diff --git a/admin-dev/ajax-tab.php b/admin-dev/ajax-tab.php index eea8aa04a..6aa122b9c 100755 --- a/admin-dev/ajax-tab.php +++ b/admin-dev/ajax-tab.php @@ -25,65 +25,18 @@ * International Registered Trademark & Property of PrestaShop SA */ -define('_PS_ADMIN_DIR_', dirname(__FILE__)); - -include(_PS_ADMIN_DIR_.'/../config/config.inc.php'); -include(_PS_ADMIN_DIR_.'/functions.php'); - - -include(_PS_ADMIN_DIR_.'/init.php'); - -if (empty($tab) and !sizeof($_POST)) -{ - $tab = 'AdminHome'; - $_POST['tab'] = 'AdminHome'; - $_POST['token'] = Tools::getAdminTokenLite($tab); -} - if ($adminObj = checkingTab($tab)) - { - $isoUser = Context::getContext()->language->iso_code; - - if (Validate::isLoadedObject($adminObj)) - { - $adminObj->ajax = true; - if ($adminObj->checkToken()) - { - // the differences with index.php is here - - $adminObj->ajaxPreProcess(); - $action = Tools::getValue('action'); - - // no need to use displayConf() here - - if (!empty($action) AND method_exists($adminObj, 'ajaxProcess'.Tools::toCamelCase($action)) ) - $adminObj->{'ajaxProcess'.Tools::toCamelCase($action)}(); - else - $adminObj->ajaxProcess(); - - // @TODO We should use a displayAjaxError - $adminObj->displayErrors(); - if (!empty($action) AND method_exists($adminObj, 'displayAjax'.Tools::toCamelCase($action)) ) - $adminObj->{'displayAjax'.$action}(); - else - $adminObj->displayAjax(); - - } - else - { - // If this is an XSS attempt, then we should only display a simple, secure page - ob_clean(); - - // ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17) - $url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}'.$adminObj->token.'$2', $_SERVER['REQUEST_URI']); - if (false === strpos($url, '?token=') AND false === strpos($url, '&token=')) - $url .= '&token='.$adminObj->token; - - // we can display the correct url - // die(Tools::jsonEncode(array(translate('Invalid security token'),$url))); - die(Tools::jsonEncode(translate('Invalid security token'))); - } - } - } - +define('_PS_ADMIN_DIR_', getcwd()); +require(dirname(__FILE__).'/../config/config.inc.php'); +require(dirname(__FILE__).'/functions.php'); +// For retrocompatibility with "tab" parameter +if (!isset($_GET['controller']) && isset($_GET['tab'])) + $_GET['controller'] = strtolower($_GET['tab']); +if (!isset($_POST['controller']) && isset($_POST['tab'])) + $_POST['controller'] = strtolower($_POST['tab']); +if (!isset($_REQUEST['controller']) && isset($_REQUEST['tab'])) + $_REQUEST['controller'] = strtolower($_REQUEST['tab']); + +Dispatcher::getInstance()->setControllerDirectories(array(_PS_ADMIN_DIR_.'/tabs/', _PS_ADMIN_CONTROLLER_DIR_)); +Dispatcher::getInstance()->dispatch(); diff --git a/admin-dev/functions.php b/admin-dev/functions.php index bd0168017..764b3d8c8 100644 --- a/admin-dev/functions.php +++ b/admin-dev/functions.php @@ -239,6 +239,7 @@ function checkingTab($tab) $controllers = Dispatcher::getControllers(_PS_ADMIN_DIR_.'/tabs/'); $tab = trim($tab); + $tab_lowercase = strtolower($tab); if (!Validate::isTabName($tab)) return false; $row = Db::getInstance(_PS_USE_SQL_SLAVE_)->getRow('SELECT id_tab, module FROM `'._DB_PREFIX_.'tab` WHERE class_name = \''.pSQL($tab).'\''); @@ -249,10 +250,10 @@ function checkingTab($tab) echo sprintf(Tools::displayError('Tab %s cannot be found.'),$tab); return false; } - if ($row['module'] AND file_exists(_PS_MODULE_DIR_.'/'.$row['module'].'/'.$controllers[$tab].'.php')) - include_once(_PS_MODULE_DIR_.'/'.$row['module'].'/'.$controllers[$tab].'.php'); - elseif (file_exists(_PS_ADMIN_DIR_.'/tabs/'.$controllers[$tab].'.php')) - include_once(_PS_ADMIN_DIR_.'/tabs/'.$controllers[$tab].'.php'); + if ($row['module'] AND file_exists(_PS_MODULE_DIR_.'/'.$row['module'].'/'.$controllers[$tab_lowercase].'.php')) + include_once(_PS_MODULE_DIR_.'/'.$row['module'].'/'.$controllers[$tab_lowercase].'.php'); + elseif (file_exists(_PS_ADMIN_DIR_.'/tabs/'.$controllers[$tab_lowercase].'.php')) + include_once(_PS_ADMIN_DIR_.'/tabs/'.$controllers[$tab_lowercase].'.php'); if (!class_exists($tab, false) OR !$row['id_tab']) { echo sprintf(Tools::displayError('Tab file %s cannot be found.'),$tab); @@ -427,8 +428,10 @@ function generateShopList() * * @return void */ -function runAdminTab() +function runAdminTab($ajaxMode = false) { + $ajaxMode = (bool)$ajaxMode; + require_once(_PS_ADMIN_DIR_.'/init.php'); $cookie = Context::getContext()->cookie; if (empty($tab) and !sizeof($_POST)) @@ -448,7 +451,8 @@ function runAdminTab() } else { - require_once(_PS_ADMIN_DIR_.'/header.inc.php'); + if (!$ajaxMode) + require_once(_PS_ADMIN_DIR_.'/header.inc.php'); $isoUser = Context::getContext()->language->id; $tabs = array(); $tabs = Tab::recursiveTab($adminObj->id, $tabs); @@ -466,31 +470,31 @@ function runAdminTab() } // @TODO : a way to desactivate this feature - echo''; + $(function() { + $.ajax({ + type: \'POST\', + url: \'ajax.php\', + data: \'helpAccess=1&item='.$item['class_name'].'&isoUser='.$isoUser.'&country='.Context::getContext()->country->iso_code.'&version='._PS_VERSION_.'\', + async : true, + success: function(msg) { + $("#help-button").html(msg); + $("#help-button").fadeIn("slow"); + } + }); + });'; - echo '
+ if (!$ajaxMode) + echo '
'.translate('Back Office').' - '.$bread; - echo ' -
'; + '.$bread.'
'; - if (Shop::isMultiShopActivated() && Context::shop() != Shop::CONTEXT_ALL) + if (!$ajaxMode && Shop::isMultiShopActivated() && Context::shop() != Shop::CONTEXT_ALL) { echo '
'; if (Context::shop() == Shop::CONTEXT_GROUP) @@ -499,65 +503,106 @@ function runAdminTab() printf(translate('You are configuring your store for shop %s'), ''.Context::getContext()->shop->name.''); echo '
'; } - if (Validate::isLoadedObject($adminObj)) { if ($adminObj->checkToken()) { - /* Filter memorization */ - if (isset($_POST) AND !empty($_POST) AND isset($adminObj->table)) - foreach ($_POST AS $key => $value) - if (is_array($adminObj->table)) - { - foreach ($adminObj->table AS $table) - if (strncmp($key, $table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0) - $cookie->$key = !is_array($value) ? $value : serialize($value); - } - elseif (strncmp($key, $adminObj->table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0) - $cookie->$key = !is_array($value) ? $value : serialize($value); + if($ajaxMode) + { + // the differences with index.php is here + $adminObj->ajaxPreProcess(); + $action = Tools::getValue('action'); + // no need to use displayConf() here - if (isset($_GET) AND !empty($_GET) AND isset($adminObj->table)) - foreach ($_GET AS $key => $value) - if (is_array($adminObj->table)) - { - foreach ($adminObj->table AS $table) - if (strncmp($key, $table.'OrderBy', 7) === 0 OR strncmp($key, $table.'Orderway', 8) === 0) - $cookie->$key = $value; - } - elseif (strncmp($key, $adminObj->table.'OrderBy', 7) === 0 OR strncmp($key, $adminObj->table.'Orderway', 12) === 0) - $cookie->$key = $value; - $adminObj->displayConf(); - $adminObj->postProcess(); - $adminObj->displayErrors(); - $adminObj->display(); + if (!empty($action) AND method_exists($adminObj, 'ajaxProcess'.Tools::toCamelCase($action)) ) + $adminObj->{'ajaxProcess'.Tools::toCamelCase($action)}(); + else + $adminObj->ajaxProcess(); + + // @TODO We should use a displayAjaxError + $adminObj->displayErrors(); + if (!empty($action) AND method_exists($adminObj, 'displayAjax'.Tools::toCamelCase($action)) ) + $adminObj->{'displayAjax'.$action}(); + else + $adminObj->displayAjax(); + + + } + else + { + /* Filter memorization */ + if (isset($_POST) AND !empty($_POST) AND isset($adminObj->table)) + foreach ($_POST AS $key => $value) + if (is_array($adminObj->table)) + { + foreach ($adminObj->table AS $table) + if (strncmp($key, $table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0) + $cookie->$key = !is_array($value) ? $value : serialize($value); + } + elseif (strncmp($key, $adminObj->table.'Filter_', 7) === 0 OR strncmp($key, 'submitFilter', 12) === 0) + $cookie->$key = !is_array($value) ? $value : serialize($value); + + if (isset($_GET) AND !empty($_GET) AND isset($adminObj->table)) + foreach ($_GET AS $key => $value) + if (is_array($adminObj->table)) + { + foreach ($adminObj->table AS $table) + if (strncmp($key, $table.'OrderBy', 7) === 0 OR strncmp($key, $table.'Orderway', 8) === 0) + $cookie->$key = $value; + } + elseif (strncmp($key, $adminObj->table.'OrderBy', 7) === 0 OR strncmp($key, $adminObj->table.'Orderway', 12) === 0) + $cookie->$key = $value; + $adminObj->displayConf(); + $adminObj->postProcess(); + $adminObj->displayErrors(); + $adminObj->display(); + include(_PS_ADMIN_DIR_.'/footer.inc.php'); + } } else { - // If this is an XSS attempt, then we should only display a simple, secure page - ob_clean(); + if($ajaxMode) + { + // If this is an XSS attempt, then we should only display a simple, secure page + ob_clean(); - // ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17) - $url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}'.$adminObj->token.'$2', $_SERVER['REQUEST_URI']); - if (false === strpos($url, '?token=') AND false === strpos($url, '&token=')) - $url .= '&token='.$adminObj->token; + // ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17) + $url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}'.$adminObj->token.'$2', $_SERVER['REQUEST_URI']); + if (false === strpos($url, '?token=') AND false === strpos($url, '&token=')) + $url .= '&token='.$adminObj->token; - $message = translate('Invalid security token'); - echo ''.$message.' -
- - '.$message.' -
'; - echo ' - - - - - - '; - die; + + // we can display the correct url + // die(Tools::jsonEncode(array(translate('Invalid security token'),$url))); + die(Tools::jsonEncode(translate('Invalid security token'))); + } + else + { + // If this is an XSS attempt, then we should only display a simple, secure page + ob_clean(); + + // ${1} in the replacement string of the regexp is required, because the token may begin with a number and mix up with it (e.g. $17) + $url = preg_replace('/([&?]token=)[^&]*(&.*)?$/', '${1}'.$adminObj->token.'$2', $_SERVER['REQUEST_URI']); + if (false === strpos($url, '?token=') AND false === strpos($url, '&token=')) + $url .= '&token='.$adminObj->token; + + $message = translate('Invalid security token'); + echo ''.$message.' +
+ + '.$message.' +
'; + echo ' + + + + + + '; + die; + } } } - include(_PS_ADMIN_DIR_.'/footer.inc.php'); } } } diff --git a/classes/Dispatcher.php b/classes/Dispatcher.php index fa6ca1028..6f8609cb2 100644 --- a/classes/Dispatcher.php +++ b/classes/Dispatcher.php @@ -236,14 +236,15 @@ class DispatcherCore $this->getController(); $controllers = Dispatcher::getControllers($this->controller_directories); - if (!$this->controller) + if (!$this->controller || $this->controller == 'index') $this->controller = (defined('_PS_ADMIN_DIR_')) ? 'adminhome' : 'index'; // For retrocompatibility with admin/tabs/ old system if (isset($controllers[$this->controller]) && defined('_PS_ADMIN_DIR_') && file_exists(_PS_ADMIN_DIR_.'/tabs/'.$controllers[$this->controller].'.php')) { require_once(_PS_ADMIN_DIR_.'/functions.php'); - runAdminTab(); + $ajaxMode = !empty($_REQUEST['ajaxMode']); + runAdminTab($ajaxMode); return; } else if (!isset($controllers[$this->controller]))