package WebGUI::Operation::Shared; #------------------------------------------------------------------- # WebGUI is Copyright 2001-2005 Plain Black Corporation. #------------------------------------------------------------------- # Please read the legal notices (docs/legal.txt) and the license # (docs/license.txt) that came with this distribution before using # this software. #------------------------------------------------------------------- # http://www.plainblack.com info@plainblack.com #------------------------------------------------------------------- use Exporter; use strict; use WebGUI::Grouping; use WebGUI::International; use WebGUI::Session; use WebGUI::SQL; use WebGUI::Style; use Safe; our @ISA = qw(Exporter); our @EXPORT = qw(&menuWrapper); #------------------------------------------------------------------- sub accountOptions { my $session = shift; my @array; if (WebGUI::Grouping::isInGroup(12)) { my %hash; if ($session->var->get("adminOn")) { $hash{'options.display'} .= ''.WebGUI::International::get(12).''; } else { $hash{'options.display'} .= ''.WebGUI::International::get(63).''; } push(@array,\%hash); } unless ($session->form->process("op") eq "displayAccount"){ my %hash; $hash{'options.display'} = ''.WebGUI::International::get(342).''; push(@array,\%hash); } unless ($session->form->process("op") eq "editProfile"){ my %hash; $hash{'options.display'} = ''.WebGUI::International::get(341).''; push(@array,\%hash); } unless ($session->form->process("op") eq "viewProfile"){ my %hash; $hash{'options.display'} = ''.WebGUI::International::get(343).''; push(@array,\%hash); } unless ($session->form->process("op") eq "viewMessageLog"){ my %hash; $hash{'options.display'} = ''.WebGUI::International::get(354).''; push(@array,\%hash); } unless ($session->form->process("op") eq "redeemSubscriptionCode") { push(@array, {'options.display' => ''.WebGUI::International::get('redeem code', 'Subscription').''}); } my %logout; $logout{'options.display'} = ''.WebGUI::International::get(64).''; push(@array,\%logout); if ($session->setting->get("selfDeactivation") && !WebGUI::Grouping::isInGroup(3)){ my %hash; $hash{'options.display'} = ''.WebGUI::International::get(65).''; push(@array,\%hash); } return \@array; } #------------------------------------------------------------------- sub menuWrapper { my $session = shift; my ($output, $key); $session{page}{useAdminStyle} = 1; $output = '

'; $output .= $_[0]; $output .= '

'; foreach $key (keys %{$_[1]}) { $output .= '

'; } $output .= '

'.WebGUI::International::get(493).'

'; $output .= '

'; return $output; } #------------------------------------------------------------------- sub userStyle { my $session = shift; my $output = shift; if ($output) { return $session->style->process($output,$session->setting->get("userFunctionStyleId")); } else { return undef; } } #------------------------------------------------------------------- # This function is here to replace the dangerous eval calls in the User Profile System. sub secureEval { my $session = shift; my $code = shift; # Handle WebGUI function calls my %trusted = ( 'WebGUI::International::get' => sub {WebGUI::International::get(@_)}, 'WebGUI::International::getLanguages' => sub { WebGUI::International::getLanguages(@_) }, 'WebGUI::DateTime::epochToHuman' => sub { WebGUI::DateTime::epochToHuman(@_) }, 'WebGUI::Icon::getToolbarOptions' => sub { WebGUI::Icon::getToolbarOptions(@_) }, ); foreach my $function (keys %trusted ) { while ($code =~ /($function$([^)]*)$\s*;*)/g) { my $cmd = $1; my @param = split (/,/,$2); @param = map { s/^['"]|['"]$//g; $_; } @param; my $output = $trusted{$function}(@param); return $output if (ref $output); $code =~ s/\Q$cmd/'$output'/g; } } # Execute simple perl code like ['English'] for default value. # Inside the Safe compartment there's no WebGUI available my $compartment = new Safe; my $eval = $compartment->reval($code); if ($eval) { return $eval; } return $code; } 1;