->f("number")] = $db->f("idmod"); } # # Get code from Layout # $sql = "SELECT * FROM " . $cfg["tab"]["lay"] . " WHERE idlay = '" . Contenido_Security::toInteger($idlay) . "'"; $db->query($sql); $db->next_record(); $code = $db->f("code"); $code = AddSlashes($code); # # Create code for all containers # if ($idlay) { tplPreparseLayout($idlay); $tmp_returnstring = tplBrowseLayoutForContainers($idlay); $a_container = explode("&", $tmp_returnstring); foreach ($a_container as $key => $value) { $CiCMS_VALUE = ""; if (is_numeric($a_d[$value])) { $thisModule = ''; $thisContainer = ''; } $oModule = new cApiModule($a_d[$value]); $output = $thisModule . $thisContainer . $oModule->get("output"); $output = AddSlashes($output); $template = $oModule->get("template"); if (array_key_exists($value, $a_c)) { $a_c[$value] = preg_replace("/(&\$)/", "", $a_c[$value]); $tmp1 = preg_split("/&/", $a_c[$value]); } else { $tmp1 = array(); } $varstring = array(); foreach ($tmp1 as $key1 => $value1) { $tmp2 = explode("=", $value1); foreach ($tmp2 as $key2 => $value2) { $varstring["$tmp2[0]"] = $tmp2[1]; } } $CiCMS_Var = '$C' . $value . 'CMS_VALUE'; $CiCMS_VALUE = ''; foreach ($varstring as $key3 => $value3) { $tmp = urldecode($value3); $tmp = str_replace("\'", "'", $tmp); $CiCMS_VALUE .= $CiCMS_Var . '[' . $key3 . ']="' . $tmp . '"; '; $output = str_replace("\$CMS_VALUE[$key3]", $tmp, $output); $output = str_replace("CMS_VALUE[$key3]", $tmp, $output); } $output = str_replace("CMS_VALUE", $CiCMS_Var, $output); $output = str_replace("\$" . $CiCMS_Var, $CiCMS_Var, $output); $output = preg_replace('/(CMS_VALUE\[)([0-9]*)(\])/i', '', $output); /* Long syntax with closing tag */ $code = preg_replace("/(.*)<\/container>/Uis", "CMS_CONTAINER[$value]", $code); /* Short syntax */ $code = preg_replace("//i", "CMS_CONTAINER[$value]", $code); $code = str_ireplace("CMS_CONTAINER[$value]", "\r\n" . $output, $code); } } # # Find out what kind of CMS_... Vars are in use # $sql = "SELECT * FROM " . $cfg["tab"]["content"] . " AS A, " . $cfg["tab"]["art_lang"] . " AS B, " . $cfg["tab"]["type"] . " AS C WHERE A.idtype = C.idtype AND A.idartlang = B.idartlang AND B.idart = '" . Contenido_Security::toInteger($idart) . "' AND B.idlang = '" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); while ($db->next_record()) { $a_content[$db->f("type")][$db->f("typeid")] = $db->f("value"); } $sql = "SELECT idartlang FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'"; $db->query($sql); $db->next_record(); $idartlang = $db->f("idartlang"); # # Replace all CMS_TAGS[] # $sql = "SELECT idtype, type, code FROM " . $cfg["tab"]["type"]; $db->query($sql); while ($db->next_record()) { $tmp = preg_match_all("/(" . $db->f("type") . "\[+\d+\])/i", $code, $match); $a_[strtolower($db->f("type"))] = $match[0]; $success = array_walk($a_[strtolower($db->f("type"))], 'extractNumber'); $search = array(); $replacements = array(); foreach ($a_[strtolower($db->f("type"))] as $val) { eval($db->f("code")); $search[$val] = $db->f("type") . "[$val]"; $replacements[$val] = $tmp; } $code = str_ireplace($search, $replacements, $code); } unset($tmp); /* output the code */ $code = stripslashes($code); $code = str_ireplace_once("", "$markSubItem $scripts\n", $code); $code = str_ireplace_once_reverse("", "$contentform", $code); if ($cfg["debug"]["codeoutput"]) { echo ""; } $code = str_ireplace_once("", "\n" . '', $code); chdir($cfgClient[$client]["path"]["frontend"]); ob_start(); eval("?>\n" . $code . "\n