site_iri: web/wp-content/plugins/exec-php/includes/ajax.php@aa6401ce9cad (annotated)

136 bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	1	<?php
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	2
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	3	require_once(dirname(__FILE__).'/const.php');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	4	require_once(dirname(__FILE__).'/l10n.php');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	5
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	6	// -----------------------------------------------------------------------------
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	7	// the ExecPhp_Ajax class handles the AJAX communication incoming from the
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	8	// AdminUi for requesting which users are allowed to execute PHP in widgets
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	9	// and articles
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	10	// -----------------------------------------------------------------------------
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	11
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	12	if (!class_exists('ExecPhp_Ajax')) :
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	13	class ExecPhp_Ajax
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	14	{
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	15	var $m_cache = NULL;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	16
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	17	// ---------------------------------------------------------------------------
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	18	// init
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	19	// ---------------------------------------------------------------------------
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	20
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	21	function ExecPhp_Ajax(&$cache)
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	22	{
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	23	$this->m_cache =& $cache;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	24
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	25	global $wp_version;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	26	if (version_compare($wp_version, '2.5.dev') >= 0 && !defined('DOING_AJAX'))
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	27	return;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	28
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	29	add_action('wp_ajax_'. ExecPhp_ACTION_REQUEST_USERS,
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	30	array(&$this, 'action_ajax_request_user'));
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	31	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	32
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	33	// ---------------------------------------------------------------------------
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	34	// hooks
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	35	// ---------------------------------------------------------------------------
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	36
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	37	function action_ajax_request_user()
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	38	{
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	39	global $wpdb;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	40
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	41	if (!current_user_can(ExecPhp_CAPABILITY_EDIT_PLUGINS)
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	42	&& !current_user_can(ExecPhp_CAPABILITY_EDIT_USERS))
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	43	die('-1');
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	44
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	45	$feature = explode(',', $_POST['feature']);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	46	$wants_edit_others_php = in_array(ExecPhp_REQUEST_FEATURE_SECURITY_HOLE, $feature);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	47	$wants_switch_themes = in_array(ExecPhp_REQUEST_FEATURE_WIDGETS, $feature);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	48	$wants_exec_php = in_array(ExecPhp_REQUEST_FEATURE_EXECUTE_ARTICLES, $feature);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	49
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	50	$query = "SELECT ID AS user_id FROM {$wpdb->users} ORDER BY display_name";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	51	$wpdb->query($query);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	52	$s = $wpdb->get_results($query);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	53	if (!is_array($s))
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	54	$s = array();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	55
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	56	$option =& $this->m_cache->get_option();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	57	$widget_support = $option->get_widget_support();
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	58
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	59	$output_edit_others_php = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	60	$output_switch_themes = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	61	$output_exec_php = '';
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	62	foreach ($s as $i)
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	63	{
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	64	$user =& new WP_User($i->user_id);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	65	$has_switch_themes = $user->has_cap(ExecPhp_CAPABILITY_EXECUTE_WIDGETS);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	66	$has_exec_php = $user->has_cap(ExecPhp_CAPABILITY_EXECUTE_ARTICLES);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	67	$has_edit_others_posts = $user->has_cap(ExecPhp_CAPABILITY_EDIT_OTHERS_POSTS);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	68	$has_edit_others_pages = $user->has_cap(ExecPhp_CAPABILITY_EDIT_OTHERS_PAGES);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	69	$has_edit_others_php = $user->has_cap(ExecPhp_CAPABILITY_EDIT_OTHERS_PHP);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	70
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	71	if (($has_edit_others_posts \|\| $has_edit_others_pages)
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	72	&& $has_edit_others_php && !$has_exec_php && $wants_edit_others_php)
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	73	$output_edit_others_php .= "<li>{$user->data->display_name}</li>";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	74	if ($has_switch_themes && $widget_support && $wants_switch_themes)
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	75	$output_switch_themes .= "<li>{$user->data->display_name}</li>";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	76	if ($has_exec_php && $wants_exec_php)
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	77	$output_exec_php .= "<li>{$user->data->display_name}</li>";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	78	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	79	$output_edit_others_php = $this->adjust_reply('edit_others_php', $output_edit_others_php);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	80	$output_switch_themes = $this->adjust_reply('switch_themes', $output_switch_themes);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	81	$output_exec_php = $this->adjust_reply('exec_php', $output_exec_php);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	82	die($output_edit_others_php. $output_switch_themes. $output_exec_php);
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	83	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	84
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	85	// ---------------------------------------------------------------------------
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	86	// tools
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	87	// ---------------------------------------------------------------------------
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	88
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	89	function adjust_reply($js_var, $output)
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	90	{
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	91	if (!empty($output))
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	92	$output = "$js_var = \"<ul>". escape_dquote($output). "</ul>\"; ";
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	93	return $output;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	94	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	95	}
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	96	endif;
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	97
bde1974c263b merge from wordpress ymh@caf4f556-3d62-0410-8435-a86758001935 parents: diff changeset	98	?>

author	ymh@caf4f556-3d62-0410-8435-a86758001935
	Wed, 03 Feb 2010 16:56:36 +0000
changeset 140	aa6401ce9cad
parent 136	bde1974c263b
permissions	-rw-r--r--