PageRenderTime 40ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/wp-content/plugins/exec-php/includes/config_ui.php

https://gitlab.com/Gashler/sg
PHP | 217 lines | 165 code | 31 blank | 21 comment | 20 complexity | 6828f559e27867370b1dba3e5ca2e451 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. require_once(dirname(__FILE__).'/cache.php');
    4. 

  4. require_once(dirname(__FILE__).'/const.php');
    5. 

  5. require_once(dirname(__FILE__).'/l10n.php');
    6. 

  6. require_once(dirname(__FILE__).'/script.php');
    7. 

  7. 

  8. // -----------------------------------------------------------------------------
    9. 

  9. // the ExecPhp_ConfigUi class displays the config interface in the
    10. 

  10. // admin menu
    11. 

  11. // -----------------------------------------------------------------------------
    12. 

  12. 

  13. // use this guard to avoid error messages in WP admin panel if plugin
    14. 

  14. // is disabled because of a version conflict but you still try to reload
    15. 

  15. // the plugins config interface
    16. 

  16. if (!class_exists('ExecPhp_ConfigUi')) :
    17. 

  17. 

  18. define('ExecPhp_ACTION_UPDATE_OPTIONS', 'execphp_update_options');
    19. 

  19. 

  20. class ExecPhp_ConfigUi
    21. 

  21. {
    22. 

  22. 	var $m_cache = NULL;
    23. 

  23. 	var $m_script = NULL;
    24. 

  24. 

  25. 	// ---------------------------------------------------------------------------
    26. 

  26. 	// init
    27. 

  27. 	// ---------------------------------------------------------------------------
    28. 

  28. 

  29. 	// Sets up the Exec-Php config menu
    30. 

  30. 	function ExecPhp_ConfigUi(&$cache, &$script)
    31. 

  31. 	{
    32. 

  32. 		$this->m_cache =& $cache;
    33. 

  33. 		$this->m_script =& $script;
    34. 

  34. 

  35. 		$option =& $this->m_cache->get_option();
    36. 

  36. 		$this->toggle_action($option->get_status());
    37. 

  37. 		add_action('admin_menu', array(&$this, 'action_admin_menu'));
    38. 

  38. 	}
    39. 

  39. 

  40. 	// ---------------------------------------------------------------------------
    41. 

  41. 	// hooks
    42. 

  42. 	// ---------------------------------------------------------------------------
    43. 

  43. 

  44. 	function action_admin_menu()
    45. 

  45. 	{
    46. 

  46. 		if (current_user_can(ExecPhp_CAPABILITY_EDIT_PLUGINS))
    47. 

  47. 		{
    48. 

  48. 			add_submenu_page('options-general.php',
    49. 

  49. 				__s('Exec-PHP Settings', ExecPhp_PLUGIN_ID),
    50. 

  50. 				__s('Exec-PHP', ExecPhp_PLUGIN_ID),
    51. 

  51. 				ExecPhp_CAPABILITY_EDIT_PLUGINS, __FILE__,
    52. 

  52. 				array(&$this, 'submenu_page_option_general'));
    53. 

  53. 			add_filter('plugin_action_links', array(&$this, 'filter_plugin_actions_links'), 10, 2);
    54. 

  54. 		}
    55. 

  55. 	}
    56. 

  56. 

  57. 	function filter_plugin_actions_links($links, $file)
    58. 

  58. 	{
    59. 

  59. 		if ($file == ExecPhp_HOMEDIR. '/exec-php.php')
    60. 

  60. 		{
    61. 

  61. 			$settings_link = $settings_link = '<a href="options-general.php?page='. ExecPhp_HOMEDIR. '/includes/config_ui.php">' . __('Settings') . '</a>';
    62. 

  62. 			array_unshift($links, $settings_link);
    63. 

  63. 		}
    64. 

  64. 		return $links;
    65. 

  65. 	}
    66. 

  66. 

  67. 	function action_admin_footer_plugin_version()
    68. 

  68. 	{
    69. 

  69. 		$option =& $this->m_cache->get_option();
    70. 

  70. 		$heading = __s('Exec-PHP Error.', ExecPhp_PLUGIN_ID);
    71. 

  71. 		$text = __s('No necessary upgrade of the the Exec-PHP plugin could be performed. PHP code in your articles or widgets may be viewable to your blog readers. This is plugin version %1$s, previously there was version %2$s installed. Downgrading from a newer version to an older version of the plugin is not supported.', ExecPhp_PLUGIN_ID
    72. 

  72. 			, ExecPhp_VERSION, $option->get_version());
    73. 

  73. 		$this->m_script->print_message($heading, $text);
    74. 

  74. 	}
    75. 

  75. 

  76. 	function action_admin_footer_unknown()
    77. 

  77. 	{
    78. 

  78. 		$option =& $this->m_cache->get_option();
    79. 

  79. 		$heading = __s('Exec-PHP Error.', ExecPhp_PLUGIN_ID);
    80. 

  80. 		$text = __s('An unknown error (%s) occured during execution of the Exec-PHP plugin. PHP code in your articles or widgets may be viewable to your blog readers. This error should never happen if you use the plugin with a compatible WordPress version and installed it as described in the documentation.', ExecPhp_PLUGIN_ID
    81. 

  81. 			, $option->get_status());
    82. 

  82. 		$this->m_script->print_message($heading, $text);
    83. 

  83. 	}
    84. 

  84. 

  85. 	function toggle_action($status)
    86. 

  86. 	{
    87. 

  87. 		if ($status == ExecPhp_STATUS_PLUGIN_VERSION_MISMATCH)
    88. 

  88. 			add_action('admin_footer', array(&$this, 'action_admin_footer_plugin_version'));
    89. 

  89. 		else
    90. 

  90. 			remove_action('admin_footer', array(&$this, 'action_admin_footer_plugin_version'));
    91. 

  91. 

  92. 		if ($status != ExecPhp_STATUS_OKAY
    93. 

  93. 			&& $status != ExecPhp_STATUS_PLUGIN_VERSION_MISMATCH)
    94. 

  94. 			add_action('admin_footer', array(&$this, 'action_admin_footer_unknown'));
    95. 

  95. 		else
    96. 

  96. 			remove_action('admin_footer', array(&$this, 'action_admin_footer_unknown'));
    97. 

  97. 	}
    98. 

  98. 

  99. 	// ---------------------------------------------------------------------------
    100. 

  100. 	// interface
    101. 

  101. 	// ---------------------------------------------------------------------------
    102. 

  102. 

  103. 	function print_request_users($display_id, $feature, $title, $introduction)
    104. 

  104. 	{
    105. 

  105. 		global $wp_version;
    106. 

  106. 		if (version_compare($wp_version, '2.6.dev') >= 0)
    107. 

  107. 			// since WP 2.6 it comes with its own progress animation
    108. 

  108. 			$image_url = get_option('siteurl'). '/wp-admin/images/loading.gif';
    109. 

  109. 		else
    110. 

  110. 			$image_url = ExecPhp_HOME_URL. '/images/progress.gif';
    111. 

  111. ?>
    112. 

  112. 			<fieldset class="options">
    113. 

  113. 				<table class="editform optiontable form-table">
    114. 

  114. 					<tr valign="top" id="<?php echo $display_id; ?>-container" >
    115. 

  115. 						<th scope="row"><?php echo $title; ?></th>
    116. 

  116. 						<td>
    117. 

  117. 							<label for="<?php echo ExecPhp_POST_WIDGET_SUPPORT; ?>">
    118. 

  118. 								<?php echo $introduction; ?>
    119. 

  119. 

  120. 								<div class="execphp-user-list" id="<?php echo $display_id; ?>">
    121. 

  121. 									<?php _es('The list can not be displayed because you may have disabled Javascript or your browser does not support Javascript.', ExecPhp_PLUGIN_ID); ?>
    122. 

  122. 

  123. 								</div>
    124. 

  124. 								<script type="text/javascript">
    125. 

  125. 									//<![CDATA[
    126. 

  126. 									document.getElementById("<?php echo $display_id; ?>").innerHTML =
    127. 

  127. 										"<p><img src=\"<?php echo $image_url; ?>\" alt=\"<?php escape_dquote(_es('An animated icon signaling that this information is still be loaded.', ExecPhp_PLUGIN_ID)); ?>\" /> <?php escape_dquote(_es('Loading user information...', ExecPhp_PLUGIN_ID)); ?></p>";
    128. 

  128. 									ExecPhp_subscribeForFeature("<?php echo $feature; ?>");
    129. 

  129. 									//]]>
    130. 

  130. 								</script>
    131. 

  131. 							</label>
    132. 

  132. 						</td>
    133. 

  133. 					</tr>
    134. 

  134. 				</table>
    135. 

  135. 			</fieldset>
    136. 

  136. <?php
    137. 

  137. 	}
    138. 

  138. 

  139. 	function submenu_page_option_general()
    140. 

  140. 	{
    141. 

  141. 		global $wpdb;
    142. 

  142. 		global $wp_version;
    143. 

  143. 

  144. 		// executing form actions
    145. 

  145. 		$option =& $this->m_cache->get_option();
    146. 

  146. 		if (isset($_POST[ExecPhp_ACTION_UPDATE_OPTIONS]))
    147. 

  147. 		{
    148. 

  148. 			check_admin_referer(ExecPhp_ACTION_UPDATE_OPTIONS);
    149. 

  149. 			$option->set_from_POST();
    150. 

  150. 			$option->save();
    151. 

  151. 			echo '<div id="message" class="updated fade"><p><strong>'.
    152. 

  152. 				__s('Settings saved.', ExecPhp_PLUGIN_ID) . "</strong></p></div>\n";
    153. 

  153. 		}
    154. 

  154. 		$this->toggle_action($option->get_status());
    155. 

  155. ?>
    156. 

  156. 	<div class="wrap">
    157. 

  157. <?php if (version_compare($wp_version, '2.7.dev') >= 0) : ?>
    158. 

  158. 		<div id="icon-options-general" class="icon32"><br /></div>
    159. 

  159. <?php endif; ?>
    160. 

  160. 		<h2><?php _es('Exec-PHP Plugin', ExecPhp_PLUGIN_ID); ?></h2>
    161. 

  161. 		<p><?php echo __s('Exec-PHP executes <code>&lt;?php ?&gt;</code> code in your posts, pages and text widgets. See the <a href="%s">local documentation</a> for further information. The latest version of the plugin, documentation and information can be found on the <a href="http://bluesome.net/post/2005/08/18/50/">official plugin homepage</a>.', ExecPhp_PLUGIN_ID, ExecPhp_HOME_URL. '/docs/'. __s('readme.html', ExecPhp_PLUGIN_ID)); ?></p>
    162. 

  162. 

  163. <?php if (version_compare($wp_version, '2.2.dev') >= 0) : ?>
    164. 

  164. 		<h3><?php _es('Settings', ExecPhp_PLUGIN_ID); ?></h3>
    165. 

  165. 

  166. 		<form action="" method="post" id="<?php echo ExecPhp_ID_CONFIG_FORM; ?>"<?php if (version_compare($wp_version, '2.5.dev') >= 0 && version_compare($wp_version, '2.6.dev') < 0) : ?> class="wp-2-5"<?php endif; ?>>
    167. 

  167. 			<?php wp_nonce_field(ExecPhp_ACTION_UPDATE_OPTIONS); ?>
    168. 

  168. 

  169. 			<fieldset class="options">
    170. 

  170. 				<table class="editform optiontable form-table">
    171. 

  171. 					<tr valign="top">
    172. 

  172. 						<th scope="row"><?php _es('Execute PHP code in text widgets', ExecPhp_PLUGIN_ID); ?></th>
    173. 

  173. 						<td>
    174. 

  174. 							<label for="<?php echo ExecPhp_POST_WIDGET_SUPPORT; ?>">
    175. 

  175. 								<input type="checkbox" name="<?php echo ExecPhp_POST_WIDGET_SUPPORT; ?>" id="<?php echo ExecPhp_POST_WIDGET_SUPPORT; ?>" value="true" <?php if ($option->get_widget_support()) : ?>checked="checked" <?php endif; ?>/>
    176. 

  176. 								<?php _es('Executing PHP code in text widgets is not restricted to any user. By default users who can modify text widgets will also be able to execute PHP code in text widgets. Unselect this option to generally turn off execution of PHP code in text widgets.', ExecPhp_PLUGIN_ID); ?>
    177. 

  177. 

  178. 							</label>
    179. 

  179. 						</td>
    180. 

  180. 					</tr>
    181. 

  181. 				</table>
    182. 

  182. 			</fieldset>
    183. 

  183. 

  184. 			<p class="submit">
    185. 

  185. 				<input type="submit" name="<?php echo ExecPhp_ACTION_UPDATE_OPTIONS; ?>" class="button-primary" value="<?php _es('Save Changes', ExecPhp_PLUGIN_ID) ?>" />
    186. 

  186. 			</p>
    187. 

  187. 		</form>
    188. 

  188. 

  189. <?php endif; ?>
    190. 

  190. 		<h3><?php _es('Security Information', ExecPhp_PLUGIN_ID); ?></h3>
    191. 

  191. 		<p><?php _es('The following lists show which users are allowed to write or execute PHP code in different cases. Allowing to write or execute PHP code can be adjusted by assigning the necessary capabilities to individual users or roles by using a role manager plugin.', ExecPhp_PLUGIN_ID); ?></p>
    192. 

  192. 

  193. 		<form action="" id="<?php echo ExecPhp_ID_INFO_FORM; ?>"<?php if (version_compare($wp_version, '2.5.dev') >= 0 && version_compare($wp_version, '2.6.dev') < 0) : ?> class="wp-2-5"<?php endif; ?>>
    194. 

  194. <?php $this->print_request_users(ExecPhp_ID_INFO_SECURITY_HOLE,
    195. 

  195. 	ExecPhp_REQUEST_FEATURE_SECURITY_HOLE,
    196. 

  196. 	__s('Security Hole', ExecPhp_PLUGIN_ID),
    197. 

  197. 	__s('The following list shows which users have either or both of the &quot;%1$s&quot; or &quot;%2$s&quot; capability and are allowed to change others PHP code by having the &quot;%3$s&quot; capability but do not have the &quot;%4$s&quot; capability for themself. This is a security hole, because the listed users can write and execute PHP code in articles of other users although they are not supposed to execute PHP code at all.', ExecPhp_PLUGIN_ID, ExecPhp_CAPABILITY_EDIT_OTHERS_POSTS, ExecPhp_CAPABILITY_EDIT_OTHERS_PAGES, ExecPhp_CAPABILITY_EDIT_OTHERS_PHP, ExecPhp_CAPABILITY_EXECUTE_ARTICLES)); ?>
    198. 

  198. 

  199. <?php if (version_compare($wp_version, '2.2.dev') >= 0) : ?>
    200. 

  200. <?php $this->print_request_users(ExecPhp_ID_INFO_WIDGETS,
    201. 

  201. 	ExecPhp_REQUEST_FEATURE_WIDGETS,
    202. 

  202. 	__s('Executing PHP Code in Text Widgets', ExecPhp_PLUGIN_ID),
    203. 

  203. 	__s('The following list shows which users have the &quot;%s&quot; capability and therefore are allowed to write and execute PHP code in text widgets. In case you have deselected the option &quot;Execute PHP code in text widgets&quot; from above, this list will appear empty.', ExecPhp_PLUGIN_ID, ExecPhp_CAPABILITY_EXECUTE_WIDGETS)); ?>
    204. 

  204. 

  205. <?php endif; ?>
    206. 

  206. <?php $this->print_request_users(ExecPhp_ID_INFO_EXECUTE_ARTICLES,
    207. 

  207. 	ExecPhp_REQUEST_FEATURE_EXECUTE_ARTICLES,
    208. 

  208. 	__s('Executing PHP Code in Articles', ExecPhp_PLUGIN_ID),
    209. 

  209. 	__s('The following list shows which users have the &quot;%s&quot; capability and therefore are allowed to execute PHP code in articles.', ExecPhp_PLUGIN_ID, ExecPhp_CAPABILITY_EXECUTE_ARTICLES)); ?>
    210. 

  210. 		</form>
    211. 

  211. 	</div>
    212. 

  212. <?php
    213. 

  213. 	}
    214. 

  214. }
    215. 

  215. endif;
    216. 

  216. 

  217. ?>
    218.