AlternC/bureau/admin/bro_editor.php

<?php
/*
 ----------------------------------------------------------------------
 LICENSE

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License (GPL)
 as published by the Free Software Foundation; either version 2
 of the License, or (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 To read the license please visit http://www.gnu.org/copyleft/gpl.html
 ----------------------------------------------------------------------
*/

/**
 * File editor part of AlternC file manager / browser.
 * 
 * @copyright AlternC-Team 2000-2017 https://alternc.com/  
 */

 require_once("../class/config.php");

// We check it ourself : not fatal
define("NOCSRF",true);

$fields = array (
	"editfile"    		=> array ("request", "string", ""),
	"texte"    		=> array ("post", "string", ""),
	"save"    		=> array ("post", "string", ""),
	"saveret"    		=> array ("post", "string", ""),
	"cancel"    		=> array ("post", "string", ""),
	"R"	    		=> array ("request", "string", ""),
);
getFields($fields);

$editing=false;
$editfile=ssla($editfile);
$texte=ssla($texte);

$R=$bro->convertabsolute($R,1);
$p=$bro->GetPrefs();

if (isset($cancel) && $cancel) {
	include("bro_main.php");
	exit();
}

if (isset($saveret) && $saveret) {
    $editing=true;

    // Thanks to this, we bring you back to the EDIT form if the CSRF is invalid.
    // Allows you to re-submit
    // FIXME - doesn't work
/*    $csrf_check=false;
    if (count($_POST) && !defined("NOCSRF")) {
        if (csrf_check()<=0) {
            $csrf_check = true;
        }
    }*/
    
    if ($bro->save($editfile,$R,$texte)) {
        $msg->raise("INFO", "bro", _("Your file %s has been saved")." (".format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s")).")", $editfile);
        include("bro_main.php");
        exit();
    }
}
if (isset($save) && $save) {
  if ($bro->save($editfile,$R,$texte)) {
    $msg->raise("INFO", "bro", _("Your file %s has been saved")." (".format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s")).")", $editfile);
  }
}

$addhead['css'][]='<link rel="stylesheet" href="/javascript/prettify/prettify.css" type="text/css" />';
$addhead['js'][]='<script src="/javascript/prettify/prettify.js" type="text/javascript"></script>';
include_once("head.php");

?>
<p>
<?php
echo $msg->msg_html_all();
?>
<h3><?php echo _("File editing")." <code>".ehe($R,false)."/<b>".ehe($editfile,false)."</b></code><br />"; ?></h3>
</p>

<?php
$content=$bro->content($R,$editfile);
?>

<form action="bro_editor.php" method="post"><br />
  <?php csrf_get(); ?>
<div id="tabsfile">
  <ul>
    <li class="view"><a href="#tabsfile-view"><?php __("View"); ?></a></li>
    <li class="edit"><a href="#tabsfile-edit"><?php __("Edit"); ?></a></li>
  </ul>

<div id="tabsfile-view">
<?php
echo "<pre class='prettyprint' id='file_content_view' >$content</pre>";
?>
</div>

<div id="tabsfile-edit">
<textarea id='file_content_editor' class="int" style="font-family: <?php echo $p["editor_font"]; ?>; font-size: <?php echo $p["editor_size"]; ?>; width: 90%; height: 400px;" name="texte"><?php
  if (empty($content)) { 
    $error=_("This file is empty");
  } else {
    echo $content;  
  }
?></textarea>
</div>
</div><!-- tabsfile -->
<br/>
<?php if (!empty($error)) echo "<p class=\"alert alert-danger\">".$error."</p>"; ?>
	<input type="hidden" name="editfile" value="<?php ehe($editfile); ?>" />
	<input type="hidden" name="R" value="<?php ehe($R); ?>" />

	<input type="submit" class="inb" value="<?php __("Save"); ?>" name="save" />
	<input type="submit" class="inb" value="<?php __("Save &amp; Quit"); ?>" name="saveret" />
	<input type="submit" class="inb" value="<?php __("Quit"); ?>" name="cancel" />
<br />
</form>

<script type="text/javascript">
$(function() {
    prettyPrint();
    $( "#tabsfile" ).tabs();
<?php if ($editing) { ?>
    $( "#tabsfile-edit" ).tabs( "option", "active", 1 );
<?php } ?>
});

$('#tabsfile').on('tabsbeforeactivate', function(event, ui){
    var b = $('#file_content_editor').val();
    $('#file_content_view').text( b );
    $('#file_content_view').removeClass('prettyprinted');
    PR.prettyPrint();
});
</script>


<?php include_once("foot.php"); ?>
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00			`<?php`
			`/*`
			`----------------------------------------------------------------------`
			`LICENSE`

			`This program is free software; you can redistribute it and/or`
			`modify it under the terms of the GNU General Public License (GPL)`
			`as published by the Free Software Foundation; either version 2`
			`of the License, or (at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`To read the license please visit http://www.gnu.org/copyleft/gpl.html`
			`----------------------------------------------------------------------`
			`*/`
[cosm] many cosmetic comment fixes, + ensure license and copyright everywhere 2017-10-12 15:54:48 +00:00
			`/**`
			`* File editor part of AlternC file manager / browser.`
			`*`
			`* @copyright AlternC-Team 2000-2017 https://alternc.com/`
			`*/`

			`require_once("../class/config.php");`
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00			`// We check it ourself : not fatal`
			`define("NOCSRF",true);`

Register globals + clean d'anciens fichiers plus utile 2012-08-22 16:47:18 +00:00			`$fields = array (`
[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly 2016-05-23 14:08:23 +00:00			`"editfile" => array ("request", "string", ""),`
Register globals + clean d'anciens fichiers plus utile 2012-08-22 16:47:18 +00:00			`"texte" => array ("post", "string", ""),`
			`"save" => array ("post", "string", ""),`
			`"saveret" => array ("post", "string", ""),`
			`"cancel" => array ("post", "string", ""),`
[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly 2016-05-23 14:08:23 +00:00			`"R" => array ("request", "string", ""),`
Register globals + clean d'anciens fichiers plus utile 2012-08-22 16:47:18 +00:00			`);`
			`getFields($fields);`

[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00			`$editing=false;`
debugging bro_editor on var 2011-03-28 12:00:33 +00:00			`$editfile=ssla($editfile);`
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00			`$texte=ssla($texte);`

			`$R=$bro->convertabsolute($R,1);`
			`$p=$bro->GetPrefs();`

Bugfixes niveau panel, correction notices PHP 2012-06-19 15:26:48 +00:00			`if (isset($cancel) && $cancel) {`
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00			`include("bro_main.php");`
			`exit();`
			`}`
Ajoute dans l'editeur le principe de prévisualiser les fichiers... ... avec coloration syntaxique \o/ Par contre, chez moi l'édition de fichier est cassé. A vérifier si c'est que chez moi (et ca date d'avant ce patch ;) ) 2014-01-10 15:37:50 +00:00
Bugfixes niveau panel, correction notices PHP 2012-06-19 15:26:48 +00:00			`if (isset($saveret) && $saveret) {`
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00			`$editing=true;`

			`// Thanks to this, we bring you back to the EDIT form if the CSRF is invalid.`
			`// Allows you to re-submit`
classe browser (m_bro) & fichiers section admin associés 2017-08-16 00:44:54 +00:00			`// FIXME - doesn't work`
			`/* $csrf_check=false;`
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00			`if (count($_POST) && !defined("NOCSRF")) {`
			`if (csrf_check()<=0) {`
classe browser (m_bro) & fichiers section admin associés 2017-08-16 00:44:54 +00:00			`$csrf_check = true;`
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00			`}`
classe browser (m_bro) & fichiers section admin associés 2017-08-16 00:44:54 +00:00			`}*/`
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00
classe browser (m_bro) & fichiers section admin associés 2017-08-16 00:44:54 +00:00			`if ($bro->save($editfile,$R,$texte)) {`
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO 2017-10-06 16:04:36 +00:00			`$msg->raise("INFO", "bro", _("Your file %s has been saved")." (".format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s")).")", $editfile);`
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00			`include("bro_main.php");`
			`exit();`
			`}`
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00			`}`
Bugfixes niveau panel, correction notices PHP 2012-06-19 15:26:48 +00:00			`if (isset($save) && $save) {`
Simplifie le code d'enregistrement des fichiers de l'editeur 2014-01-10 15:54:18 +00:00			`if ($bro->save($editfile,$R,$texte)) {`
[fix] class m_messages fixed to use 'level' instead of 'type' or 'cat' + force CAP on levels + merge OK and INFO 2017-10-06 16:04:36 +00:00			`$msg->raise("INFO", "bro", _("Your file %s has been saved")." (".format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s")).")", $editfile);`
Merged changesets 2970, 2972, 2984, 2986, 2987 and 2988 from branch stable 1.0 to trunk. 2011-06-04 14:28:57 +00:00			`}`
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00			`}`

[enh] removing jquery ui (now a package) + fixing head.php, simpler unless you use bro_editor 2018-06-24 14:49:43 +00:00			`$addhead['css'][]='<link rel="stylesheet" href="/javascript/prettify/prettify.css" type="text/css" />';`
Fix syntax error in bro_editor 2018-07-12 13:57:29 +00:00			`$addhead['js'][]='<script src="/javascript/prettify/prettify.js" type="text/javascript"></script>';`
Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`include_once("head.php");`

AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00			`?>`
			`<p>`
classe browser (m_bro) & fichiers section admin associés 2017-08-16 00:44:54 +00:00			`<?php`
			`echo $msg->msg_html_all();`
			`?>`
[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly 2016-05-23 14:08:23 +00:00			`<h3><?php echo _("File editing")." <code>".ehe($R,false)."/<b>".ehe($editfile,false)."</b></code><br />"; ?></h3>`
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00			`</p>`
Ajoute dans l'editeur le principe de prévisualiser les fichiers... ... avec coloration syntaxique \o/ Par contre, chez moi l'édition de fichier est cassé. A vérifier si c'est que chez moi (et ca date d'avant ce patch ;) ) 2014-01-10 15:37:50 +00:00
			`<?php`
			`$content=$bro->content($R,$editfile);`
			`?>`

Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`<form action="bro_editor.php" method="post"><br />`
[wip] securing all forms through CSRF management (requires a new table) 2016-05-20 12:21:47 +00:00			`<?php csrf_get(); ?>`
Ajoute dans l'editeur le principe de prévisualiser les fichiers... ... avec coloration syntaxique \o/ Par contre, chez moi l'édition de fichier est cassé. A vérifier si c'est que chez moi (et ca date d'avant ce patch ;) ) 2014-01-10 15:37:50 +00:00			`<div id="tabsfile">`
			`<ul>`
			`<li class="view"><a href="#tabsfile-view"><?php __("View"); ?></a></li>`
			`<li class="edit"><a href="#tabsfile-edit"><?php __("Edit"); ?></a></li>`
			`</ul>`

			`<div id="tabsfile-view">`
			`<?php`
			`echo "<pre class='prettyprint' id='file_content_view' >$content</pre>";`
			`?>`
			`</div>`

			`<div id="tabsfile-edit">`
			`<textarea id='file_content_editor' class="int" style="font-family: <?php echo $p["editor_font"]; ?>; font-size: <?php echo $p["editor_size"]; ?>; width: 90%; height: 400px;" name="texte"><?php`
Bug editor 2012-08-29 07:25:33 +00:00			`if (empty($content)) {`
Nous les mini-patchs, nanananananana ! 2013-01-31 17:00:39 +00:00			`$error=_("This file is empty");`
Bug editor 2012-08-29 07:25:33 +00:00			`} else {`
			`echo $content;`
			`}`
Merged changesets 2970, 2972, 2984, 2986, 2987 and 2988 from branch stable 1.0 to trunk. 2011-06-04 14:28:57 +00:00			`?></textarea>`
Ajoute dans l'editeur le principe de prévisualiser les fichiers... ... avec coloration syntaxique \o/ Par contre, chez moi l'édition de fichier est cassé. A vérifier si c'est que chez moi (et ca date d'avant ce patch ;) ) 2014-01-10 15:37:50 +00:00			`</div>`
			`</div><!-- tabsfile -->`
			`<br/>`
[enh] Converts more alert messages 2013-10-18 09:59:03 +00:00			`<?php if (!empty($error)) echo "<p class=\"alert alert-danger\">".$error."</p>"; ?>`
[wip] adding missing ehe() and eue() for htmlentities or urlencode in form fields 2016-05-22 18:14:26 +00:00			`<input type="hidden" name="editfile" value="<?php ehe($editfile); ?>" />`
[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly 2016-05-23 14:08:23 +00:00			`<input type="hidden" name="R" value="<?php ehe($R); ?>" />`
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00
			`<input type="submit" class="inb" value="<?php __("Save"); ?>" name="save" />`
Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`<input type="submit" class="inb" value="<?php __("Save & Quit"); ?>" name="saveret" />`
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00			`<input type="submit" class="inb" value="<?php __("Quit"); ?>" name="cancel" />`
Merging blue desktop to trunk. 2009-09-08 05:29:38 +00:00			`<br />`
AlternC Plugin are now part of AlternC svn repository\n Migration Phase 2 2006-04-26 12:28:53 +00:00			`</form>`
Ajoute dans l'editeur le principe de prévisualiser les fichiers... ... avec coloration syntaxique \o/ Par contre, chez moi l'édition de fichier est cassé. A vérifier si c'est que chez moi (et ca date d'avant ce patch ;) ) 2014-01-10 15:37:50 +00:00
			`<script type="text/javascript">`
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00			`$(function() {`
[enh] removing jquery ui (now a package) + fixing head.php, simpler unless you use bro_editor 2018-06-24 14:49:43 +00:00			`prettyPrint();`
			`$( "#tabsfile" ).tabs();`
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00			`<?php if ($editing) { ?>`
[enh] removing jquery ui (now a package) + fixing head.php, simpler unless you use bro_editor 2018-06-24 14:49:43 +00:00			`$( "#tabsfile-edit" ).tabs( "option", "active", 1 );`
[fix] the file editor allows an invalid token. Tell the user and give a new one to re-submit. Fixes #111 2016-08-09 14:40:11 +00:00			`<?php } ?>`
			`});`
Ajoute dans l'editeur le principe de prévisualiser les fichiers... ... avec coloration syntaxique \o/ Par contre, chez moi l'édition de fichier est cassé. A vérifier si c'est que chez moi (et ca date d'avant ce patch ;) ) 2014-01-10 15:37:50 +00:00
			`$('#tabsfile').on('tabsbeforeactivate', function(event, ui){`
[enh] removing jquery ui (now a package) + fixing head.php, simpler unless you use bro_editor 2018-06-24 14:49:43 +00:00			`var b = $('#file_content_editor').val();`
			`$('#file_content_view').text( b );`
			`$('#file_content_view').removeClass('prettyprinted');`
			`PR.prettyPrint();`
Ajoute dans l'editeur le principe de prévisualiser les fichiers... ... avec coloration syntaxique \o/ Par contre, chez moi l'édition de fichier est cassé. A vérifier si c'est que chez moi (et ca date d'avant ce patch ;) ) 2014-01-10 15:37:50 +00:00			`});`
			`</script>`


Séparation des bases de données utilisateurs de la base de donnée systéme. Attention ! Bug ! $db et $dbu ne sont pas étanche ! Il faut se pencher sur la class db_mysql.php pour finir l'isolation 2011-05-18 20:26:12 +00:00			`<?php include_once("foot.php"); ?>`