lib.dc.page.php @ 3915:a57821ba9ef1

Visit:

Revision 3915:a57821ba9ef1, 45.4 KB checked in by franck <carnet.franck.paul@…>, 7 years ago (diff)
Switching from inline JS variables to JSON script. A step ahead…

Line
1	<?php
2	/**
3	* @package Dotclear
4	* @subpackage Backend
5	*
6	* @copyright Olivier Meunier & Association Dotclear
7	* @copyright GPL-2.0-only
8	*/
9
10	if (!defined('DC_RC_PATH')) {return;}
11
12	define('DC_AUTH_PAGE', 'auth.php');
13
14	class dcPage
15	{
16	private static $loaded_js = [];
17	private static $loaded_css = [];
18	private static $xframe_loaded = false;
19	private static $N_TYPES = [
20	"success" => "success",
21	"warning" => "warning-msg",
22	"error" => "error",
23	"message" => "message",
24	"static" => "static-msg"];
25
26	private static function getCore()
27	{
28	return $GLOBALS['core'];
29	}
30
31	# Auth check
32	public static function check($permissions)
33	{
34	$core = self::getCore();
35
36	if ($core->blog && $core->auth->check($permissions, $core->blog->id)) {
37	return;
38	}
39
40	if (session_id()) {
41	$core->session->destroy();
42	}
43	http::redirect(DC_AUTH_PAGE);
44	}
45
46	# Check super admin
47	public static function checkSuper()
48	{
49	$core = self::getCore();
50
51	if (!$core->auth->isSuperAdmin()) {
52	if (session_id()) {
53	$core->session->destroy();
54	}
55	http::redirect(DC_AUTH_PAGE);
56	}
57	}
58
59	# Top of admin page
60	public static function open($title = '', $head = '', $breadcrumb = '', $options = [])
61	{
62	$core = self::getCore();
63	$js = [];
64
65	# List of user's blogs
66	if ($core->auth->getBlogCount() == 1 \|\| $core->auth->getBlogCount() > 20) {
67	$blog_box =
68	'<p>' . __('Blog:') . ' <strong title="' . html::escapeHTML($core->blog->url) . '">' .
69	html::escapeHTML($core->blog->name) . '</strong>';
70
71	if ($core->auth->getBlogCount() > 20) {
72	$blog_box .= ' - <a href="' . $core->adminurl->get("admin.blogs") . '">' . __('Change blog') . '</a>';
73	}
74	$blog_box .= '</p>';
75	} else {
76	$rs_blogs = $core->getBlogs(['order' => 'LOWER(blog_name)', 'limit' => 20]);
77	$blogs = [];
78	while ($rs_blogs->fetch()) {
79	$blogs[html::escapeHTML($rs_blogs->blog_name . ' - ' . $rs_blogs->blog_url)] = $rs_blogs->blog_id;
80	}
81	$blog_box =
82	'<p><label for="switchblog" class="classic">' .
83	__('Blogs:') . '</label> ' .
84	$core->formNonce() .
85	form::combo('switchblog', $blogs, $core->blog->id) .
86	'<input type="submit" value="' . __('ok') . '" class="hidden-if-js" /></p>';
87	}
88
89	$safe_mode = isset($_SESSION['sess_safe_mode']) && $_SESSION['sess_safe_mode'];
90
91	# Display
92	$headers = new ArrayObject([]);
93
94	# Content-Type
95	$headers['content-type'] = 'Content-Type: text/html; charset=UTF-8';
96
97	# Referrer Policy for admin pages
98	$headers['referrer'] = 'Referrer-Policy: strict-origin';
99
100	# Prevents Clickjacking as far as possible
101	if (isset($options['x-frame-allow'])) {
102	self::setXFrameOptions($headers, $options['x-frame-allow']);
103	} else {
104	self::setXFrameOptions($headers);
105	}
106
107	# Content-Security-Policy (only if safe mode if not active, it may help)
108	if (!$safe_mode && $core->blog->settings->system->csp_admin_on) {
109	// Get directives from settings if exist, else set defaults
110	$csp = new ArrayObject([]);
111
112	// SQlite Clearbricks driver does not allow using single quote at beginning or end of a field value
113	// so we have to use neutral values (localhost and 127.0.0.1) for some CSP directives
114	$csp_prefix = $core->con->driver() == 'sqlite' ? 'localhost ' : ''; // Hack for SQlite Clearbricks driver
115	$csp_suffix = $core->con->driver() == 'sqlite' ? ' 127.0.0.1' : ''; // Hack for SQlite Clearbricks driver
116
117	$csp['default-src'] = $core->blog->settings->system->csp_admin_default ?:
118	$csp_prefix . "'self'" . $csp_suffix;
119	$csp['script-src'] = $core->blog->settings->system->csp_admin_script ?:
120	$csp_prefix . "'self' 'unsafe-inline' 'unsafe-eval'" . $csp_suffix;
121	$csp['style-src'] = $core->blog->settings->system->csp_admin_style ?:
122	$csp_prefix . "'self' 'unsafe-inline'" . $csp_suffix;
123	$csp['img-src'] = $core->blog->settings->system->csp_admin_img ?:
124	$csp_prefix . "'self' data: http://media.dotaddict.org blob:";
125
126	# Cope with blog post preview (via public URL in iframe)
127	if (!is_null($core->blog->host)) {
128	$csp['default-src'] .= ' ' . parse_url($core->blog->host, PHP_URL_HOST);
129	$csp['script-src'] .= ' ' . parse_url($core->blog->host, PHP_URL_HOST);
130	$csp['style-src'] .= ' ' . parse_url($core->blog->host, PHP_URL_HOST);
131	}
132	# Cope with media display in media manager (via public URL)
133	if (!is_null($core->media)) {
134	$csp['img-src'] .= ' ' . parse_url($core->media->root_url, PHP_URL_HOST);
135	}
136	# Allow everything in iframe (used by editors to preview public content)
137	$csp['child-src'] = "*";
138
139	# --BEHAVIOR-- adminPageHTTPHeaderCSP
140	$core->callBehavior('adminPageHTTPHeaderCSP', $csp);
141
142	// Construct CSP header
143	$directives = [];
144	foreach ($csp as $key => $value) {
145	if ($value) {
146	$directives[] = $key . ' ' . $value;
147	}
148	}
149	if (count($directives)) {
150	if (version_compare(phpversion(), '5.4', '>=')) {
151	// csp_report.php needs PHP ≥ 5.4
152	$directives[] = "report-uri " . DC_ADMIN_URL . "csp_report.php";
153	}
154	$report_only = ($core->blog->settings->system->csp_admin_report_only) ? '-Report-Only' : '';
155	$headers['csp'] = "Content-Security-Policy" . $report_only . ": " . implode(" ; ", $directives);
156	}
157	}
158
159	# --BEHAVIOR-- adminPageHTTPHeaders
160	$core->callBehavior('adminPageHTTPHeaders', $headers);
161	foreach ($headers as $key => $value) {
162	header($value);
163	}
164
165	echo
166	'<!DOCTYPE html>' .
167	'<html lang="' . $core->auth->getInfo('user_lang') . '">' . "\n" .
168	"<head>\n" .
169	' <meta charset="UTF-8" />' . "\n" .
170	' <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />' . "\n" .
171	' <meta name="GOOGLEBOT" content="NOSNIPPET" />' . "\n" .
172	' <meta name="viewport" content="width=device-width, initial-scale=1.0" />' . "\n" .
173	' <title>' . $title . ' - ' . html::escapeHTML($core->blog->name) . ' - ' . html::escapeHTML(DC_VENDOR_NAME) . ' - ' . DC_VERSION . '</title>' . "\n";
174
175	echo self::jsUtil();
176
177	if ($core->auth->user_prefs->interface->darkmode) {
178	$js['darkMode'] = 1;
179	echo self::cssLoad('style/default-dark.css');
180	} else {
181	$js['darkMode'] = 0;
182	echo self::cssLoad('style/default.css');
183	}
184	if (l10n::getTextDirection($GLOBALS['_lang']) == 'rtl') {
185	echo self::cssLoad('style/default-rtl.css');
186	}
187
188	$core->auth->user_prefs->addWorkspace('interface');
189	if (!$core->auth->user_prefs->interface->hide_std_favicon) {
190	echo
191	'<link rel="icon" type="image/png" href="images/favicon96-login.png" />' . "\n" .
192	'<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />' . "\n";
193	}
194	if ($core->auth->user_prefs->interface->htmlfontsize) {
195	$js['htmlFontSize'] = $core->auth->user_prefs->interface->htmlfontsize;
196	}
197	$js['hideMoreInfo'] = (boolean) $core->auth->user_prefs->interface->hidemoreinfo;
198	$js['showAjaxLoader'] = (boolean) $core->auth->user_prefs->interface->showajaxloader;
199
200	$core->auth->user_prefs->addWorkspace('accessibility');
201	$js['noDragDrop'] = (boolean) $core->auth->user_prefs->accessibility->nodragdrop;
202
203	// Set some JSON data
204	echo dcUtils::jsJson('dotclear_init', $js);
205
206	echo
207	self::jsCommon() .
208	self::jsToggles() .
209	$head;
210
211	# --BEHAVIOR-- adminPageHTMLHead
212	$core->callBehavior('adminPageHTMLHead');
213
214	echo
215	"</head>\n" .
216	'<body id="dotclear-admin' .
217	($safe_mode ? ' safe-mode' : '') . '" class="no-js' .
218	($core->auth->user_prefs->interface->dynfontsize ? ' responsive-font' : '') . '">' . "\n" .
219
220	'<ul id="prelude">' .
221	'<li><a href="#content">' . __('Go to the content') . '</a></li>' .
222	'<li><a href="#main-menu">' . __('Go to the menu') . '</a></li>' .
223	'<li><a href="#help">' . __('Go to help') . '</a></li>' .
224	'</ul>' . "\n" .
225	'<header id="header" role="banner">' .
226	'<h1><a href="' . $core->adminurl->get("admin.home") . '"><span class="hidden">' . DC_VENDOR_NAME . '</span></a></h1>' . "\n";
227
228	echo
229	'<form action="' . $core->adminurl->get("admin.home") . '" method="post" id="top-info-blog">' .
230	$blog_box .
231	'<p><a href="' . $core->blog->url . '" class="outgoing" title="' . __('Go to site') .
232	'">' . __('Go to site') . '<img src="images/outgoing-link.svg" alt="" /></a>' .
233	'</p></form>' .
234	'<ul id="top-info-user">' .
235	'<li><a class="' . (preg_match('/' . preg_quote($core->adminurl->get('admin.home')) . '$/', $_SERVER['REQUEST_URI']) ? ' active' : '') . '" href="' . $core->adminurl->get("admin.home") . '">' . __('My dashboard') . '</a></li>' .
236	'<li><a class="smallscreen' . (preg_match('/' . preg_quote($core->adminurl->get('admin.user.preferences')) . '(\?.*)?$/', $_SERVER['REQUEST_URI']) ? ' active' : '') .
237	'" href="' . $core->adminurl->get("admin.user.preferences") . '">' . __('My preferences') . '</a></li>' .
238	'<li><a href="' . $core->adminurl->get("admin.home", ['logout' => 1]) . '" class="logout"><span class="nomobile">' . sprintf(__('Logout %s'), $core->auth->userID()) .
239	'</span><img src="images/logout.png" alt="" /></a></li>' .
240	'</ul>' .
241	'</header>'; // end header
242
243	echo
244	'<div id="wrapper" class="clearfix">' . "\n" .
245	'<div class="hidden-if-no-js collapser-box"><button type="button" id="collapser" class="void-btn">' .
246	'<img class="collapse-mm visually-hidden" src="images/collapser-hide.png" alt="' . __('Hide main menu') . '" />' .
247	'<img class="expand-mm visually-hidden" src="images/collapser-show.png" alt="' . __('Show main menu') . '" />' .
248	'</button></div>' .
249	'<main id="main" role="main">' . "\n" .
250	'<div id="content" class="clearfix">' . "\n";
251
252	# Safe mode
253	if ($safe_mode) {
254	echo
255	'<div class="warning" role="alert"><h3>' . __('Safe mode') . '</h3>' .
256	'<p>' . __('You are in safe mode. All plugins have been temporarily disabled. Remind to log out then log in again normally to get back all functionalities') . '</p>' .
257	'</div>';
258	}
259
260	// Display breadcrumb (if given) before any error messages
261	echo $breadcrumb;
262
263	// Display notices and errors
264	echo self::notices();
265	}
266
267	public static function notices()
268	{
269	$core = self::getCore();
270	static $error_displayed = false;
271
272	$res = '';
273
274	// return error messages if any
275	if ($core->error->flag() && !$error_displayed) {
276
277	# --BEHAVIOR-- adminPageNotificationError
278	$notice_error = $core->callBehavior('adminPageNotificationError', $core, $core->error);
279
280	if (isset($notice_error) && !empty($notice_error)) {
281	$res .= $notice_error;
282	} else {
283	$res .= '<div class="error"><p>' .
284	'<strong>' . (count($core->error->getErrors()) > 1 ? __('Errors:') : __('Error:')) . '</strong>' .
285	'</p>' . $core->error->toHTML() . '</div>';
286	}
287	$error_displayed = true;
288	}
289
290	// return notices if any
291	if (isset($_SESSION['notifications'])) {
292	foreach ($_SESSION['notifications'] as $notification) {
293
294	# --BEHAVIOR-- adminPageNotification
295	$notice = $core->callBehavior('adminPageNotification', $core, $notification);
296
297	$res .= (isset($notice) && !empty($notice) ? $notice : self::getNotification($notification));
298	}
299	unset($_SESSION['notifications']);
300	}
301	return $res;
302	}
303
304	public static function addNotice($type, $message, $options = [])
305	{
306	if (isset(self::$N_TYPES[$type])) {
307	$class = self::$N_TYPES[$type];
308	} else {
309	$class = $type;
310	}
311	if (isset($_SESSION['notifications']) && is_array($_SESSION['notifications'])) {
312	$notifications = $_SESSION['notifications'];
313	} else {
314	$notifications = [];
315	}
316
317	$n = array_merge($options, ['class' => $class, 'ts' => time(), 'text' => $message]);
318	if ($type != "static") {
319	$notifications[] = $n;
320	} else {
321	array_unshift($notifications, $n);
322	}
323	$_SESSION['notifications'] = $notifications;
324	}
325
326	public static function addSuccessNotice($message, $options = [])
327	{
328	self::addNotice("success", $message, $options);
329	}
330
331	public static function addWarningNotice($message, $options = [])
332	{
333	self::addNotice("warning", $message, $options);
334	}
335
336	public static function addErrorNotice($message, $options = [])
337	{
338	self::addNotice("error", $message, $options);
339	}
340
341	protected static function getNotification($n)
342	{
343	$core = self::getCore();
344
345	$tag = (isset($n['divtag']) && $n['divtag']) ? 'div' : 'p';
346	$ts = '';
347	if (!isset($n['with_ts']) \|\| ($n['with_ts'] == true)) {
348	$ts = dt::str(__('[%H:%M:%S]'), $n['ts'], $core->auth->getInfo('user_tz')) . ' ';
349	}
350	$res = '<' . $tag . ' class="' . $n['class'] . '" role="alert">' . $ts . $n['text'] . '</' . $tag . '>';
351	return $res;
352	}
353
354	public static function close()
355	{
356	$core = self::getCore();
357
358	if (!$GLOBALS['__resources']['ctxhelp']) {
359	if (!$core->auth->user_prefs->interface->hidehelpbutton) {
360	echo
361	'<p id="help-button"><a href="' . $core->adminurl->get("admin.help") . '" class="outgoing" title="' .
362	__('Global help') . '">' . __('Global help') . '</a></p>';
363	}
364	}
365
366	$menu = &$GLOBALS['_menu'];
367
368	echo
369	"</div>\n" . // End of #content
370	"</main>\n" . // End of #main
371
372	'<nav id="main-menu" role="navigation">' . "\n" .
373
374	'<form id="search-menu" action="' . $core->adminurl->get("admin.search") . '" method="get" role="search">' .
375	'<p><label for="qx" class="hidden">' . __('Search:') . ' </label>' . form::field('qx', 30, 255, '') .
376	'<input type="submit" value="' . __('OK') . '" /></p>' .
377	'</form>';
378
379	foreach ($menu as $k => $v) {
380	echo $menu[$k]->draw();
381	}
382
383	$text = sprintf(__('Thank you for using %s.'), 'Dotclear ' . DC_VERSION);
384
385	# --BEHAVIOR-- adminPageFooter
386	$textAlt = $core->callBehavior('adminPageFooter', $core, $text);
387	if ($textAlt != '') {
388	$text = $textAlt;
389	}
390	$text = html::escapeHTML($text);
391
392	echo
393	'</nav>' . "\n" . // End of #main-menu
394	"</div>\n"; // End of #wrapper
395
396	echo '<p id="gototop"><a href="#wrapper">' . __('Page top') . '</a></p>' . "\n";
397
398	$figure = "
399	♥‿♥
400	\| \| \|
401	)_) )_) )_)
402	)___))___))___)\
403	)____)____)_____)\\
404	_____\|____\|____\|____\\\__
405	---------\ /---------
406	^^^^^ ^^^^^^^^^^^^^^^^^^^^^
407	^^^^ ^^^^ ^^^ ^^
408	^^^^ ^^^
409	";
410
411	echo
412	'<footer id="footer" role="contentinfo">' .
413	'<a href="http://dotclear.org/" title="' . $text . '">' .
414	'<img src="style/dc_logos/w-dotclear90.png" alt="' . $text . '" /></a></footer>' . "\n" .
415	"<!-- " . "\n" .
416	$figure .
417	" -->" . "\n";
418
419	if (defined('DC_DEV') && DC_DEV === true) {
420	echo self::debugInfo();
421	}
422
423	echo
424	'</body></html>';
425	}
426
427	public static function openPopup($title = '', $head = '', $breadcrumb = '')
428	{
429	$core = self::getCore();
430	$js = [];
431
432	# Display
433	header('Content-Type: text/html; charset=UTF-8');
434
435	# Referrer Policy for admin pages
436	header('Referrer-Policy: strict-origin');
437
438	# Prevents Clickjacking as far as possible
439	header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
440
441	echo
442	'<!DOCTYPE html>' .
443	'<html lang="' . $core->auth->getInfo('user_lang') . '">' . "\n" .
444	"<head>\n" .
445	' <meta charset="UTF-8" />' . "\n" .
446	' <meta name="viewport" content="width=device-width, initial-scale=1.0" />' . "\n" .
447	' <title>' . $title . ' - ' . html::escapeHTML($core->blog->name) . ' - ' . html::escapeHTML(DC_VENDOR_NAME) . ' - ' . DC_VERSION . '</title>' . "\n" .
448	' <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />' . "\n" .
449	' <meta name="GOOGLEBOT" content="NOSNIPPET" />' . "\n";
450
451	echo self::jsUtil();
452
453	if ($core->auth->user_prefs->interface->darkmode) {
454	$js['darkMode'] = 1;
455	echo self::cssLoad('style/default-dark.css');
456	} else {
457	$js['darkMode'] = 0;
458	echo self::cssLoad('style/default.css');
459	}
460	if (l10n::getTextDirection($GLOBALS['_lang']) == 'rtl') {
461	echo self::cssLoad('style/default-rtl.css');
462	}
463
464	$core->auth->user_prefs->addWorkspace('interface');
465	if ($core->auth->user_prefs->interface->htmlfontsize) {
466	$js['htmlFontSize'] = $core->auth->user_prefs->interface->htmlfontsize;
467	}
468	$js['hideMoreInfo'] = (boolean) $core->auth->user_prefs->interface->hidemoreinfo;
469	$js['showAjaxLoader'] = (boolean) $core->auth->user_prefs->interface->showajaxloader;
470
471	$core->auth->user_prefs->addWorkspace('accessibility');
472	$js['noDragDrop'] = (boolean) $core->auth->user_prefs->accessibility->nodragdrop;
473
474	// Set JSON data
475	echo dcUtils::jsJson('dotclear_init', $js);
476
477	echo
478	self::jsCommon() .
479	self::jsToggles() .
480	$head;
481
482	# --BEHAVIOR-- adminPageHTMLHead
483	$core->callBehavior('adminPageHTMLHead');
484
485	echo
486	"</head>\n" .
487	'<body id="dotclear-admin" class="popup' .
488	($core->auth->user_prefs->interface->dynfontsize ? ' responsive-font' : '') . '">' . "\n" .
489
490	'<h1>' . DC_VENDOR_NAME . '</h1>' . "\n";
491
492	echo
493	'<div id="wrapper">' . "\n" .
494	'<main id="main" role="main">' . "\n" .
495	'<div id="content">' . "\n";
496
497	// display breadcrumb if given
498	echo $breadcrumb;
499
500	// Display notices and errors
501	echo self::notices();
502	}
503
504	public static function closePopup()
505	{
506	echo
507	"</div>\n" . // End of #content
508	"</main>\n" . // End of #main
509	"</div>\n" . // End of #wrapper
510
511	'<p id="gototop"><a href="#wrapper">' . __('Page top') . '</a></p>' . "\n" .
512
513	'<footer id="footer" role="contentinfo"><p> </p></footer>' . "\n" .
514	'</body></html>';
515	}
516
517	public static function breadcrumb($elements = null, $options = [])
518	{
519	$core = self::getCore();
520
521	$with_home_link = isset($options['home_link']) ? $options['home_link'] : true;
522	$hl = isset($options['hl']) ? $options['hl'] : true;
523	$hl_pos = isset($options['hl_pos']) ? $options['hl_pos'] : -1;
524	// First item of array elements should be blog's name, System or Plugins
525	$res = '<h2>' . ($with_home_link ?
526	'<a class="go_home" href="' . $core->adminurl->get("admin.home") . '"><img src="style/dashboard.png" alt="' . __('Go to dashboard') . '" /></a>' :
527	'<img src="style/dashboard-alt.png" alt="" />');
528	$index = 0;
529	if ($hl_pos < 0) {
530	$hl_pos = count($elements) + $hl_pos;
531	}
532	foreach ($elements as $element => $url) {
533	if ($hl && $index == $hl_pos) {
534	$element = sprintf('<span class="page-title">%s</span>', $element);
535	}
536	$res .= ($with_home_link ? ($index == 1 ? ' : ' : ' &rsaquo; ') : ($index == 0 ? ' ' : ' &rsaquo; ')) .
537	($url ? '<a href="' . $url . '">' : '') . $element . ($url ? '</a>' : '');
538	$index++;
539	}
540	$res .= '</h2>';
541	return $res;
542	}
543
544	public static function message($msg, $timestamp = true, $div = false, $echo = true, $class = 'message')
545	{
546	$core = self::getCore();
547
548	$res = '';
549	if ($msg != '') {
550	$res = ($div ? '<div class="' . $class . '">' : '') . '<p' . ($div ? '' : ' class="' . $class . '"') . '>' .
551	($timestamp ? dt::str(__('[%H:%M:%S]'), null, $core->auth->getInfo('user_tz')) . ' ' : '') . $msg .
552	'</p>' . ($div ? '</div>' : '');
553	if ($echo) {
554	echo $res;
555	}
556	}
557	return $res;
558	}
559
560	public static function success($msg, $timestamp = true, $div = false, $echo = true)
561	{
562	return self::message($msg, $timestamp, $div, $echo, "success");
563	}
564
565	public static function warning($msg, $timestamp = true, $div = false, $echo = true)
566	{
567	return self::message($msg, $timestamp, $div, $echo, "warning-msg");
568	}
569
570	private static function debugInfo()
571	{
572	$global_vars = implode(', ', array_keys($GLOBALS));
573
574	$res =
575	'<div id="debug"><div>' .
576	'<p>memory usage: ' . memory_get_usage() . ' (' . files::size(memory_get_usage()) . ')</p>';
577
578	if (function_exists('xdebug_get_profiler_filename')) {
579	$res .= '<p>Elapsed time: ' . xdebug_time_index() . ' seconds</p>';
580
581	$prof_file = xdebug_get_profiler_filename();
582	if ($prof_file) {
583	$res .= '<p>Profiler file : ' . xdebug_get_profiler_filename() . '</p>';
584	} else {
585	$prof_url = http::getSelfURI();
586	$prof_url .= (strpos($prof_url, '?') === false) ? '?' : '&';
587	$prof_url .= 'XDEBUG_PROFILE';
588	$res .= '<p><a href="' . html::escapeURL($prof_url) . '">Trigger profiler</a></p>';
589	}
590
591	/* xdebug configuration:
592	zend_extension = /.../xdebug.so
593	xdebug.auto_trace = On
594	xdebug.trace_format = 0
595	xdebug.trace_options = 1
596	xdebug.show_mem_delta = On
597	xdebug.profiler_enable = 0
598	xdebug.profiler_enable_trigger = 1
599	xdebug.profiler_output_dir = /tmp
600	xdebug.profiler_append = 0
601	xdebug.profiler_output_name = timestamp
602	*/
603	}
604
605	$res .=
606	'<p>Global vars: ' . $global_vars . '</p>' .
607	'</div></div>';
608
609	return $res;
610	}
611
612	public static function help($page, $index = '')
613	{
614	# Deprecated but we keep this for plugins.
615	}
616
617	public static function helpBlock(...$params)
618	{
619	$core = self::getCore();
620
621	if ($core->auth->user_prefs->interface->hidehelpbutton) {
622	return;
623	}
624
625	$args = new ArrayObject($params);
626
627	# --BEHAVIOR-- adminPageHelpBlock
628	$core->callBehavior('adminPageHelpBlock', $args);
629
630	if (empty($args)) {
631	return;
632	};
633
634	global $__resources;
635	if (empty($__resources['help'])) {
636	return;
637	}
638
639	$content = '';
640	foreach ($args as $v) {
641	if (is_object($v) && isset($v->content)) {
642	$content .= $v->content;
643	continue;
644	}
645
646	if (!isset($__resources['help'][$v])) {
647	continue;
648	}
649	$f = $__resources['help'][$v];
650	if (!file_exists($f) \|\| !is_readable($f)) {
651	continue;
652	}
653
654	$fc = file_get_contents($f);
655	if (preg_match('\|<body[^>]?>(.?)</body>\|ms', $fc, $matches)) {
656	$content .= $matches[1];
657	} else {
658	$content .= $fc;
659	}
660	}
661
662	if (trim($content) == '') {
663	return;
664	}
665
666	// Set contextual help global flag
667	$GLOBALS['__resources']['ctxhelp'] = true;
668
669	echo
670	'<div id="help"><hr /><div class="help-content clear"><h3>' . __('Help about this page') . '</h3>' .
671	$content .
672	'</div>' .
673	'<div id="helplink"><hr />' .
674	'<p>' .
675	sprintf(__('See also %s'), sprintf('<a href="' . $core->adminurl->get("admin.help") . '">%s</a>', __('the global help'))) .
676	'.</p>' .
677	'</div></div>';
678	}
679
680	public static function cssLoad($src, $media = 'screen', $v = '')
681	{
682	$escaped_src = html::escapeHTML($src);
683	if (!isset(self::$loaded_css[$escaped_src])) {
684	self::$loaded_css[$escaped_src] = true;
685	$escaped_src = self::appendVersion($escaped_src, $v);
686
687	return '<link rel="stylesheet" href="' . $escaped_src . '" type="text/css" media="' . $media . '" />' . "\n";
688	}
689	}
690
691	public static function jsLoad($src, $v = '')
692	{
693	$escaped_src = html::escapeHTML($src);
694	if (!isset(self::$loaded_js[$escaped_src])) {
695	self::$loaded_js[$escaped_src] = true;
696	$escaped_src = self::appendVersion($escaped_src, $v);
697	return '<script type="text/javascript" src="' . $escaped_src . '"></script>' . "\n";
698	}
699	}
700
701	private static function appendVersion($src, $v = '')
702	{
703	$src .= (strpos($src, '?') === false ? '?' : '&') . 'v=';
704	if (defined('DC_DEV') && DC_DEV === true) {
705	$src .= md5(uniqid());
706	} else {
707	$src .= ($v === '' ? DC_VERSION : $v);
708	}
709	return $src;
710	}
711
712	public static function jsVar($n, $v)
713	{
714	return $n . " = '" . html::escapeJS($v) . "';\n";
715	}
716
717	public static function jsVars($vars)
718	{
719	$ret = '<script type="text/javascript">' . "\n";
720	foreach ($vars as $var => $value) {
721	$ret .= $var . ' = ' . (is_string($value) ? "'" . html::escapeJS($value) . "'" : $value) . ';' . "\n";
722	}
723	$ret .= "</script>\n";
724
725	return $ret;
726	}
727
728	public static function jsUtil()
729	{
730	$core = self::getCore();
731	return self::jsLoad($core->blog->getPF('util.js'));
732	}
733
734	public static function jsToggles()
735	{
736	$core = self::getCore();
737
738	if ($core->auth->user_prefs->toggles) {
739	$unfolded_sections = explode(',', $core->auth->user_prefs->toggles->unfolded_sections);
740	foreach ($unfolded_sections as $k => &$v) {
741	if ($v == '') {
742	unset($unfolded_sections[$k]);
743	} else {
744	$v = "'" . html::escapeJS($v) . "':true";
745	}
746	}
747	} else {
748	$unfolded_sections = [];
749	}
750	return '<script type="text/javascript">' . "\n" .
751	'dotclear.unfolded_sections = {' . join(",", $unfolded_sections) . "};\n" .
752	"</script>\n";
753	}
754
755	public static function jsCommon()
756	{
757	$core = self::getCore();
758
759	$mute_or_no = '';
760	if (empty($core->blog) \|\| $core->blog->settings->system->jquery_migrate_mute) {
761	$mute_or_no .=
762	'<script type="text/javascript">' . "\n" .
763	'jQuery.migrateMute = true;' . "\n" .
764	"</script>\n";
765	}
766
767	return
768	self::jsLoad('js/jquery/jquery.js') .
769	$mute_or_no .
770	self::jsLoad('js/jquery/jquery-migrate.js') .
771	self::jsLoad('js/jquery/jquery.biscuit.js') .
772	self::jsLoad('js/common.js') .
773	self::jsLoad('js/services.js') .
774	self::jsLoad('js/prelude.js') .
775
776	'<script type="text/javascript">' . "\n" .
777	'jsToolBar = {}, jsToolBar.prototype = { elements : {} };' . "\n" .
778
779	self::jsVar('dotclear.nonce', $core->getNonce()) .
780
781	self::jsVar('dotclear.img_plus_src', 'images/expand.png') .
782	self::jsVar('dotclear.img_plus_txt', '►') .
783	self::jsVar('dotclear.img_plus_alt', __('uncover')) .
784	self::jsVar('dotclear.img_minus_src', 'images/hide.png') .
785	self::jsVar('dotclear.img_minus_txt', '▼') .
786	self::jsVar('dotclear.img_minus_alt', __('hide')) .
787	self::jsVar('dotclear.img_menu_on', 'images/menu_on.png') .
788	self::jsVar('dotclear.img_menu_off', 'images/menu_off.png') .
789
790	self::jsVar('dotclear.img_plus_theme_src', 'images/plus-theme.png') .
791	self::jsVar('dotclear.img_plus_theme_txt', '►') .
792	self::jsVar('dotclear.img_plus_theme_alt', __('uncover')) .
793	self::jsVar('dotclear.img_minus_theme_src', 'images/minus-theme.png') .
794	self::jsVar('dotclear.img_minus_theme_txt', '▼') .
795	self::jsVar('dotclear.img_minus_theme_alt', __('hide')) .
796
797	self::jsVar('dotclear.msg.help',
798	__('Need help?')) .
799	self::jsVar('dotclear.msg.new_window',
800	__('new window')) .
801	self::jsVar('dotclear.msg.help_hide',
802	__('Hide')) .
803	self::jsVar('dotclear.msg.to_select',
804	__('Select:')) .
805	self::jsVar('dotclear.msg.no_selection',
806	__('no selection')) .
807	self::jsVar('dotclear.msg.select_all',
808	__('select all')) .
809	self::jsVar('dotclear.msg.invert_sel',
810	__('Invert selection')) .
811	self::jsVar('dotclear.msg.website',
812	__('Web site:')) .
813	self::jsVar('dotclear.msg.email',
814	__('Email:')) .
815	self::jsVar('dotclear.msg.ip_address',
816	__('IP address:')) .
817	self::jsVar('dotclear.msg.error',
818	__('Error:')) .
819	self::jsVar('dotclear.msg.entry_created',
820	__('Entry has been successfully created.')) .
821	self::jsVar('dotclear.msg.edit_entry',
822	__('Edit entry')) .
823	self::jsVar('dotclear.msg.view_entry',
824	__('view entry')) .
825	self::jsVar('dotclear.msg.confirm_delete_posts',
826	__("Are you sure you want to delete selected entries (%s)?")) .
827	self::jsVar('dotclear.msg.confirm_delete_medias',
828	__("Are you sure you want to delete selected medias (%d)?")) .
829	self::jsVar('dotclear.msg.confirm_delete_categories',
830	__("Are you sure you want to delete selected categories (%s)?")) .
831	self::jsVar('dotclear.msg.confirm_delete_post',
832	__("Are you sure you want to delete this entry?")) .
833	self::jsVar('dotclear.msg.click_to_unlock',
834	__("Click here to unlock the field")) .
835	self::jsVar('dotclear.msg.confirm_spam_delete',
836	__('Are you sure you want to delete all spams?')) .
837	self::jsVar('dotclear.msg.confirm_delete_comments',
838	__('Are you sure you want to delete selected comments (%s)?')) .
839	self::jsVar('dotclear.msg.confirm_delete_comment',
840	__('Are you sure you want to delete this comment?')) .
841	self::jsVar('dotclear.msg.cannot_delete_users',
842	__('Users with posts cannot be deleted.')) .
843	self::jsVar('dotclear.msg.confirm_delete_user',
844	__('Are you sure you want to delete selected users (%s)?')) .
845	self::jsVar('dotclear.msg.confirm_delete_blog',
846	__('Are you sure you want to delete selected blogs (%s)?')) .
847	self::jsVar('dotclear.msg.confirm_delete_category',
848	__('Are you sure you want to delete category "%s"?')) .
849	self::jsVar('dotclear.msg.confirm_reorder_categories',
850	__('Are you sure you want to reorder all categories?')) .
851	self::jsVar('dotclear.msg.confirm_delete_media',
852	__('Are you sure you want to remove media "%s"?')) .
853	self::jsVar('dotclear.msg.confirm_delete_directory',
854	__('Are you sure you want to remove directory "%s"?')) .
855	self::jsVar('dotclear.msg.confirm_extract_current',
856	__('Are you sure you want to extract archive in current directory?')) .
857	self::jsVar('dotclear.msg.confirm_remove_attachment',
858	__('Are you sure you want to remove attachment "%s"?')) .
859	self::jsVar('dotclear.msg.confirm_delete_lang',
860	__('Are you sure you want to delete "%s" language?')) .
861	self::jsVar('dotclear.msg.confirm_delete_plugin',
862	__('Are you sure you want to delete "%s" plugin?')) .
863	self::jsVar('dotclear.msg.confirm_delete_plugins',
864	__('Are you sure you want to delete selected plugins?')) .
865	self::jsVar('dotclear.msg.use_this_theme',
866	__('Use this theme')) .
867	self::jsVar('dotclear.msg.remove_this_theme',
868	__('Remove this theme')) .
869	self::jsVar('dotclear.msg.confirm_delete_theme',
870	__('Are you sure you want to delete "%s" theme?')) .
871	self::jsVar('dotclear.msg.confirm_delete_themes',
872	__('Are you sure you want to delete selected themes?')) .
873	self::jsVar('dotclear.msg.confirm_delete_backup',
874	__('Are you sure you want to delete this backup?')) .
875	self::jsVar('dotclear.msg.confirm_revert_backup',
876	__('Are you sure you want to revert to this backup?')) .
877	self::jsVar('dotclear.msg.zip_file_content',
878	__('Zip file content')) .
879	self::jsVar('dotclear.msg.xhtml_validator',
880	__('XHTML markup validator')) .
881	self::jsVar('dotclear.msg.xhtml_valid',
882	__('XHTML content is valid.')) .
883	self::jsVar('dotclear.msg.xhtml_not_valid',
884	__('There are XHTML markup errors.')) .
885	self::jsVar('dotclear.msg.warning_validate_no_save_content',
886	__('Attention: an audit of a content not yet registered.')) .
887	self::jsVar('dotclear.msg.confirm_change_post_format',
888	__('You have unsaved changes. Switch post format will loose these changes. Proceed anyway?')) .
889	self::jsVar('dotclear.msg.confirm_change_post_format_noconvert',
890	__("Warning: post format change will not convert existing content. You will need to apply new format by yourself. Proceed anyway?")) .
891	self::jsVar('dotclear.msg.load_enhanced_uploader',
892	__('Loading enhanced uploader, please wait.')) .
893
894	self::jsVar('dotclear.msg.module_author',
895	__('Author:')) .
896	self::jsVar('dotclear.msg.module_details',
897	__('Details')) .
898	self::jsVar('dotclear.msg.module_support',
899	__('Support')) .
900	self::jsVar('dotclear.msg.module_help',
901	__('Help:')) .
902	self::jsVar('dotclear.msg.module_section',
903	__('Section:')) .
904	self::jsVar('dotclear.msg.module_tags',
905	__('Tags:')) .
906
907	self::jsVar('dotclear.msg.close_notice',
908	__('Hide this notice')) .
909
910	"\n" .
911	"</script>\n";
912	}
913
914	/**
915	@deprecated since version 2.11
916	*/
917	public static function jsLoadIE7()
918	{
919	return '';
920	}
921
922	public static function jsConfirmClose(...$args)
923	{
924	if (count($args) > 0) {
925	foreach ($args as $k => $v) {
926	$args[$k] = "'" . html::escapeJS($v) . "'";
927	}
928	$params = implode(',', $args);
929	} else {
930	$params = '';
931	}
932
933	return
934	self::jsLoad('js/confirm-close.js') .
935	'<script type="text/javascript">' . "\n" .
936	"confirmClosePage = new confirmClose(" . $params . "); " .
937	"confirmClose.prototype.prompt = '" . html::escapeJS(__('You have unsaved changes.')) . "'; " .
938	"</script>\n";
939	}
940
941	public static function jsPageTabs($default = null)
942	{
943	if ($default) {
944	$default = "'" . html::escapeJS($default) . "'";
945	}
946
947	return
948	self::jsLoad('js/jquery/jquery.pageTabs.js') .
949	'<script type="text/javascript">' . "\n" .
950	'$(function() {' . "\n" .
951	' $.pageTabs(' . $default . ');' . "\n" .
952	'});' .
953	"</script>\n";
954	}
955
956	public static function jsModal()
957	{
958	return
959	self::jsLoad('js/jquery/jquery.magnific-popup.js');
960	}
961
962	public static function jsColorPicker()
963	{
964	return
965	self::cssLoad('style/farbtastic/farbtastic.css') .
966	self::jsLoad('js/jquery/jquery.farbtastic.js') .
967	self::jsLoad('js/color-picker.js');
968	}
969
970	public static function jsDatePicker()
971	{
972	return
973	self::cssLoad('style/date-picker.css') .
974	self::jsLoad('js/date-picker.js') .
975	'<script type="text/javascript">' . "\n" .
976
977	"datePicker.prototype.months[0] = '" . html::escapeJS(__('January')) . "'; " .
978	"datePicker.prototype.months[1] = '" . html::escapeJS(__('February')) . "'; " .
979	"datePicker.prototype.months[2] = '" . html::escapeJS(__('March')) . "'; " .
980	"datePicker.prototype.months[3] = '" . html::escapeJS(__('April')) . "'; " .
981	"datePicker.prototype.months[4] = '" . html::escapeJS(__('May')) . "'; " .
982	"datePicker.prototype.months[5] = '" . html::escapeJS(__('June')) . "'; " .
983	"datePicker.prototype.months[6] = '" . html::escapeJS(__('July')) . "'; " .
984	"datePicker.prototype.months[7] = '" . html::escapeJS(__('August')) . "'; " .
985	"datePicker.prototype.months[8] = '" . html::escapeJS(__('September')) . "'; " .
986	"datePicker.prototype.months[9] = '" . html::escapeJS(__('October')) . "'; " .
987	"datePicker.prototype.months[10] = '" . html::escapeJS(__('November')) . "'; " .
988	"datePicker.prototype.months[11] = '" . html::escapeJS(__('December')) . "'; " .
989
990	"datePicker.prototype.days[0] = '" . html::escapeJS(__('Monday')) . "'; " .
991	"datePicker.prototype.days[1] = '" . html::escapeJS(__('Tuesday')) . "'; " .
992	"datePicker.prototype.days[2] = '" . html::escapeJS(__('Wednesday')) . "'; " .
993	"datePicker.prototype.days[3] = '" . html::escapeJS(__('Thursday')) . "'; " .
994	"datePicker.prototype.days[4] = '" . html::escapeJS(__('Friday')) . "'; " .
995	"datePicker.prototype.days[5] = '" . html::escapeJS(__('Saturday')) . "'; " .
996	"datePicker.prototype.days[6] = '" . html::escapeJS(__('Sunday')) . "'; " .
997
998	"datePicker.prototype.img_src = 'images/date-picker.png'; " .
999	"datePicker.prototype.img_alt = '" . html::escapeJS(__('Choose date')) . "'; " .
1000
1001	"datePicker.prototype.close_msg = '" . html::escapeJS(__('close')) . "'; " .
1002	"datePicker.prototype.now_msg = '" . html::escapeJS(__('now')) . "'; " .
1003
1004	"</script>\n";
1005	}
1006
1007	public static function jsToolBar()
1008	{
1009	# Deprecated but we keep this for plugins.
1010	}
1011
1012	public static function jsUpload($params = [], $base_url = null)
1013	{
1014	$core = self::getCore();
1015
1016	if (!$base_url) {
1017	$base_url = path::clean(dirname(preg_replace('/(\?.*$)?/', '', $_SERVER['REQUEST_URI']))) . '/';
1018	}
1019
1020	$params = array_merge($params, [
1021	'sess_id=' . session_id(),
1022	'sess_uid=' . $_SESSION['sess_browser_uid'],
1023	'xd_check=' . $core->getNonce()
1024	]);
1025
1026	return
1027	'<script type="text/javascript">' . "\n" .
1028	"dotclear.jsUpload = {};\n" .
1029	"dotclear.jsUpload.msg = {};\n" .
1030	self::jsVar('dotclear.msg.enhanced_uploader_activate', __('Temporarily activate enhanced uploader')) .
1031	self::jsVar('dotclear.msg.enhanced_uploader_disable', __('Temporarily disable enhanced uploader')) .
1032	self::jsVar('dotclear.jsUpload.msg.limit_exceeded', __('Limit exceeded.')) .
1033	self::jsVar('dotclear.jsUpload.msg.size_limit_exceeded', __('File size exceeds allowed limit.')) .
1034	self::jsVar('dotclear.jsUpload.msg.canceled', __('Canceled.')) .
1035	self::jsVar('dotclear.jsUpload.msg.http_error', __('HTTP Error:')) .
1036	self::jsVar('dotclear.jsUpload.msg.error', __('Error:')) .
1037	self::jsVar('dotclear.jsUpload.msg.choose_file', __('Choose file')) .
1038	self::jsVar('dotclear.jsUpload.msg.choose_files', __('Choose files')) .
1039	self::jsVar('dotclear.jsUpload.msg.cancel', __('Cancel')) .
1040	self::jsVar('dotclear.jsUpload.msg.clean', __('Clean')) .
1041	self::jsVar('dotclear.jsUpload.msg.upload', __('Upload')) .
1042	self::jsVar('dotclear.jsUpload.msg.send', __('Send')) .
1043	self::jsVar('dotclear.jsUpload.msg.file_successfully_uploaded', __('File successfully uploaded.')) .
1044	self::jsVar('dotclear.jsUpload.msg.no_file_in_queue', __('No file in queue.')) .
1045	self::jsVar('dotclear.jsUpload.msg.file_in_queue', __('1 file in queue.')) .
1046	self::jsVar('dotclear.jsUpload.msg.files_in_queue', __('%d files in queue.')) .
1047	self::jsVar('dotclear.jsUpload.msg.queue_error', __('Queue error:')) .
1048	self::jsVar('dotclear.jsUpload.base_url', $base_url) .
1049	"</script>\n" .
1050
1051	self::jsLoad('js/jquery/jquery-ui.custom.js') .
1052	self::jsLoad('js/jsUpload/tmpl.js') .
1053	self::jsLoad('js/jsUpload/template-upload.js') .
1054	self::jsLoad('js/jsUpload/template-download.js') .
1055	self::jsLoad('js/jsUpload/load-image.js') .
1056	self::jsLoad('js/jsUpload/jquery.iframe-transport.js') .
1057	self::jsLoad('js/jsUpload/jquery.fileupload.js') .
1058	self::jsLoad('js/jsUpload/jquery.fileupload-process.js') .
1059	self::jsLoad('js/jsUpload/jquery.fileupload-resize.js') .
1060	self::jsLoad('js/jsUpload/jquery.fileupload-ui.js');
1061	}
1062
1063	public static function jsMetaEditor()
1064	{
1065	return self::jsLoad('js/meta-editor.js');
1066	}
1067
1068	public static function jsFilterControl($show = true)
1069	{
1070	return
1071	self::jsLoad('js/filter-controls.js') .
1072	'<script type="text/javascript">' . "\n" .
1073	self::jsVar('dotclear.msg.show_filters', $show ? 'true' : 'false') . "\n" .
1074	self::jsVar('dotclear.msg.filter_posts_list', __('Show filters and display options')) . "\n" .
1075	self::jsVar('dotclear.msg.cancel_the_filter', __('Cancel filters and display options')) . "\n" .
1076	"</script>";
1077	}
1078
1079	public static function jsLoadCodeMirror($theme = '', $multi = true, $modes = ['css', 'htmlmixed', 'javascript', 'php', 'xml'])
1080	{
1081	$ret =
1082	self::cssLoad('js/codemirror/lib/codemirror.css') .
1083	self::jsLoad('js/codemirror/lib/codemirror.js');
1084	if ($multi) {
1085	$ret .= self::jsLoad('js/codemirror/addon/mode/multiplex.js');
1086	}
1087	foreach ($modes as $mode) {
1088	$ret .= self::jsLoad('js/codemirror/mode/' . $mode . '/' . $mode . '.js');
1089	}
1090	$ret .=
1091	self::jsLoad('js/codemirror/addon/edit/closebrackets.js') .
1092	self::jsLoad('js/codemirror/addon/edit/matchbrackets.js') .
1093	self::cssLoad('js/codemirror/addon/display/fullscreen.css') .
1094	self::jsLoad('js/codemirror/addon/display/fullscreen.js');
1095	if ($theme != '') {
1096	$ret .= self::cssLoad('js/codemirror/theme/' . $theme . '.css');
1097	}
1098	return $ret;
1099	}
1100
1101	public static function jsRunCodeMirror($name, $id, $mode, $theme = '')
1102	{
1103	$ret =
1104	'<script type="text/javascript">' . "\n" .
1105	'var ' . $name . ' = CodeMirror.fromTextArea(' . $id . ',{' . "\n" .
1106	' mode: "' . $mode . '",' . "\n" .
1107	' tabMode: "indent",' . "\n" .
1108	' lineWrapping: 1,' . "\n" .
1109	' lineNumbers: 1,' . "\n" .
1110	' matchBrackets: 1,' . "\n" .
1111	' autoCloseBrackets: 1,' . "\n" .
1112	' extraKeys: {"F11": function(cm) {cm.setOption("fullScreen",!cm.getOption("fullScreen"));}}';
1113	if ($theme) {
1114	$ret .=
1115	',' . "\n" .
1116	' theme: "' . $theme . '"';
1117	}
1118	$ret .= "\n" .
1119	'});' . "\n" .
1120	'</script>';
1121	return $ret;
1122	}
1123
1124	public static function getCodeMirrorThemes()
1125	{
1126	$themes = [];
1127	$themes_root = dirname(__FILE__) . '/../../admin' . '/js/codemirror/theme/';
1128	if (is_dir($themes_root) && is_readable($themes_root)) {
1129	if (($d = @dir($themes_root)) !== false) {
1130	while (($entry = $d->read()) !== false) {
1131	if ($entry != '.' && $entry != '..' && substr($entry, 0, 1) != '.' && is_readable($themes_root . '/' . $entry)) {
1132	$themes[] = substr($entry, 0, -4); // remove .css extension
1133	}
1134	}
1135	sort($themes);
1136	}
1137	}
1138	return $themes;
1139	}
1140
1141	public static function getPF($file)
1142	{
1143	$core = self::getCore();
1144	return $core->adminurl->get('load.plugin.file', ['pf' => $file]);
1145	}
1146
1147	public static function getVF($file)
1148	{
1149	$core = self::getCore();
1150	return $core->adminurl->get('load.var.file', ['vf' => $file]);
1151	}
1152
1153	public static function setXFrameOptions($headers, $origin = null)
1154	{
1155	if (self::$xframe_loaded) {
1156	return;
1157	}
1158
1159	if ($origin !== null) {
1160	$url = parse_url($origin);
1161	$headers['x-frame-options'] = sprintf('X-Frame-Options: %s', is_array($url) && isset($url['host']) ?
1162	("ALLOW-FROM " . (isset($url['scheme']) ? $url['scheme'] . ':' : '') . '//' . $url['host']) :
1163	'SAMEORIGIN');
1164	} else {
1165	$headers['x-frame-options'] = 'X-Frame-Options: SAMEORIGIN'; // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
1166	}
1167	self::$xframe_loaded = true;
1168	}
1169	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/admin/lib.dc.page.php @ 3915:a57821ba9ef1

Download in other formats:

Sites map