Project

General

Profile

« Previous | Next » 

Revision 1503

Added by Dietmar over 13 years ago

change sql statements to strict in module droplets
fix vars in compatibility mode for versions before 2.8.1 in frontend.functions.php

View differences:

branches/2.8.x/CHANGELOG
12 12

  
13 13
=============================== FEATURES FREEZE ================================
14 14
----------------------------------- Fixes 2.8.2 --------------------------------
15
18 Aug-2011 Build 1503 Dietmar Woellbrink (Luisehahne)
16
! change sql statements to strict in module droplets
17
! fix vars in compatibility mode for versions before 2.8.1 in frontend.functions.php
15 18
11 Aug-2011 Build 1502 Werner v.d.Decken(DarkViper)
16 19
# fixed c&p mistake
17 20
11 Aug-2011 Build 1501 Werner v.d.Decken(DarkViper)
branches/2.8.x/wb/admin/interface/version.php
52 52

  
53 53
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
54 54
if(!defined('VERSION')) define('VERSION', '2.8.2');
55
if(!defined('REVISION')) define('REVISION', '1502');
55
if(!defined('REVISION')) define('REVISION', '1503');
branches/2.8.x/wb/framework/frontend.functions.php
23 23
}
24 24
/* -------------------------------------------------------- */
25 25
// compatibility mode for versions before 2.8.1
26
	$admin            = $wb;
27
	$default_link     = $wb->default_link;
28
	$page_trail       = $wb->page_trail;
29
	$page_description = $wb->page_description;
30
	$page_keywords    = $wb->page_keywords;
31
	$page_link        = $wb->link;
26
	if(isset($wb)) {$admin = $wb; }
27
	if(isset($wb->default_link)) { $default_link = $wb->default_link; }
28
	if(isset($wb->page_trail)) {$page_trail = $wb->page_trail; }
29
	if(isset($wb->page_description)) {$page_description = $wb->page_description;}
30
	if(isset($wb->page_keywords)) {$page_keywords = $wb->page_keywords;}
31
	if(isset($wb->link)) {$page_link = $wb->link;}
32 32

  
33 33
	$include_head_link_css = '';
34 34
	$include_body_links    = '';
branches/2.8.x/wb/modules/droplets/delete_droplet.php
24 24
require_once(WB_PATH.'/framework/functions.php');
25 25

  
26 26
$module_edit_link = ADMIN_URL .'/admintools/tool.php?tool=droplets';
27
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
27

  
28 28
if(file_exists(ADMIN_PATH .'/admintools/tool.php')) {
29 29
	$admintool_link = ADMIN_URL .'/admintools/index.php';
30 30
	$admin = new admin('admintools', 'admintools');
31
} else {
32
	$admintool_link = ADMIN_URL .'/settings/index.php?advanced=yes#administration_tools"';
33
	$admin = new admin('Settings', 'settings_advanced');
34 31
}
35 32

  
36 33
// Get id
37
$droplet_id = $admin->checkIDKEY('droplet_id', false, 'GET');
34
$droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'GET'));
38 35
if (!$droplet_id) {
39 36
 $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
40 37
 exit();
41 38
}
39
$sql  = 'DELETE FROM `'.TABLE_PREFIX.'mod_droplets` ';
40
$sql .= 'WHERE id = '.$droplet_id;
42 41

  
43 42
// Delete droplet
44
$database->query("DELETE FROM ".TABLE_PREFIX."mod_droplets WHERE id = '$droplet_id' LIMIT 1");
43
$database->query($sql);
45 44

  
46 45
// Check if there is a db error, otherwise say successful
47 46
if($database->is_error()) {
branches/2.8.x/wb/modules/droplets/info.php
16 16
 * @lastmodified    $Date$
17 17
 *
18 18
 */
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_PATH')) {
19 22

  
23
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
24
	throw new IllegalFileException();
25
}
26
/* -------------------------------------------------------- */
27

  
20 28
$module_directory = 'droplets';
21 29
$module_name = 'Droplets';
22 30
$module_function = 'tool';
23
$module_version = '1.1.0';
31
$module_version = '1.2.0';
24 32
$module_platform = '2.8.x';
25 33
$module_author = 'Ruud and pcwacht';
26 34
$module_license = 'GNU General Public License';
27 35
$module_description = 'This tool allows you to manage your local Droplets.';
28

  
29
$module_home = 'http://www.websitebakers.com/pages/droplets/about-droplets.php';
30
$module_guid = '9F2AC2DF-C3E1-4E15-BA4C-2A86E37FE6E5';
branches/2.8.x/wb/modules/droplets/droplets.php
22 22
 *  1.0.3, optimize, reduce memory consumption, increase speed, remove CSS, enable nested droplets
23 23
 *
24 24
 */
25
/* -------------------------------------------------------- */
26
// Must include code to stop this file being accessed directly
27
if(!defined('WB_PATH')) {
25 28

  
26
// Must include code to stop this file being access directly
27
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
29
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
30
	throw new IllegalFileException();
31
}
32
/* -------------------------------------------------------- */
28 33

  
29 34
	function do_eval($_x_codedata, $_x_varlist, &$wb_page_data)
30 35
	{
......
112 117
		}
113 118
		return $wb_page_data;
114 119
	}
115

  
116
?>
branches/2.8.x/wb/modules/droplets/example/EmailFilter.php
1
//:Emailfiltering on your output - output filtering with the options below - Mailto links can be encrypted by a Javascript
2
//:usage:  [[EmailFilter]] 
3
 
4
// You can configure the output filtering with the options below.
5
// Tip: Mailto links can be encrypted by a Javascript function. 
6
// To make use of this option, one needs to add the PHP code 
7
//       register_frontend_modfiles('js');
8
// into the <head> section of the index.php of your template. 
9
// Without this modification, only the @ character in the mailto part will be replaced.
10

  
11
// Basic Email Configuration: 
12
// Filter Email addresses in text 0 = no, 1 = yes - default 1
13
$filter_settings['email_filter'] = '1';
14

  
15
// Filter Email addresses in mailto links 0 = no, 1 = yes - default 1
16
$filter_settings['mailto_filter'] = '1';
17

  
18
// Email Replacements, replace the '@' and the '.' by default (at) and (dot)
19
$filter_settings['at_replacement']  = '(at)';
20
$filter_settings['dot_replacement'] = '(dot)';
21

  
22
// No need to change stuff underneatch unless you know what you are doing.
23

  
24
// work out the defined output filter mode: possible output filter modes: [0], 1, 2, 3, 6, 7
25
// 2^0 * (0.. disable, 1.. enable) filtering of mail addresses in text
26
// 2^1 * (0.. disable, 1.. enable) filtering of mail addresses in mailto links
27
// 2^2 * (0.. disable, 1.. enable) Javascript mailto encryption (only if mailto filtering enabled)
28

  
29
// only filter output if we are supposed to
30
if($filter_settings['email_filter'] != '1' && $filter_settings['mailto_filter'] != '1'){
31
	// nothing to do ...
32
	return true;
33
}
34

  
35
// check if non mailto mail addresses needs to be filtered
36
$output_filter_mode = ($filter_settings['email_filter'] == '1') ? 1 : 0;		// 0|1
37
	
38
// check if mailto mail addresses needs to be filtered
39
if($filter_settings['mailto_filter'] == '1')
40
{
41
	$output_filter_mode = $output_filter_mode + 2;								// 0|2
42
					
43
        // check if Javascript mailto encryption is enabled (call register_frontend_functions in the template)
44
        $search_pattern = '/<.*src=\".*\/mdcr.js.*>/iU';
45
        if(preg_match($search_pattern, $wb_page_data))
46
        {
47
          $output_filter_mode = $output_filter_mode + 4;       // 0|4
48
        }
49
}
50
		
51
// define some constants so we do not call the database in the callback function again
52
define('OUTPUT_FILTER_MODE', (int) $output_filter_mode);
53
define('OUTPUT_FILTER_AT_REPLACEMENT', $filter_settings['at_replacement']);
54
define('OUTPUT_FILTER_DOT_REPLACEMENT', $filter_settings['dot_replacement']);
55
	
56
// function to filter mail addresses embedded in text or mailto links before outputing them on the frontend
57
if (!function_exists('filter_mail_addresses')) {
58
	function filter_mail_addresses($match) { 
59
		
60
	// check if required output filter mode is defined
61
		if(!(defined('OUTPUT_FILTER_MODE') && defined('OUTPUT_FILTER_MODE') && defined('OUTPUT_FILTER_MODE'))) {
62
			return $match[0];
63
		}
64
		
65
		$search = array('@', '.');
66
		$replace = array(OUTPUT_FILTER_AT_REPLACEMENT ,OUTPUT_FILTER_DOT_REPLACEMENT);
67
		
68
		// check if the match contains the expected number of subpatterns (6|8)
69
		if(count($match) == 8) {
70
			/**
71
				OUTPUT FILTER FOR EMAIL ADDRESSES EMBEDDED IN TEXT
72
			**/
73
			
74
			// 1.. text mails only, 3.. text mails + mailto (no JS), 7 text mails + mailto (JS)
75
			if(!in_array(OUTPUT_FILTER_MODE, array(1,3,7))) return $match[0];
76

  
77
			// do not filter mail addresses included in input tags (<input ... value = "test@mail)
78
			if (strpos($match[6], 'value') !== false) return $match[0];
79
			
80
			// filtering of non mailto email addresses enabled
81
			return str_replace($search, $replace, $match[0]);
82
				
83
		} elseif(count($match) == 6) {
84
			/**
85
				OUTPUT FILTER FOR EMAIL ADDRESSES EMBEDDED IN MAILTO LINKS
86
			**/
87

  
88
			// 2.. mailto only (no JS), 3.. text mails + mailto (no JS), 6.. mailto only (JS), 7.. all filters active
89
			if(!in_array(OUTPUT_FILTER_MODE, array(2,3,6,7))) return $match[0];
90
			
91
			// check if last part of the a href link: >xxxx</a> contains a email address we need to filter
92
			$pattern = '#[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4}#i';
93
			if(preg_match_all($pattern, $match[5], $matches)) {
94
				foreach($matches as $submatch) {
95
					foreach($submatch as $value) {
96
						// replace all . and all @ in email address parts by (dot) and (at) strings
97
						$match[5] = str_replace($value, str_replace($search, $replace, $value), $match[5]);
98
					}
99
				}
100
			}
101

  
102
			// check if Javascript encryption routine is enabled
103
			if(in_array(OUTPUT_FILTER_MODE, array(6,7))) {
104
				/** USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/
105
				
106
				// extract possible class and id attribute from ahref link
107
				preg_match('/class\s*?=\s*?("|\')(.*?)\1/ix', $match[0], $class_attr);
108
				$class_attr = empty($class_attr) ? '' : 'class="' . $class_attr[2] . '" ';
109
				preg_match('/id\s*?=\s*?("|\')(.*?)\1/ix', $match[0], $id_attr);
110
				$id_attr = empty($id_attr) ? '' : 'id="' . $id_attr[2] . '" ';
111
				
112
				// preprocess mailto link parts for further usage
113
				$search = array('@', '.', '_', '-'); $replace = array('F', 'Z', 'X', 'K');
114
				$email_address = str_replace($search, $replace, strtolower($match[2]));
115
				$email_subject = rawurlencode(html_entity_decode($match[3]));
116
				
117
				// create a random encryption key for the Caesar cipher
118
				mt_srand((double)microtime()*1000000);	// (PHP < 4.2.0)
119
				$shift = mt_rand(1, 25);
120
				
121
				// encrypt the email using an adapted Caesar cipher
122
		  		$encrypted_email = "";
123
				for($i = strlen($email_address) -1; $i > -1; $i--) {
124
					if(preg_match('#[FZXK0-9]#', $email_address[$i], $characters)) {
125
						$encrypted_email .= $email_address[$i];
126
					} else {	
127
						$encrypted_email .= chr((ord($email_address[$i]) -97 + $shift) % 26 + 97);
128
					}
129
				}
130
				$encrypted_email .= chr($shift + 97);
131

  
132
				// build the encrypted Javascript mailto link
133
				$mailto_link  = "<a {$class_attr}{$id_attr}href=\"javascript:mdcr('$encrypted_email','$email_subject')\">" .$match[5] ."</a>";
134
				
135
				return $mailto_link;	
136

  
137
			} else {
138
				/** DO NOT USE JAVASCRIPT ENCRYPTION FOR MAILTO LINKS **/
139

  
140
				// as minimum protection, replace replace @ in the mailto part by (at)
141
				// dots are not transformed as this would transform my.name@domain.com into: my(dot)name(at)domain(dot)com
142
				
143
				// rebuild the mailto link from the subpatterns (at the missing characters " and </a>")
144
				return $match[1] .str_replace('@', OUTPUT_FILTER_AT_REPLACEMENT, $match[2]) .$match[3] .'"' .$match[4] .$match[5] .'</a>';
145
				// if you want to protect both, @ and dots, comment out the line above and remove the comment from the line below
146
				// return $match[1] .str_replace($search, $replace, $match[2]) .$match[3] .'"' .$match[4] .$match[5] .'</a>';
147
			}
148
		
149
		}
150
		
151
		// number of subpatterns do not match the requirements ... do nothing
152
		return $match[0];
153
	}		
154
}
155
	
156
// first search part to find all mailto email addresses
157
$pattern = '#(<a[^<]*href\s*?=\s*?"\s*?mailto\s*?:\s*?)([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})([^"]*?)"([^>]*>)(.*?)</a>';
158
// second part to find all non mailto email addresses
159
$pattern .= '|(value\s*=\s*"|\')??\b([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})\b#i';
160

  
161
// Sub 1:\b(<a.[^<]*href\s*?=\s*?"\s*?mailto\s*?:\s*?)		-->	"<a id="yyy" class="xxx" href = " mailto :" ignoring white spaces
162
// Sub 2:([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})		-->	the email address in the mailto: part of the mail link
163
// Sub 3:([^"]*?)"							--> possible ?Subject&cc... stuff attached to the mail address
164
// Sub 4:([^>]*>)							--> all class or id statements after the mailto but before closing ..>
165
// Sub 5:(.*?)</a>\b						--> the mailto text; all characters between >xxxxx</a>
166
// Sub 6:|\b([A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,4})\b		--> email addresses which may appear in the text (require word boundaries)
167
$content = $wb_page_data;			
168
// find all email addresses embedded in the content and filter them using a callback function
169
$content = preg_replace_callback($pattern, 'filter_mail_addresses', $content);
170
$wb_page_data = $content;
171
return true;
172
		
1
//:Emailfiltering on your output - dummy Droplet
2
//:usage:  [[EmailFilter]]
3
return '';
branches/2.8.x/wb/modules/droplets/example/Lorem.php
7 7
$lorem[] = "Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.<br /><br />";
8 8
$lorem[] = "Cras consequat magna ac tellus. Duis sed metus sit amet nunc faucibus blandit. Fusce tempus cursus urna. Sed bibendum, dolor et volutpat nonummy, wisi justo convallis neque, eu feugiat leo ligula nec quam. Nulla in mi. Integer ac mauris vel ligula laoreet tristique. Nunc eget tortor in diam rhoncus vehicula. Nulla quis mi. Fusce porta fringilla mauris. Vestibulum sed dolor. Aliquam tincidunt interdum arcu. Vestibulum eget lacus. Curabitur pellentesque egestas lectus. Duis dolor. Aliquam erat volutpat. Aliquam erat volutpat. Duis egestas rhoncus dui. Sed iaculis, metus et mollis tincidunt, mauris dolor ornare odio, in cursus justo felis sit amet arcu. Aenean sollicitudin. Duis lectus leo, eleifend mollis, consequat ut, venenatis at, ante.<br /><br />";
9 9
$lorem[] = "Consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.<br /><br />"; 
10

  
10
if (!isset($blocks)) $blocks=1;
11 11
$blocks = (int)$blocks - 1;
12 12
if ($blocks <= 0) $blocks = 0;
13 13
if ($blocks > 5) $blocks = 5;
branches/2.8.x/wb/modules/droplets/install.php
16 16
 * @lastmodified    $Date$
17 17
 *
18 18
 */
19
// Must include code to stop this file being access directly
20
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_PATH')) {
21 22

  
23
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
24
	throw new IllegalFileException();
25
}
26
/* -------------------------------------------------------- */
27

  
22 28
global $admin;
23 29

  
24
$table = TABLE_PREFIX .'mod_droplets';
25
$database->query("DROP TABLE IF EXISTS `$table`");
30
$sql  = 'DROP TABLE IF EXISTS `'.TABLE_PREFIX.'mod_droplets` ';
31
$database->query($sql);
26 32

  
27
$database->query("CREATE TABLE `$table` (
28
	`id` INT NOT NULL auto_increment,
29
	`name` VARCHAR(32) NOT NULL,
30
	`code` LONGTEXT NOT NULL ,
31
	`description` TEXT NOT NULL,
32
	`modified_when` INT NOT NULL default '0',
33
	`modified_by` INT NOT NULL default '0',
34
	`active` INT NOT NULL default '0',
35
	`admin_edit` INT NOT NULL default '0',
36
	`admin_view` INT NOT NULL default '0',
37
	`show_wysiwyg` INT NOT NULL default '0',
38
	`comments` TEXT NOT NULL,
39
	PRIMARY KEY ( `id` )
40
	)"
41
);
33
$sql  = 'CREATE TABLE IF NOT EXISTS `'.TABLE_PREFIX.'mod_droplets` ( ';
34
$sql .= '`id` INT NOT NULL auto_increment, ';
35
$sql .= '`name` VARCHAR(32) CHARACTER SET utf8 COLLATE utf8_unicode_ci  NOT NULL, ';
36
$sql .= '`code` LONGTEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci  NOT NULL , ';
37
$sql .= '`description` TEXT  CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, ';
38
$sql .= '`modified_when` INT NOT NULL default \'0\', ';
39
$sql .= '`modified_by` INT NOT NULL default \'0\', ';
40
$sql .= '`active` INT NOT NULL default \'0\', ';
41
$sql .= '`admin_edit` INT NOT NULL default \'0\', ';
42
$sql .= '`admin_view` INT NOT NULL default \'0\', ';
43
$sql .= '`show_wysiwyg` INT NOT NULL default \'0\', ';
44
$sql .= '`comments` TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci  NOT NULL, ';
45
$sql .= 'PRIMARY KEY ( `id` ) ';
46
$sql .= ') ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci';
47
$database->query($sql);
42 48

  
43 49
//add all droplets from the droplet subdirectory
44
$folder=opendir(WB_PATH.'/modules/droplets/example/.'); 
50
$folder=opendir(WB_PATH.'/modules/droplets/example/.');
45 51
$names = array();
46 52
while ($file = readdir($folder)) {
47 53
	$ext=strtolower(substr($file,-4));
48 54
	if ($ext==".php"){
49 55
		if ($file<>"index.php" ) {
50
			$names[count($names)] = $file; 
56
			$names[count($names)] = $file;
51 57
		}
52 58
	}
53 59
}
......
71 77
		$name = substr($dropfile,0,-4);
72 78
		$modified_when = time();
73 79
		$modified_by = method_exists($admin, 'get_user_id') ? $admin->get_user_id() : 1;
74
		$database->query("INSERT INTO `$table`  
75
			(name, code, description, comments, active, modified_when, modified_by) 
76
			VALUES 
77
			('$name', '$droplet', '$description', '$comments', '1', '$modified_when', '$modified_by')");
80
		$sql  = 'INSERT INTO `'.TABLE_PREFIX.'mod_droplets` SET ';
81
		$sql .= '`name` = \''.$name.'\', ';
82
		$sql .= '`code` = \''.$droplet.'\', ';
83
		$sql .= '`description` = \''.$description.'\', ';
84
		$sql .= '`comments` = \''.$comments.'\', ';
85
		$sql .= '`active` = 1, ';
86
		$sql .= '`modified_when` = '.$modified_when.', ';
87
		$sql .= '`modified_by` = '.$modified_by;
88
		$database->query($sql);
78 89
		
79 90
		// do not output anything if this script is called during fresh installation
80 91
		if (method_exists($admin, 'get_user_id')) echo "Droplet import: $name<br/>";
81
	}  
92
	}
82 93
}
83 94

  
84 95
function getDropletCodeFromFile ( $dropletfile ) {
85
	$data = "";
96
	$data = '';
86 97
	$filename = WB_PATH."/modules/droplets/example/".$dropletfile;
87 98
	if (file_exists($filename)) {
88 99
		$filehandle = fopen ($filename, "r");
......
92 103
	}	
93 104
	return $data;
94 105
}
95
?>
branches/2.8.x/wb/modules/droplets/readme/readme.html
1
<html>
2

  
3
	<head>
4
	<title>Droplets</title>
5
	<link href="readme.css" rel="stylesheet" type="text/css" media="screen" />
6
</head>
7

  
8
	<body>
9
		<small><font color="#7f7f7f">Droplets Help</font></small><br />
10
		<h2> <img src="../img/droplets_logo.png" alt="" width="297" height="81" border="0"></h2> <br />
11
		Droplets are small chunks of php code (just like the code module) that can be included in your template or any other content section. <br />
12
		Including a droplet is done by encapsulating the droplet name in double brackets. <br />
13
		If you want to use the droplet &quot;ModifiedWhen&quot; (to show the last modified date and time of the current page) you only need to add <b>[[ModifiedWhen]]</b> to your template or WYSIWYG contentpage. <br />
14
		<br />
15
		You are encouraged to create your own droplets and share them with the community. <br />
16
		<br />
17
		<h3>Installation</h3>
18
		<br />
19
		Droplets are installed as a admin tool. The installation is done using the normal &quot;Add module&quot; page in the WB backend. <br />
20
		When the installation is successfull, there is a new tool added to the Admin-Tools menu. <br />
21
		Clicking the tool will display the current installed droplets, and a button to create your own. <br />
22
		<br />
23
		<h3>Getting Droplets</h3>
24
		<br />
25
		A fast growing number of Droplets are available for use, you can use the <a href="http://www.websitebakers.com/pages/droplets/official-library.php" target="_new">Official Droplets Library</a> in the AMASP project website, or you can search the WB Forum. <br />
26
		<br />
27
		<h3>Coding Droplets</h3>
28
		<br />
29
		Droplets run in PHP mode, no <font color="#ff0000">&lt;?php</font> or <font color="#ff0000">?&gt;</font> is allowed in the code! If any of these tags are found in the code they will be removed. Your code will not run as expected. <br />
30
		The droplet code can NOT echo or print data to the output stream directly. The Droplet name is replaced by the return value of the PHP code.<br />
31
		Example: [[HelloWorld]] <br />
32
		<br />
33
		<font color="#ff0000">Wrong code:</font> echo &quot;Hello World&quot;; <br />
34
		<font color="#339966">Correct code:</font> return &quot;Hello World&quot;; <br />
35
		<br />
36
		Since version 0.3 Droplets can modify the complete page content. <br />
37
		When the Droplet is called, an extra variable ($wb_page_data) is made available. 
38
		This variable holds all the content of your current generated webpage.
39
		You can modify any part of this content simply by replacing it in the variable. There is no need to return this variable, the Droplet code will process changed content automatically.<br /><br />
40
		
41
		Since version 0.3 Droplets will check the PHP code you have saved for validity. <br />
42
		When the code will not execute correctly a red flashing icon will apear in the backend Droplets list. <br />
43
		The standard blue icon is no guarantee that the Droplets does what you would expect it to do, it will just tell you if the code is valid PHP code.<br /><br />
44
		
45
		Since version 0.3 Droplets you do not need to return any data. When you end your code with <pre>return true;</pre> there will not be an errormessage. The processed Droplet tag will be removed.<br />
46

  
47
		<br />
48
		<h3>PHP color coding</h3>
49
		<br />
50
		The Droplets edit page is ready to use the EditArea module. This module creates a color coded editor for PHP code. <br />
51
		EditArea comes as a seperate module (installed as an admin tool). <br />
52
		Use the WB Forum or the <a href="http://www.websitebakers.com/" target="_new">AMASP</a> project to find the latest EditArea download. <br />
53
		<br />
54
		<h3>More Information</h3>
55
		<br />
56
		More information (including localized help) can be found on the <a href="http://www.websitebakers.com/pages/droplets/about-droplets.php" target="_new">Droplets pages</a> of the AMASP project website. <br />
57
		<br />
58
		<br />
59
		<br />
60
	</body>
61

  
1
<html>
2

  
3
	<head>
4
	<title>Droplets</title>
5
	<link href="readme.css" rel="stylesheet" type="text/css" media="screen" />
6
</head>
7

  
8
	<body>
9
		<small><font color="#7f7f7f">Droplets Help</font></small><br />
10
		<h2> <img src="../img/droplets_logo.png" alt="" width="297" height="81" border="0"></h2> <br />
11
		Droplets are small chunks of php code (just like the code module) that can be included in your template or any other content section. <br />
12
		Including a droplet is done by encapsulating the droplet name in double brackets. <br />
13
		If you want to use the droplet &quot;ModifiedWhen&quot; (to show the last modified date and time of the current page) you only need to add <b>[[ModifiedWhen]]</b> to your template or WYSIWYG contentpage. <br />
14
		<br />
15
		You are encouraged to create your own droplets and share them with the community. <br />
16
		<br />
17
		<h3>Installation</h3>
18
		<br />
19
		Droplets are installed as a admin tool. The installation is done using the normal &quot;Add module&quot; page in the WB backend. <br />
20
		When the installation is successfull, there is a new tool added to the Admin-Tools menu. <br />
21
		Clicking the tool will display the current installed droplets, and a button to create your own. <br />
22
		<br />
23
		<h3>Getting Droplets</h3>
24
		<br />
25
		A fast growing number of Droplets are available for use, you can use the <a href="http://www.websitebakers.com/pages/droplets/official-library.php" target="_new">Official Droplets Library</a> in the AMASP project website, or you can search the WB Forum. <br />
26
		<br />
27
		<h3>Coding Droplets</h3>
28
		<br />
29
		Droplets run in PHP mode, no <font color="#ff0000">&lt;?php</font> or <font color="#ff0000">?&gt;</font> is allowed in the code! If any of these tags are found in the code they will be removed. Your code will not run as expected. <br />
30
		The droplet code can NOT echo or print data to the output stream directly. The Droplet name is replaced by the return value of the PHP code.<br />
31
		Example: [[HelloWorld]] <br />
32
		<br />
33
		<font color="#ff0000">Wrong code:</font> echo &quot;Hello World&quot;; <br />
34
		<font color="#339966">Correct code:</font> return &quot;Hello World&quot;; <br />
35
		<br />
36
		Since version 0.3 Droplets can modify the complete page content. <br />
37
		When the Droplet is called, an extra variable ($wb_page_data) is made available. 
38
		This variable holds all the content of your current generated webpage.
39
		You can modify any part of this content simply by replacing it in the variable. There is no need to return this variable, the Droplet code will process changed content automatically.<br /><br />
40
		
41
		Since version 0.3 Droplets will check the PHP code you have saved for validity. <br />
42
		When the code will not execute correctly a red flashing icon will apear in the backend Droplets list. <br />
43
		The standard blue icon is no guarantee that the Droplets does what you would expect it to do, it will just tell you if the code is valid PHP code.<br /><br />
44
		
45
		Since version 0.3 Droplets you do not need to return any data. When you end your code with <pre>return true;</pre> there will not be an errormessage. The processed Droplet tag will be removed.<br />
46

  
47
		<br />
48
		<h3>PHP color coding</h3>
49
		<br />
50
		The Droplets edit page is ready to use the EditArea module. This module creates a color coded editor for PHP code. <br />
51
		<br />
52
		<br />
53
	</body>
54

  
62 55
</html>
branches/2.8.x/wb/modules/droplets/uninstall.php
16 16
 * @lastmodified    $Date$
17 17
 *
18 18
 */
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_PATH')) {
19 22

  
20
// prevent this file from being accessed directly
21
if(!defined('WB_PATH')) die(header('Location: ../index.php'));
23
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
24
	throw new IllegalFileException();
25
}
26
/* -------------------------------------------------------- */
22 27

  
23
$table = TABLE_PREFIX .'mod_droplets';
24
$database->query("DROP TABLE IF EXISTS `$table`");
25

  
26
?>
28
$sql  = 'DROP TABLE IF EXISTS `'.TABLE_PREFIX.'mod_droplets` ';
29
$database->query($sql);
branches/2.8.x/wb/modules/droplets/tool.php
16 16
 * @lastmodified    $Date$
17 17
 *
18 18
 */
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_PATH')) {
19 22

  
20
// Must include code to stop this file being access directly
21
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
23
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
24
	throw new IllegalFileException();
25
}
26
/* -------------------------------------------------------- */
22 27

  
23 28
// Load Language file
24 29
if(LANGUAGE_LOADED) {
......
37 42
}
38 43

  
39 44
// Get userid for showing admin only droplets or not
40
$loggedin_user = $admin->get_user_id();
45
$loggedin_user = ($admin->ami_group_member('1') ? 1 : $admin->user_id());
41 46
$loggedin_group = $admin->get_groups_id();
42 47
$admin_user = ( ($admin->get_home_folder() == '') && ($admin->ami_group_member('1') ) || ($loggedin_user == '1'));
43 48

  
......
45 50
$admintool_url = ADMIN_URL .'/admintools/index.php';
46 51

  
47 52
//removes empty entries from the table so they will not be displayed
48
$database->query("DELETE FROM ".TABLE_PREFIX."mod_droplets WHERE name=''");
53
$sql = 'DELETE FROM '.TABLE_PREFIX.'mod_droplets ';
54
$sql .= 'WHERE name = \'\' ';
55
$database->query($sql);
56

  
49 57
?>
50 58

  
51 59
<br />
......
68 76

  
69 77
<h2><?php echo $TEXT['MODIFY'].'/'.$TEXT['DELETE'].' '.$DR_TEXT['DROPLETS']; ?></h2>
70 78
<?php
71
// if ($loggedin_user == '1') {
72
if ($admin_user) {
73
	$query_droplets = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_droplets ORDER BY modified_when DESC");
74
} else { 
75
	$query_droplets = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_droplets WHERE admin_view <> '1' ORDER BY modified_when DESC");
79

  
80
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_droplets` ';
81
if (!$admin_user) {
82
	$sql .= 'WHERE `admin_view` <> 1 ';
76 83
}
84
$sql .= 'ORDER BY `modified_when` DESC';
85
$query_droplets = $database->query($sql);
77 86
$num_droplets = $query_droplets->numRows();
78 87
if($num_droplets > 0) {
79 88
	?>
......
99 108
			$modified_user = $TEXT['UNKNOWN'];
100 109
			$modified_userid = 0;
101 110
		}
111
        $iDropletIdKey = $admin->getIDKEY($droplet['id']);
102 112
		$comments = str_replace(array("\r\n", "\n", "\r"), '<br />', $droplet['comments']);
103 113
		if (!strpos($comments,"[[")) $comments = "Use: [[".$droplet['name']."]]<br />".$comments;
104 114
		$comments = str_replace(array("[[", "]]"), array('<b>[[',']]</b>'), $comments);
105 115
		$valid_code = check_syntax($droplet['code']);
106 116
		if (!$valid_code === true) $comments = '<font color=\'red\'><strong>'.$DR_TEXT['INVALIDCODE'].'</strong></font><br /><br />'.$comments;
107 117
		$unique_droplet = check_unique ($droplet['name']);
108
		if ($unique_droplet === false) $comments = '<font color=\'red\'><strong>'.$DR_TEXT['NOTUNIQUE'].'</strong></font><br /><br />'.$comments;
118
		if ($unique_droplet === false ) {$comments = '<font color=\'red\'><strong>'.$DR_TEXT['NOTUNIQUE'].'</strong></font><br /><br />'.$comments;}
109 119
		$comments = '<span>'.$comments.'</span>';
110 120
		?>
111
		
121

  
112 122
		<tr class="row_<?php echo $row; ?>" >
113 123
			<td >
114
				<a href="<?php echo WB_URL; ?>/modules/droplets/modify_droplet.php?droplet_id=<?php echo $admin->getIDKEY($droplet['id']); ?>" title="<?php echo $TEXT['MODIFY']; ?>">
115
					<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="Modify" /> 
124
				<a href="<?php echo WB_URL; ?>/modules/droplets/modify_droplet.php?droplet_id=<?php echo $iDropletIdKey; ?>" title="<?php echo $TEXT['MODIFY']; ?>">
125
					<img src="<?php echo THEME_URL; ?>/images/modify_16.png" border="0" alt="Modify" />
116 126
				</a>
117 127
			</td>
118 128
			<td >
119
				<a href="<?php echo WB_URL; ?>/modules/droplets/modify_droplet.php?droplet_id=<?php echo $admin->getIDKEY($droplet['id']); ?>" class="tooltip">
129
				<a href="<?php echo WB_URL; ?>/modules/droplets/modify_droplet.php?droplet_id=<?php echo $iDropletIdKey; ?>" class="tooltip">
120 130
							<?php if ($valid_code && $unique_droplet) { ?><img src="<?php echo WB_URL; ?>/modules/droplets/img/droplet.png" border="0" alt=""/>
121 131
							<?php } else {  ?><img src="<?php echo WB_URL; ?>/modules/droplets/img/invalid.gif" border="0" title="" alt=""/><?php }  ?>
122 132
					<?php echo $droplet['name']; ?><?php echo $comments; ?>
......
129 139
				<b><?php if($droplet['active'] == 1){ echo '<span style="color: green;">'. $TEXT['YES']. '</span>'; } else { echo '<span style="color: red;">'.$TEXT['NO'].'</span>';  } ?></b>
130 140
			</td>
131 141
			<td >
132
				<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/droplets/delete_droplet.php?droplet_id=<?php echo $admin->getIDKEY($droplet['id']); ?>');" title="<?php echo $TEXT['DELETE']; ?>">
142
				<a href="javascript: confirm_link('<?php echo $TEXT['ARE_YOU_SURE']; ?>', '<?php echo WB_URL; ?>/modules/droplets/delete_droplet.php?droplet_id=<?php echo $iDropletIdKey; ?>');" title="<?php echo $TEXT['DELETE']; ?>">
133 143
					<img src="<?php echo THEME_URL; ?>/images/delete_16.png" border="0" alt="X" />
134 144
				</a>
135 145
			</td>
......
153 163

  
154 164
function check_unique($name) {
155 165
	global $database;
156
	$query_droplets = $database->query("SELECT name FROM ".TABLE_PREFIX."mod_droplets WHERE name = '$name'");
157
	return ($query_droplets->numRows() == 1);
166
	$retVal = 0;
167
	$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'mod_droplets` ';
168
	$sql .= 'WHERE `name` = \''.$name.'\'';
169
	$retVal = intval($database->get_one($sql));
170
	return ($retVal == 1);
158 171
}
branches/2.8.x/wb/modules/droplets/modify_droplet.php
27 27
$admin = new admin('admintools', 'admintools');
28 28

  
29 29
// Get id
30
$droplet_id = $admin->checkIDKEY('droplet_id', false, 'GET');
30
$droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'GET'));
31 31
if (!$droplet_id) {
32
 $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
33
 exit();
32
	$admin->print_error('IDKEY::'.$MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
34 33
}
35

  
34
/*
36 35
// check if backend.css file needs to be included into the <body></body> of modify.php
37 36
if(!method_exists($admin, 'register_backend_modfiles') && file_exists(WB_PATH ."/modules/droplets/backend.css")) {
38 37
	echo '<style type="text/css">';
39 38
	include(WB_PATH .'/modules/droplets/backend.css');
40 39
	echo "n</style>n";
41 40
}
42

  
41
*/
43 42
// Load Language file
44 43
if(LANGUAGE_LOADED) {
45 44
	if(!file_exists(WB_PATH.'/modules/droplets/languages/'.LANGUAGE.'.php')) {
......
50 49
}
51 50
require_once(WB_PATH . '/include/editarea/wb_wrapper_edit_area.php');
52 51
echo registerEditArea ('contentedit','php',true,'both',true,true,600,450,'search, fullscreen, |, undo, redo, |, select_font,|, highlight, reset_highlight, |, help');
53
		
54 52

  
55 53
$modified_when = time();
56
$modified_by = $admin->get_user_id();
54
$modified_by = ($admin->ami_group_member('1') ? 1 : $admin->user_id());
55
$sOverviewDroplets = $TEXT['LIST_OPTIONS'].' '.$DR_TEXT['DROPLETS'];
57 56

  
58 57
// Get header and footer
59
$query_content = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_droplets WHERE id = '$droplet_id'");
58
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_droplets` ';
59
$sql .= 'WHERE id = '.$droplet_id;
60
$sql .= '';
61

  
62
$query_content = $database->query($sql);
63

  
60 64
$fetch_content = $query_content->fetchRow();
61 65
$content = (htmlspecialchars($fetch_content['code']));
62 66
?>
63 67
<h4 style="margin: 0; border-bottom: 1px solid #DDD; padding-bottom: 5px;">
64
	<a href="<?php echo $admintool_link;?>"><?php echo $HEADING['ADMINISTRATION_TOOLS']; ?></a>
68
	<a href="<?php echo $admintool_link;?>" title="<?php echo $HEADING['ADMINISTRATION_TOOLS']; ?>"><?php echo $HEADING['ADMINISTRATION_TOOLS']; ?></a>
65 69
	->
66
	<a href="<?php echo $module_edit_link;?>">Droplet Edit</a>
70
	<a href="<?php echo $module_edit_link;?>" title="<?php echo $sOverviewDroplets ?>" alt="<?php echo $sOverviewDroplets ?>">Droplet Edit</a>
67 71
</h4>
68 72
<br />
69 73
<form name="modify" action="<?php echo WB_URL; ?>/modules/droplets/save_droplet.php" method="post" style="margin: 0;">
70 74
<input type="hidden" name="data_codepress" value="" />
71
<input type="hidden" name="droplet_id" value="<?php echo $droplet_id; ?>" />
75
<input type="hidden" name="droplet_id" value="<?php echo $admin->getIDKEY($droplet_id); ?>" />
72 76
<input type="hidden" name="show_wysiwyg" value="<?php echo $fetch_content['show_wysiwyg']; ?>" />
73 77
<?php echo $admin->getFTAN(); ?>
74 78

  
......
167 171
	<?php
168 172
}
169 173
?>
170

  
171 174
		</td>
172 175
		<td align="right">
173 176
			<button class="cancel" type="button" onclick="javascript: window.location = '<?php echo $module_edit_link; ?>';"><?php echo $TEXT['CANCEL']; ?></button>
......
179 182

  
180 183
// Print admin footer
181 184
$admin->print_footer();
182

  
183
?>
branches/2.8.x/wb/modules/droplets/add_droplet.php
21 21

  
22 22
require_once(WB_PATH.'/framework/class.admin.php');
23 23
require_once(WB_PATH.'/framework/functions.php');
24
$admin = new admin('admintools','admintools',false,false);
24
$admin = new admin('admintools','admintools',true,false);
25 25
if($admin->get_permission('admintools') == true) {
26
	
26

  
27 27
	$admintool_link = ADMIN_URL .'/admintools/index.php';
28 28
	$module_edit_link = ADMIN_URL .'/admintools/tool.php?tool=droplets';
29
	$admin = new admin('admintools', 'admintools');
29
	// $admin = new admin('admintools', 'admintools');
30 30

  
31 31
	$modified_when = time();
32
	$modified_by = $admin->get_user_id();
32
	$modified_by = intval($admin->get_user_id());
33 33

  
34 34
	// Insert new row into database
35
	$database->query("INSERT INTO ".TABLE_PREFIX."mod_droplets (active,modified_when,modified_by) VALUES ('1','$modified_when','$modified_by' )");
35
	$sql = 'INSERT INTO `'.TABLE_PREFIX.'mod_droplets` SET ';
36
	$sql .= '`active` = 1, ';
37
	$sql .= '`modified_when` = '.$modified_when.', ';
38
	$sql .= '`modified_by` = '.$modified_by.' ';
39
	$database->query($sql);
36 40

  
37 41
	// Get the id
38
	$droplet_id = $database->get_one("SELECT LAST_INSERT_ID()");
42
	$droplet_id = intval($database->get_one("SELECT LAST_INSERT_ID()"));
39 43

  
40 44
	// Say that a new record has been added, then redirect to modify page
41 45
	if($database->is_error()) {
......
44 48
		$admin->print_success($TEXT['SUCCESS'], WB_URL.'/modules/droplets/modify_droplet.php?droplet_id='. $admin->getIDKEY($droplet_id));
45 49
	}
46 50

  
47
	// Print admin footer
48
	$admin->print_footer();
49 51
} else {
50
	die(header('Location: ../../index.php'));
51
} 
52
?>
52
		$admin->print_error($database->get_error(), $module_edit_link);
53
}
54

  
55
// Print admin footer
56
$admin->print_footer();
branches/2.8.x/wb/modules/droplets/backup_droplets.php
27 27
$admintool_link = ADMIN_URL .'/admintools/index.php';
28 28
$module_edit_link = ADMIN_URL .'/admintools/tool.php?tool=droplets';
29 29
$template_edit_link = ADMIN_URL .'/admintools/tool.php?tool=templateedit';
30
$sOverviewDroplets = $TEXT['LIST_OPTIONS'];
30 31

  
31 32
// protect from CSRF
32
$id = $admin->checkIDKEY('id', false, 'GET');
33
$id = intval($admin->checkIDKEY('id', false, 'GET'));
33 34
if (!$id or $id != 999) {
34 35
 $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
35
 exit();
36 36
}
37 37

  
38 38
?>
39 39
<h4 style="margin: 0; border-bottom: 1px solid #DDD; padding-bottom: 5px;">
40
	<a href="<?php echo $admintool_link;?>"><?php echo $HEADING['ADMINISTRATION_TOOLS']; ?></a>
40
	<a href="<?php echo $admintool_link;?>" title="<?php echo $HEADING['ADMINISTRATION_TOOLS']; ?>"><?php echo $HEADING['ADMINISTRATION_TOOLS']; ?></a>
41 41
	->
42
	<a href="<?php echo $module_edit_link;?>">Droplets</a>
42
	<a href="<?php echo $module_edit_link;?>" title="<?php echo $sOverviewDroplets ?>" alt="<?php echo $sOverviewDroplets ?>">Droplet Edit</a>
43 43
</h4>
44 44
<?php
45 45

  
......
47 47
$temp_file = '/modules/droplets/backup-droplets.zip';
48 48
// make the temporary working directory
49 49
mkdir($temp_dir);
50
$query_droplets = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_droplets ORDER BY modified_when DESC");
50
$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'mod_droplets`  ';
51
$sql .= 'ORDER BY `modified_when` DESC';
52
$query_droplets = $database->query($sql);
51 53
while($droplet = $query_droplets->fetchRow()) {
52 54
	echo 'Saving: '.$droplet["name"].'.php<br />';
53 55
	$sFile = $temp_dir.$droplet["name"].'.php';
......
69 71
else {
70 72
	echo '<br /><br />Backup created - <a href="'.WB_URL.$temp_file.'">Download</a>';
71 73
}
74

  
72 75
delete_directory ( $temp_dir );
73
$admin->print_footer();
74 76

  
75 77
function delete_directory($dirname) {
76 78
    if (is_dir($dirname))
......
89 91
    rmdir($dirname);
90 92
    return true;
91 93
}
94

  
95
$admin->print_footer();
branches/2.8.x/wb/modules/droplets/upgrade.php
16 16
 * @lastmodified    $Date$
17 17
 *
18 18
 */
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_PATH')) {
19 22

  
20
if(!defined('WB_PATH')) die(header('Location: ../../index.php'));
23
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
24
	throw new IllegalFileException();
25
}
26
/* -------------------------------------------------------- */
21 27

  
22
$table = TABLE_PREFIX .'mod_droplets';
23

  
24
$info = $database->query("SELECT * from `$table` limit 0,1" );
25
$fields = $info->fetchRow();
26
if (!array_key_exists("admin_edit", $fields)) {
27
	/**
28
	 *	Call from the upgrade-script
29
	 */
30
	
31
	if (function_exists('db_add_field')) {
32
		db_add_field("admin_edit", 'mod_droplets', "INT NOT NULL default '0'");
33
		db_add_field("admin_view", 'mod_droplets', "INT NOT NULL default '0'");
34
		db_add_field("show_wysiwyg", 'mod_droplets', "INT NOT NULL default '0'");
35
	} else {
36
		/**
37
		 * Not call by the upgrade-script
38
		 */
39
		$database->query("ALTER TABLE `$table` (
40
			`admin_edit` INT NOT NULL default '0',
41
			`admin_view` INT NOT NULL default '0',
42
			`show_wysiwyg` INT NOT NULL default '0'
43
			)");
44
	}
45
}
46
?>
28
$table_name = TABLE_PREFIX .'mod_droplets';
29
$description = 'INT NOT NULL default 0 ';
30
$database->field_add($table_name,'show_wysiwyg',$description.'AFTER `active`' );
31
$database->field_add($table_name,'admin_view',$description.'AFTER `active`' );
32
$database->field_add($table_name,'admin_edit',$description.'AFTER `active`' );
branches/2.8.x/wb/modules/droplets/save_droplet.php
18 18
 */
19 19

  
20 20
require('../../config.php');
21

  
22 21
// Get id
22
/*
23 23
if(!isset($_POST['droplet_id']) OR !is_numeric($_POST['droplet_id'])) {
24 24
	header("Location: ".ADMIN_URL."/pages/index.php");
25 25
} else {
26 26
	$droplet_id = (int) $_POST['droplet_id'];
27 27
}
28
*/
29

  
28 30
// Include WB admin wrapper script
29 31
require_once(WB_PATH.'/framework/class.admin.php');
30 32
require_once(WB_PATH.'/framework/functions.php');
31 33

  
34
$admintool_link = ADMIN_URL .'/admintools/index.php';
32 35
$module_edit_link = ADMIN_URL .'/admintools/tool.php?tool=droplets';
33
// check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue)
34
if(file_exists(ADMIN_PATH .'/admintools/tool.php')) {
35
	$admintool_link = ADMIN_URL .'/admintools/index.php';
36
	$admin = new admin('admintools', 'admintools',false);
37
} else {
38
	$admintool_link = ADMIN_URL .'/settings/index.php?advanced=yes#administration_tools"';
39
	$admin = new admin('Settings', 'settings_advanced',false);
40
}
41 36

  
42
if (!$admin->checkFTAN())
43
{
37
$admin = new admin('admintools', 'admintools',false);
38

  
39
$droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'POST'));
40

  
41
if(!$admin->checkFTAN() || !$droplet_id ) {
44 42
	$admin->print_header();
45
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link);
43
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $module_edit_link );
46 44
}
47 45
$admin->print_header();
48 46

  
......
58 56
	$description = $admin->add_slashes($admin->get_post('description'));
59 57
	$tags = array('<?php', '?>' , '<?');
60 58
	$content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent']));
61

  
62 59
	$comments = $admin->add_slashes($admin->get_post('comments'));
63 60
	$modified_when = time();
64
	$modified_by = (int) $admin->get_user_id(); 
61
	$modified_by = (int) $admin->get_user_id();
65 62
}
66 63

  
67 64
// Update row
68
$database->query("UPDATE ".TABLE_PREFIX."mod_droplets SET name = '$title', active = '$active', admin_view = '$admin_view', admin_edit = '$admin_edit', show_wysiwyg = '$show_wysiwyg', description = '$description', code = '$content', comments = '$comments', modified_when = '$modified_when', modified_by = '$modified_by' WHERE id = '$droplet_id'");
65
$sql = 'UPDATE `'.TABLE_PREFIX.'mod_droplets` SET ';
66
$sql .= '`name` = \''.$title.'\', ';
67
$sql .= '`active` = '.$active.', ';
68
$sql .= '`admin_view` = '.$admin_view.', ';
69
$sql .= '`admin_edit` = '.$admin_edit.', ';
70
$sql .= '`show_wysiwyg` = '.$show_wysiwyg.', ';
71
$sql .= '`description` = \''.$description.'\', ';
72
$sql .= '`code` = \''.$content.'\', ';
73
$sql .= '`comments` = \''.$comments.'\', ';
74
$sql .= '`modified_when` = '.$modified_when.', ';
75
$sql .= '`modified_by` = '.$modified_by.' ';
76
$sql .= 'WHERE `id` = '.$droplet_id;
77
$database->query($sql);
69 78

  
70 79
// Check if there is a db error, otherwise say successful
71 80
if($database->is_error()) {

Also available in: Unified diff