| author | hurons@caf4f556-3d62-0410-8435-a86758001935 |
| Mon, 01 Feb 2010 09:51:57 +0000 | |
| branch | wordpress |
| changeset 123 | 561aa6d282f6 |
| permissions | -rw-r--r-- |
|
123
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
1 |
<?php |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
2 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
3 |
require_once(dirname(__FILE__).'/cache.php'); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
4 |
require_once(dirname(__FILE__).'/const.php'); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
5 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
6 |
// ----------------------------------------------------------------------------- |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
7 |
// the ExecPhp_Runtime class handles the execution of PHP code during |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
8 |
// access to the articles content or widget including checks against |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
9 |
// the exec_php / edit_others_php capability or plugin options respectivly |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
10 |
// ----------------------------------------------------------------------------- |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
11 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
12 |
if (!class_exists('ExecPhp_Runtime')) : |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
13 |
class ExecPhp_Runtime |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
14 |
{ |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
15 |
var $m_cache = NULL; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
16 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
17 |
// --------------------------------------------------------------------------- |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
18 |
// init |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
19 |
// --------------------------------------------------------------------------- |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
20 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
21 |
function ExecPhp_Runtime(&$cache) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
22 |
{ |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
23 |
$this->m_cache =& $cache; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
24 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
25 |
add_filter('the_content', array(&$this, 'filter_user_content'), 1); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
26 |
add_filter('the_content_rss', array(&$this, 'filter_user_content'), 1); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
27 |
add_filter('the_excerpt', array(&$this, 'filter_user_content'), 1); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
28 |
add_filter('the_excerpt_rss', array(&$this, 'filter_user_content'), 1); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
29 |
add_filter('widget_text', array(&$this, 'filter_widget_content'), 1); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
30 |
add_filter('user_has_cap', array(&$this, 'filter_user_has_cap'), 10, 3); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
31 |
} |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
32 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
33 |
// --------------------------------------------------------------------------- |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
34 |
// tools |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
35 |
// --------------------------------------------------------------------------- |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
36 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
37 |
function eval_php($content) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
38 |
{ |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
39 |
// to be compatible with older PHP4 installations |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
40 |
// don't use fancy ob_XXX shortcut functions |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
41 |
ob_start(); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
42 |
eval("?>$content<?php "); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
43 |
$output = ob_get_contents(); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
44 |
ob_end_clean(); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
45 |
return $output; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
46 |
} |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
47 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
48 |
// --------------------------------------------------------------------------- |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
49 |
// hooks |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
50 |
// --------------------------------------------------------------------------- |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
51 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
52 |
function filter_user_content($content) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
53 |
{ |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
54 |
global $post; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
55 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
56 |
// check whether the article author is allowed to execute PHP code |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
57 |
if (!isset($post) || !isset($post->post_author)) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
58 |
return $content; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
59 |
$poster = new WP_User($post->post_author); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
60 |
if (!$poster->has_cap(ExecPhp_CAPABILITY_EXECUTE_ARTICLES)) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
61 |
return $content; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
62 |
return $this->eval_php($content); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
63 |
} |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
64 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
65 |
function filter_widget_content($content) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
66 |
{ |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
67 |
// check whether the admin has configured widget support |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
68 |
$option =& $this->m_cache->get_option(); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
69 |
if (!$option->get_widget_support()) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
70 |
return $content; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
71 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
72 |
return $this->eval_php($content); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
73 |
} |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
74 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
75 |
function filter_user_has_cap($allcaps, $caps, $args) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
76 |
{ |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
77 |
// $allcaps = Capabilities the user currently has |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
78 |
// $caps = Primitive capabilities being tested / requested |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
79 |
// $args = array with: |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
80 |
// $args[0] = original meta capability requested |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
81 |
// $args[1] = user being tested |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
82 |
// See code for assumptions |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
83 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
84 |
// This handler is only set up to deal with the edit_others_pages |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
85 |
// or edit_others_posts capability. Ignore all other calls into here. |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
86 |
$pages_request = in_array('edit_others_pages', $caps); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
87 |
$posts_request = in_array('edit_others_posts', $caps); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
88 |
if ((!$pages_request && !$posts_request) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
89 |
|| ($pages_request && $posts_request) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
90 |
|| !$args[0] || !$args[1] || $args[1] == 0) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
91 |
return $allcaps; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
92 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
93 |
global $post; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
94 |
if (!isset($post)) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
95 |
return $allcaps; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
96 |
$poster = new WP_User($post->post_author); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
97 |
if (!$poster->has_cap(ExecPhp_CAPABILITY_EXECUTE_ARTICLES)) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
98 |
return $allcaps; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
99 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
100 |
$editor_has_edit_others_php = (in_array(ExecPhp_CAPABILITY_EDIT_OTHERS_PHP, $allcaps) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
101 |
&& $allcaps[ExecPhp_CAPABILITY_EDIT_OTHERS_PHP]); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
102 |
if ($editor_has_edit_others_php) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
103 |
return $allcaps; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
104 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
105 |
// article may contain PHP code due to the original posters capabilities |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
106 |
// but the editor is not allowed to edit others PHP code, so filter out |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
107 |
// requested edit_others_xxx settings from the allowed caps |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
108 |
if ($pages_request) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
109 |
unset($allcaps['edit_others_pages']); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
110 |
if ($posts_request) |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
111 |
unset($allcaps['edit_others_posts']); |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
112 |
return $allcaps; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
113 |
} |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
114 |
} |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
115 |
endif; |
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
116 |
|
|
561aa6d282f6
pre production version :
hurons@caf4f556-3d62-0410-8435-a86758001935
parents:
diff
changeset
|
117 |
?> |