gotoAdmin(); return true; } } } } // If we are inside an iframe, halt the script if (serendipity_is_iframe() !== false) { include_once S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php'; // An iframe may NOT contain and tags, that's why we emit different headers here than on serendipity_admin.php // We need to restore GET/POST variables to that depending plugins inside the iframe // can still fetch all that variables; and we also tighten security by not allowing // to pass any different GET/POST variables to our iframe. $iframe_mode = $serendipity['GET']['iframe_mode']; $serendipity['POST'] = &$_SESSION['save_entry_POST']; $serendipity['GET'] = &$_SESSION['save_entry_POST']; // GET-Vars are the same as POST to ensure compatibility. $serendipity['hidefooter'] = true; ignore_user_abort(true); echo serendipity_iframe($_SESSION['save_entry'], $iframe_mode); return true; } if (isset($serendipity['GET']['no_smarty']) || isset($serendipity['no_smarty'])) { $_SESSION['no_smarty'] = true; } if (defined('IS_up2date') && IS_up2date === true && IS_installed === true) { $admin_installed = true; } else { $admin_installed = false; } $is_logged_in = serendipity_userLoggedIn(); if ($is_logged_in) { $self_info = sprintf(USER_SELF_INFO, serendipity_specialchars($serendipity['serendipityUser']), $serendipity['permissionLevels'][$serendipity['serendipityUserlevel']]); } else { $self_info = ''; } $serendipity['ajax'] = $ajax = (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'); $no_banner = (isset($serendipity['GET']['noBanner']) || isset($serendipity['POST']['noBanner'])); $no_sidebar = (isset($serendipity['GET']['noSidebar']) || isset($serendipity['POST']['noSidebar'])); $no_footer = (isset($serendipity['GET']['noFooter']) || isset($serendipity['POST']['noFooter'])); $use_installer = (!isset($serendipity['serendipityPath']) || IS_installed === false || IS_up2date === false ); $post_action = $serendipity['POST']['action'] ?? null; $main_content = ''; if (!$use_installer && $is_logged_in) { if (!isset($serendipity['GET']['adminModule'])) { $serendipity['GET']['adminModule'] = (isset($serendipity['POST']['adminModule']) ? $serendipity['POST']['adminModule'] : ''); } ob_start(); serendipity_checkXSRF(); switch($serendipity['GET']['adminModule']) { case 'installer': case 'configuration': if (!serendipity_checkPermission('siteConfiguration') && !serendipity_checkPermission('blogConfiguration')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/configuration.inc.php'; $admin_section = CONFIGURATION; break; case 'media': case 'images': if (!serendipity_checkPermission('adminImages')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/images.inc.php'; $admin_section = MEDIA; break; case 'templates': if (!serendipity_checkPermission('adminTemplates')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/templates.inc.php'; $admin_section = MENU_TEMPLATES; break; case 'plugins': if (!serendipity_checkPermission('adminPlugins')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/plugins.inc.php'; $admin_section = MENU_PLUGINS; break; case 'users': if (!serendipity_checkPermission('adminUsers')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/users.inc.php'; $admin_section = MANAGE_USERS; break; case 'groups': if (!serendipity_checkPermission('adminUsersGroups')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/groups.inc.php'; $admin_section = MANAGE_GROUPS; break; case 'personal': if (!serendipity_checkPermission('personalConfiguration')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/personal.inc.php'; $admin_section = PERSONAL_SETTINGS; break; case 'import': if (!serendipity_checkPermission('adminImport')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/import.inc.php'; $admin_section = IMPORT_ENTRIES; break; case 'entries': if (!serendipity_checkPermission('adminEntries')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/entries.inc.php'; $admin_section = ADMIN_ENTRIES; break; case 'comments': // perms are checked by author include S9Y_INCLUDE_PATH . 'include/admin/comments.inc.php'; $admin_section = COMMENTS; break; case 'category': case 'categories': if (!serendipity_checkPermission('adminCategories')) { break; } include S9Y_INCLUDE_PATH . 'include/admin/category.inc.php'; $admin_section = CATEGORIES; break; case 'logout': echo LOGGEDOUT; break; case 'event_display': if (($serendipity['no_create'] ?? false) !== true) { serendipity_plugin_api::hook_event('backend_sidebar_entries_event_display_' . $serendipity['GET']['adminAction'], $serendipity); } break; case 'maintenance': include S9Y_INCLUDE_PATH . 'include/admin/maintenance.inc.php'; $admin_section = MENU_MAINTENANCE; break; default: include S9Y_INCLUDE_PATH . 'include/admin/overview.inc.php'; $admin_section = ADMIN_FRONTPAGE; break; } $main_content = ob_get_contents(); ob_end_clean(); } if ($ajax) { // if that is an ajax request we can stop here, since we by convention don't want to wrap the content in the usual backend code echo $main_content; } elseif (!$use_installer) { $poll_admin_vars = array('main_content', 'no_banner', 'no_sidebar', 'no_footer', 'post_action', 'is_logged_in', 'admin_installed', 'self_info', 'use_installer', 'title'); $admin_vars = array(); foreach($poll_admin_vars AS $poll_admin_var) { $admin_vars[$poll_admin_var] =& $$poll_admin_var; } $admin_vars['out'] = array(); $admin_vars['no_create'] = $serendipity['no_create'] ?? null; $admin_vars['title'] = $admin_section ?? ''; $admin_vars['backendBlogtitleFirst'] = $serendipity['backendBlogtitleFirst']; if ($serendipity['expose_s9y']) { $admin_vars['version_info'] = sprintf(ADMIN_FOOTER_POWERED_BY, $serendipity['versionInstalled'], phpversion()); } else { $admin_vars['version_info'] = sprintf(ADMIN_FOOTER_POWERED_BY, '', ''); } if (!is_object($serendipity['smarty'] ?? null)) { serendipity_smarty_init(); } $serendipity['smarty']->assignByRef('admin_vars', $admin_vars); $serendipity['smarty']->display(serendipity_getTemplateFile('admin/index.tpl', 'serendipityPath')); } else { if (IS_installed === false) { $file = 'include/admin/installer.inc.php'; } elseif ( IS_up2date === false ) { $file = 'include/admin/upgrader.inc.php'; } require(S9Y_INCLUDE_PATH . $file); }