dolibarr 19.0.3
website2.lib.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2017 Laurent Destailleur <eldy@users.sourceforge.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
32function dolSaveMasterFile($filemaster)
33{
34 global $conf;
35
36 // Now generate the master.inc.php page
37 dol_syslog("We regenerate the master file");
38 dol_delete_file($filemaster);
39
40 $mastercontent = '<?php'."\n";
41 $mastercontent .= '// File generated to link to the master file - DO NOT MODIFY - It is just an include'."\n";
42 $mastercontent .= "if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) {\n";
43 $mastercontent .= " if (! defined('USEEXTERNALSERVER')) define('USEEXTERNALSERVER', 1);\n";
44 $mastercontent .= " require_once '".DOL_DOCUMENT_ROOT."/master.inc.php';\n";
45 $mastercontent .= "}\n";
46 $mastercontent .= '?>'."\n";
47 $result = file_put_contents($filemaster, $mastercontent);
48 dolChmod($filemaster);
49
50 return $result;
51}
52
63function dolSavePageAlias($filealias, $object, $objectpage)
64{
65 global $conf;
66
67 // Now create the .tpl file
68 dol_syslog("dolSavePageAlias We regenerate the alias page filealias=".$filealias);
69
70 $aliascontent = '<?php'."\n";
71 $aliascontent .= "// File generated to wrap the alias page - DO NOT MODIFY - It is just a wrapper to real page\n";
72 $aliascontent .= 'global $dolibarr_main_data_root;'."\n";
73 $aliascontent .= 'if (empty($dolibarr_main_data_root)) require \'./page'.$objectpage->id.'.tpl.php\'; ';
74 $aliascontent .= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n";
75 $aliascontent .= '?>'."\n";
76 $result = file_put_contents($filealias, $aliascontent);
77 if ($result === false) {
78 dol_syslog("Failed to write file ".$filealias, LOG_WARNING);
79 }
80 dolChmod($filealias);
81
82 // Save also alias into language subdirectory if it is not a main language
83 if ($objectpage->lang && in_array($objectpage->lang, explode(',', $object->otherlang))) {
84 $dirname = dirname($filealias);
85 $filename = basename($filealias);
86 $filealiassub = $dirname.'/'.$objectpage->lang.'/'.$filename;
87
88 $aliascontent = '<?php'."\n";
89 $aliascontent .= "// File generated to wrap the alias page - DO NOT MODIFY - It is just a wrapper to real page\n";
90 $aliascontent .= 'global $dolibarr_main_data_root;'."\n";
91 $aliascontent .= 'if (empty($dolibarr_main_data_root)) require \'../page'.$objectpage->id.'.tpl.php\'; ';
92 $aliascontent .= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n";
93 $aliascontent .= '?>'."\n";
94 $result = file_put_contents($filealiassub, $aliascontent);
95 if ($result === false) {
96 dol_syslog("Failed to write file ".$filealiassub, LOG_WARNING);
97 }
98 dolChmod($filealiassub);
99 } elseif (empty($objectpage->lang) || !in_array($objectpage->lang, explode(',', $object->otherlang))) {
100 // Save also alias into all language subdirectories if it is a main language
101 if (!getDolGlobalString('WEBSITE_DISABLE_MAIN_LANGUAGE_INTO_LANGSUBDIR') && !empty($object->otherlang)) {
102 $dirname = dirname($filealias);
103 $filename = basename($filealias);
104 foreach (explode(',', $object->otherlang) as $sublang) {
105 // Avoid to erase main alias file if $sublang is empty string
106 if (empty(trim($sublang))) {
107 continue;
108 }
109 $filealiassub = $dirname.'/'.$sublang.'/'.$filename;
110
111 $aliascontent = '<?php'."\n";
112 $aliascontent .= "// File generated to wrap the alias page - DO NOT MODIFY - It is just a wrapper to real page\n";
113 $aliascontent .= 'global $dolibarr_main_data_root;'."\n";
114 $aliascontent .= 'if (empty($dolibarr_main_data_root)) require \'../page'.$objectpage->id.'.tpl.php\'; ';
115 $aliascontent .= 'else require $dolibarr_main_data_root.\'/website/\'.$website->ref.\'/page'.$objectpage->id.'.tpl.php\';'."\n";
116 $aliascontent .= '?>'."\n";
117 $result = file_put_contents($filealiassub, $aliascontent);
118 if ($result === false) {
119 dol_syslog("Failed to write file ".$filealiassub, LOG_WARNING);
120 }
121 dolChmod($filealiassub);
122 }
123 }
124 }
125
126 return ($result ? true : false);
127}
128
129
141function dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage, $backupold = 0)
142{
143 global $conf, $db;
144
145 // Now create the .tpl file (duplicate code with actions updatesource or updatecontent but we need this to save new header)
146 dol_syslog("dolSavePageContent We regenerate the tpl page filetpl=".$filetpl);
147
148 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
149
150 if (dol_is_file($filetpl)) {
151 if ($backupold) {
152 dol_delete_file($filetpl.'.old');
153 $result = dol_move($filetpl, $filetpl.'.old', 0, 1, 0, 0);
154 if (! $result) {
155 return false;
156 }
157 } else {
158 dol_delete_file($filetpl);
159 }
160 }
161
162 $shortlangcode = '';
163 if ($objectpage->lang) {
164 $shortlangcode = substr($objectpage->lang, 0, 2); // en_US or en-US -> en
165 }
166 if (empty($shortlangcode)) {
167 $shortlangcode = substr($object->lang, 0, 2); // en_US or en-US -> en
168 }
169
170 $tplcontent = '';
171 $tplcontent .= "<?php // BEGIN PHP\n";
172 $tplcontent .= '$websitekey=basename(__DIR__); if (empty($websitepagefile)) $websitepagefile=__FILE__;'."\n";
173 $tplcontent .= "if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) {\n";
174 $tplcontent .= ' $pathdepth = count(explode(\'/\', $_SERVER[\'SCRIPT_NAME\'])) - 2;'."\n";
175 $tplcontent .= ' require_once ($pathdepth ? str_repeat(\'../\', $pathdepth) : \'./\').\'master.inc.php\';'."\n";
176 $tplcontent .= "} // Not already loaded\n";
177 $tplcontent .= "require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';\n";
178 $tplcontent .= "require_once DOL_DOCUMENT_ROOT.'/core/website.inc.php';\n";
179 $tplcontent .= "ob_start();\n";
180 $tplcontent .= "// END PHP ?>\n";
181 if (getDolGlobalString('WEBSITE_FORCE_DOCTYPE_HTML5')) {
182 $tplcontent .= "<!DOCTYPE html>\n";
183 }
184 $tplcontent .= '<html'.($shortlangcode ? ' lang="'.$shortlangcode.'"' : '').'>'."\n";
185 $tplcontent .= '<head>'."\n";
186 $tplcontent .= '<title>'.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').'</title>'."\n";
187 $tplcontent .= '<meta charset="utf-8">'."\n";
188 $tplcontent .= '<meta http-equiv="content-type" content="text/html; charset=utf-8" />'."\n";
189 $tplcontent .= '<meta name="robots" content="index, follow" />'."\n";
190 $tplcontent .= '<meta name="viewport" content="width=device-width, initial-scale=1.0">'."\n";
191 $tplcontent .= '<meta name="keywords" content="'.dol_string_nohtmltag($objectpage->keywords).'" />'."\n";
192 $tplcontent .= '<meta name="title" content="'.dol_string_nohtmltag($objectpage->title, 0, 'UTF-8').'" />'."\n";
193 $tplcontent .= '<meta name="description" content="'.dol_string_nohtmltag($objectpage->description, 0, 'UTF-8').'" />'."\n";
194 $tplcontent .= '<meta name="generator" content="'.DOL_APPLICATION_TITLE.' '.DOL_VERSION.' (https://www.dolibarr.org)" />'."\n";
195 $tplcontent .= '<meta name="dolibarr:pageid" content="'.dol_string_nohtmltag($objectpage->id).'" />'."\n";
196 // Add canonical reference
197 if ($object->virtualhost) {
198 $tplcontent .= '<link rel="canonical" href="'.(($objectpage->id == $object->fk_default_home) ? '/' : (($shortlangcode != substr($object->lang, 0, 2) ? '/'.$shortlangcode : '').'/'.$objectpage->pageurl.'.php')).'" />'."\n";
199 }
200 // Add translation reference (main language)
201 if ($object->isMultiLang()) {
202 // Add page "translation of"
203 $translationof = $objectpage->fk_page;
204 if ($translationof) {
205 $tmppage = new WebsitePage($db);
206 $tmppage->fetch($translationof);
207 if ($tmppage->id > 0) {
208 $tmpshortlangcode = '';
209 if ($tmppage->lang) {
210 $tmpshortlangcode = preg_replace('/[_-].*$/', '', $tmppage->lang); // en_US or en-US -> en
211 }
212 if (empty($tmpshortlangcode)) {
213 $tmpshortlangcode = preg_replace('/[_-].*$/', '', $object->lang); // en_US or en-US -> en
214 }
215 if ($tmpshortlangcode != $shortlangcode) {
216 $tplcontent .= '<link rel="alternate" hreflang="'.$tmpshortlangcode.'" href="<?php echo $website->virtualhost; ?>'.($object->fk_default_home == $tmppage->id ? '/' : (($tmpshortlangcode != substr($object->lang, 0, 2)) ? '/'.$tmpshortlangcode : '').'/'.$tmppage->pageurl.'.php').'" />'."\n";
217 }
218 }
219 }
220
221 // Add "has translation pages"
222 $sql = "SELECT rowid as id, lang, pageurl from ".MAIN_DB_PREFIX.'website_page where fk_page IN ('.$db->sanitize($objectpage->id.($translationof ? ", ".$translationof : '')).")";
223 $resql = $db->query($sql);
224 if ($resql) {
225 $num_rows = $db->num_rows($resql);
226 if ($num_rows > 0) {
227 while ($obj = $db->fetch_object($resql)) {
228 $tmpshortlangcode = '';
229 if ($obj->lang) {
230 $tmpshortlangcode = preg_replace('/[_-].*$/', '', $obj->lang); // en_US or en-US -> en
231 }
232 if ($tmpshortlangcode != $shortlangcode) {
233 $tplcontent .= '<link rel="alternate" hreflang="'.$tmpshortlangcode.'" href="<?php echo $website->virtualhost; ?>'.($object->fk_default_home == $obj->id ? '/' : (($tmpshortlangcode != substr($object->lang, 0, 2) ? '/'.$tmpshortlangcode : '')).'/'.$obj->pageurl.'.php').'" />'."\n";
234 }
235 }
236 }
237 } else {
238 dol_print_error($db);
239 }
240
241 // Add myself
242 $tplcontent .= '<?php if ($_SERVER["PHP_SELF"] == "'.(($object->fk_default_home == $objectpage->id) ? '/' : (($shortlangcode != substr($object->lang, 0, 2)) ? '/'.$shortlangcode : '')).'/'.$objectpage->pageurl.'.php") { ?>'."\n";
243 $tplcontent .= '<link rel="alternate" hreflang="'.$shortlangcode.'" href="<?php echo $website->virtualhost; ?>'.(($object->fk_default_home == $objectpage->id) ? '/' : (($shortlangcode != substr($object->lang, 0, 2)) ? '/'.$shortlangcode : '').'/'.$objectpage->pageurl.'.php').'" />'."\n";
244
245 $tplcontent .= '<?php } ?>'."\n";
246 }
247 // Add manifest.json. Do we have to add it only on home page ?
248 $tplcontent .= '<?php if ($website->use_manifest) { print \'<link rel="manifest" href="/manifest.json.php" />\'."\n"; } ?>'."\n";
249 $tplcontent .= '<!-- Include link to CSS file -->'."\n";
250 // Add js
251 $tplcontent .= '<link rel="stylesheet" href="/styles.css.php?website=<?php echo $websitekey; ?>" type="text/css" />'."\n";
252 $tplcontent .= '<!-- Include link to JS file -->'."\n";
253 $tplcontent .= '<script nonce="'.getNonce().'" async src="/javascript.js.php?website=<?php echo $websitekey; ?>"></script>'."\n";
254 // Add headers
255 $tplcontent .= '<!-- Include HTML header from common file -->'."\n";
256 $tplcontent .= '<?php if (file_exists(DOL_DATA_ROOT."/website/".$websitekey."/htmlheader.html")) include DOL_DATA_ROOT."/website/".$websitekey."/htmlheader.html"; ?>'."\n";
257 $tplcontent .= '<!-- Include HTML header from page header block -->'."\n";
258 $tplcontent .= preg_replace('/<\/?html>/ims', '', $objectpage->htmlheader)."\n";
259 $tplcontent .= '</head>'."\n";
260
261 $tplcontent .= '<!-- File generated by Dolibarr website module editor -->'."\n";
262 $tplcontent .= '<body id="bodywebsite" class="bodywebsite bodywebpage-'.$objectpage->ref.'">'."\n";
263 $tplcontent .= $objectpage->content."\n";
264 $tplcontent .= '</body>'."\n";
265 $tplcontent .= '</html>'."\n";
266
267 $tplcontent .= '<?php // BEGIN PHP'."\n";
268 $tplcontent .= '$tmp = ob_get_contents(); ob_end_clean(); dolWebsiteOutput($tmp, "html", '.$objectpage->id.'); dolWebsiteIncrementCounter('.$object->id.', "'.$objectpage->type_container.'", '.$objectpage->id.');'."\n";
269 $tplcontent .= "// END PHP ?>\n";
270
271 //var_dump($filetpl);exit;
272 $result = file_put_contents($filetpl, $tplcontent);
273
274 dolChmod($filetpl);
275
276 return $result;
277}
278
279
290function dolSaveIndexPage($pathofwebsite, $fileindex, $filetpl, $filewrapper, $object = null)
291{
292 global $conf, $db;
293
294 $result1 = false;
295 $result2 = false;
296
297 dol_mkdir($pathofwebsite);
298
299 if ($fileindex) {
300 dol_delete_file($fileindex);
301 $indexcontent = '<?php'."\n";
302 $indexcontent .= "// BEGIN PHP File generated to provide an index.php as Home Page or alias redirector - DO NOT MODIFY - It is just a generated wrapper.\n";
303 $indexcontent .= '$websitekey=basename(__DIR__); if (empty($websitepagefile)) $websitepagefile=__FILE__;'."\n";
304 $indexcontent .= "if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) { require_once './master.inc.php'; } // Load master if not already loaded\n";
305 $indexcontent .= 'if (!empty($_GET[\'pageref\']) || !empty($_GET[\'pagealiasalt\']) || !empty($_GET[\'pageid\'])) {'."\n";
306 $indexcontent .= " require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';\n";
307 $indexcontent .= " require_once DOL_DOCUMENT_ROOT.'/core/website.inc.php';\n";
308 $indexcontent .= ' redirectToContainer($_GET[\'pageref\'], $_GET[\'pagealiasalt\'], $_GET[\'pageid\']);'."\n";
309 $indexcontent .= "}\n";
310 $indexcontent .= "include_once './".basename($filetpl)."'\n";
311 $indexcontent .= '// END PHP ?>'."\n";
312
313 $result1 = file_put_contents($fileindex, $indexcontent);
314
315 dolChmod($fileindex);
316
317 if (is_object($object) && $object->fk_default_home > 0) {
318 $objectpage = new WebsitePage($db);
319 $objectpage->fetch($object->fk_default_home);
320
321 // Create a version for sublanguages
322 if (empty($objectpage->lang) || !in_array($objectpage->lang, explode(',', $object->otherlang))) {
323 if (!getDolGlobalString('WEBSITE_DISABLE_MAIN_LANGUAGE_INTO_LANGSUBDIR') && is_object($object) && !empty($object->otherlang)) {
324 $dirname = dirname($fileindex);
325 foreach (explode(',', $object->otherlang) as $sublang) {
326 // Avoid to erase main alias file if $sublang is empty string
327 if (empty(trim($sublang))) {
328 continue;
329 }
330 $fileindexsub = $dirname.'/'.$sublang.'/index.php';
331
332 // Same indexcontent than previously but with ../ instead of ./ for master and tpl file include/require_once.
333 $relpath = '..';
334 $indexcontent = '<?php'."\n";
335 $indexcontent .= "// BEGIN PHP File generated to provide an index.php as Home Page or alias redirector - DO NOT MODIFY - It is just a generated wrapper.\n";
336 $indexcontent .= '$websitekey=basename(__DIR__); if (empty($websitepagefile)) $websitepagefile=__FILE__;'."\n";
337 $indexcontent .= "if (! defined('USEDOLIBARRSERVER') && ! defined('USEDOLIBARREDITOR')) { require_once '".$relpath."/master.inc.php'; } // Load master if not already loaded\n";
338 $indexcontent .= 'if (!empty($_GET[\'pageref\']) || !empty($_GET[\'pagealiasalt\']) || !empty($_GET[\'pageid\'])) {'."\n";
339 $indexcontent .= " require_once DOL_DOCUMENT_ROOT.'/core/lib/website.lib.php';\n";
340 $indexcontent .= " require_once DOL_DOCUMENT_ROOT.'/core/website.inc.php';\n";
341 $indexcontent .= ' redirectToContainer($_GET[\'pageref\'], $_GET[\'pagealiasalt\'], $_GET[\'pageid\']);'."\n";
342 $indexcontent .= "}\n";
343 $indexcontent .= "include_once '".$relpath."/".basename($filetpl)."'\n"; // use .. instead of .
344 $indexcontent .= '// END PHP ?>'."\n";
345 $result = file_put_contents($fileindexsub, $indexcontent);
346 if ($result === false) {
347 dol_syslog("Failed to write file ".$fileindexsub, LOG_WARNING);
348 }
349 dolChmod($fileindexsub);
350 }
351 }
352 }
353 }
354 } else {
355 $result1 = true;
356 }
357
358 if ($filewrapper) {
359 dol_delete_file($filewrapper);
360 $wrappercontent = file_get_contents(DOL_DOCUMENT_ROOT.'/website/samples/wrapper.php');
361
362 $result2 = file_put_contents($filewrapper, $wrappercontent);
363 dolChmod($filewrapper);
364 } else {
365 $result2 = true;
366 }
367
368 return ($result1 && $result2);
369}
370
371
379function dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent)
380{
381 global $conf, $pathofwebsite;
382
383 dol_syslog("Save html header into ".$filehtmlheader);
384
385 dol_mkdir($pathofwebsite);
386 $result = file_put_contents($filehtmlheader, $htmlheadercontent);
387 dolChmod($filehtmlheader);
388
389 return $result;
390}
391
399function dolSaveCssFile($filecss, $csscontent)
400{
401 global $conf, $pathofwebsite;
402
403 dol_syslog("Save css file into ".$filecss);
404
405 dol_mkdir($pathofwebsite);
406 $result = file_put_contents($filecss, $csscontent);
407 dolChmod($filecss);
408
409 return $result;
410}
411
419function dolSaveJsFile($filejs, $jscontent)
420{
421 global $conf, $pathofwebsite;
422
423 dol_syslog("Save js file into ".$filejs);
424
425 dol_mkdir($pathofwebsite);
426 $result = file_put_contents($filejs, $jscontent);
427 dolChmod($filejs);
428
429 return $result;
430}
431
439function dolSaveRobotFile($filerobot, $robotcontent)
440{
441 global $conf, $pathofwebsite;
442
443 dol_syslog("Save robot file into ".$filerobot);
444
445 dol_mkdir($pathofwebsite);
446 $result = file_put_contents($filerobot, $robotcontent);
447 dolChmod($filerobot);
448
449 return $result;
450}
451
459function dolSaveHtaccessFile($filehtaccess, $htaccess)
460{
461 global $conf, $pathofwebsite;
462
463 dol_syslog("Save htaccess file into ".$filehtaccess);
464
465 dol_mkdir($pathofwebsite);
466 $result = file_put_contents($filehtaccess, $htaccess);
467 dolChmod($filehtaccess);
468
469 return $result;
470}
471
479function dolSaveManifestJson($file, $content)
480{
481 global $conf, $pathofwebsite;
482
483 dol_syslog("Save manifest.js.php file into ".$file);
484
485 dol_mkdir($pathofwebsite);
486 $result = file_put_contents($file, $content);
487 dolChmod($file);
488
489 return $result;
490}
491
499function dolSaveReadme($file, $content)
500{
501 global $conf, $pathofwebsite;
502
503 dol_syslog("Save README.md file into ".$file);
504
505 dol_mkdir($pathofwebsite);
506 $result = file_put_contents($file, $content);
507 dolChmod($file);
508
509 return $result;
510}
511
519function dolSaveLicense($file, $content)
520{
521 global $conf, $pathofwebsite;
522
523 dol_syslog("Save LICENSE file into ".$file);
524
525 dol_mkdir($pathofwebsite);
526 $result = file_put_contents($file, $content);
527 dolChmod($file);
528
529 return $result;
530}
531
539{
540 global $conf, $langs, $db, $form, $user;
541
542 $dirthemes = array('/doctemplates/websites');
543 if (!empty($conf->modules_parts['websitetemplates'])) { // Using this feature slow down application
544 foreach ($conf->modules_parts['websitetemplates'] as $reldir) {
545 $dirthemes = array_merge($dirthemes, (array) ($reldir.'doctemplates/websites'));
546 }
547 }
548 $dirthemes = array_unique($dirthemes);
549 // Now dir_themes=array('/themes') or dir_themes=array('/theme','/mymodule/theme')
550
551 $colspan = 2;
552
553 print '<!-- For website template import -->'."\n";
554 print '<table class="noborder centpercent">';
555
556 // Title
557 print '<tr class="liste_titre"><th class="titlefield">';
558 print $form->textwithpicto($langs->trans("Templates"), $langs->trans("ThemeDir").' : '.join(", ", $dirthemes));
559 print ' ';
560 print '<a href="'.$_SERVER["PHP_SELF"].'?website='.urlencode($website->ref).'&importsite=1" target="_blank" rel="noopener noreferrer external">';
561 print img_picto('', 'refresh');
562 print '</a>';
563 print '</th>';
564 print '<th class="right">';
565 $url = 'https://www.dolistore.com/43-web-site-templates';
566 print '<a href="'.$url.'" target="_blank" rel="noopener noreferrer external">';
567 print img_picto('', 'globe', 'class="pictofixedwidth"').$langs->trans('DownloadMoreSkins');
568 print '</a>';
569 print '</th></tr>';
570
571 print '<tr><td colspan="'.$colspan.'">';
572
573 print '<table class="nobordernopadding centpercent"><tr><td><div class="center">';
574
575 if (count($dirthemes)) {
576 $i = 0;
577 foreach ($dirthemes as $dir) {
578 //print $dirroot.$dir;exit;
579 $dirtheme = DOL_DATA_ROOT.$dir; // This include loop on $conf->file->dol_document_root
580 if (is_dir($dirtheme)) {
581 $handle = opendir($dirtheme);
582 if (is_resource($handle)) {
583 while (($subdir = readdir($handle)) !== false) {
584 if (is_file($dirtheme."/".$subdir) && substr($subdir, 0, 1) != '.' && substr($subdir, 0, 3) != 'CVS' && preg_match('/\.zip$/i', $subdir)) {
585 $subdirwithoutzip = preg_replace('/\.zip$/i', '', $subdir);
586
587 // Disable not stable themes (dir ends with _exp or _dev)
588 if (getDolGlobalInt('MAIN_FEATURES_LEVEL') < 2 && preg_match('/_dev$/i', $subdir)) {
589 continue;
590 }
591 if (getDolGlobalInt('MAIN_FEATURES_LEVEL') < 1 && preg_match('/_exp$/i', $subdir)) {
592 continue;
593 }
594
595 print '<div class="inline-block" style="margin-top: 10px; margin-bottom: 10px; margin-right: 20px; margin-left: 20px;">';
596
597 $templatedir = $dirtheme."/".$subdir;
598 $file = $dirtheme."/".$subdirwithoutzip.".jpg";
599 $url = DOL_URL_ROOT.'/viewimage.php?modulepart=doctemplateswebsite&file='.$subdirwithoutzip.".jpg";
600
601 if (!file_exists($file)) {
602 $url = DOL_URL_ROOT.'/public/theme/common/nophoto.png';
603 }
604
605 $originalfile = basename($file);
606 $entity = $conf->entity;
607 $modulepart = 'doctemplateswebsite';
608 $cache = '';
609 $title = $file;
610
611 $ret = '';
612 $urladvanced = getAdvancedPreviewUrl($modulepart, $originalfile, 1, '&entity='.$entity);
613 if (!empty($urladvanced)) {
614 $ret .= '<a class="'.$urladvanced['css'].'" target="'.$urladvanced['target'].'" mime="'.$urladvanced['mime'].'" href="'.$urladvanced['url'].'">';
615 } else {
616 $ret .= '<a href="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.urlencode($modulepart).'&entity='.((int) $entity).'&file='.urlencode($originalfile).'&cache='.((int) $cache).'">';
617 }
618 print $ret;
619 print '<img class="img-skinthumb shadow" src="'.$url.'" border="0" alt="'.$title.'" title="'.$title.'" style="margin-bottom: 5px;">';
620 print '</a>';
621
622 print '<br>';
623 print $subdir;
624 print '<br>';
625 print '<span class="opacitymedium">'.dol_print_size(dol_filesize($dirtheme."/".$subdir), 1, 1).' - '.dol_print_date(dol_filemtime($templatedir), 'dayhour', 'tzuserrel').'</span>';
626 if ($user->hasRight('website', 'delete')) {
627 print ' <a href="'.$_SERVER["PHP_SELF"].'?action=deletetemplate&token='.newToken().'&website='.urlencode($website->ref).'&templateuserfile='.urlencode($subdir).'">'.img_picto('', 'delete').'</a>';
628 }
629 print '<br><a href="'.$_SERVER["PHP_SELF"].'?action=importsiteconfirm&token='.newToken().'&website='.urlencode($website->ref).'&templateuserfile='.urlencode($subdir).'" class="button">'.$langs->trans("Load").'</a>';
630 print '</div>';
631
632 $i++;
633 }
634 }
635 }
636 }
637 }
638 } else {
639 print '<span class="opacitymedium">'.$langs->trans("None").'</span>';
640 }
641
642 print '</div></td></tr></table>';
643
644 print '</td></tr>';
645 print '</table>';
646}
647
648
659function checkPHPCode($phpfullcodestringold, $phpfullcodestring)
660{
661 global $conf, $langs, $user;
662
663 $error = 0;
664
665 if (empty($phpfullcodestringold) && empty($phpfullcodestring)) {
666 return 0;
667 }
668
669 // First check forbidden commands
670 $forbiddenphpcommands = array();
671 if (!getDolGlobalString('WEBSITE_PHP_ALLOW_EXEC')) { // If option is not on, we disallow functions to execute commands
672 $forbiddenphpcommands = array("exec", "passthru", "shell_exec", "system", "proc_open", "popen", "eval", "dol_eval", "executeCLI");
673 }
674 if (!getDolGlobalString('WEBSITE_PHP_ALLOW_WRITE')) { // If option is not on, we disallow functions to write files
675 $forbiddenphpcommands = array_merge($forbiddenphpcommands, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "unlink", "mkdir", "rmdir", "symlink", "touch", "umask"));
676 }
677 foreach ($forbiddenphpcommands as $forbiddenphpcommand) {
678 if (preg_match('/'.$forbiddenphpcommand.'\s*\‍(/ms', $phpfullcodestring)) {
679 $error++;
680 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", $forbiddenphpcommand), null, 'errors');
681 break;
682 }
683 }
684 // This char can be used to execute RCE for example using with echo `ls`
685 $forbiddenphpchars = array();
686 if (!getDolGlobalString('WEBSITE_PHP_ALLOW_DANGEROUS_CHARS')) { // If option is not on, we disallow functions to execute commands
687 $forbiddenphpchars = array("`");
688 }
689 foreach ($forbiddenphpchars as $forbiddenphpchar) {
690 if (preg_match('/'.$forbiddenphpchar.'/ms', $phpfullcodestring)) {
691 $error++;
692 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", $forbiddenphpchar), null, 'errors');
693 break;
694 }
695 }
696 // Deny dynamic functions '${a}(' or '$a[b](' - So we refuse '}(' and ']('
697 if (preg_match('/[}\]]\‍(/ims', $phpfullcodestring)) {
698 $error++;
699 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", ']('), null, 'errors');
700 }
701 // Deny dynamic functions $xxx(
702 if (preg_match('/\$[a-z0-9_]+\‍(/ims', $phpfullcodestring)) {
703 $error++;
704 setEventMessages($langs->trans("DynamicPHPCodeContainsAForbiddenInstruction", '$...('), null, 'errors');
705 }
706
707 if ($phpfullcodestringold != $phpfullcodestring) {
708 if (!$error && !$user->hasRight('website', 'writephp')) {
709 $error++;
710 setEventMessages($langs->trans("NotAllowedToAddDynamicContent"), null, 'errors');
711 }
712 if (!$error) {
713 $dolibarrdataroot = preg_replace('/([\\/]+)$/i', '', DOL_DATA_ROOT);
714 $allowimportsite = true;
715 include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
716 if (dol_is_file($dolibarrdataroot.'/installmodules.lock')) {
717 $allowimportsite = false;
718 }
719
720 if (!$allowimportsite) {
721 $error++;
722 // Blocked by installmodules.lock
723 if (getDolGlobalString('MAIN_MESSAGE_INSTALL_MODULES_DISABLED_CONTACT_US')) {
724 // Show clean corporate message
725 $message = $langs->trans('InstallModuleFromWebHasBeenDisabledContactUs');
726 } else {
727 // Show technical generic message
728 $message = $langs->trans("InstallModuleFromWebHasBeenDisabledByFile", $dolibarrdataroot.'/installmodules.lock');
729 }
730 setEventMessages($message, null, 'errors');
731 }
732 }
733 }
734
735 return $error;
736}
Class Website.
Class Websitepage.
dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1, $testvirus=0, $indexdatabase=1, $moreinfo=array())
Move a file into another name.
dol_filemtime($pathoffile)
Return time of a file.
dol_filesize($pathoffile)
Return size of a file.
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_is_file($pathoffile)
Return if path is a file.
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
dol_print_date($time, $format='', $tzoutput='auto', $outputlangs='', $encodetooutput=false)
Output date in a string format according to outputlangs (or langs if not defined).
dolChmod($filepath, $newmask='')
Change mod of a file.
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
img_picto($titlealt, $picto, $moreatt='', $pictoisfullpath=false, $srconly=0, $notitle=0, $alt='', $morecss='', $marginleftonlyshort=2)
Show picto whatever it's its name (generic function)
getAdvancedPreviewUrl($modulepart, $relativepath, $alldata=0, $param='')
Return URL we can use for advanced preview links.
setEventMessages($mesg, $mesgs, $style='mesgs', $messagekey='', $noduplicate=0)
Set event messages in dol_events session object.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
checkPHPCode($phpfullcodestringold, $phpfullcodestring)
Check a new string containing only php code (including <php tag)
dolSaveMasterFile($filemaster)
Save content of a page on disk.
showWebsiteTemplates(Website $website)
Show list of themes.
dolSaveLicense($file, $content)
Save content of a page on disk.
dolSaveHtmlHeader($filehtmlheader, $htmlheadercontent)
Save content of a page on disk.
dolSaveReadme($file, $content)
Save content of a page on disk.
dolSaveManifestJson($file, $content)
Save content of a page on disk.
dolSaveIndexPage($pathofwebsite, $fileindex, $filetpl, $filewrapper, $object=null)
Save content of the index.php and/or the wrapper.php page.
dolSavePageAlias($filealias, $object, $objectpage)
Save an alias page on disk (A page that include the reference page).
dolSaveHtaccessFile($filehtaccess, $htaccess)
Save content of a page on disk.
dolSaveJsFile($filejs, $jscontent)
Save content of a page on disk.
dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage, $backupold=0)
Save content of a page on disk (page name is generally ID_of_page.php).
dolSaveCssFile($filecss, $csscontent)
Save content of a page on disk.
dolSaveRobotFile($filerobot, $robotcontent)
Save content of a page on disk.