1
+ − 1
<?php
166
+ − 2
1
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 5
* Copyright (C) 2006-2009 Dan Fuhry
1
+ − 6
* pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
class PageUtils {
+ − 16
+ − 17
/**
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 18
* Tell if a username is used or not.
1
+ − 19
* @param $name the name to check for
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 20
* @return string
1
+ − 21
*/
+ − 22
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 23
public static function checkusername($name)
1
+ − 24
{
+ − 25
global $db, $session, $paths, $template, $plugins; // Common objects
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 26
$name = str_replace('_', ' ', $name);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 27
$q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 28
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 29
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 30
die($db->get_error());
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 31
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 32
if ( $db->numrows() < 1)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 33
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 34
$db->free_result(); return('good');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 35
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 36
else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 37
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 38
$db->free_result(); return('bad');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 39
}
1
+ − 40
}
+ − 41
+ − 42
/**
+ − 43
* Get the wiki formatting source for a page
+ − 44
* @param $page the full page id (Namespace:Pagename)
+ − 45
* @return string
+ − 46
* @todo (DONE) Make it require a password (just for security purposes)
+ − 47
*/
+ − 48
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 49
public static function getsource($page, $password = false)
1
+ − 50
{
+ − 51
global $db, $session, $paths, $template, $plugins; // Common objects
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 52
if ( !isPage($page) )
1
+ − 53
{
+ − 54
return '';
+ − 55
}
+ − 56
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 57
list($page_id, $namespace) = RenderMan::strToPageID($page);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 58
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 59
$cdata = $ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 60
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 61
if ( strlen($cdata['password']) == 40 )
1
+ − 62
{
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 63
if(!$password || ( $password != $cdata['password']))
1
+ − 64
{
+ − 65
return 'invalid_password';
+ − 66
}
+ − 67
}
+ − 68
+ − 69
if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
+ − 70
return 'access_denied';
+ − 71
$pid = RenderMan::strToPageID($page);
+ − 72
if($pid[1] == 'Special' || $pid[1] == 'Admin')
+ − 73
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 74
die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
1
+ − 75
}
+ − 76
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 77
$e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
1
+ − 78
if ( !$e )
+ − 79
{
+ − 80
$db->_die('The page text could not be selected.');
+ − 81
}
+ − 82
if( $db->numrows() < 1 )
+ − 83
{
+ − 84
return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
+ − 85
}
+ − 86
+ − 87
$r = $db->fetchrow();
+ − 88
$db->free_result();
+ − 89
$message = $r['page_text'];
+ − 90
+ − 91
return htmlspecialchars($message);
+ − 92
}
+ − 93
+ − 94
/**
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
diff
changeset
+ − 95
* DEPRECATED. Previously returned the full rendered contents of a page.
1
+ − 96
* @param $page the full page id (Namespace:Pagename)
+ − 97
* @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
+ − 98
* @return string
+ − 99
*/
+ − 100
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 101
public static function getpage($page, $send_headers = false, $hist_id = false)
1
+ − 102
{
+ − 103
die('PageUtils->getpage is deprecated.');
+ − 104
}
+ − 105
+ − 106
/**
+ − 107
* Writes page data to the database, after verifying permissions and running the XSS filter
+ − 108
* @param $page_id the page ID
+ − 109
* @param $namespace the namespace
+ − 110
* @param $message the text to save
+ − 111
* @return string
+ − 112
*/
+ − 113
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 114
public static function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
1
+ − 115
{
+ − 116
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 117
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 118
$page = new PageProcessor($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 119
$cdata = $page->ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 120
return $page->update_page($message, $summary, $minor, $cdata['page_format']);
1
+ − 121
}
+ − 122
+ − 123
/**
+ − 124
* Creates a page, both in memory and in the database.
+ − 125
* @param string $page_id
+ − 126
* @param string $namespace
+ − 127
* @return bool true on success, false on failure
+ − 128
*/
+ − 129
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 130
public static function createPage($page_id, $namespace, $name = false, $visible = 1)
1
+ − 131
{
+ − 132
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 133
if(in_array($namespace, Array('Special', 'Admin')))
+ − 134
{
+ − 135
// echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136
return 'You can\'t create a special page in the database';
1
+ − 137
}
+ − 138
+ − 139
if(!isset($paths->nslist[$namespace]))
+ − 140
{
+ − 141
// echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 142
return 'Couldn\'t look up the namespace';
1
+ − 143
}
+ − 144
+ − 145
$pname = $paths->nslist[$namespace] . $page_id;
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 146
if(isPage($pname))
1
+ − 147
{
+ − 148
// echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 149
return 'Page already exists';
1
+ − 150
}
+ − 151
+ − 152
if(!$session->get_permissions('create_page'))
+ − 153
{
+ − 154
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 155
return 'Not authorized to create pages';
1
+ − 156
}
+ − 157
+ − 158
if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
+ − 159
{
+ − 160
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 161
return 'Not authorized to create system messages';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 162
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 163
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 164
if ( substr($page_id, 0, 8) == 'Project:' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 165
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 166
// echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 167
return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
1
+ − 168
}
+ − 169
361
+ − 170
/*
+ − 171
// Dunno why this was here. Enano can handle more flexible names than this...
1
+ − 172
$regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
320
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 173
if(!preg_match($regex, $name))
1
+ − 174
{
+ − 175
//echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 176
return 'Name contains invalid characters';
1
+ − 177
}
361
+ − 178
*/
+ − 179
+ − 180
$page_id = dirtify_page_id($page_id);
+ − 181
+ − 182
if ( !$name )
+ − 183
$name = str_replace('_', ' ', $page_id);
1
+ − 184
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 185
$page_id = sanitize_page_id( $page_id );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 186
1
+ − 187
$prot = ( $namespace == 'System' ) ? 1 : 0;
+ − 188
112
+ − 189
$ips = array(
+ − 190
'ip' => array(),
+ − 191
'u' => array()
+ − 192
);
+ − 193
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 194
$page_data = Array(
1
+ − 195
'name'=>$name,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 196
'urlname'=>$page_id,
1
+ − 197
'namespace'=>$namespace,
112
+ − 198
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 199
);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 200
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 201
// die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
+ − 202
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 203
$paths->add_page($page_data);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 204
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 205
$qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 206
$qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 207
$qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,author_uid,page_id,namespace) VALUES('.time().', \'DEPRECATED\', \'page\', \'create\', \'' . $session->username . '\', ' . $session->user_id . ', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1
+ − 208
+ − 209
if($qa && $qb && $qc)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 210
return 'good';
1
+ − 211
else
+ − 212
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 213
return $db->get_error();
1
+ − 214
}
+ − 215
}
+ − 216
+ − 217
/**
+ − 218
* Sets the protection level on a page.
+ − 219
* @param $page_id string the page ID
+ − 220
* @param $namespace string the namespace
+ − 221
* @param $level int level of protection - 0 is off, 1 is full, 2 is semi
+ − 222
* @param $reason string why the page is being (un)protected
+ − 223
* @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
+ − 224
*/
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 225
public static function protect($page_id, $namespace, $level, $reason)
1
+ − 226
{
+ − 227
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 228
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 229
$page = new PageProcessor($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 230
return $page->protect_page($level, $reason);
1
+ − 231
}
+ − 232
+ − 233
/**
+ − 234
* Generates an HTML table with history information in it.
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 235
* @param string the page ID
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 236
* @param string the namespace
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 237
* @param string page password
1
+ − 238
* @return string
+ − 239
*/
+ − 240
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 241
public static function histlist($page_id, $namespace, $password = false)
1
+ − 242
{
+ − 243
global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 244
global $lang;
1
+ − 245
+ − 246
if(!$session->get_permissions('history_view'))
+ − 247
return 'Access denied';
+ − 248
+ − 249
ob_start();
+ − 250
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 251
$pname = $paths->get_pathskey($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 252
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 253
$cdata = $ns->get_cdata();
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 254
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 255
if ( !isPage($pname) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 256
{
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 257
return 'DNE';
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 258
}
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 259
1121
+ − 260
if ( isPage($pname) )
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 261
{
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 262
$password_exists = ( !empty($cdata['password']) && $cdata['password'] !== sha1('') );
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 263
if ( $password_exists && $password !== $cdata['password'] )
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 264
{
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 265
return '<p>' . $lang->get('history_err_wrong_password') . '</p>';
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 266
}
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 267
}
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 268
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 269
$wiki = ( ( $cdata['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $cdata['wiki_mode'] == 1) ? true : false;
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 270
$prot = ( ( $cdata['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $cdata['protected'] == 1) ? true : false;
1
+ − 271
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 272
$q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,author_uid,u.username,edit_summary,minor_edit FROM ' . table_prefix . "logs AS l\n"
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 273
. " LEFT JOIN " . table_prefix . "users AS u\n"
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 274
. " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 275
. " WHERE log_type='page' AND action='edit' AND page_id='$page_id' AND namespace='$namespace' AND is_draft != 1 ORDER BY time_id DESC;";
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 276
980
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 277
if ( !($q = $db->sql_query($q)) )
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 278
$db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 279
213
+ − 280
echo $lang->get('history_page_subtitle') . '
+ − 281
<h3>' . $lang->get('history_heading_edits') . '</h3>';
1
+ − 282
$numrows = $db->numrows();
213
+ − 283
if ( $numrows < 1 )
+ − 284
{
+ − 285
echo $lang->get('history_no_entries');
+ − 286
}
1
+ − 287
else
+ − 288
{
+ − 289
echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
213
+ − 290
<input type="submit" value="' . $lang->get('history_btn_compare') . '" />
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 291
' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 292
' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 293
<input type="hidden" name="do" value="diff" />
1
+ − 294
<br /><span> </span>
+ − 295
<div class="tblholder">
+ − 296
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 297
<tr>
213
+ − 298
<th colspan="2">' . $lang->get('history_col_diff') . '</th>
+ − 299
<th>' . $lang->get('history_col_datetime') . '</th>
+ − 300
<th>' . $lang->get('history_col_user') . '</th>
+ − 301
<th>' . $lang->get('history_col_summary') . '</th>
+ − 302
<th>' . $lang->get('history_col_minor') . '</th>
+ − 303
<th colspan="3">' . $lang->get('history_col_actions') . '</th>
1
+ − 304
</tr>'."\n"."\n";
+ − 305
$cls = 'row2';
+ − 306
$ticker = 0;
+ − 307
980
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 308
while ( $r = $db->fetchrow($q) )
213
+ − 309
{
1
+ − 310
+ − 311
$ticker++;
+ − 312
+ − 313
if($cls == 'row2') $cls = 'row1';
+ − 314
else $cls = 'row2';
+ − 315
+ − 316
echo '<tr>'."\n";
+ − 317
+ − 318
// Diff selection
+ − 319
if($ticker == 1)
+ − 320
{
+ − 321
$s1 = '';
+ − 322
$s2 = 'checked="checked" ';
+ − 323
}
+ − 324
elseif($ticker == 2)
+ − 325
{
+ − 326
$s1 = 'checked="checked" ';
+ − 327
$s2 = '';
+ − 328
}
+ − 329
else
+ − 330
{
+ − 331
$s1 = '';
+ − 332
$s2 = '';
+ − 333
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 334
if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 335
if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
1
+ − 336
+ − 337
// Date and time
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 338
echo '<td class="' . $cls . '" style="white-space: nowrap;">' . enano_date(ED_DATE | ED_TIME, intval($r['time_id'])) . '</td class="' . $cls . '">'."\n";
1
+ − 339
+ − 340
// User
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 341
$real_username = $r['author_uid'] > 1 && !empty($r['username']) ? $r['username'] : $r['author'];
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 342
$rank_info = $session->get_user_rank($r['author_uid']);
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 343
if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) && $r['author_uid'] == 1 )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 344
{
213
+ − 345
$rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 346
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 347
else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 348
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 349
$rc = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 350
}
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 351
echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($real_username)).'" ';
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 352
if ( !isPage($paths->nslist['User'] . sanitize_page_id($real_username)) )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 353
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 354
echo 'class="wikilink-nonexistent"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 355
}
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 356
echo 'style="' . $rank_info['rank_style'] . '">' . htmlspecialchars($real_username) . '</a></td class="' . $cls . '">'."\n";
1
+ − 357
+ − 358
// Edit summary
213
+ − 359
if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' )
+ − 360
{
+ − 361
$r['edit_summary'] = $lang->get('history_summary_clearlogs');
+ − 362
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 363
echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
1
+ − 364
+ − 365
// Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 366
echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
1
+ − 367
+ − 368
// Actions!
468
+ − 369
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['log_id']) . '" onclick="ajaxHistView(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_view') . '</a></td>'."\n";
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 370
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>'."\n";
468
+ − 371
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=edit&revid=' . $r['log_id']) . '" onclick="ajaxEditor(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_restore') . '</a></td>'."\n";
1
+ − 372
+ − 373
echo '</tr>'."\n"."\n";
+ − 374
+ − 375
}
+ − 376
echo '</table>
+ − 377
</div>
+ − 378
<br />
+ − 379
<input type="hidden" name="do" value="diff" />
213
+ − 380
<input type="submit" value="' . $lang->get('history_btn_compare') . '" />
1
+ − 381
</form>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 382
<script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
+ − 383
}
+ − 384
$db->free_result();
213
+ − 385
echo '<h3>' . $lang->get('history_heading_other') . '</h3>';
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 386
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 387
$sql = 'SELECT log_id,action,time_id,date_string,page_id,namespace,author,author_uid,u.username,edit_summary,minor_edit FROM ' . table_prefix . "logs AS l\n"
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 388
. " LEFT JOIN " . table_prefix . "users AS u\n"
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 389
. " ON ( u.user_id = l.author_uid OR u.user_id IS NULL )\n"
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 390
. " WHERE log_type='page' AND action!='edit' AND page_id='$page_id' AND namespace='$namespace' AND is_draft != 1 ORDER BY time_id DESC;";
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 391
1037
+ − 392
if ( !( $q = $db->sql_query($sql)) )
213
+ − 393
{
+ − 394
$db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.');
+ − 395
}
+ − 396
if ( $db->numrows() < 1 )
+ − 397
{
+ − 398
echo $lang->get('history_no_entries');
+ − 399
}
+ − 400
else
+ − 401
{
1
+ − 402
213
+ − 403
echo '<div class="tblholder">
+ − 404
<table border="0" width="100%" cellspacing="1" cellpadding="4"><tr>
+ − 405
<th>' . $lang->get('history_col_datetime') . '</th>
+ − 406
<th>' . $lang->get('history_col_user') . '</th>
+ − 407
<th>' . $lang->get('history_col_minor') . '</th>
+ − 408
<th>' . $lang->get('history_col_action_taken') . '</th>
+ − 409
<th>' . $lang->get('history_col_extra') . '</th>
+ − 410
<th colspan="2"></th>
+ − 411
</tr>';
1
+ − 412
$cls = 'row2';
1037
+ − 413
while($r = $db->fetchrow($q)) {
1
+ − 414
+ − 415
if($cls == 'row2') $cls = 'row1';
+ − 416
else $cls = 'row2';
+ − 417
+ − 418
echo '<tr>';
+ − 419
+ − 420
// Date and time
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 421
echo '<td class="' . $cls . '">' . enano_date(ED_DATE | ED_TIME, intval($r['time_id'])) . '</td class="' . $cls . '">';
1
+ − 422
+ − 423
// User
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 424
$real_username = $r['author_uid'] > 1 && !empty($r['username']) ? $r['username'] : $r['author'];
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 425
$rank_info = $session->get_user_rank($r['author_uid']);
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 426
if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) && $r['author_uid'] == 1 )
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 427
{
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 428
$rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 429
}
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 430
else
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 431
{
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 432
$rc = '';
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 433
}
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 434
echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($real_username)).'" ';
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 435
if ( !isPage($paths->nslist['User'] . sanitize_page_id($real_username)) )
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 436
{
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 437
echo 'class="wikilink-nonexistent"';
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 438
}
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 439
echo 'style="' . $rank_info['rank_style'] . '">' . htmlspecialchars($real_username) . '</a></td class="' . $cls . '">'."\n";
1
+ − 440
+ − 441
+ − 442
// Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 443
echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
1
+ − 444
+ − 445
// Action taken
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 446
echo '<td class="' . $cls . '">';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 447
// Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
468
+ − 448
if ($r['action']=='prot') echo $lang->get('history_log_protect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
+ − 449
elseif($r['action']=='unprot') echo $lang->get('history_log_unprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
+ − 450
elseif($r['action']=='semiprot') echo $lang->get('history_log_semiprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
213
+ − 451
elseif($r['action']=='rename') echo $lang->get('history_log_rename') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' '.htmlspecialchars($r['edit_summary']);
+ − 452
elseif($r['action']=='create') echo $lang->get('history_log_create') . '</td><td class="' . $cls . '">';
+ − 453
elseif($r['action']=='delete') echo $lang->get('history_log_delete') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
481
+ − 454
elseif($r['action']=='reupload') echo $lang->get('history_log_uploadnew') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__ROLLBACK__' ? $lang->get('history_extra_upload_reversion') : htmlspecialchars($r['edit_summary']) );
913
+ − 455
elseif($r['action']=='votereset')echo $lang->get('history_log_votereset') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_numvotes') . ' ' . $r['edit_summary'];
1
+ − 456
echo '</td>';
+ − 457
+ − 458
// Actions!
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 459
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>';
468
+ − 460
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['log_id']) . '" onclick="ajaxRollback(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_revert') . '</a></td>';
1
+ − 461
+ − 462
echo '</tr>';
+ − 463
}
+ − 464
echo '</table></div>';
+ − 465
}
+ − 466
$db->free_result();
+ − 467
$ret = ob_get_contents();
+ − 468
ob_end_clean();
+ − 469
return $ret;
+ − 470
}
+ − 471
+ − 472
/**
+ − 473
* Rolls back a logged action
+ − 474
* @param $id the time ID, a.k.a. the primary key in the logs table
+ − 475
* @return string
+ − 476
*/
+ − 477
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 478
public static function rollback($id)
1
+ − 479
{
+ − 480
global $db, $session, $paths, $template, $plugins; // Common objects
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 481
global $lang;
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 482
481
+ − 483
// placeholder
+ − 484
return 'PageUtils->rollback() is deprecated - use PageProcessor instead.';
1
+ − 485
}
+ − 486
+ − 487
/**
+ − 488
* Posts a comment.
+ − 489
* @param $page_id the page ID
+ − 490
* @param $namespace the namespace
+ − 491
* @param $name the name of the person posting, defaults to current username/IP
+ − 492
* @param $subject the subject line of the comment
+ − 493
* @param $text the comment text
+ − 494
* @return string javascript code
+ − 495
*/
+ − 496
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 497
public static function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
1
+ − 498
{
+ − 499
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 500
$_ob = '';
+ − 501
if(!$session->get_permissions('post_comments'))
+ − 502
return 'Access denied';
+ − 503
if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
+ − 504
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 505
{
+ − 506
if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
+ − 507
$result = $session->get_captcha($captcha_id);
456
+ − 508
if(strtolower($captcha_code) != strtolower($result)) _die('The confirmation code you entered was incorrect.');
1
+ − 509
}
+ − 510
$text = RenderMan::preprocess_text($text);
+ − 511
$name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
+ − 512
$subj = RenderMan::preprocess_text($subject);
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 513
if(getConfig('approve_comments', '0')=='1') $appr = '0'; else $appr = '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 514
$q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
1
+ − 515
$e = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 516
if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'))');
1
+ − 517
else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
+ − 518
return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
+ − 519
}
+ − 520
+ − 521
/**
+ − 522
* Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
+ − 523
* @param $page_id the page ID
+ − 524
* @param $namespace the namespace
+ − 525
* @param $action administrative action to perform, default is false
+ − 526
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 527
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 528
* @return array
+ − 529
* @access private
+ − 530
*/
+ − 531
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 532
public static function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
1
+ − 533
{
+ − 534
global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 535
global $lang;
1
+ − 536
+ − 537
$pname = $paths->nslist[$namespace] . $page_id;
1016
6d32d80b2192
Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
diff
changeset
+ − 538
$template->init_vars();
1
+ − 539
+ − 540
ob_start();
+ − 541
+ − 542
if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
+ − 543
{
+ − 544
switch($action) {
+ − 545
case "delete":
+ − 546
if(isset($flags['id']))
+ − 547
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 548
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
1
+ − 549
} else {
+ − 550
$n = $db->escape($flags['name']);
+ − 551
$s = $db->escape($flags['subj']);
+ − 552
$t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 553
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 554
}
+ − 555
$e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 556
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 557
break;
+ − 558
case "approve":
+ − 559
if(isset($flags['id']))
+ − 560
{
+ − 561
$where = 'comment_id='.intval($flags['id']);
+ − 562
} else {
+ − 563
$n = $db->escape($flags['name']);
+ − 564
$s = $db->escape($flags['subj']);
+ − 565
$t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 566
$where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
1
+ − 567
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 568
$q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
1
+ − 569
$e = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 570
if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 571
$r = $db->fetchrow();
+ − 572
$db->free_result();
+ − 573
$a = ( $r['approved'] ) ? '0' : '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 574
$q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
1
+ − 575
$e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 576
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
213
+ − 577
if($a=='1') $v = $lang->get('comment_btn_mod_unapprove');
+ − 578
else $v = $lang->get('comment_btn_mod_approve');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 579
echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
1
+ − 580
break;
+ − 581
}
+ − 582
}
+ − 583
+ − 584
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 585
{
+ − 586
$template->load_theme($session->theme, $session->style);
+ − 587
}
+ − 588
+ − 589
$tpl = $template->makeParser('comment.tpl');
+ − 590
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 591
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
1
+ − 592
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 593
$num_unapp = $db->numrows();
+ − 594
$db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 595
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
1
+ − 596
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 597
$num_app = $db->numrows();
+ − 598
$db->free_result();
621
+ − 599
$lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,c.ip_address,u.user_level,u.email,u.signature,u.user_has_avatar,u.avatar_type
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 600
FROM ' . table_prefix.'comments AS c
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 601
LEFT JOIN ' . table_prefix.'users AS u
1
+ − 602
ON c.user_id=u.user_id
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 603
WHERE page_id=\'' . $page_id . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 604
AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 605
if(!$lq) _die('The comment text data could not be selected. '.$db->get_error());
213
+ − 606
$_ob .= '<h3>' . $lang->get('comment_heading') . '</h3>';
+ − 607
1
+ − 608
$n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
213
+ − 609
+ − 610
$subst = array(
+ − 611
'num_comments' => $n,
226
0e6478521004
Fixed the one FIXME in PageUtils regarding static HTML comment system's greeting line; fixed parsing of external links in template->tplWikiFormat
Dan
diff
changeset
+ − 612
'page_type' => $template->namespace_string
213
+ − 613
);
+ − 614
+ − 615
$_ob .= '<p>';
+ − 616
$_ob .= ( $n == 0 ) ? $lang->get('comment_msg_count_zero', $subst) : ( $n == 1 ? $lang->get('comment_msg_count_one', $subst) : $lang->get('comment_msg_count_plural', $subst) );
+ − 617
+ − 618
if ( $session->get_permissions('mod_comments') && $num_unapp > 0 )
1
+ − 619
{
213
+ − 620
$_ob .= ' <span style="color: #D84308">' . $lang->get('comment_msg_count_unapp_mod', array( 'num_unapp' => $num_unapp )) . '</span>';
+ − 621
}
+ − 622
else if ( !$session->get_permissions('mod_comments') && $num_unapp > 0 )
+ − 623
{
+ − 624
$ls = ( $num_unapp == 1 ) ? 'comment_msg_count_unapp_one' : 'comment_msg_count_unapp_plural';
+ − 625
$_ob .= ' <span>' . $lang->get($ls, array( 'num_unapp' => $num_unapp )) . '</span>';
+ − 626
}
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 627
$_ob .= '</p>';
1
+ − 628
$list = 'list = { ';
+ − 629
// _die(htmlspecialchars($ttext));
+ − 630
$i = -1;
213
+ − 631
while ( $row = $db->fetchrow($lq) )
1
+ − 632
{
+ − 633
$i++;
+ − 634
$strings = Array();
+ − 635
$bool = Array();
825
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 636
if ( $session->get_permissions('mod_comments') || $row['approved'] == COMMENT_APPROVED )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 637
{
1
+ − 638
$list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
+ − 639
+ − 640
// Comment ID (used in the Javascript apps)
+ − 641
$strings['ID'] = (string)$i;
+ − 642
+ − 643
// Determine the name, and whether to link to the user page or not
+ − 644
$name = '';
304
+ − 645
if($row['user_id'] > 1) $name .= '<a href="'.makeUrlNS('User', sanitize_page_id(' ', '_', $row['name'])).'">';
1
+ − 646
$name .= $row['name'];
213
+ − 647
if($row['user_id'] > 1) $name .= '</a>';
1
+ − 648
$strings['NAME'] = $name; unset($name);
+ − 649
+ − 650
// Subject
+ − 651
$s = $row['subject'];
213
+ − 652
if(!$row['approved']) $s .= ' <span style="color: #D84308">' . $lang->get('comment_msg_note_unapp') . '</span>';
1
+ − 653
$strings['SUBJECT'] = $s;
+ − 654
+ − 655
// Date and time
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 656
$strings['DATETIME'] = enano_date(ED_DATE | ED_TIME, $row['time']);
1
+ − 657
+ − 658
// User level
+ − 659
switch($row['user_level'])
+ − 660
{
+ − 661
default:
+ − 662
case USER_LEVEL_GUEST:
213
+ − 663
$l = $lang->get('user_type_guest');
1
+ − 664
break;
+ − 665
case USER_LEVEL_MEMBER:
213
+ − 666
case USER_LEVEL_CHPREF:
+ − 667
$l = $lang->get('user_type_member');
1
+ − 668
break;
+ − 669
case USER_LEVEL_MOD:
213
+ − 670
$l = $lang->get('user_type_mod');
1
+ − 671
break;
+ − 672
case USER_LEVEL_ADMIN:
213
+ − 673
$l = $lang->get('user_type_admin');
1
+ − 674
break;
+ − 675
}
+ − 676
$strings['USER_LEVEL'] = $l; unset($l);
+ − 677
+ − 678
// The actual comment data
+ − 679
$strings['DATA'] = RenderMan::render($row['comment_data']);
+ − 680
+ − 681
if($session->get_permissions('edit_comments'))
+ − 682
{
+ − 683
// Edit link
213
+ − 684
$strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">' . $lang->get('comment_btn_edit') . '</a>';
1
+ − 685
+ − 686
// Delete link
213
+ − 687
$strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_delete') . '</a>';
1
+ − 688
}
+ − 689
else
+ − 690
{
+ − 691
// Edit link
+ − 692
$strings['EDIT_LINK'] = '';
+ − 693
+ − 694
// Delete link
+ − 695
$strings['DELETE_LINK'] = '';
+ − 696
}
+ − 697
+ − 698
// Send PM link
213
+ − 699
$strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">' . $lang->get('comment_btn_send_privmsg') . '</a><br />' : '';
1
+ − 700
+ − 701
// Add Buddy link
213
+ − 702
$strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">' . $lang->get('comment_btn_add_buddy') . '</a>' : '';
1
+ − 703
+ − 704
// Mod links
+ − 705
$applink = '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 706
$applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
213
+ − 707
if($row['approved']) $applink .= $lang->get('comment_btn_mod_unapprove');
+ − 708
else $applink .= $lang->get('comment_btn_mod_approve');
1
+ − 709
$applink .= '</a>';
+ − 710
$strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
213
+ − 711
$strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_mod_delete') . '</a>';
360
+ − 712
$strings['MOD_IP_LINK'] = '<span style="opacity: 0.5; filter: alpha(opacity=50);">' . ( ( empty($row['ip_address']) ) ? $lang->get('comment_btn_mod_ip_missing') : $lang->get('comment_btn_mod_ip_notimplemented') ) . '</span>';
1
+ − 713
+ − 714
// Signature
+ − 715
$strings['SIGNATURE'] = '';
+ − 716
if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
+ − 717
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 718
// Avatar
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 719
if ( $row['user_has_avatar'] == 1 )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 720
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 721
$bool['user_has_avatar'] = true;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 722
$strings['AVATAR_ALT'] = $lang->get('usercp_avatar_image_alt', array('username' => $row['name']));
621
+ − 723
$strings['AVATAR_URL'] = make_avatar_url(intval($row['user_id']), $row['avatar_type'], $row['email']);
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 724
$strings['USERPAGE_LINK'] = makeUrlNS('User', $row['name']);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 725
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 726
1
+ − 727
$bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
+ − 728
$bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
+ − 729
$bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
+ − 730
+ − 731
// Done processing and compiling, now let's cook it into HTML
+ − 732
$tpl->assign_vars($strings);
+ − 733
$tpl->assign_bool($bool);
+ − 734
$_ob .= $tpl->run();
+ − 735
}
+ − 736
}
+ − 737
if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
+ − 738
{
213
+ − 739
if($session->get_permissions('post_comments'))
1
+ − 740
{
213
+ − 741
$_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3>';
+ − 742
$_ob .= $lang->get('comment_postform_blurb');
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 743
if(getConfig('approve_comments', '0')=='1') $_ob .= ' ' . $lang->get('comment_postform_blurb_unapp');
213
+ − 744
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 745
{
+ − 746
$_ob .= ' ' . $lang->get('comment_postform_blurb_captcha');
+ − 747
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 748
$sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
213
+ − 749
$_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">' . $lang->get('comment_postform_blurb_link') . '</a>
1
+ − 750
<div id="mdgCommentForm">
+ − 751
<form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
+ − 752
<table border="0">
213
+ − 753
<tr><td>' . $lang->get('comment_postform_field_name') . '</td><td>' . $sn . '</td></tr>
+ − 754
<tr><td>' . $lang->get('comment_postform_field_subject') . '</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
1
+ − 755
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 756
{
+ − 757
$session->kill_captcha();
+ − 758
$captcha = $session->make_captcha();
213
+ − 759
$_ob .= '<tr><td>' . $lang->get('comment_postform_field_captcha_title') . '<br /><small>' . $lang->get('comment_postform_field_captcha_blurb') . '</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />' . $lang->get('comment_postform_field_captcha_label') . ' <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("' . $lang->get('comment_postform_field_captcha_cantread_js') . '");</script><noscript>' . $lang->get('comment_postform_field_captcha_cantread_nojs') . '</noscript></small></td></tr>';
1
+ − 760
}
+ − 761
$_ob .= '
213
+ − 762
<tr><td valign="top">' . $lang->get('comment_postform_field_comment') . '</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ − 763
<tr><td colspan="2" style="text-align: center;"><input type="submit" value="' . $lang->get('comment_postform_btn_submit') . '" /></td></tr>
1
+ − 764
</table>
+ − 765
</form>
+ − 766
</div>';
+ − 767
}
+ − 768
} else {
1016
6d32d80b2192
Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
diff
changeset
+ − 769
// FIXME: l10n
6d32d80b2192
Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
diff
changeset
+ − 770
$_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
1
+ − 771
}
+ − 772
$list .= '};';
+ − 773
echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
+ − 774
' . $list;
+ − 775
echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
+ − 776
+ − 777
$ret = ob_get_contents();
+ − 778
ob_end_clean();
+ − 779
return Array($ret, $_ob);
+ − 780
+ − 781
}
+ − 782
+ − 783
/**
+ − 784
* Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
+ − 785
* @param $page_id the page ID
+ − 786
* @param $namespace the namespace
+ − 787
* @param $action administrative action to perform, default is false
+ − 788
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 789
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 790
* @return string
+ − 791
*/
+ − 792
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 793
public static function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
1
+ − 794
{
+ − 795
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 796
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 797
return $r[0];
+ − 798
}
+ − 799
+ − 800
/**
+ − 801
* Generates HTML code for comments - used in browser compatibility mode
+ − 802
* @param $page_id the page ID
+ − 803
* @param $namespace the namespace
+ − 804
* @param $action administrative action to perform, default is false
+ − 805
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 806
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 807
* @return string
+ − 808
*/
+ − 809
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 810
public static function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
1
+ − 811
{
+ − 812
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 813
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 814
return $r[1];
+ − 815
}
+ − 816
+ − 817
/**
+ − 818
* Updates comment data.
+ − 819
* @param $page_id the page ID
+ − 820
* @param $namespace the namespace
+ − 821
* @param $subject new subject
+ − 822
* @param $text new text
+ − 823
* @param $old_subject the old subject, unprocessed and identical to the value in the DB
+ − 824
* @param $old_text the old text, unprocessed and identical to the value in the DB
+ − 825
* @param $id the javascript list ID, used internally by the client-side app
+ − 826
* @return string
+ − 827
*/
+ − 828
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 829
public static function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
1
+ − 830
{
+ − 831
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 832
if(!$session->get_permissions('edit_comments'))
+ − 833
return 'result="BAD";error="Access denied"';
+ − 834
// Avoid SQL injection
+ − 835
$old_text = $db->escape($old_text);
+ − 836
$old_subject = $db->escape($old_subject);
+ − 837
// Safety check - username/login
+ − 838
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 839
{
+ − 840
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 841
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 842
$s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 843
if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 844
$r = $db->fetchrow($s);
+ − 845
$db->free_result();
+ − 846
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 847
}
+ − 848
$s = RenderMan::preprocess_text($subject);
+ − 849
$t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 850
$sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 851
$result = $db->sql_query($sql);
+ − 852
if($result)
+ − 853
{
+ − 854
return 'result="GOOD";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 855
list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 856
list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
1
+ − 857
s = unescape(\''.rawurlencode($s).'\');
+ − 858
t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
+ − 859
}
+ − 860
else
+ − 861
{
+ − 862
return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
+ − 863
Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 864
' . $sql . '
1
+ − 865
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 866
Error returned by MySQL: '.$db->get_error()).'");';
1
+ − 867
}
+ − 868
}
+ − 869
+ − 870
/**
+ − 871
* Updates comment data using the comment_id column instead of the old, messy way
+ − 872
* @param $page_id the page ID
+ − 873
* @param $namespace the namespace
+ − 874
* @param $subject new subject
+ − 875
* @param $text new text
+ − 876
* @param $id the comment ID (primary key in enano_comments table)
+ − 877
* @return string
+ − 878
*/
+ − 879
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 880
public static function savecomment_neater($page_id, $namespace, $subject, $text, $id)
1
+ − 881
{
+ − 882
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 883
if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
+ − 884
if(!$session->get_permissions('edit_comments'))
+ − 885
return 'Access denied';
+ − 886
// Safety check - username/login
+ − 887
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 888
{
+ − 889
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 890
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 891
$s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 892
if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 893
$r = $db->fetchrow($s);
+ − 894
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 895
$db->free_result();
+ − 896
}
+ − 897
$s = RenderMan::preprocess_text($subject);
+ − 898
$t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 899
$sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 900
$result = $db->sql_query($sql);
+ − 901
if($result)
+ − 902
return 'good';
+ − 903
else return 'Enano encountered a problem whilst saving the comment.
+ − 904
Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 905
' . $sql . '
1
+ − 906
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 907
Error returned by MySQL: '.$db->get_error();
1
+ − 908
}
+ − 909
+ − 910
/**
+ − 911
* Deletes a comment.
+ − 912
* @param $page_id the page ID
+ − 913
* @param $namespace the namespace
+ − 914
* @param $name the name the user posted under
+ − 915
* @param $subj the subject of the comment to be deleted
+ − 916
* @param $text the text of the comment to be deleted
+ − 917
* @param $id the javascript list ID, used internally by the client-side app
+ − 918
* @return string
+ − 919
*/
+ − 920
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 921
public static function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
1
+ − 922
{
+ − 923
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 924
+ − 925
if(!$session->get_permissions('edit_comments'))
+ − 926
return 'alert("Access to delete/edit comments is denied");';
+ − 927
+ − 928
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 929
$n = $db->escape($name);
+ − 930
$s = $db->escape($subj);
+ − 931
$t = $db->escape($text);
+ − 932
+ − 933
// Safety check - username/login
+ − 934
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 935
{
+ − 936
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 937
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 938
$s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 939
if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 940
$r = $db->fetchrow($s);
+ − 941
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 942
$db->free_result();
+ − 943
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 944
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 945
$e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 946
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 947
return('good');
+ − 948
}
+ − 949
+ − 950
/**
+ − 951
* Deletes a comment in a cleaner fashion.
+ − 952
* @param $page_id the page ID
+ − 953
* @param $namespace the namespace
+ − 954
* @param $id the comment ID (primary key)
+ − 955
* @return string
+ − 956
*/
+ − 957
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 958
public static function deletecomment_neater($page_id, $namespace, $id)
1
+ − 959
{
+ − 960
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 961
+ − 962
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 963
+ − 964
if(!$session->get_permissions('edit_comments'))
+ − 965
return 'alert("Access to delete/edit comments is denied");';
+ − 966
+ − 967
// Safety check - username/login
+ − 968
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 969
{
+ − 970
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 971
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 972
$s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 973
if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 974
$r = $db->fetchrow($s);
+ − 975
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 976
$db->free_result();
+ − 977
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 978
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
1
+ − 979
$e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 980
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 981
return('good');
+ − 982
}
+ − 983
+ − 984
/**
+ − 985
* Renames a page.
+ − 986
* @param $page_id the page ID
+ − 987
* @param $namespace the namespace
+ − 988
* @param $name the new name for the page
+ − 989
* @return string error string or success message
+ − 990
*/
+ − 991
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 992
public static function rename($page_id, $namespace, $name)
1
+ − 993
{
+ − 994
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 995
global $lang;
1
+ − 996
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 997
$page = new PageProcessor($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 998
return $page->rename_page($name);
1
+ − 999
}
+ − 1000
+ − 1001
/**
+ − 1002
* Flushes (clears) the action logs for a given page
+ − 1003
* @param $page_id the page ID
+ − 1004
* @param $namespace the namespace
+ − 1005
* @return string error/success string
+ − 1006
*/
+ − 1007
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1008
public static function flushlogs($page_id, $namespace)
1
+ − 1009
{
+ − 1010
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1011
global $lang;
240
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 1012
if ( !is_object($lang) && defined('IN_ENANO_INSTALL') )
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 1013
{
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 1014
// This is a special exception for the Enano installer, which doesn't init languages yet.
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 1015
$lang = new Language('eng');
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 1016
}
351
+ − 1017
if(!$session->get_permissions('clear_logs') && !defined('IN_ENANO_INSTALL'))
214
+ − 1018
{
+ − 1019
return $lang->get('etc_access_denied');
+ − 1020
}
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1021
if ( !$session->sid_super )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1022
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1023
return $lang->get('etc_access_denied_need_reauth');
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1024
}
1114
+ − 1025
+ − 1026
$page_id_db = $db->escape($page_id);
+ − 1027
$namespace_db = $db->escape($namespace);
+ − 1028
+ − 1029
// If we're flushing a file, also clear all revisions before the current
+ − 1030
if ( $namespace == 'File' )
+ − 1031
{
+ − 1032
$q = $db->sql_query('SELECT file_id FROM ' . table_prefix . "files WHERE page_id='$page_id_db' ORDER BY time_id DESC;");
+ − 1033
if ( !$q )
+ − 1034
$db->_die();
+ − 1035
// discard first row (current revision)
+ − 1036
$db->fetchrow();
+ − 1037
$id_list = array();
+ − 1038
while ( $row = $db->fetchrow() )
+ − 1039
$id_list[] = $row['file_id'];
+ − 1040
+ − 1041
require_once(ENANO_ROOT . '/includes/namespaces/file.php');
+ − 1042
+ − 1043
// clear out each file
+ − 1044
foreach ( $id_list as $id )
+ − 1045
Namespace_File::delete_file($id);
+ − 1046
}
+ − 1047
+ − 1048
$q = $db->sql_query('DELETE FROM ' . table_prefix . "logs WHERE page_id='$page_id_db' AND namespace='$namespace';");
+ − 1049
if ( !$q )
+ − 1050
$db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1051
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1052
// If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1053
// If not, the admin's probably deleting a trash page
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1054
if ( isPage($paths->get_pathskey($page_id, $namespace)) )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1055
{
1114
+ − 1056
$q = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix . "page_text WHERE page_id='$page_id_db' AND namespace='$namespace_db';");
+ − 1057
if ( !$q )
+ − 1058
$db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1059
$row = $db->fetchrow();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1060
$db->free_result();
320
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 1061
$minor_edit = ( ENANO_DBLAYER == 'MYSQL' ) ? 'false' : '0';
1114
+ − 1062
$username = $db->escape($session->username);
1216
+ − 1063
$q = 'INSERT INTO ' . table_prefix . "logs ( log_type, action, time_id, date_string, page_id, namespace, page_text, char_tag, author, author_uid, edit_summary, minor_edit ) VALUES\n"
+ − 1064
. " ('page', 'edit', " . time() . ", 'DEPRECATED', '$page_id', '$namespace', '" . $db->escape($row['page_text']) . "', '', '{$username}', $session->user_id, '" . $lang->get('page_flushlogs_backup_summary') . "', $minor_edit);";
1114
+ − 1065
if ( !$db->sql_query($q) )
+ − 1066
$db->_die('The history (log) entry could not be inserted into the logs table.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1067
}
1114
+ − 1068
214
+ − 1069
return $lang->get('ajax_clearlogs_success');
1
+ − 1070
}
+ − 1071
+ − 1072
/**
+ − 1073
* Deletes a page.
28
+ − 1074
* @param string $page_id the condemned page ID
+ − 1075
* @param string $namespace the condemned namespace
+ − 1076
* @param string The reason for deleting the page in question
1
+ − 1077
* @return string
+ − 1078
*/
+ − 1079
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1080
public static function deletepage($page_id, $namespace, $reason)
1
+ − 1081
{
+ − 1082
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1083
global $lang;
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1084
global $cache;
1
+ − 1085
$perms = $session->fetch_page_acl($page_id, $namespace);
28
+ − 1086
$x = trim($reason);
+ − 1087
if ( empty($x) )
+ − 1088
{
214
+ − 1089
return $lang->get('ajax_delete_need_reason');
28
+ − 1090
}
+ − 1091
if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1092
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1093
if ( !$session->sid_super )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1094
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1095
return $lang->get('etc_access_denied_need_reauth');
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1096
}
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1097
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 1098
$e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,author_uid,edit_summary) VALUES('.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', ' . $session->user_id . ', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
+ − 1099
if(!$e) $db->_die('The page log entry could not be inserted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1100
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1101
if(!$e) $db->_die('The page categorization entries could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1102
$e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1103
if(!$e) $db->_die('The page comments could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1104
$e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1105
if(!$e) $db->_die('The page text entry could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1106
$e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1107
if(!$e) $db->_die('The page entry could not be deleted.');
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1108
if ( $namespace == 'File' )
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1109
{
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1110
$e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1111
if(!$e) $db->_die('The file entry could not be deleted.');
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1112
}
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1113
$cache->purge('page_meta');
214
+ − 1114
return $lang->get('ajax_delete_success');
1
+ − 1115
}
+ − 1116
+ − 1117
/**
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1118
* Deletes files associated with a File page.
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1119
* @param string Page ID
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1120
*/
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1121
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1122
public static function delete_page_files($page_id)
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1123
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1124
global $db, $session, $paths, $template, $plugins; // Common objects
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1125
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1126
$q = $db->sql_query('SELECT file_id, filename, file_key, time_id, file_extension FROM ' . table_prefix . "files WHERE page_id = '{$db->escape($page_id)}';");
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1127
if ( !$q )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1128
$db->_die();
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1129
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1130
while ( $row = $db->fetchrow() )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1131
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1132
// wipe original file
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1133
foreach ( array(
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1134
ENANO_ROOT . "/files/{$row['file_key']}_{$row['time_id']}{$row['file_extension']}",
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1135
ENANO_ROOT . "/files/{$row['file_key']}{$row['file_extension']}"
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1136
) as $orig_file )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1137
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1138
if ( file_exists($orig_file) )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1139
@unlink($orig_file);
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1140
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1141
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1142
// wipe cached files
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1143
if ( $dr = @opendir(ENANO_ROOT . '/cache/') )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1144
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1145
// lol404.jpg-1217958283-200x320.jpg
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1146
while ( $dh = @readdir($dr) )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1147
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1148
$regexp = ':^' . preg_quote("{$row['filename']}-{$row['time_id']}-") . '[0-9]+x[0-9]+\.' . ltrim($row['file_extension'], '.') . '$:';
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1149
if ( preg_match($regexp, $dh) )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1150
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1151
@unlink(ENANO_ROOT . "/cache/$dh");
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1152
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1153
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1154
@closedir($dr);
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1155
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1156
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1157
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1158
$q = $db->sql_query('DELETE FROM ' . table_prefix . "files WHERE page_id = '{$db->escape($page_id)}';");
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1159
if ( !$q )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1160
$db->die();
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1161
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1162
return true;
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1163
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1164
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1165
/**
1
+ − 1166
* Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
+ − 1167
* @param $page_id the page ID
+ − 1168
* @param $namespace the namespace
+ − 1169
* @return string
+ − 1170
*/
+ − 1171
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1172
public static function delvote($page_id, $namespace)
1
+ − 1173
{
+ − 1174
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1175
global $lang;
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1176
global $cache;
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1177
112
+ − 1178
if ( !$session->get_permissions('vote_delete') )
+ − 1179
{
214
+ − 1180
return $lang->get('etc_access_denied');
112
+ − 1181
}
+ − 1182
+ − 1183
if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+ − 1184
{
+ − 1185
return 'Special pages and system messages can\'t be voted for deletion.';
+ − 1186
}
+ − 1187
+ − 1188
$pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+ − 1189
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 1190
if ( !isPage($pname) )
112
+ − 1191
{
+ − 1192
return 'The page does not exist.';
+ − 1193
}
+ − 1194
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1195
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1196
$cdata = $ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1197
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1198
$cv =& $cdata['delvotes'];
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1199
$ips =& $cdata['delvote_ips'];
112
+ − 1200
+ − 1201
if ( empty($ips) )
+ − 1202
{
+ − 1203
$ips = array(
+ − 1204
'ip' => array(),
+ − 1205
'u' => array()
+ − 1206
);
+ − 1207
}
+ − 1208
else
+ − 1209
{
+ − 1210
$ips = @unserialize($ips);
+ − 1211
if ( !$ips )
+ − 1212
{
+ − 1213
$ips = array(
+ − 1214
'ip' => array(),
+ − 1215
'u' => array()
+ − 1216
);
+ − 1217
}
+ − 1218
}
+ − 1219
+ − 1220
if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+ − 1221
{
214
+ − 1222
return $lang->get('ajax_delvote_already_voted');
112
+ − 1223
}
+ − 1224
+ − 1225
$ips['u'][] = $session->username;
+ − 1226
$ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+ − 1227
$ips = $db->escape( serialize($ips) );
+ − 1228
1
+ − 1229
$cv++;
112
+ − 1230
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1231
$q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1232
$w = $db->sql_query($q);
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1233
if ( !$w )
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1234
$db->_die();
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1235
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1236
// all done, flush page cache to mark it up
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1237
$cache->purge('page_meta');
112
+ − 1238
214
+ − 1239
return $lang->get('ajax_delvote_success');
1
+ − 1240
}
+ − 1241
+ − 1242
/**
+ − 1243
* Resets the number of votes against a page to 0.
+ − 1244
* @param $page_id the page ID
+ − 1245
* @param $namespace the namespace
+ − 1246
* @return string
+ − 1247
*/
+ − 1248
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1249
public static function resetdelvotes($page_id, $namespace)
1
+ − 1250
{
+ − 1251
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1252
global $lang;
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1253
global $cache;
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1254
913
+ − 1255
if ( !$session->get_permissions('vote_reset') )
214
+ − 1256
{
+ − 1257
return $lang->get('etc_access_denied');
+ − 1258
}
913
+ − 1259
+ − 1260
$page_id = $db->escape($page_id);
+ − 1261
$namespace = $db->escape($namespace);
+ − 1262
+ − 1263
// pull existing info
+ − 1264
$q = $db->sql_query('SELECT delvotes, delvote_ips FROM ' . table_prefix . "pages WHERE urlname = '$page_id' AND namespace = '$namespace'");
+ − 1265
if ( !$q )
+ − 1266
$db->_die();
+ − 1267
if ( $db->numrows() < 1 )
+ − 1268
return $lang->get('page_err_page_not_exist');
+ − 1269
+ − 1270
list($delvotes, $delvote_ips) = $db->fetchrow_num();
+ − 1271
$db->free_result();
+ − 1272
$delvote_ips = $db->escape($delvote_ips);
+ − 1273
$username = $db->escape($session->username);
+ − 1274
+ − 1275
// log action
+ − 1276
$time = time();
1216
+ − 1277
$q = $db->sql_query('INSERT INTO ' . table_prefix . "logs (time_id, log_type, action, edit_summary, page_text, author, author_uid, page_id, namespace) VALUES\n"
+ − 1278
. " ( $time, 'page', 'votereset', '$delvotes', '$delvote_ips', '$username', $session->user_id, '$page_id', '$namespace' )");
913
+ − 1279
if ( !$q )
+ − 1280
$db->_die();
+ − 1281
+ − 1282
// reset votes
+ − 1283
$empty_vote_record = $db->escape(serialize(array('ip'=>array(),'u'=>array())));
+ − 1284
$q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $empty_vote_record . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1285
$e = $db->sql_query($q);
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1286
if ( !$e )
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1287
{
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1288
$db->_die('The number of delete votes was not reset.');
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1289
}
214
+ − 1290
else
+ − 1291
{
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1292
$cache->purge('page_meta');
214
+ − 1293
return $lang->get('ajax_delvote_reset_success');
+ − 1294
}
1
+ − 1295
}
+ − 1296
+ − 1297
/**
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1298
* Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
+ − 1299
* @param $id the name of the directory for the theme
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1300
* @return string JSON string with an array containing a list of themes
1
+ − 1301
*/
+ − 1302
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1303
public static function getstyles()
1
+ − 1304
{
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1305
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1306
if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 1307
return enano_json_encode(false);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1308
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1309
$dir = './themes/' . $_GET['id'] . '/css/';
1
+ − 1310
$list = Array();
+ − 1311
// Open a known directory, and proceed to read its contents
+ − 1312
if (is_dir($dir)) {
+ − 1313
if ($dh = opendir($dir)) {
+ − 1314
while (($file = readdir($dh)) !== false) {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1315
if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1316
{ // it should be a copy of the original style, but
1
+ − 1317
// mostly black and white
+ − 1318
// Note to self: document this
+ − 1319
$list[] = substr($file, 0, strlen($file)-4);
+ − 1320
}
+ − 1321
}
+ − 1322
closedir($dh);
+ − 1323
}
+ − 1324
}
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1325
else
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1326
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 1327
return(enano_json_encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1328
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1329
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 1330
return enano_json_encode($list);
1
+ − 1331
}
+ − 1332
+ − 1333
/**
+ − 1334
* Assembles a Javascript app with category information
+ − 1335
* @param $page_id the page ID
+ − 1336
* @param $namespace the namespace
+ − 1337
* @return string Javascript code
+ − 1338
*/
+ − 1339
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1340
public static function catedit($page_id, $namespace)
1
+ − 1341
{
+ − 1342
$d = PageUtils::catedit_raw($page_id, $namespace);
+ − 1343
return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
+ − 1344
}
+ − 1345
+ − 1346
/**
+ − 1347
* Does the actual HTML/javascript generation for cat editing, but returns an array
+ − 1348
* @access private
+ − 1349
*/
+ − 1350
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1351
public static function catedit_raw($page_id, $namespace)
1
+ − 1352
{
+ − 1353
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1354
global $lang;
+ − 1355
1
+ − 1356
ob_start();
+ − 1357
$_ob = '';
322
+ − 1358
$e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\'');
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1359
if(!$e) jsdie('Error selecting category information for current page: '.$db->get_error());
1
+ − 1360
$cat_current = Array();
+ − 1361
while($r = $db->fetchrow())
+ − 1362
{
+ − 1363
$cat_current[] = $r;
+ − 1364
}
+ − 1365
$db->free_result();
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1366
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1367
$cat_all = array();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1368
$q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';');
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1369
if ( !$q )
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1370
$db->_die();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1371
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1372
while ( $row = $db->fetchrow() )
1
+ − 1373
{
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1374
$cat_all[] = Namespace_Default::bake_cdata($row);
1
+ − 1375
}
+ − 1376
+ − 1377
// Make $cat_all an associative array, like $paths->pages
+ − 1378
$sz = sizeof($cat_all);
+ − 1379
for($i=0;$i<$sz;$i++)
+ − 1380
{
+ − 1381
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1382
}
+ − 1383
// Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
+ − 1384
$cat_info = $cat_all;
+ − 1385
for($i=0;$i<sizeof($cat_current);$i++)
+ − 1386
{
+ − 1387
$un = $cat_current[$i]['category_id'];
+ − 1388
$cat_info[$un]['member'] = true;
+ − 1389
}
+ − 1390
// Now copy the information we just set into the numerically named keys
+ − 1391
for($i=0;$i<sizeof($cat_info)/2;$i++)
+ − 1392
{
+ − 1393
$un = $cat_info[$i]['urlname_nons'];
+ − 1394
$cat_info[$i] = $cat_info[$un];
+ − 1395
}
+ − 1396
+ − 1397
echo 'catlist = new Array();'; // Initialize the client-side category list
214
+ − 1398
$_ob .= '<h3>' . $lang->get('catedit_title') . '</h3>
1
+ − 1399
<form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
+ − 1400
if ( sizeof($cat_info) < 1 )
+ − 1401
{
214
+ − 1402
$_ob .= '<p>' . $lang->get('catedit_no_categories') . '</p>';
1
+ − 1403
}
+ − 1404
for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
+ − 1405
{
+ − 1406
// Protection code added 1/3/07
+ − 1407
// Updated 3/4/07
+ − 1408
$is_prot = false;
+ − 1409
$perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
+ − 1410
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1411
( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
+ − 1412
$is_prot = true;
+ − 1413
$prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
+ − 1414
$prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1415
echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1416
$_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
1
+ − 1417
if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1418
$_ob .= '/> <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
1
+ − 1419
}
+ − 1420
+ − 1421
$disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
+ − 1422
214
+ − 1423
$_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="' . $lang->get('etc_save_changes') . '" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="' . $lang->get('etc_cancel') . '" /></div></form>';
1
+ − 1424
+ − 1425
$cont = ob_get_contents();
+ − 1426
ob_end_clean();
+ − 1427
return Array($cont, $_ob);
+ − 1428
}
+ − 1429
+ − 1430
/**
+ − 1431
* Saves category information
+ − 1432
* WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
+ − 1433
* @param $page_id string the page ID
+ − 1434
* @param $namespace string the namespace
+ − 1435
* @param $which_cats array associative array of categories to put the page in
+ − 1436
* @return string "GOOD" on success, error string on failure
+ − 1437
*/
+ − 1438
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1439
public static function catsave($page_id, $namespace, $which_cats)
1
+ − 1440
{
+ − 1441
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1442
if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
+ − 1443
+ − 1444
$page_perms = $session->fetch_page_acl($page_id, $namespace);
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1445
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1446
$page_data = $ns->get_cdata();
1
+ − 1447
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1448
$cat_all = array();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1449
$q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';');
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1450
if ( !$q )
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1451
$db->_die();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1452
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1453
while ( $row = $db->fetchrow() )
1
+ − 1454
{
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1455
$cat_all[] = Namespace_Default::bake_cdata($row);
1
+ − 1456
}
+ − 1457
+ − 1458
// Make $cat_all an associative array, like $paths->pages
+ − 1459
$sz = sizeof($cat_all);
+ − 1460
for($i=0;$i<$sz;$i++)
+ − 1461
{
+ − 1462
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1463
}
+ − 1464
+ − 1465
$rowlist = Array();
+ − 1466
+ − 1467
for($i=0;$i<sizeof($cat_all)/2;$i++)
+ − 1468
{
+ − 1469
$auth = true;
+ − 1470
$perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
+ − 1471
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1472
( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
+ − 1473
( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
+ − 1474
$auth = false;
+ − 1475
if(!$auth)
+ − 1476
{
+ − 1477
// Find out if the page is currently in the category
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1478
$q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1479
if(!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1480
return 'MySQL error: ' . $db->get_error();
1
+ − 1481
if($db->numrows() > 0)
+ − 1482
{
+ − 1483
$auth = true;
+ − 1484
$which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
+ − 1485
}
+ − 1486
$db->free_result();
+ − 1487
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1488
if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
1
+ − 1489
}
+ − 1490
if(sizeof($rowlist) > 0)
+ − 1491
{
+ − 1492
$val = implode(',', $rowlist);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1493
$q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1494
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1495
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1496
$e = $db->sql_query($q);
+ − 1497
if(!$e) $db->_die('The new category data could not be inserted.');
+ − 1498
return('GOOD');
+ − 1499
}
+ − 1500
else
+ − 1501
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1502
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1503
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1504
return('GOOD');
+ − 1505
}
+ − 1506
}
+ − 1507
+ − 1508
/**
+ − 1509
* Sets the wiki mode level for a page.
+ − 1510
* @param $page_id string the page ID
+ − 1511
* @param $namespace string the namespace
+ − 1512
* @param $level int 0 for off, 1 for on, 2 for use global setting
+ − 1513
* @return string "GOOD" on success, error string on failure
+ − 1514
*/
+ − 1515
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1516
public static function setwikimode($page_id, $namespace, $level)
1
+ − 1517
{
+ − 1518
global $db, $session, $paths, $template, $plugins; // Common objects
913
+ − 1519
global $cache;
+ − 1520
1
+ − 1521
if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1522
if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1523
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1524
return('Invalid mode string');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1525
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1526
$q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1527
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1528
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1529
return('Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1530
}
913
+ − 1531
+ − 1532
$cache->purge('page_meta');
1
+ − 1533
return('GOOD');
+ − 1534
}
+ − 1535
+ − 1536
/**
+ − 1537
* Sets the access password for a page.
+ − 1538
* @param $page_id string the page ID
+ − 1539
* @param $namespace string the namespace
+ − 1540
* @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
+ − 1541
* @return string
+ − 1542
*/
+ − 1543
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1544
public static function setpass($page_id, $namespace, $pass)
1
+ − 1545
{
+ − 1546
global $db, $session, $paths, $template, $plugins; // Common objects
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1547
global $lang, $cache;
1
+ − 1548
// Determine permissions
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1549
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1550
$cdata = $ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1551
if ( $cdata['password'] != '' )
1
+ − 1552
$a = $session->get_permissions('password_reset');
+ − 1553
else
+ − 1554
$a = $session->get_permissions('password_set');
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1555
if ( !$a )
214
+ − 1556
return $lang->get('etc_access_denied');
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1557
if ( !isset($pass) )
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1558
return('Password was not set on URL');
1
+ − 1559
$p = $pass;
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1560
if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1561
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1562
$p = sha1($p);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1563
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1564
if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1565
// sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1566
$p = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1567
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1568
if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1569
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1570
die('PageUtils::setpass(): Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1571
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1572
// Is the new password blank?
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1573
if ( $p == '' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1574
{
214
+ − 1575
return $lang->get('ajax_password_disable_success');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1576
}
214
+ − 1577
else
+ − 1578
{
+ − 1579
return $lang->get('ajax_password_success');
+ − 1580
}
1
+ − 1581
}
+ − 1582
+ − 1583
/**
+ − 1584
* Generates some preview HTML
+ − 1585
* @param $text string the wikitext to use
+ − 1586
* @return string
+ − 1587
*/
+ − 1588
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1589
public static function genPreview($text)
1
+ − 1590
{
214
+ − 1591
global $lang;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1592
$ret = '<div class="info-box">' . $lang->get('editor_preview_blurb') . '</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 10px 0;">';
102
+ − 1593
$text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+ − 1594
ob_start();
+ − 1595
eval('?>' . $text);
+ − 1596
$text = ob_get_contents();
+ − 1597
ob_end_clean();
+ − 1598
$ret .= $text;
+ − 1599
$ret .= '</div>';
+ − 1600
return $ret;
1
+ − 1601
}
+ − 1602
+ − 1603
/**
+ − 1604
* Makes a scrollable box
+ − 1605
* @param string $text the inner HTML
+ − 1606
* @param int $height Optional - the maximum height. Defaults to 250.
+ − 1607
* @return string
+ − 1608
*/
+ − 1609
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1610
public static function scrollBox($text, $height = 250)
1
+ − 1611
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1612
return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
1
+ − 1613
}
+ − 1614
+ − 1615
/**
+ − 1616
* Generates a diff summary between two page revisions.
+ − 1617
* @param $page_id the page ID
+ − 1618
* @param $namespace the namespace
+ − 1619
* @param $id1 the time ID of the first revision
+ − 1620
* @param $id2 the time ID of the second revision
+ − 1621
* @return string XHTML-formatted diff
+ − 1622
*/
+ − 1623
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1624
public static function pagediff($page_id, $namespace, $id1, $id2)
1
+ − 1625
{
+ − 1626
global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 1627
global $lang;
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1628
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1629
if ( !$session->get_permissions('history_view') )
214
+ − 1630
return $lang->get('etc_access_denied');
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1631
1
+ − 1632
if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
+ − 1633
!preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
+ − 1634
// OK we made it through security
+ − 1635
// Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1636
if ( !$q1 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE log_id = ' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1637
if ( !$q2 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE log_id = ' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
1
+ − 1638
$row1 = $db->fetchrow($q1);
+ − 1639
$db->free_result($q1);
+ − 1640
$row2 = $db->fetchrow($q2);
+ − 1641
$db->free_result($q2);
909
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1642
if(sizeof($row1) < 1 || sizeof($row2) < 2)
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1643
{
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1644
if ( !$q1 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id = ' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1645
if ( !$q2 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id = ' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1646
$row1 = $db->fetchrow($q1);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1647
$db->free_result($q1);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1648
$row2 = $db->fetchrow($q2);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1649
$db->free_result($q2);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1650
if(sizeof($row1) < 1 || sizeof($row2) < 2)
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1651
return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1652
}
1
+ − 1653
$text1 = $row1['page_text'];
+ − 1654
$text2 = $row2['page_text'];
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 1655
$time1 = enano_date(ED_DATE | ED_TIME, $row1['time_id']);
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 1656
$time2 = enano_date(ED_DATE | ED_TIME, $row2['time_id']);
1
+ − 1657
$_ob = "
213
+ − 1658
<p>" . $lang->get('history_lbl_comparingrevisions') . " {$time1} → {$time2}</p>
1
+ − 1659
";
+ − 1660
// Free some memory
+ − 1661
unset($row1, $row2, $q1, $q2);
+ − 1662
+ − 1663
$_ob .= RenderMan::diff($text1, $text2);
+ − 1664
return $_ob;
+ − 1665
}
+ − 1666
+ − 1667
/**
+ − 1668
* Gets ACL information about the selected page for target type X and target ID Y.
+ − 1669
* @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
+ − 1670
* @return array
+ − 1671
*/
+ − 1672
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1673
public static function acl_editor($parms = Array())
1
+ − 1674
{
+ − 1675
global $db, $session, $paths, $template, $plugins; // Common objects
218
+ − 1676
global $lang;
+ − 1677
511
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 1678
if(!$session->get_permissions('edit_acl') && ( $session->user_level < USER_LEVEL_ADMIN || !defined('ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL')) )
40
+ − 1679
{
+ − 1680
return Array(
+ − 1681
'mode' => 'error',
218
+ − 1682
'error' => $lang->get('acl_err_access_denied')
40
+ − 1683
);
+ − 1684
}
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1685
if ( !$session->sid_super )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1686
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1687
return Array(
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1688
'mode' => 'error',
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1689
'error' => $lang->get('etc_access_denied_need_reauth')
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1690
);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1691
}
1
+ − 1692
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
+ − 1693
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
+ − 1694
$page_id =& $parms['page_id'];
+ − 1695
$namespace =& $parms['namespace'];
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1696
$page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1697
$page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
1
+ − 1698
//die(print_r($page_id,true));
+ − 1699
$template->load_theme();
+ − 1700
// $perms_obj = $session->fetch_page_acl($page_id, $namespace);
+ − 1701
$perms_obj =& $session;
+ − 1702
$return = Array();
+ − 1703
if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
+ − 1704
{
+ − 1705
return Array(
+ − 1706
'mode' => 'error',
218
+ − 1707
'error' => $lang->get('acl_err_missing_template'),
1
+ − 1708
);
+ − 1709
}
+ − 1710
$return['template'] = $template->extract_vars('acledit.tpl');
+ − 1711
$return['page_id'] = $page_id;
+ − 1712
$return['namespace'] = $namespace;
+ − 1713
if(isset($parms['mode']))
+ − 1714
{
+ − 1715
switch($parms['mode'])
+ − 1716
{
+ − 1717
case 'listgroups':
+ − 1718
$return['groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1719
$q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
1
+ − 1720
while($row = $db->fetchrow())
+ − 1721
{
+ − 1722
$return['groups'][] = Array(
+ − 1723
'id' => $row['group_id'],
+ − 1724
'name' => $row['group_name'],
+ − 1725
);
+ − 1726
}
+ − 1727
$db->free_result();
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1728
$return['page_groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1729
$q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1730
if ( !$q )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1731
return Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1732
'mode' => 'error',
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1733
'error' => $db->get_error()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1734
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1735
while ( $row = $db->fetchrow() )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1736
{
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1737
$return['page_groups'][] = Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1738
'id' => $row['pg_id'],
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1739
'name' => $row['pg_name']
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1740
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1741
}
1
+ − 1742
break;
512
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1743
case 'seltarget_id':
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1744
if ( !is_int($parms['target_id']) )
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1745
{
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1746
return Array(
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1747
'mode' => 'error',
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1748
'error' => 'Expected parameter target_id type int'
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1749
);
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1750
}
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1751
$q = $db->sql_query('SELECT target_id, target_type, page_id, namespace, rules FROM ' . table_prefix . "acl WHERE rule_id = {$parms['target_id']};");
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1752
if ( !$q )
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1753
return Array(
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1754
'mode' => 'error',
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1755
'error' => $db->get_error()
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1756
);
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1757
if ( $db->numrows() < 1 )
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1758
return Array(
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1759
'mode' => 'error',
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1760
'error' => "No rule with ID {$parms['target_id']} found"
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1761
);
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1762
$parms = $db->fetchrow();
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1763
$db->free_result();
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1764
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1765
// regenerate page selection
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1766
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1767
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
513
+ − 1768
$parms['mode'] = 'seltarget_id';
512
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1769
$page_id =& $parms['page_id'];
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1770
$namespace =& $parms['namespace'];
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1771
$page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1772
$page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1773
513
+ − 1774
$return['page_id'] = $parms['page_id'];
+ − 1775
$return['namespace'] = $parms['namespace'];
+ − 1776
512
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1777
// From here, let the seltarget handler take over
1
+ − 1778
case 'seltarget':
+ − 1779
$return['mode'] = 'seltarget';
+ − 1780
$return['acl_types'] = $perms_obj->acl_types;
+ − 1781
$return['acl_deps'] = $perms_obj->acl_deps;
+ − 1782
$return['acl_descs'] = $perms_obj->acl_descs;
+ − 1783
$return['target_type'] = $parms['target_type'];
+ − 1784
$return['target_id'] = $parms['target_id'];
+ − 1785
switch($parms['target_type'])
+ − 1786
{
+ − 1787
case ACL_TYPE_USER:
513
+ − 1788
$user_col = ( $parms['mode'] == 'seltarget_id' ) ? 'user_id' : 'username';
+ − 1789
$q = $db->sql_query('SELECT a.rules,u.user_id,u.username FROM ' . table_prefix.'users AS u
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1790
LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1791
ON a.target_id=u.user_id
+ − 1792
WHERE a.target_type='.ACL_TYPE_USER.'
513
+ − 1793
AND u.' . $user_col . ' = \'' . $db->escape($parms['target_id']) . '\'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1794
' . $page_where_clause . ';');
1
+ − 1795
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1796
return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1797
if($db->numrows() < 1)
+ − 1798
{
+ − 1799
$return['type'] = 'new';
513
+ − 1800
$q = $db->sql_query('SELECT user_id,username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
1
+ − 1801
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1802
return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1803
if($db->numrows() < 1)
513
+ − 1804
return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'),'debug' => $db->sql_backtrace());
1
+ − 1805
$row = $db->fetchrow();
513
+ − 1806
$return['target_name'] = $row['username'];
1
+ − 1807
$return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1808
$return['current_perms'] = array();
1
+ − 1809
}
+ − 1810
else
+ − 1811
{
+ − 1812
$return['type'] = 'edit';
+ − 1813
$row = $db->fetchrow();
513
+ − 1814
$return['target_name'] = $row['username'];
1
+ − 1815
$return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1816
$return['current_perms'] = $session->string_to_perm($row['rules']);
1
+ − 1817
}
+ − 1818
$db->free_result();
+ − 1819
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1820
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1821
{
+ − 1822
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1823
{
+ − 1824
if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1825
{
+ − 1826
// echo "// SCOPE CONTROL: eliminating: $i\n";
+ − 1827
unset($return['current_perms'][$i]);
+ − 1828
unset($return['acl_types'][$i]);
+ − 1829
unset($return['acl_descs'][$i]);
+ − 1830
unset($return['acl_deps'][$i]);
+ − 1831
}
+ − 1832
}
+ − 1833
}
+ − 1834
break;
+ − 1835
case ACL_TYPE_GROUP:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1836
$q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1837
LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1838
ON a.target_id=g.group_id
+ − 1839
WHERE a.target_type='.ACL_TYPE_GROUP.'
+ − 1840
AND g.group_id=\''.intval($parms['target_id']).'\'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1841
' . $page_where_clause . ';');
1
+ − 1842
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1843
return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1844
if($db->numrows() < 1)
+ − 1845
{
+ − 1846
$return['type'] = 'new';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1847
$q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
1
+ − 1848
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1849
return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1850
if($db->numrows() < 1)
218
+ − 1851
return Array('mode'=>'error','error'=>$lang->get('acl_err_bad_group_id'));
1
+ − 1852
$row = $db->fetchrow();
+ − 1853
$return['target_name'] = $row['group_name'];
+ − 1854
$return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1855
$return['current_perms'] = array();
1
+ − 1856
}
+ − 1857
else
+ − 1858
{
+ − 1859
$return['type'] = 'edit';
+ − 1860
$row = $db->fetchrow();
+ − 1861
$return['target_name'] = $row['group_name'];
+ − 1862
$return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1863
$return['current_perms'] = $session->string_to_perm($row['rules']);
1
+ − 1864
}
+ − 1865
$db->free_result();
+ − 1866
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1867
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1868
{
+ − 1869
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1870
{
+ − 1871
if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1872
{
+ − 1873
// echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
+ − 1874
unset($return['current_perms'][$i]);
+ − 1875
unset($return['acl_types'][$i]);
+ − 1876
unset($return['acl_descs'][$i]);
+ − 1877
unset($return['acl_deps'][$i]);
+ − 1878
}
+ − 1879
}
+ − 1880
}
+ − 1881
//return Array('mode'=>'debug','text'=>print_r($return, true));
+ − 1882
break;
+ − 1883
default:
+ − 1884
return Array('mode'=>'error','error','Invalid ACL type ID');
+ − 1885
break;
+ − 1886
}
+ − 1887
return $return;
+ − 1888
break;
+ − 1889
case 'save_new':
+ − 1890
case 'save_edit':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1891
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1892
{
218
+ − 1893
return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1894
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1895
$q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1896
' . $page_where_clause_lite . ';');
1
+ − 1897
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1898
return Array('mode'=>'error','error'=>$db->get_error());
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1899
if ( sizeof ( $parms['perms'] ) < 1 )
1
+ − 1900
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1901
// As of 1.1.x, this returns success because the rule length is zero if the user selected "inherit" in all columns
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1902
return Array(
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1903
'mode' => 'success',
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1904
'target_type' => $parms['target_type'],
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1905
'target_id' => $parms['target_id'],
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1906
'target_name' => $parms['target_name'],
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1907
'page_id' => $page_id,
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1908
'namespace' => $namespace,
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1909
);
1
+ − 1910
}
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1911
$rules = $session->perm_to_string($parms['perms']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1912
$q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1913
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1914
'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1915
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1916
if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>$db->get_error());
1
+ − 1917
return Array(
+ − 1918
'mode' => 'success',
+ − 1919
'target_type' => $parms['target_type'],
+ − 1920
'target_id' => $parms['target_id'],
+ − 1921
'target_name' => $parms['target_name'],
+ − 1922
'page_id' => $page_id,
+ − 1923
'namespace' => $namespace,
+ − 1924
);
+ − 1925
break;
+ − 1926
case 'delete':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1927
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1928
{
218
+ − 1929
return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1930
}
513
+ − 1931
$sql = 'DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
+ − 1932
' . $page_where_clause_lite . ';';
+ − 1933
$q = $db->sql_query($sql);
1
+ − 1934
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1935
return Array('mode'=>'error','error'=>$db->get_error());
1
+ − 1936
return Array(
+ − 1937
'mode' => 'delete',
+ − 1938
'target_type' => $parms['target_type'],
+ − 1939
'target_id' => $parms['target_id'],
+ − 1940
'target_name' => $parms['target_name'],
+ − 1941
'page_id' => $page_id,
+ − 1942
'namespace' => $namespace,
+ − 1943
);
+ − 1944
break;
513
+ − 1945
case 'list_existing':
+ − 1946
+ − 1947
$return = array(
+ − 1948
'mode' => 'list_existing',
+ − 1949
'key' => acl_list_draw_key(),
+ − 1950
'rules' => array()
+ − 1951
);
+ − 1952
1153
+ − 1953
$acl_columns = 'a.' . implode(', a.', $db->columns_in(table_prefix . 'acl'));
+ − 1954
$users_columns = 'u.' . implode(', u.', $db->columns_in(table_prefix . 'users'));
+ − 1955
$groups_columns = 'g.' . implode(', g.', $db->columns_in(table_prefix . 'groups'));
+ − 1956
$pg_columns = 'p.' . implode(', p.', array('pg_id', 'pg_type', 'pg_name', 'pg_target'));
+ − 1957
513
+ − 1958
$q = $db->sql_query("SELECT a.rule_id, u.username, g.group_name, a.target_type, a.target_id, a.page_id, a.namespace, a.rules, p.pg_name\n"
+ − 1959
. " FROM " . table_prefix . "acl AS a\n"
+ − 1960
. " LEFT JOIN " . table_prefix . "users AS u\n"
+ − 1961
. " ON ( (a.target_type = " . ACL_TYPE_USER . " AND a.target_id = u.user_id) OR (u.user_id IS NULL) )\n"
+ − 1962
. " LEFT JOIN " . table_prefix . "groups AS g\n"
+ − 1963
. " ON ( (a.target_type = " . ACL_TYPE_GROUP . " AND a.target_id = g.group_id) OR (g.group_id IS NULL) )\n"
+ − 1964
. " LEFT JOIN " . table_prefix . "page_groups as p\n"
1153
+ − 1965
. " ON ( (a.namespace = '__PageGroup' AND a.page_id = CAST(p.pg_id AS CHAR)) OR (p.pg_id IS NULL) )\n"
690
+ − 1966
. " WHERE ( a.target_type = " . ACL_TYPE_USER . " OR a.target_type = " . ACL_TYPE_GROUP . " )\n"
1153
+ − 1967
. " GROUP BY a.rule_id, $acl_columns, $users_columns, $groups_columns, $pg_columns\n"
513
+ − 1968
. " ORDER BY a.target_type ASC, a.rule_id ASC;"
+ − 1969
);
+ − 1970
+ − 1971
if ( !$q )
+ − 1972
$db->_die();
+ − 1973
+ − 1974
while ( $row = $db->fetchrow($q) )
+ − 1975
{
+ − 1976
if ( $row['target_type'] == ACL_TYPE_USER && empty($row['username']) )
+ − 1977
{
+ − 1978
// This is only done if we have an ACL affecting a user that doesn't exist.
+ − 1979
// Nice little bit of maintenance to have.
+ − 1980
if ( !$db->sql_query("DELETE FROM " . table_prefix . "acl WHERE rule_id = {$row['rule_id']};") )
+ − 1981
$db->_die();
+ − 1982
continue;
+ − 1983
}
+ − 1984
$score = get_acl_rule_score($row['rules']);
+ − 1985
$deep_limit = ACL_SCALE_MINIMAL_SHADE;
+ − 1986
// Determine background color of cell by score
+ − 1987
if ( $score > 5 )
+ − 1988
{
+ − 1989
// high score, show in green
+ − 1990
$color = 2.5 * $score;
+ − 1991
if ( $color > 255 )
+ − 1992
$color = 255;
+ − 1993
$color = round($color);
+ − 1994
// blend with the colordepth limit
+ − 1995
$color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) );
+ − 1996
$color = dechex($color);
+ − 1997
$color = "{$color}ff{$color}";
+ − 1998
}
+ − 1999
else if ( $score < -5 )
+ − 2000
{
+ − 2001
// low score, show in red
+ − 2002
$color = 0 - $score;
+ − 2003
$color = 2.5 * $color;
+ − 2004
if ( $color > 255 )
+ − 2005
$color = 255;
+ − 2006
$color = round($color);
+ − 2007
// blend with the colordepth limit
+ − 2008
$color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) );
+ − 2009
$color = dechex($color);
+ − 2010
$color = "ff{$color}{$color}";
+ − 2011
}
+ − 2012
else
+ − 2013
{
+ − 2014
$color = 'efefef';
+ − 2015
}
+ − 2016
+ − 2017
// Rate rule textually based on its score
+ − 2018
if ( $score >= 70 )
+ − 2019
$desc = $lang->get('acl_msg_scale_allow');
+ − 2020
else if ( $score >= 50 )
+ − 2021
$desc = $lang->get('acl_msg_scale_mostly_allow');
+ − 2022
else if ( $score >= 25 )
+ − 2023
$desc = $lang->get('acl_msg_scale_some_allow');
+ − 2024
else if ( $score >= -25 )
+ − 2025
$desc = $lang->get('acl_msg_scale_mixed');
+ − 2026
else if ( $score <= -70 )
+ − 2027
$desc = $lang->get('acl_msg_scale_deny');
+ − 2028
else if ( $score <= -50 )
+ − 2029
$desc = $lang->get('acl_msg_scale_mostly_deny');
+ − 2030
else if ( $score <= -25 )
+ − 2031
$desc = $lang->get('acl_msg_scale_some_deny');
+ − 2032
+ − 2033
// group and user target info
+ − 2034
$info = '';
+ − 2035
if ( $row['target_type'] == ACL_TYPE_USER )
+ − 2036
$info = $lang->get('acl_msg_list_user', array( 'username' => $row['username'] )); // "(User: {$row['username']})";
+ − 2037
else if ( $row['target_type'] == ACL_TYPE_GROUP )
+ − 2038
$info = $lang->get('acl_msg_list_group', array( 'group' => $row['group_name'] ));
+ − 2039
+ − 2040
// affected pages info
+ − 2041
if ( $row['page_id'] && $row['namespace'] && $row['namespace'] != '__PageGroup' )
+ − 2042
$info .= $lang->get('acl_msg_list_on_page', array( 'page_name' => "{$row['namespace']}:{$row['page_id']}" ));
+ − 2043
else if ( $row['page_id'] && $row['namespace'] && $row['namespace'] == '__PageGroup' )
+ − 2044
$info .= $lang->get('acl_msg_list_on_page_group', array( 'page_group' => $row['pg_name'] ));
+ − 2045
else
+ − 2046
$info .= $lang->get('acl_msg_list_entire_site');
+ − 2047
+ − 2048
$score_string = $lang->get('acl_msg_list_score', array
+ − 2049
(
+ − 2050
'score' => $score,
+ − 2051
'desc' => $desc,
+ − 2052
'info' => $info
+ − 2053
));
+ − 2054
$return['rules'][] = array(
+ − 2055
'score_string' => $score_string,
+ − 2056
'rule_id' => $row['rule_id'],
+ − 2057
'color' => $color
+ − 2058
);
+ − 2059
}
+ − 2060
+ − 2061
break;
679
+ − 2062
case 'list_presets':
+ − 2063
$presets = array();
+ − 2064
$q = $db->sql_query('SELECT page_id AS preset_name, rule_id, rules FROM ' . table_prefix . "acl WHERE target_type = " . ACL_TYPE_PRESET . ";");
+ − 2065
if ( !$q )
+ − 2066
$db->die_json();
+ − 2067
+ − 2068
while ( $row = $db->fetchrow() )
+ − 2069
{
+ − 2070
$row['rules'] = $session->string_to_perm($row['rules']);
+ − 2071
$presets[] = $row;
+ − 2072
}
+ − 2073
+ − 2074
return array(
+ − 2075
'mode' => 'list_existing',
+ − 2076
'presets' => $presets
+ − 2077
);
+ − 2078
break;
+ − 2079
case 'save_preset':
+ − 2080
if ( empty($parms['preset_name']) )
+ − 2081
{
+ − 2082
return array(
+ − 2083
'mode' => 'error',
+ − 2084
'error' => $lang->get('acl_err_preset_name_empty')
+ − 2085
);
+ − 2086
}
+ − 2087
$preset_name = $db->escape($parms['preset_name']);
+ − 2088
$q = $db->sql_query('DELETE FROM ' . table_prefix . "acl WHERE target_type = " . ACL_TYPE_PRESET . " AND page_id = '$preset_name';");
+ − 2089
if ( !$q )
+ − 2090
$db->die_json();
+ − 2091
+ − 2092
$perms = $session->perm_to_string($parms['perms']);
+ − 2093
if ( !$perms )
+ − 2094
{
+ − 2095
return array(
+ − 2096
'mode' => 'error',
+ − 2097
'error' => $lang->get('acl_err_preset_is_blank')
+ − 2098
);
+ − 2099
}
+ − 2100
+ − 2101
$perms = $db->escape($perms);
+ − 2102
$q = $db->sql_query('INSERT INTO ' . table_prefix . "acl(page_id, target_type, rules) VALUES\n"
+ − 2103
. " ( '$preset_name', " . ACL_TYPE_PRESET . ", '$perms' );");
+ − 2104
if ( !$q )
+ − 2105
$db->die_json();
+ − 2106
+ − 2107
return array(
+ − 2108
'mode' => 'success'
+ − 2109
);
+ − 2110
break;
729
+ − 2111
case 'trace':
+ − 2112
list($targetpid, $targetns) = RenderMan::strToPageID($parms['page']);
737
+ − 2113
try
+ − 2114
{
+ − 2115
$perms = $session->fetch_page_acl_user($parms['user'], $targetpid, $targetns);
+ − 2116
$perm_table = array(
+ − 2117
AUTH_ALLOW => 'acl_lbl_field_allow',
+ − 2118
AUTH_WIKIMODE => 'acl_lbl_field_wikimode',
+ − 2119
AUTH_DISALLOW => 'acl_lbl_field_disallow',
+ − 2120
AUTH_DENY => 'acl_lbl_field_deny'
+ − 2121
);
+ − 2122
+ − 2123
$return = array(
+ − 2124
'mode' => 'trace',
+ − 2125
'perms' => array()
729
+ − 2126
);
+ − 2127
737
+ − 2128
foreach ( $perms->perm_resolve_table as $perm_type => $lookup_data )
+ − 2129
{
+ − 2130
if ( !$session->check_acl_scope($perm_type, $targetns) )
+ − 2131
continue;
+ − 2132
+ − 2133
$src_l10n = $lang->get($session->acl_inherit_lang_table[$lookup_data['src']], $lookup_data);
+ − 2134
$divclass = preg_replace('/^acl_inherit_/', '', $session->acl_inherit_lang_table[$lookup_data['src']]);
+ − 2135
$perm_string = $lang->get($perm_table[$perms->perms[$perm_type]]);
+ − 2136
$perm_name = $lang->get($session->acl_descs[$perm_type]);
+ − 2137
+ − 2138
$return['perms'][$perm_type] = array(
+ − 2139
'divclass' => "acl_inherit acl_$divclass",
+ − 2140
'perm_type' => $perm_type,
+ − 2141
'perm_name' => $perm_name,
+ − 2142
'perm_value' => $perm_string,
+ − 2143
'perm_src' => $src_l10n,
749
+ − 2144
'rule_id' => intval($lookup_data['rule_id']),
+ − 2145
'bad_deps' => $perms->acl_check_deps($perm_type, true)
737
+ − 2146
);
+ − 2147
}
729
+ − 2148
737
+ − 2149
// group rules if possible
+ − 2150
$return['groups'] = array();
+ − 2151
foreach ( $return['perms'] as $rule )
+ − 2152
{
+ − 2153
if ( !isset($return['groups'][$rule['rule_id']]) )
+ − 2154
{
+ − 2155
$return['groups'][$rule['rule_id']] = array();
+ − 2156
}
+ − 2157
$return['groups'][$rule['rule_id']][] = $rule['perm_type'];
+ − 2158
}
729
+ − 2159
}
737
+ − 2160
catch ( Exception $e )
729
+ − 2161
{
737
+ − 2162
$return = array(
+ − 2163
'mode' => 'error',
+ − 2164
'error' => $e->getMessage()
+ − 2165
);
729
+ − 2166
}
+ − 2167
+ − 2168
break;
1
+ − 2169
default:
+ − 2170
return Array('mode'=>'error','error'=>'Hacking attempt');
+ − 2171
break;
+ − 2172
}
+ − 2173
}
+ − 2174
return $return;
+ − 2175
}
+ − 2176
+ − 2177
/**
+ − 2178
* Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
+ − 2179
* @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
+ − 2180
* @return string
+ − 2181
*/
+ − 2182
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2183
public static function acl_json($parms = '{ }')
1
+ − 2184
{
+ − 2185
global $db, $session, $paths, $template, $plugins; // Common objects
582
+ − 2186
try
+ − 2187
{
+ − 2188
$parms = enano_json_decode($parms);
+ − 2189
}
+ − 2190
catch ( Zend_Json_Exception $e )
+ − 2191
{
+ − 2192
$parms = array();
+ − 2193
}
1
+ − 2194
$ret = PageUtils::acl_editor($parms);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 2195
$ret = enano_json_encode($ret);
1
+ − 2196
return $ret;
+ − 2197
}
+ − 2198
+ − 2199
/**
+ − 2200
* A non-Javascript frontend for the ACL API.
+ − 2201
* @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
+ − 2202
*/
+ − 2203
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2204
public static function aclmanager($parms)
1
+ − 2205
{
+ − 2206
global $db, $session, $paths, $template, $plugins; // Common objects
219
+ − 2207
global $lang;
1
+ − 2208
ob_start();
+ − 2209
// Convenience
+ − 2210
$formstart = '<form
+ − 2211
action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
+ − 2212
method="post" enctype="multipart/form-data"
+ − 2213
onsubmit="if(!submitAuthorized) return false;"
+ − 2214
>';
+ − 2215
$formend = '</form>';
+ − 2216
$parms = PageUtils::acl_preprocess($parms);
+ − 2217
$response = PageUtils::acl_editor($parms);
+ − 2218
$response = PageUtils::acl_postprocess($response);
+ − 2219
+ − 2220
//die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
+ − 2221
+ − 2222
switch($response['mode'])
+ − 2223
{
+ − 2224
case 'debug':
+ − 2225
echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
+ − 2226
break;
+ − 2227
case 'stage1':
219
+ − 2228
echo '<h3>' . $lang->get('acl_lbl_welcome_title') . '</h3>
+ − 2229
<p>' . $lang->get('acl_lbl_welcome_body') . '</p>';
1
+ − 2230
echo $formstart;
219
+ − 2231
echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> ' . $lang->get('acl_radio_usergroup') . '</label></p>
1
+ − 2232
<p><select name="data[target_id_grp]">';
+ − 2233
foreach ( $response['groups'] as $group )
+ − 2234
{
+ − 2235
echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
+ − 2236
}
219
+ − 2237
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2238
// page group selector
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2239
$groupsel = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2240
if ( count($response['page_groups']) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2241
{
219
+ − 2242
$groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> ' . $lang->get('acl_radio_scope_pagegroup') . '</label></p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2243
<p><select name="data[pg_id]">';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2244
foreach ( $response['page_groups'] as $grp )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2245
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2246
$groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2247
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2248
$groupsel .= '</select></p>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2249
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2250
1
+ − 2251
echo '</select></p>
219
+ − 2252
<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> ' . $lang->get('acl_radio_user') . '</label></p>
1
+ − 2253
<p>' . $template->username_field('data[target_id_user]') . '</p>
219
+ − 2254
<p>' . $lang->get('acl_lbl_scope') . '</p>
+ − 2255
<p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> ' . $lang->get('acl_radio_scope_thispage') . '</p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2256
' . $groupsel . '
219
+ − 2257
<p><label><input name="data[scope]" value="entire_site" type="radio" /> ' . $lang->get('acl_radio_scope_wholesite') . '</p>
1
+ − 2258
<div style="margin: 0 auto 0 0; text-align: right;">
+ − 2259
<input name="data[mode]" value="seltarget" type="hidden" />
322
+ − 2260
<input type="hidden" name="data[page_id]" value="' . $paths->page_id . '" />
1
+ − 2261
<input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
219
+ − 2262
<input type="submit" value="' . htmlspecialchars($lang->get('etc_wizard_next')) . '" />
1
+ − 2263
</div>';
+ − 2264
echo $formend;
+ − 2265
break;
+ − 2266
case 'success':
+ − 2267
echo '<div class="info-box">
219
+ − 2268
<b>' . $lang->get('acl_lbl_save_success_title') . '</b><br />
+ − 2269
' . $lang->get('acl_lbl_save_success_body', array( 'target_name' => $response['target_name'] )) . '<br />
1
+ − 2270
' . $formstart . '
+ − 2271
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2272
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2273
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2274
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2275
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2276
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2277
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
+ − 2278
<input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
+ − 2279
' . $formend . '
+ − 2280
</div>';
+ − 2281
break;
+ − 2282
case 'delete':
+ − 2283
echo '<div class="info-box">
219
+ − 2284
<b>' . $lang->get('acl_lbl_delete_success_title') . '</b><br />
+ − 2285
' . $lang->get('acl_lbl_delete_success_body', array('target_name' => $response['target_name'])) . '<br />
1
+ − 2286
' . $formstart . '
+ − 2287
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2288
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2289
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2290
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2291
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2292
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2293
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
+ − 2294
<input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
+ − 2295
' . $formend . '
+ − 2296
</div>';
+ − 2297
break;
+ − 2298
case 'seltarget':
+ − 2299
if ( $response['type'] == 'edit' )
+ − 2300
{
219
+ − 2301
echo '<h3>' . $lang->get('acl_lbl_editwin_title_edit') . '</h3>';
1
+ − 2302
}
+ − 2303
else
+ − 2304
{
219
+ − 2305
echo '<h3>' . $lang->get('acl_lbl_editwin_title_create') . '</h3>';
1
+ − 2306
}
219
+ − 2307
$type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? $lang->get('acl_target_type_group') : $lang->get('acl_target_type_user');
+ − 2308
$scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? $lang->get('acl_scope_type_pagegroup') : $lang->get('acl_scope_type_thispage') ) : $lang->get('acl_scope_type_wholesite');
+ − 2309
$subs = array(
+ − 2310
'target_type' => $type,
+ − 2311
'target' => $response['target_name'],
+ − 2312
'scope_type' => $scope
+ − 2313
);
+ − 2314
echo $lang->get('acl_lbl_editwin_body', $subs);
1
+ − 2315
echo $formstart;
+ − 2316
$parser = $template->makeParserText( $response['template']['acl_field_begin'] );
+ − 2317
echo $parser->run();
+ − 2318
$parser = $template->makeParserText( $response['template']['acl_field_item'] );
+ − 2319
$cls = 'row2';
+ − 2320
foreach ( $response['acl_types'] as $acl_type => $value )
+ − 2321
{
+ − 2322
$vars = Array(
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2323
'FIELD_INHERIT_CHECKED' => '',
1
+ − 2324
'FIELD_DENY_CHECKED' => '',
+ − 2325
'FIELD_DISALLOW_CHECKED' => '',
+ − 2326
'FIELD_WIKIMODE_CHECKED' => '',
+ − 2327
'FIELD_ALLOW_CHECKED' => '',
+ − 2328
);
+ − 2329
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2330
$vars['ROW_CLASS'] = $cls;
+ − 2331
+ − 2332
switch ( $response['current_perms'][$acl_type] )
+ − 2333
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2334
case 'i':
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2335
default:
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2336
$vars['FIELD_INHERIT_CHECKED'] = 'checked="checked"';
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2337
break;
1
+ − 2338
case AUTH_ALLOW:
+ − 2339
$vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
+ − 2340
break;
+ − 2341
case AUTH_WIKIMODE:
+ − 2342
$vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
+ − 2343
break;
+ − 2344
case AUTH_DISALLOW:
+ − 2345
$vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
+ − 2346
break;
+ − 2347
case AUTH_DENY:
+ − 2348
$vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
+ − 2349
break;
+ − 2350
}
+ − 2351
$vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
219
+ − 2352
if ( preg_match('/^([a-z0-9_]+)$/', $response['acl_descs'][$acl_type]) )
+ − 2353
{
+ − 2354
$vars['FIELD_DESC'] = $lang->get($response['acl_descs'][$acl_type]);
+ − 2355
}
+ − 2356
else
+ − 2357
{
+ − 2358
$vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ − 2359
}
1
+ − 2360
$parser->assign_vars($vars);
+ − 2361
echo $parser->run();
+ − 2362
}
+ − 2363
$parser = $template->makeParserText( $response['template']['acl_field_end'] );
+ − 2364
echo $parser->run();
+ − 2365
echo '<div style="margin: 10px auto 0 0; text-align: right;">
+ − 2366
<input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
+ − 2367
<input type="hidden" name="data[page_id]" value="' . (( $response['page_id'] ) ? $response['page_id'] : 'false') . '" />
+ − 2368
<input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
+ − 2369
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2370
<input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
+ − 2371
<input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
219
+ − 2372
' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="' . $lang->get('etc_save_changes') . '" /> <input type="submit" name="data[act_delete_rule]" value="' . $lang->get('acl_btn_deleterule') . '" style="color: #AA0000;" onclick="return confirm(\'' . addslashes($lang->get('acl_msg_deleterule_confirm')) . '\');" />' : '<input type="submit" value="' . $lang->get('acl_btn_createrule') . '" />' ) . '
1
+ − 2373
</div>';
+ − 2374
echo $formend;
+ − 2375
break;
+ − 2376
case 'error':
+ − 2377
ob_end_clean();
+ − 2378
die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
+ − 2379
break;
+ − 2380
}
+ − 2381
$ret = ob_get_contents();
+ − 2382
ob_end_clean();
+ − 2383
echo
+ − 2384
$template->getHeader() .
+ − 2385
$ret .
+ − 2386
$template->getFooter();
+ − 2387
}
+ − 2388
+ − 2389
/**
+ − 2390
* Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
+ − 2391
* @param array The posted data
+ − 2392
* @return array
+ − 2393
* @access private
+ − 2394
*/
+ − 2395
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2396
public static function acl_preprocess($parms)
1
+ − 2397
{
+ − 2398
if ( !isset($parms['mode']) )
+ − 2399
// Nothing to do
+ − 2400
return $parms;
+ − 2401
switch ( $parms['mode'] )
+ − 2402
{
+ − 2403
case 'seltarget':
+ − 2404
+ − 2405
// Who's affected?
+ − 2406
$parms['target_type'] = intval( $parms['target_type'] );
+ − 2407
$parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
+ − 2408
+ − 2409
case 'save_edit':
+ − 2410
case 'save_new':
+ − 2411
if ( isset($parms['act_delete_rule']) )
+ − 2412
{
+ − 2413
$parms['mode'] = 'delete';
+ − 2414
}
+ − 2415
+ − 2416
// Scope (just this page or entire site?)
+ − 2417
if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
+ − 2418
{
+ − 2419
$parms['page_id'] = false;
+ − 2420
$parms['namespace'] = false;
+ − 2421
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2422
else if ( $parms['scope'] == 'page_group' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2423
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2424
$parms['page_id'] = $parms['pg_id'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2425
$parms['namespace'] = '__PageGroup';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2426
}
1
+ − 2427
+ − 2428
break;
+ − 2429
}
+ − 2430
+ − 2431
if ( isset($parms['act_go_stage1']) )
+ − 2432
{
+ − 2433
$parms = array(
+ − 2434
'mode' => 'listgroups'
+ − 2435
);
+ − 2436
}
+ − 2437
+ − 2438
return $parms;
+ − 2439
}
+ − 2440
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2441
public static function acl_postprocess($response)
1
+ − 2442
{
+ − 2443
if(!isset($response['mode']))
+ − 2444
{
+ − 2445
if ( isset($response['groups']) )
+ − 2446
$response['mode'] = 'stage1';
+ − 2447
else
+ − 2448
$response = Array(
+ − 2449
'mode' => 'error',
+ − 2450
'error' => 'Invalid action passed by API backend.',
+ − 2451
);
+ − 2452
}
+ − 2453
return $response;
+ − 2454
}
+ − 2455
+ − 2456
}
+ − 2457
513
+ − 2458
/**
+ − 2459
* Generates a graphical key showing how the ACL rule list works.
+ − 2460
* @return string
+ − 2461
*/
+ − 2462
+ − 2463
function acl_list_draw_key()
+ − 2464
{
+ − 2465
$out = '<div style="width: 460px; margin: 0 auto; text-align: center; margin-bottom: 10px;">';
+ − 2466
$out .= '<div style="float: left;">← Deny</div>';
+ − 2467
$out .= '<div style="float: right;">Allow →</div>';
+ − 2468
$out .= 'Neutral';
+ − 2469
$out .= '<div style="clear: both;"></div>';
+ − 2470
// 11 boxes on each side of the center
+ − 2471
$inc = ceil ( ( 0xFF - ACL_SCALE_MINIMAL_SHADE ) / 11 );
+ − 2472
for ( $i = ACL_SCALE_MINIMAL_SHADE; $i <= 0xFF; $i+= $inc )
+ − 2473
{
+ − 2474
$octet = dechex($i);
+ − 2475
$color = "ff$octet$octet";
+ − 2476
$out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;"> </div>';
+ − 2477
}
+ − 2478
$out .= '<div style="background-color: #efefef; float: left; width: 20px;"> </div>';
+ − 2479
for ( $i = 0xFF; $i >= ACL_SCALE_MINIMAL_SHADE; $i-= $inc )
+ − 2480
{
+ − 2481
$octet = dechex($i);
+ − 2482
$color = "{$octet}ff{$octet}";
+ − 2483
$out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;"> </div>';
+ − 2484
}
+ − 2485
$out .= '<div style="clear: both;"></div>';
+ − 2486
$out .= '<div style="float: left;">-100</div>';
+ − 2487
$out .= '<div style="float: right;">+100</div>';
+ − 2488
$out .= '0';
+ − 2489
$out .= '</div>';
+ − 2490
return $out;
+ − 2491
}
+ − 2492
+ − 2493
/**
+ − 2494
* Gets the numerical score for the serialized form of an ACL rule
+ − 2495
*/
+ − 2496
+ − 2497
function get_acl_rule_score($perms)
+ − 2498
{
+ − 2499
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2500
if ( is_string($perms) )
+ − 2501
$perms = $session->string_to_perm($perms);
+ − 2502
else if ( !is_array($perms) )
+ − 2503
return false;
+ − 2504
$score = 0;
+ − 2505
foreach ( $perms as $item )
+ − 2506
{
+ − 2507
switch ( $item )
+ − 2508
{
+ − 2509
case AUTH_ALLOW :
+ − 2510
$inc = 2;
+ − 2511
break;
+ − 2512
case AUTH_WIKIMODE:
+ − 2513
$inc = 1;
+ − 2514
break;
+ − 2515
case AUTH_DISALLOW:
+ − 2516
$inc = -1;
+ − 2517
break;
+ − 2518
case AUTH_DENY:
+ − 2519
$inc = -2;
+ − 2520
break;
+ − 2521
default:
+ − 2522
$inc = 0;
+ − 2523
break;
+ − 2524
}
+ − 2525
$score += $inc;
+ − 2526
}
+ − 2527
// this is different from the beta; calculate highest score and
+ − 2528
// get percentage to be fairer to smaller/less broad rules
+ − 2529
$divisor = count($perms) * 2;
+ − 2530
if ( $divisor == 0 )
+ − 2531
{
+ − 2532
return 0;
+ − 2533
}
+ − 2534
$score = 100 * ( $score / $divisor );
+ − 2535
return round($score);
+ − 2536
}
+ − 2537
1
+ − 2538
?>