79 if (preg_match(
'/cms.php/i', $_SERVER[
'PHP_SELF'])) {
88 define(
'XH_URICHAR_SEPARATOR',
'|');
209 define(
'CMSIMPLE_XH_VERSION',
'CMSimple_XH 1.7.0');
213 define(
'CMSIMPLE_XH_BUILD',
'2017070201');
217 define(
'CMSIMPLE_XH_DATE',
'2017-07-02');
231 $pth[
'file'][
'execute'] =
'./index.php';
233 $pth[
'folder'][
'base'] = is_dir(
'./cmsimple') ?
'./' :
'../';
235 $pth[
'folder'][
'cmsimple'] =
$pth[
'folder'][
'base'] .
'cmsimple/';
236 $pth[
'folder'][
'classes'] =
$pth[
'folder'][
'cmsimple'] .
'classes/';
237 $pth[
'folder'][
'plugins'] =
$pth[
'folder'][
'base'] .
'plugins/';
239 $pth[
'file'][
'log'] =
$pth[
'folder'][
'cmsimple'] .
'log.txt';
240 $pth[
'file'][
'cms'] =
$pth[
'folder'][
'cmsimple'] .
'cms.php';
241 $pth[
'file'][
'config'] =
$pth[
'folder'][
'cmsimple'] .
'config.php';
244 require_once
$pth[
'folder'][
'cmsimple'] .
'functions.php';
245 spl_autoload_register(
'XH_autoload');
246 require_once
$pth[
'folder'][
'cmsimple'] .
'tplfuncs.php';
247 require_once
$pth[
'folder'][
'cmsimple'] .
'utf8.php';
248 if (!function_exists(
'password_hash') || !function_exists(
'random_bytes')) {
249 include_once
$pth[
'folder'][
'cmsimple'] .
'password.php';
274 die(
"Config file {$pth['file']['config']} missing");
277 $cf[
'security'][
'type'] =
'page';
278 $cf[
'scripting'][
'regexp'] =
'#CMSimple (.*?)#';
281 $cf[
'xhtml'][
'endtags'] =
'';
282 $cf[
'xhtml'][
'amp'] =
'true';
284 foreach (array(
'userfiles',
'downloads',
'images',
'media') as
$temp) {
286 if (!isset(
$cf[
'folders'][$temp])) {
287 $cf[
'folders'][
$temp] = $temp !=
'media' ?
"$temp/" :
'downloads/';
289 if ($temp ==
'userfiles') {
296 $pth[
'folder'][
'flags'] =
$pth[
'folder'][
'images'] .
'flags/';
298 if (
$cf[
'site'][
'compat']) {
299 include_once
$pth[
'folder'][
'cmsimple'] .
'compat.php';
312 $pth[
'folder'][
'language'] =
$pth[
'folder'][
'cmsimple'] .
'languages/';
314 if (!isset(
$cf[
'folders'][
'content'])) {
315 $cf[
'folders'][
'content'] =
'content/';
318 if (
$cf[
'site'][
'timezone'] !==
'' && function_exists(
'date_default_timezone_set')) {
319 date_default_timezone_set(
$cf[
'site'][
'timezone']);
332 if (preg_match(
'/\/([A-z]{2})\/index.php$/',
sv(
'SCRIPT_NAME'), $temp)
336 $pth[
'folder'][
'content']
337 =
$pth[
'folder'][
'base'] .
$cf[
'folders'][
'content'] .
$sl .
'/';
339 $sl =
$cf[
'language'][
'default'];
340 $pth[
'folder'][
'content'] =
$pth[
'folder'][
'base'] .
$cf[
'folders'][
'content'];
343 $pth[
'file'][
'content'] =
$pth[
'folder'][
'content'] .
'content.htm';
344 $pth[
'file'][
'pagedata'] =
$pth[
'folder'][
'content'] .
'pagedata.php';
345 $pth[
'file'][
'language'] =
$pth[
'folder'][
'language'] . basename(
$sl) .
'.php';
346 $pth[
'folder'][
'corestyle'] =
$pth[
'folder'][
'base'] .
'assets/css/';
347 $pth[
'file'][
'corestyle'] =
$pth[
'folder'][
'corestyle'] .
'core.css';
348 $pth[
'file'][
'adminjs'] =
$pth[
'folder'][
'base'] .
'assets/js/admin.min.js';
365 die(
"Language file {$pth['file']['language']} missing");
367 if (
$tx[
'locale'][
'all'] !=
'') {
368 setlocale(LC_ALL,
$tx[
'locale'][
'all']);
374 register_shutdown_function(
'XH_onShutdown');
377 $tx[
'meta'][
'codepage']=
'UTF-8';
390 $_XH_controller->initTemplatePaths();
398 array($_GET, $_POST, array_keys($_POST))
410 $iis = strpos(
sv(
'SERVER_SOFTWARE'),
"IIS");
421 $cgi = (php_sapi_name() ==
'cgi' || php_sapi_name() ==
'cgi-fcgi');
434 $sn = preg_replace(
'/([^\?]*)\?.*/',
'$1',
sv((
$iis ?
'SCRIPT_NAME' :
'REQUEST_URI')));
727 'action',
'admin',
'download',
'downloads',
'edit',
'file',
'function',
'images',
728 'login',
'logout',
'keycut',
'mailform',
'media',
'normal',
'phpinfo',
'print',
'search',
729 'selected',
'settings',
'sitemap',
'sysinfo',
'text',
'userfiles',
'validate',
'xhpages',
730 'xh_backups',
'xh_change_password',
'xh_do_validate',
'xh_pagedata',
'xh_plugins' 732 foreach ($temp as
$i) {
733 if (!isset($GLOBALS[$i])) {
734 if (isset($_GET[$i])) {
735 $GLOBALS[
$i] = $_GET[
$i];
736 } elseif (isset($_POST[$i])) {
737 $GLOBALS[
$i] = $_POST[
$i];
752 define(
'CMSIMPLE_BASE',
$pth[
'folder'][
'base']);
764 . (!empty($_SERVER[
'HTTPS']) && $_SERVER[
'HTTPS'] !=
'off' ?
's' :
'')
765 .
'://' . $_SERVER[
'HTTP_HOST'] .
$sn 781 if (
sv(
'QUERY_STRING') !=
'') {
782 $j = explode(
'&',
sv(
'QUERY_STRING'));
783 if (!strpos(
$j[0],
'=')) {
787 if (isset($_GET[
'selected'])) {
795 if (!strpos($i,
'=') && in_array($i, $temp)) {
796 $GLOBALS[
$i] =
'true';
802 if (!isset(
$cf[
'uri'][
'length'])) {
803 $cf[
'uri'][
'length'] = 200;
811 $pth[
'file'][
'search'] =
$pth[
'folder'][
'cmsimple'] .
'search.php';
812 $pth[
'file'][
'mailform'] =
$pth[
'folder'][
'cmsimple'] .
'mailform.php';
865 if (is_readable(
$pth[
'file'][
'plugin_classes'])) {
866 include_once
$pth[
'file'][
'plugin_classes'];
882 if (isset($_COOKIE[
'status']) && $_COOKIE[
'status'] ==
'adm' 883 || isset($_POST[
'keycut'])
888 $_XH_controller->handleLoginAndLogout();
899 define(
'XH_ADM',
$adm);
902 include_once
$pth[
'folder'][
'cmsimple'] .
'adminfuncs.php';
903 if (isset($_GET[
'xh_keep_alive'])) {
904 $_XH_controller->handleKeepAlive();
906 $_XH_controller->outputAdminScripts();
909 $_XH_controller->setFunctionsAsPermitted();
1009 $_XH_controller->setFrontendF();
1011 if (is_readable(
$pth[
'folder'][
'cmsimple'] .
'userfuncs.php')) {
1012 include_once
$pth[
'folder'][
'cmsimple'] .
'userfuncs.php';
1015 $cf[
'site'][
'title'] =
$tx[
'site'][
'title'];
1025 define(
'PLUGINLOADER',
true);
1030 define(
'PLUGINLOADER_VERSION', 2.111);
1037 define(
'XH_FORM_NAMESPACE',
'PL3bbeec384_');
1041 if ($_XH_controller->wantsSavePageData()) {
1042 $_XH_controller->handleSavePageData();
1104 if (is_readable(
$pth[
'file'][
'plugin_index'])) {
1105 include
$pth[
'file'][
'plugin_index'];
1115 if (is_readable(
$pth[
'file'][
'plugin_admin'])) {
1116 include
$pth[
'file'][
'plugin_admin'];
1129 $_XH_controller->handleSearch();
1132 $_XH_controller->handleMailform();
1135 $_XH_controller->handleSitemap();
1138 $_XH_controller->handlePasswordForgotten();
1182 if (
$su ==
uenc(
'site/cms info')) {
1185 $o .=
'<h1>' .
$title .
'</h1>';
1190 $_XH_controller->setBackendF();
1193 'settings',
'xh_backups',
'images',
'downloads',
'validate',
'sysinfo',
1194 'phpinfo',
'xh_pagedata',
'change_password' 1196 if (in_array(
$f, $temp)) {
1198 $o .=
"\n\n" .
'<h1>' .
$title .
'</h1>' .
"\n";
1215 $_XH_controller->handlePageDataEditor();
1224 $_XH_controller->handleFileView();
1230 $_XH_controller->handleFileBackup();
1238 if (
$file ==
'content') {
1243 $_XH_controller->handleFileEdit();
1250 $o .= (
$f ==
'validate') ? $temp->prepare() : $temp->doCheck();
1252 case 'change_password':
1254 $i =
$action ===
'save' ?
'save' :
'default';
1255 $temp->{
"{$i}Action"}();
1265 if (
$s == -1 && !
$f && $o ==
'' &&
$su ==
'') {
1271 $_XH_controller->handleSaveRequest();
1273 if ($_XH_controller->wantsEditContents()) {
1274 $_XH_controller->outputEditContents();
1276 if ($_XH_controller->isFilebrowserMissing()) {
1277 $_XH_controller->reportMissingExternal(
'filebrowser');
1279 if ($_XH_controller->isPagemanagerMissing()) {
1280 $_XH_controller->reportMissingExternal(
'pagemanager');
1297 if (isset($keywords)) {
1298 $tx[
'meta'][
'keywords'] = $keywords;
1300 if (isset($description)) {
1301 $tx[
'meta'][
'description'] = $description;
1306 if (
$s == -1 && !
$f && $o ==
'') {
1312 $o = $_XH_controller->renderErrorMessages() .
$o;
1316 } elseif (
$f !=
'') {
1322 $_XH_controller->sendStandardHeaders();
1326 } elseif (strtolower(
$f) ==
'login' ||
$f ==
'forgotten') {
1331 $bjs .=
'<script type="text/javascript" src="' .
$pth[
'file'][
'adminjs']
1332 .
'"></script>' . PHP_EOL
1336 $_XH_controller->verifyAdm();
1341 $temp = fopen(
$pth[
'file'][
'template'],
'r');
1344 $i = include
$pth[
'file'][
'template'];
utf8_substr($string, $offset, $length=null)
XH_isContentBackup($filename, $regularOnly=true)
XH_builtinTemplate($bodyClass)
XH_checkValidUtf8(array $arr)
XH_isLanguageFolder($name)
XH_createLanguageFile($dst)
XH_afterPluginLoading($callback=null)
if($cf['site']['compat']) $errors
XH_lockFile($handle, $operation)
if(!isset($cf['folders']['content'])) if($cf['site']['timezone'] !=='' &&function_exists('date_default_timezone_set')) $sl
evaluate_scripting($text, $compat=true)
foreach(XH_plugins() as $plugin) $_XH_csrfProtection
XH_readConfiguration($plugin=false, $language=false)
if($su==uenc('site/cms info')) if(XH_ADM) if($s==-1 &&! $f && $o=='' && $su=='') if(XH_ADM) $output