diff -r d8156d18ac58 -r 97ae8e9d5e29 includes/template.php --- a/includes/template.php Thu Sep 27 15:55:37 2007 -0400 +++ b/includes/template.php Sat Nov 03 07:43:35 2007 -0400 @@ -42,7 +42,7 @@ $this->plugin_blocks = Array(); $this->theme_loaded = false; - $this->fading_button = '
+ $this->fading_button = '
'; @@ -135,6 +135,7 @@ { global $db, $session, $paths, $template, $plugins; // Common objects global $email; + global $lang; dc_here("template: initializing all variables"); @@ -197,37 +198,38 @@ switch($paths->namespace) { case "Article": default: - $ns = 'article'; + $ns = $lang->get('onpage_lbl_page_article'); break; case "Admin": - $ns = 'administration page'; + $ns = $lang->get('onpage_lbl_page_admin'); break; case "System": - $ns = 'system message'; + $ns = $lang->get('onpage_lbl_page_system'); break; case "File": - $ns = 'uploaded file'; + $ns = $lang->get('onpage_lbl_page_file'); break; case "Help": - $ns = 'documentation page'; + $ns = $lang->get('onpage_lbl_page_help'); break; case "User": - $ns = 'user page'; + $ns = $lang->get('onpage_lbl_page_user'); break; case "Special": - $ns = 'special page'; + $ns = $lang->get('onpage_lbl_page_special'); break; case "Template": - $ns = 'template'; + $ns = $lang->get('onpage_lbl_page_template'); break; case "Project": - $ns = 'project page'; + $ns = $lang->get('onpage_lbl_page_project'); break; case "Category": - $ns = 'category'; + $ns = $lang->get('onpage_lbl_page_category'); break; } $this->namespace_string = $ns; + unset($ns); $code = $plugins->setHook('page_type_string_set'); foreach ( $code as $cmd ) { @@ -284,14 +286,25 @@ $n = ( $session->get_permissions('mod_comments') ) ? (string)$nc : (string)$na; if ( $session->get_permissions('mod_comments') && $nu > 0 ) { - $n .= ' total/'.$nu.' unapp.'; + $subst = array( + 'num_comments' => $nc, + 'num_unapp' => $nu + ); + $btn_text = $lang->get('onpage_btn_discussion_unapp', $subst); + } + else + { + $subst = array( + 'num_comments' => $nc + ); + $btn_text = $lang->get('onpage_btn_discussion', $subst); } $button->assign_vars(array( 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxComments()); return false; }" title="View the comments that other users have posted about this page (alt-c)" accesskey="c"', 'PARENTFLAGS' => 'id="mdgToolbar_discussion"', 'HREF' => makeUrl($paths->page, 'do=comments', true), - 'TEXT' => 'discussion ('.$n.')', + 'TEXT' => $btn_text, )); $tb .= $button->run(); @@ -303,7 +316,7 @@ 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxEditor()); return false; }" title="Edit the contents of this page (alt-e)" accesskey="e"', 'PARENTFLAGS' => 'id="mdgToolbar_edit"', 'HREF' => makeUrl($paths->page, 'do=edit', true), - 'TEXT' => 'edit this page' + 'TEXT' => $lang->get('onpage_btn_edit') )); $tb .= $button->run(); // View source button @@ -314,7 +327,7 @@ 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxViewSource()); return false; }" title="View the source code (wiki markup) that this page uses (alt-e)" accesskey="e"', 'PARENTFLAGS' => 'id="mdgToolbar_edit"', 'HREF' => makeUrl($paths->page, 'do=viewsource', true), - 'TEXT' => 'view source' + 'TEXT' => $lang->get('onpage_btn_viewsource') )); $tb .= $button->run(); } @@ -325,7 +338,7 @@ 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxHistory()); return false; }" title="View a log of actions taken on this page (alt-h)" accesskey="h"', 'PARENTFLAGS' => 'id="mdgToolbar_history"', 'HREF' => makeUrl($paths->page, 'do=history', true), - 'TEXT' => 'history' + 'TEXT' => $lang->get('onpage_btn_history') )); $tb .= $button->run(); } @@ -339,7 +352,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxRename()); return false; }" title="Change the display name of this page (alt-r)" accesskey="r"', 'HREF' => makeUrl($paths->page, 'do=rename', true), - 'TEXT' => 'rename', + 'TEXT' => $lang->get('onpage_btn_rename'), )); $this->toolbar_menu .= $menubtn->run(); } @@ -350,7 +363,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxDelVote()); return false; }" title="Vote to have this page deleted (alt-d)" accesskey="d"', 'HREF' => makeUrl($paths->page, 'do=delvote', true), - 'TEXT' => 'vote to delete this page', + 'TEXT' => $lang->get('onpage_btn_votedelete'), )); $this->toolbar_menu .= $menubtn->run(); } @@ -361,7 +374,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxResetDelVotes()); return false; }" title="Vote to have this page deleted (alt-y)" accesskey="y"', 'HREF' => makeUrl($paths->page, 'do=resetvotes', true), - 'TEXT' => 'reset deletion votes', + 'TEXT' => $lang->get('onpage_btn_votedelete_reset'), )); $this->toolbar_menu .= $menubtn->run(); } @@ -372,7 +385,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'title="View a version of this page that is suitable for printing"', 'HREF' => makeUrl($paths->page, 'printable=yes', true), - 'TEXT' => 'view printable version', + 'TEXT' => $lang->get('onpage_btn_printable'), )); $this->toolbar_menu .= $menubtn->run(); } @@ -382,7 +395,7 @@ { $label = $this->makeParserText($tplvars['toolbar_label']); - $label->assign_vars(array('TEXT' => 'protection:')); + $label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_protect'))); $t0 = $label->run(); $ctmp = ''; @@ -393,7 +406,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'accesskey="i" onclick="if ( !KILL_SWITCH ) { ajaxProtect(1); return false; }" id="protbtn_1" title="Prevents all non-administrators from editing this page. [alt-i]"'.$ctmp, 'HREF' => makeUrl($paths->page, 'do=protect&level=1', true), - 'TEXT' => 'on' + 'TEXT' => $lang->get('onpage_btn_protect_on') )); $t1 = $menubtn->run(); @@ -405,7 +418,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'accesskey="o" onclick="if ( !KILL_SWITCH ) { ajaxProtect(0); return false; }" id="protbtn_0" title="Allows everyone to edit this page. [alt-o]"'.$ctmp, 'HREF' => makeUrl($paths->page, 'do=protect&level=0', true), - 'TEXT' => 'off' + 'TEXT' => $lang->get('onpage_btn_protect_off') )); $t2 = $menubtn->run(); @@ -417,7 +430,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'accesskey="p" onclick="if ( !KILL_SWITCH ) { ajaxProtect(2); return false; }" id="protbtn_2" title="Allows only users who have been registered for 4 days to edit this page. [alt-p]"'.$ctmp, 'HREF' => makeUrl($paths->page, 'do=protect&level=2', true), - 'TEXT' => 'semi' + 'TEXT' => $lang->get('onpage_btn_protect_semi') )); $t3 = $menubtn->run(); @@ -436,7 +449,7 @@ { // label at start $label = $this->makeParserText($tplvars['toolbar_label']); - $label->assign_vars(array('TEXT' => 'page wiki mode:')); + $label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_wikimode'))); $t0 = $label->run(); // on button @@ -448,7 +461,7 @@ $menubtn->assign_vars(array( 'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(1); return false; }" id="wikibtn_1" title="Forces wiki functions to be allowed on this page."'. */ $ctmp, 'HREF' => makeUrl($paths->page, 'do=setwikimode&level=1', true), - 'TEXT' => 'on' + 'TEXT' => $lang->get('onpage_btn_wikimode_on') )); $t1 = $menubtn->run(); @@ -461,7 +474,7 @@ $menubtn->assign_vars(array( 'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(0); return false; }" id="wikibtn_0" title="Forces wiki functions to be disabled on this page."'. */ $ctmp, 'HREF' => makeUrl($paths->page, 'do=setwikimode&level=0', true), - 'TEXT' => 'off' + 'TEXT' => $lang->get('onpage_btn_wikimode_off') )); $t2 = $menubtn->run(); @@ -474,7 +487,7 @@ $menubtn->assign_vars(array( 'FLAGS' => /* 'onclick="if ( !KILL_SWITCH ) { ajaxSetWikiMode(2); return false; }" id="wikibtn_2" title="Causes this page to use the global wiki mode setting (default)"'. */ $ctmp, 'HREF' => makeUrl($paths->page, 'do=setwikimode&level=2', true), - 'TEXT' => 'global' + 'TEXT' => $lang->get('onpage_btn_wikimode_global') )); $t3 = $menubtn->run(); @@ -495,7 +508,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxClearLogs()); return false; }" title="Remove all edit and action logs for this page from the database. IRREVERSIBLE! (alt-l)" accesskey="l"', 'HREF' => makeUrl($paths->page, 'do=flushlogs', true), - 'TEXT' => 'clear page logs', + 'TEXT' => $lang->get('onpage_btn_clearlogs'), )); $this->toolbar_menu .= $menubtn->run(); } @@ -503,14 +516,22 @@ // Delete page button if ( $session->get_permissions('read') && $session->get_permissions('delete_page') && $paths->page_exists && $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) { - $s = 'delete this page'; + $s = $lang->get('onpage_btn_deletepage'); if ( $paths->cpage['delvotes'] == 1 ) { - $s .= ' ('.$paths->cpage['delvotes'].' vote)'; + $subst = array( + 'num_votes' => $paths->cpage['delvotes'], + 'plural' => '' + ); + $s .= $lang->get('onpage_btn_deletepage_votes', $subst); } else if ( $paths->cpage['delvotes'] > 1 ) { - $s .= ' ('.$paths->cpage['delvotes'].' votes)'; + $subst = array( + 'num_votes' => $paths->cpage['delvotes'], + 'plural' => $lang->get('meta_plural') + ); + $s .= $lang->get('onpage_btn_deletepage_votes', $subst); } $menubtn->assign_vars(array( @@ -542,13 +563,13 @@ { // label at start $label = $this->makeParserText($tplvars['toolbar_label']); - $label->assign_vars(array('TEXT' => 'page password:')); + $label->assign_vars(array('TEXT' => $lang->get('onpage_lbl_password'))); $t0 = $label->run(); $menubtn->assign_vars(array( 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxSetPassword()); return false; }" title="Require a password in order for this page to be viewed"', 'HREF' => '#', - 'TEXT' => 'set', + 'TEXT' => $lang->get('onpage_btn_password_set'), )); $t = $menubtn->run(); @@ -561,7 +582,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { return ajaxOpenACLManager(); }" title="Manage who can do what with this page (alt-m)" accesskey="m"', 'HREF' => makeUrl($paths->page, 'do=aclmanager', true), - 'TEXT' => 'manage page access', + 'TEXT' => $lang->get('onpage_btn_acl'), )); $this->toolbar_menu .= $menubtn->run(); } @@ -572,7 +593,7 @@ $menubtn->assign_vars(array( 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxAdminPage()); return false; }" title="Administrative options for this page" accesskey="g"', 'HREF' => makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'PageManager', true), - 'TEXT' => 'administrative options', + 'TEXT' => $lang->get('onpage_btn_admin'), )); $this->toolbar_menu .= $menubtn->run(); } @@ -583,7 +604,7 @@ 'FLAGS' => 'id="mdgToolbar_moreoptions" onclick="if ( !KILL_SWITCH ) { return false; }" title="Additional options for working with this page"', 'PARENTFLAGS' => '', 'HREF' => makeUrl($paths->page, 'do=moreoptions', true), - 'TEXT' => 'more options' + 'TEXT' => $lang->get('onpage_btn_moreoptions') )); $tb .= $button->run(); } @@ -625,14 +646,17 @@ $this->tpl_bool['stupid_mode'] = false; - if($paths->page == $paths->nslist['Special'].'Administration') $this->tpl_bool['in_admin'] = true; - else $this->tpl_bool['in_admin'] = false; + $this->tpl_bool['in_admin'] = ( ( $paths->cpage['urlname_nons'] == 'Administration' && $paths->namespace == 'Special' ) || $paths->namespace == 'Admin' ); $p = ( isset($_GET['printable']) ) ? '/printable' : ''; // Add the e-mail address client code to the header $this->add_header($email->jscode()); + // Add language file + $lang_uri = makeUrlNS('Special', 'LangExportJSON/' . $lang->lang_id, false, true); + $this->add_header(""); + // Generate the code for the Log out and Change theme sidebar buttons // Once again, the new template parsing system can be used here @@ -641,7 +665,7 @@ $parser->assign_vars(Array( 'HREF'=>makeUrlNS('Special', 'Logout'), 'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { mb_logout(); return false; }"', - 'TEXT'=>'Log out', + 'TEXT'=>$lang->get('sidebar_btn_logout'), )); $logout_link = $parser->run(); @@ -649,7 +673,7 @@ $parser->assign_vars(Array( 'HREF'=>makeUrlNS('Special', 'Login/' . $paths->page), 'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxStartLogin(); return false; }"', - 'TEXT'=>'Log in', + 'TEXT'=>$lang->get('sidebar_btn_login'), )); $login_link = $parser->run(); @@ -657,7 +681,7 @@ $parser->assign_vars(Array( 'HREF'=>makeUrlNS('Special', 'ChangeStyle/'.$paths->page), 'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { ajaxChangeStyle(); return false; }"', - 'TEXT'=>'Change theme', + 'TEXT'=>$lang->get('sidebar_btn_changestyle'), )); $theme_link = $parser->run(); @@ -665,7 +689,7 @@ $parser->assign_vars(Array( 'HREF'=>makeUrlNS('Special', 'Administration'), 'FLAGS'=>'onclick="if ( !KILL_SWITCH ) { void(ajaxStartAdminLogin()); return false; }"', - 'TEXT'=>'Administration', + 'TEXT'=>$lang->get('sidebar_btn_administration'), )); $admin_link = $parser->run(); @@ -711,7 +735,9 @@ } } $js_dynamic .= '\'; - var ENANO_CURRENT_THEME = \''. $session->theme .'\';'; + var ENANO_CURRENT_THEME = \''. $session->theme .'\'; + var ENANO_LANG_ID = ' . $lang->lang_id . '; + var ENANO_PAGE_TYPE = "' . addslashes($this->namespace_string) . '";'; foreach($paths->nslist as $k => $c) { $js_dynamic .= "namespace_list['{$k}'] = '$c';"; @@ -773,6 +799,8 @@ function header($simple = false) { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + ob_start(); if(!$this->theme_loaded) @@ -784,7 +812,13 @@ dc_here('template: generating and sending the page header'); if(!defined('ENANO_HEADERS_SENT')) define('ENANO_HEADERS_SENT', ''); - if(!$this->no_headers) echo ( $simple ) ? $this->process_template('simple-header.tpl') : $this->process_template('header.tpl'); + if ( !$this->no_headers ) + { + $header = ( $simple ) ? + $this->process_template('simple-header.tpl') : + $this->process_template('header.tpl'); + echo $header; + } if ( !$simple && $session->user_logged_in && $session->unread_pms > 0 ) { echo $this->notify_unread_pms(); @@ -793,7 +827,7 @@ { $login_link = makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, true); echo '
'; - echo 'Your administrative session has timed out. Log in again'; + echo $lang->get('user_msg_elev_timed_out', array( 'login_link' => $login_link )); echo '
'; } if ( $this->site_disabled && $session->user_level >= USER_LEVEL_ADMIN && ( $paths->page != $paths->nslist['Special'] . 'Administration' ) ) @@ -871,78 +905,294 @@ else return ''; } - function process_template($file) { + /** + * Compiles and executes a template based on the current variables and booleans. Loads + * the theme and initializes variables if needed. This mostly just calls child functions. + * @param string File to process + * @return string + */ + + function process_template($file) + { global $db, $session, $paths, $template, $plugins; // Common objects if(!defined('ENANO_TEMPLATE_LOADED')) { $this->load_theme(); $this->init_vars(); } - eval($this->compile_template($file)); - return $tpl_code; + + $compiled = $this->compile_template($file); + return eval($compiled); } - function extract_vars($file) { + /** + * Loads variables from the specified template file. Returns an associative array containing the variables. + * @param string Template file to process (elements.tpl) + * @return array + */ + + function extract_vars($file) + { global $db, $session, $paths, $template, $plugins; // Common objects - if(!$this->theme) + + // Sometimes this function gets called before the theme is loaded + // This is a bad coding practice so this function will always be picky. + if ( !$this->theme ) { die('$template->extract_vars(): theme not yet loaded, so we can\'t open template files yet...this is a bug and should be reported.

Backtrace, most recent call first:
'.enano_debug_print_backtrace(true).'
'); } - if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file)) die('Cannot find '.$file.' file for style "'.$this->theme.'", exiting'); - $text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$file); + + // Full pathname of template file + $tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $file; + + // Make sure the template even exists + if ( !is_file($tpl_file_fullpath) ) + { + die_semicritical('Cannot find template file', + '

The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for + the current theme.

+

Additional debugging information:
+ Theme currently in use: ' . $this->theme . '
+ Requested file: ' . $file . ' +

'); + } + // Retrieve file contents + $text = file_get_contents($tpl_file_fullpath); + if ( !$text ) + { + return false; + } + + // Get variables, regular expressions FTW preg_match_all('#<\!-- VAR ([A-z0-9_-]*) -->(.*?)<\!-- ENDVAR \\1 -->#is', $text, $matches); + + // Initialize return values $tplvars = Array(); - for($i=0;$itheme.'/'.$text)) die('Cannot find '.$text.' file for style, exiting'); - $n = $text; - $tpl_filename = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $n) . '.php'; - if(!is_file(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text)) die('Cannot find '.$text.' file for style, exiting'); - if(file_exists($tpl_filename) && getConfig('cache_thumbs')=='1') + // A random seed used to salt tags + $seed = md5 ( microtime() . mt_rand() ); + + // Strip out PHP sections + preg_match_all('/<\?php(.+?)\?>/is', $text, $php_matches); + + foreach ( $php_matches[0] as $i => $match ) + { + // Substitute the PHP section with a random tag + $tag = "{PHP:$i:$seed}"; + $text = str_replace_once($match, $tag, $text); + } + + // Escape slashes and single quotes in template code + $text = str_replace('\\', '\\\\', $text); + $text = str_replace('\'', '\\\'', $text); + + // Initialize the PHP compiled code + $text = 'ob_start(); echo \''.$text.'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;'; + + ## + ## Main rules + ## + + // + // Conditionals + // + + $keywords = array('BEGIN', 'BEGINNOT', 'IFSET', 'IFPLUGIN'); + $code = $plugins->setHook('template_compile_logic_keyword'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + + $keywords = implode('|', $keywords); + + // Matches + // 1 2 3 4 56 7 8 + $regexp = '/()(.*)(()(.*))?()/isU'; + + /* + The way this works is: match all blocks using the standard form with a different keyword in the block each time, + and replace them with appropriate PHP logic. Plugin-extensible now. :-) + + The while-loop is to bypass what is apparently a PCRE bug. It's hackish but it works. Properly written plugins should only need + to compile templates (using this method) once for each time the template file is changed. + */ + while ( preg_match($regexp, $text) ) { - include($tpl_filename); - $text = file_get_contents(ENANO_ROOT . '/themes/'.$this->theme.'/'.$text); - if(isset($md5) && $md5 == md5($text)) { - return str_replace('\\"', '"', $tpl_text); + preg_match_all($regexp, $text, $matches); + for ( $i = 0; $i < count($matches[0]); $i++ ) + { + $start_tag =& $matches[1][$i]; + $type =& $matches[2][$i]; + $test =& $matches[3][$i]; + $particle_true =& $matches[4][$i]; + $else_tag =& $matches[6][$i]; + $particle_else =& $matches[7][$i]; + $end_tag =& $matches[8][$i]; + + switch($type) + { + case 'BEGIN': + $cond = "isset(\$this->tpl_bool['$test']) && \$this->tpl_bool['$test']"; + break; + case 'BEGINNOT': + $cond = "!isset(\$this->tpl_bool['$test']) || ( isset(\$this->tpl_bool['$test']) && !\$this->tpl_bool['$test'] )"; + break; + case 'IFPLUGIN': + $cond = "getConfig('plugin_$test') == '1'"; + break; + case 'IFSET': + $cond = "isset(\$this->tpl_strings['$test'])"; + break; + default: + $code = $plugins->setHook('template_compile_logic_cond'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + break; + } + + if ( !isset($cond) || ( isset($cond) && !is_string($cond) ) ) + continue; + + $tag_complete = <<theme.'/'.$n); + + // For debugging ;-) + // die("
<?php\n" . htmlspecialchars($text."\n\n".print_r($matches,true)) . "\n\n?>
"); + + // + // Data substitution/variables + // + + // System messages + $text = preg_replace('//is', '\' . $this->tplWikiFormat($pages->sysMsg(\'\\1\')) . \'', $text); + + // Template variables + $text = preg_replace('/\{([A-z0-9_-]+?)\}/is', '\' . $this->tpl_strings[\'\\1\'] . \'', $text); + + // Reinsert PHP + + foreach ( $php_matches[1] as $i => $match ) + { + // Substitute the random tag with the "real" PHP code + $tag = "{PHP:$i:$seed}"; + $text = str_replace_once($tag, "'; $match echo '", $text); + } + + // echo('
' . htmlspecialchars($text) . '
'); + + return $text; + + } + + /** + * Compiles the contents of a given template file, possibly using a cached copy, and returns the compiled code. + * @param string Filename of template (header.tpl) + * @return string + */ + + function compile_template($filename) + { + global $db, $session, $paths, $template, $plugins; // Common objects + // Full path to template file + $tpl_file_fullpath = ENANO_ROOT . '/themes/' . $this->theme . '/' . $filename; + + // Make sure the file exists + if ( !is_file($tpl_file_fullpath) ) + { + die_semicritical('Cannot find template file', + '

The template parser was asked to load the file "' . htmlspecialchars($filename) . '", but that file couldn\'t be found in the directory for + the current theme.

+

Additional debugging information:
+ Theme currently in use: ' . $this->theme . '
+ Requested file: ' . $file . ' +

'); + } + + // Check for cached copy + // This will make filenames in the pattern of theme-file.tpl.php + $cache_file = ENANO_ROOT . '/cache/' . $this->theme . '-' . str_replace('/', '-', $filename) . '.php'; + + // Only use cached copy if caching is enabled + // (it is enabled by default I think) + if ( file_exists($cache_file) && getConfig('cache_thumbs') == '1' ) + { + // Cache files are auto-generated, but otherwise are normal PHP files + include($cache_file); + + // Fetch content of the ORIGINAL + $text = file_get_contents($tpl_file_fullpath); + + // $md5 will be set by the cached file + // This makes sure that a cached copy of the template is used only if its MD5 + // matches the MD5 of the file that the compiled file was compiled from. + if ( isset($md5) && $md5 == md5($text) ) + { + return $this->compile_template_text_post(str_replace('\\"', '"', $tpl_text)); + } + } + + // We won't use the cached copy here + $text = file_get_contents($tpl_file_fullpath); + + // This will be used later when writing the cached file $md5 = md5($text); - $seed = md5 ( microtime() . mt_rand() ); - preg_match_all("/<\?php(.*?)\?>/is", $text, $m); - //die('
'.htmlspecialchars(print_r($m, true)).'
'); - for($i = 0; $i < sizeof($m[1]); $i++) + // Preprocessing and checks complete - compile the code + $text = $this->compile_tpl_code($text); + + // Perhaps caching is enabled and the admin has changed the template? + if ( is_writable( ENANO_ROOT . '/cache/' ) && getConfig('cache_thumbs') == '1' ) { - $text = str_replace("", "{PHPCODE:{$i}:{$seed}}", $text); - } - //die('
'.htmlspecialchars($text).'
'); - $text = 'ob_start(); echo \''.str_replace('\'', '\\\'', $text).'\'; $tpl_code = ob_get_contents(); ob_end_clean();'; - $text = preg_replace('##is', '\'; if(isset($this->tpl_bool[\'\\1\']) && $this->tpl_bool[\'\\1\']) { echo \'', $text); - $text = preg_replace('##is', '\'; if(isset($this->tpl_strings[\'\\1\'])) { echo \'', $text); - $text = preg_replace('##is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { echo \'', $text); - $text = preg_replace('##is', '\'; echo $template->tplWikiFormat($paths->sysMsg(\'\\1\')); echo \'', $text); - $text = preg_replace('##is', '\'; if(!$this->tpl_bool[\'\\1\']) { echo \'', $text); - $text = preg_replace('##is', '\'; } else { echo \'', $text); - $text = preg_replace('##is', '\'; } echo \'', $text); - $text = preg_replace('#\{([A-z0-9]*)\}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); - for($i = 0; $i < sizeof($m[1]); $i++) - { - $text = str_replace("{PHPCODE:{$i}:{$seed}}", "'; {$m[1][$i]} echo '", $text); - } - if(is_writable(ENANO_ROOT.'/cache/') && getConfig('cache_thumbs')=='1') - { - //die($tpl_filename); - $h = fopen($tpl_filename, 'w'); - if(!$h) return $text; - $t = addslashes($text); + $h = fopen($cache_file, 'w'); + if ( !$h ) + { + // Couldn't open the file - silently ignore and return + return $text; + } + + // Escape the compiled code so it can be eval'ed + $text_escaped = addslashes($text); $notice = <<'); + // This is really just a normal PHP file that sets a variable or two and exits. + // $tpl_text actually will contain the compiled code + fwrite($h, ''); fclose($h); } - return $text; //('
'.htmlspecialchars($text).'
'); + + return $this->compile_template_text_post($text); //('
'.htmlspecialchars($text).'
'); } - function compile_template_text($text) { - $seed = md5 ( microtime() . mt_rand() ); - preg_match_all("/<\?php(.*?)\?>/is", $text, $m); - //die('
'.htmlspecialchars(print_r($m, true)).'
'); - for($i = 0; $i < sizeof($m[1]); $i++) - { - $text = str_replace("", "{PHPCODE:{$i}:{$seed}}", $text); - } - //die('
'.htmlspecialchars($text).'
'); - $text = 'ob_start(); echo \''.str_replace('\'', '\\\'', $text).'\'; $tpl_code = ob_get_contents(); ob_end_clean(); return $tpl_code;'; - $text = preg_replace('##is', '\'; if(isset($this->tpl_bool[\'\\1\']) && $this->tpl_bool[\'\\1\']) { echo \'', $text); - $text = preg_replace('##is', '\'; if(isset($this->tpl_strings[\'\\1\'])) { echo \'', $text); - $text = preg_replace('##is', '\'; if(getConfig(\'plugin_\\1\')==\'1\') { echo \'', $text); - $text = preg_replace('##is', '\'; echo $template->tplWikiFormat($paths->sysMsg(\'\\1\')); echo \'', $text); - $text = preg_replace('##is', '\'; if(!$this->tpl_bool[\'\\1\']) { echo \'', $text); - $text = preg_replace('##is', '\'; } else { echo \'', $text); - $text = preg_replace('##is', '\'; } echo \'', $text); - $text = preg_replace('#\{([A-z0-9]*)\}#is', '\'.$this->tpl_strings[\'\\1\'].\'', $text); - for($i = 0; $i < sizeof($m[1]); $i++) - { - $text = str_replace("{PHPCODE:{$i}:{$seed}}", "'; {$m[1][$i]} echo '", $text); - } - return $text; //('
'.htmlspecialchars($text).'
'); + + /** + * Compiles (parses) some template code with the current master set of variables and booleans. + * @param string Text to process + * @return string + */ + + function compile_template_text($text) + { + // this might do something else in the future, possibly cache large templates + return $this->compile_template_text_post($this->compile_tpl_code($text)); } + /** + * For convenience - compiles AND parses some template code. + * @param string Text to process + * @return string + */ + function parse($text) { $text = $this->compile_template_text($text); + $text = $this->compile_template_text_post($text); return eval($text); } + /** + * Post-processor for template code. Basically what this does is it localizes {lang:foo} blocks. + * @param string Mostly-processed TPL code + * @return string + */ + + function compile_template_text_post($text) + { + global $lang; + preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $text, $matches); + foreach ( $matches[1] as $i => $string_id ) + { + $string = $lang->get($string_id); + $string = str_replace('\\', '\\\\', $string); + $string = str_replace('\'', '\\\'', $string); + $text = str_replace_once($matches[0][$i], $string, $text); + } + return $text; + } + // Steps to turn this: // [[Project:Community Portal]] // into this: @@ -1004,8 +1272,21 @@ // So you can implement custom logic into your sidebar if you wish. // "Real" PHP support coming soon :-D - function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl') { + /** + * Takes a blob of HTML with the specially formatted template-oriented wikitext and formats it. Does not use eval(). + * This function butchers every coding standard in Enano and should eventually be rewritten. The fact is that the + * code _works_ and does a good job of checking for errors and cleanly complaining about them. + * @param string Text to process + * @param bool Ignored for backwards compatibility + * @param string File to get variables for sidebar data from + * @return string + */ + + function tplWikiFormat($message, $filter_links = false, $filename = 'elements.tpl') + { global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + $filter_links = false; $tplvars = $this->extract_vars($filename); if($session->sid_super) $as = htmlspecialchars(urlSeparator).'auth='.$session->sid_super; @@ -1029,83 +1310,93 @@ // Conditionals - preg_match_all('#\{if ([A-Za-z0-9_ &\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links); + preg_match_all('#\{if ([A-Za-z0-9_ \(\)&\|\!-]*)\}(.*?)\{\/if\}#is', $message, $links); - for($i=0;$itpl_bool['that']) && $this->tpl_bool['that'] ) && ... - // Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above. - $in_var_now = true; - $in_var_last = false; - $current_var = ''; - $current_var_start_pos = 0; - $current_var_end_pos = 0; - $j = -1; - $links[1][$i] = $links[1][$i] . ' '; - $d = strlen($links[1][$i]); - while($j < $d) - { - $j++; - $in_var_last = $in_var_now; + $condition =& $links[1][$i]; + $message = str_replace('{if '.$condition.'}'.$links[2][$i].'{/if}', '{CONDITIONAL:'.$i.':'.$random_id.'}', $message); - $char = substr($links[1][$i], $j, 1); - $in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false; - if(!$in_var_last && $in_var_now) - { - $current_var_start_pos = $j; - } - if($in_var_last && !$in_var_now) - { - $current_var_end_pos = $j; - } - if($in_var_now) + // Time for some manual parsing... + $chk = false; + $current_id = ''; + $prn_level = 0; + // Used to keep track of where we are in the conditional + // Object of the game: turn {if this && ( that OR !something_else )} ... {/if} into if( ( isset($this->tpl_bool['that']) && $this->tpl_bool['that'] ) && ... + // Method of attack: escape all variables, ignore all else. Non-valid code is filtered out by a regex above. + $in_var_now = true; + $in_var_last = false; + $current_var = ''; + $current_var_start_pos = 0; + $current_var_end_pos = 0; + $j = -1; + $condition = $condition . ' '; + $d = strlen($condition); + while($j < $d) { - $current_var .= $char; - continue; + $j++; + $in_var_last = $in_var_now; + + $char = substr($condition, $j, 1); + $in_var_now = ( preg_match('#^([A-z0-9_]*){1}$#', $char) ) ? true : false; + if(!$in_var_last && $in_var_now) + { + $current_var_start_pos = $j; + } + if($in_var_last && !$in_var_now) + { + $current_var_end_pos = $j; + } + if($in_var_now) + { + $current_var .= $char; + continue; + } + // OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete. + if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9') + { + // XSS attack! Bail out + $errmsg = '

Error: Syntax error (possibly XSS attack) caught in template code:

'; + $errmsg .= '
';
+                $errmsg .= '{if '.htmlspecialchars($condition).'}';
+                $errmsg .= "\n    ";
+                for ( $k = 0; $k < $j; $k++ )
+                {
+                    $errmsg .= " ";
+                }
+                // Show position of error
+                $errmsg .= '^';
+                $errmsg .= '
'; + $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $errmsg, $message); + continue 2; + } + if($current_var != '') + { + $cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )'; + $cvt = substr($condition, 0, $current_var_start_pos) . $cd . substr($condition, $current_var_end_pos, strlen($condition)); + $j = $j + strlen($cd) - strlen($current_var); + $current_var = ''; + $condition = $cvt; + $d = strlen($condition); + } } - // OK we are not inside of a variable. That means that we JUST hit the end because the counter ($j) will be advanced to the beginning of the next variable once processing here is complete. - if($char != ' ' && $char != '(' && $char != ')' && $char != 'A' && $char != 'N' && $char != 'D' && $char != 'O' && $char != 'R' && $char != '&' && $char != '|' && $char != '!' && $char != '<' && $char != '>' && $char != '0' && $char != '1' && $char != '2' && $char != '3' && $char != '4' && $char != '5' && $char != '6' && $char != '7' && $char != '8' && $char != '9') - { - // XSS attack! Bail out - echo '

Error: Syntax error (possibly XSS attack) caught in template code:

'; - echo '
';
-          echo '{if '.$links[1][$i].'}';
-          echo "\n    ";
-          for($k=0;$k<$j;$k++) echo " ";
-          echo '^';
-          echo '
'; - continue 2; - } - if($current_var != '') + $condition = substr($condition, 0, strlen($condition)-1); + $condition = '$chk = ( '.$condition.' ) ? true : false;'; + eval($condition); + + if($chk) { - $cd = '( isset($this->tpl_bool[\''.$current_var.'\']) && $this->tpl_bool[\''.$current_var.'\'] )'; - $cvt = substr($links[1][$i], 0, $current_var_start_pos) . $cd . substr($links[1][$i], $current_var_end_pos, strlen($links[1][$i])); - $j = $j + strlen($cd) - strlen($current_var); - $current_var = ''; - $links[1][$i] = $cvt; - $d = strlen($links[1][$i]); + if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}')); + else $c = $links[2][$i]; + $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); } - } - $links[1][$i] = substr($links[1][$i], 0, strlen($links[1][$i])-1); - $links[1][$i] = '$chk = ( '.$links[1][$i].' ) ? true : false;'; - eval($links[1][$i]); - - if($chk) { // isset($this->tpl_bool[$links[1][$i]]) && $this->tpl_bool[$links[1][$i]] - if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], 0, strpos($links[2][$i], '{else}')); - else $c = $links[2][$i]; - $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); - } else { - if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i])); - else $c = ''; - $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); - } + else + { + if(strstr($links[2][$i], '{else}')) $c = substr($links[2][$i], strpos($links[2][$i], '{else}')+6, strlen($links[2][$i])); + else $c = ''; + $message = str_replace('{CONDITIONAL:'.$i.':'.$random_id.'}', $c, $message); + } } preg_match_all('#\{!if ([A-Za-z_-]*)\}(.*?)\{\/if\}#is', $message, $links); @@ -1124,6 +1415,15 @@ } } + preg_match_all('/\{lang:([a-z0-9]+_[a-z0-9_]+)\}/', $message, $matches); + foreach ( $matches[1] as $i => $string_id ) + { + $string = $lang->get($string_id); + $string = str_replace('\\', '\\\\', $string); + $string = str_replace('\'', '\\\'', $string); + $message = str_replace_once($matches[0][$i], $string, $message); + } + /* * HTML RENDERER */ @@ -1174,26 +1474,28 @@ // $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?) ([^\]]+)\\]#', '\\3
', $message); // $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', '\\1://\\2
', $message); - preg_match_all('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\ ([^\]]+)]#', $message, $ext_link); + preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?) ([^\]]+)\]/is', $message, $ext_link); + + // die('
' . htmlspecialchars( print_r($ext_link, true) ) . '
'); for ( $i = 0; $i < count($ext_link[0]); $i++ ) { $text_parser->assign_vars(Array( - 'HREF' => "{$ext_link[1][$i]}://{$ext_link[2][$i]}", + 'HREF' => $ext_link[1][$i], 'FLAGS' => '', - 'TEXT' => $ext_link[3][$i] + 'TEXT' => $ext_link[16][$i] )); $message = str_replace($ext_link[0][$i], $text_parser->run(), $message); } - preg_match_all('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', $message, $ext_link); + preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?)\]/is', $message, $ext_link); for ( $i = 0; $i < count($ext_link[0]); $i++ ) { $text_parser->assign_vars(Array( - 'HREF' => "{$ext_link[1][$i]}://{$ext_link[2][$i]}", + 'HREF' => $ext_link[1][$i], 'FLAGS' => '', - 'TEXT' => htmlspecialchars("{$ext_link[1][$i]}://{$ext_link[2][$i]}") + 'TEXT' => htmlspecialchars($ext_link[1][$i]) )); $message = str_replace($ext_link[0][$i], $text_parser->run(), $message); } @@ -1234,7 +1536,7 @@ function username_field($name, $value = false) { $randomid = md5( time() . microtime() . mt_rand() ); - $text = 'user_level >= USER_LEVEL_ADMIN ) ? 'title="You may disable this button in the admin panel under General Configuration."' : ''; if(getConfig('sflogo_enabled')=='1') { - $ob[] = 'SourceForge.net Logo'; + $sflogo_secure = ( isset($_SERVER['HTTPS']) ) ? 'https' : 'http'; + $ob[] = 'SourceForge.net Logo'; } if(getConfig('w3c_v32') =='1') $ob[] = 'Valid HTML 3.2'; if(getConfig('w3c_v40') =='1') $ob[] = 'Valid HTML 4.0';