lib.dc.page.php @ 3292:86dfd06c2a8c

Visit:

Revision 3292:86dfd06c2a8c, 33.9 KB checked in by franck <carnet.franck.paul@…>, 9 years ago (diff)
Better this way for CSP directive, 3rd party plugins may use adminPageHTTPHeaderCSP behavior to fulfill directives / addresses #1867

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12	if (!defined('DC_RC_PATH')) { return; }
13
14	define('DC_AUTH_PAGE','auth.php');
15
16	class dcPage
17	{
18	private static $loaded_js = array();
19	private static $loaded_css = array();
20	private static $xframe_loaded = false;
21	private static $N_TYPES = array(
22	"success" => "success",
23	"warning" => "warning-msg",
24	"error" => "error",
25	"message" => "message",
26	"static" => "static-msg");
27
28	# Auth check
29	public static function check($permissions)
30	{
31	global $core;
32
33	if ($core->blog && $core->auth->check($permissions,$core->blog->id)) {
34	return;
35	}
36
37	if (session_id()) {
38	$core->session->destroy();
39	}
40	http::redirect(DC_AUTH_PAGE);
41	}
42
43	# Check super admin
44	public static function checkSuper()
45	{
46	global $core;
47
48	if (!$core->auth->isSuperAdmin())
49	{
50	if (session_id()) {
51	$core->session->destroy();
52	}
53	http::redirect(DC_AUTH_PAGE);
54	}
55	}
56
57	# Top of admin page
58	public static function open($title='',$head='',$breadcrumb='',$options=array())
59	{
60	global $core;
61
62	# List of user's blogs
63	if ($core->auth->getBlogCount() == 1 \|\| $core->auth->getBlogCount() > 20)
64	{
65	$blog_box =
66	'<p>'.__('Blog:').' <strong title="'.html::escapeHTML($core->blog->url).'">'.
67	html::escapeHTML($core->blog->name).'</strong>';
68
69	if ($core->auth->getBlogCount() > 20) {
70	$blog_box .= ' - <a href="'.$core->adminurl->get("admin.blogs").'">'.__('Change blog').'</a>';
71	}
72	$blog_box .= '</p>';
73	}
74	else
75	{
76	$rs_blogs = $core->getBlogs(array('order'=>'LOWER(blog_name)','limit'=>20));
77	$blogs = array();
78	while ($rs_blogs->fetch()) {
79	$blogs[html::escapeHTML($rs_blogs->blog_name.' - '.$rs_blogs->blog_url)] = $rs_blogs->blog_id;
80	}
81	$blog_box =
82	'<p><label for="switchblog" class="classic">'.
83	__('Blogs:').'</label> '.
84	$core->formNonce().
85	form::combo('switchblog',$blogs,$core->blog->id).
86	'<input type="submit" value="'.__('ok').'" class="hidden-if-js" /></p>';
87	}
88
89	$safe_mode = isset($_SESSION['sess_safe_mode']) && $_SESSION['sess_safe_mode'];
90
91	# Display
92	$headers = new ArrayObject(array());
93
94	# Content-Type
95	$headers['content-type'] = 'Content-Type: text/html; charset=UTF-8';
96
97	# Prevents Clickjacking as far as possible
98	if (isset($options['x-frame-allow'])) {
99	self::setXFrameOptions($headers,$options['x-frame-allow']);
100	} else {
101	self::setXFrameOptions($headers);
102	}
103
104	# Content-Security-Policy
105	if ($core->blog->settings->system->csp_admin_on) {
106	// Get directives from settings if exist, else set defaults
107	$csp = new ArrayObject(array());
108	$csp['default-src'] = $core->blog->settings->system->csp_admin_default ? $core->blog->settings->system->csp_admin_default : "'self'";
109	$csp['script-src'] = $core->blog->settings->system->csp_admin_script ? $core->blog->settings->system->csp_admin_script : "'self' 'unsafe-inline' 'unsafe-eval'";
110	$csp['style-src'] = $core->blog->settings->system->csp_admin_style ? $core->blog->settings->system->csp_admin_style : "'self' 'unsafe-inline'";
111	$csp['img-src'] = $core->blog->settings->system->csp_admin_img ? $core->blog->settings->system->csp_admin_img : "'self' data: media.dotaddict.org";
112
113	# --BEHAVIOR-- adminPageHTTPHeaderCSP
114	$core->callBehavior('adminPageHTTPHeaderCSP',$csp);
115
116	// Construct CSP header
117	$directives = array();
118	foreach ($csp as $key => $value) {
119	if ($value) {
120	$directives[] = $key.' '.$value;
121	}
122	}
123	if (count($directives)) {
124	if (version_compare(phpversion(),'5.4','>=')) {
125	// csp_report.php needs PHP ≥ 5.4
126	$directives[] = "report-uri ".DC_ADMIN_URL."csp_report.php";
127	}
128	$headers['csp'] = "Content-Security-Policy: ".implode(" ; ",$directives);
129	}
130	}
131
132	# --BEHAVIOR-- adminPageHTTPHeaders
133	$core->callBehavior('adminPageHTTPHeaders',$headers);
134	foreach ($headers as $key => $value) {
135	header($value);
136	}
137
138	echo
139	'<!DOCTYPE html>'.
140	'<html lang="'.$core->auth->getInfo('user_lang').'">'."\n".
141	"<head>\n".
142	' <meta charset="UTF-8" />'."\n".
143	' <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />'."\n".
144	' <meta name="GOOGLEBOT" content="NOSNIPPET" />'."\n".
145	' <meta name="viewport" content="width=device-width, initial-scale=1.0" />'."\n".
146	' <title>'.$title.' - '.html::escapeHTML($core->blog->name).' - '.html::escapeHTML(DC_VENDOR_NAME).' - '.DC_VERSION.'</title>'."\n".
147
148
149	self::jsLoadIE7().
150	self::cssLoad('style/default.css');
151	if (l10n::getTextDirection($GLOBALS['_lang']) == 'rtl') {
152	echo self::cssLoad('style/default-rtl.css');
153	}
154
155	$core->auth->user_prefs->addWorkspace('interface');
156	$user_ui_hide_std_favicon = $core->auth->user_prefs->interface->hide_std_favicon;
157	if (!$user_ui_hide_std_favicon) {
158	echo
159	'<link rel="icon" type="image/png" href="images/favicon96-login.png" />'."\n".
160	'<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />'."\n";
161	}
162	echo
163	self::jsCommon().
164	self::jsToggles().
165	$head;
166
167	# --BEHAVIOR-- adminPageHTMLHead
168	$core->callBehavior('adminPageHTMLHead');
169
170	echo
171	"</head>\n".
172	'<body id="dotclear-admin'.
173	($safe_mode ? ' safe-mode' : '').'" class="no-js">'."\n".
174
175	'<ul id="prelude">'.
176	'<li><a href="#content">'.__('Go to the content').'</a></li>'.
177	'<li><a href="#main-menu">'.__('Go to the menu').'</a></li>'.
178	'<li><a href="#qx">'.__('Go to search').'</a></li>'.
179	'<li><a href="#help">'.__('Go to help').'</a></li>'.
180	'</ul>'."\n".
181	'<div id="header" role="banner">'.
182	'<h1><a href="'.$core->adminurl->get("admin.home").'"><span class="hidden">'.DC_VENDOR_NAME.'</span></a></h1>'."\n";
183
184	echo
185	'<form action="'.$core->adminurl->get("admin.home").'" method="post" id="top-info-blog">'.
186	$blog_box.
187	'<p><a href="'.$core->blog->url.'" class="outgoing" title="'.__('Go to site').
188	'">'.__('Go to site').'<img src="images/outgoing.png" alt="" /></a>'.
189	'</p></form>'.
190	'<ul id="top-info-user">'.
191	'<li><a class="'.(preg_match('/'.preg_quote($core->adminurl->get('admin.home')).'$/',$_SERVER['REQUEST_URI']) ? ' active' : '').'" href="'.$core->adminurl->get("admin.home").'">'.__('My dashboard').'</a></li>'.
192	'<li><a class="smallscreen'.(preg_match('/'.preg_quote($core->adminurl->get('admin.user.preferences')).'(\?.*)?$/',$_SERVER['REQUEST_URI']) ? ' active' : '').
193	'" href="'.$core->adminurl->get("admin.user.preferences").'">'.__('My preferences').'</a></li>'.
194	'<li><a href="'.$core->adminurl->get("admin.home",array('logout' => 1)).'" class="logout"><span class="nomobile">'.sprintf(__('Logout %s'),$core->auth->userID()).
195	'</span><img src="images/logout.png" alt="" /></a></li>'.
196	'</ul>'.
197	'</div>'; // end header
198
199	echo
200	'<div id="wrapper" class="clearfix">'."\n".
201	'<div class="hidden-if-no-js collapser-box"><a href="#" id="collapser">'.
202	'<img class="collapse-mm" src="images/collapser-hide.png" alt="'.__('Hide main menu').'" />'.
203	'<img class="expand-mm" src="images/collapser-show.png" alt="'.__('Show main menu').'" />'.
204	'</a></div>'.
205	'<div id="main" role="main">'."\n".
206	'<div id="content" class="clearfix">'."\n";
207
208	# Safe mode
209	if ($safe_mode)
210	{
211	echo
212	'<div class="warning" role="alert"><h3>'.__('Safe mode').'</h3>'.
213	'<p>'.__('You are in safe mode. All plugins have been temporarily disabled. Remind to log out then log in again normally to get back all functionalities').'</p>'.
214	'</div>';
215	}
216
217	// Display breadcrumb (if given) before any error messages
218	echo $breadcrumb;
219
220	// Display notices and errors
221	echo self::notices();
222	}
223
224	public static function notices()
225	{
226	global $core;
227	static $error_displayed = false;
228	$res = '';
229
230	// return error messages if any
231	if ($core->error->flag() && !$error_displayed) {
232	$res .= '<div class="error"><p><strong>'.(count($core->error->getErrors()) > 1 ? __('Errors:') : __('Error:')).'</strong></p>'.
233	$core->error->toHTML().
234	'</div>';
235	$error_displayed = true;
236	}
237
238	// return notices if any
239	if (isset($_SESSION['notifications'])) {
240	foreach ($_SESSION['notifications'] as $notification) {
241	$res .= self::getNotification($notification);
242	}
243	unset($_SESSION['notifications']);
244	}
245	return $res;
246	}
247
248	public static function addNotice($type,$message,$options=array())
249	{
250	if (isset(self::$N_TYPES[$type])){
251	$class = self::$N_TYPES[$type];
252	} else {
253	$class=$type;
254	}
255	if (isset($_SESSION['notifications']) && is_array($_SESSION['notifications'])) {
256	$notifications = $_SESSION['notifications'];
257	} else {
258	$notifications = array();
259	}
260
261	$n = array_merge($options,array('class' => $class,'ts' => time(), 'text' => $message));
262	if ($type != "static") {
263	$notifications[] = $n;
264	} else {
265	array_unshift($notifications, $n);
266	}
267	$_SESSION['notifications'] = $notifications;
268	}
269
270	public static function addSuccessNotice($message,$options=array())
271	{
272	self::addNotice("success",$message,$options);
273	}
274
275	public static function addWarningNotice($message,$options=array())
276	{
277	self::addNotice("warning",$message,$options);
278	}
279
280	public static function addErrorNotice($message,$options=array())
281	{
282	self::addNotice("error",$message,$options);
283	}
284
285	protected static function getNotification($n)
286	{
287	global $core;
288	$tag = (isset($n['divtag'])&& $n['divtag'])?'div':'p';
289	$ts = '';
290	if (!isset($n['with_ts']) \|\| ($n['with_ts'] == true)) {
291	$ts = dt::str(__('[%H:%M:%S]'),$n['ts'],$core->auth->getInfo('user_tz')).' ';
292	}
293	$res = '<'.$tag.' class="'.$n['class'].'" role="alert">'.$ts.$n['text'].'</'.$tag.'>';
294	return $res;
295	}
296
297	public static function close()
298	{
299	global $core;
300
301	if (!$GLOBALS['__resources']['ctxhelp']) {
302	echo
303	'<p id="help-button"><a href="'.$core->adminurl->get("admin.help").'" class="outgoing" title="'.
304	__('Global help').'">'.__('Global help').'</a></p>';
305	}
306
307	$menu =& $GLOBALS['_menu'];
308
309	echo
310	"</div>\n". // End of #content
311	"</div>\n". // End of #main
312
313	'<div id="main-menu" role="navigation">'."\n".
314
315	'<form id="search-menu" action="'.$core->adminurl->get("admin.search").'" method="get" role="search">'.
316	'<p><label for="qx" class="hidden">'.__('Search:').' </label>'.form::field('qx',30,255,'').
317	'<input type="submit" value="'.__('OK').'" /></p>'.
318	'</form>';
319
320	foreach ($menu as $k => $v) {
321	echo $menu[$k]->draw();
322	}
323
324	$text = sprintf(__('Thank you for using %s.'),'Dotclear '.DC_VERSION);
325
326	# --BEHAVIOR-- adminPageFooter
327	$textAlt = $core->callBehavior('adminPageFooter',$core,$text);
328	if ($textAlt != '') {
329	$text = $textAlt;
330	}
331	$text = html::escapeHTML($text);
332
333	echo
334	'</div>'."\n". // End of #main-menu
335	"</div>\n"; // End of #wrapper
336
337	$figure = "
338	/\_/\
339	(='.'=)
340	(\")-(\")
341	";
342
343	echo
344	'<div id="footer" role="contentinfo">'.
345	'<a href="http://dotclear.org/" title="'.$text.'">'.
346	'<img src="style/dc_logos/w-dotclear90.png" alt="'.$text.'" /></a></div>'."\n".
347	"<!-- "."\n".
348	$figure.
349	" -->"."\n";
350
351	if (defined('DC_DEV') && DC_DEV === true) {
352	echo self::debugInfo();
353	}
354
355	echo
356	'</body></html>';
357	}
358
359	public static function openPopup($title='',$head='',$breadcrumb='')
360	{
361	global $core;
362
363	# Display
364	header('Content-Type: text/html; charset=UTF-8');
365
366	// Prevents Clickjacking as far as possible
367	header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
368
369	echo
370	'<!DOCTYPE html>'.
371	'<html lang="'.$core->auth->getInfo('user_lang').'">'."\n".
372	"<head>\n".
373	' <meta charset="UTF-8" />'."\n".
374	' <meta name="viewport" content="width=device-width, initial-scale=1.0" />'."\n".
375	' <title>'.$title.' - '.html::escapeHTML($core->blog->name).' - '.html::escapeHTML(DC_VENDOR_NAME).' - '.DC_VERSION.'</title>'."\n".
376
377	' <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />'."\n".
378	' <meta name="GOOGLEBOT" content="NOSNIPPET" />'."\n".
379
380	self::jsLoadIE7().
381	self::cssLoad('style/default.css');
382	if (l10n::getTextDirection($GLOBALS['_lang']) == 'rtl') {
383	echo self::cssLoad('style/default-rtl.css');
384	}
385
386	echo
387	self::jsCommon().
388	self::jsToggles().
389	$head;
390
391	# --BEHAVIOR-- adminPageHTMLHead
392	$core->callBehavior('adminPageHTMLHead');
393
394	echo
395	"</head>\n".
396	'<body id="dotclear-admin" class="popup">'."\n".
397
398	'<h1>'.DC_VENDOR_NAME.'</h1>'."\n";
399
400	echo
401	'<div id="wrapper">'."\n".
402	'<div id="main" role="main">'."\n".
403	'<div id="content">'."\n";
404
405	// display breadcrumb if given
406	echo $breadcrumb;
407
408	// Display notices and errors
409	echo self::notices();
410	}
411
412	public static function closePopup()
413	{
414	echo
415	"</div>\n". // End of #content
416	"</div>\n". // End of #main
417	"</div>\n". // End of #wrapper
418	'<div id="footer" role="contentinfo"><p> </p></div>'."\n".
419	'</body></html>';
420	}
421
422	public static function breadcrumb($elements=null,$options=array())
423	{
424	global $core;
425	$with_home_link = isset($options['home_link'])?$options['home_link']:true;
426	$hl = isset($options['hl'])?$options['hl']:true;
427	$hl_pos = isset($options['hl_pos'])?$options['hl_pos']:-1;
428	// First item of array elements should be blog's name, System or Plugins
429	$res = '<h2>'.($with_home_link ?
430	'<a class="go_home" href="'.$core->adminurl->get("admin.home").'"><img src="style/dashboard.png" alt="'.__('Go to dashboard').'" /></a>' :
431	'<img src="style/dashboard-alt.png" alt="" />');
432	$index = 0;
433	if ($hl_pos < 0) {
434	$hl_pos = count($elements)+$hl_pos;
435	}
436	foreach ($elements as $element => $url) {
437	if ($hl && $index == $hl_pos) {
438	$element = sprintf('<span class="page-title">%s</span>',$element);
439	}
440	$res .= ($with_home_link ? ($index == 1 ? ' : ' : ' &rsaquo; ') : ($index == 0 ? ' ' : ' &rsaquo; ')).
441	($url ? '<a href="'.$url.'">' : '').$element.($url ? '</a>' : '');
442	$index++;
443	}
444	$res .= '</h2>';
445	return $res;
446	}
447
448	public static function message($msg,$timestamp=true,$div=false,$echo=true,$class='message')
449	{
450	global $core;
451
452	$res = '';
453	if ($msg != '') {
454	$res = ($div ? '<div class="'.$class.'">' : '').'<p'.($div ? '' : ' class="'.$class.'"').'>'.
455	($timestamp ? dt::str(__('[%H:%M:%S]'),null,$core->auth->getInfo('user_tz')).' ' : '').$msg.
456	'</p>'.($div ? '</div>' : '');
457	if ($echo) {
458	echo $res;
459	}
460	}
461	return $res;
462	}
463
464	public static function success($msg,$timestamp=true,$div=false,$echo=true)
465	{
466	return self::message($msg,$timestamp,$div,$echo,"success");
467	}
468
469	public static function warning($msg,$timestamp=true,$div=false,$echo=true)
470	{
471	return self::message($msg,$timestamp,$div,$echo,"warning-msg");
472	}
473
474	private static function debugInfo()
475	{
476	$global_vars = implode(', ',array_keys($GLOBALS));
477
478	$res =
479	'<div id="debug"><div>'.
480	'<p>memory usage: '.memory_get_usage().' ('.files::size(memory_get_usage()).')</p>';
481
482	if (function_exists('xdebug_get_profiler_filename'))
483	{
484	$res .= '<p>Elapsed time: '.xdebug_time_index().' seconds</p>';
485
486	$prof_file = xdebug_get_profiler_filename();
487	if ($prof_file) {
488	$res .= '<p>Profiler file : '.xdebug_get_profiler_filename().'</p>';
489	} else {
490	$prof_url = http::getSelfURI();
491	$prof_url .= (strpos($prof_url,'?') === false) ? '?' : '&';
492	$prof_url .= 'XDEBUG_PROFILE';
493	$res .= '<p><a href="'.html::escapeURL($prof_url).'">Trigger profiler</a></p>';
494	}
495
496	/* xdebug configuration:
497	zend_extension = /.../xdebug.so
498	xdebug.auto_trace = On
499	xdebug.trace_format = 0
500	xdebug.trace_options = 1
501	xdebug.show_mem_delta = On
502	xdebug.profiler_enable = 0
503	xdebug.profiler_enable_trigger = 1
504	xdebug.profiler_output_dir = /tmp
505	xdebug.profiler_append = 0
506	xdebug.profiler_output_name = timestamp
507	*/
508	}
509
510	$res .=
511	'<p>Global vars: '.$global_vars.'</p>'.
512	'</div></div>';
513
514	return $res;
515	}
516
517	public static function help($page,$index='')
518	{
519	# Deprecated but we keep this for plugins.
520	}
521
522	public static function helpBlock()
523	{
524	global $core;
525	$args = func_get_args();
526
527	$args = new ArrayObject($args);
528
529	# --BEHAVIOR-- adminPageHelpBlock
530	$GLOBALS['core']->callBehavior('adminPageHelpBlock',$args);
531
532	if (empty($args)) {
533	return;
534	};
535
536	global $__resources;
537	if (empty($__resources['help'])) {
538	return;
539	}
540
541	$content = '';
542	foreach ($args as $v)
543	{
544	if (is_object($v) && isset($v->content)) {
545	$content .= $v->content;
546	continue;
547	}
548
549	if (!isset($__resources['help'][$v])) {
550	continue;
551	}
552	$f = $__resources['help'][$v];
553	if (!file_exists($f) \|\| !is_readable($f)) {
554	continue;
555	}
556
557	$fc = file_get_contents($f);
558	if (preg_match('\|<body[^>]?>(.?)</body>\|ms',$fc,$matches)) {
559	$content .= $matches[1];
560	} else {
561	$content .= $fc;
562	}
563	}
564
565	if (trim($content) == '') {
566	return;
567	}
568
569	// Set contextual help global flag
570	$GLOBALS['__resources']['ctxhelp'] = true;
571
572	echo
573	'<div id="help"><hr /><div class="help-content clear"><h3>'.__('Help about this page').'</h3>'.
574	$content.
575	'</div>'.
576	'<div id="helplink"><hr />'.
577	'<p>'.
578	sprintf(__('See also %s'),sprintf('<a href="'.$core->adminurl->get("admin.help").'">%s</a>',__('the global help'))).
579	'.</p>'.
580	'</div></div>';
581	}
582
583	public static function cssLoad($src,$media='screen',$v='')
584	{
585	$escaped_src = html::escapeHTML($src);
586	if (!isset(self::$loaded_css[$escaped_src])) {
587	self::$loaded_css[$escaped_src] = true;
588	$escaped_src = self::appendVersion($escaped_src,$v);
589
590	return '<link rel="stylesheet" href="'.$escaped_src.'" type="text/css" media="'.$media.'" />'."\n";
591	}
592	}
593
594	public static function jsLoad($src,$v='')
595	{
596	$escaped_src = html::escapeHTML($src);
597	if (!isset(self::$loaded_js[$escaped_src])) {
598	self::$loaded_js[$escaped_src] = true;
599	$escaped_src = self::appendVersion($escaped_src,$v);
600	return '<script type="text/javascript" src="'.$escaped_src.'"></script>'."\n";
601	}
602	}
603
604	private static function appendVersion($src,$v='')
605	{
606	$src .= (strpos($src,'?') === false ? '?' : '&').'v=';
607	if (defined('DC_DEV') && DC_DEV === true) {
608	$src .= md5(uniqid());
609	} else {
610	$src .= ($v === '' ? DC_VERSION : $v);
611	}
612	return $src;
613	}
614
615	public static function jsVar($n,$v)
616	{
617	return $n." = '".html::escapeJS($v)."';\n";
618	}
619
620	public static function jsToggles()
621	{
622	if($GLOBALS['core']->auth->user_prefs->toggles) {
623	$unfolded_sections = explode(',',$GLOBALS['core']->auth->user_prefs->toggles->unfolded_sections);
624	foreach ($unfolded_sections as $k=>&$v) {
625	if ($v == '') {
626	unset($unfolded_sections[$k]);
627	} else {
628	$v = "'".html::escapeJS($v)."':true";
629	}
630	}
631	} else {
632	$unfolded_sections=array();
633	}
634	return '<script type="text/javascript">'."\n".
635	"//<![CDATA[\n".
636	'dotclear.unfolded_sections = {'.join(",",$unfolded_sections)."};\n".
637	"\n//]]>\n".
638	"</script>\n";
639	}
640
641	public static function jsCommon()
642	{
643	$mute_or_no = '';
644	if (empty($GLOBALS['core']->blog) \|\| $GLOBALS['core']->blog->settings->system->jquery_migrate_mute) {
645	$mute_or_no .=
646	'<script type="text/javascript">'."\n".
647	"//<![CDATA[\n".
648	'jQuery.migrateMute = true;'.
649	"\n//]]>\n".
650	"</script>\n";
651	}
652
653	return
654	self::jsLoad('js/jquery/jquery.js').
655	$mute_or_no.
656	self::jsLoad('js/jquery/jquery-migrate.js').
657	self::jsLoad('js/jquery/jquery.biscuit.js').
658	self::jsLoad('js/jquery/jquery.bgFade.js').
659	self::jsLoad('js/common.js').
660	self::jsLoad('js/prelude.js').
661
662	'<script type="text/javascript">'."\n".
663	"//<![CDATA[\n".
664	'jsToolBar = {}, jsToolBar.prototype = { elements : {} };'."\n".
665	self::jsVar('dotclear.nonce',$GLOBALS['core']->getNonce()).
666	self::jsVar('dotclear.img_plus_src','images/expand.png').
667	self::jsVar('dotclear.img_plus_alt',__('uncover')).
668	self::jsVar('dotclear.img_minus_src','images/hide.png').
669	self::jsVar('dotclear.img_minus_alt',__('hide')).
670	self::jsVar('dotclear.img_menu_on','images/menu_on.png').
671	self::jsVar('dotclear.img_menu_off','images/menu_off.png').
672
673	self::jsVar('dotclear.img_plus_theme_src','images/plus-theme.png').
674	self::jsVar('dotclear.img_plus_theme_alt',__('uncover')).
675	self::jsVar('dotclear.img_minus_theme_src','images/minus-theme.png').
676	self::jsVar('dotclear.img_minus_theme_alt',__('hide')).
677
678	self::jsVar('dotclear.msg.help',
679	__('Need help?')).
680	self::jsVar('dotclear.msg.new_window',
681	__('new window')).
682	self::jsVar('dotclear.msg.help_hide',
683	__('Hide')).
684	self::jsVar('dotclear.msg.to_select',
685	__('Select:')).
686	self::jsVar('dotclear.msg.no_selection',
687	__('no selection')).
688	self::jsVar('dotclear.msg.select_all',
689	__('select all')).
690	self::jsVar('dotclear.msg.invert_sel',
691	__('Invert selection')).
692	self::jsVar('dotclear.msg.website',
693	__('Web site:')).
694	self::jsVar('dotclear.msg.email',
695	__('Email:')).
696	self::jsVar('dotclear.msg.ip_address',
697	__('IP address:')).
698	self::jsVar('dotclear.msg.error',
699	__('Error:')).
700	self::jsVar('dotclear.msg.entry_created',
701	__('Entry has been successfully created.')).
702	self::jsVar('dotclear.msg.edit_entry',
703	__('Edit entry')).
704	self::jsVar('dotclear.msg.view_entry',
705	__('view entry')).
706	self::jsVar('dotclear.msg.confirm_delete_posts',
707	__("Are you sure you want to delete selected entries (%s)?")).
708	self::jsVar('dotclear.msg.confirm_delete_medias',
709	__("Are you sure you want to delete selected medias (%d)?")).
710	self::jsVar('dotclear.msg.confirm_delete_categories',
711	__("Are you sure you want to delete selected categories (%s)?")).
712	self::jsVar('dotclear.msg.confirm_delete_post',
713	__("Are you sure you want to delete this entry?")).
714	self::jsVar('dotclear.msg.click_to_unlock',
715	__("Click here to unlock the field")).
716	self::jsVar('dotclear.msg.confirm_spam_delete',
717	__('Are you sure you want to delete all spams?')).
718	self::jsVar('dotclear.msg.confirm_delete_comments',
719	__('Are you sure you want to delete selected comments (%s)?')).
720	self::jsVar('dotclear.msg.confirm_delete_comment',
721	__('Are you sure you want to delete this comment?')).
722	self::jsVar('dotclear.msg.cannot_delete_users',
723	__('Users with posts cannot be deleted.')).
724	self::jsVar('dotclear.msg.confirm_delete_user',
725	__('Are you sure you want to delete selected users (%s)?')).
726	self::jsVar('dotclear.msg.confirm_delete_category',
727	__('Are you sure you want to delete category "%s"?')).
728	self::jsVar('dotclear.msg.confirm_reorder_categories',
729	__('Are you sure you want to reorder all categories?')).
730	self::jsVar('dotclear.msg.confirm_delete_media',
731	__('Are you sure you want to remove media "%s"?')).
732	self::jsVar('dotclear.msg.confirm_delete_directory',
733	__('Are you sure you want to remove directory "%s"?')).
734	self::jsVar('dotclear.msg.confirm_extract_current',
735	__('Are you sure you want to extract archive in current directory?')).
736	self::jsVar('dotclear.msg.confirm_remove_attachment',
737	__('Are you sure you want to remove attachment "%s"?')).
738	self::jsVar('dotclear.msg.confirm_delete_lang',
739	__('Are you sure you want to delete "%s" language?')).
740	self::jsVar('dotclear.msg.confirm_delete_plugin',
741	__('Are you sure you want to delete "%s" plugin?')).
742	self::jsVar('dotclear.msg.confirm_delete_plugins',
743	__('Are you sure you want to delete selected plugins?')).
744	self::jsVar('dotclear.msg.use_this_theme',
745	__('Use this theme')).
746	self::jsVar('dotclear.msg.remove_this_theme',
747	__('Remove this theme')).
748	self::jsVar('dotclear.msg.confirm_delete_theme',
749	__('Are you sure you want to delete "%s" theme?')).
750	self::jsVar('dotclear.msg.confirm_delete_themes',
751	__('Are you sure you want to delete selected themes?')).
752	self::jsVar('dotclear.msg.confirm_delete_backup',
753	__('Are you sure you want to delete this backup?')).
754	self::jsVar('dotclear.msg.confirm_revert_backup',
755	__('Are you sure you want to revert to this backup?')).
756	self::jsVar('dotclear.msg.zip_file_content',
757	__('Zip file content')).
758	self::jsVar('dotclear.msg.xhtml_validator',
759	__('XHTML markup validator')).
760	self::jsVar('dotclear.msg.xhtml_valid',
761	__('XHTML content is valid.')).
762	self::jsVar('dotclear.msg.xhtml_not_valid',
763	__('There are XHTML markup errors.')).
764	self::jsVar('dotclear.msg.warning_validate_no_save_content',
765	__('Attention: an audit of a content not yet registered.')).
766	self::jsVar('dotclear.msg.confirm_change_post_format',
767	__('You have unsaved changes. Switch post format will loose these changes. Proceed anyway?')).
768	self::jsVar('dotclear.msg.confirm_change_post_format_noconvert',
769	__("Warning: post format change will not convert existing content. You will need to apply new format by yourself. Proceed anyway?")).
770	self::jsVar('dotclear.msg.load_enhanced_uploader',
771	__('Loading enhanced uploader, please wait.')).
772
773	self::jsVar('dotclear.msg.module_author',
774	__('Author:')).
775	self::jsVar('dotclear.msg.module_details',
776	__('Details')).
777	self::jsVar('dotclear.msg.module_support',
778	__('Support')).
779	self::jsVar('dotclear.msg.module_help',
780	__('Help:')).
781	self::jsVar('dotclear.msg.module_section',
782	__('Section:')).
783	self::jsVar('dotclear.msg.module_tags',
784	__('Tags:')).
785	"\n//]]>\n".
786	"</script>\n";
787	}
788
789	public static function jsLoadIE7()
790	{
791	return
792	'<!--[if lt IE 9]>'."\n".
793	self::jsLoad('js/ie7/IE9.js').
794	self::cssLoad('style/iesucks.css').
795	'<![endif]-->'."\n";
796	}
797
798	public static function jsConfirmClose()
799	{
800	$args = func_get_args();
801	if (count($args) > 0) {
802	foreach ($args as $k => $v) {
803	$args[$k] = "'".html::escapeJS($v)."'";
804	}
805	$args = implode(',',$args);
806	} else {
807	$args = '';
808	}
809
810	return
811	self::jsLoad('js/confirm-close.js').
812	'<script type="text/javascript">'."\n".
813	"//<![CDATA[\n".
814	"confirmClosePage = new confirmClose(".$args."); ".
815	"confirmClose.prototype.prompt = '".html::escapeJS(__('You have unsaved changes.'))."'; ".
816	"\n//]]>\n".
817	"</script>\n";
818	}
819
820	public static function jsPageTabs($default=null)
821	{
822	if ($default) {
823	$default = "'".html::escapeJS($default)."'";
824	}
825
826	return
827	self::jsLoad('js/jquery/jquery.pageTabs.js').
828	'<script type="text/javascript">'."\n".
829	"//<![CDATA[\n".
830	'$(function() {'."\n".
831	'$.pageTabs('.$default.');'."\n".
832	'});'.
833	"\n//]]>\n".
834	"</script>\n".
835	'<!--[if lt IE 8]>'."\n".
836	self::jsLoad('js/ie7/ie7-hashchange.js').
837	'<script type="text/javascript">'."\n".
838	"//<![CDATA[\n".
839	'$(window).hashchange();'.
840	"\n//]]>\n".
841	"</script>\n".
842	'<![endif]-->'."\n";
843	}
844
845	public static function jsModal()
846	{
847	return
848	self::cssLoad('style/modal/modal.css').
849	self::jsLoad('js/jquery/jquery.modal.js').
850	'<script type="text/javascript">'."\n".
851	"//<![CDATA[\n".
852	self::jsVar('$.modal.prototype.params.loader_img','style/modal/loader.gif').
853	self::jsVar('$.modal.prototype.params.close_img','style/modal/close.png').
854	"\n//]]>\n".
855	"</script>\n";
856	}
857
858	public static function jsColorPicker()
859	{
860	return
861	self::cssLoad('style/farbtastic/farbtastic.css').
862	self::jsLoad('js/jquery/jquery.farbtastic.js').
863	self::jsLoad('js/color-picker.js');
864	}
865
866	public static function jsDatePicker()
867	{
868	return
869	self::cssLoad('style/date-picker.css').
870	self::jsLoad('js/date-picker.js').
871	'<script type="text/javascript">'."\n".
872	"//<![CDATA[\n".
873
874	"datePicker.prototype.months[0] = '".html::escapeJS(__('January'))."'; ".
875	"datePicker.prototype.months[1] = '".html::escapeJS(__('February'))."'; ".
876	"datePicker.prototype.months[2] = '".html::escapeJS(__('March'))."'; ".
877	"datePicker.prototype.months[3] = '".html::escapeJS(__('April'))."'; ".
878	"datePicker.prototype.months[4] = '".html::escapeJS(__('May'))."'; ".
879	"datePicker.prototype.months[5] = '".html::escapeJS(__('June'))."'; ".
880	"datePicker.prototype.months[6] = '".html::escapeJS(__('July'))."'; ".
881	"datePicker.prototype.months[7] = '".html::escapeJS(__('August'))."'; ".
882	"datePicker.prototype.months[8] = '".html::escapeJS(__('September'))."'; ".
883	"datePicker.prototype.months[9] = '".html::escapeJS(__('October'))."'; ".
884	"datePicker.prototype.months[10] = '".html::escapeJS(__('November'))."'; ".
885	"datePicker.prototype.months[11] = '".html::escapeJS(__('December'))."'; ".
886
887	"datePicker.prototype.days[0] = '".html::escapeJS(__('Monday'))."'; ".
888	"datePicker.prototype.days[1] = '".html::escapeJS(__('Tuesday'))."'; ".
889	"datePicker.prototype.days[2] = '".html::escapeJS(__('Wednesday'))."'; ".
890	"datePicker.prototype.days[3] = '".html::escapeJS(__('Thursday'))."'; ".
891	"datePicker.prototype.days[4] = '".html::escapeJS(__('Friday'))."'; ".
892	"datePicker.prototype.days[5] = '".html::escapeJS(__('Saturday'))."'; ".
893	"datePicker.prototype.days[6] = '".html::escapeJS(__('Sunday'))."'; ".
894
895	"datePicker.prototype.img_src = 'images/date-picker.png'; ".
896	"datePicker.prototype.img_alt = '".html::escapeJS(__('Choose date'))."'; ".
897
898	"datePicker.prototype.close_msg = '".html::escapeJS(__('close'))."'; ".
899	"datePicker.prototype.now_msg = '".html::escapeJS(__('now'))."'; ".
900
901	"\n//]]>\n".
902	"</script>\n";
903	}
904
905
906	public static function jsToolBar()
907	{
908	# Deprecated but we keep this for plugins.
909	}
910
911	public static function jsUpload($params=array(),$base_url=null)
912	{
913	if (!$base_url) {
914	$base_url = path::clean(dirname(preg_replace('/(\?.*$)?/','',$_SERVER['REQUEST_URI']))).'/';
915	}
916
917	$params = array_merge($params,array(
918	'sess_id='.session_id(),
919	'sess_uid='.$_SESSION['sess_browser_uid'],
920	'xd_check='.$GLOBALS['core']->getNonce()
921	));
922
923	return
924	'<script type="text/javascript">'."\n".
925	"//<![CDATA[\n".
926	"dotclear.jsUpload = {};\n".
927	"dotclear.jsUpload.msg = {};\n".
928	self::jsVar('dotclear.msg.enhanced_uploader_activate',__('Temporarily activate enhanced uploader')).
929	self::jsVar('dotclear.msg.enhanced_uploader_disable',__('Temporarily disable enhanced uploader')).
930	self::jsVar('dotclear.jsUpload.msg.limit_exceeded',__('Limit exceeded.')).
931	self::jsVar('dotclear.jsUpload.msg.size_limit_exceeded',__('File size exceeds allowed limit.')).
932	self::jsVar('dotclear.jsUpload.msg.canceled',__('Canceled.')).
933	self::jsVar('dotclear.jsUpload.msg.http_error',__('HTTP Error:')).
934	self::jsVar('dotclear.jsUpload.msg.error',__('Error:')).
935	self::jsVar('dotclear.jsUpload.msg.choose_file',__('Choose file')).
936	self::jsVar('dotclear.jsUpload.msg.choose_files',__('Choose files')).
937	self::jsVar('dotclear.jsUpload.msg.cancel',__('Cancel')).
938	self::jsVar('dotclear.jsUpload.msg.clean',__('Clean')).
939	self::jsVar('dotclear.jsUpload.msg.upload',__('Upload')).
940	self::jsVar('dotclear.jsUpload.msg.send',__('Send')).
941	self::jsVar('dotclear.jsUpload.msg.file_successfully_uploaded',__('File successfully uploaded.')).
942	self::jsVar('dotclear.jsUpload.msg.no_file_in_queue',__('No file in queue.')).
943	self::jsVar('dotclear.jsUpload.msg.file_in_queue',__('1 file in queue.')).
944	self::jsVar('dotclear.jsUpload.msg.files_in_queue',__('%d files in queue.')).
945	self::jsVar('dotclear.jsUpload.msg.queue_error',__('Queue error:')).
946	self::jsVar('dotclear.jsUpload.base_url',$base_url).
947	"\n//]]>\n".
948	"</script>\n".
949
950	self::jsLoad('js/jquery/jquery-ui.custom.js').
951	self::jsLoad('js/jsUpload/tmpl.js').
952	self::jsLoad('js/jsUpload/template-upload.js').
953	self::jsLoad('js/jsUpload/template-download.js').
954	self::jsLoad('js/jsUpload/load-image.js').
955	self::jsLoad('js/jsUpload/jquery.iframe-transport.js').
956	self::jsLoad('js/jsUpload/jquery.fileupload.js').
957	self::jsLoad('js/jsUpload/jquery.fileupload-process.js').
958	self::jsLoad('js/jsUpload/jquery.fileupload-resize.js').
959	self::jsLoad('js/jsUpload/jquery.fileupload-ui.js');
960	}
961
962	public static function jsToolMan()
963	{
964	return
965	self::jsLoad('js/tool-man/core.js').
966	self::jsLoad('js/tool-man/events.js').
967	self::jsLoad('js/tool-man/css.js').
968	self::jsLoad('js/tool-man/coordinates.js').
969	self::jsLoad('js/tool-man/drag.js').
970	self::jsLoad('js/tool-man/dragsort.js').
971	self::jsLoad('js/dragsort-tablerows.js');
972	}
973
974	public static function jsMetaEditor()
975	{
976	return self::jsLoad('js/meta-editor.js');
977	}
978
979	public static function jsLoadCodeMirror($theme = '',$multi = true,$modes = array('css','htmlmixed','javascript','php','xml'))
980	{
981	$ret =
982	self::cssLoad('js/codemirror/lib/codemirror.css').
983	self::jsLoad('js/codemirror/lib/codemirror.js');
984	if ($multi) {
985	$ret .= self::jsLoad('js/codemirror/addon/mode/multiplex.js');
986	}
987	foreach ($modes as $mode) {
988	$ret .= self::jsLoad('js/codemirror/mode/'.$mode.'/'.$mode.'.js');
989	}
990	$ret .=
991	self::jsLoad('js/codemirror/addon/edit/closebrackets.js').
992	self::jsLoad('js/codemirror/addon/edit/matchbrackets.js').
993	self::cssLoad('js/codemirror/addon/display/fullscreen.css').
994	self::jsLoad('js/codemirror/addon/display/fullscreen.js');
995	if ($theme != '') {
996	$ret .= self::cssLoad('js/codemirror/theme/'.$theme.'.css');
997	}
998	return $ret;
999	}
1000
1001	public static function jsRunCodeMirror($name,$id,$mode,$theme = '')
1002	{
1003	$ret =
1004	'<script type="text/javascript">'.
1005	'//<![CDATA['."\n".
1006	'var '.$name.' = CodeMirror.fromTextArea('.$id.',{'."\n".
1007	' mode: "'.$mode.'",'."\n".
1008	' tabMode: "indent",'."\n".
1009	' lineWrapping: "true",'."\n".
1010	' lineNumbers: "true",'."\n".
1011	' matchBrackets: "true",'."\n".
1012	' autoCloseBrackets: "true",'."\n".
1013	' extraKeys: {"F11": function(cm) {cm.setOption("fullScreen",!cm.getOption("fullScreen"));}}';
1014	if ($theme) {
1015	$ret .=
1016	','."\n".
1017	' theme: "'.$theme.'"';
1018	}
1019	$ret .=
1020	"\n".'});'."\n".
1021	'//]]>'.
1022	'</script>';
1023	return $ret;
1024	}
1025
1026	public static function getCodeMirrorThemes()
1027	{
1028	$themes = array();
1029	$themes_root = dirname(__FILE__).'/../../admin'.'/js/codemirror/theme/';
1030	if (is_dir($themes_root) && is_readable($themes_root)) {
1031	if (($d = @dir($themes_root)) !== false) {
1032	while (($entry = $d->read()) !== false) {
1033	if ($entry != '.' && $entry != '..' && substr($entry, 0, 1) != '.' && is_readable($themes_root.'/'.$entry)) {
1034	$themes[] = substr($entry,0,-4); // remove .css extension
1035	}
1036	}
1037	}
1038	}
1039	return $themes;
1040	}
1041
1042	public static function getPF($file)
1043	{
1044	return $GLOBALS['core']->adminurl->get('load.plugin.file',array('pf' => $file));
1045	}
1046
1047	public static function getVF($file)
1048	{
1049	return $GLOBALS['core']->adminurl->get('load.var.file',array('vf' => $file));
1050	}
1051
1052	public static function setXFrameOptions($headers,$origin = null)
1053	{
1054	if (self::$xframe_loaded) {
1055	return;
1056	}
1057	if ($origin !== null) {
1058	$url = parse_url($origin);
1059	$headers['x-frame-options'] = sprintf('X-Frame-Options: %s',is_array($url) ?
1060	("ALLOW-FROM ".(isset($url['scheme']) ? $url['scheme'].':' : '' ).'//'.$url['host']) :
1061	'SAMEORIGIN');
1062	} else {
1063	$headers['x-frame-options'] = 'X-Frame-Options: SAMEORIGIN'; // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
1064	}
1065	self::$xframe_loaded = true;
1066	}
1067	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/admin/lib.dc.page.php @ 3292:86dfd06c2a8c

Download in other formats:

Sites map