Nucleus CMS日本語版用プラグインのうち、日本語版開発者がサポートしているもの
Revision | 9467719a2b6b2359f139912ec8d3eac75971ab3f (tree) |
---|---|
Time | 2006-10-02 16:30:33 |
Author | shizuki <shizuki@1ca2...> |
Commiter | shizuki |
Security fix
git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/plugin@395 1ca29b6e-896d-4ea0-84a5-967f57386b96
@@ -1,29 +1,41 @@ | ||
1 | 1 | <? |
2 | -// plugin needs to work on Nucleus versions <=2.0 as well | |
3 | -if (!function_exists('sql_table')){ | |
4 | - function sql_table($name) { | |
5 | - return 'nucleus_' . $name; | |
6 | - } | |
7 | -} | |
2 | +/** | |
3 | + * | |
4 | + * 0.93 sec fix | |
5 | + * subcategory link bug fix | |
6 | + * | |
7 | + */ | |
8 | 8 | |
9 | +class NP_Dtree extends NucleusPlugin | |
10 | +{ | |
9 | 11 | |
10 | -class NP_Dtree extends NucleusPlugin { | |
11 | - function getName() { | |
12 | + function getName() | |
13 | + { | |
12 | 14 | return 'Navigation Tree'; |
13 | 15 | } |
14 | - function getAuthor() { | |
15 | - return 'nakahara21'; | |
16 | + | |
17 | + function getAuthor() | |
18 | + { | |
19 | + return 'nakahara21 + shizuki'; | |
16 | 20 | } |
17 | - function getURL() { | |
21 | + | |
22 | + function getURL() | |
23 | + { | |
18 | 24 | return 'http://nakahara21.com/'; |
19 | 25 | } |
20 | - function getVersion() { | |
21 | - return '0.92'; | |
26 | + | |
27 | + function getVersion() | |
28 | + { | |
29 | + return '0.93'; | |
22 | 30 | } |
23 | - function getDescription() { | |
31 | + | |
32 | + function getDescription() | |
33 | + { | |
24 | 34 | return 'Show Navigation Tree. Usage: <%Dtree()%>'; |
25 | 35 | } |
26 | - function supportsFeature($what) { | |
36 | + | |
37 | + function supportsFeature($what) | |
38 | + { | |
27 | 39 | switch($what){ |
28 | 40 | case 'SqlTablePrefix': |
29 | 41 | return 1; |
@@ -32,33 +44,52 @@ class NP_Dtree extends NucleusPlugin { | ||
32 | 44 | } |
33 | 45 | } |
34 | 46 | |
35 | - function doSkinVar($skinType, $itemid=0) { | |
47 | + function doSkinVar($skinType, $itemid=0) | |
48 | + { | |
36 | 49 | global $blogid, $catid, $subcatid; |
50 | + if (is_numeric($blogid)) { | |
51 | + $blogid = intval($blogid); | |
52 | + } else { | |
53 | + $id = getBlogIDFromName($blogid); | |
54 | + $blogid = intval($id); | |
55 | + } | |
56 | + $itemid = intval($itemid); | |
57 | + $catid = intval($catid); | |
58 | + $subcatid = intval($subcatid); | |
37 | 59 | |
38 | - $randomID = 'tree'.uniqid(rand()); | |
60 | + $randomID = 'tree' . uniqid(rand()); | |
39 | 61 | |
40 | - echo '<script type="text/javascript" src="'.$this->getAdminURL().'dtree.php"></script>'; | |
62 | + echo '<script type="text/javascript" src="' . | |
63 | + htmlspecialchars($this->getAdminURL()) . 'dtree.php"></script>'; | |
41 | 64 | |
42 | - if($skinType == 'template'){ | |
43 | - echo '<script type="text/javascript" src="' . $this->getAdminURL() . 'dtreedata.php?o='.$randomID.'a&bid=' . $blogid . '&id='.$itemid.'"></script>'; | |
44 | - echo '<a href="javascript: '.$randomID.'a.openAll();">open all</a> | <a href="javascript: '.$randomID.'a.closeAll();">close all</a>'; | |
65 | + if ($skinType == 'template') { | |
66 | + echo '<script type="text/javascript" src="' . | |
67 | + htmlspecialchars($this->getAdminURL()) . 'dtreedata.php?o=' . | |
68 | + $randomID.'a&bid=' . $blogid . '&id=' . $itemid . '"></script>'; | |
69 | + echo '<a href="javascript: ' . $randomID . 'a.openAll();">open all</a>' . | |
70 | + ' | <a href="javascript: ' . $randomID . 'a.closeAll();">close all</a>'; | |
45 | 71 | return; |
46 | 72 | } |
47 | 73 | |
48 | 74 | $eq = ''; |
49 | - if($catid) | |
50 | - $eq .= '&cid='.$catid; | |
51 | - if($subcatid) | |
52 | - $eq .= '&sid='.$subcatid; | |
75 | + if (!empty($catid)) { | |
76 | + } $eq .= '&cid=' . $catid; | |
77 | + if (!empty($subcatid)) { | |
78 | + $eq .= '&sid=' . $subcatid; | |
79 | + } | |
53 | 80 | |
54 | - echo '<script type="text/javascript" src="' . $this->getAdminURL() . 'dtreedata.php?o='.$randomID.'d&bid=' . $blogid . $eq . '"></script>'; | |
55 | - echo '<a href="javascript: '.$randomID.'d.openAll();">open all</a> | <a href="javascript: '.$randomID.'d.closeAll();">close all</a>'; | |
81 | + echo '<script type="text/javascript" src="' . | |
82 | + htmlspecialchars($this->getAdminURL()) . 'dtreedata.php?o=' . $randomID . 'd&bid=' . | |
83 | + $blogid . $eq . '"></script>'; | |
84 | + echo '<a href="javascript: '.$randomID.'d.openAll();">open all</a>' . | |
85 | + ' | <a href="javascript: ' . $randomID . 'd.closeAll();">close all</a>'; | |
56 | 86 | |
57 | 87 | } |
58 | 88 | |
59 | - function doTemplateVar(&$item) { | |
60 | - $this->doSkinVar('template', $item->itemid); | |
61 | - } | |
89 | + function doTemplateVar(&$item) | |
90 | + { | |
91 | + $this->doSkinVar('template', $item->itemid); | |
92 | + } | |
62 | 93 | |
63 | 94 | } |
64 | 95 | ?> |
\ No newline at end of file |
@@ -25,7 +25,7 @@ function Node(id, pid, name, url, title, target, icon, iconOpen, open) { | ||
25 | 25 | |
26 | 26 | // Tree object |
27 | 27 | function dTree(objName) { |
28 | - this.config = { target : null, folderLinks : true, useSelection : false, useCookies : false, useLines : true, useIcons : true, useStatusText : false, closeSameLevel : false, inOrder : false } | |
28 | + this.config = { target : null, folderLinks : true, useSelection : false, useCookies : false, useLines : true, useIcons : true, useStatusText : false, closeSameLevel : false, inOrder : false } | |
29 | 29 | this.icon = { |
30 | 30 | root : imgpath + 'img/base.gif', folder : imgpath + 'img/folder.gif', folderOpen : imgpath + 'img/folderopen.gif', // node : imgpath + 'img/page.gif', node : imgpath + 'img/folder.gif', empty : imgpath + 'img/empty.gif', line : imgpath + 'img/line.gif', join : imgpath + 'img/join.gif', joinBottom : imgpath + 'img/joinbottom.gif', plus : imgpath + 'img/plus.gif', plusBottom : imgpath + 'img/plusbottom.gif', minus : imgpath + 'img/minus.gif', minusBottom : imgpath + 'img/minusbottom.gif', nlPlus : imgpath + 'img/nolines_plus.gif', nlMinus : imgpath + 'img/nolines_minus.gif' |
31 | 31 | }; |
@@ -1,16 +1,34 @@ | ||
1 | 1 | <?php |
2 | - $strRel = '../../../'; | |
3 | - include($strRel . 'config.php'); | |
2 | +// $strRel = '../../../'; | |
3 | +// include($strRel . 'config.php'); | |
4 | 4 | |
5 | 5 | $usePathInfo = ($CONF['URLMode'] == 'pathinfo'); |
6 | 6 | |
7 | - if ($usePathInfo) | |
8 | - include($strRel . 'fancyurls.config.php'); | |
7 | + if ($usePathInfo) { | |
8 | + if (empty($CONF['ItemKey'])) { | |
9 | + $CONF['ItemKey'] = 'item'; | |
10 | + } | |
11 | + if (empty($CONF['ArchiveKey'])) { | |
12 | + $CONF['ArchiveKey'] = 'archive'; | |
13 | + } | |
14 | + if (empty($CONF['ArchivesKey'])) { | |
15 | + $CONF['ArchivesKey'] = 'archives'; | |
16 | + } | |
17 | + if (empty($CONF['MemberKey'])) { | |
18 | + $CONF['MemberKey'] = 'member'; | |
19 | + } | |
20 | + if (empty($CONF['BlogKey'])) { | |
21 | + $CONF['BlogKey'] = 'blog'; | |
22 | + } | |
23 | + if (empty($CONF['CategoryKey'])) { | |
24 | + $CONF['CategoryKey'] = 'category'; | |
25 | + } | |
26 | + } | |
9 | 27 | |
10 | - $CategoryKey = ($usePathInfo)? $CONF['CategoryKey']: 'catid'; | |
28 | + $CategoryKey = ($usePathInfo) ? $CONF['CategoryKey'] : 'catid'; | |
11 | 29 | |
12 | 30 | $objectId = requestVar('o'); |
13 | - $blogid = requestVar('bid'); | |
31 | + $blogid = intval(requestVar('bid')); | |
14 | 32 | $blogname = getBlogNameFromID($blogid); |
15 | 33 | |
16 | 34 | $b =& $manager->getBlog($blogid); |
@@ -31,8 +49,10 @@ | ||
31 | 49 | } |
32 | 50 | } |
33 | 51 | } |
34 | - if ($usePathInfo){ | |
35 | - if(substr($blogurl, -1) == '/') $blogurl = substr($blogurl,0,-1); | |
52 | + if ($usePathInfo) { | |
53 | + if (substr($blogurl, -1) == '/') { | |
54 | + $blogurl = substr($blogurl, 0, -1); | |
55 | + } | |
36 | 56 | } |
37 | 57 | |
38 | 58 | $CONF['BlogURL'] = $blogurl; |
@@ -42,105 +62,110 @@ | ||
42 | 62 | $CONF['ArchiveListURL'] = $blogurl; |
43 | 63 | $CONF['SearchURL'] = $blogurl; |
44 | 64 | |
45 | - echo $objectId." = new dTree('".$objectId."');\n"; | |
65 | + echo $objectId . " = new dTree('" . htmlspecialchars($objectId) . "');\n"; | |
46 | 66 | |
47 | - echo $objectId.".add(0,-1,'".$blogname."');\n"; | |
67 | + echo $objectId . ".add(0,-1,'" . htmlspecialchars($blogname) . "');\n"; | |
48 | 68 | |
49 | - $res = sql_query("SELECT * FROM ".sql_table('category')." WHERE cblog= ".$blogid); | |
69 | + $res = sql_query("SELECT * FROM " . sql_table('category') . " WHERE cblog = " . $blogid); | |
50 | 70 | $n = 1; |
51 | - while($o = mysql_fetch_object($res)){ | |
52 | - $catid = $o->catid; | |
71 | + while ($o = mysql_fetch_object($res)) { | |
72 | + $catid = intval($o->catid); | |
53 | 73 | $nodeArray[cat][$catid] = $n; |
54 | 74 | // $url = createBlogidLink($blogid, array('catid'=>$catid)); |
55 | 75 | $url = createCategoryLink($catid); |
56 | 76 | // $url = createBlogidLink($blogid, array("$CategoryKey"=>$catid)); |
57 | - echo $objectId.".add(".$n.",0,'".$o->cname."','".$url."');\n"; | |
77 | + echo $objectId . ".add(" . $n . ",0,'" . htmlspecialchars($o->cname) . "','" . htmlspecialchars($url) . "');\n"; | |
58 | 78 | $catFilter[] = $catid; |
59 | 79 | $n++; |
60 | 80 | } |
61 | 81 | |
62 | 82 | global $manager; |
63 | - if (!$manager->pluginInstalled('NP_MultipleCategories')){ | |
64 | - echo 'document.write('.$objectId.');'; | |
65 | - if($itemid = requestVar('id')){ | |
66 | - $catid = quickQuery('SELECT icat as result FROM '.sql_table('item').' WHERE inumber='.intval($itemid)); | |
67 | - $nodeId = 's'.$objectId.$nodeArray[cat][$catid]; | |
68 | - echo "document.getElementById('".$nodeId."').className = 'selectedNode';"; | |
83 | + if (!$manager->pluginInstalled('NP_MultipleCategories')) { | |
84 | + $mPlugin =& $manager->getPlugin('NP_MultipleCategories'); | |
85 | + $subrequest = $mPlugin->getRequestName(); | |
86 | + echo 'document.write(' . $objectId . ');'; | |
87 | + if ($itemid = intval(requestVar('id'))) { | |
88 | + $catid = quickQuery('SELECT icat as result FROM ' . sql_table('item') . ' WHERE inumber = ' . $itemid); | |
89 | + $nodeId = 's' . $objectId . $nodeArray[cat][$catid]; | |
90 | + echo "document.getElementById('" . htmlspecialchars($nodeId) . "').className = 'selectedNode';"; | |
69 | 91 | } |
70 | 92 | return; |
71 | 93 | } |
72 | 94 | |
73 | - if($catFilter[1]){ | |
74 | - $catFilter = @join(',',$catFilter); | |
75 | - $catFilter = ' IN ('.$catFilter.')'; | |
76 | - }else{ | |
77 | - $catFilter = '='.$catFilter; | |
95 | + if ($catFilter[1]) { | |
96 | + $catFilter = @join(',', $catFilter); | |
97 | + $catFilter = ' IN (' . $catFilter . ')'; | |
98 | + } else { | |
99 | + $catFilter = '=' . $catFilter; | |
78 | 100 | } |
79 | 101 | |
80 | - $query = "SELECT * FROM ".sql_table('plug_multiple_categories_sub')." WHERE catid".$catFilter; | |
102 | + $query = "SELECT * FROM " . sql_table('plug_multiple_categories_sub') . " WHERE catid" . $catFilter; | |
81 | 103 | $res = sql_query($query); |
82 | - while($o = mysql_fetch_object($res)){ | |
83 | - $scatid = $o->scatid; | |
104 | + while ($o = mysql_fetch_object($res)) { | |
105 | + $scatid = intval($o->scatid); | |
84 | 106 | $nodeArray[subcat][$scatid] = $n; |
85 | 107 | $n++; |
86 | 108 | } |
87 | - $query = "SELECT * FROM ".sql_table('plug_multiple_categories_sub')." WHERE catid".$catFilter; | |
109 | + $query = "SELECT * FROM " . sql_table('plug_multiple_categories_sub') . " WHERE catid" . $catFilter; | |
88 | 110 | $res = sql_query($query); |
89 | - while($u = mysql_fetch_object($res)){ | |
90 | - $scatid = $u->scatid; | |
111 | + while ($u = mysql_fetch_object($res)) { | |
112 | + $scatid = intval($u->scatid); | |
91 | 113 | // $url = createBlogidLink($blogid, array('catid'=>$u->catid, 'subcatid'=>$scatid)); |
92 | - $url = createCategoryLink($u->catid, array('subcatid'=>$scatid)); | |
114 | + $url = createCategoryLink($u->catid, array($subrequest => $scatid)); | |
93 | 115 | // $url = createBlogidLink($blogid, array("$CategoryKey"=>$u->catid, 'subcatid'=>$scatid)); |
94 | - $pnode = ($u->parentid)? $nodeArray[subcat][$u->parentid]: $nodeArray[cat][$u->catid]; | |
95 | - echo $objectId.".add(".$nodeArray[subcat][$u->scatid].",".$pnode.",'".$u->sname."','".$url."');\n"; | |
116 | + $pnode = ($u->parentid) ? $nodeArray[subcat][$u->parentid] : $nodeArray[cat][$u->catid]; | |
117 | + echo $objectId . ".add(" . $nodeArray[subcat][$u->scatid] . "," . $pnode . ",'" . htmlspecialchars($u->sname) . "','" . $url . "');\n"; | |
96 | 118 | } |
97 | 119 | |
98 | 120 | echo "document.write(".$objectId.");\n"; |
99 | 121 | |
100 | 122 | |
101 | - if(requestVar('sid')){ | |
102 | - $cid = requestVar('sid'); | |
103 | - $nodeId = 's'.$objectId.$nodeArray[subcat][$sid]; | |
104 | - echo "document.getElementById('".$nodeId."').className = 'urlselected';\n"; | |
105 | - echo $objectId.".openTo(".$nodeArray[subcat][$sid].", true);\n"; | |
106 | - }elseif(requestVar('cid')){ | |
107 | - $cid = requestVar('cid'); | |
108 | - $nodeId = 's'.$objectId.$nodeArray[cat][$cid]; | |
109 | - echo "document.getElementById('".$nodeId."').className = 'urlselected';\n"; | |
110 | - echo $objectId.".openTo(".$nodeArray[cat][$cid].", true);\n"; | |
123 | + if (requestVar('sid')) { | |
124 | + $sid = intval(requestVar('sid')); | |
125 | + $nodeId = 's' . $objectId . $nodeArray[subcat][$sid]; | |
126 | + echo "document.getElementById('" . $nodeId . "').className = 'urlselected';\n"; | |
127 | + echo $objectId . ".openTo(" . $nodeArray[subcat][$sid] . ", true);\n"; | |
128 | + } elseif(requestVar('cid')) { | |
129 | + $cid = intval(requestVar('cid')); | |
130 | + $nodeId = 's' . $objectId . $nodeArray[cat][$cid]; | |
131 | + echo "document.getElementById('" . $nodeId . "').className = 'urlselected';\n"; | |
132 | + echo $objectId . ".openTo(" . $nodeArray[cat][$cid] . ", true);\n"; | |
111 | 133 | } |
112 | 134 | |
113 | 135 | |
114 | 136 | |
115 | - if($itemid = requestVar('id')){ | |
116 | - $catid = quickQuery('SELECT icat as result FROM '.sql_table('item').' WHERE inumber='.intval($itemid)); | |
117 | - $nodeId = 's'.$objectId.$nodeArray[cat][$catid]; | |
118 | - echo "document.getElementById('".$nodeId."').className = 'selectedNode';\n"; | |
137 | + if ($itemid = requestVar('id')) { | |
138 | + $catid = quickQuery('SELECT icat as result FROM ' . sql_table('item') . ' WHERE inumber = ' . intval($itemid)); | |
139 | + $nodeId = 's' . $objectId.$nodeArray[cat][$catid]; | |
140 | + echo "document.getElementById('" . $nodeId . "').className = 'selectedNode';\n"; | |
119 | 141 | |
120 | 142 | //multi catid |
121 | - if($catids = quickQuery('SELECT categories as result FROM '.sql_table('plug_multiple_categories').' WHERE item_id='.intval($itemid))){ | |
122 | - $catids = explode(',',$catids); | |
123 | - for($i=0;$i<count($catids);$i++){ | |
124 | - $catidTemp = $catids[$i]; | |
125 | - if($catidTemp != $catid){ | |
126 | - $nodeId = 's'.$objectId.$nodeArray[cat][$catidTemp]; | |
127 | - echo "document.getElementById('".$nodeId."').className = 'selectedCatNode';\n"; | |
143 | + $que = 'SELECT categories as result FROM %s WHERE item_id = %d'; | |
144 | + $catids = quickQuery(sprintf($que, sql_table('plug_multiple_categories'), intval($itemid))); | |
145 | + if ($catids) { | |
146 | + $catids = explode(',', $catids); | |
147 | + for ($i=0;$i<count($catids);$i++) { | |
148 | + $catidTemp = intval($catids[$i]); | |
149 | + if ($catidTemp != $catid) { | |
150 | + $nodeId = 's' . $objectId . $nodeArray[cat][$catidTemp]; | |
151 | + echo "document.getElementById('" . $nodeId . "').className = 'selectedCatNode';\n"; | |
128 | 152 | } |
129 | 153 | } |
130 | 154 | } |
131 | 155 | |
132 | 156 | //(multi) subcatid |
133 | - if($scatids = quickQuery('SELECT subcategories as result FROM '.sql_table('plug_multiple_categories').' WHERE item_id='.intval($itemid))){ | |
134 | - $scatids = explode(',',$scatids); | |
135 | - for($i=0;$i<count($scatids);$i++){ | |
136 | - $scatid = $scatids[$i]; | |
137 | - $nodeId = 's'.$objectId.$nodeArray[subcat][$scatid]; | |
138 | - echo "document.getElementById('".$nodeId."').className = 'selectedScatNode';\n"; | |
139 | - echo $objectId.".openTo(".$nodeArray[subcat][$scatid].", true);\n"; | |
157 | + $que = 'SELECT subcategories as result FROM %s WHERE item_id = %d'; | |
158 | + $scatids = quickQuery(sprintf($que, sql_table('plug_multiple_categories'), intval($itemid))); | |
159 | + if ($scatids) { | |
160 | + $scatids = explode(',', $scatids); | |
161 | + for ($i=0;$i<count($scatids);$i++) { | |
162 | + $scatid = intval($scatids[$i]); | |
163 | + $nodeId = 's' . $objectId . $nodeArray[subcat][$scatid]; | |
164 | + echo "document.getElementById('" . $nodeId . "').className = 'selectedScatNode';\n"; | |
165 | + echo $objectId . ".openTo(" . $nodeArray[subcat][$scatid] . ", true);\n"; | |
140 | 166 | } |
141 | 167 | } |
142 | 168 | } |
143 | 169 | |
144 | 170 | |
145 | -?> | |
146 | - | |
171 | +?> | |
\ No newline at end of file |