'assessment.pstpl');
$files[]=array('name'=>'clearall.pstpl');
$files[]=array('name'=>'completed.pstpl');
$files[]=array('name'=>'endgroup.pstpl');
$files[]=array('name'=>'endpage.pstpl');
$files[]=array('name'=>'groupdescription.pstpl');
$files[]=array('name'=>'load.pstpl');
$files[]=array('name'=>'navigator.pstpl');
$files[]=array('name'=>'printanswers.pstpl');
$files[]=array('name'=>'privacy.pstpl');
$files[]=array('name'=>'question.pstpl');
$files[]=array('name'=>'register.pstpl');
$files[]=array('name'=>'save.pstpl');
$files[]=array('name'=>'surveylist.pstpl');
$files[]=array('name'=>'startgroup.pstpl');
$files[]=array('name'=>'startpage.pstpl');
$files[]=array('name'=>'survey.pstpl');
$files[]=array('name'=>'welcome.pstpl');
$files[]=array('name'=>'print_survey.pstpl');
$files[]=array('name'=>'print_group.pstpl');
$files[]=array('name'=>'print_question.pstpl');
//Standard CSS Files
//These files may be edited or saved
$cssfiles[]=array('name'=>'template.css');
$cssfiles[]=array('name'=>'template-rtl.css');
$cssfiles[]=array('name'=>'ie_fix_6.css');
$cssfiles[]=array('name'=>'ie_fix_7.css');
$cssfiles[]=array('name'=>'ie_fix_8.css');
$cssfiles[]=array('name'=>'print_template.css');
$cssfiles[]=array('name'=>'template.js');
//Standard Support Files
//These files may be edited or saved
$supportfiles[]=array('name'=>'print_img_radio.png');
$supportfiles[]=array('name'=>'print_img_checkbox.png');
//Standard screens
//Only these may be viewed
$screens[]=array('name'=>$clang->gT('Survey List Page'),'id'=>'surveylist');
$screens[]=array('name'=>$clang->gT('Welcome Page'),'id'=>'welcome');
$screens[]=array('name'=>$clang->gT('Question Page'),'id'=>'question');
$screens[]=array('name'=>$clang->gT('Completed Page'),'id'=>'completed');
$screens[]=array('name'=>$clang->gT('Clear All Page'),'id'=>'clearall');
$screens[]=array('name'=>$clang->gT('Register Page'),'id'=>'register');
$screens[]=array('name'=>$clang->gT('Load Page'),'id'=>'load');
$screens[]=array('name'=>$clang->gT('Save Page'),'id'=>'save');
$screens[]=array('name'=>$clang->gT('Print answers page'),'id'=>'printanswers');
$screens[]=array('name'=>$clang->gT('Printable survey page'),'id'=>'printablesurvey');
//Page display blocks
$SurveyList=array('startpage.pstpl',
'surveylist.pstpl',
'endpage.pstpl'
);
$Welcome=array('startpage.pstpl',
'welcome.pstpl',
'privacy.pstpl',
'navigator.pstpl',
'endpage.pstpl'
);
$Question=array('startpage.pstpl',
'survey.pstpl',
'startgroup.pstpl',
'groupdescription.pstpl',
'question.pstpl',
'endgroup.pstpl',
'navigator.pstpl',
'endpage.pstpl'
);
$CompletedTemplate=array(
'startpage.pstpl',
'assessment.pstpl',
'completed.pstpl',
'endpage.pstpl'
);
$Clearall=array('startpage.pstpl',
'clearall.pstpl',
'endpage.pstpl'
);
$Register=array('startpage.pstpl',
'survey.pstpl',
'register.pstpl',
'endpage.pstpl'
);
$Save=array('startpage.pstpl',
'save.pstpl',
'endpage.pstpl'
);
$Load=array('startpage.pstpl',
'load.pstpl',
'endpage.pstpl'
);
$printtemplate=array('startpage.pstpl',
'printanswers.pstpl',
'endpage.pstpl'
);
$printablesurveytemplate=array('print_survey.pstpl',
'print_group.pstpl',
'print_question.pstpl'
);
// Set this so common.php doesn't throw notices about undefined variables
$thissurvey['active']='N';
$file_version="LimeSurvey template editor ".$versionnumber;
$_SESSION['s_lang']=$_SESSION['adminlang'];
if (!isset($templatename)) {$templatename = sanitize_paranoid_string(returnglobal('templatename'));}
if (!isset($templatedir)) {$templatedir = sanitize_paranoid_string(returnglobal('templatedir'));}
if (!isset($editfile)) {$editfile = sanitize_filename(returnglobal('editfile'));}
if (!isset($screenname)) {$screenname=auto_unescape(returnglobal('screenname'));}
// Checks if screen name is in the list of allowed screen names
if ( isset($screenname) && (multiarray_search($screens,'id',$screenname)===false)) {die('Invalid screen name');} // Die you sneaky bastard!
if (!isset($action)) {$action=sanitize_paranoid_string(returnglobal('action'));}
if (!isset($subaction)) {$subaction=sanitize_paranoid_string(returnglobal('subaction'));}
if (!isset($otherfile)) {$otherfile = sanitize_filename(returnglobal('otherfile'));}
if (!isset($newname)) {$newname = sanitize_paranoid_string(returnglobal('newname'));}
if (!isset($copydir)) {$copydir = sanitize_paranoid_string(returnglobal('copydir'));}
if(is_file($usertemplaterootdir.'/'.$templatename.'/question_start.pstpl'))
{
$files[]=array('name'=>'question_start.pstpl');
$Question[]='question_start.pstpl';
}
$js_admin_includes[]= $homeurl."/scripts/edit_area/edit_area_loader.js";
$js_admin_includes[]= $homeurl."/scripts/templates.js";
// find out language for code editor
$availableeditorlanguages=array('bg','cs','de','dk','en','eo','es','fi','fr','hr','it','ja','mk','nl','pl','pt','ru','sk','zh');
$extension = substr(strrchr($editfile, "."), 1);
if ($extension=='css' || $extension=='js') {$highlighter=$extension;} else {$highlighter='html';};
if(in_array($_SESSION['adminlang'],$availableeditorlanguages)) {$codelanguage=$_SESSION['adminlang'];}
else {$codelanguage='en';}
if (isset ($_POST['changes'])) {
$changedtext=$_POST['changes'];
$changedtext=str_replace ('','',$changedtext);
}
if (isset ($_POST['changes_cp'])) {
$changedtext=$_POST['changes_cp'];
$changedtext=str_replace ('','',$changedtext);
}
$templates=gettemplatelist();
// check if a template like this exists
if (!isset($templates[$templatename]))
{
$templatename = $defaulttemplate;
}
if ($subaction == "delete" && is_template_editable($templatename)==true)
{
if (rmdirr($usertemplaterootdir."/".$templatename)==true)
{
$templatequery = "UPDATE {$dbprefix}surveys set template='$defaulttemplate' where template='$templatename'\n";
$connect->Execute($templatequery) or safe_die ("Couldn't update surveys with default template!
\n$utquery
\n".$connect->ErrorMsg()); //Checked
$templatequery = "UPDATE {$dbprefix}surveys set template='$defaulttemplate' where template='$templatename'\n";
$connect->Execute($templatequery) or safe_die ("Couldn't update surveys with default template!
\n$utquery
\n".$connect->ErrorMsg()); //Checked
$templatequery = "delete from {$dbprefix}templates_rights where folder='$templatename'\n";
$connect->Execute($templatequery) or safe_die ("Couldn't update template_rights
\n$utquery
\n".$connect->ErrorMsg()); //Checked
$templatequery = "delete from {$dbprefix}templates where folder='$templatename'\n";
$connect->Execute($templatequery) or safe_die ("Couldn't update templates
\n$utquery
\n".$connect->ErrorMsg()); //Checked
$flashmessage=sprintf($clang->gT("Template '%s' was successfully deleted."),$templatename);
unset($templates[$templatename]);
$templatename = $defaulttemplate;
}
else
{
$flashmessage=sprintf($clang->gT("There was a problem deleting the template '%s'. Please check your directory/file permissions."),$templatename);
}
}
if ($action == "templateupload")
{
include("import_resources_zip.php");
}
//Save Changes if necessary
if ($action=="templatesavechanges" && $changedtext) {
$changedtext=str_replace("\r\n", "\n", $changedtext);
if ($editfile) {
// Check if someone tries to submit a file other than one of the allowed filenames
if (multiarray_search($files,'name',$editfile)===false && multiarray_search($cssfiles,'name',$editfile)===false) {die('Invalid template filename');} // Die you sneaky bastard!
$savefilename=$usertemplaterootdir."/".$templatename."/".$editfile;
if (is_writable($savefilename)) {
if (!$handle = fopen($savefilename, 'w')) {
echo "Could not open file ($savefilename)";
exit;
}
if (!fwrite($handle, $changedtext)) {
echo "Cannot write to file ($savefilename)";
exit;
}
fclose($handle);
} else {
echo "The file $savefilename is not writable";
}
}
}
if ($action == "templatecopy" && isset($newname) && isset($copydir)) {
//Copies all the files from one template directory to a new one
//This is a security issue because it is allowing copying from get variables...
$newdirname=$usertemplaterootdir."/".$newname;
$copydirname=sGetTemplatePath($copydir);
$mkdirresult=mkdir_p($newdirname);
if ($mkdirresult == 1) {
$copyfiles=getListOfFiles($copydirname);
foreach ($copyfiles as $file) {
$copyfile=$copydirname."/".$file;
$newfile=$newdirname."/".$file;
if (!copy($copyfile, $newfile)) {
echo "";
}
}
$templates[$newname]=$newdirname;
$templatename=$newname;
} elseif($mkdirresult == 2) {
echo "";
} else {
echo "";
}
}
if ($action == "templaterename" && isset($newname) && isset($copydir))
{
$newdirname=$usertemplaterootdir."/".$newname;
$olddirname=$usertemplaterootdir."/".$copydir;
if(isStandardTemplate($newname))
{
echo "";
}
elseif (rename($olddirname, $newdirname)==false)
{
echo "";
}
else
{
$templates[$newname]=$newdirname;
$templatename=$newname;
}
}
if ($action == "templateuploadfile")
{
if ($demoModeOnly == true)
{
$action = '';
}
else
{
$the_full_file_path = $usertemplaterootdir."/".$templatename . "/" . sanitize_filename($_FILES['the_file']['name']);
if ($extfile = strrchr($_FILES['the_file']['name'], '.'))
{
if (!(stripos(','.$allowedtemplateuploads.',',','. substr($extfile,1).',') === false))
{
//Uploads the file into the appropriate directory
if (!@move_uploaded_file($_FILES['the_file']['tmp_name'], $the_full_file_path)) {
echo "".$clang->gT("Error")."
\n";
echo sprintf ($clang->gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."),$tempdir)."
\n";
echo "\n";
echo "\n";
echo "