From 51a5fa466af16e4a957ab65de6a4f498c28f4097 Mon Sep 17 00:00:00 2001
From: rMalie <raphael.malie@prestashop.com>
Date: Mon, 26 Sep 2011 14:36:18 +0000
Subject: [PATCH] // Fix admin dispatcher

---
 admin-dev/functions.php | 239 ++++++++++++++++++++--------------------
 admin-dev/index.php     |   9 ++
 admin-dev/init.php      |  22 +---
 3 files changed, 132 insertions(+), 138 deletions(-)

diff --git a/admin-dev/functions.php b/admin-dev/functions.php
index e9a84528b..1e5188595 100644
--- a/admin-dev/functions.php
+++ b/admin-dev/functions.php
@@ -429,139 +429,134 @@ function generateShopList()
  */
 function runAdminTab()
 {
-
-require_once(_PS_ADMIN_DIR_.'/../config/config.inc.php');
-require_once(_PS_ADMIN_DIR_.'/functions.php');
-require_once(_PS_ADMIN_DIR_.'/init.php');
-if (empty($tab) and !sizeof($_POST))
-{
-	$tab = 'AdminHome';
-	$_POST['tab'] = 'AdminHome';
-	$_POST['token'] = Tools::getAdminTokenLite($tab);
-}
-// $tab = $_REQUEST['tab'];
-if ($adminObj = checkingTab($tab))
-{
-	// init is different for new tabs (AdminController) and old tabs (AdminTab)
-	if ($adminObj instanceof AdminController)
+	require_once(_PS_ADMIN_DIR_.'/init.php');
+	if (empty($tab) and !sizeof($_POST))
 	{
-		$adminObj->path = dirname($_SERVER["PHP_SELF"]);
-		$adminObj->run();
+		$tab = 'AdminHome';
+		$_POST['tab'] = 'AdminHome';
+		$_POST['token'] = Tools::getAdminTokenLite($tab);
 	}
-	else
+	// $tab = $_REQUEST['tab'];
+	if ($adminObj = checkingTab($tab))
 	{
-		require_once(_PS_ADMIN_DIR_.'/header.inc.php');
-		$isoUser = Context::getContext()->language->id;
-		$tabs = array();
-		$tabs = Tab::recursiveTab($adminObj->id, $tabs);
-		$tabs = array_reverse($tabs);
-		$bread = '';
-		foreach ($tabs AS $key => $item)
+		// init is different for new tabs (AdminController) and old tabs (AdminTab)
+		if ($adminObj instanceof AdminController)
 		{
-			$bread .= ' <img src="../img/admin/separator_breadcrum.png" style="margin-right:5px" alt="&gt;" />';
-			if (count($tabs) - 1 > $key)
-				$bread .= '<a href="?tab='.$item['class_name'].'&token='.Tools::getAdminToken($item['class_name'].intval($item['id_tab']).(int)Context::getContext()->employee->id).'">';
-
-			$bread .= $item['name'];
-			if (count($tabs) - 1 > $key)
-				$bread .= '</a>';
+			$adminObj->path = dirname($_SERVER["PHP_SELF"]);
+			$adminObj->run();
 		}
+		else
+		{
+			require_once(_PS_ADMIN_DIR_.'/header.inc.php');
+			$isoUser = Context::getContext()->language->id;
+			$tabs = array();
+			$tabs = Tab::recursiveTab($adminObj->id, $tabs);
+			$tabs = array_reverse($tabs);
+			$bread = '';
+			foreach ($tabs AS $key => $item)
+			{
+				$bread .= ' <img src="../img/admin/separator_breadcrum.png" style="margin-right:5px" alt="&gt;" />';
+				if (count($tabs) - 1 > $key)
+					$bread .= '<a href="?tab='.$item['class_name'].'&token='.Tools::getAdminToken($item['class_name'].intval($item['id_tab']).(int)Context::getContext()->employee->id).'">';
 
-		// @TODO : a way to desactivate this feature
-		echo'<script type="text/javascript">
+				$bread .= $item['name'];
+				if (count($tabs) - 1 > $key)
+					$bread .= '</a>';
+			}
 
-		$(function() {
-			$.ajax({
-				type: \'POST\',
-				url: \'ajax.php\',
-				data: \'helpAccess=1&item='.$item['class_name'].'&isoUser='.$isoUser.'&country='.Context::getContext()->country->iso_code.'&version='._PS_VERSION_.'\',
-				async : true,
-				success: function(msg) {
-					$("#help-button").html(msg);
-					$("#help-button").fadeIn("slow");
+			// @TODO : a way to desactivate this feature
+			echo'<script type="text/javascript">
+
+			$(function() {
+				$.ajax({
+					type: \'POST\',
+					url: \'ajax.php\',
+					data: \'helpAccess=1&item='.$item['class_name'].'&isoUser='.$isoUser.'&country='.Context::getContext()->country->iso_code.'&version='._PS_VERSION_.'\',
+					async : true,
+					success: function(msg) {
+						$("#help-button").html(msg);
+						$("#help-button").fadeIn("slow");
+					}
+				});
+			});</script>';
+
+			echo '<div class="path_bar">
+			<div id="help-button" class="floatr" style="display: none; font-family: Verdana; font-size: 10px; margin-right: 4px; margin-top: 4px;">
+			</div>
+				<a href="?token='.Tools::getAdminToken($tab.intval(Tab::getIdFromClassName($tab)).(int)Context::getContext()->employee->id).'">'.translate('Back Office').'</a>
+				'.$bread;
+			echo '
+			</div>';
+
+
+			if (Shop::isMultiShopActivated() && Context::shop() != Shop::CONTEXT_ALL)
+			{
+				echo '<div class="multishop_info">';
+				if (Context::shop() == Shop::CONTEXT_GROUP)
+					printf(translate('You are configuring your store for group shop %s'), '<b>'.Context::getContext()->shop->getGroup()->name.'</b>');
+				elseif (Context::shop() == Shop::CONTEXT_SHOP)
+					printf(translate('You are configuring your store for shop %s'), '<b>'.Context::getContext()->shop->name.'</b>');
+				echo '</div>';
+			}
+
+			if (Validate::isLoadedObject($adminObj))
+			{
+				if ($adminObj->checkToken())
+				{
+					/* Filter memorization */
+					if (isset($_POST) AND !empty($_POST) AND isset($adminObj->table))
+						foreach ($_POST AS $key => $value)
+							if (is_array($adminObj->table))
+							{
+								foreach ($adminObj->table AS $table)
+									if (strncmp($key, $table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0)
+										$cookie->$key = !is_array($value) ? $value : serialize($value);
+							}
+							elseif (strncmp($key, $adminObj->table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0)
+								$cookie->$key = !is_array($value) ? $value : serialize($value);
+
+					if (isset($_GET) AND !empty($_GET) AND isset($adminObj->table))
+						foreach ($_GET AS $key => $value)
+							if (is_array($adminObj->table))
+							{
+								foreach ($adminObj->table AS $table)
+									if (strncmp($key, $table.'OrderBy', 7) === 0 OR strncmp($key, $table.'Orderway', 8) === 0)
+										$cookie->$key = $value;
+							}
+							elseif (strncmp($key, $adminObj->table.'OrderBy', 7) === 0 OR strncmp($key, $adminObj->table.'Orderway', 12) === 0)
+								$cookie->$key = $value;
+					$adminObj->displayConf();
+					$adminObj->postProcess();
+					$adminObj->displayErrors();
+					$adminObj->display();
 				}
-			});
-		});</script>';
+				else
+				{
+					// If this is an XSS attempt, then we should only display a simple, secure page
+					ob_clean();
 
-		echo '<div class="path_bar">
-		<div id="help-button" class="floatr" style="display: none; font-family: Verdana; font-size: 10px; margin-right: 4px; margin-top: 4px;">
-		</div>
-			<a href="?token='.Tools::getAdminToken($tab.intval(Tab::getIdFromClassName($tab)).(int)Context::getContext()->employee->id).'">'.translate('Back Office').'</a>
-			'.$bread;
-		echo '
-		</div>';
+					// ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17)
+					$url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}'.$adminObj->token.'$2', $_SERVER['REQUEST_URI']);
+					if (false === strpos($url, '?token=') AND false === strpos($url, '&token='))
+						$url .= '&token='.$adminObj->token;
 
-
-		if (Shop::isMultiShopActivated() && Context::shop() != Shop::CONTEXT_ALL)
-		{
-			echo '<div class="multishop_info">';
-			if (Context::shop() == Shop::CONTEXT_GROUP)
-				printf(translate('You are configuring your store for group shop %s'), '<b>'.Context::getContext()->shop->getGroup()->name.'</b>');
-			elseif (Context::shop() == Shop::CONTEXT_SHOP)
-				printf(translate('You are configuring your store for shop %s'), '<b>'.Context::getContext()->shop->name.'</b>');
-			echo '</div>';
-		}
-
-		if (Validate::isLoadedObject($adminObj))
-		{
-			if ($adminObj->checkToken())
-			{
-				/* Filter memorization */
-				if (isset($_POST) AND !empty($_POST) AND isset($adminObj->table))
-					foreach ($_POST AS $key => $value)
-						if (is_array($adminObj->table))
-						{
-							foreach ($adminObj->table AS $table)
-								if (strncmp($key, $table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0)
-									$cookie->$key = !is_array($value) ? $value : serialize($value);
-						}
-						elseif (strncmp($key, $adminObj->table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0)
-							$cookie->$key = !is_array($value) ? $value : serialize($value);
-
-				if (isset($_GET) AND !empty($_GET) AND isset($adminObj->table))
-					foreach ($_GET AS $key => $value)
-						if (is_array($adminObj->table))
-						{
-							foreach ($adminObj->table AS $table)
-								if (strncmp($key, $table.'OrderBy', 7) === 0 OR strncmp($key, $table.'Orderway', 8) === 0)
-									$cookie->$key = $value;
-						}
-						elseif (strncmp($key, $adminObj->table.'OrderBy', 7) === 0 OR strncmp($key, $adminObj->table.'Orderway', 12) === 0)
-							$cookie->$key = $value;
-				$adminObj->displayConf();
-				$adminObj->postProcess();
-				$adminObj->displayErrors();
-				$adminObj->display();
-			}
-			else
-			{
-				// If this is an XSS attempt, then we should only display a simple, secure page
-				ob_clean();
-
-				// ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17)
-				$url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}'.$adminObj->token.'$2', $_SERVER['REQUEST_URI']);
-				if (false === strpos($url, '?token=') AND false === strpos($url, '&token='))
-					$url .= '&token='.$adminObj->token;
-
-				$message = translate('Invalid security token');
-				echo '<html><head><title>'.$message.'</title></head><body style="font-family:Arial,Verdana,Helvetica,sans-serif;background-color:#EC8686">
-					<div style="background-color:#FAE2E3;border:1px solid #000000;color:#383838;font-weight:700;line-height:20px;margin:0 0 10px;padding:10px 15px;width:500px">
-						<img src="../img/admin/error2.png" style="margin:-4px 5px 0 0;vertical-align:middle">
-						'.$message.'
-					</div>';
-				echo '<a href="'.htmlentities($url).'" method="get" style="float:left;margin:10px">
-						<input type="button" value="'.Tools::htmlentitiesUTF8(translate('I understand the risks and I really want to display this page')).'" style="height:30px;margin-top:5px" />
-					</a>
-					<a href="index.php" method="get" style="float:left;margin:10px">
-						<input type="button" value="'.Tools::htmlentitiesUTF8(translate('Take me out of here!')).'" style="height:40px" />
-					</a>
-				</body></html>';
-				die;
+					$message = translate('Invalid security token');
+					echo '<html><head><title>'.$message.'</title></head><body style="font-family:Arial,Verdana,Helvetica,sans-serif;background-color:#EC8686">
+						<div style="background-color:#FAE2E3;border:1px solid #000000;color:#383838;font-weight:700;line-height:20px;margin:0 0 10px;padding:10px 15px;width:500px">
+							<img src="../img/admin/error2.png" style="margin:-4px 5px 0 0;vertical-align:middle">
+							'.$message.'
+						</div>';
+					echo '<a href="'.htmlentities($url).'" method="get" style="float:left;margin:10px">
+							<input type="button" value="'.Tools::htmlentitiesUTF8(translate('I understand the risks and I really want to display this page')).'" style="height:30px;margin-top:5px" />
+						</a>
+						<a href="index.php" method="get" style="float:left;margin:10px">
+							<input type="button" value="'.Tools::htmlentitiesUTF8(translate('Take me out of here!')).'" style="height:40px" />
+						</a>
+					</body></html>';
+					die;
+				}
 			}
+			include(_PS_ADMIN_DIR_.'/footer.inc.php');
 		}
-		include(_PS_ADMIN_DIR_.'/footer.inc.php');
 	}
 }
-
-
-}
diff --git a/admin-dev/index.php b/admin-dev/index.php
index 89dd48a91..6430feb7e 100644
--- a/admin-dev/index.php
+++ b/admin-dev/index.php
@@ -29,6 +29,15 @@ define('_PS_ADMIN_DIR_', getcwd());
 require(dirname(__FILE__).'/../config/config.inc.php');
 require(dirname(__FILE__).'/functions.php');
 
+// For retrocompatibility with "tab" parameter
+if (!isset($_GET['controller']) && isset($_GET['tab']))
+	$_GET['controller'] = strtolower($_GET['tab']);
+if (!isset($_POST['controller']) && isset($_POST['tab']))
+	$_POST['controller'] = strtolower($_POST['tab']);
+if (!isset($_REQUEST['controller']) && isset($_REQUEST['tab']))
+	$_REQUEST['controller'] = strtolower($_REQUEST['tab']);
+
+// Prepare and trigger admin dispatcher
 Dispatcher::getInstance()->setDefaultController('adminhome');
 Dispatcher::getInstance()->setControllerNotFound('adminhome');
 Dispatcher::getInstance()->setControllerDirectories(array(_PS_ADMIN_DIR_.'/tabs/', _PS_ADMIN_CONTROLLER_DIR_));
diff --git a/admin-dev/init.php b/admin-dev/init.php
index 32c5a547e..4b2ea2607 100644
--- a/admin-dev/init.php
+++ b/admin-dev/init.php
@@ -1,6 +1,6 @@
 <?php
 /*
-* 2007-2011 PrestaShop 
+* 2007-2011 PrestaShop
 *
 * NOTICE OF LICENSE
 *
@@ -28,16 +28,6 @@
 ob_start();
 $timerStart = microtime(true);
 
-{
-if (!isset($_GET['controller']) && isset($_GET['tab'])){
-	$_GET['controller'] = $_GET['tab'];
-}
-if (!isset($_POST['controller']) && isset($_POST['tab']))
-	$_POST['controller'] = $_POST['tab'];
-
-if (!isset($_REQUEST['controller']) && isset($_REQUEST['tab']))
-	$_REQUEST['controller'] = $_REQUEST['tab'];
-}
 //	$_GET['tab'] = $_GET['controller'];
 //	$_POST['tab'] = $_POST['controller'];
 //	$_REQUEST['tab'] = $_REQUEST['controller'];
@@ -50,13 +40,13 @@ if (!isset($context->employee) || !$context->employee->isLoggedBack())
 	Tools::redirectAdmin('login.php?redirect='.$_SERVER['REQUEST_URI']);
 
 
-// Set current index 
-$currentIndex = $_SERVER['SCRIPT_NAME'].(($tab = Tools::getValue('tab')) ? '?tab='.$tab : '');
-if (empty($tab))
-{
+// Set current index
+//$currentIndex = $_SERVER['SCRIPT_NAME'].(($tab = Tools::getValue('tab')) ? '?tab='.$tab : '');
+//if (empty($tab))
+//{
 	$currentIndex = $_SERVER['SCRIPT_NAME'].(($controller = Tools::getValue('controller')) ? '?controller='.$controller: '');
 	$tab = $controller;
-}
+//}
 if ($back = Tools::getValue('back'))
 	$currentIndex .= '&back='.urlencode($back);
 AdminTab::$currentIndex = $currentIndex;