From d8991285c65e8a33bf35a82985e809f7173d95c4 Mon Sep 17 00:00:00 2001 From: azett Date: Thu, 29 Dec 2022 14:20:31 +0100 Subject: [PATCH] added API doc; fixed code formatting --- admin/panels/entry/admin.entry.delete.php | 99 +++-- admin/panels/entry/admin.entry.write.php | 374 ++++++++++--------- fp-includes/core/core.users.php | 10 +- fp-includes/core/core.wp-functions.php | 83 ++-- fp-includes/core/core.wp-pluggable-funcs.php | 31 +- 5 files changed, 322 insertions(+), 275 deletions(-) diff --git a/admin/panels/entry/admin.entry.delete.php b/admin/panels/entry/admin.entry.delete.php index ba52278..752170d 100755 --- a/admin/panels/entry/admin.entry.delete.php +++ b/admin/panels/entry/admin.entry.delete.php @@ -3,60 +3,59 @@ /** * edit entry panel * - * Type: - * Name: - * Date: - * Purpose: + * Type: + * Name: + * Date: + * Purpose: * Input: - * - * @author NoWhereMan * + * @author NoWhereMan + * */ - - - class admin_entry_delete extends AdminPanelAction { - - var $events = array('delete', 'cancel'); - - function main() { - global $fpdb; - - if (isset($_REQUEST['entry'])){ - $id = $_REQUEST['entry']; - if ($a = entry_parse($id)); - else - $a = draft_parse($id); - - if ($a) { - - if (THEME_LEGACY_MODE) { - theme_entry_filters($a, $id); - } - - $this->smarty->assign('entry', $a); - $this->smarty->assign('id', $id); - return 0; - - } +class admin_entry_delete extends AdminPanelAction { + + var $events = array( + 'delete', + 'cancel' + ); + + function main() { + global $fpdb; + + if (isset($_REQUEST ['entry'])) { + $id = $_REQUEST ['entry']; + if ($a = entry_parse($id)) + ; + else + $a = draft_parse($id); + + if ($a) { + + if (THEME_LEGACY_MODE) { + theme_entry_filters($a, $id); + } + + $this->smarty->assign('entry', $a); + $this->smarty->assign('id', $id); + return 0; } - - return 1; - - } - - - function ondelete() { - $id=$_REQUEST['entry']; - $ok=draft_delete($id) || entry_delete($id); - - $success = $ok? 2 : -2; - $this->smarty->assign('success',$success); - return 1; - } - - function oncancel() { - return 1; } - } + return 1; + } + + function ondelete() { + $id = $_REQUEST ['entry']; + $ok = draft_delete($id) || entry_delete($id); + + $success = $ok ? 2 : -2; + $this->smarty->assign('success', $success); + return 1; + } + + function oncancel() { + return 1; + } + +} ?> diff --git a/admin/panels/entry/admin.entry.write.php b/admin/panels/entry/admin.entry.write.php index 2000a14..d75ed49 100755 --- a/admin/panels/entry/admin.entry.write.php +++ b/admin/panels/entry/admin.entry.write.php @@ -3,200 +3,212 @@ /** * edit entry panel * - * Type: - * Name: - * Date: - * Purpose: + * Type: + * Name: + * Date: + * Purpose: * Input: - * - * @author NoWhereMan * + * @author NoWhereMan + * */ - - - +class admin_entry_write extends AdminPanelActionValidated { - class admin_entry_write extends AdminPanelActionValidated { - - var $validators = array( - array('subject', 'subject', 'notEmpty', false, false, 'trim,stripslashes'), - array('content', 'content', 'notEmpty', false, false, 'stripslashes'), - ); - - var $events = array('save', 'preview', 'savecontinue'); - var $draft = false; - - function _makePreview($arr, $id=null) { - - if (!$id) { - $arr['subject'] = apply_filters('title_save_pre', $arr['subject']); - $arr['content'] = apply_filters('content_save_pre', $arr['content']); - } - + var $validators = array( + array( + 'subject', + 'subject', + 'notEmpty', + false, + false, + 'trim,stripslashes' + ), + array( + 'content', + 'content', + 'notEmpty', + false, + false, + 'stripslashes' + ) + ); - if ($this->draft || $this->draft = draft_exists($this->id)) { - if (isset($arr['categories']) - && is_array($arr['categories']) && !in_array('draft', $arr['categories']) ) { - $arr['categories'][] = 'draft'; - } else { - $arr['categories'][] = 'draft'; - } + var $events = array( + 'save', + 'preview', + 'savecontinue' + ); - } + var $draft = false; - // unfiltered content (for editing) - $this->smarty->assign('post', $arr); - - if (THEME_LEGACY_MODE) { - theme_entry_filters($arr, $id); - } - - // content for preview - $this->smarty->assign('entry', $arr); - $this->smarty->assign('preview', true); - } - - function makePageTitle($title, $sep) { - global $lang, $panel; - if ($this->draft) { - $this->smarty->append( - 'warnings', - $lang['admin']['entry']['write']['msgs']['draft'] - ); - } - return "$title $sep {$lang['admin']['entry']['write']['head']}"; + function _makePreview($arr, $id = null) { + if (!$id) { + $arr ['subject'] = apply_filters('title_save_pre', $arr ['subject']); + $arr ['content'] = apply_filters('content_save_pre', $arr ['content']); } - function draft_class($string) { - return "$string draft"; - } - - function _getCatsFlags() { - - //$this->smarty->assign('saved_categories', entry_categories_format()); - $this->smarty->assign('saved_flags', entry_flags_get()); - - } - - function setup() { - - $this->id = @$_REQUEST['entry']; - $this->smarty->assign('id', $this->id); - - - } - - function main() { - - global $lang; - - $id = $this->id; - - if (isset($_REQUEST['entry'])) { - - $arr = draft_parse($id); - - if (!$arr) - $arr = entry_parse($id); - else - $this->smarty->assign('draft', true); - - // if entry does not exists - if ($arr) { - $this->_makePreview($arr, $id); - } - - } - - $this->_getCatsFlags(); - add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2); - if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class')); - - } - - function _getposteddata() { - - $arr['version'] = system_ver(); - $arr['subject'] = ($_POST['subject']); - $arr['content'] = ($_POST['content']); - $author = user_get(); - $arr['author'] = $author['userid']; - $arr['date'] = !empty($_POST['timestamp'])?$_POST['timestamp']:date_time(); - - - $cats = !empty($_POST['cats'])?$_POST['cats']:array(); - $flags = !empty($_POST['flags'])?$_POST['flags']:array(); - - $catids = array_merge(array_keys($flags), array_keys($cats)); - - $this->draft = isset($flags['draft']); - if ($catids) - $arr['categories'] = $catids; - - return $arr; - - } - - function onsave($do_preview = false) { - - $id = $this->id; - $data = $this->_getposteddata(); - - if ($this->draft) { - $success=draft_save($data, $id, true); - $this->smarty->assign('success', $success? 1 : -1 ); + if ($this->draft || $this->draft = draft_exists($this->id)) { + if (isset($arr ['categories']) && is_array($arr ['categories']) && !in_array('draft', $arr ['categories'])) { + $arr ['categories'] [] = 'draft'; } else { - $success=entry_save($data, $id); - $this->smarty->assign('success', is_numeric($success)? $success : 1 ); + $arr ['categories'] [] = 'draft'; } - - // if ($success) sess_remove('entry'); - - - if ($do_preview) - $this->_makePreview($data); - - if ($success<0) { - $this->main(); - return PANEL_NOREDIRECT; - } - - return 1; - } - - - function onpreview() { - global $lang; - - $this->_makePreview($this->_getposteddata()); - - - $this->_getCatsFlags(); - - add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2); - if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class')); - - return 0; - - - } - - function onsavecontinue() { - global $lang; - $this->onsave(true); - - $this->_getCatsFlags(); - - add_filter('wp_title', array(&$this, 'makePageTitle'), 10, 2); - if ($this->draft) add_filter('admin_body_class', array(&$this, 'draft_class')); - } - - - function onerror() { - $this->main(); - return 0; } + // unfiltered content (for editing) + $this->smarty->assign('post', $arr); + + if (THEME_LEGACY_MODE) { + theme_entry_filters($arr, $id); + } + + // content for preview + $this->smarty->assign('entry', $arr); + $this->smarty->assign('preview', true); } + function makePageTitle($title, $sep) { + global $lang, $panel; + if ($this->draft) { + $this->smarty->append('warnings', $lang ['admin'] ['entry'] ['write'] ['msgs'] ['draft']); + } + return "$title $sep {$lang['admin']['entry']['write']['head']}"; + } + + function draft_class($string) { + return "$string draft"; + } + + function _getCatsFlags() { + + // $this->smarty->assign('saved_categories', entry_categories_format()); + $this->smarty->assign('saved_flags', entry_flags_get()); + } + + function setup() { + $this->id = @$_REQUEST ['entry']; + $this->smarty->assign('id', $this->id); + } + + function main() { + global $lang; + + $id = $this->id; + + if (isset($_REQUEST ['entry'])) { + + $arr = draft_parse($id); + + if (!$arr) + $arr = entry_parse($id); + else + $this->smarty->assign('draft', true); + + // if entry does not exists + if ($arr) { + $this->_makePreview($arr, $id); + } + } + + $this->_getCatsFlags(); + add_filter('wp_title', array( + &$this, + 'makePageTitle' + ), 10, 2); + if ($this->draft) + add_filter('admin_body_class', array( + &$this, + 'draft_class' + )); + } + + function _getposteddata() { + $arr ['version'] = system_ver(); + $arr ['subject'] = ($_POST ['subject']); + $arr ['content'] = ($_POST ['content']); + $author = user_get(); + $arr ['author'] = $author ['userid']; + $arr ['date'] = !empty($_POST ['timestamp']) ? $_POST ['timestamp'] : date_time(); + + $cats = !empty($_POST ['cats']) ? $_POST ['cats'] : array(); + $flags = !empty($_POST ['flags']) ? $_POST ['flags'] : array(); + + $catids = array_merge(array_keys($flags), array_keys($cats)); + + $this->draft = isset($flags ['draft']); + if ($catids) + $arr ['categories'] = $catids; + + return $arr; + } + + function onsave($do_preview = false) { + $id = $this->id; + $data = $this->_getposteddata(); + + if ($this->draft) { + $success = draft_save($data, $id, true); + $this->smarty->assign('success', $success ? 1 : -1); + } else { + $success = entry_save($data, $id); + $this->smarty->assign('success', is_numeric($success) ? $success : 1); + } + + // if ($success) sess_remove('entry'); + + if ($do_preview) + $this->_makePreview($data); + + if ($success < 0) { + $this->main(); + return PANEL_NOREDIRECT; + } + + return 1; + } + + function onpreview() { + global $lang; + + $this->_makePreview($this->_getposteddata()); + + $this->_getCatsFlags(); + + add_filter('wp_title', array( + &$this, + 'makePageTitle' + ), 10, 2); + if ($this->draft) + add_filter('admin_body_class', array( + &$this, + 'draft_class' + )); + + return 0; + } + + function onsavecontinue() { + global $lang; + $this->onsave(true); + + $this->_getCatsFlags(); + + add_filter('wp_title', array( + &$this, + 'makePageTitle' + ), 10, 2); + if ($this->draft) + add_filter('admin_body_class', array( + &$this, + 'draft_class' + )); + } + + function onerror() { + $this->main(); + return 0; + } + +} + ?> diff --git a/fp-includes/core/core.users.php b/fp-includes/core/core.users.php index 032a95c..8405863 100755 --- a/fp-includes/core/core.users.php +++ b/fp-includes/core/core.users.php @@ -49,7 +49,8 @@ function user_login($userid, $pwd, $params = null) { if (password_verify($userid . $pwd, $user ['password'])) { $loggedin = true; } // - // for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5) + // If this didn't work, the passwords may have been created with FlatPress 1.1 or earlier. + // So we check the password the old-fashioned way (with wp_hash() which uses md5): elseif (wp_hash($userid . $pwd) == $user ['password']) { $loggedin = true; @@ -110,6 +111,13 @@ function user_loggedin() { return false; } +/** + * Returns the user information as associative array + * + * @param string $userid + * optional: The ID (shortname) of a specific user + * @return array the user information array + */ function user_get($userid = null) { if ($userid == null && ($user = user_loggedin())) { return $user; diff --git a/fp-includes/core/core.wp-functions.php b/fp-includes/core/core.wp-functions.php index ae851c5..f146f3a 100755 --- a/fp-includes/core/core.wp-functions.php +++ b/fp-includes/core/core.wp-functions.php @@ -1,76 +1,91 @@ '; - wp_referer_field(); + echo ''; + wp_referer_field(); } +/** + * Echoes a hidden input field containing the referrer + */ function wp_referer_field() { - $ref = wp_specialchars($_SERVER['REQUEST_URI']); - echo ''; - if ( wp_get_original_referer() ) { - $original_ref = wp_specialchars(stripslashes(wp_get_original_referer())); - echo ''; - } + $ref = wp_specialchars($_SERVER ['REQUEST_URI']); + echo ''; + if (wp_get_original_referer()) { + $original_ref = wp_specialchars(stripslashes(wp_get_original_referer())); + echo ''; + } } function wp_original_referer_field() { - echo ''; + echo ''; } function wp_get_referer() { - foreach ( array(@$_REQUEST['_wp_http_referer'],@$_SERVER['HTTP_REFERER']) as $ref ) - if ( !empty($ref) ) - return $ref; - return false; + foreach (array( + @$_REQUEST ['_wp_http_referer'], + @$_SERVER ['HTTP_REFERER'] + ) as $ref) + if (!empty($ref)) + return $ref; + return false; } function wp_get_original_referer() { - if ( !empty($_REQUEST['_wp_original_http_referer']) ) - return $_REQUEST['_wp_original_http_referer']; - return false; + if (!empty($_REQUEST ['_wp_original_http_referer'])) + return $_REQUEST ['_wp_original_http_referer']; + return false; } - - - - function add_magic_quotes($array) { foreach ($array as $k => $v) { if (is_array($v)) { - $array[$k] = add_magic_quotes($v); + $array [$k] = add_magic_quotes($v); } else { - $array[$k] = addslashes($v); + $array [$k] = addslashes($v); } } return $array; } -function wp_remote_fopen( $uri ) { - if ( ini_get('allow_url_fopen') ) { - $fp = fopen( $uri, 'r' ); - if ( !$fp ) +function wp_remote_fopen($uri) { + if (ini_get('allow_url_fopen')) { + $fp = fopen($uri, 'r'); + if (!$fp) return false; $linea = ''; - while( $remote_read = fread($fp, 4096) ) + while ($remote_read = fread($fp, 4096)) $linea .= $remote_read; fclose($fp); - return $linea; - } else if ( function_exists('curl_init') ) { + return $linea; + } else if (function_exists('curl_init')) { $handle = curl_init(); - curl_setopt ($handle, CURLOPT_URL, $uri); - curl_setopt ($handle, CURLOPT_CONNECTTIMEOUT, 1); - curl_setopt ($handle, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($handle, CURLOPT_URL, $uri); + curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 1); + curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1); $buffer = curl_exec($handle); curl_close($handle); return $buffer; } else { return false; - } + } } ?> \ No newline at end of file diff --git a/fp-includes/core/core.wp-pluggable-funcs.php b/fp-includes/core/core.wp-pluggable-funcs.php index 45941c1..7f0c4d3 100755 --- a/fp-includes/core/core.wp-pluggable-funcs.php +++ b/fp-includes/core/core.wp-pluggable-funcs.php @@ -331,7 +331,8 @@ if (!function_exists('wp_verify_nonce')) : $user = user_get(); $uid = $user ['userid']; - $i = ceil(time() / 43200); + // new nonce each 12 hours + $i = ceil(time() / (60 * 60 * 12)); // Allow for expanding range, but only do one check if we can if (substr(wp_hash($i . $action . $uid), -12, 10) == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce) @@ -342,11 +343,20 @@ endif; if (!function_exists('wp_create_nonce')) : + /** + * Creates and returns the valid nonce. + * + * @param int $action + * optional: the action + * @return string the nonce + */ function wp_create_nonce($action = -1) { + // get the info array of the user currenty logged in $user = user_get(); $uid = $user ['userid']; - $i = ceil(time() / 43200); + // new nonce each 12 hours + $i = ceil(time() / (60 * 60 * 12)); return substr(wp_hash($i . $action . $uid), -12, 10); } @@ -355,18 +365,20 @@ endif; if (!function_exists('wp_salt')) : /** + * Returns a salt for hashing.
+ * The salt is unique for each FlatPress installation; see fp-content/config/hashsalt.conf.php * - * @return NULL|unknown - * @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials + * @return string the salt */ function wp_salt() { global $fp_config; static $salt = null; if (!$salt) { + // get the salt from the hashsalt file @include (HASHSALT_FILE); - if (!$fp_hashsalt) + if (!$fp_hashsalt) { trigger_error('Cannot load hash salt: reinstall FlatPress', E_USER_ERROR); - + } $salt = $fp_hashsalt; } return $salt; @@ -376,10 +388,11 @@ endif; if (!function_exists('wp_hash')) : /** + * Creates a salted MD5 hash of the given string. * - * @param unknown $data - * @return string - * @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials + * @param string $data + * the string to hash + * @return string the hash */ function wp_hash($data) { $salt = wp_salt();