|
1 <?php |
|
2 |
|
3 require_once(dirname(__FILE__).'/cache.php'); |
|
4 require_once(dirname(__FILE__).'/const.php'); |
|
5 require_once(dirname(__FILE__).'/l10n.php'); |
|
6 require_once(dirname(__FILE__).'/script.php'); |
|
7 |
|
8 // ----------------------------------------------------------------------------- |
|
9 // the ExecPhp_ConfigUi class displays the config interface in the |
|
10 // admin menu |
|
11 // ----------------------------------------------------------------------------- |
|
12 |
|
13 // use this guard to avoid error messages in WP admin panel if plugin |
|
14 // is disabled because of a version conflict but you still try to reload |
|
15 // the plugins config interface |
|
16 if (!class_exists('ExecPhp_ConfigUi')) : |
|
17 |
|
18 define('ExecPhp_ACTION_UPDATE_OPTIONS', 'execphp_update_options'); |
|
19 |
|
20 class ExecPhp_ConfigUi |
|
21 { |
|
22 var $m_cache = NULL; |
|
23 var $m_script = NULL; |
|
24 |
|
25 // --------------------------------------------------------------------------- |
|
26 // init |
|
27 // --------------------------------------------------------------------------- |
|
28 |
|
29 // Sets up the Exec-Php config menu |
|
30 function ExecPhp_ConfigUi(&$cache, &$script) |
|
31 { |
|
32 $this->m_cache =& $cache; |
|
33 $this->m_script =& $script; |
|
34 |
|
35 $option =& $this->m_cache->get_option(); |
|
36 $this->toggle_action($option->get_status()); |
|
37 add_action('admin_menu', array(&$this, 'action_admin_menu')); |
|
38 } |
|
39 |
|
40 // --------------------------------------------------------------------------- |
|
41 // hooks |
|
42 // --------------------------------------------------------------------------- |
|
43 |
|
44 function action_admin_menu() |
|
45 { |
|
46 if (current_user_can(ExecPhp_CAPABILITY_EDIT_PLUGINS)) |
|
47 { |
|
48 add_submenu_page('options-general.php', |
|
49 __s('Exec-PHP Settings', ExecPhp_PLUGIN_ID), |
|
50 __s('Exec-PHP', ExecPhp_PLUGIN_ID), |
|
51 ExecPhp_CAPABILITY_EDIT_PLUGINS, __FILE__, |
|
52 array(&$this, 'submenu_page_option_general')); |
|
53 add_filter('plugin_action_links', array(&$this, 'filter_plugin_actions_links'), 10, 2); |
|
54 } |
|
55 } |
|
56 |
|
57 function filter_plugin_actions_links($links, $file) |
|
58 { |
|
59 if ($file == ExecPhp_HOMEDIR. '/exec-php.php') |
|
60 { |
|
61 $settings_link = $settings_link = '<a href="options-general.php?page='. ExecPhp_HOMEDIR. '/includes/config_ui.php">' . __('Settings') . '</a>'; |
|
62 array_unshift($links, $settings_link); |
|
63 } |
|
64 return $links; |
|
65 } |
|
66 |
|
67 function action_admin_footer_plugin_version() |
|
68 { |
|
69 $option =& $this->m_cache->get_option(); |
|
70 $heading = __s('Exec-PHP Error.', ExecPhp_PLUGIN_ID); |
|
71 $text = __s('No necessary upgrade of the the Exec-PHP plugin could be performed. PHP code in your articles or widgets may be viewable to your blog readers. This is plugin version %1$s, previously there was version %2$s installed. Downgrading from a newer version to an older version of the plugin is not supported.', ExecPhp_PLUGIN_ID |
|
72 , ExecPhp_VERSION, $option->get_version()); |
|
73 $this->m_script->print_message($heading, $text); |
|
74 } |
|
75 |
|
76 function action_admin_footer_unknown() |
|
77 { |
|
78 $option =& $this->m_cache->get_option(); |
|
79 $heading = __s('Exec-PHP Error.', ExecPhp_PLUGIN_ID); |
|
80 $text = __s('An unknown error (%s) occured during execution of the Exec-PHP plugin. PHP code in your articles or widgets may be viewable to your blog readers. This error should never happen if you use the plugin with a compatible WordPress version and installed it as described in the documentation.', ExecPhp_PLUGIN_ID |
|
81 , $option->get_status()); |
|
82 $this->m_script->print_message($heading, $text); |
|
83 } |
|
84 |
|
85 function toggle_action($status) |
|
86 { |
|
87 if ($status == ExecPhp_STATUS_PLUGIN_VERSION_MISMATCH) |
|
88 add_action('admin_footer', array(&$this, 'action_admin_footer_plugin_version')); |
|
89 else |
|
90 remove_action('admin_footer', array(&$this, 'action_admin_footer_plugin_version')); |
|
91 |
|
92 if ($status != ExecPhp_STATUS_OKAY |
|
93 && $status != ExecPhp_STATUS_PLUGIN_VERSION_MISMATCH) |
|
94 add_action('admin_footer', array(&$this, 'action_admin_footer_unknown')); |
|
95 else |
|
96 remove_action('admin_footer', array(&$this, 'action_admin_footer_unknown')); |
|
97 } |
|
98 |
|
99 // --------------------------------------------------------------------------- |
|
100 // interface |
|
101 // --------------------------------------------------------------------------- |
|
102 |
|
103 function print_request_users($display_id, $feature, $title, $introduction) |
|
104 { |
|
105 global $wp_version; |
|
106 if (version_compare($wp_version, '2.6.dev') >= 0) |
|
107 // since WP 2.6 it comes with its own progress animation |
|
108 $image_url = get_option('siteurl'). '/wp-admin/images/loading.gif'; |
|
109 else |
|
110 $image_url = ExecPhp_HOME_URL. '/images/progress.gif'; |
|
111 ?> |
|
112 <fieldset class="options"> |
|
113 <table class="editform optiontable form-table"> |
|
114 <tr valign="top" id="<?php echo $display_id; ?>-container" > |
|
115 <th scope="row"><?php echo $title; ?></th> |
|
116 <td> |
|
117 <label for="<?php echo ExecPhp_POST_WIDGET_SUPPORT; ?>"> |
|
118 <?php echo $introduction; ?> |
|
119 |
|
120 <div class="execphp-user-list" id="<?php echo $display_id; ?>"> |
|
121 <?php _es('The list can not be displayed because you may have disabled Javascript or your browser does not support Javascript.', ExecPhp_PLUGIN_ID); ?> |
|
122 |
|
123 </div> |
|
124 <script type="text/javascript"> |
|
125 //<![CDATA[ |
|
126 document.getElementById("<?php echo $display_id; ?>").innerHTML = |
|
127 "<p><img src=\"<?php echo $image_url; ?>\" alt=\"<?php escape_dquote(_es('An animated icon signaling that this information is still be loaded.', ExecPhp_PLUGIN_ID)); ?>\" /> <?php escape_dquote(_es('Loading user information...', ExecPhp_PLUGIN_ID)); ?></p>"; |
|
128 ExecPhp_subscribeForFeature("<?php echo $feature; ?>"); |
|
129 //]]> |
|
130 </script> |
|
131 </label> |
|
132 </td> |
|
133 </tr> |
|
134 </table> |
|
135 </fieldset> |
|
136 <?php |
|
137 } |
|
138 |
|
139 function submenu_page_option_general() |
|
140 { |
|
141 global $wpdb; |
|
142 global $wp_version; |
|
143 |
|
144 // executing form actions |
|
145 $option =& $this->m_cache->get_option(); |
|
146 if (isset($_POST[ExecPhp_ACTION_UPDATE_OPTIONS])) |
|
147 { |
|
148 check_admin_referer(ExecPhp_ACTION_UPDATE_OPTIONS); |
|
149 $option->set_from_POST(); |
|
150 $option->save(); |
|
151 echo '<div id="message" class="updated fade"><p><strong>'. |
|
152 __s('Settings saved.', ExecPhp_PLUGIN_ID) . "</strong></p></div>\n"; |
|
153 } |
|
154 $this->toggle_action($option->get_status()); |
|
155 ?> |
|
156 <div class="wrap"> |
|
157 <?php if (version_compare($wp_version, '2.7.dev') >= 0) : ?> |
|
158 <div id="icon-options-general" class="icon32"><br /></div> |
|
159 <?php endif; ?> |
|
160 <h2><?php _es('Exec-PHP Plugin', ExecPhp_PLUGIN_ID); ?></h2> |
|
161 <p><?php echo __s('Exec-PHP executes <code><?php ?></code> code in your posts, pages and text widgets. See the <a href="%s">local documentation</a> for further information. The latest version of the plugin, documentation and information can be found on the <a href="http://bluesome.net/post/2005/08/18/50/">official plugin homepage</a>.', ExecPhp_PLUGIN_ID, ExecPhp_HOME_URL. '/docs/'. __s('readme.html', ExecPhp_PLUGIN_ID)); ?></p> |
|
162 |
|
163 <?php if (version_compare($wp_version, '2.2.dev') >= 0) : ?> |
|
164 <h3><?php _es('Settings', ExecPhp_PLUGIN_ID); ?></h3> |
|
165 |
|
166 <form action="" method="post" id="<?php echo ExecPhp_ID_CONFIG_FORM; ?>"<?php if (version_compare($wp_version, '2.5.dev') >= 0 && version_compare($wp_version, '2.6.dev') < 0) : ?> class="wp-2-5"<?php endif; ?>> |
|
167 <?php wp_nonce_field(ExecPhp_ACTION_UPDATE_OPTIONS); ?> |
|
168 |
|
169 <fieldset class="options"> |
|
170 <table class="editform optiontable form-table"> |
|
171 <tr valign="top"> |
|
172 <th scope="row"><?php _es('Execute PHP code in text widgets', ExecPhp_PLUGIN_ID); ?></th> |
|
173 <td> |
|
174 <label for="<?php echo ExecPhp_POST_WIDGET_SUPPORT; ?>"> |
|
175 <input type="checkbox" name="<?php echo ExecPhp_POST_WIDGET_SUPPORT; ?>" id="<?php echo ExecPhp_POST_WIDGET_SUPPORT; ?>" value="true" <?php if ($option->get_widget_support()) : ?>checked="checked" <?php endif; ?>/> |
|
176 <?php _es('Executing PHP code in text widgets is not restricted to any user. By default users who can modify text widgets will also be able to execute PHP code in text widgets. Unselect this option to generally turn off execution of PHP code in text widgets.', ExecPhp_PLUGIN_ID); ?> |
|
177 |
|
178 </label> |
|
179 </td> |
|
180 </tr> |
|
181 </table> |
|
182 </fieldset> |
|
183 |
|
184 <p class="submit"> |
|
185 <input type="submit" name="<?php echo ExecPhp_ACTION_UPDATE_OPTIONS; ?>" class="button-primary" value="<?php _es('Save Changes', ExecPhp_PLUGIN_ID) ?>" /> |
|
186 </p> |
|
187 </form> |
|
188 |
|
189 <?php endif; ?> |
|
190 <h3><?php _es('Security Information', ExecPhp_PLUGIN_ID); ?></h3> |
|
191 <p><?php _es('The following lists show which users are allowed to write or execute PHP code in different cases. Allowing to write or execute PHP code can be adjusted by assigning the necessary capabilities to individual users or roles by using a role manager plugin.', ExecPhp_PLUGIN_ID); ?></p> |
|
192 |
|
193 <form action="" id="<?php echo ExecPhp_ID_INFO_FORM; ?>"<?php if (version_compare($wp_version, '2.5.dev') >= 0 && version_compare($wp_version, '2.6.dev') < 0) : ?> class="wp-2-5"<?php endif; ?>> |
|
194 <?php $this->print_request_users(ExecPhp_ID_INFO_SECURITY_HOLE, |
|
195 ExecPhp_REQUEST_FEATURE_SECURITY_HOLE, |
|
196 __s('Security Hole', ExecPhp_PLUGIN_ID), |
|
197 __s('The following list shows which users have either or both of the "%1$s" or "%2$s" capability and are allowed to change others PHP code by having the "%3$s" capability but do not have the "%4$s" capability for themself. This is a security hole, because the listed users can write and execute PHP code in articles of other users although they are not supposed to execute PHP code at all.', ExecPhp_PLUGIN_ID, ExecPhp_CAPABILITY_EDIT_OTHERS_POSTS, ExecPhp_CAPABILITY_EDIT_OTHERS_PAGES, ExecPhp_CAPABILITY_EDIT_OTHERS_PHP, ExecPhp_CAPABILITY_EXECUTE_ARTICLES)); ?> |
|
198 |
|
199 <?php if (version_compare($wp_version, '2.2.dev') >= 0) : ?> |
|
200 <?php $this->print_request_users(ExecPhp_ID_INFO_WIDGETS, |
|
201 ExecPhp_REQUEST_FEATURE_WIDGETS, |
|
202 __s('Executing PHP Code in Text Widgets', ExecPhp_PLUGIN_ID), |
|
203 __s('The following list shows which users have the "%s" capability and therefore are allowed to write and execute PHP code in text widgets. In case you have deselected the option "Execute PHP code in text widgets" from above, this list will appear empty.', ExecPhp_PLUGIN_ID, ExecPhp_CAPABILITY_EXECUTE_WIDGETS)); ?> |
|
204 |
|
205 <?php endif; ?> |
|
206 <?php $this->print_request_users(ExecPhp_ID_INFO_EXECUTE_ARTICLES, |
|
207 ExecPhp_REQUEST_FEATURE_EXECUTE_ARTICLES, |
|
208 __s('Executing PHP Code in Articles', ExecPhp_PLUGIN_ID), |
|
209 __s('The following list shows which users have the "%s" capability and therefore are allowed to execute PHP code in articles.', ExecPhp_PLUGIN_ID, ExecPhp_CAPABILITY_EXECUTE_ARTICLES)); ?> |
|
210 </form> |
|
211 </div> |
|
212 <?php |
|
213 } |
|
214 } |
|
215 endif; |
|
216 |
|
217 ?> |