1<?php 2/** 3 * @package tikiwiki 4 */ 5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 6// 7// All Rights Reserved. See copyright.txt for details and a complete list of authors. 8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 9// $Id$ 10 11$inputConfiguration = [ 12 [ 'staticKeyFilters' => [ 13 'data' => 'none', 14 ]], 15]; 16 17 18require_once('tiki-setup.php'); 19 20$access->check_feature('feature_view_tpl'); 21 22// you have to have the perm view and edit to continue: 23 // if view perm is set: continue 24if (($tiki_p_view_templates != 'y') || 25 // if edit perm is set: continue, else quit if user tries save/delete 26 ($tiki_p_edit_templates != 'y' && 27 (isset($_REQUEST["save"]) || 28 isset($_REQUEST['saveTheme']) || 29 isset($_REQUEST['delete']) 30 ) 31 ) 32 ) { 33 $smarty->assign('errortype', 401); 34 $smarty->assign('msg', tra("You don't have permission to use this feature")); 35 36 $smarty->display("error.tpl"); 37 die; 38} 39 40if (! isset($_REQUEST["mode"])) { 41 $mode = 'listing'; 42} else { 43 $mode = $_REQUEST['mode']; 44} 45 46// Validate to prevent editing any file 47if (isset($_REQUEST["template"])) { 48 if (strstr($_REQUEST["template"], '..')) { 49 $smarty->assign('errortype', 401); 50 $smarty->assign('msg', tra("You do not have permission to do that")); 51 52 $smarty->display('error.tpl'); 53 die; 54 } 55} 56 57$relativeDirectories = ['', 'mail/', 'map/', 'modules/', 'styles/' . str_replace('.css', '', $prefs['style']) . '/']; 58 59// do editing stuff only if you have the permission to: 60if ($tiki_p_edit_templates == 'y') { 61 if ((isset($_REQUEST["save"]) || isset($_REQUEST['saveTheme'])) && ! empty($_REQUEST['template'])) { 62 $access->check_feature('feature_edit_templates'); 63 check_ticket('edit-templates'); 64 if (isset($_REQUEST['saveTheme'])) { 65 $domainStyleTemplatesDirectory = $smarty->main_template_dir; 66 if (! empty($tikidomain)) { 67 $domainStyleTemplatesDirectory .= '/' . $tikidomain; 68 } 69 $domainStyleTemplatesDirectory .= '/styles/' . $style_base; 70 if (! is_dir($domainStyleTemplatesDirectory)) { 71 mkdir($domainStyleTemplatesDirectory); 72 } 73 $file = $domainStyleTemplatesDirectory . '/' . $_REQUEST['template']; 74 $relativeDirectory = dirname($_REQUEST['template']); 75 if ($relativeDirectory && ! is_dir($domainStyleTemplatesDirectory . '/' . $relativeDirectory)) { 76 if (in_array($relativeDirectory . '/', $relativeDirectories)) { 77 mkdir($domainStyleTemplatesDirectory . '/' . $relativeDirectory); 78 } else { 79 $smarty->assign('msg', tr('Template directory %0 unknown', $relativeDirectory)); 80 $smarty->display('error.tpl'); 81 } 82 } 83 } else { 84 $file = $smarty->get_filename($_REQUEST['template']); 85 } 86 @$fp = fopen($file, 'w'); 87 if (! $fp) { 88 $smarty->assign('errortype', 401); 89 $smarty->assign('msg', tra("You do not have permission to write the template:") . ' ' . $file); 90 $smarty->display('error.tpl'); 91 die; 92 } 93 $_REQUEST["data"] = str_replace("\r\n", "\n", $_REQUEST["data"]); 94 fwrite($fp, $_REQUEST["data"]); 95 fclose($fp); 96 } 97 98 if (isset($_REQUEST['delete']) && ! empty($_REQUEST['template'])) { 99 $access->check_authenticity(); 100 $file = $smarty->get_filename($_REQUEST['template']); 101 unlink($file); 102 unset($_REQUEST['template']); 103 } 104} 105 106if (isset($_REQUEST["template"])) { 107 $mode = 'editing'; 108 $file = $smarty->get_filename($_REQUEST["template"]); 109 if (strstr($file, '/styles/')) { 110 $style_local = 'y'; 111 } else { 112 $style_local = 'n'; 113 } 114 $fp = fopen($file, 'r'); 115 if (! $fp) { 116 $smarty->assign('errortype', 401); 117 $smarty->assign('msg', tra("You do not have permission to read the template")); 118 $smarty->display("error.tpl"); 119 die; 120 } 121 $data = fread($fp, filesize($file)); 122 fclose($fp); 123 $smarty->assign('data', $data); 124 $smarty->assign('template', $_REQUEST["template"]); 125 $smarty->assign('style_local', $style_local); 126} 127 128if ($mode == 'listing') { 129 // Get templates from the templates directory 130 $files = []; 131 chdir($smarty->main_template_dir); 132 foreach ($relativeDirectories as $relativeDirectory) { 133 $files = array_merge($files, glob($relativeDirectory . '*.tpl')); 134 } 135 chdir($tikipath); 136 $smarty->assign('files', $files); 137} 138$smarty->assign('mode', $mode); 139 140if ($tiki_p_edit_templates == 'y') { 141 ask_ticket('edit-templates'); 142} 143 144// disallow robots to index page: 145$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW'); 146 147// Get templates from the templates/modules directory 148$smarty->assign('mid', 'tiki-edit_templates.tpl'); 149$smarty->display("tiki.tpl"); 150