source: trunk/admin/themes_new.php @ 14584

Last change on this file since 14584 was 13962, checked in by plg, 12 years ago

merge r13961 from branch 2.3 to trunk

bug 2612 fixed: sanitize $_GETinstallstatus before display for
themes/languages/plugins installation

File size: 5.0 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2012 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if( !defined("PHPWG_ROOT_PATH") )
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');
30
31$base_url = get_root_url().'admin.php?page='.$page['page'].'&tab='.$page['tab'];
32
33$themes = new themes();
34
35// +-----------------------------------------------------------------------+
36// |                           setup check                                 |
37// +-----------------------------------------------------------------------+
38
39$themes_dir = PHPWG_ROOT_PATH.'themes';
40if (!is_writable($themes_dir))
41{
42  array_push(
43    $page['errors'],
44    sprintf(
45      l10n('Add write access to the "%s" directory'),
46      'themes'
47      )
48    );
49}
50
51// +-----------------------------------------------------------------------+
52// |                       perform installation                            |
53// +-----------------------------------------------------------------------+
54
55if (isset($_GET['revision']) and isset($_GET['extension']))
56{
57  if (!is_webmaster())
58  {
59    array_push($page['errors'], l10n('Webmaster status is required.'));
60  }
61  else
62  {
63    check_pwg_token();
64
65    $install_status = $themes->extract_theme_files(
66      'install',
67      $_GET['revision'],
68      $_GET['extension']
69      );
70   
71    redirect($base_url.'&installstatus='.$install_status);
72  }
73}
74
75// +-----------------------------------------------------------------------+
76// |                        installation result                            |
77// +-----------------------------------------------------------------------+
78
79if (isset($_GET['installstatus']))
80{
81  switch ($_GET['installstatus'])
82  {
83    case 'ok':
84      array_push(
85        $page['infos'],
86        l10n('Theme has been successfully installed')
87        );
88      break;
89
90    case 'temp_path_error':
91      array_push($page['errors'], l10n('Can\'t create temporary file.'));
92      break;
93
94    case 'dl_archive_error':
95      array_push($page['errors'], l10n('Can\'t download archive.'));
96      break;
97
98    case 'archive_error':
99      array_push($page['errors'], l10n('Can\'t read or extract archive.'));
100      break;
101
102    default:
103      array_push(
104        $page['errors'],
105        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus']))
106        );
107  } 
108}
109
110// +-----------------------------------------------------------------------+
111// |                          template output                              |
112// +-----------------------------------------------------------------------+
113
114$template->set_filenames(array('themes' => 'themes_new.tpl'));
115
116if ($themes->get_server_themes(true)) // only new themes
117{
118  foreach($themes->server_themes as $theme)
119  {
120    $url_auto_install = htmlentities($base_url)
121      . '&amp;revision=' . $theme['revision_id']
122      . '&amp;extension=' . $theme['extension_id']
123      . '&amp;pwg_token='.get_pwg_token()
124      ;
125
126    $template->append(
127      'new_themes',
128      array(
129        'name' => $theme['extension_name'],
130        'thumbnail' => PEM_URL.'/upload/extension-'.$theme['extension_id'].'/thumbnail.jpg',
131        'screenshot' => PEM_URL.'/upload/extension-'.$theme['extension_id'].'/screenshot.jpg',
132        'install_url' => $url_auto_install,
133        )
134      );
135  }
136}
137else
138{
139  array_push($page['errors'], l10n('Can\'t connect to server.'));
140}
141
142$template->assign('default_screenshot',
143  get_root_url().'admin/themes/'.$conf['admin_theme'].'/images/missing_screenshot.png'
144);
145
146$template->assign_var_from_handle('ADMIN_CONTENT', 'themes');
147?>
Note: See TracBrowser for help on using the repository browser.