Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'flatpressblog:master' into master

Browse Source
This commit is contained in:
Fraenkiman 2022-12-29 17:06:58 +01:00 committed by GitHub
commit becd7e569a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 353 additions and 348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
admin/panels/entry/admin.entry.delete.php
View File

@ -12,51 +12,50 @@
* @author NoWhereMan <real_nowhereman at users dot sf dot com>
*
*/
class admin_entry_delete extends AdminPanelAction {
var $events = array(
'delete',
'cancel'
);
class admin_entry_delete extends AdminPanelAction {
function main() {
global $fpdb;
var $events = array('delete', 'cancel');
if (isset($_REQUEST ['entry'])) {
$id = $_REQUEST ['entry'];
if ($a = entry_parse($id))
;
else
$a = draft_parse($id);
function main() {
global $fpdb;
if (isset($_REQUEST['entry'])){
$id = $_REQUEST['entry'];
if ($a = entry_parse($id));
else
$a = draft_parse($id);
if ($a) {
if (THEME_LEGACY_MODE) {
theme_entry_filters($a, $id);
}
$this->smarty->assign('entry', $a);
$this->smarty->assign('id', $id);
return 0;
if ($a) {
if (THEME_LEGACY_MODE) {
theme_entry_filters($a, $id);
}
$this->smarty->assign('entry', $a);
$this->smarty->assign('id', $id);
return 0;
}
return 1;
}
function ondelete() {
$id=$_REQUEST['entry'];
$ok=draft_delete($id) || entry_delete($id);
$success = $ok? 2 : -2;
$this->smarty->assign('success',$success);
return 1;
}
function oncancel() {
return 1;
}
return 1;
}
function ondelete() {
$id = $_REQUEST ['entry'];
$ok = draft_delete($id) || entry_delete($id);
$success = $ok ? 2 : -2;
$this->smarty->assign('success', $success);
return 1;
}
function oncancel() {
return 1;
}
}
?>

356
admin/panels/entry/admin.entry.write.php
View File

@ -12,191 +12,203 @@
* @author NoWhereMan <real_nowhereman at users dot sf dot com>
*
*/
class admin_entry_write extends AdminPanelActionValidated {
var $validators = array(
array(
'subject',
'subject',
'notEmpty',
false,
false,
'trim,stripslashes'
),
array(
'content',
'content',
'notEmpty',
false,
false,
'stripslashes'
)
);
var $events = array(
'save',
'preview',
'savecontinue'
);
var $draft = false;
class admin_entry_write extends AdminPanelActionValidated {
var $validators = array(
array('subject', 'subject', 'notEmpty', false, false, 'trim,stripslashes'),
array('content', 'content', 'notEmpty', false, false, 'stripslashes'),
);
var $events = array('save', 'preview', 'savecontinue');
var $draft = false;
function _makePreview($arr, $id=null) {
if (!$id) {
$arr['subject'] = apply_filters('title_save_pre', $arr['subject']);
$arr['content'] = apply_filters('content_save_pre', $arr['content']);
}
if ($this->draft || $this->draft = draft_exists($this->id)) {
if (isset($arr['categories'])
&& is_array($arr['categories']) && !in_array('draft', $arr['categories']) ) {
$arr['categories'][] = 'draft';
} else {
$arr['categories'][] = 'draft';
}
}
// unfiltered content (for editing)
$this->smarty->assign('post', $arr);
if (THEME_LEGACY_MODE) {
theme_entry_filters($arr, $id);
}
// content for preview
$this->smarty->assign('entry', $arr);
$this->smarty->assign('preview', true);
function _makePreview($arr, $id = null) {
if (!$id) {
$arr ['subject'] = apply_filters('title_save_pre', $arr ['subject']);
$arr ['content'] = apply_filters('content_save_pre', $arr ['content']);
}
function makePageTitle($title, $sep) {
global $lang, $panel;
if ($this->draft) {
$this->smarty->append(
'warnings',
$lang['admin']['entry']['write']['msgs']['draft']
);
}
return "$title $sep {$lang['admin']['entry']['write']['head']}";
}
function draft_class($string) {
return "$string draft";
}
function _getCatsFlags() {
//$this->smarty->assign('saved_categories', entry_categories_format());
$this->smarty->assign('saved_flags', entry_flags_get());
}
function setup() {
$this->id = @$_REQUEST['entry'];
$this->smarty->assign('id', $this->id);
}
function main() {
global $lang;
$id = $this->id;
if (isset($_REQUEST['entry'])) {
$arr = draft_parse($id);
if (!$arr)
$arr = entry_parse($id);
else
$this->smarty->assign('draft', true);
// if entry does not exists
if ($arr) {
$this->_makePreview($arr, $id);
}
}
$this->_getCatsFlags();
add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2);
if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class'));
}
function _getposteddata() {
$arr['version'] = system_ver();
$arr['subject'] = ($_POST['subject']);
$arr['content'] = ($_POST['content']);
$author = user_get();
$arr['author'] = $author['userid'];
$arr['date'] = !empty($_POST['timestamp'])?$_POST['timestamp']:date_time();
$cats = !empty($_POST['cats'])?$_POST['cats']:array();
$flags = !empty($_POST['flags'])?$_POST['flags']:array();
$catids = array_merge(array_keys($flags), array_keys($cats));
$this->draft = isset($flags['draft']);
if ($catids)
$arr['categories'] = $catids;
return $arr;
}
function onsave($do_preview = false) {
$id = $this->id;
$data = $this->_getposteddata();
if ($this->draft) {
$success=draft_save($data, $id, true);
$this->smarty->assign('success', $success? 1 : -1 );
if ($this->draft || $this->draft = draft_exists($this->id)) {
if (isset($arr ['categories']) && is_array($arr ['categories']) && !in_array('draft', $arr ['categories'])) {
$arr ['categories'] [] = 'draft';
} else {
$success=entry_save($data, $id);
$this->smarty->assign('success', is_numeric($success)? $success : 1 );
$arr ['categories'] [] = 'draft';
}
// if ($success) sess_remove('entry');
if ($do_preview)
$this->_makePreview($data);
if ($success<0) {
$this->main();
return PANEL_NOREDIRECT;
}
return 1;
}
// unfiltered content (for editing)
$this->smarty->assign('post', $arr);
function onpreview() {
global $lang;
$this->_makePreview($this->_getposteddata());
$this->_getCatsFlags();
add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2);
if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class'));
return 0;
}
function onsavecontinue() {
global $lang;
$this->onsave(true);
$this->_getCatsFlags();
add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2);
if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class'));
}
function onerror() {
$this->main();
return 0;
if (THEME_LEGACY_MODE) {
theme_entry_filters($arr, $id);
}
// content for preview
$this->smarty->assign('entry', $arr);
$this->smarty->assign('preview', true);
}
function makePageTitle($title, $sep) {
global $lang, $panel;
if ($this->draft) {
$this->smarty->append('warnings', $lang ['admin'] ['entry'] ['write'] ['msgs'] ['draft']);
}
return "$title $sep {$lang['admin']['entry']['write']['head']}";
}
function draft_class($string) {
return "$string draft";
}
function _getCatsFlags() {
// $this->smarty->assign('saved_categories', entry_categories_format());
$this->smarty->assign('saved_flags', entry_flags_get());
}
function setup() {
$this->id = @$_REQUEST ['entry'];
$this->smarty->assign('id', $this->id);
}
function main() {
global $lang;
$id = $this->id;
if (isset($_REQUEST ['entry'])) {
$arr = draft_parse($id);
if (!$arr)
$arr = entry_parse($id);
else
$this->smarty->assign('draft', true);
// if entry does not exists
if ($arr) {
$this->_makePreview($arr, $id);
}
}
$this->_getCatsFlags();
add_filter('wp_title', array(
&$this,
'makePageTitle'
), 10, 2);
if ($this->draft)
add_filter('admin_body_class', array(
&$this,
'draft_class'
));
}
function _getposteddata() {
$arr ['version'] = system_ver();
$arr ['subject'] = ($_POST ['subject']);
$arr ['content'] = ($_POST ['content']);
$author = user_get();
$arr ['author'] = $author ['userid'];
$arr ['date'] = !empty($_POST ['timestamp']) ? $_POST ['timestamp'] : date_time();
$cats = !empty($_POST ['cats']) ? $_POST ['cats'] : array();
$flags = !empty($_POST ['flags']) ? $_POST ['flags'] : array();
$catids = array_merge(array_keys($flags), array_keys($cats));
$this->draft = isset($flags ['draft']);
if ($catids)
$arr ['categories'] = $catids;
return $arr;
}
function onsave($do_preview = false) {
$id = $this->id;
$data = $this->_getposteddata();
if ($this->draft) {
$success = draft_save($data, $id, true);
$this->smarty->assign('success', $success ? 1 : -1);
} else {
$success = entry_save($data, $id);
$this->smarty->assign('success', is_numeric($success) ? $success : 1);
}
// if ($success) sess_remove('entry');
if ($do_preview)
$this->_makePreview($data);
if ($success < 0) {
$this->main();
return PANEL_NOREDIRECT;
}
return 1;
}
function onpreview() {
global $lang;
$this->_makePreview($this->_getposteddata());
$this->_getCatsFlags();
add_filter('wp_title', array(
&$this,
'makePageTitle'
), 10, 2);
if ($this->draft)
add_filter('admin_body_class', array(
&$this,
'draft_class'
));
return 0;
}
function onsavecontinue() {
global $lang;
$this->onsave(true);
$this->_getCatsFlags();
add_filter('wp_title', array(
&$this,
'makePageTitle'
), 10, 2);
if ($this->draft)
add_filter('admin_body_class', array(
&$this,
'draft_class'
));
}
function onerror() {
$this->main();
return 0;
}
}
?>

10
fp-includes/core/core.users.php
View File

@ -49,7 +49,8 @@ function user_login($userid, $pwd, $params = null) {
if (password_verify($userid . $pwd, $user ['password'])) {
$loggedin = true;
} //
// for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5)
// If this didn't work, the passwords may have been created with FlatPress 1.1 or earlier.
// So we check the password the old-fashioned way (with wp_hash() which uses md5):
elseif (wp_hash($userid . $pwd) == $user ['password']) {
$loggedin = true;
@ -110,6 +111,13 @@ function user_loggedin() {
return false;
}
/**
* Returns the user information as associative array
*
* @param string $userid
* optional: The ID (shortname) of a specific user
* @return array the user information array
*/
function user_get($userid = null) {
if ($userid == null && ($user = user_loggedin())) {
return $user;

79
fp-includes/core/core.wp-functions.php
View File

@ -1,70 +1,85 @@
<?php
/**
* Returns the given action URL with the current nonce.
*
* @param string $actionurl
* the URL
* @param unknown $action
* @return string the URL with the nonce
*/
function wp_nonce_url($actionurl, $action = -1) {
return wp_specialchars( $actionurl . '&_wpnonce=' . wp_create_nonce($action) );
return wp_specialchars($actionurl . '&_wpnonce=' . wp_create_nonce($action));
}
/**
* Echoes a hidden input field containing the Nonce
*
* @param int $action
*/
function wp_nonce_field($action = -1) {
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
wp_referer_field();
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
wp_referer_field();
}
/**
* Echoes a hidden input field containing the referrer
*/
function wp_referer_field() {
$ref = wp_specialchars($_SERVER['REQUEST_URI']);
echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
if ( wp_get_original_referer() ) {
$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
}
$ref = wp_specialchars($_SERVER ['REQUEST_URI']);
echo '<input type="hidden" name="_wp_http_referer" value="' . $ref . '" />';
if (wp_get_original_referer()) {
$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
echo '<input type="hidden" name="_wp_original_http_referer" value="' . $original_ref . '" />';
}
}
function wp_original_referer_field() {
echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER ['REQUEST_URI'])) . '" />';
}
function wp_get_referer() {
foreach ( array(@$_REQUEST['_wp_http_referer'],@$_SERVER['HTTP_REFERER']) as $ref )
if ( !empty($ref) )
return $ref;
return false;
foreach (array(
@$_REQUEST ['_wp_http_referer'],
@$_SERVER ['HTTP_REFERER']
) as $ref)
if (!empty($ref))
return $ref;
return false;
}
function wp_get_original_referer() {
if ( !empty($_REQUEST['_wp_original_http_referer']) )
return $_REQUEST['_wp_original_http_referer'];
return false;
if (!empty($_REQUEST ['_wp_original_http_referer']))
return $_REQUEST ['_wp_original_http_referer'];
return false;
}
function add_magic_quotes($array) {
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = add_magic_quotes($v);
$array [$k] = add_magic_quotes($v);
} else {
$array[$k] = addslashes($v);
$array [$k] = addslashes($v);
}
}
return $array;
}
function wp_remote_fopen( $uri ) {
if ( ini_get('allow_url_fopen') ) {
$fp = fopen( $uri, 'r' );
if ( !$fp )
function wp_remote_fopen($uri) {
if (ini_get('allow_url_fopen')) {
$fp = fopen($uri, 'r');
if (!$fp)
return false;
$linea = '';
while( $remote_read = fread($fp, 4096) )
while ($remote_read = fread($fp, 4096))
$linea .= $remote_read;
fclose($fp);
return $linea;
} else if ( function_exists('curl_init') ) {
} else if (function_exists('curl_init')) {
$handle = curl_init();
curl_setopt ($handle, CURLOPT_URL, $uri);
curl_setopt ($handle, CURLOPT_CONNECTTIMEOUT, 1);
curl_setopt ($handle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($handle, CURLOPT_URL, $uri);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 1);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1);
$buffer = curl_exec($handle);
curl_close($handle);
return $buffer;

34
fp-includes/core/core.wp-pluggable-funcs.php
View File

@ -331,10 +331,12 @@ if (!function_exists('wp_verify_nonce')) :
$user = user_get();
$uid = $user ['userid'];
$i = ceil(time() / 43200);
// new nonce each 12 hours
$i = ceil(time() / (60 * 60 * 12));
// Allow for expanding range, but only do one check if we can
if (substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
$expectedNonce = substr(wp_hash($i . $action . $uid), -12, 10);
if ($expectedNonce == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce)
return true;
return false;
}
@ -342,11 +344,20 @@ endif;
if (!function_exists('wp_create_nonce')) :
/**
* Creates and returns the valid nonce.
*
* @param int $action
* optional: the action
* @return string the nonce
*/
function wp_create_nonce($action = -1) {
// get the info array of the user currenty logged in
$user = user_get();
$uid = $user ['userid'];
$i = ceil(time() / 43200);
// new nonce each 12 hours
$i = ceil(time() / (60 * 60 * 12));
return substr(wp_hash($i . $action . $uid), -12, 10);
}
@ -355,18 +366,20 @@ endif;
if (!function_exists('wp_salt')) :
/**
* Returns a salt for hashing.<br>
* The salt is unique for each FlatPress installation; see <code>fp-content/config/hashsalt.conf.php</code>
*
* @return NULL|unknown
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
* @return string the salt
*/
function wp_salt() {
global $fp_config;
static $salt = null;
if (!$salt) {
// get the salt from the hashsalt file
@include (HASHSALT_FILE);
if (!$fp_hashsalt)
if (!$fp_hashsalt) {
trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR);
}
$salt = $fp_hashsalt;
}
return $salt;
@ -376,10 +389,11 @@ endif;
if (!function_exists('wp_hash')) :
/**
* Creates a salted MD5 hash of the given string.
*
* @param unknown $data
* @return string
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
* @param string $data
* the string to hash
* @return string the hash
*/
function wp_hash($data) {
$salt = wp_salt();

64
fp-includes/core/core.wp-pluggable-funcs_old.php
View File

@ -1,64 +0,0 @@
<?php
/* These functions can be replaced via plugins. They are loaded after
plugins are loaded. */
function get_settings() {
}
function wp_filter_kses($str) {
return $str;
}
//----------------------------------------------------------------------------
// WordPress pluggable functions
//----------------------------------------------------------------------------
/*
get_currentuserinfo()
Grabs the information of the current logged in user, if there is one. Essentially a
wrapper for get_userdata(), but it also stores information in global variables.
get_userdata($userid)
Pulls user information for the specified user from the database.
get_userdatabylogin($user_login)
Pulls user information for the specified user from the database.
wp_mail($to, $subject, $message, $headers = '')
A convenient wrapper for PHP's mail function.
wp_login($username, $password, $already_md5 = false)
Returns true if the specified username and password correspond to a registered
user.
auth_redirect()
If a user is not logged in, he or she will be redirected to WordPress' login page before
being allowed to access content on the page from which this function was called.
Upon sucessfully logging in, the user is sent back to the page in question.
wp_redirect($location)
Redirects a browser to the absolute URI specified by the $location parameter.
wp_setcookie($username, $password, $already_md5 = false, $home =
'', $siteurl = '')
Sets the WordPress cookies for a logged in user. See WordPress Cookies.
wp_clearcookie()
Clears the cookies for a logged in user. See WordPress Cookies.
wp_notify_postauthor($comment_id, $comment_type='')
Emails the author of the comment's post the content of the comment specified.
wp_notify_moderator($comment_id)
Informs the administrative email account that the comment specified needs to be
moderated. See General Options SubPanel.
*/
if ( !function_exists('wp_mail') ) :
function wp_mail($to, $subject, $message, $headers = '') {
if( $headers == '' ) {
$headers = "MIME-Version: 1.0\n" .
"From: " . get_settings('admin_email') . "\n" .
"Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
}
return @mail($to, $subject, $message, $headers);
}
endif;
?>

2
fp-interface/lang/cs-cz/lang.comments.php
View File

@ -11,4 +11,6 @@ S pozdravem %blogtitle%
';
$lang ['comments'] ['newcomment'] = 'Nový komentář k';
?>

2
fp-interface/lang/el-gr/lang.comments.php
View File

@ -16,4 +16,6 @@ $lang ['comments'] ['mail'] = 'Αγαπητέ/η %toname%,
';
$lang ['comments'] ['newcomment'] = 'νέο σχόλιο στο';
?>

2
fp-interface/lang/es-es/lang.comments.php
View File

@ -16,4 +16,6 @@ Todo lo mejor,
';
$lang ['comments'] ['newcomment'] = 'Nuevo comentario sobre';
?>

2
fp-interface/lang/fr-fr/lang.comments.php
View File

@ -16,4 +16,6 @@ Cordialement,
';
$lang ['comments'] ['newcomment'] = 'Nouveau commentaire sur';
?>

2
fp-interface/lang/it-it/lang.comments.php
View File

@ -16,4 +16,6 @@ Saluti,
';
$lang ['comments'] ['newcomment'] = 'Nuovo commento su';
?>

2
fp-interface/lang/ja-jp/lang.comments.php
View File

@ -19,4 +19,6 @@ $lang ['comments'] ['mail'] = '%toname% さま,
';
$lang ['comments'] ['newcomment'] = 'の新しいコメント';
?>

2
fp-interface/lang/nl-nl/lang.comments.php
View File

@ -16,4 +16,6 @@ Groeten,
';
$lang ['comments'] ['newcomment'] = 'Nieuw commentaar op';
?>

2
fp-interface/lang/pt-br/lang.comments.php
View File

@ -17,4 +17,6 @@ Um abraço,
';
$lang ['comments'] ['newcomment'] = 'Novo comentário em';
?>

5
fp-plugins/mediamanager/panels/panel.mediamanager.file.php
View File

@ -74,8 +74,13 @@ class admin_uploader_mediamanager extends AdminPanelAction {
}
function doItemActions($folder, $mmbaseurl) {
/* delete file */
if (isset($_GET ['deletefile'])) {
// at first: check if nonce was given correctly
check_admin_referer('mediamanager_deletefile');
// now get the file to be deleted
list ($type, $name) = explode("-", $_GET ['deletefile'], 2);
// prevent path traversal: remove ".." and "/" resp. "\"
$name = preg_replace('(\.\.|\/|\\\\)', '', $name);

4
fp-plugins/mediamanager/tpls/admin.plugin.mediamanager.files.tpl
View File

@ -43,7 +43,7 @@
<td>{$v.size}</td>
<td>{$v.mtime}</td>
<td>
<a class="link-delete" href="{$mmbaseurl}&deletefile={$v.type}-{$v.name}">{$plang.delete}</a>
<a class="link-delete" href="{wp_nonce_url("{$mmbaseurl}&deletefile={$v.type}-{$v.name}", 'mediamanager_deletefile')}">{$plang.delete}</a>
</td>
</tr>
{/foreach}
@ -70,7 +70,7 @@
<td>{$v.size}</td>
<td>{$v.mtime}</td>
<td>
<a class="link-delete" href="{$mmbaseurl}&deletefile={$v.type}-{$v.name}">{$plang.delete}</a>
<a class="link-delete" href="{wp_nonce_url("{$mmbaseurl}&deletefile={$v.type}-{$v.name}", 'mediamanager_deletefile')}">{$plang.delete}</a>
</td>
</tr>
{/foreach}

12
index.php
View File

@ -10,7 +10,7 @@ if (!file_exists(CONFIG_FILE))
/* local function defines follow */
function index_permatitle($val, $sep) {
global $fpdb;
$q = & $fpdb->getQuery();
$q = &$fpdb->getQuery();
list ($id, $e) = @$q->peekEntry();
if ($e)
return "{$e['subject']} {$sep} $val ";
@ -126,12 +126,12 @@ function index_main() {
$module = 'index.tpl';
$can404 = true;
if (!empty($fp_params ['entry'])) {
// register all Smarty modifier functions used by the templates
$smarty->registerPlugin('modifier', 'wp_specialchars', 'wp_specialchars');
if (!empty($fp_params ['entry'])) {
index_singlepost($params, $module);
} elseif (
($explicit_req = $page = @$fp_params ['page']) || (empty($fp_params) && $page = @$fp_config ['general'] ['startpage']))
{
} elseif (($explicit_req = $page = @$fp_params ['page']) || (empty($fp_params) && $page = @$fp_config ['general'] ['startpage'])) {
index_staticpage($page, $explicit_req, $params, $module);
return $module;
@ -163,7 +163,7 @@ function index_main() {
$fpdb->query($params);
$q = & $fpdb->getQuery();
$q = &$fpdb->getQuery();
list ($id, $e) = $q->peekEntry();
/* no entry found : 404 */