Work on module website

Conflicts: htdocs/websites/index.php

Work on module website
fb3f6972 · Laurent Destailleur · 4cf01bc6 · fb3f6972 · fb3f6972 · fb3f6972
Commit fb3f6972 authored 8 years ago by Laurent Destailleur
--- a/htdocs/public/websites/index.php
+++ b/htdocs/public/websites/index.php
@@ -17,8 +17,8 @@

 /**
 *     	\file       htdocs/public/websites/index.php
- *		\ingroup    core
- *		\brief      A redirect page to an error
+ *		\ingroup    website
+ *		\brief      Page to output pages
 *		\author	    Laurent Destailleur
 */

@@ -90,14 +90,14 @@ if (empty($pageid))
 // Security: Delete string ../ into $original_file
 global $dolibarr_main_data_root;

-if ($pageid == 'css')
+if ($pageid == 'css')   // No more used ?
 {
    header('Content-type: text/css');
    // Important: Following code is to avoid page request by browser and PHP CPU at each Dolibarr page access.
    //if (empty($dolibarr_nocache)) header('Cache-Control: max-age=3600, public, must-revalidate');
    //else 
    header('Cache-Control: no-cache');
-    $original_file=$dolibarr_main_data_root.'/websites/'.$website.'/styles.css';
+    $original_file=$dolibarr_main_data_root.'/websites/'.$website.'/styles.css.php';
 }
 else
 {
@@ -142,7 +142,11 @@ if (! file_exists($original_file_osencoded))
    exit;
 }

+
+// Output page content
+print "\n".'<!-- Page content '.$original_file.' : Html with CSS link + Body was saved into tpl -->'."\n";
 include_once $original_file_osencoded;

+
 if (is_object($db)) $db->close();

--- a/htdocs/public/websites/styles.css.php
+++ b/htdocs/public/websites/styles.css.php
+<?php
+/* Copyright (C) 2016 Laurent Destailleur  <eldy@users.sourceforge.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ *     	\file       htdocs/public/websites/styles.css.php
+ *		\ingroup    website
+ *		\brief      Page to output style page
+ *		\author	    Laurent Destailleur
+ */
+
+define('NOTOKENRENEWAL',1); // Disables token renewal
+define("NOLOGIN",1);
+define("NOCSRFCHECK",1);	// We accept to go on this page from external web site.
+if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1');
+if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1');
+if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1');
+
+/**
+ * Header empty
+ *
+ * @return	void
+ */
+function llxHeader() { }
+/**
+ * Footer empty
+ *
+ * @return	void
+ */
+function llxFooter() { }
+
+require '../../master.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+
+
+$error=0;
+$website=GETPOST('website', 'alpha');
+$pageid=GETPOST('page', 'alpha')?GETPOST('page', 'alpha'):GETPOST('pageid', 'alpha');
+
+$accessallowed = 1;
+$type='';
+
+
+/*
+ * View
+ */
+
+$appli=constant('DOL_APPLICATION_TITLE');
+if (!empty($conf->global->MAIN_APPLICATION_TITLE)) $appli=$conf->global->MAIN_APPLICATION_TITLE;
+
+//print 'Directory with '.$appli.' websites.<br>';
+
+if (empty($pageid))
+{
+    require_once DOL_DOCUMENT_ROOT.'/websites/class/website.class.php';
+    require_once DOL_DOCUMENT_ROOT.'/websites/class/websitepage.class.php';
+    
+    $object=new Website($db);
+    $object->fetch(0, $website);
+    
+    $objectpage=new WebsitePage($db);
+    $array=$objectpage->fetchAll($object->id);
+    
+    if (count($array) > 0)
+    {
+        $firstrep=reset($array);
+        $pageid=$firstrep->id;
+    }
+}
+if (empty($pageid))
+{
+    $langs->load("website");
+    print $langs->trans("PreviewOfSiteNotYetAvailable");
+    exit;
+}
+
+// Security: Delete string ../ into $original_file
+global $dolibarr_main_data_root;
+
+$original_file=$dolibarr_main_data_root.'/websites/'.$website.'/styles.css.php';
+
+// Find the subdirectory name as the reference
+$refname=basename(dirname($original_file)."/");
+
+// Security:
+// Limite acces si droits non corrects
+if (! $accessallowed)
+{
+    accessforbidden();
+}
+
+// Security:
+// On interdit les remontees de repertoire ainsi que les pipe dans
+// les noms de fichiers.
+if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
+{
+    dol_syslog("Refused to deliver file ".$original_file);
+    $file=basename($original_file);		// Do no show plain path of original_file in shown error message
+    dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$file));
+    exit;
+}
+
+clearstatcache();
+
+$filename = basename($original_file);
+
+// Output file on browser
+dol_syslog("styles.css.php include $original_file $filename content-type=$type");
+$original_file_osencoded=dol_osencode($original_file);	// New file name encoded in OS encoding charset
+
+// This test if file exists should be useless. We keep it to find bug more easily
+if (! file_exists($original_file_osencoded))
+{
+    $langs->load("website");
+    print $langs->trans("RequestedPageHasNoContentYet", $pageid);
+    //dol_print_error(0,$langs->trans("ErrorFileDoesNotExists",$original_file));
+    exit;
+}
+
+
+// Output page content
+require_once $original_file_osencoded;
+
+
+if (is_object($db)) $db->close();
+
--- a/htdocs/websites/index.php
+++ b/htdocs/websites/index.php
@@ -123,7 +123,7 @@ if ($pageid > 0 && $action != 'add')

 global $dolibarr_main_data_root;
 $pathofwebsite=$dolibarr_main_data_root.'/websites/'.$website;
-$filecss=$pathofwebsite.'/styles.css';
+$filecss=$pathofwebsite.'/styles.css.php';
 $filetpl=$pathofwebsite.'/page'.$pageid.'.tpl.php';

 // Define $urlwithroot
@@ -276,7 +276,10 @@ if ($action == 'updatecss')
       $db->rollback();
    }*/
    
-    $csscontent = GETPOST('WEBSITE_CSS_INLINE');
+    $csscontent ='<?php'."\n";
+    $csscontent.= "header('Content-type: text/css');\n";
+    $csscontent.= "?>"."\n";
+    $csscontent .= GETPOST('WEBSITE_CSS_INLINE');
    
    dol_mkdir($pathofwebsite);
    file_put_contents($filecss, $csscontent);
@@ -379,15 +382,26 @@ if ($action == 'updatecontent')
    	if (! $error)
    	{
    		$db->commit();
-    	    setEventMessages($langs->trans("Saved"), null, 'mesgs');
    	    
+    	    // Now create the .tpl file
    	    dol_mkdir($pathofwebsite);
    	    dol_delete_file($filetpl);
-    	    file_put_contents($filetpl, $objectpage->content);
+
+    	    $tplcontent = '<html>'."\n";
+    	    $tplcontent.= '<header>'."\n";
+    	    $tplcontent.= '<link rel="stylesheet" href="styles.css.php?website='.$website.'" type="text/css" />'."\n";
+    	    $tplcontent.= '</header>'."\n";
+    	    $tplcontent.= '<body>'."\n";
+    	    $tplcontent.= $objectpage->content."\n";
+    	    $tplcontent.= '</body>'."\n";
+//var_dump($filetpl);exit;	    
+    	    $result = file_put_contents($filetpl, $tplcontent);
    	    if (! empty($conf->global->MAIN_UMASK))
    	        @chmod($filetpl, octdec($conf->global->MAIN_UMASK));
-    	    
-   	        header("Location: ".$_SERVER["PHP_SELF"].'?website='.$website.'&pageid='.$pageid);
+    	        
+    	    setEventMessages($langs->trans("Saved"), null, 'mesgs');
+    	        
+    	    header("Location: ".$_SERVER["PHP_SELF"].'?website='.$website.'&pageid='.$pageid);
   	        exit;
    	}
    	else
@@ -555,16 +569,17 @@ if (count($object->records) > 0)
        else $out.='<option value="-1">&nbsp;</option>';
        $out.='</select>';
        print $out;
-        print '<input type="submit" class="button" name="refreshpage" value="'.$langs->trans("Refresh").'"'.($atleastonepage?'':' disabled="disabled"').'>';
-        print '<input type="submit" class="buttonDelete" name="delete" value="'.$langs->trans("Delete").'"'.($atleastonepage?'':' disabled="disabled"').'>';
+
+        print '<input type="submit" class="button" name="refreshpage" value="'.$langs->trans("Load").'"'.($atleastonepage?'':' disabled="disabled"').'>';
        //print $form->selectarray('page', $array);
        
        if ($website && $pageid > 0)
        {
            print ' - '.$langs->trans("RealURL").' ';
            $realurl=$urlwithroot.'/public/websites/index.php?website='.$website.'&page='.$pageid;
-            print '<input type="text" name="realurl" value="'.$realurl.'"> ';
-            print '<a href="'.$realurl.'" target="tab'.$website.'">'.$langs->trans("ViewPageInNewTab").'</a>';
+            print '<input type="text" name="realurl" class="minwidth200imp" disabled="disabled" value="'.$realurl.'"> ';
+            print '<a href="'.$realurl.'&nocache='.dol_now().'" class="button" target="tab'.$website.'">'.$langs->trans("ViewPageInNewTab").'</a>';       // View page in new Tab
+            //print '<input type="submit" class="button" name="previewpage" target="tab'.$website.'"value="'.$langs->trans("ViewPageInNewTab").'">';
        }
        
        print '</div>';
@@ -586,14 +601,15 @@ if (count($object->records) > 0)
                print '<input type="submit" class="button"'.$disabled.'  value="'.dol_escape_htmltag($langs->trans("EditPageContent")).'" name="editcontent">';
                //print '<a href="'.$_SERVER["PHP_SELF"].'?action=editmeta&website='.urlencode($website).'&pageid='.urlencode($pageid).'" class="button">'.dol_escape_htmltag($langs->trans("EditPageMeta")).'</a>';
                //print '<a href="'.$_SERVER["PHP_SELF"].'?action=editcontent&website='.urlencode($website).'&pageid='.urlencode($pageid).'" class="button">'.dol_escape_htmltag($langs->trans("EditPageContent")).'</a>';
+                print '<input type="submit" class="buttonDelete" name="delete" value="'.$langs->trans("Delete").'"'.($atleastonepage?'':' disabled="disabled"').'>';
            }
        }
        
        if (! in_array($action, array('editcss','editmenu','create')))
        {
            if ($action != 'preview') print '<input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("Cancel")).'" name="preview">';
-        if (preg_match('/^create/',$action)) print '<input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("Save")).'" name="update">';
-        if (preg_match('/^edit/',$action)) print '<input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("Save")).'" name="update">';
+            if (preg_match('/^create/',$action)) print '<input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("Save")).'" name="update">';
+            if (preg_match('/^edit/',$action)) print '<input type="submit" class="button" value="'.dol_escape_htmltag($langs->trans("Save")).'" name="update">';
        }

        print '</div>';
@@ -735,8 +751,17 @@ if ($action == 'editcontent')
    /*
     * Editing global variables not related to a specific theme
     */
+    
+    $csscontent = @file_get_contents($filecss);
+    
+    $contentforedit = '';
+    /*$contentforedit.='<style scoped>'."\n";        // "scoped" means "apply to parent element only". Not yet supported by browsers
+    $contentforedit.=$csscontent;
+    $contentforedit.='</style>'."\n";*/
+    $contentforedit .= $objectpage->content;
+    
    require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
-    $doleditor=new DolEditor('PAGE_CONTENT',$objectpage->content,'',500,'Full','',true,true,true,5,60);
+    $doleditor=new DolEditor('PAGE_CONTENT',$contentforedit,'',500,'Full','',true,true,true,5,60);
    $doleditor->Create();
 }

@@ -750,7 +775,7 @@ if ($action == 'preview')
    {
        $objectpage->fetch($pageid);

-        print "\n".'<!-- Page content '.$filetpl.' c-->'."\n";
+        print "\n".'<!-- Page content '.$filetpl.' : Div with (CSS + Page content from database) -->'."\n";

        
        $csscontent = @file_get_contents($filecss);