1<?php
2/**
3 * @package tikiwiki
4 */
5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
6//
7// All Rights Reserved. See copyright.txt for details and a complete list of authors.
8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
9// $Id$
10
11$inputConfiguration = [
12	[ 'staticKeyFilters' => [
13	'data' => 'none',
14	]],
15];
16
17
18require_once('tiki-setup.php');
19
20$access->check_feature('feature_view_tpl');
21
22// you have to have the perm view and edit to continue:
23	  // if view perm is set: continue
24if (($tiki_p_view_templates != 'y') ||
25	  // if edit perm is set: continue, else quit if user tries save/delete
26	  ($tiki_p_edit_templates != 'y' &&
27		(isset($_REQUEST["save"]) ||
28		 isset($_REQUEST['saveTheme']) ||
29		 isset($_REQUEST['delete'])
30		)
31	  )
32	) {
33	$smarty->assign('errortype', 401);
34	$smarty->assign('msg', tra("You don't have permission to use this feature"));
35
36	$smarty->display("error.tpl");
37	die;
38}
39
40if (! isset($_REQUEST["mode"])) {
41	$mode = 'listing';
42} else {
43	$mode = $_REQUEST['mode'];
44}
45
46// Validate to prevent editing any file
47if (isset($_REQUEST["template"])) {
48	if (strstr($_REQUEST["template"], '..')) {
49		$smarty->assign('errortype', 401);
50		$smarty->assign('msg', tra("You do not have permission to do that"));
51
52		$smarty->display('error.tpl');
53		die;
54	}
55}
56
57$relativeDirectories = ['', 'mail/', 'map/', 'modules/', 'styles/' . str_replace('.css', '', $prefs['style']) . '/'];
58
59// do editing stuff only if you have the permission to:
60if ($tiki_p_edit_templates == 'y') {
61	if ((isset($_REQUEST["save"]) || isset($_REQUEST['saveTheme'])) && ! empty($_REQUEST['template'])) {
62		$access->check_feature('feature_edit_templates');
63		check_ticket('edit-templates');
64		if (isset($_REQUEST['saveTheme'])) {
65			$domainStyleTemplatesDirectory = $smarty->main_template_dir;
66			if (! empty($tikidomain)) {
67				$domainStyleTemplatesDirectory .= '/' . $tikidomain;
68			}
69			$domainStyleTemplatesDirectory .= '/styles/' . $style_base;
70			if (! is_dir($domainStyleTemplatesDirectory)) {
71				mkdir($domainStyleTemplatesDirectory);
72			}
73			$file = $domainStyleTemplatesDirectory . '/' . $_REQUEST['template'];
74			$relativeDirectory = dirname($_REQUEST['template']);
75			if ($relativeDirectory && ! is_dir($domainStyleTemplatesDirectory . '/' . $relativeDirectory)) {
76				if (in_array($relativeDirectory . '/', $relativeDirectories)) {
77					mkdir($domainStyleTemplatesDirectory . '/' . $relativeDirectory);
78				} else {
79					$smarty->assign('msg', tr('Template directory %0 unknown', $relativeDirectory));
80					$smarty->display('error.tpl');
81				}
82			}
83		} else {
84			$file = $smarty->get_filename($_REQUEST['template']);
85		}
86		@$fp = fopen($file, 'w');
87		if (! $fp) {
88			$smarty->assign('errortype', 401);
89			$smarty->assign('msg', tra("You do not have permission to write the template:") . ' ' . $file);
90			$smarty->display('error.tpl');
91			die;
92		}
93		$_REQUEST["data"] = str_replace("\r\n", "\n", $_REQUEST["data"]);
94		fwrite($fp, $_REQUEST["data"]);
95		fclose($fp);
96	}
97
98	if (isset($_REQUEST['delete']) && ! empty($_REQUEST['template'])) {
99		$access->check_authenticity();
100		$file = $smarty->get_filename($_REQUEST['template']);
101		unlink($file);
102		unset($_REQUEST['template']);
103	}
104}
105
106if (isset($_REQUEST["template"])) {
107	$mode = 'editing';
108	$file = $smarty->get_filename($_REQUEST["template"]);
109	if (strstr($file, '/styles/')) {
110		$style_local = 'y';
111	} else {
112		$style_local = 'n';
113	}
114	$fp = fopen($file, 'r');
115	if (! $fp) {
116		$smarty->assign('errortype', 401);
117		$smarty->assign('msg', tra("You do not have permission to read the template"));
118		$smarty->display("error.tpl");
119		die;
120	}
121	$data = fread($fp, filesize($file));
122	fclose($fp);
123	$smarty->assign('data', $data);
124	$smarty->assign('template', $_REQUEST["template"]);
125	$smarty->assign('style_local', $style_local);
126}
127
128if ($mode == 'listing') {
129	// Get templates from the templates directory
130	$files = [];
131	chdir($smarty->main_template_dir);
132	foreach ($relativeDirectories as $relativeDirectory) {
133		$files = array_merge($files, glob($relativeDirectory . '*.tpl'));
134	}
135	chdir($tikipath);
136	$smarty->assign('files', $files);
137}
138$smarty->assign('mode', $mode);
139
140if ($tiki_p_edit_templates == 'y') {
141	ask_ticket('edit-templates');
142}
143
144// disallow robots to index page:
145$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW');
146
147// Get templates from the templates/modules directory
148$smarty->assign('mid', 'tiki-edit_templates.tpl');
149$smarty->display("tiki.tpl");
150