* @license http://www.contenido.org/license/LIZENZ.txt
* @link http://www.4fb.de
* @link http://www.contenido.org
* @since file available since contenido release <= 4.6
*
* {@internal
* created 2003
* modified 2008-06-16, Holger Librenz, Hotfix: check for illegal calls added
* modified 2008-06-27, Frederic Schneider, add security fix
* modified 2009-10-29, Murat Purc, replaced deprecated functions (PHP 5.3 ready) and some formatting
* modified 2010-05-20, Murat Purc, removed request check during processing ticket [#CON-307]
*
* $Id$:
* }}
*
*/
if (!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
$edit = "true";
$db2 = new DB_ConLite;
$scripts = "";
if (isset($idcat)) {
if ($action == 20 || $action == 10) {
if ($data != "") {
$data = explode("||", substr($data, 0, -2));
foreach ($data as $value) {
$value = explode("|", $value);
if ($value[3] == "%$%EMPTY%$%") {
$value[3] = "";
} else {
$value[3] = str_replace("%$%SEPERATOR%$%", "|", $value[3]);
}
conSaveContentEntry($value[0], "CMS_" . $value[1], $value[2], $value[3]);
}
conMakeArticleIndex($idartlang, $idart);
// restore orginal values
$data = $_REQUEST['data'];
$value = $_REQUEST['value'];
}
conGenerateCodeForArtInAllCategories($idart);
}
if ($action == 10) {
header("Location: " . $cfg["path"]["contenido_fullhtml"] . $cfg["path"]["includes"] . "include.backendedit.php?type=$type&typenr=$typenr&client=$client&lang=$lang&idcat=$idcat&idart=$idart&idartlang=$idartlang&contenido=$contenido&lang=$lang");
} else {
$markSubItem = markSubMenuItem(3, true);
//Include tiny class
include ($cfg["path"]["contenido"] . 'external/wysiwyg/tinymce3/editorclass.php');
$oEditor = new cTinyMCEEditor('', '');
$oEditor->setToolbar('inline_edit');
//Get configuration for popup und inline tiny
$sConfigInlineEdit = $oEditor->getConfigInlineEdit();
$sConfigFullscreen = $oEditor->getConfigFullscreen();
//Include tiny mce and con_tiny script for insight_editing
$scripts .= "\n" . '';
$scripts .= "\n" . '';
$scripts .= "\n" . '';
$scripts .= "\n" . '';
$scripts .= "\n" . '';
$scripts .= "\n" . '';
$scripts .= "\n\n" . '';
//Script template for insight editing
$scripts .= <<
.defaultSkin table.mceLayout {position: absolute; z-index: 10000;}
.defaultSkin #mce_fullscreen_tbl {z-index: 20000;}
.defaultSkin .mcePlaceHolder {position: absolute; z-index: 10000;}
EOD;
//Replace vars in Script
$oScriptTpl = new Template();
//Set urls to file browsers
$oScriptTpl->set('s', 'IMAGE', $cfg["path"]["contenido_fullhtml"] . 'frameset.php?area=upl&contenido=' . $sess->id . '&appendparameters=imagebrowser');
$oScriptTpl->set('s', 'FILE', $cfg["path"]["contenido_fullhtml"] . 'frameset.php?area=upl&contenido=' . $sess->id . '&appendparameters=filebrowser');
$oScriptTpl->set('s', 'FLASH', $cfg["path"]["contenido_fullhtml"] . 'frameset.php?area=upl&contenido=' . $sess->id . '&appendparameters=imagebrowser');
$oScriptTpl->set('s', 'MEDIA', $cfg["path"]["contenido_fullhtml"] . 'frameset.php?area=upl&contenido=' . $sess->id . '&appendparameters=imagebrowser');
$oScriptTpl->set('s', 'FRONTEND', $cfgClient[$client]["path"]["htmlpath"]);
//Add tiny options and fill function leave_check()
$oScriptTpl->set('s', 'TINY_OPTIONS', $sConfigInlineEdit);
$oScriptTpl->set('s', 'TINY_FULLSCREEN', $sConfigFullscreen);
$oScriptTpl->set('s', 'IDARTLANG', $idartlang);
$oScriptTpl->set('s', 'CON_PATH', $cfg["path"]["contenido_fullhtml"]);
$oScriptTpl->set('s', 'CLOSE', utf8_decode(i18n('Close editor')));
$oScriptTpl->set('s', 'SAVE', utf8_decode(i18n('Close editor and save changes')));
$oScriptTpl->set('s', 'QUESTION', utf8_decode(i18n('Do you want to save changes?')));
if (getEffectiveSetting('system', 'insight_editing_activated', 'true') == 'false') {
$oScriptTpl->set('s', 'USE_TINY', '');
} else {
$oScriptTpl->set('s', 'USE_TINY', 'swapTiny(this);');
}
$scripts = $oScriptTpl->generate($scripts, 1);
$contentform = "";
#
# extract IDCATART
#
$sql = "SELECT
idcatart
FROM
" . $cfg["tab"]["cat_art"] . "
WHERE
idcat = '" . $idcat . "' AND
idart = '" . $idart . "'";
$db->query($sql);
$db->next_record();
$idcatart = $db->f("idcatart");
#
# Article is not configured,
# if not check if the category
# is configured. It neither the
# article or the category is
# configured, no code will be
# created and an error occurs.
#
$sql = "SELECT
a.idtplcfg AS idtplcfg
FROM
" . $cfg["tab"]["art_lang"] . " AS a,
" . $cfg["tab"]["art"] . " AS b
WHERE
a.idart = '" . Contenido_Security::toInteger($idart) . "' AND
a.idlang = '" . Contenido_Security::toInteger($lang) . "' AND
b.idart = a.idart AND
b.idclient = '" . Contenido_Security::toInteger($client) . "'";
$db->query($sql);
$db->next_record();
if ($db->f("idtplcfg") != 0) {
#
# Article is configured
#
$idtplcfg = $db->f("idtplcfg");
$a_c = array();
$sql2 = "SELECT
*
FROM
" . $cfg["tab"]["container_conf"] . "
WHERE
idtplcfg = '" . Contenido_Security::toInteger($idtplcfg) . "'
ORDER BY
number ASC";
$db2->query($sql2);
while ($db2->next_record()) {
$a_c[$db2->f("number")] = $db2->f("container");
}
} else {
#
# Check whether category is
# configured.
#
$sql = "SELECT
a.idtplcfg AS idtplcfg
FROM
" . $cfg["tab"]["cat_lang"] . " AS a,
" . $cfg["tab"]["cat"] . " AS b
WHERE
a.idcat = '" . Contenido_Security::toInteger($idcat) . "' AND
a.idlang = '" . Contenido_Security::toInteger($lang) . "' AND
b.idcat = a.idcat AND
b.idclient = '" . Contenido_Security::toInteger($client) . "'";
$db->query($sql);
$db->next_record();
if ($db->f("idtplcfg") != 0) {
#
# Category is configured,
# extract varstring
#
$idtplcfg = $db->f("idtplcfg");
$a_c = array();
$sql2 = "SELECT
*
FROM
" . $cfg["tab"]["container_conf"] . "
WHERE
idtplcfg = '" . Contenido_Security::toInteger($idtplcfg) . "'
ORDER BY
number ASC";
$db2->query($sql2);
while ($db2->next_record()) {
$a_c[$db2->f("number")] = $db2->f("container");
}
} else {
#
# Article nor Category
# is configured. Creation of
# Code is not possible. Write
# Errormsg to DB.
#
include_once ($cfg["path"]["contenido"] . $cfg["path"]["classes"] . "class.notification.php");
include_once ($cfg["path"]["contenido"] . $cfg["path"]["classes"] . "class.table.php");
if (!is_object($notification)) {
$notification = new Contenido_Notification;
}
$sql = "SELECT title FROM " . $cfg["tab"]["art_lang"] . " WHERE idartlang = '" . Contenido_Security::toInteger($idartlang) . "'";
$db->query($sql);
$db->next_record();
$art_name = $db->f("title");
$cat_name = "";
conCreateLocationString($idcat, " / ", $cat_name);
$sql = "SELECT name FROM " . $cfg["tab"]["lang"] . " WHERE idlang = '" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql);
$db->next_record();
$lang_name = $db->f("name");
$sql = "SELECT name FROM " . $cfg["tab"]["clients"] . " WHERE idclient = '" . Contenido_Security::toInteger($client) . "'";
$db->query($sql);
$db->next_record();
$client_name = $db->f("name");
$noti_html = '
' . i18n("No template assigned to the category and/or the article") . '
' . i18n("The code for the following article couldnt be generated:") . '
|
' . i18n("Article") . ': |
' . $art_name . ' |
' . i18n("Category") . ': |
' . $cat_name . ' |
' . i18n("Language") . ': |
' . $lang_name . ' |
' . i18n("Client") . ': |
' . $client_name . ' |
|
';
$code = '
Error
' . $notification->returnNotification("error", $noti_html) . '
';
$sql = "SELECT * FROM " . $cfg["tab"]["code"] . " WHERE idcatart='" . Contenido_Security::toInteger($idcatart) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql);
if ($db->next_record()) {
$sql = "UPDATE " . $cfg["tab"]["code"] . " SET code='" . Contenido_Security::escapeDB($code, $db) . "', idlang='" . Contenido_Security::toInteger($lang) . "', idclient='" . Contenido_Security::toInteger($client) . "'
WHERE idcatart='" . Contenido_Security::toInteger($idcatart) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql);
} else {
$sql = "INSERT INTO " . $cfg["tab"]["code"] . " (idcode, idcatart, code, idlang, idclient) VALUES ('" . Contenido_Security::toInteger($db->nextid($cfg["tab"]["code"])) . "', '" . Contenido_Security::toInteger($idcatart) . "',
'" . Contenido_Security::escapeDB($code, $db) . "', '" . Contenido_Security::toInteger($lang) . "', '" . Contenido_Security::toInteger($client) . "')";
$db->query($sql);
}
echo $code;
}
}
#
# Get IDLAY and IDMOD array
#
$sql = "SELECT
a.idlay AS idlay,
a.idtpl AS idtpl
FROM
" . $cfg["tab"]["tpl"] . " AS a,
" . $cfg["tab"]["tpl_conf"] . " AS b
WHERE
b.idtplcfg = '" . Contenido_Security::toInteger($idtplcfg) . "' AND
b.idtpl = a.idtpl";
$db->query($sql);
$db->next_record();
$idlay = $db->f("idlay");
$idtpl = $db->f("idtpl");
#
# List of used modules
#
$sql = "SELECT
number,
idmod
FROM
" . $cfg["tab"]["container"] . "
WHERE
idtpl = '" . Contenido_Security::toInteger($idtpl) . "'
ORDER BY
number ASC";
$db->query($sql);
while ($db->next_record()) {
$a_d[$db->f("number")] = $db->f("idmod");
}
#
# Get code from Layout
#
$sql = "SELECT * FROM " . $cfg["tab"]["lay"] . " WHERE idlay = '" . Contenido_Security::toInteger($idlay) . "'";
$db->query($sql);
$db->next_record();
$code = $db->f("code");
$code = AddSlashes($code);
#
# Create code for all containers
#
if ($idlay) {
tplPreparseLayout($idlay);
$tmp_returnstring = tplBrowseLayoutForContainers($idlay);
$a_container = explode("&", $tmp_returnstring);
foreach ($a_container as $key => $value) {
$CiCMS_VALUE = "";
if (is_numeric($a_d[$value])) {
$thisModule = '';
$thisContainer = '';
}
$oModule = new cApiModule($a_d[$value]);
$output = $thisModule . $thisContainer . $oModule->get("output");
$output = AddSlashes($output);
$template = $oModule->get("template");
if (array_key_exists($value, $a_c)) {
$a_c[$value] = preg_replace("/(&\$)/", "", $a_c[$value]);
$tmp1 = preg_split("/&/", $a_c[$value]);
} else {
$tmp1 = array();
}
$varstring = array();
foreach ($tmp1 as $key1 => $value1) {
$tmp2 = explode("=", $value1);
foreach ($tmp2 as $key2 => $value2) {
$varstring["$tmp2[0]"] = $tmp2[1];
}
}
$CiCMS_Var = '$C' . $value . 'CMS_VALUE';
$CiCMS_VALUE = '';
foreach ($varstring as $key3 => $value3) {
$tmp = urldecode($value3);
$tmp = str_replace("\'", "'", $tmp);
$CiCMS_VALUE .= $CiCMS_Var . '[' . $key3 . ']="' . $tmp . '"; ';
$output = str_replace("\$CMS_VALUE[$key3]", $tmp, $output);
$output = str_replace("CMS_VALUE[$key3]", $tmp, $output);
}
$output = str_replace("CMS_VALUE", $CiCMS_Var, $output);
$output = str_replace("\$" . $CiCMS_Var, $CiCMS_Var, $output);
$output = preg_replace('/(CMS_VALUE\[)([0-9]*)(\])/i', '', $output);
/* Long syntax with closing tag */
$code = preg_replace("/(.*)<\/container>/Uis", "CMS_CONTAINER[$value]", $code);
/* Short syntax */
$code = preg_replace("//i", "CMS_CONTAINER[$value]", $code);
$code = str_ireplace("CMS_CONTAINER[$value]", "\r\n" . $output, $code);
}
}
#
# Find out what kind of CMS_... Vars are in use
#
$sql = "SELECT
*
FROM
" . $cfg["tab"]["content"] . " AS A,
" . $cfg["tab"]["art_lang"] . " AS B,
" . $cfg["tab"]["type"] . " AS C
WHERE
A.idtype = C.idtype AND
A.idartlang = B.idartlang AND
B.idart = '" . Contenido_Security::toInteger($idart) . "' AND
B.idlang = '" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql);
while ($db->next_record()) {
$a_content[$db->f("type")][$db->f("typeid")] = $db->f("value");
}
$sql = "SELECT idartlang FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql);
$db->next_record();
$idartlang = $db->f("idartlang");
#
# Replace all CMS_TAGS[]
#
$sql = "SELECT idtype, type, code FROM " . $cfg["tab"]["type"];
$db->query($sql);
while ($db->next_record()) {
$tmp = preg_match_all("/(" . $db->f("type") . "\[+\d+\])/i", $code, $match);
$a_[strtolower($db->f("type"))] = $match[0];
$success = array_walk($a_[strtolower($db->f("type"))], 'extractNumber');
$search = array();
$replacements = array();
foreach ($a_[strtolower($db->f("type"))] as $val) {
eval($db->f("code"));
$search[$val] = $db->f("type") . "[$val]";
$replacements[$val] = $tmp;
}
$code = str_ireplace($search, $replacements, $code);
}
unset($tmp);
/* output the code */
$code = stripslashes($code);
$code = str_ireplace_once("", "$markSubItem $scripts\n", $code);
$code = str_ireplace_once_reverse("
", "$contentform", $code);
if ($cfg["debug"]["codeoutput"]) {
echo "";
}
$code = str_ireplace_once("
\n" . '', $code);
chdir($cfgClient[$client]["path"]["frontend"]);
ob_start();
eval("?>\n" . $code . "\n