lib.pager.php @ 3087:b739d0de9983

Visit:

Revision 3087:b739d0de9983, 17.4 KB checked in by Dsls, 10 years ago (diff)
Fixed admin pager parameters escaping.

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12	if (!defined('DC_RC_PATH')) { return; }
13
14	class dcPager extends pager
15	{
16	protected $form_action;
17	protected $form_hidden;
18
19	protected function getLink($li_class,$href,$img_src,$img_src_nolink,$img_alt,$enable_link) {
20	if ($enable_link) {
21	$formatter = '<li class="%s btn"><a href="%s"><img src="%s" alt="%s"/></a><span class="hidden">%s</span></li>';
22	return sprintf ($formatter,
23	$li_class,$href,$img_src,$img_alt,$img_alt);
24	} else {
25	$formatter = '<li class="%s no-link btn"><img src="%s" alt="%s"/></li>';
26	return sprintf ($formatter,
27	$li_class,$img_src_nolink,$img_alt,$img_alt);
28	}
29	}
30	public function setURL() {
31	parent::setURL();
32	$url = parse_url($_SERVER['REQUEST_URI']);
33	if (isset($url['query'])) {
34	parse_str($url['query'],$args);
35	} else {
36	$args=array();
37	}
38	# Removing session information
39	if (session_id())
40	{
41	if (isset($args[session_name()]))
42	unset($args[session_name()]);
43	}
44	if (isset($args[$this->var_page])) {
45	unset($args[$this->var_page]);
46	}
47	if (isset($args['ok'])) {
48	unset($args['ok']);
49	}
50	$this->form_hidden = '';
51	foreach ($args as $k=>$v) {
52	if (is_array($v)) {
53	foreach ($v as $k2=>$v2) {
54	$this->form_hidden .= form::hidden(array($k.'[]'),html::escapeHTML($v2));
55	}
56	} else {
57	$this->form_hidden .= form::hidden(array($k),html::escapeHTML($v));
58	}
59	}
60	$this->form_action = $url['path'];
61	}
62
63	/**
64	* Pager Links
65	*
66	* Returns pager links
67	*
68	* @return string
69	*/
70	public function getLinks()
71	{
72	$this->setURL();
73	$htmlFirst = $this->getLink(
74	"first",
75	sprintf($this->page_url,1),
76	"images/pagination/first.png",
77	"images/pagination/no-first.png",
78	__('First page'),
79	($this->env > 1)
80	);
81	$htmlPrev = $this->getLink(
82	"prev",
83	sprintf($this->page_url,$this->env-1),
84	"images/pagination/previous.png",
85	"images/pagination/no-previous.png",
86	__('Previous page'),
87	($this->env > 1)
88	);
89	$htmlNext = $this->getLink(
90	"next",
91	sprintf($this->page_url,$this->env+1),
92	"images/pagination/next.png",
93	"images/pagination/no-next.png",
94	__('Next page'),
95	($this->env < $this->nb_pages)
96	);
97	$htmlLast = $this->getLink(
98	"last",
99	sprintf($this->page_url,$this->nb_pages),
100	"images/pagination/last.png",
101	"images/pagination/no-last.png",
102	__('Last page'),
103	($this->env < $this->nb_pages)
104	);
105	$htmlCurrent =
106	'<li class="active"><strong>'.
107	sprintf(__('Page %s / %s'),$this->env,$this->nb_pages).
108	'</strong></li>';
109
110	$htmlDirect =
111	($this->nb_pages > 1 ?
112	sprintf('<li class="direct-access">'.__('Direct access page %s'),
113	form::field(array($this->var_page),3,10)).
114	'<input type="submit" value="'.__('ok').'" class="reset" '.
115	'name="ok" />'.$this->form_hidden.'</li>' : '');
116
117	$res =
118	'<form action="'.$this->form_action.'" method="get">'.
119	'<div class="pager"><ul>'.
120	$htmlFirst.
121	$htmlPrev.
122	$htmlCurrent.
123	$htmlNext.
124	$htmlLast.
125	$htmlDirect.
126	'</ul>'.
127	'</div>'.
128	'</form>'
129	;
130
131	return $this->nb_elements > 0 ? $res : '';
132	}
133	}
134
135	class adminGenericList
136	{
137	protected $core;
138	protected $rs;
139	protected $rs_count;
140
141	public function __construct($core,$rs,$rs_count)
142	{
143	$this->core =& $core;
144	$this->rs =& $rs;
145	$this->rs_count = $rs_count;
146	$this->html_prev = __('« prev.');
147	$this->html_next = __('next »');
148	}
149	}
150
151	class adminPostList extends adminGenericList
152	{
153	public function display($page,$nb_per_page,$enclose_block='',$filter=false)
154	{
155	if ($this->rs->isEmpty())
156	{
157	if( $filter ) {
158	echo '<p><strong>'.__('No entry matches the filter').'</strong></p>';
159	} else {
160	echo '<p><strong>'.__('No entry').'</strong></p>';
161	}
162	}
163	else
164	{
165	$pager = new dcPager($page,$this->rs_count,$nb_per_page,10);
166	$entries = array();
167	if (isset($_REQUEST['entries'])) {
168	foreach ($_REQUEST['entries'] as $v) {
169	$entries[(integer)$v]=true;
170	}
171	}
172	$html_block =
173	'<div class="table-outer">'.
174	'<table>';
175
176	if( $filter ) {
177	$html_block .= '<caption>'.sprintf(__('List of %s entries match the filter.'), $this->rs_count).'</caption>';
178	} else {
179	$html_block .= '<caption class="hidden">'.__('Entries list').'</caption>';
180	}
181
182	$html_block .= '<tr>'.
183	'<th colspan="2" class="first">'.__('Title').'</th>'.
184	'<th scope="col">'.__('Date').'</th>'.
185	'<th scope="col">'.__('Category').'</th>'.
186	'<th scope="col">'.__('Author').'</th>'.
187	'<th scope="col"><img src="images/comments.png" alt="" title="'.__('Comments').'" /><span class="hidden">'.__('Comments').'</span></th>'.
188	'<th scope="col"><img src="images/trackbacks.png" alt="" title="'.__('Trackbacks').'" /><span class="hidden">'.__('Trackbacks').'</span></th>'.
189	'<th scope="col">'.__('Status').'</th>'.
190	'</tr>%s</table></div>';
191
192	if ($enclose_block) {
193	$html_block = sprintf($enclose_block,$html_block);
194	}
195
196	echo $pager->getLinks();
197
198	$blocks = explode('%s',$html_block);
199
200	echo $blocks[0];
201
202	while ($this->rs->fetch())
203	{
204	echo $this->postLine(isset($entries[$this->rs->post_id]));
205	}
206
207	echo $blocks[1];
208
209	echo $pager->getLinks();
210	}
211	}
212
213	private function postLine($checked)
214	{
215	if ($this->core->auth->check('categories',$this->core->blog->id)) {
216	$cat_link = '<a href="'.$this->core->adminurl->get('admin.category',array('id' => '%s'),'&',true).'">%s</a>';
217	} else {
218	$cat_link = '%2$s';
219	}
220
221	if ($this->rs->cat_title) {
222	$cat_title = sprintf($cat_link,$this->rs->cat_id,
223	html::escapeHTML($this->rs->cat_title));
224	} else {
225	$cat_title = __('(No cat)');
226	}
227
228	$img = '<img alt="%1$s" title="%1$s" src="images/%2$s" />';
229	switch ($this->rs->post_status) {
230	case 1:
231	$img_status = sprintf($img,__('Published'),'check-on.png');
232	break;
233	case 0:
234	$img_status = sprintf($img,__('Unpublished'),'check-off.png');
235	break;
236	case -1:
237	$img_status = sprintf($img,__('Scheduled'),'scheduled.png');
238	break;
239	case -2:
240	$img_status = sprintf($img,__('Pending'),'check-wrn.png');
241	break;
242	}
243
244	$protected = '';
245	if ($this->rs->post_password) {
246	$protected = sprintf($img,__('Protected'),'locker.png');
247	}
248
249	$selected = '';
250	if ($this->rs->post_selected) {
251	$selected = sprintf($img,__('Selected'),'selected.png');
252	}
253
254	$attach = '';
255	$nb_media = $this->rs->countMedia();
256	if ($nb_media > 0) {
257	$attach_str = $nb_media == 1 ? __('%d attachment') : __('%d attachments');
258	$attach = sprintf($img,sprintf($attach_str,$nb_media),'attach.png');
259	}
260
261	$res = '<tr class="line'.($this->rs->post_status != 1 ? ' offline' : '').'"'.
262	' id="p'.$this->rs->post_id.'">';
263
264	$res .=
265	'<td class="nowrap">'.
266	form::checkbox(array('entries[]'),$this->rs->post_id,$checked,'','',!$this->rs->isEditable()).'</td>'.
267	'<td class="maximal" scope="row"><a href="'.$this->core->getPostAdminURL($this->rs->post_type,$this->rs->post_id).'">'.
268	html::escapeHTML($this->rs->post_title).'</a></td>'.
269	'<td class="nowrap count">'.dt::dt2str(__('%Y-%m-%d %H:%M'),$this->rs->post_dt).'</td>'.
270	'<td class="nowrap">'.$cat_title.'</td>'.
271	'<td class="nowrap">'.html::escapeHTML($this->rs->user_id).'</td>'.
272	'<td class="nowrap count">'.$this->rs->nb_comment.'</td>'.
273	'<td class="nowrap count">'.$this->rs->nb_trackback.'</td>'.
274	'<td class="nowrap status">'.$img_status.' '.$selected.' '.$protected.' '.$attach.'</td>'.
275	'</tr>';
276
277	return $res;
278	}
279	}
280
281	class adminPostMiniList extends adminGenericList
282	{
283	public function display($page,$nb_per_page,$enclose_block='')
284	{
285	if ($this->rs->isEmpty())
286	{
287	echo '<p><strong>'.__('No entry').'</strong></p>';
288	}
289	else
290	{
291	$pager = new dcPager($page,$this->rs_count,$nb_per_page,10);
292
293	$html_block =
294	'<div class="table-outer clear">'.
295	'<table><caption class="hidden">'.__('Entries list').'</caption><tr>'.
296	'<th scope="col">'.__('Title').'</th>'.
297	'<th scope="col">'.__('Date').'</th>'.
298	'<th scope="col">'.__('Author').'</th>'.
299	'<th scope="col">'.__('Status').'</th>'.
300	'</tr>%s</table></div>';
301
302	if ($enclose_block) {
303	$html_block = sprintf($enclose_block,$html_block);
304	}
305
306	echo $pager->getLinks();
307
308	$blocks = explode('%s',$html_block);
309
310	echo $blocks[0];
311
312	while ($this->rs->fetch())
313	{
314	echo $this->postLine();
315	}
316
317	echo $blocks[1];
318
319	echo $pager->getLinks();
320	}
321	}
322
323	private function postLine()
324	{
325	$img = '<img alt="%1$s" title="%1$s" src="images/%2$s" />';
326	switch ($this->rs->post_status) {
327	case 1:
328	$img_status = sprintf($img,__('Published'),'check-on.png');
329	break;
330	case 0:
331	$img_status = sprintf($img,__('Unpublished'),'check-off.png');
332	break;
333	case -1:
334	$img_status = sprintf($img,__('Scheduled'),'scheduled.png');
335	break;
336	case -2:
337	$img_status = sprintf($img,__('Pending'),'check-wrn.png');
338	break;
339	}
340
341	$protected = '';
342	if ($this->rs->post_password) {
343	$protected = sprintf($img,__('Protected'),'locker.png');
344	}
345
346	$selected = '';
347	if ($this->rs->post_selected) {
348	$selected = sprintf($img,__('Selected'),'selected.png');
349	}
350
351	$attach = '';
352	$nb_media = $this->rs->countMedia();
353	if ($nb_media > 0) {
354	$attach_str = $nb_media == 1 ? __('%d attachment') : __('%d attachments');
355	$attach = sprintf($img,sprintf($attach_str,$nb_media),'attach.png');
356	}
357
358	$res = '<tr class="line'.($this->rs->post_status != 1 ? ' offline' : '').'"'.
359	' id="p'.$this->rs->post_id.'">';
360
361	$res .=
362	'<td scope="row" class="maximal"><a href="'.$this->core->getPostAdminURL($this->rs->post_type,$this->rs->post_id).'" '.
363	'title="'.html::escapeHTML($this->rs->getURL()).'">'.
364	html::escapeHTML($this->rs->post_title).'</a></td>'.
365	'<td class="nowrap count">'.dt::dt2str(__('%Y-%m-%d %H:%M'),$this->rs->post_dt).'</td>'.
366	'<td class="nowrap">'.html::escapeHTML($this->rs->user_id).'</td>'.
367	'<td class="nowrap status">'.$img_status.' '.$selected.' '.$protected.' '.$attach.'</td>'.
368	'</tr>';
369
370	return $res;
371	}
372	}
373
374	class adminCommentList extends adminGenericList
375	{
376	public function display($page,$nb_per_page,$enclose_block='',$filter=false,$spam=false)
377	{
378	if ($this->rs->isEmpty())
379	{
380	if( $filter ) {
381	echo '<p><strong>'.__('No comments or trackbacks matches the filter').'</strong></p>';
382	} else {
383	echo '<p><strong>'.__('No comments').'</strong></p>';
384	}
385	}
386	else
387	{
388	// Get antispam filters' name
389	$filters = array();
390	if ($spam) {
391	if (class_exists('dcAntispam')) {
392	dcAntispam::initFilters();
393	$fs = dcAntispam::$filters->getFilters();
394	foreach ($fs as $fid => $f)
395	{
396	$filters[$fid] = $f->name;
397	}
398	}
399	}
400
401	$pager = new dcPager($page,$this->rs_count,$nb_per_page,10);
402
403	$comments = array();
404	if (isset($_REQUEST['comments'])) {
405	foreach ($_REQUEST['comments'] as $v) {
406	$comments[(integer)$v]=true;
407	}
408	}
409	$html_block =
410	'<div class="table-outer">'.
411	'<table>';
412
413	if( $filter ) {
414	$html_block .= '<caption>'.
415	sprintf(__(
416	'Comment or trackback matching the filter.',
417	'List of %s comments or trackbacks matching the filter.',
418	$this->rs_count), $this->rs_count).
419	'</caption>';
420	} else {
421	$html_block .= '<caption class="hidden">'.__('Comments and trackbacks list').'</caption>';
422	}
423
424	$html_block .= '<tr>'.
425	'<th colspan="2" scope="col" abbr="comm" class="first">'.__('Type').'</th>'.
426	'<th scope="col">'.__('Author').'</th>'.
427	'<th scope="col">'.__('Date').'</th>'.
428	'<th scope="col" class="txt-center">'.__('Status').'</th>';
429	if ($spam) {
430	$html_block .=
431	'<th scope="col">'.__('IP').'</th>'.
432	'<th scope="col">'.__('Spam filter').'</th>';
433	}
434	$html_block .=
435	'<th scope="col" abbr="entry">'.__('Entry').'</th>'.
436	'</tr>%s</table></div>';
437
438	if ($enclose_block) {
439	$html_block = sprintf($enclose_block,$html_block);
440	}
441
442	echo $pager->getLinks();
443
444	$blocks = explode('%s',$html_block);
445
446	echo $blocks[0];
447
448	while ($this->rs->fetch())
449	{
450	echo $this->commentLine(isset($comments[$this->rs->comment_id]),$spam,$filters);
451	}
452
453	echo $blocks[1];
454
455	echo $pager->getLinks();
456	}
457	}
458
459	private function commentLine($checked=false,$spam=false,$filters=array())
460	{
461	global $core, $author, $status, $sortby, $order, $nb_per_page;
462
463	$author_url =
464	$this->core->adminurl->get('admin.comments',array(
465	'n' => $nb_per_page,
466	'status' => $status,
467	'sortby' => $sortby,
468	'order' => $order,
469	'author' => $this->rs->comment_author
470	));
471
472	$post_url = $this->core->getPostAdminURL($this->rs->post_type,$this->rs->post_id);
473
474	$comment_url = $this->core->adminurl->get('admin.comment',array('id' => $this->rs->comment_id));
475
476	$comment_dt =
477	dt::dt2str($this->core->blog->settings->system->date_format.' - '.
478	$this->core->blog->settings->system->time_format,$this->rs->comment_dt);
479
480	$img = '<img alt="%1$s" title="%1$s" src="images/%2$s" />';
481	switch ($this->rs->comment_status) {
482	case 1:
483	$img_status = sprintf($img,__('Published'),'check-on.png');
484	break;
485	case 0:
486	$img_status = sprintf($img,__('Unpublished'),'check-off.png');
487	break;
488	case -1:
489	$img_status = sprintf($img,__('Pending'),'check-wrn.png');
490	break;
491	case -2:
492	$img_status = sprintf($img,__('Junk'),'junk.png');
493	break;
494	}
495
496	$post_title = html::escapeHTML($this->rs->post_title);
497	if (mb_strlen($post_title) > 70) {
498	$post_title = mb_strcut($post_title,0,67).'...';
499	}
500	$comment_title = sprintf(__('Edit the %1$s from %2$s'),
501	$this->rs->comment_trackback ? __('trackback') : __('comment'),
502	html::escapeHTML($this->rs->comment_author));
503
504	$res = '<tr class="line'.($this->rs->comment_status != 1 ? ' offline' : '').'"'.
505	' id="c'.$this->rs->comment_id.'">';
506
507	$res .=
508	'<td class="nowrap">'.
509	form::checkbox(array('comments[]'),$this->rs->comment_id,$checked,'','',0).'</td>'.
510	'<td class="nowrap" abbr="'.__('Type and author').'" scope="row">'.
511	'<a href="'.$comment_url.'" title="'.$comment_title.'">'.
512	'<img src="images/edit-mini.png" alt="'.__('Edit').'"/> '.
513	($this->rs->comment_trackback ? __('trackback') : __('comment')).' '.'</a></td>'.
514	'<td class="nowrap maximal"><a href="'.$author_url.'">'.html::escapeHTML($this->rs->comment_author).'</a></td>'.
515	'<td class="nowrap count">'.dt::dt2str(__('%Y-%m-%d %H:%M'),$this->rs->comment_dt).'</td>'.
516	'<td class="nowrap status txt-center">'.$img_status.'</td>';
517	if ($spam) {
518	$filter_name = '';
519	if ($this->rs->comment_spam_filter) {
520	if (isset($filters[$this->rs->comment_spam_filter])) {
521	$filter_name = $filters[$this->rs->comment_spam_filter];
522	} else {
523	$filter_name = $this->rs->comment_spam_filter;
524	}
525	}
526	$res .=
527	'<td class="nowrap"><a href="'.$core->adminurl->get("admin.comments",array('ip' => $this->rs->comment_ip)).'">'.$this->rs->comment_ip.'</a></td>'.
528	'<td class="nowrap">'.$filter_name.'</td>';
529	}
530	$res .=
531	'<td class="nowrap discrete"><a href="'.$post_url.'">'.
532	$post_title.'</a>'.
533	($this->rs->post_type != 'post' ? ' ('.html::escapeHTML($this->rs->post_type).')' : '').'</td>';
534
535	$res .= '</tr>';
536
537	return $res;
538	}
539	}
540
541	class adminUserList extends adminGenericList
542	{
543	public function display($page,$nb_per_page,$enclose_block='',$filter=false)
544	{
545	if ($this->rs->isEmpty())
546	{
547	if( $filter ) {
548	echo '<p><strong>'.__('No user matches the filter').'</strong></p>';
549	} else {
550	echo '<p><strong>'.__('No user').'</strong></p>';
551	}
552	}
553	else
554	{
555	$pager = new dcPager($page,$this->rs_count,$nb_per_page,10);
556
557	$html_block =
558	'<div class="table-outer clear">'.
559	'<table>';
560
561	if( $filter ) {
562	$html_block .= '<caption>'.sprintf(__('List of %s users match the filter.'), $this->rs_count).'</caption>';
563	} else {
564	$html_block .= '<caption class="hidden">'.__('Users list').'</caption>';
565	}
566
567	$html_block .= '<tr>'.
568	'<th colspan="2" scope="col" class="first">'.__('Username').'</th>'.
569	'<th scope="col">'.__('First Name').'</th>'.
570	'<th scope="col">'.__('Last Name').'</th>'.
571	'<th scope="col">'.__('Display name').'</th>'.
572	'<th scope="col" class="nowrap">'.__('Entries (all types)').'</th>'.
573	'</tr>%s</table></div>';
574
575	if ($enclose_block) {
576	$html_block = sprintf($enclose_block,$html_block);
577	}
578
579	echo $pager->getLinks();
580
581	$blocks = explode('%s',$html_block);
582
583	echo $blocks[0];
584
585	while ($this->rs->fetch())
586	{
587	echo $this->userLine();
588	}
589
590	echo $blocks[1];
591
592	echo $pager->getLinks();
593	}
594	}
595
596	private function userLine()
597	{
598	$img = '<img alt="%1$s" title="%1$s" src="images/%2$s" />';
599	$img_status = '';
600
601	$p = $this->core->getUserPermissions($this->rs->user_id);
602
603	if (isset($p[$this->core->blog->id]['p']['admin'])) {
604	$img_status = sprintf($img,__('admin'),'admin.png');
605	}
606	if ($this->rs->user_super) {
607	$img_status = sprintf($img,__('superadmin'),'superadmin.png');
608	}
609	return
610	'<tr class="line">'.
611	'<td class="nowrap">'.form::hidden(array('nb_post[]'),(integer) $this->rs->nb_post).
612	form::checkbox(array('users[]'),$this->rs->user_id).'</td>'.
613	'<td class="maximal" scope="row"><a href="'.$this->core->adminurl->get('admin.user',array('id' => $this->rs->user_id)).'">'.
614	$this->rs->user_id.'</a> '.$img_status.'</td>'.
615	'<td class="nowrap">'.html::escapeHTML($this->rs->user_firstname).'</td>'.
616	'<td class="nowrap">'.html::escapeHTML($this->rs->user_name).'</td>'.
617	'<td class="nowrap">'.html::escapeHTML($this->rs->user_displayname).'</td>'.
618	'<td class="nowrap count"><a href="'.$this->core->adminurl->get('admin.posts',array('user_id' => $this->rs->user_id)).'">'.
619	$this->rs->nb_post.'</a></td>'.
620	'</tr>';
621	}
622	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/admin/lib.pager.php @ 3087:b739d0de9983

Download in other formats:

Sites map