Merge branch 'flatpressblog:master' into master
This commit is contained in:
Fraenkiman
GitHub
commit
becd7e569a
@ -12,18 +12,20 @@
|
||||
* @author NoWhereMan <real_nowhereman at users dot sf dot com>
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
class admin_entry_delete extends AdminPanelAction {
|
||||
|
||||
var $events = array('delete', 'cancel');
|
||||
var $events = array(
|
||||
'delete',
|
||||
'cancel'
|
||||
);
|
||||
|
||||
function main() {
|
||||
global $fpdb;
|
||||
|
||||
if (isset($_REQUEST ['entry'])) {
|
||||
$id = $_REQUEST ['entry'];
|
||||
if ($a = entry_parse($id));
|
||||
if ($a = entry_parse($id))
|
||||
;
|
||||
else
|
||||
$a = draft_parse($id);
|
||||
|
||||
@ -36,15 +38,12 @@
|
||||
$this->smarty->assign('entry', $a);
|
||||
$this->smarty->assign('id', $id);
|
||||
return 0;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
||||
}
|
||||
|
||||
|
||||
function ondelete() {
|
||||
$id = $_REQUEST ['entry'];
|
||||
$ok = draft_delete($id) || entry_delete($id);
|
||||
|
||||
@ -12,36 +12,47 @@
|
||||
* @author NoWhereMan <real_nowhereman at users dot sf dot com>
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
|
||||
|
||||
class admin_entry_write extends AdminPanelActionValidated {
|
||||
|
||||
var $validators = array(
|
||||
array('subject', 'subject', 'notEmpty', false, false, 'trim,stripslashes'),
|
||||
array('content', 'content', 'notEmpty', false, false, 'stripslashes'),
|
||||
array(
|
||||
'subject',
|
||||
'subject',
|
||||
'notEmpty',
|
||||
false,
|
||||
false,
|
||||
'trim,stripslashes'
|
||||
),
|
||||
array(
|
||||
'content',
|
||||
'content',
|
||||
'notEmpty',
|
||||
false,
|
||||
false,
|
||||
'stripslashes'
|
||||
)
|
||||
);
|
||||
|
||||
var $events = array(
|
||||
'save',
|
||||
'preview',
|
||||
'savecontinue'
|
||||
);
|
||||
|
||||
var $events = array('save', 'preview', 'savecontinue');
|
||||
var $draft = false;
|
||||
|
||||
function _makePreview($arr, $id = null) {
|
||||
|
||||
if (!$id) {
|
||||
$arr ['subject'] = apply_filters('title_save_pre', $arr ['subject']);
|
||||
$arr ['content'] = apply_filters('content_save_pre', $arr ['content']);
|
||||
}
|
||||
|
||||
|
||||
if ($this->draft || $this->draft = draft_exists($this->id)) {
|
||||
if (isset($arr['categories'])
|
||||
&& is_array($arr['categories']) && !in_array('draft', $arr['categories']) ) {
|
||||
if (isset($arr ['categories']) && is_array($arr ['categories']) && !in_array('draft', $arr ['categories'])) {
|
||||
$arr ['categories'] [] = 'draft';
|
||||
} else {
|
||||
$arr ['categories'] [] = 'draft';
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// unfiltered content (for editing)
|
||||
@ -59,10 +70,7 @@
|
||||
function makePageTitle($title, $sep) {
|
||||
global $lang, $panel;
|
||||
if ($this->draft) {
|
||||
$this->smarty->append(
|
||||
'warnings',
|
||||
$lang['admin']['entry']['write']['msgs']['draft']
|
||||
);
|
||||
$this->smarty->append('warnings', $lang ['admin'] ['entry'] ['write'] ['msgs'] ['draft']);
|
||||
}
|
||||
return "$title $sep {$lang['admin']['entry']['write']['head']}";
|
||||
}
|
||||
@ -75,19 +83,14 @@
|
||||
|
||||
// $this->smarty->assign('saved_categories', entry_categories_format());
|
||||
$this->smarty->assign('saved_flags', entry_flags_get());
|
||||
|
||||
}
|
||||
|
||||
function setup() {
|
||||
|
||||
$this->id = @$_REQUEST ['entry'];
|
||||
$this->smarty->assign('id', $this->id);
|
||||
|
||||
|
||||
}
|
||||
|
||||
function main() {
|
||||
|
||||
global $lang;
|
||||
|
||||
$id = $this->id;
|
||||
@ -105,17 +108,21 @@
|
||||
if ($arr) {
|
||||
$this->_makePreview($arr, $id);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$this->_getCatsFlags();
|
||||
add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2);
|
||||
if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class'));
|
||||
|
||||
add_filter('wp_title', array(
|
||||
&$this,
|
||||
'makePageTitle'
|
||||
), 10, 2);
|
||||
if ($this->draft)
|
||||
add_filter('admin_body_class', array(
|
||||
&$this,
|
||||
'draft_class'
|
||||
));
|
||||
}
|
||||
|
||||
function _getposteddata() {
|
||||
|
||||
$arr ['version'] = system_ver();
|
||||
$arr ['subject'] = ($_POST ['subject']);
|
||||
$arr ['content'] = ($_POST ['content']);
|
||||
@ -123,7 +130,6 @@
|
||||
$arr ['author'] = $author ['userid'];
|
||||
$arr ['date'] = !empty($_POST ['timestamp']) ? $_POST ['timestamp'] : date_time();
|
||||
|
||||
|
||||
$cats = !empty($_POST ['cats']) ? $_POST ['cats'] : array();
|
||||
$flags = !empty($_POST ['flags']) ? $_POST ['flags'] : array();
|
||||
|
||||
@ -134,11 +140,9 @@
|
||||
$arr ['categories'] = $catids;
|
||||
|
||||
return $arr;
|
||||
|
||||
}
|
||||
|
||||
function onsave($do_preview = false) {
|
||||
|
||||
$id = $this->id;
|
||||
$data = $this->_getposteddata();
|
||||
|
||||
@ -152,7 +156,6 @@
|
||||
|
||||
// if ($success) sess_remove('entry');
|
||||
|
||||
|
||||
if ($do_preview)
|
||||
$this->_makePreview($data);
|
||||
|
||||
@ -164,21 +167,24 @@
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
function onpreview() {
|
||||
global $lang;
|
||||
|
||||
$this->_makePreview($this->_getposteddata());
|
||||
|
||||
|
||||
$this->_getCatsFlags();
|
||||
|
||||
add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2);
|
||||
if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class'));
|
||||
add_filter('wp_title', array(
|
||||
&$this,
|
||||
'makePageTitle'
|
||||
), 10, 2);
|
||||
if ($this->draft)
|
||||
add_filter('admin_body_class', array(
|
||||
&$this,
|
||||
'draft_class'
|
||||
));
|
||||
|
||||
return 0;
|
||||
|
||||
|
||||
}
|
||||
|
||||
function onsavecontinue() {
|
||||
@ -187,11 +193,17 @@
|
||||
|
||||
$this->_getCatsFlags();
|
||||
|
||||
add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2);
|
||||
if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class'));
|
||||
add_filter('wp_title', array(
|
||||
&$this,
|
||||
'makePageTitle'
|
||||
), 10, 2);
|
||||
if ($this->draft)
|
||||
add_filter('admin_body_class', array(
|
||||
&$this,
|
||||
'draft_class'
|
||||
));
|
||||
}
|
||||
|
||||
|
||||
function onerror() {
|
||||
$this->main();
|
||||
return 0;
|
||||
|
||||
@ -49,7 +49,8 @@ function user_login($userid, $pwd, $params = null) {
|
||||
if (password_verify($userid . $pwd, $user ['password'])) {
|
||||
$loggedin = true;
|
||||
} //
|
||||
// for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5)
|
||||
// If this didn't work, the passwords may have been created with FlatPress 1.1 or earlier.
|
||||
// So we check the password the old-fashioned way (with wp_hash() which uses md5):
|
||||
elseif (wp_hash($userid . $pwd) == $user ['password']) {
|
||||
$loggedin = true;
|
||||
|
||||
@ -110,6 +111,13 @@ function user_loggedin() {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the user information as associative array
|
||||
*
|
||||
* @param string $userid
|
||||
* optional: The ID (shortname) of a specific user
|
||||
* @return array the user information array
|
||||
*/
|
||||
function user_get($userid = null) {
|
||||
if ($userid == null && ($user = user_loggedin())) {
|
||||
return $user;
|
||||
|
||||
@ -1,14 +1,30 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Returns the given action URL with the current nonce.
|
||||
*
|
||||
* @param string $actionurl
|
||||
* the URL
|
||||
* @param unknown $action
|
||||
* @return string the URL with the nonce
|
||||
*/
|
||||
function wp_nonce_url($actionurl, $action = -1) {
|
||||
return wp_specialchars($actionurl . '&_wpnonce=' . wp_create_nonce($action));
|
||||
}
|
||||
|
||||
/**
|
||||
* Echoes a hidden input field containing the Nonce
|
||||
*
|
||||
* @param int $action
|
||||
*/
|
||||
function wp_nonce_field($action = -1) {
|
||||
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
|
||||
wp_referer_field();
|
||||
}
|
||||
|
||||
/**
|
||||
* Echoes a hidden input field containing the referrer
|
||||
*/
|
||||
function wp_referer_field() {
|
||||
$ref = wp_specialchars($_SERVER ['REQUEST_URI']);
|
||||
echo '<input type="hidden" name="_wp_http_referer" value="' . $ref . '" />';
|
||||
@ -23,7 +39,10 @@ function wp_original_referer_field() {
|
||||
}
|
||||
|
||||
function wp_get_referer() {
|
||||
foreach ( array(@$_REQUEST['_wp_http_referer'],@$_SERVER['HTTP_REFERER']) as $ref )
|
||||
foreach (array(
|
||||
@$_REQUEST ['_wp_http_referer'],
|
||||
@$_SERVER ['HTTP_REFERER']
|
||||
) as $ref)
|
||||
if (!empty($ref))
|
||||
return $ref;
|
||||
return false;
|
||||
@ -35,10 +54,6 @@ function wp_get_original_referer() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
function add_magic_quotes($array) {
|
||||
foreach ($array as $k => $v) {
|
||||
if (is_array($v)) {
|
||||
|
||||
@ -331,10 +331,12 @@ if (!function_exists('wp_verify_nonce')) :
|
||||
$user = user_get();
|
||||
$uid = $user ['userid'];
|
||||
|
||||
$i = ceil(time() / 43200);
|
||||
// new nonce each 12 hours
|
||||
$i = ceil(time() / (60 * 60 * 12));
|
||||
|
||||
// Allow for expanding range, but only do one check if we can
|
||||
if (substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
|
||||
$expectedNonce = substr(wp_hash($i . $action . $uid), -12, 10);
|
||||
if ($expectedNonce == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
@ -342,11 +344,20 @@ endif;
|
||||
|
||||
if (!function_exists('wp_create_nonce')) :
|
||||
|
||||
/**
|
||||
* Creates and returns the valid nonce.
|
||||
*
|
||||
* @param int $action
|
||||
* optional: the action
|
||||
* @return string the nonce
|
||||
*/
|
||||
function wp_create_nonce($action = -1) {
|
||||
// get the info array of the user currenty logged in
|
||||
$user = user_get();
|
||||
$uid = $user ['userid'];
|
||||
|
||||
$i = ceil(time() / 43200);
|
||||
// new nonce each 12 hours
|
||||
$i = ceil(time() / (60 * 60 * 12));
|
||||
|
||||
return substr(wp_hash($i . $action . $uid), -12, 10);
|
||||
}
|
||||
@ -355,18 +366,20 @@ endif;
|
||||
if (!function_exists('wp_salt')) :
|
||||
|
||||
/**
|
||||
* Returns a salt for hashing.<br>
|
||||
* The salt is unique for each FlatPress installation; see <code>fp-content/config/hashsalt.conf.php</code>
|
||||
*
|
||||
* @return NULL|unknown
|
||||
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
|
||||
* @return string the salt
|
||||
*/
|
||||
function wp_salt() {
|
||||
global $fp_config;
|
||||
static $salt = null;
|
||||
if (!$salt) {
|
||||
// get the salt from the hashsalt file
|
||||
@include (HASHSALT_FILE);
|
||||
if (!$fp_hashsalt)
|
||||
if (!$fp_hashsalt) {
|
||||
trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR);
|
||||
|
||||
}
|
||||
$salt = $fp_hashsalt;
|
||||
}
|
||||
return $salt;
|
||||
@ -376,10 +389,11 @@ endif;
|
||||
if (!function_exists('wp_hash')) :
|
||||
|
||||
/**
|
||||
* Creates a salted MD5 hash of the given string.
|
||||
*
|
||||
* @param unknown $data
|
||||
* @return string
|
||||
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
|
||||
* @param string $data
|
||||
* the string to hash
|
||||
* @return string the hash
|
||||
*/
|
||||
function wp_hash($data) {
|
||||
$salt = wp_salt();
|
||||
|
||||
@ -1,64 +0,0 @@
|
||||
<?php
|
||||
|
||||
/* These functions can be replaced via plugins. They are loaded after
|
||||
plugins are loaded. */
|
||||
|
||||
|
||||
function get_settings() {
|
||||
|
||||
}
|
||||
|
||||
function wp_filter_kses($str) {
|
||||
return $str;
|
||||
}
|
||||
|
||||
//----------------------------------------------------------------------------
|
||||
// WordPress pluggable functions
|
||||
//----------------------------------------------------------------------------
|
||||
|
||||
|
||||
/*
|
||||
get_currentuserinfo()
|
||||
Grabs the information of the current logged in user, if there is one. Essentially a
|
||||
wrapper for get_userdata(), but it also stores information in global variables.
|
||||
get_userdata($userid)
|
||||
Pulls user information for the specified user from the database.
|
||||
get_userdatabylogin($user_login)
|
||||
Pulls user information for the specified user from the database.
|
||||
wp_mail($to, $subject, $message, $headers = '')
|
||||
A convenient wrapper for PHP's mail function.
|
||||
wp_login($username, $password, $already_md5 = false)
|
||||
Returns true if the specified username and password correspond to a registered
|
||||
user.
|
||||
auth_redirect()
|
||||
If a user is not logged in, he or she will be redirected to WordPress' login page before
|
||||
being allowed to access content on the page from which this function was called.
|
||||
Upon sucessfully logging in, the user is sent back to the page in question.
|
||||
wp_redirect($location)
|
||||
Redirects a browser to the absolute URI specified by the $location parameter.
|
||||
wp_setcookie($username, $password, $already_md5 = false, $home =
|
||||
'', $siteurl = '')
|
||||
Sets the WordPress cookies for a logged in user. See WordPress Cookies.
|
||||
wp_clearcookie()
|
||||
Clears the cookies for a logged in user. See WordPress Cookies.
|
||||
wp_notify_postauthor($comment_id, $comment_type='')
|
||||
Emails the author of the comment's post the content of the comment specified.
|
||||
wp_notify_moderator($comment_id)
|
||||
Informs the administrative email account that the comment specified needs to be
|
||||
moderated. See General Options SubPanel.
|
||||
*/
|
||||
|
||||
if ( !function_exists('wp_mail') ) :
|
||||
function wp_mail($to, $subject, $message, $headers = '') {
|
||||
if( $headers == '' ) {
|
||||
$headers = "MIME-Version: 1.0\n" .
|
||||
"From: " . get_settings('admin_email') . "\n" .
|
||||
"Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
|
||||
}
|
||||
|
||||
return @mail($to, $subject, $message, $headers);
|
||||
}
|
||||
endif;
|
||||
|
||||
|
||||
?>
|
||||
@ -11,4 +11,6 @@ S pozdravem %blogtitle%
|
||||
|
||||
';
|
||||
|
||||
$lang ['comments'] ['newcomment'] = 'Nový komentář k';
|
||||
|
||||
?>
|
||||
|
||||
@ -16,4 +16,6 @@ $lang ['comments'] ['mail'] = 'Αγαπητέ/η %toname%,
|
||||
|
||||
';
|
||||
|
||||
$lang ['comments'] ['newcomment'] = 'νέο σχόλιο στο';
|
||||
|
||||
?>
|
||||
|
||||
@ -16,4 +16,6 @@ Todo lo mejor,
|
||||
|
||||
';
|
||||
|
||||
$lang ['comments'] ['newcomment'] = 'Nuevo comentario sobre';
|
||||
|
||||
?>
|
||||
|
||||
@ -16,4 +16,6 @@ Cordialement,
|
||||
|
||||
';
|
||||
|
||||
$lang ['comments'] ['newcomment'] = 'Nouveau commentaire sur';
|
||||
|
||||
?>
|
||||
|
||||
@ -16,4 +16,6 @@ Saluti,
|
||||
|
||||
';
|
||||
|
||||
$lang ['comments'] ['newcomment'] = 'Nuovo commento su';
|
||||
|
||||
?>
|
||||
|
||||
@ -19,4 +19,6 @@ $lang ['comments'] ['mail'] = '%toname% さま,
|
||||
|
||||
';
|
||||
|
||||
$lang ['comments'] ['newcomment'] = 'の新しいコメント';
|
||||
|
||||
?>
|
||||
|
||||
@ -16,4 +16,6 @@ Groeten,
|
||||
|
||||
';
|
||||
|
||||
$lang ['comments'] ['newcomment'] = 'Nieuw commentaar op';
|
||||
|
||||
?>
|
||||
|
||||
@ -17,4 +17,6 @@ Um abraço,
|
||||
|
||||
';
|
||||
|
||||
$lang ['comments'] ['newcomment'] = 'Novo comentário em';
|
||||
|
||||
?>
|
||||
|
||||
@ -74,8 +74,13 @@ class admin_uploader_mediamanager extends AdminPanelAction {
|
||||
}
|
||||
|
||||
function doItemActions($folder, $mmbaseurl) {
|
||||
|
||||
/* delete file */
|
||||
if (isset($_GET ['deletefile'])) {
|
||||
// at first: check if nonce was given correctly
|
||||
check_admin_referer('mediamanager_deletefile');
|
||||
|
||||
// now get the file to be deleted
|
||||
list ($type, $name) = explode("-", $_GET ['deletefile'], 2);
|
||||
// prevent path traversal: remove ".." and "/" resp. "\"
|
||||
$name = preg_replace('(\.\.|\/|\\\\)', '', $name);
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
<td>{$v.size}</td>
|
||||
<td>{$v.mtime}</td>
|
||||
<td>
|
||||
<a class="link-delete" href="{$mmbaseurl}&deletefile={$v.type}-{$v.name}">{$plang.delete}</a>
|
||||
<a class="link-delete" href="{wp_nonce_url("{$mmbaseurl}&deletefile={$v.type}-{$v.name}", 'mediamanager_deletefile')}">{$plang.delete}</a>
|
||||
</td>
|
||||
</tr>
|
||||
{/foreach}
|
||||
@ -70,7 +70,7 @@
|
||||
<td>{$v.size}</td>
|
||||
<td>{$v.mtime}</td>
|
||||
<td>
|
||||
<a class="link-delete" href="{$mmbaseurl}&deletefile={$v.type}-{$v.name}">{$plang.delete}</a>
|
||||
<a class="link-delete" href="{wp_nonce_url("{$mmbaseurl}&deletefile={$v.type}-{$v.name}", 'mediamanager_deletefile')}">{$plang.delete}</a>
|
||||
</td>
|
||||
</tr>
|
||||
{/foreach}
|
||||
|
||||
@ -126,12 +126,12 @@ function index_main() {
|
||||
$module = 'index.tpl';
|
||||
$can404 = true;
|
||||
|
||||
if (!empty($fp_params ['entry'])) {
|
||||
// register all Smarty modifier functions used by the templates
|
||||
$smarty->registerPlugin('modifier', 'wp_specialchars', 'wp_specialchars');
|
||||
|
||||
if (!empty($fp_params ['entry'])) {
|
||||
index_singlepost($params, $module);
|
||||
} elseif (
|
||||
($explicit_req = $page = @$fp_params ['page']) || (empty($fp_params) && $page = @$fp_config ['general'] ['startpage']))
|
||||
{
|
||||
} elseif (($explicit_req = $page = @$fp_params ['page']) || (empty($fp_params) && $page = @$fp_config ['general'] ['startpage'])) {
|
||||
|
||||
index_staticpage($page, $explicit_req, $params, $module);
|
||||
return $module;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user