lib.dc.page.php @ 3619:1b4fdf28e548

Visit:

Revision 3619:1b4fdf28e548, 36.3 KB checked in by franck <carnet.franck.paul@…>, 8 years ago (diff)
Add Referrer-Policy header in admin pages (thanks Nicolas Hoffmann → https://openweb.eu.org/articles/referrer-policy)

Rev	Line
[0]	1	<?php
	2	# -- BEGIN LICENSE BLOCK ---------------------------------------
	3	#
	4	# This file is part of Dotclear 2.
	5	#
[1179]	6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
[0]	7	# Licensed under the GPL version 2.0 license.
	8	# See LICENSE file or
	9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
	10	#
	11	# -- END LICENSE BLOCK -----------------------------------------
	12	if (!defined('DC_RC_PATH')) { return; }
	13
	14	define('DC_AUTH_PAGE','auth.php');
	15
	16	class dcPage
	17	{
[2503]	18	private static $loaded_js = array();
[3021]	19	private static $loaded_css = array();
[2909]	20	private static $xframe_loaded = false;
[2328]	21	private static $N_TYPES = array(
[2503]	22	"success" => "success",
	23	"warning" => "warning-msg",
	24	"error" => "error",
	25	"message" => "message",
[2328]	26	"static" => "static-msg");
[342]	27
[0]	28	# Auth check
	29	public static function check($permissions)
	30	{
	31	global $core;
[1187]	32
[2503]	33	if ($core->blog && $core->auth->check($permissions,$core->blog->id)) {
[0]	34	return;
	35	}
[1187]	36
[0]	37	if (session_id()) {
	38	$core->session->destroy();
	39	}
	40	http::redirect(DC_AUTH_PAGE);
	41	}
[1187]	42
[0]	43	# Check super admin
	44	public static function checkSuper()
	45	{
	46	global $core;
[1187]	47
[0]	48	if (!$core->auth->isSuperAdmin())
	49	{
	50	if (session_id()) {
	51	$core->session->destroy();
	52	}
	53	http::redirect(DC_AUTH_PAGE);
	54	}
	55	}
[1187]	56
[0]	57	# Top of admin page
[2907]	58	public static function open($title='',$head='',$breadcrumb='',$options=array())
[0]	59	{
	60	global $core;
[1144]	61
[0]	62	# List of user's blogs
[2159]	63	if ($core->auth->getBlogCount() == 1 \|\| $core->auth->getBlogCount() > 20)
[0]	64	{
	65	$blog_box =
[999]	66	'<p>'.__('Blog:').' <strong title="'.html::escapeHTML($core->blog->url).'">'.
[0]	67	html::escapeHTML($core->blog->name).'</strong>';
[1187]	68
[2159]	69	if ($core->auth->getBlogCount() > 20) {
[2720]	70	$blog_box .= ' - <a href="'.$core->adminurl->get("admin.blogs").'">'.__('Change blog').'</a>';
[0]	71	}
[999]	72	$blog_box .= '</p>';
[0]	73	}
	74	else
	75	{
	76	$rs_blogs = $core->getBlogs(array('order'=>'LOWER(blog_name)','limit'=>20));
	77	$blogs = array();
	78	while ($rs_blogs->fetch()) {
	79	$blogs[html::escapeHTML($rs_blogs->blog_name.' - '.$rs_blogs->blog_url)] = $rs_blogs->blog_id;
	80	}
	81	$blog_box =
[2005]	82	'<p><label for="switchblog" class="classic">'.
[1309]	83	__('Blogs:').'</label> '.
[0]	84	$core->formNonce().
[454]	85	form::combo('switchblog',$blogs,$core->blog->id).
[2005]	86	'<input type="submit" value="'.__('ok').'" class="hidden-if-js" /></p>';
[0]	87	}
[1187]	88
[36]	89	$safe_mode = isset($_SESSION['sess_safe_mode']) && $_SESSION['sess_safe_mode'];
[1187]	90
[0]	91	# Display
[3292]	92	$headers = new ArrayObject(array());
[2792]	93
[3279]	94	# Content-Type
	95	$headers['content-type'] = 'Content-Type: text/html; charset=UTF-8';
	96
[3619]	97	# Referrer Policy for admin pages
	98	$headers['referrer'] = 'Referrer-Policy: strict-origin';
	99
[3279]	100	# Prevents Clickjacking as far as possible
[2907]	101	if (isset($options['x-frame-allow'])) {
[3279]	102	self::setXFrameOptions($headers,$options['x-frame-allow']);
[2907]	103	} else {
[3279]	104	self::setXFrameOptions($headers);
[2907]	105	}
[3276]	106
[3492]	107	# Content-Security-Policy (only if safe mode if not active, it may help)
	108	if (!$safe_mode && $core->blog->settings->system->csp_admin_on) {
[3292]	109	// Get directives from settings if exist, else set defaults
	110	$csp = new ArrayObject(array());
[3432]	111
	112	// SQlite Clearbricks driver does not allow using single quote at beginning or end of a field value
	113	// so we have to use neutral values (localhost and 127.0.0.1) for some CSP directives
	114	$csp_prefix = $core->con->driver() == 'sqlite' ? 'localhost ' : ''; // Hack for SQlite Clearbricks driver
	115	$csp_suffix = $core->con->driver() == 'sqlite' ? ' 127.0.0.1' : ''; // Hack for SQlite Clearbricks driver
	116
	117	$csp['default-src'] = $core->blog->settings->system->csp_admin_default ?:
	118	$csp_prefix."'self'".$csp_suffix;
	119	$csp['script-src'] = $core->blog->settings->system->csp_admin_script ?:
	120	$csp_prefix."'self' 'unsafe-inline' 'unsafe-eval'".$csp_suffix;
	121	$csp['style-src'] = $core->blog->settings->system->csp_admin_style ?:
	122	$csp_prefix."'self' 'unsafe-inline'".$csp_suffix;
	123	$csp['img-src'] = $core->blog->settings->system->csp_admin_img ?:
	124	$csp_prefix."'self' data: media.dotaddict.org blob:";
[3292]	125
[3307]	126	# Cope with blog post preview (via public URL in iframe)
	127	if (!is_null($core->blog->host)) {
	128	$csp['default-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST);
[3509]	129	$csp['script-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST);
	130	$csp['style-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST);
[3307]	131	}
	132	# Cope with media display in media manager (via public URL)
	133	if (!is_null($core->media)) {
	134	$csp['img-src'] .= ' '.parse_url($core->media->root_url,PHP_URL_HOST);
	135	}
[3319]	136	# Allow everything in iframe (used by editors to preview public content)
	137	$csp['child-src'] = "*";
[3307]	138
[3292]	139	# --BEHAVIOR-- adminPageHTTPHeaderCSP
	140	$core->callBehavior('adminPageHTTPHeaderCSP',$csp);
	141
	142	// Construct CSP header
	143	$directives = array();
	144	foreach ($csp as $key => $value) {
	145	if ($value) {
	146	$directives[] = $key.' '.$value;
	147	}
	148	}
	149	if (count($directives)) {
	150	if (version_compare(phpversion(),'5.4','>=')) {
	151	// csp_report.php needs PHP ≥ 5.4
	152	$directives[] = "report-uri ".DC_ADMIN_URL."csp_report.php";
	153	}
[3326]	154	$report_only = ($core->blog->settings->system->csp_admin_report_only) ? '-Report-Only' : '';
	155	$headers['csp'] = "Content-Security-Policy".$report_only.": ".implode(" ; ",$directives);
[3292]	156	}
[3291]	157	}
[3279]	158
	159	# --BEHAVIOR-- adminPageHTTPHeaders
	160	$core->callBehavior('adminPageHTTPHeaders',$headers);
	161	foreach ($headers as $key => $value) {
	162	header($value);
	163	}
[3276]	164
[0]	165	echo
[2760]	166	'<!DOCTYPE html>'.
	167	'<html lang="'.$core->auth->getInfo('user_lang').'">'."\n".
[0]	168	"<head>\n".
[2760]	169	' <meta charset="UTF-8" />'."\n".
[0]	170	' <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />'."\n".
	171	' <meta name="GOOGLEBOT" content="NOSNIPPET" />'."\n".
[1310]	172	' <meta name="viewport" content="width=device-width, initial-scale=1.0" />'."\n".
[489]	173	' <title>'.$title.' - '.html::escapeHTML($core->blog->name).' - '.html::escapeHTML(DC_VENDOR_NAME).' - '.DC_VERSION.'</title>'."\n".
[1187]	174
	175
[3021]	176	self::cssLoad('style/default.css');
[0]	177	if (l10n::getTextDirection($GLOBALS['_lang']) == 'rtl') {
[3021]	178	echo self::cssLoad('style/default-rtl.css');
[0]	179	}
[237]	180
[244]	181	$core->auth->user_prefs->addWorkspace('interface');
	182	$user_ui_hide_std_favicon = $core->auth->user_prefs->interface->hide_std_favicon;
	183	if (!$user_ui_hide_std_favicon) {
[2503]	184	echo
[3021]	185	'<link rel="icon" type="image/png" href="images/favicon96-login.png" />'."\n".
	186	'<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />'."\n";
[244]	187	}
[3408]	188
	189	if ($core->auth->user_prefs->interface->htmlfontsize) {
	190	echo
	191	'<script type="text/javascript">'."\n".
[3421]	192	self::jsVar('dotclear_htmlFontSize',$core->auth->user_prefs->interface->htmlfontsize)."\n".
[3408]	193	"</script>\n";
	194	}
	195
[0]	196	echo
	197	self::jsCommon().
[1699]	198	self::jsToggles().
[0]	199	$head;
[1187]	200
[3398]	201	if ($core->auth->user_prefs->interface->hidemoreinfo) {
	202	echo
	203	'<script type="text/javascript">'."\n".
[3421]	204	'dotclear.hideMoreInfo = true;'."\n".
[3398]	205	"</script>\n";
	206	}
	207
[0]	208	# --BEHAVIOR-- adminPageHTMLHead
	209	$core->callBehavior('adminPageHTMLHead');
[1187]	210
[0]	211	echo
	212	"</head>\n".
[36]	213	'<body id="dotclear-admin'.
[3499]	214	($safe_mode ? ' safe-mode' : '').'" class="no-js'.
	215	($core->auth->user_prefs->interface->dynfontsize ? ' responsive-font' : '').'">'."\n".
[1187]	216
[1590]	217	'<ul id="prelude">'.
	218	'<li><a href="#content">'.__('Go to the content').'</a></li>'.
	219	'<li><a href="#main-menu">'.__('Go to the menu').'</a></li>'.
	220	'<li><a href="#qx">'.__('Go to search').'</a></li>'.
[2304]	221	'<li><a href="#help">'.__('Go to help').'</a></li>'.
[1590]	222	'</ul>'."\n".
[2784]	223	'<div id="header" role="banner">'.
[2720]	224	'<h1><a href="'.$core->adminurl->get("admin.home").'"><span class="hidden">'.DC_VENDOR_NAME.'</span></a></h1>'."\n";
[1187]	225
[0]	226	echo
[2720]	227	'<form action="'.$core->adminurl->get("admin.home").'" method="post" id="top-info-blog">'.
[0]	228	$blog_box.
[2225]	229	'<p><a href="'.$core->blog->url.'" class="outgoing" title="'.__('Go to site').
	230	'">'.__('Go to site').'<img src="images/outgoing.png" alt="" /></a>'.
[999]	231	'</p></form>'.
[2005]	232	'<ul id="top-info-user">'.
[2817]	233	'<li><a class="'.(preg_match('/'.preg_quote($core->adminurl->get('admin.home')).'$/',$_SERVER['REQUEST_URI']) ? ' active' : '').'" href="'.$core->adminurl->get("admin.home").'">'.__('My dashboard').'</a></li>'.
	234	'<li><a class="smallscreen'.(preg_match('/'.preg_quote($core->adminurl->get('admin.user.preferences')).'(\?.*)?$/',$_SERVER['REQUEST_URI']) ? ' active' : '').
[2720]	235	'" href="'.$core->adminurl->get("admin.user.preferences").'">'.__('My preferences').'</a></li>'.
	236	'<li><a href="'.$core->adminurl->get("admin.home",array('logout' => 1)).'" class="logout"><span class="nomobile">'.sprintf(__('Logout %s'),$core->auth->userID()).
[2034]	237	'</span><img src="images/logout.png" alt="" /></a></li>'.
[2005]	238	'</ul>'.
	239	'</div>'; // end header
[1187]	240
[0]	241	echo
[1741]	242	'<div id="wrapper" class="clearfix">'."\n".
[3445]	243	'<div class="hidden-if-no-js collapser-box"><button type="button" id="collapser" class="void-btn">'.
[3355]	244	'<img class="collapse-mm visually-hidden" src="images/collapser-hide.png" alt="'.__('Hide main menu').'" />'.
	245	'<img class="expand-mm visually-hidden" src="images/collapser-show.png" alt="'.__('Show main menu').'" />'.
[3434]	246	'</button></div>'.
[2784]	247	'<div id="main" role="main">'."\n".
[1741]	248	'<div id="content" class="clearfix">'."\n";
[1187]	249
[36]	250	# Safe mode
	251	if ($safe_mode)
[0]	252	{
	253	echo
[2787]	254	'<div class="warning" role="alert"><h3>'.__('Safe mode').'</h3>'.
[37]	255	'<p>'.__('You are in safe mode. All plugins have been temporarily disabled. Remind to log out then log in again normally to get back all functionalities').'</p>'.
[0]	256	'</div>';
	257	}
[1187]	258
[3076]	259	// Display breadcrumb (if given) before any error messages
[1357]	260	echo $breadcrumb;
[1355]	261
[3076]	262	// Display notices and errors
[2199]	263	echo self::notices();
	264	}
	265
	266	public static function notices()
	267	{
[3076]	268	global $core;
	269	static $error_displayed = false;
[3457]	270
[3076]	271	$res = '';
	272
	273	// return error messages if any
	274	if ($core->error->flag() && !$error_displayed) {
[3457]	275
	276	# --BEHAVIOR-- adminPageNotificationError
[3459]	277	$notice_error = $core->callBehavior('adminPageNotificationError',$core,$core->error);
[3457]	278
[3458]	279	if (isset($notice_error) && !empty($notice_error)) {
[3457]	280	$res .= $notice_error;
	281	} else {
	282	$res .= '<div class="error"><p>'.
	283	'<strong>'.(count($core->error->getErrors()) > 1 ? __('Errors:') : __('Error:')).'</strong>'.
	284	'</p>'.$core->error->toHTML().'</div>';
	285	}
[3076]	286	$error_displayed = true;
	287	}
	288
[2199]	289	// return notices if any
[2181]	290	if (isset($_SESSION['notifications'])) {
[2328]	291	foreach ($_SESSION['notifications'] as $notification) {
[3457]	292
	293	# --BEHAVIOR-- adminPageNotification
[3459]	294	$notice = $core->callBehavior('adminPageNotification',$core,$notification);
[3457]	295
[3458]	296	$res .= (isset($notice) && !empty($notice) ? $notice : self::getNotification($notification));
[2181]	297	}
	298	unset($_SESSION['notifications']);
	299	}
[2199]	300	return $res;
[0]	301	}
[2191]	302
[2328]	303	public static function addNotice($type,$message,$options=array())
[2191]	304	{
[2328]	305	if (isset(self::$N_TYPES[$type])){
	306	$class = self::$N_TYPES[$type];
	307	} else {
	308	$class=$type;
	309	}
	310	if (isset($_SESSION['notifications']) && is_array($_SESSION['notifications'])) {
	311	$notifications = $_SESSION['notifications'];
	312	} else {
	313	$notifications = array();
	314	}
[2503]	315
[2328]	316	$n = array_merge($options,array('class' => $class,'ts' => time(), 'text' => $message));
	317	if ($type != "static") {
	318	$notifications[] = $n;
	319	} else {
	320	array_unshift($notifications, $n);
	321	}
	322	$_SESSION['notifications'] = $notifications;
[2181]	323	}
[2191]	324
[2328]	325	public static function addSuccessNotice($message,$options=array())
[2191]	326	{
[2328]	327	self::addNotice("success",$message,$options);
[2181]	328	}
[2191]	329
[2328]	330	public static function addWarningNotice($message,$options=array())
[2191]	331	{
[2328]	332	self::addNotice("warning",$message,$options);
[2181]	333	}
[2191]	334
[2328]	335	public static function addErrorNotice($message,$options=array())
[2191]	336	{
[2328]	337	self::addNotice("error",$message,$options);
[2191]	338	}
	339
[2328]	340	protected static function getNotification($n)
[2191]	341	{
[2181]	342	global $core;
[3340]	343	$tag = (isset($n['divtag']) && $n['divtag']) ? 'div' : 'p';
[2328]	344	$ts = '';
	345	if (!isset($n['with_ts']) \|\| ($n['with_ts'] == true)) {
	346	$ts = dt::str(__('[%H:%M:%S]'),$n['ts'],$core->auth->getInfo('user_tz')).' ';
	347	}
[2787]	348	$res = '<'.$tag.' class="'.$n['class'].'" role="alert">'.$ts.$n['text'].'</'.$tag.'>';
[2191]	349	return $res;
[2181]	350	}
[2191]	351
[0]	352	public static function close()
	353	{
[942]	354	global $core;
	355
[1933]	356	if (!$GLOBALS['__resources']['ctxhelp']) {
[3566]	357	if (!$core->auth->user_prefs->interface->hidehelpbutton) {
	358	echo
	359	'<p id="help-button"><a href="'.$core->adminurl->get("admin.help").'" class="outgoing" title="'.
	360	__('Global help').'">'.__('Global help').'</a></p>';
	361	}
[1933]	362	}
	363
[0]	364	$menu =& $GLOBALS['_menu'];
[1187]	365
[0]	366	echo
	367	"</div>\n". // End of #content
	368	"</div>\n". // End of #main
[1187]	369
[2784]	370	'<div id="main-menu" role="navigation">'."\n".
[1311]	371
[2769]	372	'<form id="search-menu" action="'.$core->adminurl->get("admin.search").'" method="get" role="search">'.
[1589]	373	'<p><label for="qx" class="hidden">'.__('Search:').' </label>'.form::field('qx',30,255,'').
[1311]	374	'<input type="submit" value="'.__('OK').'" /></p>'.
	375	'</form>';
[1187]	376
[0]	377	foreach ($menu as $k => $v) {
	378	echo $menu[$k]->draw();
	379	}
[1187]	380
[1140]	381	$text = sprintf(__('Thank you for using %s.'),'Dotclear '.DC_VERSION);
[942]	382
	383	# --BEHAVIOR-- adminPageFooter
[946]	384	$textAlt = $core->callBehavior('adminPageFooter',$core,$text);
[1140]	385	if ($textAlt != '') {
	386	$text = $textAlt;
	387	}
[1142]	388	$text = html::escapeHTML($text);
[942]	389
[0]	390	echo
	391	'</div>'."\n". // End of #main-menu
[1946]	392	"</div>\n"; // End of #wrapper
[1861]	393
[3294]	394	echo '<p id="gototop"><a href="#wrapper">'.__('Page top').'</a></p>'."\n";
	395
[3060]	396	$figure = "
[3224]	397	/\_/\
	398	(='.'=)
[3454]	399	(\")-(\")";
[3060]	400
[1946]	401	echo
[2784]	402	'<div id="footer" role="contentinfo">'.
[2296]	403	'<a href="http://dotclear.org/" title="'.$text.'">'.
	404	'<img src="style/dc_logos/w-dotclear90.png" alt="'.$text.'" /></a></div>'."\n".
[2796]	405	"<!-- "."\n".
[3060]	406	$figure.
[2796]	407	" -->"."\n";
[1187]	408
[3294]	409
	410
[0]	411	if (defined('DC_DEV') && DC_DEV === true) {
	412	echo self::debugInfo();
	413	}
[1187]	414
[0]	415	echo
	416	'</body></html>';
	417	}
[1187]	418
[1358]	419	public static function openPopup($title='',$head='',$breadcrumb='')
[0]	420	{
	421	global $core;
[1187]	422
[0]	423	# Display
	424	header('Content-Type: text/html; charset=UTF-8');
[2792]	425
[3619]	426	# Referrer Policy for admin pages
	427	header('Referrer-Policy: strict-origin');
	428
	429	# Prevents Clickjacking as far as possible
[2792]	430	header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
	431
[0]	432	echo
[2760]	433	'<!DOCTYPE html>'.
	434	'<html lang="'.$core->auth->getInfo('user_lang').'">'."\n".
[0]	435	"<head>\n".
[2760]	436	' <meta charset="UTF-8" />'."\n".
[2513]	437	' <meta name="viewport" content="width=device-width, initial-scale=1.0" />'."\n".
[0]	438	' <title>'.$title.' - '.html::escapeHTML($core->blog->name).' - '.html::escapeHTML(DC_VENDOR_NAME).' - '.DC_VERSION.'</title>'."\n".
[1187]	439
[0]	440	' <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />'."\n".
	441	' <meta name="GOOGLEBOT" content="NOSNIPPET" />'."\n".
[1187]	442
[3021]	443	self::cssLoad('style/default.css');
[0]	444	if (l10n::getTextDirection($GLOBALS['_lang']) == 'rtl') {
[3021]	445	echo self::cssLoad('style/default-rtl.css');
[0]	446	}
[1187]	447
[3408]	448	$core->auth->user_prefs->addWorkspace('interface');
	449	if ($core->auth->user_prefs->interface->htmlfontsize) {
	450	echo
	451	'<script type="text/javascript">'."\n".
[3421]	452	self::jsVar('dotclear_htmlFontSize',$core->auth->user_prefs->interface->htmlfontsize)."\n".
[3408]	453	"</script>\n";
	454	}
	455
[0]	456	echo
	457	self::jsCommon().
[1699]	458	self::jsToggles().
[0]	459	$head;
[1187]	460
[3398]	461	if ($core->auth->user_prefs->interface->hidemoreinfo) {
	462	echo
	463	'<script type="text/javascript">'."\n".
[3421]	464	'dotclear.hideMoreInfo = true;'."\n".
[3398]	465	"</script>\n";
	466	}
	467
[0]	468	# --BEHAVIOR-- adminPageHTMLHead
	469	$core->callBehavior('adminPageHTMLHead');
[1187]	470
[0]	471	echo
	472	"</head>\n".
[3499]	473	'<body id="dotclear-admin" class="popup'.
	474	($core->auth->user_prefs->interface->dynfontsize ? ' responsive-font' : '').'">'."\n".
[1187]	475
[2046]	476	'<h1>'.DC_VENDOR_NAME.'</h1>'."\n";
[1187]	477
[0]	478	echo
	479	'<div id="wrapper">'."\n".
[2784]	480	'<div id="main" role="main">'."\n".
[0]	481	'<div id="content">'."\n";
[1187]	482
[1358]	483	// display breadcrumb if given
	484	echo $breadcrumb;
	485
[3076]	486	// Display notices and errors
	487	echo self::notices();
[0]	488	}
[1187]	489
[0]	490	public static function closePopup()
	491	{
	492	echo
	493	"</div>\n". // End of #content
	494	"</div>\n". // End of #main
[2046]	495	"</div>\n". // End of #wrapper
[3294]	496
	497	'<p id="gototop"><a href="#wrapper">'.__('Page top').'</a></p>'."\n".
	498
[2784]	499	'<div id="footer" role="contentinfo"><p> </p></div>'."\n".
[0]	500	'</body></html>';
	501	}
[907]	502
[2166]	503	public static function breadcrumb($elements=null,$options=array())
[1328]	504	{
[2720]	505	global $core;
[3340]	506	$with_home_link = isset($options['home_link']) ? $options['home_link'] : true;
	507	$hl = isset($options['hl']) ? $options['hl'] : true;
	508	$hl_pos = isset($options['hl_pos']) ? $options['hl_pos'] : -1;
[1328]	509	// First item of array elements should be blog's name, System or Plugins
[1340]	510	$res = '<h2>'.($with_home_link ?
[2720]	511	'<a class="go_home" href="'.$core->adminurl->get("admin.home").'"><img src="style/dashboard.png" alt="'.__('Go to dashboard').'" /></a>' :
[1340]	512	'<img src="style/dashboard-alt.png" alt="" />');
[1328]	513	$index = 0;
[2167]	514	if ($hl_pos < 0) {
	515	$hl_pos = count($elements)+$hl_pos;
[2166]	516	}
[1328]	517	foreach ($elements as $element => $url) {
[2167]	518	if ($hl && $index == $hl_pos) {
[2166]	519	$element = sprintf('<span class="page-title">%s</span>',$element);
	520	}
[1358]	521	$res .= ($with_home_link ? ($index == 1 ? ' : ' : ' &rsaquo; ') : ($index == 0 ? ' ' : ' &rsaquo; ')).
	522	($url ? '<a href="'.$url.'">' : '').$element.($url ? '</a>' : '');
[1328]	523	$index++;
	524	}
	525	$res .= '</h2>';
	526	return $res;
	527	}
	528
[1548]	529	public static function message($msg,$timestamp=true,$div=false,$echo=true,$class='message')
[907]	530	{
[910]	531	global $core;
[1187]	532
[907]	533	$res = '';
	534	if ($msg != '') {
[1548]	535	$res = ($div ? '<div class="'.$class.'">' : '').'<p'.($div ? '' : ' class="'.$class.'"').'>'.
[2191]	536	($timestamp ? dt::str(__('[%H:%M:%S]'),null,$core->auth->getInfo('user_tz')).' ' : '').$msg.
[1161]	537	'</p>'.($div ? '</div>' : '');
[907]	538	if ($echo) {
	539	echo $res;
	540	}
	541	}
	542	return $res;
	543	}
[1187]	544
[1548]	545	public static function success($msg,$timestamp=true,$div=false,$echo=true)
	546	{
[1927]	547	return self::message($msg,$timestamp,$div,$echo,"success");
[1548]	548	}
	549
[1725]	550	public static function warning($msg,$timestamp=true,$div=false,$echo=true)
	551	{
[1927]	552	return self::message($msg,$timestamp,$div,$echo,"warning-msg");
[1725]	553	}
	554
[0]	555	private static function debugInfo()
	556	{
	557	$global_vars = implode(', ',array_keys($GLOBALS));
[1187]	558
[0]	559	$res =
	560	'<div id="debug"><div>'.
	561	'<p>memory usage: '.memory_get_usage().' ('.files::size(memory_get_usage()).')</p>';
[1187]	562
[0]	563	if (function_exists('xdebug_get_profiler_filename'))
	564	{
	565	$res .= '<p>Elapsed time: '.xdebug_time_index().' seconds</p>';
[1187]	566
[0]	567	$prof_file = xdebug_get_profiler_filename();
	568	if ($prof_file) {
	569	$res .= '<p>Profiler file : '.xdebug_get_profiler_filename().'</p>';
	570	} else {
	571	$prof_url = http::getSelfURI();
[321]	572	$prof_url .= (strpos($prof_url,'?') === false) ? '?' : '&';
[0]	573	$prof_url .= 'XDEBUG_PROFILE';
[321]	574	$res .= '<p><a href="'.html::escapeURL($prof_url).'">Trigger profiler</a></p>';
[0]	575	}
[1187]	576
[0]	577	/* xdebug configuration:
	578	zend_extension = /.../xdebug.so
	579	xdebug.auto_trace = On
	580	xdebug.trace_format = 0
	581	xdebug.trace_options = 1
	582	xdebug.show_mem_delta = On
	583	xdebug.profiler_enable = 0
	584	xdebug.profiler_enable_trigger = 1
	585	xdebug.profiler_output_dir = /tmp
	586	xdebug.profiler_append = 0
	587	xdebug.profiler_output_name = timestamp
	588	*/
	589	}
[1187]	590
[0]	591	$res .=
	592	'<p>Global vars: '.$global_vars.'</p>'.
	593	'</div></div>';
[1187]	594
[0]	595	return $res;
	596	}
[1187]	597
[0]	598	public static function help($page,$index='')
	599	{
	600	# Deprecated but we keep this for plugins.
	601	}
[1187]	602
[0]	603	public static function helpBlock()
	604	{
[2720]	605	global $core;
[3566]	606
	607	if ($core->auth->user_prefs->interface->hidehelpbutton) {
	608	return;
	609	}
	610
[0]	611	$args = func_get_args();
[1458]	612	$args = new ArrayObject($args);
	613
	614	# --BEHAVIOR-- adminPageHelpBlock
	615	$GLOBALS['core']->callBehavior('adminPageHelpBlock',$args);
	616
[0]	617	if (empty($args)) {
	618	return;
	619	};
[1187]	620
[0]	621	global $__resources;
	622	if (empty($__resources['help'])) {
	623	return;
	624	}
[1187]	625
[0]	626	$content = '';
	627	foreach ($args as $v)
	628	{
	629	if (is_object($v) && isset($v->content)) {
	630	$content .= $v->content;
	631	continue;
	632	}
[1187]	633
[0]	634	if (!isset($__resources['help'][$v])) {
	635	continue;
	636	}
	637	$f = $__resources['help'][$v];
	638	if (!file_exists($f) \|\| !is_readable($f)) {
	639	continue;
	640	}
[1187]	641
[0]	642	$fc = file_get_contents($f);
	643	if (preg_match('\|<body[^>]?>(.?)</body>\|ms',$fc,$matches)) {
	644	$content .= $matches[1];
	645	} else {
	646	$content .= $fc;
	647	}
	648	}
[1187]	649
[0]	650	if (trim($content) == '') {
	651	return;
	652	}
[1187]	653
[1933]	654	// Set contextual help global flag
	655	$GLOBALS['__resources']['ctxhelp'] = true;
	656
[0]	657	echo
[1573]	658	'<div id="help"><hr /><div class="help-content clear"><h3>'.__('Help about this page').'</h3>'.
[0]	659	$content.
[494]	660	'</div>'.
	661	'<div id="helplink"><hr />'.
	662	'<p>'.
[2720]	663	sprintf(__('See also %s'),sprintf('<a href="'.$core->adminurl->get("admin.help").'">%s</a>',__('the global help'))).
[2011]	664	'.</p>'.
[0]	665	'</div></div>';
	666	}
[1187]	667
[3086]	668	public static function cssLoad($src,$media='screen',$v='')
[3021]	669	{
	670	$escaped_src = html::escapeHTML($src);
	671	if (!isset(self::$loaded_css[$escaped_src])) {
	672	self::$loaded_css[$escaped_src] = true;
[3086]	673	$escaped_src = self::appendVersion($escaped_src,$v);
[3021]	674
	675	return '<link rel="stylesheet" href="'.$escaped_src.'" type="text/css" media="'.$media.'" />'."\n";
	676	}
	677	}
	678
[3086]	679	public static function jsLoad($src,$v='')
[0]	680	{
[342]	681	$escaped_src = html::escapeHTML($src);
	682	if (!isset(self::$loaded_js[$escaped_src])) {
[3020]	683	self::$loaded_js[$escaped_src] = true;
[3086]	684	$escaped_src = self::appendVersion($escaped_src,$v);
[342]	685	return '<script type="text/javascript" src="'.$escaped_src.'"></script>'."\n";
	686	}
[0]	687	}
[1187]	688
[3086]	689	private static function appendVersion($src,$v='')
[3021]	690	{
[3129]	691	$src .= (strpos($src,'?') === false ? '?' : '&').'v=';
[3021]	692	if (defined('DC_DEV') && DC_DEV === true) {
	693	$src .= md5(uniqid());
	694	} else {
[3086]	695	$src .= ($v === '' ? DC_VERSION : $v);
[3021]	696	}
	697	return $src;
	698	}
	699
[0]	700	public static function jsVar($n,$v)
	701	{
	702	return $n." = '".html::escapeJS($v)."';\n";
	703	}
[1187]	704
[1699]	705	public static function jsToggles()
	706	{
	707	if($GLOBALS['core']->auth->user_prefs->toggles) {
	708	$unfolded_sections = explode(',',$GLOBALS['core']->auth->user_prefs->toggles->unfolded_sections);
	709	foreach ($unfolded_sections as $k=>&$v) {
	710	if ($v == '') {
	711	unset($unfolded_sections[$k]);
	712	} else {
	713	$v = "'".html::escapeJS($v)."':true";
	714	}
	715	}
	716	} else {
	717	$unfolded_sections=array();
	718	}
	719	return '<script type="text/javascript">'."\n".
[3421]	720	'dotclear.unfolded_sections = {'.join(",",$unfolded_sections)."};\n".
[1699]	721	"</script>\n";
	722	}
[2503]	723
[0]	724	public static function jsCommon()
	725	{
[1771]	726	$mute_or_no = '';
[1841]	727	if (empty($GLOBALS['core']->blog) \|\| $GLOBALS['core']->blog->settings->system->jquery_migrate_mute) {
[1771]	728	$mute_or_no .=
	729	'<script type="text/javascript">'."\n".
[3421]	730	'jQuery.migrateMute = true;'."\n".
[1771]	731	"</script>\n";
	732	}
	733
[0]	734	return
	735	self::jsLoad('js/jquery/jquery.js').
[1771]	736	$mute_or_no.
[3178]	737	self::jsLoad('js/jquery/jquery-migrate.js').
[0]	738	self::jsLoad('js/jquery/jquery.biscuit.js').
	739	self::jsLoad('js/jquery/jquery.bgFade.js').
	740	self::jsLoad('js/common.js').
[447]	741	self::jsLoad('js/prelude.js').
[1187]	742
[0]	743	'<script type="text/javascript">'."\n".
[2614]	744	'jsToolBar = {}, jsToolBar.prototype = { elements : {} };'."\n".
[3460]	745
[0]	746	self::jsVar('dotclear.nonce',$GLOBALS['core']->getNonce()).
[3460]	747
[1019]	748	self::jsVar('dotclear.img_plus_src','images/expand.png').
[0]	749	self::jsVar('dotclear.img_plus_alt',__('uncover')).
[1019]	750	self::jsVar('dotclear.img_minus_src','images/hide.png').
[0]	751	self::jsVar('dotclear.img_minus_alt',__('hide')).
	752	self::jsVar('dotclear.img_menu_on','images/menu_on.png').
	753	self::jsVar('dotclear.img_menu_off','images/menu_off.png').
[2503]	754
[2195]	755	self::jsVar('dotclear.img_plus_theme_src','images/plus-theme.png').
	756	self::jsVar('dotclear.img_plus_theme_alt',__('uncover')).
	757	self::jsVar('dotclear.img_minus_theme_src','images/minus-theme.png').
	758	self::jsVar('dotclear.img_minus_theme_alt',__('hide')).
[1187]	759
[0]	760	self::jsVar('dotclear.msg.help',
[1933]	761	__('Need help?')).
[2225]	762	self::jsVar('dotclear.msg.new_window',
	763	__('new window')).
[1302]	764	self::jsVar('dotclear.msg.help_hide',
	765	__('Hide')).
[1556]	766	self::jsVar('dotclear.msg.to_select',
	767	__('Select:')).
[0]	768	self::jsVar('dotclear.msg.no_selection',
	769	__('no selection')).
	770	self::jsVar('dotclear.msg.select_all',
	771	__('select all')).
	772	self::jsVar('dotclear.msg.invert_sel',
[1556]	773	__('Invert selection')).
[0]	774	self::jsVar('dotclear.msg.website',
	775	__('Web site:')).
	776	self::jsVar('dotclear.msg.email',
	777	__('Email:')).
	778	self::jsVar('dotclear.msg.ip_address',
	779	__('IP address:')).
	780	self::jsVar('dotclear.msg.error',
	781	__('Error:')).
	782	self::jsVar('dotclear.msg.entry_created',
	783	__('Entry has been successfully created.')).
	784	self::jsVar('dotclear.msg.edit_entry',
	785	__('Edit entry')).
	786	self::jsVar('dotclear.msg.view_entry',
	787	__('view entry')).
	788	self::jsVar('dotclear.msg.confirm_delete_posts',
	789	__("Are you sure you want to delete selected entries (%s)?")).
[2202]	790	self::jsVar('dotclear.msg.confirm_delete_medias',
	791	__("Are you sure you want to delete selected medias (%d)?")).
[1525]	792	self::jsVar('dotclear.msg.confirm_delete_categories',
	793	__("Are you sure you want to delete selected categories (%s)?")).
[0]	794	self::jsVar('dotclear.msg.confirm_delete_post',
	795	__("Are you sure you want to delete this entry?")).
[1395]	796	self::jsVar('dotclear.msg.click_to_unlock',
[1450]	797	__("Click here to unlock the field")).
[1049]	798	self::jsVar('dotclear.msg.confirm_spam_delete',
	799	__('Are you sure you want to delete all spams?')).
[0]	800	self::jsVar('dotclear.msg.confirm_delete_comments',
	801	__('Are you sure you want to delete selected comments (%s)?')).
	802	self::jsVar('dotclear.msg.confirm_delete_comment',
	803	__('Are you sure you want to delete this comment?')).
	804	self::jsVar('dotclear.msg.cannot_delete_users',
	805	__('Users with posts cannot be deleted.')).
	806	self::jsVar('dotclear.msg.confirm_delete_user',
	807	__('Are you sure you want to delete selected users (%s)?')).
[3403]	808	self::jsVar('dotclear.msg.confirm_delete_blog',
	809	__('Are you sure you want to delete selected blogs (%s)?')).
[0]	810	self::jsVar('dotclear.msg.confirm_delete_category',
	811	__('Are you sure you want to delete category "%s"?')).
	812	self::jsVar('dotclear.msg.confirm_reorder_categories',
	813	__('Are you sure you want to reorder all categories?')).
	814	self::jsVar('dotclear.msg.confirm_delete_media',
	815	__('Are you sure you want to remove media "%s"?')).
[2512]	816	self::jsVar('dotclear.msg.confirm_delete_directory',
	817	__('Are you sure you want to remove directory "%s"?')).
[0]	818	self::jsVar('dotclear.msg.confirm_extract_current',
	819	__('Are you sure you want to extract archive in current directory?')).
	820	self::jsVar('dotclear.msg.confirm_remove_attachment',
	821	__('Are you sure you want to remove attachment "%s"?')).
	822	self::jsVar('dotclear.msg.confirm_delete_lang',
	823	__('Are you sure you want to delete "%s" language?')).
	824	self::jsVar('dotclear.msg.confirm_delete_plugin',
	825	__('Are you sure you want to delete "%s" plugin?')).
[2487]	826	self::jsVar('dotclear.msg.confirm_delete_plugins',
	827	__('Are you sure you want to delete selected plugins?')).
[0]	828	self::jsVar('dotclear.msg.use_this_theme',
	829	__('Use this theme')).
	830	self::jsVar('dotclear.msg.remove_this_theme',
	831	__('Remove this theme')).
	832	self::jsVar('dotclear.msg.confirm_delete_theme',
	833	__('Are you sure you want to delete "%s" theme?')).
[2487]	834	self::jsVar('dotclear.msg.confirm_delete_themes',
	835	__('Are you sure you want to delete selected themes?')).
[1462]	836	self::jsVar('dotclear.msg.confirm_delete_backup',
	837	__('Are you sure you want to delete this backup?')).
[2503]	838	self::jsVar('dotclear.msg.confirm_revert_backup',
	839	__('Are you sure you want to revert to this backup?')).
[0]	840	self::jsVar('dotclear.msg.zip_file_content',
	841	__('Zip file content')).
	842	self::jsVar('dotclear.msg.xhtml_validator',
	843	__('XHTML markup validator')).
	844	self::jsVar('dotclear.msg.xhtml_valid',
	845	__('XHTML content is valid.')).
	846	self::jsVar('dotclear.msg.xhtml_not_valid',
	847	__('There are XHTML markup errors.')).
[1861]	848	self::jsVar('dotclear.msg.warning_validate_no_save_content',
[1832]	849	__('Attention: an audit of a content not yet registered.')).
[0]	850	self::jsVar('dotclear.msg.confirm_change_post_format',
	851	__('You have unsaved changes. Switch post format will loose these changes. Proceed anyway?')).
[1256]	852	self::jsVar('dotclear.msg.confirm_change_post_format_noconvert',
	853	__("Warning: post format change will not convert existing content. You will need to apply new format by yourself. Proceed anyway?")).
[224]	854	self::jsVar('dotclear.msg.load_enhanced_uploader',
	855	__('Loading enhanced uploader, please wait.')).
[2156]	856
	857	self::jsVar('dotclear.msg.module_author',
	858	__('Author:')).
	859	self::jsVar('dotclear.msg.module_details',
	860	__('Details')).
	861	self::jsVar('dotclear.msg.module_support',
[2157]	862	__('Support')).
[2156]	863	self::jsVar('dotclear.msg.module_help',
[2157]	864	__('Help:')).
[2156]	865	self::jsVar('dotclear.msg.module_section',
	866	__('Section:')).
	867	self::jsVar('dotclear.msg.module_tags',
	868	__('Tags:')).
[3460]	869
	870	self::jsVar('dotclear.msg.close_notice',
	871	__('Hide this notice')).
	872
[3421]	873	"\n".
[0]	874	"</script>\n";
	875	}
[1187]	876
[3418]	877	/**
	878	@deprecated since version 2.11
	879	*/
[0]	880	public static function jsLoadIE7()
	881	{
[3418]	882	return '';
[0]	883	}
[1187]	884
[0]	885	public static function jsConfirmClose()
	886	{
	887	$args = func_get_args();
	888	if (count($args) > 0) {
	889	foreach ($args as $k => $v) {
	890	$args[$k] = "'".html::escapeJS($v)."'";
	891	}
	892	$args = implode(',',$args);
	893	} else {
	894	$args = '';
	895	}
[1187]	896
[0]	897	return
	898	self::jsLoad('js/confirm-close.js').
	899	'<script type="text/javascript">'."\n".
	900	"confirmClosePage = new confirmClose(".$args."); ".
	901	"confirmClose.prototype.prompt = '".html::escapeJS(__('You have unsaved changes.'))."'; ".
	902	"</script>\n";
	903	}
[1187]	904
[0]	905	public static function jsPageTabs($default=null)
	906	{
	907	if ($default) {
	908	$default = "'".html::escapeJS($default)."'";
	909	}
[2503]	910
[0]	911	return
	912	self::jsLoad('js/jquery/jquery.pageTabs.js').
	913	'<script type="text/javascript">'."\n".
[2010]	914	'$(function() {'."\n".
[3421]	915	' $.pageTabs('.$default.');'."\n".
[2113]	916	'});'.
[3418]	917	"</script>\n";
[2010]	918	}
[1161]	919
[2202]	920	public static function jsModal()
	921	{
	922	return
[3368]	923	self::jsLoad('js/jquery/jquery.magnific-popup.js');
[0]	924	}
[1187]	925
[2202]	926	public static function jsColorPicker()
	927	{
	928	return
[3021]	929	self::cssLoad('style/farbtastic/farbtastic.css').
[2202]	930	self::jsLoad('js/jquery/jquery.farbtastic.js').
	931	self::jsLoad('js/color-picker.js');
[0]	932	}
[1187]	933
[2202]	934	public static function jsDatePicker()
	935	{
	936	return
[3021]	937	self::cssLoad('style/date-picker.css').
[2202]	938	self::jsLoad('js/date-picker.js').
	939	'<script type="text/javascript">'."\n".
[1187]	940
[2202]	941	"datePicker.prototype.months[0] = '".html::escapeJS(__('January'))."'; ".
	942	"datePicker.prototype.months[1] = '".html::escapeJS(__('February'))."'; ".
	943	"datePicker.prototype.months[2] = '".html::escapeJS(__('March'))."'; ".
	944	"datePicker.prototype.months[3] = '".html::escapeJS(__('April'))."'; ".
	945	"datePicker.prototype.months[4] = '".html::escapeJS(__('May'))."'; ".
	946	"datePicker.prototype.months[5] = '".html::escapeJS(__('June'))."'; ".
	947	"datePicker.prototype.months[6] = '".html::escapeJS(__('July'))."'; ".
	948	"datePicker.prototype.months[7] = '".html::escapeJS(__('August'))."'; ".
	949	"datePicker.prototype.months[8] = '".html::escapeJS(__('September'))."'; ".
	950	"datePicker.prototype.months[9] = '".html::escapeJS(__('October'))."'; ".
	951	"datePicker.prototype.months[10] = '".html::escapeJS(__('November'))."'; ".
	952	"datePicker.prototype.months[11] = '".html::escapeJS(__('December'))."'; ".
[1161]	953
[2202]	954	"datePicker.prototype.days[0] = '".html::escapeJS(__('Monday'))."'; ".
	955	"datePicker.prototype.days[1] = '".html::escapeJS(__('Tuesday'))."'; ".
	956	"datePicker.prototype.days[2] = '".html::escapeJS(__('Wednesday'))."'; ".
	957	"datePicker.prototype.days[3] = '".html::escapeJS(__('Thursday'))."'; ".
	958	"datePicker.prototype.days[4] = '".html::escapeJS(__('Friday'))."'; ".
	959	"datePicker.prototype.days[5] = '".html::escapeJS(__('Saturday'))."'; ".
	960	"datePicker.prototype.days[6] = '".html::escapeJS(__('Sunday'))."'; ".
	961
	962	"datePicker.prototype.img_src = 'images/date-picker.png'; ".
[2788]	963	"datePicker.prototype.img_alt = '".html::escapeJS(__('Choose date'))."'; ".
[2202]	964
	965	"datePicker.prototype.close_msg = '".html::escapeJS(__('close'))."'; ".
	966	"datePicker.prototype.now_msg = '".html::escapeJS(__('now'))."'; ".
	967
	968	"</script>\n";
[0]	969	}
[1187]	970
[2720]	971
[2202]	972	public static function jsToolBar()
	973	{
[2614]	974	# Deprecated but we keep this for plugins.
[2202]	975	}
	976
	977	public static function jsUpload($params=array(),$base_url=null)
	978	{
	979	if (!$base_url) {
	980	$base_url = path::clean(dirname(preg_replace('/(\?.*$)?/','',$_SERVER['REQUEST_URI']))).'/';
	981	}
	982
	983	$params = array_merge($params,array(
	984	'sess_id='.session_id(),
	985	'sess_uid='.$_SESSION['sess_browser_uid'],
	986	'xd_check='.$GLOBALS['core']->getNonce()
[0]	987	));
[1187]	988
[2202]	989	return
	990	'<script type="text/javascript">'."\n".
	991	"dotclear.jsUpload = {};\n".
	992	"dotclear.jsUpload.msg = {};\n".
	993	self::jsVar('dotclear.msg.enhanced_uploader_activate',__('Temporarily activate enhanced uploader')).
	994	self::jsVar('dotclear.msg.enhanced_uploader_disable',__('Temporarily disable enhanced uploader')).
	995	self::jsVar('dotclear.jsUpload.msg.limit_exceeded',__('Limit exceeded.')).
	996	self::jsVar('dotclear.jsUpload.msg.size_limit_exceeded',__('File size exceeds allowed limit.')).
	997	self::jsVar('dotclear.jsUpload.msg.canceled',__('Canceled.')).
	998	self::jsVar('dotclear.jsUpload.msg.http_error',__('HTTP Error:')).
	999	self::jsVar('dotclear.jsUpload.msg.error',__('Error:')).
	1000	self::jsVar('dotclear.jsUpload.msg.choose_file',__('Choose file')).
	1001	self::jsVar('dotclear.jsUpload.msg.choose_files',__('Choose files')).
	1002	self::jsVar('dotclear.jsUpload.msg.cancel',__('Cancel')).
	1003	self::jsVar('dotclear.jsUpload.msg.clean',__('Clean')).
	1004	self::jsVar('dotclear.jsUpload.msg.upload',__('Upload')).
	1005	self::jsVar('dotclear.jsUpload.msg.send',__('Send')).
	1006	self::jsVar('dotclear.jsUpload.msg.file_successfully_uploaded',__('File successfully uploaded.')).
	1007	self::jsVar('dotclear.jsUpload.msg.no_file_in_queue',__('No file in queue.')).
	1008	self::jsVar('dotclear.jsUpload.msg.file_in_queue',__('1 file in queue.')).
	1009	self::jsVar('dotclear.jsUpload.msg.files_in_queue',__('%d files in queue.')).
	1010	self::jsVar('dotclear.jsUpload.msg.queue_error',__('Queue error:')).
	1011	self::jsVar('dotclear.jsUpload.base_url',$base_url).
	1012	"</script>\n".
[1461]	1013
[3218]	1014	self::jsLoad('js/jquery/jquery-ui.custom.js').
[2202]	1015	self::jsLoad('js/jsUpload/tmpl.js').
	1016	self::jsLoad('js/jsUpload/template-upload.js').
	1017	self::jsLoad('js/jsUpload/template-download.js').
	1018	self::jsLoad('js/jsUpload/load-image.js').
	1019	self::jsLoad('js/jsUpload/jquery.iframe-transport.js').
	1020	self::jsLoad('js/jsUpload/jquery.fileupload.js').
	1021	self::jsLoad('js/jsUpload/jquery.fileupload-process.js').
	1022	self::jsLoad('js/jsUpload/jquery.fileupload-resize.js').
	1023	self::jsLoad('js/jsUpload/jquery.fileupload-ui.js');
	1024	}
[1144]	1025
[2202]	1026	public static function jsMetaEditor()
	1027	{
[3021]	1028	return self::jsLoad('js/meta-editor.js');
[2202]	1029	}
[2849]	1030
[3397]	1031	public static function jsFilterControl($show=true)
	1032	{
	1033	return
	1034	self::jsLoad('js/filter-controls.js').
	1035	'<script type="text/javascript">'."\n".
	1036	self::jsVar('dotclear.msg.show_filters', $show ? 'true':'false')."\n".
	1037	self::jsVar('dotclear.msg.filter_posts_list',__('Show filters and display options'))."\n".
	1038	self::jsVar('dotclear.msg.cancel_the_filter',__('Cancel filters and display options'))."\n".
	1039	"</script>";
	1040	}
	1041
[3256]	1042	public static function jsLoadCodeMirror($theme = '',$multi = true,$modes = array('css','htmlmixed','javascript','php','xml'))
[3251]	1043	{
	1044	$ret =
	1045	self::cssLoad('js/codemirror/lib/codemirror.css').
	1046	self::jsLoad('js/codemirror/lib/codemirror.js');
	1047	if ($multi) {
	1048	$ret .= self::jsLoad('js/codemirror/addon/mode/multiplex.js');
	1049	}
	1050	foreach ($modes as $mode) {
	1051	$ret .= self::jsLoad('js/codemirror/mode/'.$mode.'/'.$mode.'.js');
	1052	}
	1053	$ret .=
	1054	self::jsLoad('js/codemirror/addon/edit/closebrackets.js').
[3253]	1055	self::jsLoad('js/codemirror/addon/edit/matchbrackets.js').
	1056	self::cssLoad('js/codemirror/addon/display/fullscreen.css').
	1057	self::jsLoad('js/codemirror/addon/display/fullscreen.js');
[3251]	1058	if ($theme != '') {
	1059	$ret .= self::cssLoad('js/codemirror/theme/'.$theme.'.css');
	1060	}
	1061	return $ret;
	1062	}
	1063
[3256]	1064	public static function jsRunCodeMirror($name,$id,$mode,$theme = '')
	1065	{
	1066	$ret =
[3421]	1067	'<script type="text/javascript">'."\n".
[3256]	1068	'var '.$name.' = CodeMirror.fromTextArea('.$id.',{'."\n".
	1069	' mode: "'.$mode.'",'."\n".
	1070	' tabMode: "indent",'."\n".
	1071	' lineWrapping: "true",'."\n".
	1072	' lineNumbers: "true",'."\n".
	1073	' matchBrackets: "true",'."\n".
	1074	' autoCloseBrackets: "true",'."\n".
	1075	' extraKeys: {"F11": function(cm) {cm.setOption("fullScreen",!cm.getOption("fullScreen"));}}';
[3421]	1076	if ($theme) {
	1077	$ret .=
	1078	','."\n".
	1079	' theme: "'.$theme.'"';
	1080	}
	1081	$ret .= "\n".
	1082	'});'."\n".
[3256]	1083	'</script>';
	1084	return $ret;
	1085	}
	1086
[3251]	1087	public static function getCodeMirrorThemes()
	1088	{
	1089	$themes = array();
	1090	$themes_root = dirname(__FILE__).'/../../admin'.'/js/codemirror/theme/';
	1091	if (is_dir($themes_root) && is_readable($themes_root)) {
	1092	if (($d = @dir($themes_root)) !== false) {
	1093	while (($entry = $d->read()) !== false) {
	1094	if ($entry != '.' && $entry != '..' && substr($entry, 0, 1) != '.' && is_readable($themes_root.'/'.$entry)) {
	1095	$themes[] = substr($entry,0,-4); // remove .css extension
	1096	}
	1097	}
[3313]	1098	sort($themes);
[3251]	1099	}
	1100	}
	1101	return $themes;
	1102	}
	1103
[3080]	1104	public static function getPF($file)
	1105	{
[2852]	1106	return $GLOBALS['core']->adminurl->get('load.plugin.file',array('pf' => $file));
[2849]	1107	}
[2909]	1108
[3262]	1109	public static function getVF($file)
	1110	{
	1111	return $GLOBALS['core']->adminurl->get('load.var.file',array('vf' => $file));
	1112	}
	1113
[3279]	1114	public static function setXFrameOptions($headers,$origin = null)
[3080]	1115	{
[2909]	1116	if (self::$xframe_loaded) {
	1117	return;
	1118	}
[3490]	1119
[2909]	1120	if ($origin !== null) {
	1121	$url = parse_url($origin);
[3490]	1122	$headers['x-frame-options'] = sprintf('X-Frame-Options: %s',is_array($url) && isset($url['host']) ?
[3080]	1123	("ALLOW-FROM ".(isset($url['scheme']) ? $url['scheme'].':' : '' ).'//'.$url['host']) :
[3279]	1124	'SAMEORIGIN');
[2909]	1125	} else {
[3279]	1126	$headers['x-frame-options'] = 'X-Frame-Options: SAMEORIGIN'; // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
[2909]	1127	}
	1128	self::$xframe_loaded = true;
	1129	}
[489]	1130	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/admin/lib.dc.page.php @ 3619:1b4fdf28e548

Download in other formats:

Sites map