diff -r 53cff4b4a802 -r bde1974c263b web/wp-content/plugins/exec-php/includes/runtime.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/web/wp-content/plugins/exec-php/includes/runtime.php Wed Feb 03 15:37:20 2010 +0000 @@ -0,0 +1,117 @@ +m_cache =& $cache; + + add_filter('the_content', array(&$this, 'filter_user_content'), 1); + add_filter('the_content_rss', array(&$this, 'filter_user_content'), 1); + add_filter('the_excerpt', array(&$this, 'filter_user_content'), 1); + add_filter('the_excerpt_rss', array(&$this, 'filter_user_content'), 1); + add_filter('widget_text', array(&$this, 'filter_widget_content'), 1); + add_filter('user_has_cap', array(&$this, 'filter_user_has_cap'), 10, 3); + } + + // --------------------------------------------------------------------------- + // tools + // --------------------------------------------------------------------------- + + function eval_php($content) + { + // to be compatible with older PHP4 installations + // don't use fancy ob_XXX shortcut functions + ob_start(); + eval("?>$contentpost_author)) + return $content; + $poster = new WP_User($post->post_author); + if (!$poster->has_cap(ExecPhp_CAPABILITY_EXECUTE_ARTICLES)) + return $content; + return $this->eval_php($content); + } + + function filter_widget_content($content) + { + // check whether the admin has configured widget support + $option =& $this->m_cache->get_option(); + if (!$option->get_widget_support()) + return $content; + + return $this->eval_php($content); + } + + function filter_user_has_cap($allcaps, $caps, $args) + { + // $allcaps = Capabilities the user currently has + // $caps = Primitive capabilities being tested / requested + // $args = array with: + // $args[0] = original meta capability requested + // $args[1] = user being tested + // See code for assumptions + + // This handler is only set up to deal with the edit_others_pages + // or edit_others_posts capability. Ignore all other calls into here. + $pages_request = in_array('edit_others_pages', $caps); + $posts_request = in_array('edit_others_posts', $caps); + if ((!$pages_request && !$posts_request) + || ($pages_request && $posts_request) + || !$args[0] || !$args[1] || $args[1] == 0) + return $allcaps; + + global $post; + if (!isset($post)) + return $allcaps; + $poster = new WP_User($post->post_author); + if (!$poster->has_cap(ExecPhp_CAPABILITY_EXECUTE_ARTICLES)) + return $allcaps; + + $editor_has_edit_others_php = (in_array(ExecPhp_CAPABILITY_EDIT_OTHERS_PHP, $allcaps) + && $allcaps[ExecPhp_CAPABILITY_EDIT_OTHERS_PHP]); + if ($editor_has_edit_others_php) + return $allcaps; + + // article may contain PHP code due to the original posters capabilities + // but the editor is not allowed to edit others PHP code, so filter out + // requested edit_others_xxx settings from the allowed caps + if ($pages_request) + unset($allcaps['edit_others_pages']); + if ($posts_request) + unset($allcaps['edit_others_posts']); + return $allcaps; + } +} +endif; + +?> \ No newline at end of file