|
1
|
1 |
<?php
|
|
|
2 |
/*
|
|
|
3 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
|
|
|
4 |
* Version 1.0 (Banshee)
|
|
|
5 |
* pageprocess.php - intelligent retrieval of pages
|
|
|
6 |
* Copyright (C) 2006-2007 Dan Fuhry
|
|
|
7 |
*
|
|
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
|
|
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
|
|
|
10 |
*
|
|
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
|
|
|
13 |
*/
|
|
|
14 |
|
|
|
15 |
/**
|
|
|
16 |
* Class to handle fetching page text (possibly from a cache) and formatting it.
|
|
|
17 |
* @package Enano
|
|
|
18 |
* @subpackage UI
|
|
|
19 |
* @copyright 2007 Dan Fuhry
|
|
|
20 |
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html>
|
|
|
21 |
*/
|
|
|
22 |
|
|
|
23 |
class PageProcessor
|
|
|
24 |
{
|
|
|
25 |
|
|
|
26 |
/**
|
|
|
27 |
* Page ID and namespace of the page handled by this instance
|
|
|
28 |
* @var string
|
|
|
29 |
*/
|
|
|
30 |
|
|
|
31 |
var $page_id;
|
|
|
32 |
var $namespace;
|
|
|
33 |
|
|
|
34 |
/**
|
|
|
35 |
* Tracks if the page we're loading exists in the database or not.
|
|
|
36 |
* @var bool
|
|
|
37 |
*/
|
|
|
38 |
|
|
|
39 |
var $page_exists = false;
|
|
|
40 |
|
|
|
41 |
/**
|
|
|
42 |
* Permissions!
|
|
|
43 |
* @var object
|
|
|
44 |
*/
|
|
|
45 |
|
|
|
46 |
var $perms = null;
|
|
|
47 |
|
|
|
48 |
/**
|
|
|
49 |
* Switch to track if redirects are allowed. Defaults to true.
|
|
|
50 |
* @var bool
|
|
|
51 |
*/
|
|
|
52 |
|
|
|
53 |
var $allow_redir = true;
|
|
|
54 |
|
|
|
55 |
/**
|
|
|
56 |
* If this is set to true, this will call the header and footer funcs on $template when render() is called.
|
|
|
57 |
* @var bool
|
|
|
58 |
*/
|
|
|
59 |
|
|
|
60 |
var $send_headers = false;
|
|
|
61 |
|
|
|
62 |
/**
|
|
|
63 |
* Cache the fetched text so we don't fetch it from the DB twice.
|
|
|
64 |
* @var string
|
|
|
65 |
*/
|
|
|
66 |
|
|
|
67 |
var $text_cache = '';
|
|
|
68 |
|
|
|
69 |
/**
|
|
|
70 |
* Debugging information to track errors. You can set enable to false to disable sending debug information.
|
|
|
71 |
* @var array
|
|
|
72 |
*/
|
|
|
73 |
|
|
|
74 |
var $debug = array(
|
|
|
75 |
'enable' => true,
|
|
|
76 |
'works' => false
|
|
|
77 |
);
|
|
|
78 |
|
|
|
79 |
/**
|
|
|
80 |
* Constructor.
|
|
|
81 |
* @param string The page ID (urlname) of the page
|
|
|
82 |
* @param string The namespace of the page
|
|
|
83 |
*/
|
|
|
84 |
|
|
|
85 |
function __construct( $page_id, $namespace )
|
|
|
86 |
{
|
|
|
87 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
88 |
|
|
|
89 |
// See if we can get some debug info
|
|
|
90 |
if ( function_exists('debug_backtrace') && $this->debug['enable'] )
|
|
|
91 |
{
|
|
|
92 |
$this->debug['works'] = true;
|
|
|
93 |
$this->debug['backtrace'] = enano_debug_print_backtrace(true);
|
|
|
94 |
}
|
|
|
95 |
|
|
|
96 |
// First things first - check page existence and permissions
|
|
|
97 |
|
|
|
98 |
if ( !isset($paths->nslist[$namespace]) )
|
|
|
99 |
{
|
|
|
100 |
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
|
|
|
101 |
}
|
|
|
102 |
|
|
|
103 |
$this->_setup( $page_id, $namespace );
|
|
|
104 |
|
|
|
105 |
}
|
|
|
106 |
|
|
|
107 |
/**
|
|
|
108 |
* The main method to send the page content. Also responsible for checking permissions.
|
|
|
109 |
*/
|
|
|
110 |
|
|
|
111 |
function send()
|
|
|
112 |
{
|
|
|
113 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
114 |
if ( !$this->perms->get_permissions('read') )
|
|
|
115 |
{
|
|
|
116 |
$this->err_access_denied();
|
|
|
117 |
return false;
|
|
|
118 |
}
|
|
|
119 |
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' )
|
|
|
120 |
{
|
|
|
121 |
if ( !$this->page_exists )
|
|
|
122 |
{
|
|
|
123 |
redirect( makeUrl(getConfig('main_page')), 'Can\'t find special page', 'The special or administration page you requested does not exist. You will now be transferred to the main page.', 2 );
|
|
|
124 |
}
|
|
|
125 |
$func_name = "page_{$this->namespace}_{$this->page_id}";
|
|
|
126 |
if ( function_exists($func_name) )
|
|
|
127 |
{
|
|
|
128 |
return @call_user_func($func_name);
|
|
|
129 |
}
|
|
|
130 |
else
|
|
|
131 |
{
|
|
|
132 |
$title = 'Page backend not found';
|
|
|
133 |
$message = "The administration page you are looking for was properly registered using the page API, but the backend function
|
|
|
134 |
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
|
|
|
135 |
|
|
|
136 |
if ( $this->send_headers )
|
|
|
137 |
{
|
|
|
138 |
$template->tpl_strings['PAGE_NAME'] = $title;
|
|
|
139 |
$template->header();
|
|
|
140 |
echo "<p>$message</p>";
|
|
|
141 |
$template->footer();
|
|
|
142 |
}
|
|
|
143 |
else
|
|
|
144 |
{
|
|
|
145 |
echo "<h2>$title</h2>
|
|
|
146 |
<p>$message</p>";
|
|
|
147 |
}
|
|
|
148 |
return false;
|
|
|
149 |
}
|
|
|
150 |
}
|
|
|
151 |
else if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists )
|
|
|
152 |
{
|
|
|
153 |
// Send as regular page
|
|
|
154 |
$text = $this->fetch_text();
|
|
|
155 |
if ( $text == 'err_no_text_rows' )
|
|
|
156 |
{
|
|
|
157 |
$this->err_no_rows();
|
|
|
158 |
return false;
|
|
|
159 |
}
|
|
|
160 |
else
|
|
|
161 |
{
|
|
|
162 |
$this->render();
|
|
|
163 |
}
|
|
|
164 |
}
|
|
|
165 |
else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists )
|
|
|
166 |
{
|
|
|
167 |
$this->header();
|
|
|
168 |
|
|
|
169 |
$text = $this->fetch_text();
|
|
|
170 |
$text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text);
|
|
|
171 |
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text);
|
|
|
172 |
|
|
|
173 |
$text = RenderMan::render( $text );
|
|
|
174 |
|
|
|
175 |
echo $text;
|
|
|
176 |
|
|
|
177 |
$this->footer();
|
|
|
178 |
|
|
|
179 |
}
|
|
|
180 |
else if ( !$this->page_exists )
|
|
|
181 |
{
|
|
|
182 |
// Perhaps this is hooked?
|
|
|
183 |
ob_start();
|
|
|
184 |
|
|
|
185 |
$code = $plugins->setHook('page_not_found');
|
|
|
186 |
foreach ( $code as $cmd )
|
|
|
187 |
{
|
|
|
188 |
eval($cmd);
|
|
|
189 |
}
|
|
|
190 |
|
|
|
191 |
$ob = ob_get_contents();
|
|
|
192 |
|
|
|
193 |
if ( empty($ob) )
|
|
|
194 |
{
|
|
|
195 |
$this->err_page_not_existent();
|
|
|
196 |
}
|
|
|
197 |
}
|
|
|
198 |
|
|
4
|
199 |
|
|
1
|
200 |
}
|
|
|
201 |
|
|
|
202 |
/**
|
|
|
203 |
* Sets internal variables.
|
|
|
204 |
* @access private
|
|
|
205 |
*/
|
|
|
206 |
|
|
|
207 |
function _setup($page_id, $namespace)
|
|
|
208 |
{
|
|
|
209 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
210 |
|
|
|
211 |
$page_id_cleaned = sanitize_page_id($page_id);
|
|
|
212 |
|
|
|
213 |
$this->page_id = $page_id_cleaned;
|
|
|
214 |
$this->namespace = $namespace;
|
|
|
215 |
|
|
|
216 |
$this->perms = $session->fetch_page_acl( $page_id, $namespace );
|
|
|
217 |
|
|
|
218 |
// Exception for Admin: pages
|
|
|
219 |
if ( $this->namespace == 'Admin' )
|
|
|
220 |
{
|
|
|
221 |
$fname = "page_Admin_{$this->page_id}";
|
|
|
222 |
}
|
|
|
223 |
|
|
|
224 |
// Does the page "exist"?
|
|
4
|
225 |
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
|
|
1
|
226 |
{
|
|
|
227 |
$this->page_exists = false;
|
|
|
228 |
}
|
|
|
229 |
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
|
|
|
230 |
{
|
|
|
231 |
$this->page_exists = false;
|
|
|
232 |
}
|
|
|
233 |
else
|
|
|
234 |
{
|
|
|
235 |
$this->page_exists = true;
|
|
|
236 |
}
|
|
|
237 |
}
|
|
|
238 |
|
|
|
239 |
/**
|
|
|
240 |
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
|
|
|
241 |
* @access private
|
|
|
242 |
*/
|
|
|
243 |
|
|
|
244 |
function render()
|
|
|
245 |
{
|
|
|
246 |
$text = $this->fetch_text();
|
|
|
247 |
|
|
|
248 |
$this->header();
|
|
|
249 |
display_page_headers();
|
|
|
250 |
echo RenderMan::render($text);
|
|
|
251 |
display_page_footers();
|
|
|
252 |
$this->footer();
|
|
|
253 |
}
|
|
|
254 |
|
|
|
255 |
/**
|
|
|
256 |
* Sends the page header, dependent on, of course, whether we're supposed to.
|
|
|
257 |
*/
|
|
|
258 |
|
|
|
259 |
function header()
|
|
|
260 |
{
|
|
|
261 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
262 |
if ( $this->send_headers )
|
|
|
263 |
$template->header();
|
|
|
264 |
}
|
|
|
265 |
|
|
|
266 |
/**
|
|
|
267 |
* Sends the page footer, dependent on, of course, whether we're supposed to.
|
|
|
268 |
*/
|
|
|
269 |
|
|
|
270 |
function footer()
|
|
|
271 |
{
|
|
|
272 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
273 |
if ( $this->send_headers )
|
|
|
274 |
$template->footer();
|
|
|
275 |
}
|
|
|
276 |
|
|
|
277 |
/**
|
|
|
278 |
* Fetches the raw, unfiltered page text.
|
|
|
279 |
* @access public
|
|
|
280 |
*/
|
|
|
281 |
|
|
|
282 |
function fetch_text()
|
|
|
283 |
{
|
|
|
284 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
285 |
|
|
|
286 |
if ( !empty($this->text_cache) )
|
|
|
287 |
{
|
|
|
288 |
return $this->text_cache;
|
|
|
289 |
}
|
|
|
290 |
|
|
|
291 |
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\';');
|
|
|
292 |
if ( !$q )
|
|
|
293 |
{
|
|
|
294 |
$this->send_error('Error during SQL query.', true);
|
|
|
295 |
}
|
|
|
296 |
if ( $db->numrows() < 1 )
|
|
|
297 |
{
|
|
|
298 |
$this->page_exists = false;
|
|
|
299 |
return 'err_no_text_rows';
|
|
|
300 |
}
|
|
|
301 |
|
|
|
302 |
$row = $db->fetchrow();
|
|
|
303 |
$db->free_result();
|
|
|
304 |
|
|
|
305 |
if ( !empty($row['char_tag']) )
|
|
|
306 |
{
|
|
|
307 |
// This page text entry uses the old text-escaping format
|
|
|
308 |
$from = array(
|
|
|
309 |
"{APOS:{$row['char_tag']}}",
|
|
|
310 |
"{QUOT:{$row['char_tag']}}",
|
|
|
311 |
"{SLASH:{$row['char_tag']}}"
|
|
|
312 |
);
|
|
|
313 |
$to = array("'", '"', '\\');
|
|
|
314 |
$row['page_text'] = str_replace($from, $to, $row['page_text']);
|
|
|
315 |
}
|
|
|
316 |
|
|
|
317 |
$this->text_cache = $row['page_text'];
|
|
|
318 |
|
|
|
319 |
return $row['page_text'];
|
|
|
320 |
|
|
|
321 |
}
|
|
|
322 |
|
|
|
323 |
/**
|
|
|
324 |
* Send the error message to the user that the access to this page is denied.
|
|
|
325 |
* @access private
|
|
|
326 |
*/
|
|
|
327 |
|
|
|
328 |
function err_access_denied()
|
|
|
329 |
{
|
|
|
330 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
331 |
|
|
|
332 |
$ob = '';
|
|
|
333 |
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
|
|
|
334 |
|
|
|
335 |
if ( $this->send_headers )
|
|
|
336 |
{
|
|
|
337 |
$ob .= $template->getHeader();
|
|
|
338 |
}
|
|
|
339 |
|
|
|
340 |
$ob .= '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
|
|
|
341 |
|
|
|
342 |
if ( $this->send_headers )
|
|
|
343 |
{
|
|
|
344 |
$ob .= $template->getFooter();
|
|
|
345 |
}
|
|
|
346 |
echo $ob;
|
|
|
347 |
}
|
|
|
348 |
|
|
|
349 |
/**
|
|
|
350 |
* Send the error message to the user complaining that there weren't any rows.
|
|
|
351 |
* @access private
|
|
|
352 |
*/
|
|
|
353 |
|
|
|
354 |
function err_no_rows()
|
|
|
355 |
{
|
|
|
356 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
357 |
|
|
|
358 |
$title = 'No text rows';
|
|
|
359 |
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
|
|
|
360 |
if ( $this->send_headers )
|
|
|
361 |
{
|
|
|
362 |
$template->tpl_strings['PAGE_NAME'] = $title;
|
|
|
363 |
$template->header();
|
|
|
364 |
echo "<p>$message</p>";
|
|
|
365 |
$template->footer();
|
|
|
366 |
}
|
|
|
367 |
else
|
|
|
368 |
{
|
|
|
369 |
echo "<h2>$title</h2>
|
|
|
370 |
<p>$message</p>";
|
|
|
371 |
}
|
|
|
372 |
}
|
|
|
373 |
|
|
|
374 |
/**
|
|
|
375 |
* Tell the user the page doesn't exist, and present them with their options.
|
|
|
376 |
* @access private
|
|
|
377 |
*/
|
|
|
378 |
|
|
|
379 |
function err_page_not_existent()
|
|
|
380 |
{
|
|
|
381 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
382 |
|
|
|
383 |
$this->header();
|
|
|
384 |
header('HTTP/1.1 404 Not Found');
|
|
|
385 |
echo '<h3>There is no page with this title yet.</h3>
|
|
|
386 |
<p>You have requested a page that doesn\'t exist yet.';
|
|
|
387 |
if ( $session->get_permissions('create_page') )
|
|
|
388 |
{
|
|
|
389 |
echo ' You can <a href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
|
|
|
390 |
}
|
|
|
391 |
else
|
|
|
392 |
{
|
|
|
393 |
echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
|
|
|
394 |
}
|
|
|
395 |
if ( $session->get_permissions('history_rollback') )
|
|
|
396 |
{
|
|
|
397 |
$e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;');
|
|
|
398 |
if ( !$e )
|
|
|
399 |
{
|
|
|
400 |
$db->_die('The deletion log could not be selected.');
|
|
|
401 |
}
|
|
|
402 |
if ( $db->numrows() > 0 )
|
|
|
403 |
{
|
|
|
404 |
$r = $db->fetchrow();
|
|
|
405 |
echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
|
|
|
406 |
}
|
|
|
407 |
$db->free_result();
|
|
|
408 |
}
|
|
|
409 |
echo '<p>
|
|
|
410 |
HTTP Error: 404 Not Found
|
|
|
411 |
</p>';
|
|
|
412 |
$this->footer();
|
|
|
413 |
}
|
|
|
414 |
|
|
|
415 |
/**
|
|
|
416 |
* PHP 4 constructor.
|
|
|
417 |
* @see PageProcessor::__construct()
|
|
|
418 |
*/
|
|
|
419 |
|
|
|
420 |
function PageProcessor( $page_id, $namespace )
|
|
|
421 |
{
|
|
|
422 |
$this->__construct($page_id, $namespace);
|
|
|
423 |
}
|
|
|
424 |
|
|
|
425 |
/**
|
|
|
426 |
* Send an error message and die
|
|
|
427 |
* @var string Error message
|
|
|
428 |
* @var bool If true, send DBAL's debugging information as well
|
|
|
429 |
*/
|
|
|
430 |
|
|
|
431 |
function send_error($message, $sql = false)
|
|
|
432 |
{
|
|
|
433 |
global $db, $session, $paths, $template, $plugins; // Common objects
|
|
|
434 |
|
|
|
435 |
$content = "<p>$message</p>";
|
|
|
436 |
$template->tpl_strings['PAGE_NAME'] = 'General error in page fetcher';
|
|
|
437 |
|
|
|
438 |
if ( $this->debug['works'] )
|
|
|
439 |
{
|
|
|
440 |
$content .= $this->debug['backtrace'];
|
|
|
441 |
}
|
|
|
442 |
|
|
|
443 |
header('HTTP/1.1 500 Internal Server Error');
|
|
|
444 |
|
|
|
445 |
$template->header();
|
|
|
446 |
echo $content;
|
|
|
447 |
$template->footer();
|
|
|
448 |
|
|
|
449 |
$db->close();
|
|
|
450 |
|
|
|
451 |
exit;
|
|
|
452 |
|
|
|
453 |
}
|
|
|
454 |
|
|
|
455 |
} // class PageProcessor
|
|
|
456 |
|
|
|
457 |
?>
|