lib.dc.page.php @ 3509:652d583aa806

Visit:

Revision 3509:652d583aa806, 36.0 KB checked in by franck <carnet.franck.paul@…>, 9 years ago (diff)
Add current blog domain for script and style CSP directives (useful for iframe editing via editor)

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12	if (!defined('DC_RC_PATH')) { return; }
13
14	define('DC_AUTH_PAGE','auth.php');
15
16	class dcPage
17	{
18	private static $loaded_js = array();
19	private static $loaded_css = array();
20	private static $xframe_loaded = false;
21	private static $N_TYPES = array(
22	"success" => "success",
23	"warning" => "warning-msg",
24	"error" => "error",
25	"message" => "message",
26	"static" => "static-msg");
27
28	# Auth check
29	public static function check($permissions)
30	{
31	global $core;
32
33	if ($core->blog && $core->auth->check($permissions,$core->blog->id)) {
34	return;
35	}
36
37	if (session_id()) {
38	$core->session->destroy();
39	}
40	http::redirect(DC_AUTH_PAGE);
41	}
42
43	# Check super admin
44	public static function checkSuper()
45	{
46	global $core;
47
48	if (!$core->auth->isSuperAdmin())
49	{
50	if (session_id()) {
51	$core->session->destroy();
52	}
53	http::redirect(DC_AUTH_PAGE);
54	}
55	}
56
57	# Top of admin page
58	public static function open($title='',$head='',$breadcrumb='',$options=array())
59	{
60	global $core;
61
62	# List of user's blogs
63	if ($core->auth->getBlogCount() == 1 \|\| $core->auth->getBlogCount() > 20)
64	{
65	$blog_box =
66	'<p>'.__('Blog:').' <strong title="'.html::escapeHTML($core->blog->url).'">'.
67	html::escapeHTML($core->blog->name).'</strong>';
68
69	if ($core->auth->getBlogCount() > 20) {
70	$blog_box .= ' - <a href="'.$core->adminurl->get("admin.blogs").'">'.__('Change blog').'</a>';
71	}
72	$blog_box .= '</p>';
73	}
74	else
75	{
76	$rs_blogs = $core->getBlogs(array('order'=>'LOWER(blog_name)','limit'=>20));
77	$blogs = array();
78	while ($rs_blogs->fetch()) {
79	$blogs[html::escapeHTML($rs_blogs->blog_name.' - '.$rs_blogs->blog_url)] = $rs_blogs->blog_id;
80	}
81	$blog_box =
82	'<p><label for="switchblog" class="classic">'.
83	__('Blogs:').'</label> '.
84	$core->formNonce().
85	form::combo('switchblog',$blogs,$core->blog->id).
86	'<input type="submit" value="'.__('ok').'" class="hidden-if-js" /></p>';
87	}
88
89	$safe_mode = isset($_SESSION['sess_safe_mode']) && $_SESSION['sess_safe_mode'];
90
91	# Display
92	$headers = new ArrayObject(array());
93
94	# Content-Type
95	$headers['content-type'] = 'Content-Type: text/html; charset=UTF-8';
96
97	# Prevents Clickjacking as far as possible
98	if (isset($options['x-frame-allow'])) {
99	self::setXFrameOptions($headers,$options['x-frame-allow']);
100	} else {
101	self::setXFrameOptions($headers);
102	}
103
104	# Content-Security-Policy (only if safe mode if not active, it may help)
105	if (!$safe_mode && $core->blog->settings->system->csp_admin_on) {
106	// Get directives from settings if exist, else set defaults
107	$csp = new ArrayObject(array());
108
109	// SQlite Clearbricks driver does not allow using single quote at beginning or end of a field value
110	// so we have to use neutral values (localhost and 127.0.0.1) for some CSP directives
111	$csp_prefix = $core->con->driver() == 'sqlite' ? 'localhost ' : ''; // Hack for SQlite Clearbricks driver
112	$csp_suffix = $core->con->driver() == 'sqlite' ? ' 127.0.0.1' : ''; // Hack for SQlite Clearbricks driver
113
114	$csp['default-src'] = $core->blog->settings->system->csp_admin_default ?:
115	$csp_prefix."'self'".$csp_suffix;
116	$csp['script-src'] = $core->blog->settings->system->csp_admin_script ?:
117	$csp_prefix."'self' 'unsafe-inline' 'unsafe-eval'".$csp_suffix;
118	$csp['style-src'] = $core->blog->settings->system->csp_admin_style ?:
119	$csp_prefix."'self' 'unsafe-inline'".$csp_suffix;
120	$csp['img-src'] = $core->blog->settings->system->csp_admin_img ?:
121	$csp_prefix."'self' data: media.dotaddict.org blob:";
122
123	# Cope with blog post preview (via public URL in iframe)
124	if (!is_null($core->blog->host)) {
125	$csp['default-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST);
126	$csp['script-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST);
127	$csp['style-src'] .= ' '.parse_url($core->blog->host,PHP_URL_HOST);
128	}
129	# Cope with media display in media manager (via public URL)
130	if (!is_null($core->media)) {
131	$csp['img-src'] .= ' '.parse_url($core->media->root_url,PHP_URL_HOST);
132	}
133	# Allow everything in iframe (used by editors to preview public content)
134	$csp['child-src'] = "*";
135
136	# --BEHAVIOR-- adminPageHTTPHeaderCSP
137	$core->callBehavior('adminPageHTTPHeaderCSP',$csp);
138
139	// Construct CSP header
140	$directives = array();
141	foreach ($csp as $key => $value) {
142	if ($value) {
143	$directives[] = $key.' '.$value;
144	}
145	}
146	if (count($directives)) {
147	if (version_compare(phpversion(),'5.4','>=')) {
148	// csp_report.php needs PHP ≥ 5.4
149	$directives[] = "report-uri ".DC_ADMIN_URL."csp_report.php";
150	}
151	$report_only = ($core->blog->settings->system->csp_admin_report_only) ? '-Report-Only' : '';
152	$headers['csp'] = "Content-Security-Policy".$report_only.": ".implode(" ; ",$directives);
153	}
154	}
155
156	# --BEHAVIOR-- adminPageHTTPHeaders
157	$core->callBehavior('adminPageHTTPHeaders',$headers);
158	foreach ($headers as $key => $value) {
159	header($value);
160	}
161
162	echo
163	'<!DOCTYPE html>'.
164	'<html lang="'.$core->auth->getInfo('user_lang').'">'."\n".
165	"<head>\n".
166	' <meta charset="UTF-8" />'."\n".
167	' <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />'."\n".
168	' <meta name="GOOGLEBOT" content="NOSNIPPET" />'."\n".
169	' <meta name="viewport" content="width=device-width, initial-scale=1.0" />'."\n".
170	' <title>'.$title.' - '.html::escapeHTML($core->blog->name).' - '.html::escapeHTML(DC_VENDOR_NAME).' - '.DC_VERSION.'</title>'."\n".
171
172
173	self::cssLoad('style/default.css');
174	if (l10n::getTextDirection($GLOBALS['_lang']) == 'rtl') {
175	echo self::cssLoad('style/default-rtl.css');
176	}
177
178	$core->auth->user_prefs->addWorkspace('interface');
179	$user_ui_hide_std_favicon = $core->auth->user_prefs->interface->hide_std_favicon;
180	if (!$user_ui_hide_std_favicon) {
181	echo
182	'<link rel="icon" type="image/png" href="images/favicon96-login.png" />'."\n".
183	'<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />'."\n";
184	}
185
186	if ($core->auth->user_prefs->interface->htmlfontsize) {
187	echo
188	'<script type="text/javascript">'."\n".
189	self::jsVar('dotclear_htmlFontSize',$core->auth->user_prefs->interface->htmlfontsize)."\n".
190	"</script>\n";
191	}
192
193	echo
194	self::jsCommon().
195	self::jsToggles().
196	$head;
197
198	if ($core->auth->user_prefs->interface->hidemoreinfo) {
199	echo
200	'<script type="text/javascript">'."\n".
201	'dotclear.hideMoreInfo = true;'."\n".
202	"</script>\n";
203	}
204
205	# --BEHAVIOR-- adminPageHTMLHead
206	$core->callBehavior('adminPageHTMLHead');
207
208	echo
209	"</head>\n".
210	'<body id="dotclear-admin'.
211	($safe_mode ? ' safe-mode' : '').'" class="no-js'.
212	($core->auth->user_prefs->interface->dynfontsize ? ' responsive-font' : '').'">'."\n".
213
214	'<ul id="prelude">'.
215	'<li><a href="#content">'.__('Go to the content').'</a></li>'.
216	'<li><a href="#main-menu">'.__('Go to the menu').'</a></li>'.
217	'<li><a href="#qx">'.__('Go to search').'</a></li>'.
218	'<li><a href="#help">'.__('Go to help').'</a></li>'.
219	'</ul>'."\n".
220	'<div id="header" role="banner">'.
221	'<h1><a href="'.$core->adminurl->get("admin.home").'"><span class="hidden">'.DC_VENDOR_NAME.'</span></a></h1>'."\n";
222
223	echo
224	'<form action="'.$core->adminurl->get("admin.home").'" method="post" id="top-info-blog">'.
225	$blog_box.
226	'<p><a href="'.$core->blog->url.'" class="outgoing" title="'.__('Go to site').
227	'">'.__('Go to site').'<img src="images/outgoing.png" alt="" /></a>'.
228	'</p></form>'.
229	'<ul id="top-info-user">'.
230	'<li><a class="'.(preg_match('/'.preg_quote($core->adminurl->get('admin.home')).'$/',$_SERVER['REQUEST_URI']) ? ' active' : '').'" href="'.$core->adminurl->get("admin.home").'">'.__('My dashboard').'</a></li>'.
231	'<li><a class="smallscreen'.(preg_match('/'.preg_quote($core->adminurl->get('admin.user.preferences')).'(\?.*)?$/',$_SERVER['REQUEST_URI']) ? ' active' : '').
232	'" href="'.$core->adminurl->get("admin.user.preferences").'">'.__('My preferences').'</a></li>'.
233	'<li><a href="'.$core->adminurl->get("admin.home",array('logout' => 1)).'" class="logout"><span class="nomobile">'.sprintf(__('Logout %s'),$core->auth->userID()).
234	'</span><img src="images/logout.png" alt="" /></a></li>'.
235	'</ul>'.
236	'</div>'; // end header
237
238	echo
239	'<div id="wrapper" class="clearfix">'."\n".
240	'<div class="hidden-if-no-js collapser-box"><button type="button" id="collapser" class="void-btn">'.
241	'<img class="collapse-mm visually-hidden" src="images/collapser-hide.png" alt="'.__('Hide main menu').'" />'.
242	'<img class="expand-mm visually-hidden" src="images/collapser-show.png" alt="'.__('Show main menu').'" />'.
243	'</button></div>'.
244	'<div id="main" role="main">'."\n".
245	'<div id="content" class="clearfix">'."\n";
246
247	# Safe mode
248	if ($safe_mode)
249	{
250	echo
251	'<div class="warning" role="alert"><h3>'.__('Safe mode').'</h3>'.
252	'<p>'.__('You are in safe mode. All plugins have been temporarily disabled. Remind to log out then log in again normally to get back all functionalities').'</p>'.
253	'</div>';
254	}
255
256	// Display breadcrumb (if given) before any error messages
257	echo $breadcrumb;
258
259	// Display notices and errors
260	echo self::notices();
261	}
262
263	public static function notices()
264	{
265	global $core;
266	static $error_displayed = false;
267
268	$res = '';
269
270	// return error messages if any
271	if ($core->error->flag() && !$error_displayed) {
272
273	# --BEHAVIOR-- adminPageNotificationError
274	$notice_error = $core->callBehavior('adminPageNotificationError',$core,$core->error);
275
276	if (isset($notice_error) && !empty($notice_error)) {
277	$res .= $notice_error;
278	} else {
279	$res .= '<div class="error"><p>'.
280	'<strong>'.(count($core->error->getErrors()) > 1 ? __('Errors:') : __('Error:')).'</strong>'.
281	'</p>'.$core->error->toHTML().'</div>';
282	}
283	$error_displayed = true;
284	}
285
286	// return notices if any
287	if (isset($_SESSION['notifications'])) {
288	foreach ($_SESSION['notifications'] as $notification) {
289
290	# --BEHAVIOR-- adminPageNotification
291	$notice = $core->callBehavior('adminPageNotification',$core,$notification);
292
293	$res .= (isset($notice) && !empty($notice) ? $notice : self::getNotification($notification));
294	}
295	unset($_SESSION['notifications']);
296	}
297	return $res;
298	}
299
300	public static function addNotice($type,$message,$options=array())
301	{
302	if (isset(self::$N_TYPES[$type])){
303	$class = self::$N_TYPES[$type];
304	} else {
305	$class=$type;
306	}
307	if (isset($_SESSION['notifications']) && is_array($_SESSION['notifications'])) {
308	$notifications = $_SESSION['notifications'];
309	} else {
310	$notifications = array();
311	}
312
313	$n = array_merge($options,array('class' => $class,'ts' => time(), 'text' => $message));
314	if ($type != "static") {
315	$notifications[] = $n;
316	} else {
317	array_unshift($notifications, $n);
318	}
319	$_SESSION['notifications'] = $notifications;
320	}
321
322	public static function addSuccessNotice($message,$options=array())
323	{
324	self::addNotice("success",$message,$options);
325	}
326
327	public static function addWarningNotice($message,$options=array())
328	{
329	self::addNotice("warning",$message,$options);
330	}
331
332	public static function addErrorNotice($message,$options=array())
333	{
334	self::addNotice("error",$message,$options);
335	}
336
337	protected static function getNotification($n)
338	{
339	global $core;
340	$tag = (isset($n['divtag']) && $n['divtag']) ? 'div' : 'p';
341	$ts = '';
342	if (!isset($n['with_ts']) \|\| ($n['with_ts'] == true)) {
343	$ts = dt::str(__('[%H:%M:%S]'),$n['ts'],$core->auth->getInfo('user_tz')).' ';
344	}
345	$res = '<'.$tag.' class="'.$n['class'].'" role="alert">'.$ts.$n['text'].'</'.$tag.'>';
346	return $res;
347	}
348
349	public static function close()
350	{
351	global $core;
352
353	if (!$GLOBALS['__resources']['ctxhelp']) {
354	echo
355	'<p id="help-button"><a href="'.$core->adminurl->get("admin.help").'" class="outgoing" title="'.
356	__('Global help').'">'.__('Global help').'</a></p>';
357	}
358
359	$menu =& $GLOBALS['_menu'];
360
361	echo
362	"</div>\n". // End of #content
363	"</div>\n". // End of #main
364
365	'<div id="main-menu" role="navigation">'."\n".
366
367	'<form id="search-menu" action="'.$core->adminurl->get("admin.search").'" method="get" role="search">'.
368	'<p><label for="qx" class="hidden">'.__('Search:').' </label>'.form::field('qx',30,255,'').
369	'<input type="submit" value="'.__('OK').'" /></p>'.
370	'</form>';
371
372	foreach ($menu as $k => $v) {
373	echo $menu[$k]->draw();
374	}
375
376	$text = sprintf(__('Thank you for using %s.'),'Dotclear '.DC_VERSION);
377
378	# --BEHAVIOR-- adminPageFooter
379	$textAlt = $core->callBehavior('adminPageFooter',$core,$text);
380	if ($textAlt != '') {
381	$text = $textAlt;
382	}
383	$text = html::escapeHTML($text);
384
385	echo
386	'</div>'."\n". // End of #main-menu
387	"</div>\n"; // End of #wrapper
388
389	echo '<p id="gototop"><a href="#wrapper">'.__('Page top').'</a></p>'."\n";
390
391	$figure = "
392	/\_/\
393	(='.'=)
394	(\")-(\")";
395
396	echo
397	'<div id="footer" role="contentinfo">'.
398	'<a href="http://dotclear.org/" title="'.$text.'">'.
399	'<img src="style/dc_logos/w-dotclear90.png" alt="'.$text.'" /></a></div>'."\n".
400	"<!-- "."\n".
401	$figure.
402	" -->"."\n";
403
404
405
406	if (defined('DC_DEV') && DC_DEV === true) {
407	echo self::debugInfo();
408	}
409
410	echo
411	'</body></html>';
412	}
413
414	public static function openPopup($title='',$head='',$breadcrumb='')
415	{
416	global $core;
417
418	# Display
419	header('Content-Type: text/html; charset=UTF-8');
420
421	// Prevents Clickjacking as far as possible
422	header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
423
424	echo
425	'<!DOCTYPE html>'.
426	'<html lang="'.$core->auth->getInfo('user_lang').'">'."\n".
427	"<head>\n".
428	' <meta charset="UTF-8" />'."\n".
429	' <meta name="viewport" content="width=device-width, initial-scale=1.0" />'."\n".
430	' <title>'.$title.' - '.html::escapeHTML($core->blog->name).' - '.html::escapeHTML(DC_VENDOR_NAME).' - '.DC_VERSION.'</title>'."\n".
431
432	' <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />'."\n".
433	' <meta name="GOOGLEBOT" content="NOSNIPPET" />'."\n".
434
435	self::cssLoad('style/default.css');
436	if (l10n::getTextDirection($GLOBALS['_lang']) == 'rtl') {
437	echo self::cssLoad('style/default-rtl.css');
438	}
439
440	$core->auth->user_prefs->addWorkspace('interface');
441	if ($core->auth->user_prefs->interface->htmlfontsize) {
442	echo
443	'<script type="text/javascript">'."\n".
444	self::jsVar('dotclear_htmlFontSize',$core->auth->user_prefs->interface->htmlfontsize)."\n".
445	"</script>\n";
446	}
447
448	echo
449	self::jsCommon().
450	self::jsToggles().
451	$head;
452
453	if ($core->auth->user_prefs->interface->hidemoreinfo) {
454	echo
455	'<script type="text/javascript">'."\n".
456	'dotclear.hideMoreInfo = true;'."\n".
457	"</script>\n";
458	}
459
460	# --BEHAVIOR-- adminPageHTMLHead
461	$core->callBehavior('adminPageHTMLHead');
462
463	echo
464	"</head>\n".
465	'<body id="dotclear-admin" class="popup'.
466	($core->auth->user_prefs->interface->dynfontsize ? ' responsive-font' : '').'">'."\n".
467
468	'<h1>'.DC_VENDOR_NAME.'</h1>'."\n";
469
470	echo
471	'<div id="wrapper">'."\n".
472	'<div id="main" role="main">'."\n".
473	'<div id="content">'."\n";
474
475	// display breadcrumb if given
476	echo $breadcrumb;
477
478	// Display notices and errors
479	echo self::notices();
480	}
481
482	public static function closePopup()
483	{
484	echo
485	"</div>\n". // End of #content
486	"</div>\n". // End of #main
487	"</div>\n". // End of #wrapper
488
489	'<p id="gototop"><a href="#wrapper">'.__('Page top').'</a></p>'."\n".
490
491	'<div id="footer" role="contentinfo"><p> </p></div>'."\n".
492	'</body></html>';
493	}
494
495	public static function breadcrumb($elements=null,$options=array())
496	{
497	global $core;
498	$with_home_link = isset($options['home_link']) ? $options['home_link'] : true;
499	$hl = isset($options['hl']) ? $options['hl'] : true;
500	$hl_pos = isset($options['hl_pos']) ? $options['hl_pos'] : -1;
501	// First item of array elements should be blog's name, System or Plugins
502	$res = '<h2>'.($with_home_link ?
503	'<a class="go_home" href="'.$core->adminurl->get("admin.home").'"><img src="style/dashboard.png" alt="'.__('Go to dashboard').'" /></a>' :
504	'<img src="style/dashboard-alt.png" alt="" />');
505	$index = 0;
506	if ($hl_pos < 0) {
507	$hl_pos = count($elements)+$hl_pos;
508	}
509	foreach ($elements as $element => $url) {
510	if ($hl && $index == $hl_pos) {
511	$element = sprintf('<span class="page-title">%s</span>',$element);
512	}
513	$res .= ($with_home_link ? ($index == 1 ? ' : ' : ' &rsaquo; ') : ($index == 0 ? ' ' : ' &rsaquo; ')).
514	($url ? '<a href="'.$url.'">' : '').$element.($url ? '</a>' : '');
515	$index++;
516	}
517	$res .= '</h2>';
518	return $res;
519	}
520
521	public static function message($msg,$timestamp=true,$div=false,$echo=true,$class='message')
522	{
523	global $core;
524
525	$res = '';
526	if ($msg != '') {
527	$res = ($div ? '<div class="'.$class.'">' : '').'<p'.($div ? '' : ' class="'.$class.'"').'>'.
528	($timestamp ? dt::str(__('[%H:%M:%S]'),null,$core->auth->getInfo('user_tz')).' ' : '').$msg.
529	'</p>'.($div ? '</div>' : '');
530	if ($echo) {
531	echo $res;
532	}
533	}
534	return $res;
535	}
536
537	public static function success($msg,$timestamp=true,$div=false,$echo=true)
538	{
539	return self::message($msg,$timestamp,$div,$echo,"success");
540	}
541
542	public static function warning($msg,$timestamp=true,$div=false,$echo=true)
543	{
544	return self::message($msg,$timestamp,$div,$echo,"warning-msg");
545	}
546
547	private static function debugInfo()
548	{
549	$global_vars = implode(', ',array_keys($GLOBALS));
550
551	$res =
552	'<div id="debug"><div>'.
553	'<p>memory usage: '.memory_get_usage().' ('.files::size(memory_get_usage()).')</p>';
554
555	if (function_exists('xdebug_get_profiler_filename'))
556	{
557	$res .= '<p>Elapsed time: '.xdebug_time_index().' seconds</p>';
558
559	$prof_file = xdebug_get_profiler_filename();
560	if ($prof_file) {
561	$res .= '<p>Profiler file : '.xdebug_get_profiler_filename().'</p>';
562	} else {
563	$prof_url = http::getSelfURI();
564	$prof_url .= (strpos($prof_url,'?') === false) ? '?' : '&';
565	$prof_url .= 'XDEBUG_PROFILE';
566	$res .= '<p><a href="'.html::escapeURL($prof_url).'">Trigger profiler</a></p>';
567	}
568
569	/* xdebug configuration:
570	zend_extension = /.../xdebug.so
571	xdebug.auto_trace = On
572	xdebug.trace_format = 0
573	xdebug.trace_options = 1
574	xdebug.show_mem_delta = On
575	xdebug.profiler_enable = 0
576	xdebug.profiler_enable_trigger = 1
577	xdebug.profiler_output_dir = /tmp
578	xdebug.profiler_append = 0
579	xdebug.profiler_output_name = timestamp
580	*/
581	}
582
583	$res .=
584	'<p>Global vars: '.$global_vars.'</p>'.
585	'</div></div>';
586
587	return $res;
588	}
589
590	public static function help($page,$index='')
591	{
592	# Deprecated but we keep this for plugins.
593	}
594
595	public static function helpBlock()
596	{
597	global $core;
598	$args = func_get_args();
599
600	$args = new ArrayObject($args);
601
602	# --BEHAVIOR-- adminPageHelpBlock
603	$GLOBALS['core']->callBehavior('adminPageHelpBlock',$args);
604
605	if (empty($args)) {
606	return;
607	};
608
609	global $__resources;
610	if (empty($__resources['help'])) {
611	return;
612	}
613
614	$content = '';
615	foreach ($args as $v)
616	{
617	if (is_object($v) && isset($v->content)) {
618	$content .= $v->content;
619	continue;
620	}
621
622	if (!isset($__resources['help'][$v])) {
623	continue;
624	}
625	$f = $__resources['help'][$v];
626	if (!file_exists($f) \|\| !is_readable($f)) {
627	continue;
628	}
629
630	$fc = file_get_contents($f);
631	if (preg_match('\|<body[^>]?>(.?)</body>\|ms',$fc,$matches)) {
632	$content .= $matches[1];
633	} else {
634	$content .= $fc;
635	}
636	}
637
638	if (trim($content) == '') {
639	return;
640	}
641
642	// Set contextual help global flag
643	$GLOBALS['__resources']['ctxhelp'] = true;
644
645	echo
646	'<div id="help"><hr /><div class="help-content clear"><h3>'.__('Help about this page').'</h3>'.
647	$content.
648	'</div>'.
649	'<div id="helplink"><hr />'.
650	'<p>'.
651	sprintf(__('See also %s'),sprintf('<a href="'.$core->adminurl->get("admin.help").'">%s</a>',__('the global help'))).
652	'.</p>'.
653	'</div></div>';
654	}
655
656	public static function cssLoad($src,$media='screen',$v='')
657	{
658	$escaped_src = html::escapeHTML($src);
659	if (!isset(self::$loaded_css[$escaped_src])) {
660	self::$loaded_css[$escaped_src] = true;
661	$escaped_src = self::appendVersion($escaped_src,$v);
662
663	return '<link rel="stylesheet" href="'.$escaped_src.'" type="text/css" media="'.$media.'" />'."\n";
664	}
665	}
666
667	public static function jsLoad($src,$v='')
668	{
669	$escaped_src = html::escapeHTML($src);
670	if (!isset(self::$loaded_js[$escaped_src])) {
671	self::$loaded_js[$escaped_src] = true;
672	$escaped_src = self::appendVersion($escaped_src,$v);
673	return '<script type="text/javascript" src="'.$escaped_src.'"></script>'."\n";
674	}
675	}
676
677	private static function appendVersion($src,$v='')
678	{
679	$src .= (strpos($src,'?') === false ? '?' : '&').'v=';
680	if (defined('DC_DEV') && DC_DEV === true) {
681	$src .= md5(uniqid());
682	} else {
683	$src .= ($v === '' ? DC_VERSION : $v);
684	}
685	return $src;
686	}
687
688	public static function jsVar($n,$v)
689	{
690	return $n." = '".html::escapeJS($v)."';\n";
691	}
692
693	public static function jsToggles()
694	{
695	if($GLOBALS['core']->auth->user_prefs->toggles) {
696	$unfolded_sections = explode(',',$GLOBALS['core']->auth->user_prefs->toggles->unfolded_sections);
697	foreach ($unfolded_sections as $k=>&$v) {
698	if ($v == '') {
699	unset($unfolded_sections[$k]);
700	} else {
701	$v = "'".html::escapeJS($v)."':true";
702	}
703	}
704	} else {
705	$unfolded_sections=array();
706	}
707	return '<script type="text/javascript">'."\n".
708	'dotclear.unfolded_sections = {'.join(",",$unfolded_sections)."};\n".
709	"</script>\n";
710	}
711
712	public static function jsCommon()
713	{
714	$mute_or_no = '';
715	if (empty($GLOBALS['core']->blog) \|\| $GLOBALS['core']->blog->settings->system->jquery_migrate_mute) {
716	$mute_or_no .=
717	'<script type="text/javascript">'."\n".
718	'jQuery.migrateMute = true;'."\n".
719	"</script>\n";
720	}
721
722	return
723	self::jsLoad('js/jquery/jquery.js').
724	$mute_or_no.
725	self::jsLoad('js/jquery/jquery-migrate.js').
726	self::jsLoad('js/jquery/jquery.biscuit.js').
727	self::jsLoad('js/jquery/jquery.bgFade.js').
728	self::jsLoad('js/common.js').
729	self::jsLoad('js/prelude.js').
730
731	'<script type="text/javascript">'."\n".
732	'jsToolBar = {}, jsToolBar.prototype = { elements : {} };'."\n".
733
734	self::jsVar('dotclear.nonce',$GLOBALS['core']->getNonce()).
735
736	self::jsVar('dotclear.img_plus_src','images/expand.png').
737	self::jsVar('dotclear.img_plus_alt',__('uncover')).
738	self::jsVar('dotclear.img_minus_src','images/hide.png').
739	self::jsVar('dotclear.img_minus_alt',__('hide')).
740	self::jsVar('dotclear.img_menu_on','images/menu_on.png').
741	self::jsVar('dotclear.img_menu_off','images/menu_off.png').
742
743	self::jsVar('dotclear.img_plus_theme_src','images/plus-theme.png').
744	self::jsVar('dotclear.img_plus_theme_alt',__('uncover')).
745	self::jsVar('dotclear.img_minus_theme_src','images/minus-theme.png').
746	self::jsVar('dotclear.img_minus_theme_alt',__('hide')).
747
748	self::jsVar('dotclear.msg.help',
749	__('Need help?')).
750	self::jsVar('dotclear.msg.new_window',
751	__('new window')).
752	self::jsVar('dotclear.msg.help_hide',
753	__('Hide')).
754	self::jsVar('dotclear.msg.to_select',
755	__('Select:')).
756	self::jsVar('dotclear.msg.no_selection',
757	__('no selection')).
758	self::jsVar('dotclear.msg.select_all',
759	__('select all')).
760	self::jsVar('dotclear.msg.invert_sel',
761	__('Invert selection')).
762	self::jsVar('dotclear.msg.website',
763	__('Web site:')).
764	self::jsVar('dotclear.msg.email',
765	__('Email:')).
766	self::jsVar('dotclear.msg.ip_address',
767	__('IP address:')).
768	self::jsVar('dotclear.msg.error',
769	__('Error:')).
770	self::jsVar('dotclear.msg.entry_created',
771	__('Entry has been successfully created.')).
772	self::jsVar('dotclear.msg.edit_entry',
773	__('Edit entry')).
774	self::jsVar('dotclear.msg.view_entry',
775	__('view entry')).
776	self::jsVar('dotclear.msg.confirm_delete_posts',
777	__("Are you sure you want to delete selected entries (%s)?")).
778	self::jsVar('dotclear.msg.confirm_delete_medias',
779	__("Are you sure you want to delete selected medias (%d)?")).
780	self::jsVar('dotclear.msg.confirm_delete_categories',
781	__("Are you sure you want to delete selected categories (%s)?")).
782	self::jsVar('dotclear.msg.confirm_delete_post',
783	__("Are you sure you want to delete this entry?")).
784	self::jsVar('dotclear.msg.click_to_unlock',
785	__("Click here to unlock the field")).
786	self::jsVar('dotclear.msg.confirm_spam_delete',
787	__('Are you sure you want to delete all spams?')).
788	self::jsVar('dotclear.msg.confirm_delete_comments',
789	__('Are you sure you want to delete selected comments (%s)?')).
790	self::jsVar('dotclear.msg.confirm_delete_comment',
791	__('Are you sure you want to delete this comment?')).
792	self::jsVar('dotclear.msg.cannot_delete_users',
793	__('Users with posts cannot be deleted.')).
794	self::jsVar('dotclear.msg.confirm_delete_user',
795	__('Are you sure you want to delete selected users (%s)?')).
796	self::jsVar('dotclear.msg.confirm_delete_blog',
797	__('Are you sure you want to delete selected blogs (%s)?')).
798	self::jsVar('dotclear.msg.confirm_delete_category',
799	__('Are you sure you want to delete category "%s"?')).
800	self::jsVar('dotclear.msg.confirm_reorder_categories',
801	__('Are you sure you want to reorder all categories?')).
802	self::jsVar('dotclear.msg.confirm_delete_media',
803	__('Are you sure you want to remove media "%s"?')).
804	self::jsVar('dotclear.msg.confirm_delete_directory',
805	__('Are you sure you want to remove directory "%s"?')).
806	self::jsVar('dotclear.msg.confirm_extract_current',
807	__('Are you sure you want to extract archive in current directory?')).
808	self::jsVar('dotclear.msg.confirm_remove_attachment',
809	__('Are you sure you want to remove attachment "%s"?')).
810	self::jsVar('dotclear.msg.confirm_delete_lang',
811	__('Are you sure you want to delete "%s" language?')).
812	self::jsVar('dotclear.msg.confirm_delete_plugin',
813	__('Are you sure you want to delete "%s" plugin?')).
814	self::jsVar('dotclear.msg.confirm_delete_plugins',
815	__('Are you sure you want to delete selected plugins?')).
816	self::jsVar('dotclear.msg.use_this_theme',
817	__('Use this theme')).
818	self::jsVar('dotclear.msg.remove_this_theme',
819	__('Remove this theme')).
820	self::jsVar('dotclear.msg.confirm_delete_theme',
821	__('Are you sure you want to delete "%s" theme?')).
822	self::jsVar('dotclear.msg.confirm_delete_themes',
823	__('Are you sure you want to delete selected themes?')).
824	self::jsVar('dotclear.msg.confirm_delete_backup',
825	__('Are you sure you want to delete this backup?')).
826	self::jsVar('dotclear.msg.confirm_revert_backup',
827	__('Are you sure you want to revert to this backup?')).
828	self::jsVar('dotclear.msg.zip_file_content',
829	__('Zip file content')).
830	self::jsVar('dotclear.msg.xhtml_validator',
831	__('XHTML markup validator')).
832	self::jsVar('dotclear.msg.xhtml_valid',
833	__('XHTML content is valid.')).
834	self::jsVar('dotclear.msg.xhtml_not_valid',
835	__('There are XHTML markup errors.')).
836	self::jsVar('dotclear.msg.warning_validate_no_save_content',
837	__('Attention: an audit of a content not yet registered.')).
838	self::jsVar('dotclear.msg.confirm_change_post_format',
839	__('You have unsaved changes. Switch post format will loose these changes. Proceed anyway?')).
840	self::jsVar('dotclear.msg.confirm_change_post_format_noconvert',
841	__("Warning: post format change will not convert existing content. You will need to apply new format by yourself. Proceed anyway?")).
842	self::jsVar('dotclear.msg.load_enhanced_uploader',
843	__('Loading enhanced uploader, please wait.')).
844
845	self::jsVar('dotclear.msg.module_author',
846	__('Author:')).
847	self::jsVar('dotclear.msg.module_details',
848	__('Details')).
849	self::jsVar('dotclear.msg.module_support',
850	__('Support')).
851	self::jsVar('dotclear.msg.module_help',
852	__('Help:')).
853	self::jsVar('dotclear.msg.module_section',
854	__('Section:')).
855	self::jsVar('dotclear.msg.module_tags',
856	__('Tags:')).
857
858	self::jsVar('dotclear.msg.close_notice',
859	__('Hide this notice')).
860
861	"\n".
862	"</script>\n";
863	}
864
865	/**
866	@deprecated since version 2.11
867	*/
868	public static function jsLoadIE7()
869	{
870	return '';
871	}
872
873	public static function jsConfirmClose()
874	{
875	$args = func_get_args();
876	if (count($args) > 0) {
877	foreach ($args as $k => $v) {
878	$args[$k] = "'".html::escapeJS($v)."'";
879	}
880	$args = implode(',',$args);
881	} else {
882	$args = '';
883	}
884
885	return
886	self::jsLoad('js/confirm-close.js').
887	'<script type="text/javascript">'."\n".
888	"confirmClosePage = new confirmClose(".$args."); ".
889	"confirmClose.prototype.prompt = '".html::escapeJS(__('You have unsaved changes.'))."'; ".
890	"</script>\n";
891	}
892
893	public static function jsPageTabs($default=null)
894	{
895	if ($default) {
896	$default = "'".html::escapeJS($default)."'";
897	}
898
899	return
900	self::jsLoad('js/jquery/jquery.pageTabs.js').
901	'<script type="text/javascript">'."\n".
902	'$(function() {'."\n".
903	' $.pageTabs('.$default.');'."\n".
904	'});'.
905	"</script>\n";
906	}
907
908	public static function jsModal()
909	{
910	return
911	self::jsLoad('js/jquery/jquery.magnific-popup.js');
912	}
913
914	public static function jsColorPicker()
915	{
916	return
917	self::cssLoad('style/farbtastic/farbtastic.css').
918	self::jsLoad('js/jquery/jquery.farbtastic.js').
919	self::jsLoad('js/color-picker.js');
920	}
921
922	public static function jsDatePicker()
923	{
924	return
925	self::cssLoad('style/date-picker.css').
926	self::jsLoad('js/date-picker.js').
927	'<script type="text/javascript">'."\n".
928
929	"datePicker.prototype.months[0] = '".html::escapeJS(__('January'))."'; ".
930	"datePicker.prototype.months[1] = '".html::escapeJS(__('February'))."'; ".
931	"datePicker.prototype.months[2] = '".html::escapeJS(__('March'))."'; ".
932	"datePicker.prototype.months[3] = '".html::escapeJS(__('April'))."'; ".
933	"datePicker.prototype.months[4] = '".html::escapeJS(__('May'))."'; ".
934	"datePicker.prototype.months[5] = '".html::escapeJS(__('June'))."'; ".
935	"datePicker.prototype.months[6] = '".html::escapeJS(__('July'))."'; ".
936	"datePicker.prototype.months[7] = '".html::escapeJS(__('August'))."'; ".
937	"datePicker.prototype.months[8] = '".html::escapeJS(__('September'))."'; ".
938	"datePicker.prototype.months[9] = '".html::escapeJS(__('October'))."'; ".
939	"datePicker.prototype.months[10] = '".html::escapeJS(__('November'))."'; ".
940	"datePicker.prototype.months[11] = '".html::escapeJS(__('December'))."'; ".
941
942	"datePicker.prototype.days[0] = '".html::escapeJS(__('Monday'))."'; ".
943	"datePicker.prototype.days[1] = '".html::escapeJS(__('Tuesday'))."'; ".
944	"datePicker.prototype.days[2] = '".html::escapeJS(__('Wednesday'))."'; ".
945	"datePicker.prototype.days[3] = '".html::escapeJS(__('Thursday'))."'; ".
946	"datePicker.prototype.days[4] = '".html::escapeJS(__('Friday'))."'; ".
947	"datePicker.prototype.days[5] = '".html::escapeJS(__('Saturday'))."'; ".
948	"datePicker.prototype.days[6] = '".html::escapeJS(__('Sunday'))."'; ".
949
950	"datePicker.prototype.img_src = 'images/date-picker.png'; ".
951	"datePicker.prototype.img_alt = '".html::escapeJS(__('Choose date'))."'; ".
952
953	"datePicker.prototype.close_msg = '".html::escapeJS(__('close'))."'; ".
954	"datePicker.prototype.now_msg = '".html::escapeJS(__('now'))."'; ".
955
956	"</script>\n";
957	}
958
959
960	public static function jsToolBar()
961	{
962	# Deprecated but we keep this for plugins.
963	}
964
965	public static function jsUpload($params=array(),$base_url=null)
966	{
967	if (!$base_url) {
968	$base_url = path::clean(dirname(preg_replace('/(\?.*$)?/','',$_SERVER['REQUEST_URI']))).'/';
969	}
970
971	$params = array_merge($params,array(
972	'sess_id='.session_id(),
973	'sess_uid='.$_SESSION['sess_browser_uid'],
974	'xd_check='.$GLOBALS['core']->getNonce()
975	));
976
977	return
978	'<script type="text/javascript">'."\n".
979	"dotclear.jsUpload = {};\n".
980	"dotclear.jsUpload.msg = {};\n".
981	self::jsVar('dotclear.msg.enhanced_uploader_activate',__('Temporarily activate enhanced uploader')).
982	self::jsVar('dotclear.msg.enhanced_uploader_disable',__('Temporarily disable enhanced uploader')).
983	self::jsVar('dotclear.jsUpload.msg.limit_exceeded',__('Limit exceeded.')).
984	self::jsVar('dotclear.jsUpload.msg.size_limit_exceeded',__('File size exceeds allowed limit.')).
985	self::jsVar('dotclear.jsUpload.msg.canceled',__('Canceled.')).
986	self::jsVar('dotclear.jsUpload.msg.http_error',__('HTTP Error:')).
987	self::jsVar('dotclear.jsUpload.msg.error',__('Error:')).
988	self::jsVar('dotclear.jsUpload.msg.choose_file',__('Choose file')).
989	self::jsVar('dotclear.jsUpload.msg.choose_files',__('Choose files')).
990	self::jsVar('dotclear.jsUpload.msg.cancel',__('Cancel')).
991	self::jsVar('dotclear.jsUpload.msg.clean',__('Clean')).
992	self::jsVar('dotclear.jsUpload.msg.upload',__('Upload')).
993	self::jsVar('dotclear.jsUpload.msg.send',__('Send')).
994	self::jsVar('dotclear.jsUpload.msg.file_successfully_uploaded',__('File successfully uploaded.')).
995	self::jsVar('dotclear.jsUpload.msg.no_file_in_queue',__('No file in queue.')).
996	self::jsVar('dotclear.jsUpload.msg.file_in_queue',__('1 file in queue.')).
997	self::jsVar('dotclear.jsUpload.msg.files_in_queue',__('%d files in queue.')).
998	self::jsVar('dotclear.jsUpload.msg.queue_error',__('Queue error:')).
999	self::jsVar('dotclear.jsUpload.base_url',$base_url).
1000	"</script>\n".
1001
1002	self::jsLoad('js/jquery/jquery-ui.custom.js').
1003	self::jsLoad('js/jsUpload/tmpl.js').
1004	self::jsLoad('js/jsUpload/template-upload.js').
1005	self::jsLoad('js/jsUpload/template-download.js').
1006	self::jsLoad('js/jsUpload/load-image.js').
1007	self::jsLoad('js/jsUpload/jquery.iframe-transport.js').
1008	self::jsLoad('js/jsUpload/jquery.fileupload.js').
1009	self::jsLoad('js/jsUpload/jquery.fileupload-process.js').
1010	self::jsLoad('js/jsUpload/jquery.fileupload-resize.js').
1011	self::jsLoad('js/jsUpload/jquery.fileupload-ui.js');
1012	}
1013
1014	public static function jsMetaEditor()
1015	{
1016	return self::jsLoad('js/meta-editor.js');
1017	}
1018
1019	public static function jsFilterControl($show=true)
1020	{
1021	return
1022	self::jsLoad('js/filter-controls.js').
1023	'<script type="text/javascript">'."\n".
1024	self::jsVar('dotclear.msg.show_filters', $show ? 'true':'false')."\n".
1025	self::jsVar('dotclear.msg.filter_posts_list',__('Show filters and display options'))."\n".
1026	self::jsVar('dotclear.msg.cancel_the_filter',__('Cancel filters and display options'))."\n".
1027	"</script>";
1028	}
1029
1030	public static function jsLoadCodeMirror($theme = '',$multi = true,$modes = array('css','htmlmixed','javascript','php','xml'))
1031	{
1032	$ret =
1033	self::cssLoad('js/codemirror/lib/codemirror.css').
1034	self::jsLoad('js/codemirror/lib/codemirror.js');
1035	if ($multi) {
1036	$ret .= self::jsLoad('js/codemirror/addon/mode/multiplex.js');
1037	}
1038	foreach ($modes as $mode) {
1039	$ret .= self::jsLoad('js/codemirror/mode/'.$mode.'/'.$mode.'.js');
1040	}
1041	$ret .=
1042	self::jsLoad('js/codemirror/addon/edit/closebrackets.js').
1043	self::jsLoad('js/codemirror/addon/edit/matchbrackets.js').
1044	self::cssLoad('js/codemirror/addon/display/fullscreen.css').
1045	self::jsLoad('js/codemirror/addon/display/fullscreen.js');
1046	if ($theme != '') {
1047	$ret .= self::cssLoad('js/codemirror/theme/'.$theme.'.css');
1048	}
1049	return $ret;
1050	}
1051
1052	public static function jsRunCodeMirror($name,$id,$mode,$theme = '')
1053	{
1054	$ret =
1055	'<script type="text/javascript">'."\n".
1056	'var '.$name.' = CodeMirror.fromTextArea('.$id.',{'."\n".
1057	' mode: "'.$mode.'",'."\n".
1058	' tabMode: "indent",'."\n".
1059	' lineWrapping: "true",'."\n".
1060	' lineNumbers: "true",'."\n".
1061	' matchBrackets: "true",'."\n".
1062	' autoCloseBrackets: "true",'."\n".
1063	' extraKeys: {"F11": function(cm) {cm.setOption("fullScreen",!cm.getOption("fullScreen"));}}';
1064	if ($theme) {
1065	$ret .=
1066	','."\n".
1067	' theme: "'.$theme.'"';
1068	}
1069	$ret .= "\n".
1070	'});'."\n".
1071	'</script>';
1072	return $ret;
1073	}
1074
1075	public static function getCodeMirrorThemes()
1076	{
1077	$themes = array();
1078	$themes_root = dirname(__FILE__).'/../../admin'.'/js/codemirror/theme/';
1079	if (is_dir($themes_root) && is_readable($themes_root)) {
1080	if (($d = @dir($themes_root)) !== false) {
1081	while (($entry = $d->read()) !== false) {
1082	if ($entry != '.' && $entry != '..' && substr($entry, 0, 1) != '.' && is_readable($themes_root.'/'.$entry)) {
1083	$themes[] = substr($entry,0,-4); // remove .css extension
1084	}
1085	}
1086	sort($themes);
1087	}
1088	}
1089	return $themes;
1090	}
1091
1092	public static function getPF($file)
1093	{
1094	return $GLOBALS['core']->adminurl->get('load.plugin.file',array('pf' => $file));
1095	}
1096
1097	public static function getVF($file)
1098	{
1099	return $GLOBALS['core']->adminurl->get('load.var.file',array('vf' => $file));
1100	}
1101
1102	public static function setXFrameOptions($headers,$origin = null)
1103	{
1104	if (self::$xframe_loaded) {
1105	return;
1106	}
1107
1108	if ($origin !== null) {
1109	$url = parse_url($origin);
1110	$headers['x-frame-options'] = sprintf('X-Frame-Options: %s',is_array($url) && isset($url['host']) ?
1111	("ALLOW-FROM ".(isset($url['scheme']) ? $url['scheme'].':' : '' ).'//'.$url['host']) :
1112	'SAMEORIGIN');
1113	} else {
1114	$headers['x-frame-options'] = 'X-Frame-Options: SAMEORIGIN'; // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
1115	}
1116	self::$xframe_loaded = true;
1117	}
1118	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/admin/lib.dc.page.php @ 3509:652d583aa806

Download in other formats:

Sites map