tiki-edit_templates.php 3.92 KB
Newer Older
1
<?php
2
// (c) Copyright 2002-2011 by authors of the Tiki Wiki CMS Groupware Project
changi67's avatar
changi67 committed
3
// 
4 5
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
changi67's avatar
changi67 committed
6
// $Id$
7 8

require_once ('tiki-setup.php');
9

10
$access->check_feature('feature_view_tpl');
11

12 13 14 15 16 17 18 19 20 21 22 23
// you have to have the perm view and edit to continue:
      // if view perm is set: continue
if  ( ($tiki_p_view_templates != 'y') ||
      // if edit perm is set: continue, else quit if user tries save/delete
      ($tiki_p_edit_templates != 'y' &&
        (isset($_REQUEST["save"]) ||
         isset($_REQUEST['saveTheme']) ||
         isset($_REQUEST['delete'])
        )
      )
    )
{ 
24
	$smarty->assign('errortype', 401);
25
	$smarty->assign('msg', tra("You don't have permission to use this feature"));
26

27
	$smarty->display("error.tpl");
28 29 30 31 32
	die;
}

if (!isset($_REQUEST["mode"])) {
	$mode = 'listing';
lrargerich's avatar
lrargerich committed
33
} else {
34
	$mode = $_REQUEST['mode'];
35 36
}

37
// Validate to prevent editing any file
38
if (isset($_REQUEST["template"])) {
39
	if (strstr($_REQUEST["template"], '..')) {
40
		$smarty->assign('errortype', 401);
41
		$smarty->assign('msg', tra("You do not have permission to do that"));
42

43 44 45
		$smarty->display('error.tpl');
		die;
	}
46 47
}

48 49 50
// do editing stuff only if you have the permission to:
if ($tiki_p_edit_templates == 'y') {
	if ((isset($_REQUEST["save"]) || isset($_REQUEST['saveTheme'])) && !empty($_REQUEST['template'])) {
51
		$access->check_feature('feature_edit_templates');
52 53 54 55 56 57 58 59 60 61 62
		check_ticket('edit-templates');
		if (isset($_REQUEST['saveTheme'])) {
			if (!empty($tikidomain)) {
				if (!is_dir($smarty->template_dir.'/'.$tikidomain.'/styles/'.$style_base))
					mkdir($smarty->template_dir.'/'.$tikidomain.'/styles/'.$style_base);
				$file = $smarty->template_dir.'/'.$tikidomain.'/styles/'.$style_base.'/'.$_REQUEST['template'];
			} else {
				if (!is_dir($smarty->template_dir.'/styles/'.$style_base))
					mkdir($smarty->template_dir.'/styles/'.$style_base);
				$file = $smarty->template_dir.'/styles/'.$style_base.'/'.$_REQUEST['template'];
			}
63
		} else {
64
			$file = $smarty->get_filename($_REQUEST['template']);
65
		}
66 67
		@$fp = fopen($file, 'w');
		if (!$fp) {
68
			$smarty->assign('errortype', 401);
69 70 71 72 73 74 75
			$smarty->assign('msg', tra("You do not have permission to write the template:").' '.$file);
			$smarty->display('error.tpl');
			die;
		}
		$_REQUEST["data"] = str_replace("\r\n","\n",$_REQUEST["data"]);
		fwrite($fp, $_REQUEST["data"]);
		fclose ($fp);
76
	}
77 78
	
	if (isset($_REQUEST['delete']) && !empty($_REQUEST['template'])) {
79 80 81 82
		$access->check_authenticity();
		$file = $smarty->get_filename($_REQUEST['template']);
		unlink($file);
		unset($_REQUEST['template']);
83
	}
84 85 86 87 88 89 90 91 92
}

if (isset($_REQUEST["template"])) {
	$mode = 'editing';
	$file = $smarty->get_filename($_REQUEST["template"]);
	if (strstr($file, '/styles/'))
		$style_local = 'y';
	else
		$style_local = 'n';
93
	$fp = fopen($file,'r');
94
	if (!$fp) {
95
		$smarty->assign('errortype', 401);
96
		$smarty->assign('msg', tra("You do not have permission to read the template"));
97
		$smarty->display("error.tpl");
98 99
		die;
	}
100
	$data = fread($fp, filesize($file));
101 102 103
	fclose ($fp);
	$smarty->assign('data', $data);
	$smarty->assign('template', $_REQUEST["template"]);
104
	$smarty->assign('style_local', $style_local);
105 106
}

107 108
if ($mode == 'listing') {
	// Get templates from the templates directory
109
	$local = 'styles/'.str_replace('.css', '', $prefs['style']).'/';
110
	$where = array('', 'mail/', 'map/', 'modules/', $local);
111
	$files = array();
112
	chdir($smarty->template_dir);
113
	foreach ($where as $w) {
114
		$files = array_merge($files, glob($w . '*.tpl'));
115
	}
116
	chdir($tikipath);
117
	$smarty->assign('files', $files);
118
}
119
$smarty->assign('mode', $mode);
120

121 122 123
if ($tiki_p_edit_templates == 'y') {
	ask_ticket('edit-templates');
}
124

125 126 127
// disallow robots to index page:
$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW');

128
// Get templates from the templates/modules directory
129
$smarty->assign('mid', 'tiki-edit_templates.tpl');
130
$smarty->display("tiki.tpl");