1
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 5
* Version 1.0.1 (Loch Ness)
1
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
22
+ − 14
+ − 15
/**
+ − 16
* Fetch a value from the site configuration.
+ − 17
* @param string The identifier of the value ("site_name" etc.)
+ − 18
* @return string Configuration value, or bool(false) if the value is not set
+ − 19
*/
+ − 20
+ − 21
function getConfig($n)
+ − 22
{
1
+ − 23
global $enano_config;
22
+ − 24
if ( isset( $enano_config[ $n ] ) )
+ − 25
{
+ − 26
return $enano_config[$n];
+ − 27
}
+ − 28
else
+ − 29
{
+ − 30
return false;
+ − 31
}
1
+ − 32
}
+ − 33
22
+ − 34
/**
+ − 35
* Update or change a configuration value.
+ − 36
* @param string The identifier of the value ("site_name" etc.)
+ − 37
* @param string The new value
+ − 38
* @return null
+ − 39
*/
+ − 40
+ − 41
function setConfig($n, $v)
+ − 42
{
76
+ − 43
1
+ − 44
global $enano_config, $db;
+ − 45
$enano_config[$n] = $v;
+ − 46
$v = $db->escape($v);
76
+ − 47
22
+ − 48
$e = $db->sql_query('DELETE FROM '.table_prefix.'config WHERE config_name=\''.$n.'\';');
+ − 49
if ( !$e )
+ − 50
{
+ − 51
$db->_die('Error during generic setConfig() call row deletion.');
+ − 52
}
76
+ − 53
22
+ − 54
$e = $db->sql_query('INSERT INTO '.table_prefix.'config(config_name, config_value) VALUES(\''.$n.'\', \''.$v.'\')');
+ − 55
if ( !$e )
+ − 56
{
+ − 57
$db->_die('Error during generic setConfig() call row insertion.');
+ − 58
}
1
+ − 59
}
+ − 60
22
+ − 61
/**
+ − 62
* Create a URI for an internal link.
+ − 63
* @param string The full identifier of the page to link to (Special:Administration)
+ − 64
* @param string The GET query string to append
+ − 65
* @param bool If true, perform htmlspecialchars() on the return value to make it HTML-safe
+ − 66
* @return string
+ − 67
*/
+ − 68
1
+ − 69
function makeUrl($t, $query = false, $escape = false)
+ − 70
{
+ − 71
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 72
$flags = '';
+ − 73
$sep = urlSeparator;
22
+ − 74
if ( isset($_GET['printable'] ) )
+ − 75
{
+ − 76
$flags .= $sep . 'printable=yes';
+ − 77
$sep = '&';
+ − 78
}
+ − 79
if ( isset($_GET['theme'] ) )
+ − 80
{
+ − 81
$flags .= $sep . 'theme='.$session->theme;
+ − 82
$sep = '&';
+ − 83
}
+ − 84
if ( isset($_GET['style'] ) ) {
76
+ − 85
$flags .= $sep . 'style='.$session->style;
22
+ − 86
$sep = '&';
+ − 87
}
76
+ − 88
1
+ − 89
$url = $session->append_sid(contentPath.$t.$flags);
+ − 90
if($query)
+ − 91
{
+ − 92
$sep = strstr($url, '?') ? '&' : '?';
+ − 93
$url = $url . $sep . $query;
+ − 94
}
76
+ − 95
1
+ − 96
return ($escape) ? htmlspecialchars($url) : $url;
+ − 97
}
+ − 98
22
+ − 99
/**
+ − 100
* Create a URI for an internal link, and be namespace-friendly. Watch out for this one because it's different from most other Enano functions, in that the namespace is the first parameter.
+ − 101
* @param string The namespace ID
+ − 102
* @param string The page ID
+ − 103
* @param string The GET query string to append
+ − 104
* @param bool If true, perform htmlspecialchars() on the return value to make it HTML-safe
+ − 105
* @return string
+ − 106
*/
+ − 107
1
+ − 108
function makeUrlNS($n, $t, $query = false, $escape = false)
+ − 109
{
+ − 110
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 111
$flags = '';
76
+ − 112
1
+ − 113
if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 114
{
22
+ − 115
$sep = urlSeparator;
1
+ − 116
}
+ − 117
else
+ − 118
{
22
+ − 119
$sep = (strstr($_SERVER['REQUEST_URI'], '?')) ? '&' : '?';
+ − 120
}
+ − 121
if ( isset( $_GET['printable'] ) ) {
+ − 122
$flags .= $sep . 'printable';
+ − 123
$sep = '&';
+ − 124
}
76
+ − 125
if ( isset( $_GET['theme'] ) )
22
+ − 126
{
+ − 127
$flags .= $sep . 'theme='.$session->theme;
+ − 128
$sep = '&';
+ − 129
}
+ − 130
if ( isset( $_GET['style'] ) )
+ − 131
{
+ − 132
$flags .= $sep . 'style='.$session->style;
+ − 133
$sep = '&';
+ − 134
}
76
+ − 135
22
+ − 136
if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 137
{
+ − 138
$url = contentPath . $paths->nslist[$n] . $t . $flags;
+ − 139
}
+ − 140
else
+ − 141
{
+ − 142
// If the path manager hasn't been initted yet, take an educated guess at what the URI should be
+ − 143
$url = contentPath . $n . ':' . $t . $flags;
1
+ − 144
}
76
+ − 145
1
+ − 146
if($query)
+ − 147
{
76
+ − 148
if(strstr($url, '?'))
22
+ − 149
{
+ − 150
$sep = '&';
+ − 151
}
+ − 152
else
+ − 153
{
+ − 154
$sep = '?';
+ − 155
}
1
+ − 156
$url = $url . $sep . $query . $flags;
+ − 157
}
76
+ − 158
1
+ − 159
if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 160
{
+ − 161
$url = $session->append_sid($url);
+ − 162
}
76
+ − 163
1
+ − 164
return ($escape) ? htmlspecialchars($url) : $url;
+ − 165
}
+ − 166
22
+ − 167
/**
+ − 168
* Create a URI for an internal link, be namespace-friendly, and add http://hostname/scriptpath to the beginning if possible. Watch out for this one because it's different from most other Enano functions, in that the namespace is the first parameter.
+ − 169
* @param string The namespace ID
+ − 170
* @param string The page ID
+ − 171
* @param string The GET query string to append
+ − 172
* @param bool If true, perform htmlspecialchars() on the return value to make it HTML-safe
+ − 173
* @return string
+ − 174
*/
+ − 175
1
+ − 176
function makeUrlComplete($n, $t, $query = false, $escape = false)
+ − 177
{
+ − 178
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 179
$flags = '';
76
+ − 180
22
+ − 181
if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 182
{
+ − 183
$sep = urlSeparator;
+ − 184
}
+ − 185
else
+ − 186
{
+ − 187
$sep = (strstr($_SERVER['REQUEST_URI'], '?')) ? '&' : '?';
+ − 188
}
+ − 189
if ( isset( $_GET['printable'] ) ) {
+ − 190
$flags .= $sep . 'printable';
+ − 191
$sep = '&';
+ − 192
}
76
+ − 193
if ( isset( $_GET['theme'] ) )
22
+ − 194
{
+ − 195
$flags .= $sep . 'theme='.$session->theme;
+ − 196
$sep = '&';
+ − 197
}
+ − 198
if ( isset( $_GET['style'] ) )
+ − 199
{
+ − 200
$flags .= $sep . 'style='.$session->style;
+ − 201
$sep = '&';
+ − 202
}
76
+ − 203
22
+ − 204
if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 205
{
+ − 206
$url = $session->append_sid(contentPath . $paths->nslist[$n] . $t . $flags);
+ − 207
}
+ − 208
else
+ − 209
{
+ − 210
// If the path manager hasn't been initted yet, take an educated guess at what the URI should be
+ − 211
$url = contentPath . $n . ':' . $t . $flags;
+ − 212
}
1
+ − 213
if($query)
+ − 214
{
+ − 215
if(strstr($url, '?')) $sep = '&';
+ − 216
else $sep = '?';
+ − 217
$url = $url . $sep . $query . $flags;
+ − 218
}
76
+ − 219
1
+ − 220
$baseprot = 'http' . ( isset($_SERVER['HTTPS']) ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'];
+ − 221
$url = $baseprot . $url;
76
+ − 222
1
+ − 223
return ($escape) ? htmlspecialchars($url) : $url;
+ − 224
}
+ − 225
+ − 226
/**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 227
* Tells you the title for the given page ID string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 228
* @param string Page ID string (ex: Special:Administration)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 229
* @return string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 230
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 231
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 232
function get_page_title($page_id)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 233
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 234
global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 235
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 236
$idata = RenderMan::strToPageID($page_id);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 237
$page_id_key = $paths->nslist[ $idata[1] ] . $idata[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 238
$page_data = $paths->pages[$page_id_key];
76
+ − 239
$title = ( isset($page_data['name']) ) ? ( $page_data['namespace'] == 'Article' ? '' : $paths->nslist[ $idata[1] ] ) . $page_data['name'] : $paths->nslist[$idata[1]] . str_replace('_', ' ', dirtify_page_id( $idata[0] ) );
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 240
return $title;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 241
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 242
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 243
/**
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 244
* Tells you the title for the given page ID and namespace
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 245
* @param string Page ID
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 246
* @param string Namespace
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 247
* @return string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 248
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 249
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 250
function get_page_title_ns($page_id, $namespace)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 251
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 252
global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 253
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 254
$page_id_key = $paths->nslist[ $namespace ] . $page_id;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 255
$page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 256
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$namespace] . str_replace('_', ' ', dirtify_page_id( $page_id ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 257
return $title;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 258
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 259
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 260
/**
1
+ − 261
* Redirect the user to the specified URL.
+ − 262
* @param string $url The URL, either relative or absolute.
+ − 263
* @param string $title The title of the message
+ − 264
* @param string $message A short message to show to the user
+ − 265
* @param string $timeout Timeout, in seconds, to delay the redirect. Defaults to 3.
+ − 266
*/
76
+ − 267
1
+ − 268
function redirect($url, $title = 'Redirecting...', $message = 'Please wait while you are redirected.', $timeout = 3)
+ − 269
{
+ − 270
global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 271
1
+ − 272
if ( $timeout == 0 )
+ − 273
{
+ − 274
header('Location: ' . $url);
+ − 275
header('HTTP/1.1 307 Temporary Redirect');
+ − 276
}
76
+ − 277
1
+ − 278
$template->add_header('<meta http-equiv="refresh" content="' . $timeout . '; url=' . str_replace('"', '\\"', $url) . '" />');
+ − 279
$template->add_header('<script type="text/javascript">
+ − 280
function __r() {
+ − 281
// FUNCTION AUTOMATICALLY GENERATED
+ − 282
window.location="' . str_replace('"', '\\"', $url) . '";
+ − 283
}
+ − 284
setTimeout(\'__r();\', ' . $timeout . '000);
+ − 285
</script>
+ − 286
');
76
+ − 287
1
+ − 288
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 289
$template->header(true);
+ − 290
echo '<p>' . $message . '</p><p>If you are not redirected within ' . ( $timeout + 1 ) . ' seconds, <a href="' . str_replace('"', '\\"', $url) . '">please click here</a>.</p>';
+ − 291
$template->footer(true);
76
+ − 292
1
+ − 293
$db->close();
+ − 294
exit(0);
76
+ − 295
1
+ − 296
}
+ − 297
+ − 298
// Removed wikiFormat() from here, replaced with RenderMan::render
+ − 299
22
+ − 300
/**
+ − 301
* Tell me if the page exists or not.
+ − 302
* @param string the full page ID (Special:Administration) of the page to check for
+ − 303
* @return bool True if the page exists, false otherwise
+ − 304
*/
+ − 305
1
+ − 306
function isPage($p) {
+ − 307
global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 308
22
+ − 309
// Try the easy way first ;-)
+ − 310
if ( isset( $paths->pages[ $p ] ) )
+ − 311
{
+ − 312
return true;
+ − 313
}
76
+ − 314
22
+ − 315
// Special case for Special, Template, and Admin pages that can't have slashes in their URIs
+ − 316
$ns_test = RenderMan::strToPageID( $p );
76
+ − 317
22
+ − 318
if($ns_test[1] != 'Special' && $ns_test[1] != 'Template' && $ns_test[1] != 'Admin')
+ − 319
{
+ − 320
return false;
+ − 321
}
76
+ − 322
22
+ − 323
$particles = explode('/', $p);
+ − 324
if ( isset ( $paths->pages[ $particles[ 0 ] ] ) )
+ − 325
{
+ − 326
return true;
+ − 327
}
+ − 328
else
+ − 329
{
+ − 330
return false;
+ − 331
}
1
+ − 332
}
+ − 333
76
+ − 334
/**
+ − 335
* These are some old functions that were used with the Midget codebase. They are deprecated and should not be used any more.
+ − 336
*/
+ − 337
1
+ − 338
function arrayItemUp($arr, $keyname) {
+ − 339
$keylist = array_keys($arr);
+ − 340
$keyflop = array_flip($keylist);
+ − 341
$idx = $keyflop[$keyname];
+ − 342
$idxm = $idx - 1;
+ − 343
$temp = $arr[$keylist[$idxm]];
+ − 344
if($arr[$keylist[0]] == $arr[$keyname]) return $arr;
+ − 345
$arr[$keylist[$idxm]] = $arr[$keylist[$idx]];
+ − 346
$arr[$keylist[$idx]] = $temp;
+ − 347
return $arr;
+ − 348
}
+ − 349
+ − 350
function arrayItemDown($arr, $keyname) {
+ − 351
$keylist = array_keys($arr);
+ − 352
$keyflop = array_flip($keylist);
+ − 353
$idx = $keyflop[$keyname];
+ − 354
$idxm = $idx + 1;
+ − 355
$temp = $arr[$keylist[$idxm]];
+ − 356
$sz = sizeof($arr); $sz--;
+ − 357
if($arr[$keylist[$sz]] == $arr[$keyname]) return $arr;
+ − 358
$arr[$keylist[$idxm]] = $arr[$keylist[$idx]];
+ − 359
$arr[$keylist[$idx]] = $temp;
+ − 360
return $arr;
+ − 361
}
+ − 362
+ − 363
function arrayItemTop($arr, $keyname) {
+ − 364
$keylist = array_keys($arr);
+ − 365
$keyflop = array_flip($keylist);
+ − 366
$idx = $keyflop[$keyname];
+ − 367
while( $orig != $arr[$keylist[0]] ) {
+ − 368
// echo 'Keyname: '.$keylist[$idx] . '<br />'; flush(); ob_flush(); // Debugger
+ − 369
if($idx < 0) return $arr;
+ − 370
if($keylist[$idx] == '' || $keylist[$idx] < 0 || !$keylist[$idx]) {
+ − 371
/* echo 'Infinite loop caught in arrayItemTop(<br /><pre>';
+ − 372
print_r($arr);
+ − 373
echo '</pre><br />, '.$keyname.');<br /><br />EnanoCMS: Critical error during function call, exiting to prevent excessive server load.';
+ − 374
exit; */
+ − 375
return $arr;
+ − 376
}
+ − 377
$arr = arrayItemUp($arr, $keylist[$idx]);
+ − 378
$idx--;
+ − 379
}
+ − 380
return $arr;
+ − 381
}
+ − 382
+ − 383
function arrayItemBottom($arr, $keyname) {
+ − 384
$keylist = array_keys($arr);
+ − 385
$keyflop = array_flip($keylist);
+ − 386
$idx = $keyflop[$keyname];
+ − 387
$sz = sizeof($arr); $sz--;
+ − 388
while( $orig != $arr[$keylist[$sz]] ) {
+ − 389
// echo 'Keyname: '.$keylist[$idx] . '<br />'; flush(); ob_flush(); // Debugger
+ − 390
if($idx > $sz) return $arr;
+ − 391
if($keylist[$idx] == '' || $keylist[$idx] < 0 || !$keylist[$idx]) {
+ − 392
echo 'Infinite loop caught in arrayItemBottom(<br /><pre>';
+ − 393
print_r($arr);
+ − 394
echo '</pre><br />, '.$keyname.');<br /><br />EnanoCMS: Critical error during function call, exiting to prevent excessive server load.';
+ − 395
exit;
+ − 396
}
+ − 397
$arr = arrayItemDown($arr, $keylist[$idx]);
+ − 398
$idx++;
+ − 399
}
+ − 400
return $arr;
+ − 401
}
+ − 402
+ − 403
// Convert IP address to hex string
+ − 404
// Input: 127.0.0.1 (string)
+ − 405
// Output: 0x7f000001 (string)
+ − 406
// Updated 12/8/06 to work with PHP4 and not use eval() (blech)
+ − 407
function ip2hex($ip) {
+ − 408
if ( preg_match('/^([0-9a-f:]+)$/', $ip) )
+ − 409
{
+ − 410
// this is an ipv6 address
+ − 411
return str_replace(':', '', $ip);
+ − 412
}
+ − 413
$nums = explode('.', $ip);
+ − 414
if(sizeof($nums) != 4) return false;
+ − 415
$str = '0x';
+ − 416
foreach($nums as $n)
+ − 417
{
+ − 418
$str .= (string)dechex($n);
+ − 419
}
+ − 420
return $str;
+ − 421
}
+ − 422
+ − 423
// Convert DWord to IP address
+ − 424
// Input: 0x7f000001
+ − 425
// Output: 127.0.0.1
+ − 426
// Updated 12/8/06 to work with PHP4 and not use eval() (blech)
+ − 427
function hex2ip($in) {
+ − 428
if(substr($in, 0, 2) == '0x') $ip = substr($in, 2, 8);
+ − 429
else $ip = substr($in, 0, 8);
+ − 430
$octets = enano_str_split($ip, 2);
+ − 431
$str = '';
+ − 432
$newoct = Array();
+ − 433
foreach($octets as $o)
+ − 434
{
+ − 435
$o = (int)hexdec($o);
+ − 436
$newoct[] = $o;
+ − 437
}
+ − 438
return implode('.', $newoct);
+ − 439
}
+ − 440
+ − 441
// Function strip_php moved to RenderMan class
+ − 442
76
+ − 443
/**
+ − 444
* Immediately brings the site to a halt with an error message. Unlike grinding_halt() this can only be called after the config has been
+ − 445
* fetched (plugin developers don't even need to worry since plugins are always loaded after the config) and shows the site name and
+ − 446
* description.
+ − 447
* @param string The title of the error message
+ − 448
* @param string The body of the message, this can be HTML, and should be separated into paragraphs using the <p> tag
+ − 449
*/
+ − 450
1
+ − 451
function die_semicritical($t, $p)
+ − 452
{
+ − 453
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 454
$db->close();
76
+ − 455
1
+ − 456
if ( ob_get_status() )
+ − 457
ob_end_clean();
76
+ − 458
1
+ − 459
dc_here('functions: <span style="color: red">calling die_semicritical</span>');
76
+ − 460
1
+ − 461
$tpl = new template_nodb();
+ − 462
$tpl->load_theme('oxygen', 'bleu');
+ − 463
$tpl->tpl_strings['SITE_NAME'] = getConfig('site_name');
+ − 464
$tpl->tpl_strings['SITE_DESC'] = getConfig('site_desc');
+ − 465
$tpl->tpl_strings['COPYRIGHT'] = getConfig('copyright_notice');
+ − 466
$tpl->tpl_strings['PAGE_NAME'] = $t;
+ − 467
$tpl->header();
+ − 468
echo $p;
+ − 469
$tpl->footer();
76
+ − 470
1
+ − 471
exit;
+ − 472
}
+ − 473
76
+ − 474
/**
+ − 475
* Halts Enano execution with a message. This doesn't have to be an error message, it's sometimes used to indicate success at an operation.
+ − 476
* @param string The title of the message
+ − 477
* @param string The body of the message, this can be HTML, and should be separated into paragraphs using the <p> tag
+ − 478
*/
+ − 479
1
+ − 480
function die_friendly($t, $p)
+ − 481
{
+ − 482
global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 483
1
+ − 484
if ( ob_get_status() )
+ − 485
ob_end_clean();
76
+ − 486
1
+ − 487
dc_here('functions: <span style="color: red">calling die_friendly</span>');
+ − 488
$paths->cpage['name'] = $t;
+ − 489
$template->tpl_strings['PAGE_NAME'] = $t;
+ − 490
$template->header();
+ − 491
echo $p;
+ − 492
$template->footer();
+ − 493
$db->close();
76
+ − 494
1
+ − 495
exit;
+ − 496
}
+ − 497
76
+ − 498
/**
+ − 499
* Immediately brings the site to a halt with an error message, and focuses on immediately closing the database connection and shutting down Enano in the event that an attack may happen. This should only be used very early on to indicate very severe errors, or if the site may be under attack (like if the DBAL detects a malicious query). In the vast majority of cases, die_semicritical() is more appropriate.
+ − 500
* @param string The title of the error message
+ − 501
* @param string The body of the message, this can be HTML, and should be separated into paragraphs using the <p> tag
+ − 502
*/
+ − 503
1
+ − 504
function grinding_halt($t, $p)
+ − 505
{
+ − 506
global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 507
1
+ − 508
$db->close();
76
+ − 509
1
+ − 510
if ( ob_get_status() )
+ − 511
ob_end_clean();
76
+ − 512
1
+ − 513
dc_here('functions: <span style="color: red">calling grinding_halt</span>');
+ − 514
$tpl = new template_nodb();
+ − 515
$tpl->load_theme('oxygen', 'bleu');
+ − 516
$tpl->tpl_strings['SITE_NAME'] = 'Critical error';
+ − 517
$tpl->tpl_strings['SITE_DESC'] = 'This website is experiencing a serious error and cannot load.';
+ − 518
$tpl->tpl_strings['COPYRIGHT'] = 'Unable to retrieve copyright information';
+ − 519
$tpl->tpl_strings['PAGE_NAME'] = $t;
+ − 520
$tpl->header();
+ − 521
echo $p;
+ − 522
$tpl->footer();
+ − 523
exit;
+ − 524
}
+ − 525
76
+ − 526
/**
+ − 527
* Prints out the categorization box found on most regular pages. Doesn't take or return anything, but assumes that the page information is already set in $paths.
+ − 528
*/
+ − 529
+ − 530
/*
+ − 531
function show_category_info()
+ − 532
{
1
+ − 533
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 534
dc_here('functions: showing category info');
76
+ − 535
// if($template->no_headers && !strpos($_SERVER['REQUEST_URI'], 'ajax.php')) return '';
+ − 536
if ( $paths->namespace == 'Category' )
1
+ − 537
{
+ − 538
$q = $db->sql_query('SELECT page_id,namespace FROM '.table_prefix.'categories WHERE category_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\'Category\' ORDER BY page_id;');
+ − 539
if(!$q) $db->_die('The category information could not be selected.');
+ − 540
$ticker = -1;
+ − 541
echo '<h3>Subcategories</h3>';
+ − 542
if($db->numrows() < 1) echo '<p>There are no subcategories in this category.</p>';
+ − 543
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 544
while($row = $db->fetchrow())
+ − 545
{
76
+ − 546
$ticker++;
+ − 547
if ( $ticker == 3 )
+ − 548
{
+ − 549
$ticker = 0;
+ − 550
}
+ − 551
if ( $ticker == 0 )
+ − 552
{
+ − 553
echo '<tr>';
+ − 554
}
+ − 555
echo '<td style="width: 200px;"><a href="' . makeUrlNS($row['namespace'], $row['page_id']) . '">' . htmlspecialchars($paths->pages[$paths->nslist[$row['namespace']].$row['page_id']]['name']) . '</a></td>';
+ − 556
if ( $ticker == 2 )
+ − 557
{
+ − 558
echo '</tr>';
+ − 559
}
1
+ − 560
}
+ − 561
$db->free_result();
+ − 562
if($ticker) echo '</tr>';
+ − 563
echo '</table>';
76
+ − 564
1
+ − 565
$q = $db->sql_query('SELECT page_id,namespace FROM '.table_prefix.'categories WHERE category_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace!=\'Category\' ORDER BY page_id;');
76
+ − 566
if ( !$q )
+ − 567
{
+ − 568
$db->_die('The category information could not be selected.');
+ − 569
}
1
+ − 570
$ticker = -1;
+ − 571
echo '<h3>Pages</h3>';
76
+ − 572
if ( $db->numrows() < 1 )
+ − 573
{
+ − 574
echo '<p>There are no pages in this category.</p>';
+ − 575
}
1
+ − 576
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 577
while($row = $db->fetchrow())
+ − 578
{
76
+ − 579
$ticker += ( $ticker == 3 ) ? -3 : 1;
+ − 580
if ( $ticker == 0 )
+ − 581
{
+ − 582
echo '<tr>';
+ − 583
}
+ − 584
echo '<td style="width: 200px;"><a href="'.makeUrlNS($row['namespace'], $row['page_id']).'">'.htmlspecialchars($paths->pages[$paths->nslist[$row['namespace']].$row['page_id']]['name']).'</a></td>';
+ − 585
if ( $ticker == 2 )
+ − 586
{
+ − 587
echo '</tr>';
+ − 588
}
1
+ − 589
}
+ − 590
$db->free_result();
+ − 591
if($ticker) echo '</tr>';
+ − 592
echo '</table><br /><br />';
+ − 593
}
+ − 594
$q = $db->sql_query('SELECT category_id FROM '.table_prefix.'categories WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\'');
+ − 595
if(!$q) $db->_die('The error seems to have occurred during selection of category data.');
+ − 596
if($db->numrows() > 0) {
+ − 597
echo '<div class="mdg-comment" style="margin-left: 0;">Categories: ';
+ − 598
$i=0;
+ − 599
while($r = $db->fetchrow())
+ − 600
{
+ − 601
if($i>0) echo ', ';
+ − 602
$i++;
+ − 603
echo '<a href="'.makeUrlNS('Category', $r['category_id']).'">'.$paths->pages[$paths->nslist['Category'].$r['category_id']]['name'].'</a>';
+ − 604
}
+ − 605
if( ( $paths->wiki_mode && !$paths->page_protected ) || ( $session->get_permissions('edit_cat') && $session->get_permissions('even_when_protected') ) ) echo ' [ <a href="'.makeUrl($paths->page, 'do=catedit', true).'" onclick="ajaxCatEdit(); return false;">edit categorization</a> ]</div>';
76
+ − 606
}
+ − 607
else
+ − 608
{
1
+ − 609
echo '<div class="mdg-comment" style="margin-left: 0;">Categories: ';
+ − 610
echo '(Uncategorized)';
+ − 611
if( ( $paths->wiki_mode && !$paths->page_protected ) || ( $session->get_permissions('edit_cat') && $session->get_permissions('even_when_protected') ) ) echo ' [ <a href="'.makeUrl($paths->page, 'do=catedit', true).'" onclick="ajaxCatEdit(); return false;">edit categorization</a> ]</div>';
+ − 612
else echo '</div>';
+ − 613
}
+ − 614
$db->free_result();
+ − 615
}
76
+ − 616
*/
+ − 617
+ − 618
function show_category_info()
+ − 619
{
+ − 620
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 621
+ − 622
if ( $paths->namespace == 'Category' )
+ − 623
{
+ − 624
// Show member pages and subcategories
+ − 625
$q = $db->sql_query('SELECT p.urlname, p.namespace, p.name, p.namespace=\'Category\' AS is_category FROM '.table_prefix.'categories AS c
+ − 626
LEFT JOIN '.table_prefix.'pages AS p
+ − 627
ON ( p.urlname = c.page_id AND p.namespace = c.namespace )
+ − 628
WHERE c.category_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\'
+ − 629
ORDER BY is_category DESC, p.name ASC;');
+ − 630
if ( !$q )
+ − 631
{
+ − 632
$db->_die();
+ − 633
}
+ − 634
echo '<h3>Subcategories</h3>';
+ − 635
echo '<div class="tblholder">';
+ − 636
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 637
echo '<tr>';
+ − 638
$ticker = 0;
+ − 639
$counter = 0;
+ − 640
$switched = false;
+ − 641
$class = 'row1';
+ − 642
while ( $row = $db->fetchrow() )
+ − 643
{
+ − 644
if ( $row['is_category'] == 0 && !$switched )
+ − 645
{
+ − 646
if ( $counter > 0 )
+ − 647
{
+ − 648
// Fill-in
+ − 649
while ( $ticker < 3 )
+ − 650
{
+ − 651
$ticker++;
+ − 652
echo '<td class="' . $class . '" style="width: 33.3%;"></td>';
+ − 653
}
+ − 654
}
+ − 655
else
+ − 656
{
+ − 657
echo '<td class="' . $class . '">No subcategories.</td>';
+ − 658
}
+ − 659
echo '</tr></table></div>' . "\n\n";
+ − 660
echo '<h3>Pages</h3>';
+ − 661
echo '<div class="tblholder">';
+ − 662
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 663
echo '<tr>';
+ − 664
$counter = 0;
+ − 665
$ticker = 0;
+ − 666
$switched = true;
+ − 667
}
+ − 668
$counter++;
+ − 669
$ticker++;
+ − 670
if ( $ticker == 3 )
+ − 671
{
+ − 672
echo '</tr><tr>';
+ − 673
$ticker = 0;
+ − 674
$class = ( $class == 'row3' ) ? 'row1' : 'row3';
+ − 675
}
+ − 676
echo "<td class=\"{$class}\" style=\"width: 33.3%;\">"; // " to workaround stupid jEdit bug
+ − 677
+ − 678
$link = makeUrlNS($row['namespace'], sanitize_page_id($row['urlname']));
+ − 679
echo '<a href="' . $link . '"';
+ − 680
$key = $paths->nslist[$row['namespace']] . sanitize_page_id($row['urlname']);
+ − 681
if ( !isPage( $key ) )
+ − 682
{
+ − 683
echo ' class="wikilink-nonexistent"';
+ − 684
}
+ − 685
echo '>';
+ − 686
$title = get_page_title_ns($row['urlname'], $row['namespace']);
+ − 687
echo htmlspecialchars($title);
+ − 688
echo '</a>';
+ − 689
+ − 690
echo "</td>";
+ − 691
}
+ − 692
if ( !$switched )
+ − 693
{
+ − 694
if ( $counter > 0 )
+ − 695
{
+ − 696
// Fill-in
+ − 697
while ( $ticker < 3 )
+ − 698
{
+ − 699
$ticker++;
+ − 700
echo '<td class="' . $class . '" style="width: 33.3%;"></td>';
+ − 701
}
+ − 702
}
+ − 703
else
+ − 704
{
+ − 705
echo '<td class="' . $class . '">No subcategories.</td>';
+ − 706
}
+ − 707
echo '</tr></table></div>' . "\n\n";
+ − 708
echo '<h3>Pages</h3>';
+ − 709
echo '<div class="tblholder">';
+ − 710
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 711
echo '<tr>';
+ − 712
$counter = 0;
+ − 713
$ticker = 0;
+ − 714
$switched = true;
+ − 715
}
+ − 716
if ( $counter > 0 )
+ − 717
{
+ − 718
// Fill-in
+ − 719
while ( $ticker < 3 )
+ − 720
{
+ − 721
$ticker++;
+ − 722
echo '<td class="' . $class . '" style="width: 33.3%;"></td>';
+ − 723
}
+ − 724
}
+ − 725
else
+ − 726
{
+ − 727
echo '<td class="' . $class . '">No pages in this category.</td>';
+ − 728
}
+ − 729
echo '</tr></table></div>' . "\n\n";
+ − 730
}
+ − 731
+ − 732
if ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 733
{
+ − 734
echo '<div class="mdg-comment" style="margin: 10px 0 0 0;">';
+ − 735
if ( $session->user_level >= USER_LEVEL_ADMIN )
+ − 736
{
+ − 737
echo '<div style="float: right;">';
+ − 738
echo '(<a href="#" onclick="ajaxCatToTag(); return false;">show page tags</a>)';
+ − 739
echo '</div>';
+ − 740
}
+ − 741
echo '<div id="mdgCatBox">Categories: ';
+ − 742
+ − 743
$where = '( c.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND c.namespace=\'' . $db->escape($paths->namespace) . '\' )';
+ − 744
$prefix = table_prefix;
+ − 745
$sql = <<<EOF
+ − 746
SELECT c.category_id FROM {$prefix}categories AS c
+ − 747
LEFT JOIN {$prefix}pages AS p
+ − 748
ON ( ( p.urlname = c.page_id AND p.namespace = c.namespace ) OR ( p.urlname IS NULL AND p.namespace IS NULL ) )
+ − 749
WHERE $where
+ − 750
ORDER BY p.name ASC, c.page_id ASC;
+ − 751
EOF;
+ − 752
$q = $db->sql_query($sql);
+ − 753
if ( !$q )
+ − 754
$db->_die();
+ − 755
+ − 756
if ( $row = $db->fetchrow() )
+ − 757
{
+ − 758
$list = array();
+ − 759
do
+ − 760
{
+ − 761
$cid = sanitize_page_id($row['category_id']);
+ − 762
$title = get_page_title_ns($cid, 'Category');
+ − 763
$link = makeUrlNS('Category', $cid);
+ − 764
$list[] = '<a href="' . $link . '">' . htmlspecialchars($title) . '</a>';
+ − 765
}
+ − 766
while ( $row = $db->fetchrow() );
+ − 767
echo implode(', ', $list);
+ − 768
}
+ − 769
else
+ − 770
{
+ − 771
echo '(Uncategorized)';
+ − 772
}
+ − 773
+ − 774
$can_edit = ( $session->get_permissions('edit_cat') && ( !$paths->page_protected || $session->get_permissions('even_when_protected') ) );
+ − 775
if ( $can_edit )
+ − 776
{
+ − 777
$edit_link = '<a href="' . makeUrl($paths->page, 'do=catedit', true) . '" onclick="ajaxCatEdit(); return false;">edit categorization</a>';
+ − 778
echo ' [ ' . $edit_link . ' ]';
+ − 779
}
+ − 780
+ − 781
echo '</div></div>';
+ − 782
+ − 783
}
+ − 784
+ − 785
}
+ − 786
+ − 787
/**
+ − 788
* Prints out the file information box seen on File: pages. Doesn't take or return anything, but assumes that the page information is already set in $paths, and expects $paths->namespace to be File.
+ − 789
*/
1
+ − 790
+ − 791
function show_file_info()
+ − 792
{
+ − 793
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 794
if($paths->namespace != 'File') return null; // Prevent unnecessary work
+ − 795
$selfn = $paths->cpage['urlname_nons']; // substr($paths->page, strlen($paths->nslist['File']), strlen($paths->cpage));
+ − 796
if(substr($paths->cpage['name'], 0, strlen($paths->nslist['File']))==$paths->nslist['File']) $selfn = substr($paths->cpage['urlname_nons'], strlen($paths->nslist['File']), strlen($paths->cpage['urlname_nons']));
+ − 797
$q = $db->sql_query('SELECT mimetype,time_id,size FROM '.table_prefix.'files WHERE page_id=\''.$selfn.'\' ORDER BY time_id DESC;');
+ − 798
if(!$q) $db->_die('The file type could not be fetched.');
+ − 799
if($db->numrows() < 1) { echo '<div class="mdg-comment" style="margin-left: 0;"><h3>Uploaded file</h3><p>There are no files uploaded with this name yet. <a href="'.makeUrlNS('Special', 'UploadFile/'.$paths->cpage['urlname_nons']).'">Upload a file...</a></p></div><br />'; return; }
+ − 800
$r = $db->fetchrow();
+ − 801
$mimetype = $r['mimetype'];
+ − 802
$datestring = date('F d, Y h:i a', (int)$r['time_id']);
+ − 803
echo '<div class="mdg-comment" style="margin-left: 0;"><p><h3>Uploaded file</h3></p><p>Type: '.$r['mimetype'].'<br />Size: ';
+ − 804
$fs = $r['size'];
+ − 805
echo $fs.' bytes';
+ − 806
$fs = (int)$fs;
+ − 807
if($fs >= 1048576)
+ − 808
{
+ − 809
$fs = round($fs / 1048576, 1);
+ − 810
echo ' ('.$fs.' MB)';
+ − 811
} elseif($fs >= 1024) {
+ − 812
$fs = round($fs / 1024, 1);
+ − 813
echo ' ('.$fs.' KB)';
+ − 814
}
+ − 815
echo '<br />Uploaded: '.$datestring.'</p>';
+ − 816
if(substr($mimetype, 0, 6)!='image/' && ( substr($mimetype, 0, 5) != 'text/' || $mimetype == 'text/html' || $mimetype == 'text/javascript' ))
+ − 817
{
+ − 818
echo '<div class="warning-box">This file type may contain viruses or other code that could harm your computer. You should exercise caution if you download it.</div>';
+ − 819
}
+ − 820
if(substr($mimetype, 0, 6)=='image/')
+ − 821
{
+ − 822
echo '<p><a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn).'"><img style="border: 0;" alt="'.$paths->page.'" src="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.htmlspecialchars(urlSeparator).'preview').'" /></a></p>';
+ − 823
}
+ − 824
echo '<p><a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.'/'.$r['time_id'].htmlspecialchars(urlSeparator).'download').'">Download this file</a>';
+ − 825
if(!$paths->page_protected && ( $paths->wiki_mode || $session->get_permissions('upload_new_version') ))
+ − 826
{
+ − 827
echo ' | <a href="'.makeUrlNS('Special', 'UploadFile'.'/'.$selfn).'">Upload new version</a>';
+ − 828
}
+ − 829
echo '</p>';
+ − 830
if($db->numrows() > 1)
+ − 831
{
+ − 832
echo '<h3>File history</h3><p>';
+ − 833
while($r = $db->fetchrow())
+ − 834
{
+ − 835
echo '(<a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.'/'.$r['time_id'].htmlspecialchars(urlSeparator).'download').'">this ver</a>) ';
+ − 836
if($session->get_permissions('history_rollback'))
+ − 837
echo ' (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert</a>) ';
+ − 838
$mimetype = $r['mimetype'];
+ − 839
$datestring = date('F d, Y h:i a', (int)$r['time_id']);
+ − 840
echo $datestring.': '.$r['mimetype'].', ';
+ − 841
$fs = $r['size'];
+ − 842
$fs = (int)$fs;
+ − 843
if($fs >= 1048576)
+ − 844
{
+ − 845
$fs = round($fs / 1048576, 1);
+ − 846
echo ' '.$fs.' MB';
+ − 847
} elseif($fs >= 1024) {
+ − 848
$fs = round($fs / 1024, 1);
+ − 849
echo ' '.$fs.' KB';
+ − 850
} else {
+ − 851
echo ' '.$fs.' bytes';
+ − 852
}
+ − 853
echo '<br />';
+ − 854
}
+ − 855
echo '</p>';
+ − 856
}
+ − 857
$db->free_result();
+ − 858
echo '</div><br />';
+ − 859
}
+ − 860
76
+ − 861
/**
+ − 862
* Shows header information on the current page. Currently this is only the delete-vote feature. Doesn't take or return anything, but assumes that the page information is already set in $paths.
+ − 863
*/
+ − 864
1
+ − 865
function display_page_headers()
+ − 866
{
+ − 867
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 868
if($session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0)
+ − 869
{
+ − 870
$hr = implode(', ', explode('|', $paths->cpage['delvote_ips']));
+ − 871
$is = 'is';
+ − 872
$s = '';
+ − 873
$s2 = 's';
+ − 874
if ( $paths->cpage['delvotes'] > 1)
+ − 875
{
+ − 876
$is = 'are';
+ − 877
$s = 's';
+ − 878
$s2 = '';
+ − 879
}
+ − 880
echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;" id="mdgDeleteVoteNoticeBox">
+ − 881
<b>Notice:</b> There '.$is.' '.$paths->cpage['delvotes'].' user'.$s.' that think'.$s2.' this page should be deleted.<br />
+ − 882
<b>Users that voted:</b> ' . $hr . '<br />
+ − 883
<a href="'.makeUrl($paths->page, 'do=deletepage').'" onclick="ajaxDeletePage(); return false;">Delete page</a> | <a href="'.makeUrl($paths->page, 'do=resetvotes').'" onclick="ajaxResetDelVotes(); return false;">Reset votes</a>
+ − 884
</div>';
+ − 885
}
+ − 886
}
+ − 887
76
+ − 888
/**
+ − 889
* Displays page footer information including file and category info. This also has the send_page_footers hook. Doesn't take or return anything, but assumes that the page information is already set in $paths.
+ − 890
*/
+ − 891
1
+ − 892
function display_page_footers()
+ − 893
{
+ − 894
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 895
if(isset($_GET['nofooters'])) return;
+ − 896
$code = $plugins->setHook('send_page_footers');
+ − 897
foreach ( $code as $cmd )
+ − 898
{
+ − 899
eval($cmd);
+ − 900
}
+ − 901
show_file_info();
+ − 902
show_category_info();
+ − 903
}
+ − 904
76
+ − 905
/**
+ − 906
* Deprecated, do not use.
+ − 907
*/
+ − 908
1
+ − 909
function password_prompt($id = false)
+ − 910
{
+ − 911
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 912
if(!$id) $id = $paths->page;
+ − 913
if(isset($paths->pages[$id]['password']) && strlen($paths->pages[$id]['password']) == 40 && !isset($_REQUEST['pagepass']))
+ − 914
{
+ − 915
die_friendly('Password required', '<p>You must supply a password to access this page.</p><form action="'.makeUrl($paths->pages[$id]['urlname']).'" method="post"><p>Password: <input name="pagepass" type="password" /></p><p><input type="submit" value="Submit" /></p>');
+ − 916
} elseif(isset($_REQUEST['pagepass'])) {
+ − 917
$p = (preg_match('#^([a-f0-9]*){40}$#', $_REQUEST['pagepass'])) ? $_REQUEST['pagepass'] : sha1($_REQUEST['pagepass']);
+ − 918
if($p != $paths->pages[$id]['password']) die_friendly('Password required', '<p style="color: red;">The password you entered is incorrect.</p><form action="'.makeUrl($paths->page).'" method="post"><p>Password: <input name="pagepass" type="password" /></p><p><input type="submit" value="Submit" /></p>');
+ − 919
}
+ − 920
}
+ − 921
76
+ − 922
/**
+ − 923
* Some sort of primitive hex converter from back in the day. Deprecated, do not use.
+ − 924
* @param string Text to encode
+ − 925
* @return string
+ − 926
*/
+ − 927
1
+ − 928
function str_hex($string){
+ − 929
$hex='';
+ − 930
for ($i=0; $i < strlen($string); $i++){
+ − 931
$hex .= ' '.dechex(ord($string[$i]));
+ − 932
}
+ − 933
return substr($hex, 1, strlen($hex));
+ − 934
}
+ − 935
76
+ − 936
/**
+ − 937
* Essentially an return code reader for a socket. Don't use this unless you're writing mail code and smtp_send_email doesn't cut it. Ported from phpBB's smtp.php.
+ − 938
* @param socket A socket resource
+ − 939
* @param string The expected response from the server, this needs to be exactly three characters.
+ − 940
*/
+ − 941
+ − 942
function smtp_get_response($socket, $response, $line = __LINE__)
1
+ − 943
{
76
+ − 944
$server_response = '';
+ − 945
while (substr($server_response, 3, 1) != ' ')
+ − 946
{
+ − 947
if (!($server_response = fgets($socket, 256)))
+ − 948
{
1
+ − 949
die_friendly('SMTP Error', "<p>Couldn't get mail server response codes</p>");
76
+ − 950
}
+ − 951
}
1
+ − 952
76
+ − 953
if (!(substr($server_response, 0, 3) == $response))
+ − 954
{
1
+ − 955
die_friendly('SMTP Error', "<p>Ran into problems sending mail. Response: $server_response</p>");
76
+ − 956
}
1
+ − 957
}
+ − 958
76
+ − 959
/**
+ − 960
* Wrapper for smtp_send_email_core that takes the sender as the fourth parameter instead of additional headers.
+ − 961
* @param string E-mail address to send to
+ − 962
* @param string Subject line
+ − 963
* @param string The body of the message
+ − 964
* @param string Address of the sender
+ − 965
*/
+ − 966
1
+ − 967
function smtp_send_email($to, $subject, $message, $from)
+ − 968
{
+ − 969
return smtp_send_email_core($to, $subject, $message, "From: <$from>\n");
+ − 970
}
+ − 971
76
+ − 972
/**
+ − 973
* Replacement or substitute for PHP's mail() builtin function.
+ − 974
* @param string E-mail address to send to
+ − 975
* @param string Subject line
+ − 976
* @param string The body of the message
+ − 977
* @param string Message headers, separated by a single newline ("\n")
+ − 978
* @copyright (C) phpBB Group
+ − 979
* @license GPL
+ − 980
*/
+ − 981
1
+ − 982
function smtp_send_email_core($mail_to, $subject, $message, $headers = '')
+ − 983
{
76
+ − 984
// Fix any bare linefeeds in the message to make it RFC821 Compliant.
+ − 985
$message = preg_replace("#(?<!\r)\n#si", "\r\n", $message);
1
+ − 986
76
+ − 987
if ($headers != '')
+ − 988
{
+ − 989
if (is_array($headers))
+ − 990
{
+ − 991
if (sizeof($headers) > 1)
+ − 992
{
+ − 993
$headers = join("\n", $headers);
+ − 994
}
+ − 995
else
+ − 996
{
+ − 997
$headers = $headers[0];
+ − 998
}
+ − 999
}
+ − 1000
$headers = chop($headers);
1
+ − 1001
76
+ − 1002
// Make sure there are no bare linefeeds in the headers
+ − 1003
$headers = preg_replace('#(?<!\r)\n#si', "\r\n", $headers);
1
+ − 1004
76
+ − 1005
// Ok this is rather confusing all things considered,
+ − 1006
// but we have to grab bcc and cc headers and treat them differently
+ − 1007
// Something we really didn't take into consideration originally
+ − 1008
$header_array = explode("\r\n", $headers);
+ − 1009
@reset($header_array);
1
+ − 1010
76
+ − 1011
$headers = '';
+ − 1012
while(list(, $header) = each($header_array))
+ − 1013
{
+ − 1014
if (preg_match('#^cc:#si', $header))
+ − 1015
{
+ − 1016
$cc = preg_replace('#^cc:(.*)#si', '\1', $header);
+ − 1017
}
+ − 1018
else if (preg_match('#^bcc:#si', $header))
+ − 1019
{
+ − 1020
$bcc = preg_replace('#^bcc:(.*)#si', '\1', $header);
+ − 1021
$header = '';
+ − 1022
}
+ − 1023
$headers .= ($header != '') ? $header . "\r\n" : '';
+ − 1024
}
1
+ − 1025
76
+ − 1026
$headers = chop($headers);
+ − 1027
$cc = explode(', ', $cc);
+ − 1028
$bcc = explode(', ', $bcc);
+ − 1029
}
1
+ − 1030
76
+ − 1031
if (trim($subject) == '')
+ − 1032
{
+ − 1033
die_friendly(GENERAL_ERROR, "No email Subject specified");
+ − 1034
}
1
+ − 1035
76
+ − 1036
if (trim($message) == '')
+ − 1037
{
+ − 1038
die_friendly(GENERAL_ERROR, "Email message was blank");
+ − 1039
}
+ − 1040
1
+ − 1041
// setup SMTP
+ − 1042
$host = getConfig('smtp_server');
+ − 1043
if ( empty($host) )
+ − 1044
return 'No smtp_host in config';
+ − 1045
if ( strstr($host, ':' ) )
+ − 1046
{
+ − 1047
$n = explode(':', $host);
+ − 1048
$smtp_host = $n[0];
+ − 1049
$port = intval($n[1]);
+ − 1050
}
+ − 1051
else
+ − 1052
{
+ − 1053
$smtp_host = $host;
+ − 1054
$port = 25;
+ − 1055
}
76
+ − 1056
1
+ − 1057
$smtp_user = getConfig('smtp_user');
+ − 1058
$smtp_pass = getConfig('smtp_password');
+ − 1059
76
+ − 1060
// Ok we have error checked as much as we can to this point let's get on
+ − 1061
// it already.
+ − 1062
if( !$socket = @fsockopen($smtp_host, $port, $errno, $errstr, 20) )
+ − 1063
{
+ − 1064
die_friendly(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr");
+ − 1065
}
+ − 1066
+ − 1067
// Wait for reply
+ − 1068
smtp_get_response($socket, "220", __LINE__);
1
+ − 1069
76
+ − 1070
// Do we want to use AUTH?, send RFC2554 EHLO, else send RFC821 HELO
+ − 1071
// This improved as provided by SirSir to accomodate
+ − 1072
if( !empty($smtp_user) && !empty($smtp_pass) )
+ − 1073
{
+ − 1074
enano_fputs($socket, "EHLO " . $smtp_host . "\r\n");
+ − 1075
smtp_get_response($socket, "250", __LINE__);
1
+ − 1076
76
+ − 1077
enano_fputs($socket, "AUTH LOGIN\r\n");
+ − 1078
smtp_get_response($socket, "334", __LINE__);
1
+ − 1079
76
+ − 1080
enano_fputs($socket, base64_encode($smtp_user) . "\r\n");
+ − 1081
smtp_get_response($socket, "334", __LINE__);
1
+ − 1082
76
+ − 1083
enano_fputs($socket, base64_encode($smtp_pass) . "\r\n");
+ − 1084
smtp_get_response($socket, "235", __LINE__);
+ − 1085
}
+ − 1086
else
+ − 1087
{
+ − 1088
enano_fputs($socket, "HELO " . $smtp_host . "\r\n");
+ − 1089
smtp_get_response($socket, "250", __LINE__);
+ − 1090
}
1
+ − 1091
76
+ − 1092
// From this point onward most server response codes should be 250
+ − 1093
// Specify who the mail is from....
+ − 1094
enano_fputs($socket, "MAIL FROM: <" . getConfig('contact_email') . ">\r\n");
+ − 1095
smtp_get_response($socket, "250", __LINE__);
1
+ − 1096
76
+ − 1097
// Specify each user to send to and build to header.
+ − 1098
$to_header = '';
1
+ − 1099
76
+ − 1100
// Add an additional bit of error checking to the To field.
+ − 1101
$mail_to = (trim($mail_to) == '') ? 'Undisclosed-recipients:;' : trim($mail_to);
+ − 1102
if (preg_match('#[^ ]+\@[^ ]+#', $mail_to))
+ − 1103
{
+ − 1104
enano_fputs($socket, "RCPT TO: <$mail_to>\r\n");
+ − 1105
smtp_get_response($socket, "250", __LINE__);
+ − 1106
}
1
+ − 1107
76
+ − 1108
// Ok now do the CC and BCC fields...
+ − 1109
@reset($bcc);
+ − 1110
while(list(, $bcc_address) = each($bcc))
+ − 1111
{
+ − 1112
// Add an additional bit of error checking to bcc header...
+ − 1113
$bcc_address = trim($bcc_address);
+ − 1114
if (preg_match('#[^ ]+\@[^ ]+#', $bcc_address))
+ − 1115
{
+ − 1116
enano_fputs($socket, "RCPT TO: <$bcc_address>\r\n");
+ − 1117
smtp_get_response($socket, "250", __LINE__);
+ − 1118
}
+ − 1119
}
1
+ − 1120
76
+ − 1121
@reset($cc);
+ − 1122
while(list(, $cc_address) = each($cc))
+ − 1123
{
+ − 1124
// Add an additional bit of error checking to cc header
+ − 1125
$cc_address = trim($cc_address);
+ − 1126
if (preg_match('#[^ ]+\@[^ ]+#', $cc_address))
+ − 1127
{
+ − 1128
enano_fputs($socket, "RCPT TO: <$cc_address>\r\n");
+ − 1129
smtp_get_response($socket, "250", __LINE__);
+ − 1130
}
+ − 1131
}
1
+ − 1132
76
+ − 1133
// Ok now we tell the server we are ready to start sending data
+ − 1134
enano_fputs($socket, "DATA\r\n");
1
+ − 1135
76
+ − 1136
// This is the last response code we look for until the end of the message.
+ − 1137
smtp_get_response($socket, "354", __LINE__);
1
+ − 1138
76
+ − 1139
// Send the Subject Line...
+ − 1140
enano_fputs($socket, "Subject: $subject\r\n");
1
+ − 1141
76
+ − 1142
// Now the To Header.
+ − 1143
enano_fputs($socket, "To: $mail_to\r\n");
1
+ − 1144
76
+ − 1145
// Now any custom headers....
+ − 1146
enano_fputs($socket, "$headers\r\n\r\n");
1
+ − 1147
76
+ − 1148
// Ok now we are ready for the message...
+ − 1149
enano_fputs($socket, "$message\r\n");
1
+ − 1150
76
+ − 1151
// Ok the all the ingredients are mixed in let's cook this puppy...
+ − 1152
enano_fputs($socket, ".\r\n");
+ − 1153
smtp_get_response($socket, "250", __LINE__);
1
+ − 1154
76
+ − 1155
// Now tell the server we are done and close the socket...
+ − 1156
enano_fputs($socket, "QUIT\r\n");
+ − 1157
fclose($socket);
1
+ − 1158
76
+ − 1159
return TRUE;
1
+ − 1160
}
+ − 1161
+ − 1162
/**
+ − 1163
* Tell which version of Enano we're running.
+ − 1164
* @param bool $long if true, uses English version names (e.g. alpha, beta, release candidate). If false (default) uses abbreviations (1.0a1, 1.0b3, 1.0RC2, etc.)
+ − 1165
* @return string
+ − 1166
*/
+ − 1167
+ − 1168
function enano_version($long = false, $no_nightly = false)
+ − 1169
{
+ − 1170
$r = getConfig('enano_version');
+ − 1171
$rc = ( $long ) ? ' release candidate ' : 'RC';
+ − 1172
$b = ( $long ) ? ' beta ' : 'b';
+ − 1173
$a = ( $long ) ? ' alpha ' : 'a';
+ − 1174
if($v = getConfig('enano_rc_version')) $r .= $rc.$v;
+ − 1175
if($v = getConfig('enano_beta_version')) $r .= $b.$v;
+ − 1176
if($v = getConfig('enano_alpha_version')) $r .= $a.$v;
+ − 1177
if ( defined('ENANO_NIGHTLY') && !$no_nightly )
+ − 1178
{
+ − 1179
$nightlytag = ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR;
+ − 1180
$nightlylong = ' nightly; build date: ' . ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR;
+ − 1181
$r = ( $long ) ? $r . $nightlylong : $r . '-nightly-' . $nightlytag;
+ − 1182
}
+ − 1183
return $r;
+ − 1184
}
+ − 1185
76
+ − 1186
/**
+ − 1187
* What kinda sh** was I thinking when I wrote this. Deprecated.
+ − 1188
*/
+ − 1189
1
+ − 1190
function _dualurlenc($t) {
+ − 1191
return rawurlencode(rawurlencode($t));
+ − 1192
}
76
+ − 1193
+ − 1194
/**
+ − 1195
* Badly named function to send back eval'able Javascript code with an error message. Deprecated, use JSON instead.
+ − 1196
* @param string Message to send
+ − 1197
*/
+ − 1198
1
+ − 1199
function _die($t) {
+ − 1200
$_ob = 'document.getElementById("ajaxEditContainer").innerHTML = unescape(\'' . rawurlencode('' . $t . '') . '\')';
+ − 1201
die($_ob);
+ − 1202
}
+ − 1203
76
+ − 1204
/**
+ − 1205
* Same as _die(), but sends an SQL backtrace with the error message, and doesn't halt execution.
+ − 1206
* @param string Message to send
+ − 1207
*/
+ − 1208
1
+ − 1209
function jsdie($text) {
+ − 1210
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1211
$text = rawurlencode($text . "\n\nSQL Backtrace:\n" . $db->sql_backtrace());
+ − 1212
echo 'document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.$text.'\');';
+ − 1213
}
+ − 1214
+ − 1215
/**
+ − 1216
* Capitalizes the first letter of a string
+ − 1217
* @param $text string the text to be transformed
+ − 1218
* @return string
+ − 1219
*/
76
+ − 1220
1
+ − 1221
function capitalize_first_letter($text)
+ − 1222
{
+ − 1223
return strtoupper(substr($text, 0, 1)) . substr($text, 1);
+ − 1224
}
+ − 1225
+ − 1226
/**
+ − 1227
* Checks if a value in a bitfield is on or off
+ − 1228
* @param $bitfield int the bit-field value
+ − 1229
* @param $value int the value to switch off
+ − 1230
* @return bool
+ − 1231
*/
76
+ − 1232
1
+ − 1233
function is_bit($bitfield, $value)
+ − 1234
{
+ − 1235
return ( $bitfield & $value ) ? true : false;
+ − 1236
}
+ − 1237
+ − 1238
/**
+ − 1239
* Trims spaces/newlines from the beginning and end of a string
+ − 1240
* @param $text the text to process
+ − 1241
* @return string
+ − 1242
*/
76
+ − 1243
1
+ − 1244
function trim_spaces($text)
+ − 1245
{
+ − 1246
$d = true;
+ − 1247
while($d)
+ − 1248
{
+ − 1249
$c = substr($text, 0, 1);
+ − 1250
$a = substr($text, strlen($text)-1, strlen($text));
+ − 1251
if($c == "\n" || $c == "\r" || $c == "\t" || $c == ' ') $text = substr($text, 1, strlen($text));
+ − 1252
elseif($a == "\n" || $a == "\r" || $a == "\t" || $a == ' ') $text = substr($text, 0, strlen($text)-1);
+ − 1253
else $d = false;
+ − 1254
}
+ − 1255
return $text;
+ − 1256
}
+ − 1257
+ − 1258
/**
+ − 1259
* Enano-ese equivalent of str_split() which is only found in PHP5
+ − 1260
* @param $text string the text to split
+ − 1261
* @param $inc int size of each block
+ − 1262
* @return array
+ − 1263
*/
76
+ − 1264
1
+ − 1265
function enano_str_split($text, $inc = 1)
+ − 1266
{
76
+ − 1267
if($inc < 1)
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1268
{
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1269
return false;
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1270
}
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1271
if($inc >= strlen($text))
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1272
{
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1273
return Array($text);
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1274
}
1
+ − 1275
$len = ceil(strlen($text) / $inc);
+ − 1276
$ret = Array();
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1277
for ( $i = 0; $i < strlen($text); $i = $i + $inc )
1
+ − 1278
{
+ − 1279
$ret[] = substr($text, $i, $inc);
+ − 1280
}
+ − 1281
return $ret;
+ − 1282
}
+ − 1283
+ − 1284
/**
+ − 1285
* Converts a hexadecimal number to a binary string.
+ − 1286
* @param text string hexadecimal number
+ − 1287
* @return string
+ − 1288
*/
+ − 1289
function hex2bin($text)
+ − 1290
{
+ − 1291
$arr = enano_str_split($text, 2);
+ − 1292
$ret = '';
+ − 1293
for ($i=0; $i<sizeof($arr); $i++)
+ − 1294
{
+ − 1295
$ret .= chr(hexdec($arr[$i]));
+ − 1296
}
+ − 1297
return $ret;
+ − 1298
}
+ − 1299
+ − 1300
/**
+ − 1301
* Generates and/or prints a human-readable backtrace
76
+ − 1302
* @param bool $return - if true, this function returns a string, otherwise returns null and prints the backtrace
1
+ − 1303
* @return mixed
+ − 1304
*/
76
+ − 1305
1
+ − 1306
function enano_debug_print_backtrace($return = false)
+ − 1307
{
+ − 1308
ob_start();
+ − 1309
echo '<pre>';
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1310
if ( function_exists('debug_print_backtrace') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1311
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1312
debug_print_backtrace();
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1313
}
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1314
else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1315
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1316
echo '<b>Warning:</b> No debug_print_backtrace() support!';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1317
}
1
+ − 1318
echo '</pre>';
+ − 1319
$c = ob_get_contents();
+ − 1320
ob_end_clean();
+ − 1321
if($return) return $c;
+ − 1322
else echo $c;
+ − 1323
return null;
+ − 1324
}
+ − 1325
+ − 1326
/**
+ − 1327
* Like rawurlencode(), but encodes all characters
+ − 1328
* @param string $text the text to encode
+ − 1329
* @param optional string $prefix text before each hex character
+ − 1330
* @param optional string $suffix text after each hex character
+ − 1331
* @return string
+ − 1332
*/
76
+ − 1333
1
+ − 1334
function hexencode($text, $prefix = '%', $suffix = '')
+ − 1335
{
+ − 1336
$arr = enano_str_split($text);
+ − 1337
$r = '';
+ − 1338
foreach($arr as $a)
+ − 1339
{
+ − 1340
$nibble = (string)dechex(ord($a));
+ − 1341
if(strlen($nibble) == 1) $nibble = '0' . $nibble;
+ − 1342
$r .= $prefix . $nibble . $suffix;
+ − 1343
}
+ − 1344
return $r;
+ − 1345
}
+ − 1346
+ − 1347
/**
+ − 1348
* Enano-ese equivalent of get_magic_quotes_gpc()
+ − 1349
* @return bool
+ − 1350
*/
76
+ − 1351
1
+ − 1352
function enano_get_magic_quotes_gpc()
+ − 1353
{
+ − 1354
if(function_exists('get_magic_quotes_gpc'))
+ − 1355
{
+ − 1356
return ( get_magic_quotes_gpc() == 1 );
+ − 1357
}
+ − 1358
else
+ − 1359
{
+ − 1360
return ( strtolower(@ini_get('magic_quotes_gpc')) == '1' );
+ − 1361
}
+ − 1362
}
+ − 1363
+ − 1364
/**
+ − 1365
* Recursive stripslashes()
+ − 1366
* @param array
+ − 1367
* @return array
+ − 1368
*/
76
+ − 1369
1
+ − 1370
function stripslashes_recurse($arr)
+ − 1371
{
+ − 1372
foreach($arr as $k => $xxxx)
+ − 1373
{
+ − 1374
$val =& $arr[$k];
+ − 1375
if(is_string($val))
+ − 1376
$val = stripslashes($val);
+ − 1377
elseif(is_array($val))
+ − 1378
$val = stripslashes_recurse($val);
+ − 1379
}
+ − 1380
return $arr;
+ − 1381
}
+ − 1382
+ − 1383
/**
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1384
* Recursive function to remove all NUL bytes from a string
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1385
* @param array
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1386
* @return array
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1387
*/
76
+ − 1388
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1389
function strip_nul_chars($arr)
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1390
{
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1391
foreach($arr as $k => $xxxx_unused)
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1392
{
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1393
$val =& $arr[$k];
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1394
if(is_string($val))
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1395
$val = str_replace("\000", '', $val);
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1396
elseif(is_array($val))
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1397
$val = strip_nul_chars($val);
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1398
}
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1399
return $arr;
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1400
}
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1401
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1402
/**
76
+ − 1403
* If magic_quotes_gpc is on, calls stripslashes() on everything in $_GET/$_POST/$_COOKIE. Also strips any NUL characters from incoming requests, as these are typically malicious.
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1404
* @ignore - this doesn't work too well in my tests
1
+ − 1405
* @todo port version from the PHP manual
+ − 1406
* @return void
+ − 1407
*/
+ − 1408
function strip_magic_quotes_gpc()
+ − 1409
{
+ − 1410
if(enano_get_magic_quotes_gpc())
+ − 1411
{
40
+ − 1412
$_POST = stripslashes_recurse($_POST);
+ − 1413
$_GET = stripslashes_recurse($_GET);
+ − 1414
$_COOKIE = stripslashes_recurse($_COOKIE);
+ − 1415
$_REQUEST = stripslashes_recurse($_REQUEST);
1
+ − 1416
}
40
+ − 1417
$_POST = strip_nul_chars($_POST);
+ − 1418
$_GET = strip_nul_chars($_GET);
+ − 1419
$_COOKIE = strip_nul_chars($_COOKIE);
+ − 1420
$_REQUEST = strip_nul_chars($_REQUEST);
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1421
$_POST = decode_unicode_array($_POST);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1422
$_GET = decode_unicode_array($_GET);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1423
$_COOKIE = decode_unicode_array($_COOKIE);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1424
$_REQUEST = decode_unicode_array($_REQUEST);
1
+ − 1425
}
+ − 1426
+ − 1427
/**
+ − 1428
* A very basic single-character compression algorithm for binary strings/bitfields
76
+ − 1429
* @param string $bits the text to compress, should be only 1s and 0s
1
+ − 1430
* @return string
+ − 1431
*/
76
+ − 1432
1
+ − 1433
function compress_bitfield($bits)
+ − 1434
{
+ − 1435
$crc32 = crc32($bits);
+ − 1436
$bits .= '0';
+ − 1437
$start_pos = 0;
+ − 1438
$current = substr($bits, 1, 1);
+ − 1439
$last = substr($bits, 0, 1);
+ − 1440
$chunk_size = 1;
+ − 1441
$len = strlen($bits);
+ − 1442
$crc = $len;
+ − 1443
$crcval = 0;
+ − 1444
for ( $i = 1; $i < $len; $i++ )
+ − 1445
{
+ − 1446
$current = substr($bits, $i, 1);
+ − 1447
$last = substr($bits, $i - 1, 1);
+ − 1448
$next = substr($bits, $i + 1, 1);
+ − 1449
// Are we on the last character?
+ − 1450
if($current == $last && $i+1 < $len)
+ − 1451
$chunk_size++;
+ − 1452
else
+ − 1453
{
+ − 1454
if($i+1 == $len && $current == $next)
+ − 1455
{
+ − 1456
// This character completes a chunk
+ − 1457
$chunk_size++;
+ − 1458
$i++;
+ − 1459
$chunk = substr($bits, $start_pos, $chunk_size);
+ − 1460
$chunklen = strlen($chunk);
+ − 1461
$newchunk = $last . '[' . $chunklen . ']';
+ − 1462
$newlen = strlen($newchunk);
+ − 1463
$bits = substr($bits, 0, $start_pos) . $newchunk . substr($bits, $i, $len);
+ − 1464
$chunk_size = 1;
+ − 1465
$i = $start_pos + $newlen;
+ − 1466
$start_pos = $i;
+ − 1467
$len = strlen($bits);
+ − 1468
$crcval = $crcval + $chunklen;
+ − 1469
}
+ − 1470
else
+ − 1471
{
+ − 1472
// Last character completed a chunk
+ − 1473
$chunk = substr($bits, $start_pos, $chunk_size);
+ − 1474
$chunklen = strlen($chunk);
+ − 1475
$newchunk = $last . '[' . $chunklen . '],';
+ − 1476
$newlen = strlen($newchunk);
+ − 1477
$bits = substr($bits, 0, $start_pos) . $newchunk . substr($bits, $i, $len);
+ − 1478
$chunk_size = 1;
+ − 1479
$i = $start_pos + $newlen;
+ − 1480
$start_pos = $i;
+ − 1481
$len = strlen($bits);
+ − 1482
$crcval = $crcval + $chunklen;
+ − 1483
}
+ − 1484
}
+ − 1485
}
+ − 1486
if($crc != $crcval)
+ − 1487
{
+ − 1488
echo __FUNCTION__.'(): ERROR: length check failed, this is a bug in the algorithm<br />Debug info: aiming for a CRC val of '.$crc.', got '.$crcval;
+ − 1489
return false;
+ − 1490
}
+ − 1491
$compressed = 'cbf:len='.$crc.';crc='.dechex($crc32).';data='.$bits.'|end';
+ − 1492
return $compressed;
+ − 1493
}
+ − 1494
+ − 1495
/**
+ − 1496
* Uncompresses a bitfield compressed with compress_bitfield()
+ − 1497
* @param string $bits the compressed bitfield
+ − 1498
* @return string the uncompressed, original (we hope) bitfield OR bool false on error
+ − 1499
*/
76
+ − 1500
1
+ − 1501
function uncompress_bitfield($bits)
+ − 1502
{
+ − 1503
if(substr($bits, 0, 4) != 'cbf:')
+ − 1504
{
+ − 1505
echo __FUNCTION__.'(): ERROR: Invalid stream';
+ − 1506
return false;
+ − 1507
}
+ − 1508
$len = intval(substr($bits, strpos($bits, 'len=')+4, strpos($bits, ';')-strpos($bits, 'len=')-4));
+ − 1509
$crc = substr($bits, strpos($bits, 'crc=')+4, 8);
+ − 1510
$data = substr($bits, strpos($bits, 'data=')+5, strpos($bits, '|end')-strpos($bits, 'data=')-5);
+ − 1511
$data = explode(',', $data);
+ − 1512
foreach($data as $a => $b)
+ − 1513
{
+ − 1514
$d =& $data[$a];
+ − 1515
$char = substr($d, 0, 1);
+ − 1516
$dlen = intval(substr($d, 2, strlen($d)-1));
+ − 1517
$s = '';
+ − 1518
for($i=0;$i<$dlen;$i++,$s.=$char);
+ − 1519
$d = $s;
+ − 1520
unset($s, $dlen, $char);
+ − 1521
}
+ − 1522
$decompressed = implode('', $data);
+ − 1523
$decompressed = substr($decompressed, 0, -1);
+ − 1524
$dcrc = (string)dechex(crc32($decompressed));
+ − 1525
if($dcrc != $crc)
+ − 1526
{
+ − 1527
echo __FUNCTION__.'(): ERROR: CRC check failed<br />debug info:<br />original crc: '.$crc.'<br />decomp\'ed crc: '.$dcrc.'<br />';
+ − 1528
return false;
+ − 1529
}
+ − 1530
return $decompressed;
+ − 1531
}
+ − 1532
+ − 1533
/**
+ − 1534
* Exports a MySQL table into a SQL string.
+ − 1535
* @param string $table The name of the table to export
+ − 1536
* @param bool $structure If true, include a CREATE TABLE command
+ − 1537
* @param bool $data If true, include the contents of the table
+ − 1538
* @param bool $compact If true, omits newlines between parts of SQL statements, use in Enano database exporter
+ − 1539
* @return string
+ − 1540
*/
+ − 1541
+ − 1542
function export_table($table, $structure = true, $data = true, $compact = false)
+ − 1543
{
+ − 1544
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1545
$struct_keys = '';
+ − 1546
$divider = (!$compact) ? "\n" : "\n";
+ − 1547
$spacer1 = (!$compact) ? "\n" : " ";
+ − 1548
$spacer2 = (!$compact) ? " " : " ";
+ − 1549
$rowspacer = (!$compact) ? "\n " : " ";
+ − 1550
$index_list = Array();
+ − 1551
$cols = $db->sql_query('SHOW COLUMNS IN '.$table.';');
+ − 1552
if(!$cols)
+ − 1553
{
+ − 1554
echo 'export_table(): Error getting column list: '.$db->get_error_text().'<br />';
+ − 1555
return false;
+ − 1556
}
+ − 1557
$col = Array();
+ − 1558
$sqlcol = Array();
+ − 1559
$collist = Array();
+ − 1560
$pri_keys = Array();
+ − 1561
// Using fetchrow_num() here to compensate for MySQL l10n
+ − 1562
while( $row = $db->fetchrow_num() )
+ − 1563
{
+ − 1564
$field =& $row[0];
+ − 1565
$type =& $row[1];
+ − 1566
$null =& $row[2];
+ − 1567
$key =& $row[3];
+ − 1568
$def =& $row[4];
+ − 1569
$extra =& $row[5];
+ − 1570
$col[] = Array(
+ − 1571
'name'=>$field,
+ − 1572
'type'=>$type,
+ − 1573
'null'=>$null,
+ − 1574
'key'=>$key,
+ − 1575
'default'=>$def,
+ − 1576
'extra'=>$extra,
+ − 1577
);
+ − 1578
$collist[] = $field;
+ − 1579
}
76
+ − 1580
1
+ − 1581
if ( $structure )
+ − 1582
{
+ − 1583
$db->sql_query('SET SQL_QUOTE_SHOW_CREATE = 0;');
+ − 1584
$struct = $db->sql_query('SHOW CREATE TABLE '.$table.';');
+ − 1585
if ( !$struct )
+ − 1586
$db->_die();
+ − 1587
$row = $db->fetchrow_num();
+ − 1588
$db->free_result();
+ − 1589
$struct = $row[1];
+ − 1590
$struct = preg_replace("/\n\) ENGINE=(.+)$/", "\n);", $struct);
+ − 1591
unset($row);
+ − 1592
if ( $compact )
+ − 1593
{
+ − 1594
$struct_arr = explode("\n", $struct);
+ − 1595
foreach ( $struct_arr as $i => $leg )
+ − 1596
{
+ − 1597
if ( $i == 0 )
+ − 1598
continue;
+ − 1599
$test = trim($leg);
+ − 1600
if ( empty($test) )
+ − 1601
{
+ − 1602
unset($struct_arr[$i]);
+ − 1603
continue;
+ − 1604
}
+ − 1605
$struct_arr[$i] = preg_replace('/^([\s]*)/', ' ', $leg);
+ − 1606
}
+ − 1607
$struct = implode("", $struct_arr);
+ − 1608
}
+ − 1609
}
76
+ − 1610
1
+ − 1611
// Structuring complete
+ − 1612
if($data)
+ − 1613
{
+ − 1614
$datq = $db->sql_query('SELECT * FROM '.$table.';');
+ − 1615
if(!$datq)
+ − 1616
{
+ − 1617
echo 'export_table(): Error getting column list: '.$db->get_error_text().'<br />';
+ − 1618
return false;
+ − 1619
}
+ − 1620
if($db->numrows() < 1)
+ − 1621
{
+ − 1622
if($structure) return $struct;
+ − 1623
else return '';
+ − 1624
}
+ − 1625
$rowdata = Array();
+ − 1626
$dataqs = Array();
+ − 1627
$insert_strings = Array();
+ − 1628
$z = false;
+ − 1629
while($row = $db->fetchrow_num())
+ − 1630
{
+ − 1631
$z = false;
+ − 1632
foreach($row as $i => $cell)
+ − 1633
{
+ − 1634
$str = mysql_encode_column($cell, $col[$i]['type']);
+ − 1635
$rowdata[] = $str;
+ − 1636
}
+ − 1637
$dataqs2 = implode(",$rowspacer", $dataqs) . ",$rowspacer" . '( ' . implode(', ', $rowdata) . ' )';
+ − 1638
$ins = 'INSERT INTO '.$table.'( '.implode(',', $collist).' ) VALUES' . $dataqs2 . ";";
+ − 1639
if ( strlen( $ins ) > MYSQL_MAX_PACKET_SIZE )
+ − 1640
{
+ − 1641
// We've exceeded the maximum allowed packet size for MySQL - separate this into a different query
+ − 1642
$insert_strings[] = 'INSERT INTO '.$table.'( '.implode(',', $collist).' ) VALUES' . implode(",$rowspacer", $dataqs) . ";";;
+ − 1643
$dataqs = Array('( ' . implode(', ', $rowdata) . ' )');
+ − 1644
$z = true;
+ − 1645
}
+ − 1646
else
+ − 1647
{
+ − 1648
$dataqs[] = '( ' . implode(', ', $rowdata) . ' )';
+ − 1649
}
+ − 1650
$rowdata = Array();
+ − 1651
}
+ − 1652
if ( !$z )
+ − 1653
{
+ − 1654
$insert_strings[] = 'INSERT INTO '.$table.'( '.implode(',', $collist).' ) VALUES' . implode(",$rowspacer", $dataqs) . ";";;
+ − 1655
$dataqs = Array();
+ − 1656
}
+ − 1657
$datstring = implode($divider, $insert_strings);
+ − 1658
}
+ − 1659
if($structure && !$data) return $struct;
+ − 1660
elseif(!$structure && $data) return $datstring;
+ − 1661
elseif($structure && $data) return $struct . $divider . $datstring;
+ − 1662
elseif(!$structure && !$data) return '';
+ − 1663
}
+ − 1664
+ − 1665
/**
+ − 1666
* Encodes a string value for use in an INSERT statement for given column type $type.
+ − 1667
* @access private
+ − 1668
*/
76
+ − 1669
1
+ − 1670
function mysql_encode_column($input, $type)
+ − 1671
{
+ − 1672
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1673
// Decide whether to quote the string or not
+ − 1674
if(substr($type, 0, 7) == 'varchar' || $type == 'datetime' || $type == 'text' || $type == 'tinytext' || $type == 'smalltext' || $type == 'longtext' || substr($type, 0, 4) == 'char')
+ − 1675
{
+ − 1676
$str = "'" . $db->escape($input) . "'";
+ − 1677
}
+ − 1678
elseif(in_array($type, Array('blob', 'longblob', 'mediumblob', 'smallblob')) || substr($type, 0, 6) == 'binary' || substr($type, 0, 9) == 'varbinary')
+ − 1679
{
+ − 1680
$str = '0x' . hexencode($input, '', '');
+ − 1681
}
+ − 1682
elseif(is_null($input))
+ − 1683
{
+ − 1684
$str = 'NULL';
+ − 1685
}
+ − 1686
else
+ − 1687
{
+ − 1688
$str = (string)$input;
+ − 1689
}
+ − 1690
return $str;
+ − 1691
}
+ − 1692
+ − 1693
/**
+ − 1694
* Creates an associative array defining which file extensions are allowed and which ones aren't
+ − 1695
* @return array keyname will be a file extension, value will be true or false
+ − 1696
*/
+ − 1697
+ − 1698
function fetch_allowed_extensions()
+ − 1699
{
+ − 1700
global $mime_types;
+ − 1701
$bits = getConfig('allowed_mime_types');
+ − 1702
if(!$bits) return Array(false);
+ − 1703
$bits = uncompress_bitfield($bits);
+ − 1704
if(!$bits) return Array(false);
+ − 1705
$bits = enano_str_split($bits, 1);
+ − 1706
$ret = Array();
+ − 1707
$mt = array_keys($mime_types);
+ − 1708
foreach($bits as $i => $b)
+ − 1709
{
+ − 1710
$ret[$mt[$i]] = ( $b == '1' ) ? true : false;
+ − 1711
}
+ − 1712
return $ret;
+ − 1713
}
+ − 1714
+ − 1715
/**
+ − 1716
* Generates a random key suitable for encryption
+ − 1717
* @param int $len the length of the key
+ − 1718
* @return string a BINARY key
+ − 1719
*/
+ − 1720
+ − 1721
function randkey($len = 32)
+ − 1722
{
+ − 1723
$key = '';
+ − 1724
for($i=0;$i<$len;$i++)
+ − 1725
{
+ − 1726
$key .= chr(mt_rand(0, 255));
+ − 1727
}
+ − 1728
return $key;
+ − 1729
}
+ − 1730
+ − 1731
/**
+ − 1732
* Decodes a hex string.
+ − 1733
* @param string $hex The hex code to decode
+ − 1734
* @return string
+ − 1735
*/
+ − 1736
+ − 1737
function hexdecode($hex)
+ − 1738
{
+ − 1739
$hex = enano_str_split($hex, 2);
+ − 1740
$bin_key = '';
+ − 1741
foreach($hex as $nibble)
+ − 1742
{
+ − 1743
$byte = chr(hexdec($nibble));
+ − 1744
$bin_key .= $byte;
+ − 1745
}
+ − 1746
return $bin_key;
+ − 1747
}
+ − 1748
+ − 1749
/**
+ − 1750
* Enano's own (almost) bulletproof HTML sanitizer.
+ − 1751
* @param string $html The input HTML
+ − 1752
* @return string cleaned HTML
+ − 1753
*/
+ − 1754
+ − 1755
function sanitize_html($html, $filter_php = true)
+ − 1756
{
76
+ − 1757
1
+ − 1758
$html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>(.*?)</\\1>#is', '<\\1\\2\\3javascript:\\59>\\60</\\1>', $html);
+ − 1759
$html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>#is', '<\\1\\2\\3javascript:\\59>', $html);
76
+ − 1760
1
+ − 1761
if($filter_php)
+ − 1762
$html = str_replace(
+ − 1763
Array('<?php', '<?', '<%', '?>', '%>'),
+ − 1764
Array('<?php', '<?', '<%', '?>', '%>'),
+ − 1765
$html);
76
+ − 1766
1
+ − 1767
$tag_whitelist = array_keys ( setupAttributeWhitelist() );
+ − 1768
if ( !$filter_php )
+ − 1769
$tag_whitelist[] = '?php';
+ − 1770
$len = strlen($html);
+ − 1771
$in_quote = false;
+ − 1772
$quote_char = '';
+ − 1773
$tag_start = 0;
+ − 1774
$tag_name = '';
+ − 1775
$in_tag = false;
+ − 1776
$trk_name = false;
+ − 1777
for ( $i = 0; $i < $len; $i++ )
+ − 1778
{
+ − 1779
$chr = $html{$i};
+ − 1780
$prev = ( $i == 0 ) ? '' : $html{ $i - 1 };
+ − 1781
$next = ( ( $i + 1 ) == $len ) ? '' : $html { $i + 1 };
+ − 1782
if ( $in_quote && $in_tag )
+ − 1783
{
+ − 1784
if ( $quote_char == $chr && $prev != '\\' )
+ − 1785
$in_quote = false;
+ − 1786
}
+ − 1787
elseif ( ( $chr == '"' || $chr == "'" ) && $prev != '\\' && $in_tag )
+ − 1788
{
+ − 1789
$in_quote = true;
+ − 1790
$quote_char = $chr;
+ − 1791
}
+ − 1792
if ( $chr == '<' && !$in_tag && $next != '/' )
76
+ − 1793
{
1
+ − 1794
// start of a tag
+ − 1795
$tag_start = $i;
+ − 1796
$in_tag = true;
+ − 1797
$trk_name = true;
+ − 1798
}
+ − 1799
elseif ( !$in_quote && $in_tag && $chr == '>' )
+ − 1800
{
+ − 1801
$full_tag = substr($html, $tag_start, ( $i - $tag_start ) + 1 );
+ − 1802
$l = strlen($tag_name) + 2;
+ − 1803
$attribs_only = trim( substr($full_tag, $l, ( strlen($full_tag) - $l - 1 ) ) );
76
+ − 1804
1
+ − 1805
// Debugging message
+ − 1806
// echo htmlspecialchars($full_tag) . '<br />';
76
+ − 1807
1
+ − 1808
if ( !in_array($tag_name, $tag_whitelist) )
+ − 1809
{
+ − 1810
// Illegal tag
+ − 1811
//echo $tag_name . ' ';
76
+ − 1812
1
+ − 1813
$s = ( empty($attribs_only) ) ? '' : ' ';
76
+ − 1814
1
+ − 1815
$sanitized = '<' . $tag_name . $s . $attribs_only . '>';
76
+ − 1816
1
+ − 1817
$html = substr($html, 0, $tag_start) . $sanitized . substr($html, $i + 1);
+ − 1818
$html = str_replace('</' . $tag_name . '>', '</' . $tag_name . '>', $html);
+ − 1819
$new_i = $tag_start + strlen($sanitized);
76
+ − 1820
1
+ − 1821
$len = strlen($html);
+ − 1822
$i = $new_i;
76
+ − 1823
1
+ − 1824
$in_tag = false;
+ − 1825
$tag_name = '';
+ − 1826
continue;
+ − 1827
}
+ − 1828
else
+ − 1829
{
+ − 1830
if ( $tag_name == '?php' && !$filter_php )
+ − 1831
continue;
+ − 1832
$f = fixTagAttributes( $attribs_only, $tag_name );
+ − 1833
$s = ( empty($f) ) ? '' : ' ';
76
+ − 1834
1
+ − 1835
$sanitized = '<' . $tag_name . $f . '>';
+ − 1836
$new_i = $tag_start + strlen($sanitized);
76
+ − 1837
1
+ − 1838
$html = substr($html, 0, $tag_start) . $sanitized . substr($html, $i + 1);
+ − 1839
$len = strlen($html);
+ − 1840
$i = $new_i;
76
+ − 1841
1
+ − 1842
$in_tag = false;
+ − 1843
$tag_name = '';
+ − 1844
continue;
+ − 1845
}
+ − 1846
}
+ − 1847
elseif ( $in_tag && $trk_name )
+ − 1848
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1849
$is_alphabetical = ( strtolower($chr) != strtoupper($chr) || in_array($chr, array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9')) || $chr == '?' || $chr == '!' || $chr == '-' );
1
+ − 1850
if ( $is_alphabetical )
+ − 1851
$tag_name .= $chr;
+ − 1852
else
+ − 1853
{
+ − 1854
$trk_name = false;
+ − 1855
}
+ − 1856
}
76
+ − 1857
1
+ − 1858
}
76
+ − 1859
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1860
// Vulnerability from ha.ckers.org/xss.html:
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1861
// <script src="http://foo.com/xss.js"
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1862
// <
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1863
// The rule is so specific because everything else will have been filtered by now
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1864
$html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html);
76
+ − 1865
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1866
// Unstrip comments
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1867
$html = preg_replace('/<!--([^>]*?)-->/i', '', $html);
76
+ − 1868
1
+ − 1869
return $html;
76
+ − 1870
1
+ − 1871
}
+ − 1872
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1873
/**
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1874
* Using the same parsing code as sanitize_html(), this function adds <litewiki> tags around certain block-level elements
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1875
* @param string $html The input HTML
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1876
* @return string formatted HTML
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1877
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1878
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1879
function wikiformat_process_block($html)
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1880
{
76
+ − 1881
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1882
$tok1 = "<litewiki>";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1883
$tok2 = "</litewiki>";
76
+ − 1884
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1885
$block_tags = array('div', 'p', 'table', 'blockquote', 'pre');
76
+ − 1886
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1887
$len = strlen($html);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1888
$in_quote = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1889
$quote_char = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1890
$tag_start = 0;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1891
$tag_name = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1892
$in_tag = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1893
$trk_name = false;
76
+ − 1894
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1895
$diag = 0;
76
+ − 1896
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1897
$block_tagname = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1898
$in_blocksec = 0;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1899
$block_start = 0;
76
+ − 1900
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1901
for ( $i = 0; $i < $len; $i++ )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1902
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1903
$chr = $html{$i};
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1904
$prev = ( $i == 0 ) ? '' : $html{ $i - 1 };
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1905
$next = ( ( $i + 1 ) == $len ) ? '' : $html { $i + 1 };
76
+ − 1906
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1907
// Are we inside of a quoted section?
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1908
if ( $in_quote && $in_tag )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1909
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1910
if ( $quote_char == $chr && $prev != '\\' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1911
$in_quote = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1912
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1913
elseif ( ( $chr == '"' || $chr == "'" ) && $prev != '\\' && $in_tag )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1914
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1915
$in_quote = true;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1916
$quote_char = $chr;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1917
}
76
+ − 1918
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1919
if ( $chr == '<' && !$in_tag && $next == '/' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1920
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1921
// Iterate through until we've got a tag name
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1922
$tag_name = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1923
$i++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1924
while(true)
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1925
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1926
$i++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1927
// echo $i . ' ';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1928
$chr = $html{$i};
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1929
$prev = ( $i == 0 ) ? '' : $html{ $i - 1 };
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1930
$next = ( ( $i + 1 ) == $len ) ? '' : $html { $i + 1 };
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1931
$tag_name .= $chr;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1932
if ( $next == '>' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1933
break;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1934
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1935
// echo '<br />';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1936
if ( in_array($tag_name, $block_tags) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1937
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1938
if ( $block_tagname == $tag_name )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1939
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1940
$in_blocksec -= 1;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1941
if ( $in_blocksec == 0 )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1942
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1943
$block_tagname = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1944
$i += 2;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1945
// echo 'Finished wiki litewiki wraparound calc at pos: ' . $i;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1946
$full_litewiki = substr($html, $block_start, ( $i - $block_start ));
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1947
$new_text = "{$tok1}{$full_litewiki}{$tok2}";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1948
$html = substr($html, 0, $block_start) . $new_text . substr($html, $i);
76
+ − 1949
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1950
$i += ( strlen($tok1) + strlen($tok2) ) - 1;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1951
$len = strlen($html);
76
+ − 1952
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1953
//die('<pre>' . htmlspecialchars($html) . '</pre>');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1954
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1955
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1956
}
76
+ − 1957
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1958
$in_tag = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1959
$in_quote = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1960
$tag_name = '';
76
+ − 1961
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1962
continue;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1963
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1964
else if ( $chr == '<' && !$in_tag && $next != '/' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1965
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1966
// start of a tag
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1967
$tag_start = $i;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1968
$in_tag = true;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1969
$trk_name = true;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1970
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1971
else if ( !$in_quote && $in_tag && $chr == '>' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1972
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1973
if ( !in_array($tag_name, $block_tags) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1974
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1975
// Inline tag - reset and go to the next one
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1976
// echo '<inline ' . $tag_name . '> ';
76
+ − 1977
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1978
$in_tag = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1979
$tag_name = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1980
continue;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1981
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1982
else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1983
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1984
// echo '<block: ' . $tag_name . ' @ ' . $i . '><br/>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1985
if ( $in_blocksec == 0 )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1986
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1987
//die('Found a starting tag for a block element: ' . $tag_name . ' at pos ' . $tag_start);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1988
$block_tagname = $tag_name;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1989
$block_start = $tag_start;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1990
$in_blocksec++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1991
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1992
else if ( $block_tagname == $tag_name )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1993
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1994
$in_blocksec++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1995
}
76
+ − 1996
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1997
$in_tag = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1998
$tag_name = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1999
continue;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2000
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2001
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2002
elseif ( $in_tag && $trk_name )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2003
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2004
$is_alphabetical = ( strtolower($chr) != strtoupper($chr) || in_array($chr, array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9')) || $chr == '?' || $chr == '!' || $chr == '-' );
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2005
if ( $is_alphabetical )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2006
$tag_name .= $chr;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2007
else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2008
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2009
$trk_name = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2010
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2011
}
76
+ − 2012
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2013
// Tokenization complete
76
+ − 2014
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2015
}
76
+ − 2016
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2017
$regex = '/' . str_replace('/', '\\/', preg_quote($tok2)) . '([\s]*)' . preg_quote($tok1) . '/is';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2018
// die(htmlspecialchars($regex));
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2019
$html = preg_replace($regex, '\\1', $html);
76
+ − 2020
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2021
return $html;
76
+ − 2022
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2023
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2024
1
+ − 2025
function htmlalternatives($string)
+ − 2026
{
+ − 2027
$ret = '';
+ − 2028
for ( $i = 0; $i < strlen($string); $i++ )
+ − 2029
{
+ − 2030
$chr = $string{$i};
+ − 2031
$ch1 = ord($chr);
+ − 2032
$ch2 = dechex($ch1);
+ − 2033
$byte = '(&\\#([0]*){0,7}' . $ch1 . ';|\\\\([0]*){0,7}' . $ch1 . ';|\\\\([0]*){0,7}' . $ch2 . ';|&\\#x([0]*){0,7}' . $ch2 . ';|%([0]*){0,7}' . $ch2 . '|' . preg_quote($chr) . ')';
+ − 2034
$ret .= $byte;
+ − 2035
$ret .= '([\s]){0,2}';
+ − 2036
}
+ − 2037
return $ret;
+ − 2038
}
+ − 2039
+ − 2040
/**
+ − 2041
* Paginates (breaks into multiple pages) a MySQL result resource, which is treated as unbuffered.
+ − 2042
* @param resource The MySQL result resource. This should preferably be an unbuffered query.
+ − 2043
* @param string A template, with variables being named after the column name
+ − 2044
* @param int The number of total results. This should be determined by a second query.
+ − 2045
* @param string sprintf-style formatting string for URLs for result pages. First parameter will be start offset.
+ − 2046
* @param int Optional. Start offset in individual results. Defaults to 0.
+ − 2047
* @param int Optional. The number of results per page. Defualts to 10.
+ − 2048
* @param int Optional. An associative array of functions to call, with key names being column names, and values being function names. Values can also be an array with key 0 being either an object or a string(class name) and key 1 being a [static] method.
+ − 2049
* @param string Optional. The text to be sent before the result list, only if there are any results. Possibly the start of a table.
+ − 2050
* @param string Optional. The text to be sent after the result list, only if there are any results. Possibly the end of a table.
+ − 2051
* @return string
+ − 2052
*/
+ − 2053
+ − 2054
function paginate($q, $tpl_text, $num_results, $result_url, $start = 0, $perpage = 10, $callers = Array(), $header = '', $footer = '')
+ − 2055
{
+ − 2056
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2057
$parser = $template->makeParserText($tpl_text);
+ − 2058
$num_pages = ceil ( $num_results / $perpage );
+ − 2059
$out = '';
+ − 2060
$i = 0;
+ − 2061
$this_page = ceil ( $start / $perpage );
76
+ − 2062
1
+ − 2063
// Build paginator
+ − 2064
$begin = '<div class="tblholder" style="display: table; margin: 10px 0 0 auto;">
+ − 2065
<table border="0" cellspacing="1" cellpadding="4">
+ − 2066
<tr><th>Page:</th>';
+ − 2067
$block = '<td class="row1" style="text-align: center;">{LINK}</td>';
+ − 2068
$end = '</tr></table></div>';
+ − 2069
$blk = $template->makeParserText($block);
+ − 2070
$inner = '';
+ − 2071
$cls = 'row2';
+ − 2072
if ( $num_pages < 5 )
+ − 2073
{
+ − 2074
for ( $i = 0; $i < $num_pages; $i++ )
+ − 2075
{
+ − 2076
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2077
$offset = strval($i * $perpage);
76
+ − 2078
$url = htmlspecialchars(sprintf($result_url, $offset));
1
+ − 2079
$j = $i + 1;
+ − 2080
$link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>";
+ − 2081
$blk->assign_vars(array(
+ − 2082
'CLASS'=>$cls,
+ − 2083
'LINK'=>$link
+ − 2084
));
+ − 2085
$inner .= $blk->run();
+ − 2086
}
+ − 2087
}
+ − 2088
else
+ − 2089
{
+ − 2090
if ( $this_page + 5 > $num_pages )
+ − 2091
{
+ − 2092
$list = Array();
+ − 2093
$tp = $this_page;
+ − 2094
if ( $this_page + 0 == $num_pages ) $tp = $tp - 3;
+ − 2095
if ( $this_page + 1 == $num_pages ) $tp = $tp - 2;
+ − 2096
if ( $this_page + 2 == $num_pages ) $tp = $tp - 1;
+ − 2097
for ( $i = $tp - 1; $i <= $tp + 1; $i++ )
+ − 2098
{
+ − 2099
$list[] = $i;
+ − 2100
}
+ − 2101
}
+ − 2102
else
+ − 2103
{
+ − 2104
$list = Array();
+ − 2105
$current = $this_page;
+ − 2106
$lower = ( $current < 3 ) ? 1 : $current - 1;
+ − 2107
for ( $i = 0; $i < 3; $i++ )
+ − 2108
{
+ − 2109
$list[] = $lower + $i;
+ − 2110
}
+ − 2111
}
+ − 2112
$url = sprintf($result_url, '0');
+ − 2113
$link = ( 0 == $start ) ? "<b>First</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>« First</a>";
+ − 2114
$blk->assign_vars(array(
+ − 2115
'CLASS'=>$cls,
+ − 2116
'LINK'=>$link
+ − 2117
));
+ − 2118
$inner .= $blk->run();
76
+ − 2119
1
+ − 2120
// if ( !in_array(1, $list) )
+ − 2121
// {
+ − 2122
// $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2123
// $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...'));
+ − 2124
// $inner .= $blk->run();
+ − 2125
// }
76
+ − 2126
1
+ − 2127
foreach ( $list as $i )
+ − 2128
{
+ − 2129
if ( $i == $num_pages )
+ − 2130
break;
+ − 2131
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2132
$offset = strval($i * $perpage);
+ − 2133
$url = sprintf($result_url, $offset);
+ − 2134
$j = $i + 1;
+ − 2135
$link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>";
+ − 2136
$blk->assign_vars(array(
+ − 2137
'CLASS'=>$cls,
+ − 2138
'LINK'=>$link
+ − 2139
));
+ − 2140
$inner .= $blk->run();
+ − 2141
}
76
+ − 2142
1
+ − 2143
$total = $num_pages * $perpage - $perpage;
76
+ − 2144
1
+ − 2145
if ( $this_page < $num_pages )
+ − 2146
{
+ − 2147
// $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2148
// $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...'));
+ − 2149
// $inner .= $blk->run();
76
+ − 2150
1
+ − 2151
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2152
$offset = strval($total);
+ − 2153
$url = sprintf($result_url, $offset);
+ − 2154
$j = $i + 1;
+ − 2155
$link = ( $offset == strval($start) ) ? "<b>Last</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>Last »</a>";
+ − 2156
$blk->assign_vars(array(
+ − 2157
'CLASS'=>$cls,
+ − 2158
'LINK'=>$link
+ − 2159
));
+ − 2160
$inner .= $blk->run();
+ − 2161
}
76
+ − 2162
1
+ − 2163
}
76
+ − 2164
1
+ − 2165
$inner .= '<td class="row2" style="cursor: pointer;" onclick="paginator_goto(this, '.$this_page.', '.$num_pages.', '.$perpage.', unescape(\'' . rawurlencode($result_url) . '\'));">↓</td>';
76
+ − 2166
1
+ − 2167
$paginator = "\n$begin$inner$end\n";
+ − 2168
$out .= $paginator;
76
+ − 2169
1
+ − 2170
$cls = 'row2';
76
+ − 2171
1
+ − 2172
if ( $row = $db->fetchrow($q) )
+ − 2173
{
+ − 2174
$i = 0;
+ − 2175
$out .= $header;
+ − 2176
do {
+ − 2177
$i++;
+ − 2178
if ( $i <= $start )
+ − 2179
{
+ − 2180
continue;
+ − 2181
}
+ − 2182
if ( ( $i - $start ) > $perpage )
+ − 2183
{
+ − 2184
break;
+ − 2185
}
+ − 2186
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2187
foreach ( $row as $j => $val )
+ − 2188
{
+ − 2189
if ( isset($callers[$j]) )
+ − 2190
{
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 2191
$tmp = ( is_callable($callers[$j]) ) ? @call_user_func($callers[$j], $val, $row) : $val;
76
+ − 2192
1
+ − 2193
if ( $tmp )
+ − 2194
{
+ − 2195
$row[$j] = $tmp;
+ − 2196
}
+ − 2197
}
+ − 2198
}
+ − 2199
$parser->assign_vars($row);
+ − 2200
$parser->assign_vars(array('_css_class' => $cls));
+ − 2201
$out .= $parser->run();
+ − 2202
} while ( $row = $db->fetchrow($q) );
+ − 2203
$out .= $footer;
+ − 2204
}
76
+ − 2205
1
+ − 2206
$out .= $paginator;
76
+ − 2207
1
+ − 2208
return $out;
+ − 2209
}
+ − 2210
+ − 2211
/**
+ − 2212
* This is the same as paginate(), but it processes an array instead of a MySQL result resource.
+ − 2213
* @param array The results. Each value is simply echoed.
+ − 2214
* @param int The number of total results. This should be determined by a second query.
+ − 2215
* @param string sprintf-style formatting string for URLs for result pages. First parameter will be start offset.
+ − 2216
* @param int Optional. Start offset in individual results. Defaults to 0.
+ − 2217
* @param int Optional. The number of results per page. Defualts to 10.
+ − 2218
* @param string Optional. The text to be sent before the result list, only if there are any results. Possibly the start of a table.
+ − 2219
* @param string Optional. The text to be sent after the result list, only if there are any results. Possibly the end of a table.
+ − 2220
* @return string
+ − 2221
*/
+ − 2222
+ − 2223
function paginate_array($q, $num_results, $result_url, $start = 0, $perpage = 10, $header = '', $footer = '')
+ − 2224
{
+ − 2225
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2226
$parser = $template->makeParserText($tpl_text);
+ − 2227
$num_pages = ceil ( $num_results / $perpage );
+ − 2228
$out = '';
+ − 2229
$i = 0;
+ − 2230
$this_page = ceil ( $start / $perpage );
76
+ − 2231
1
+ − 2232
// Build paginator
+ − 2233
$begin = '<div class="tblholder" style="display: table; margin: 10px 0 0 auto;">
+ − 2234
<table border="0" cellspacing="1" cellpadding="4">
+ − 2235
<tr><th>Page:</th>';
+ − 2236
$block = '<td class="row1" style="text-align: center;">{LINK}</td>';
+ − 2237
$end = '</tr></table></div>';
+ − 2238
$blk = $template->makeParserText($block);
+ − 2239
$inner = '';
+ − 2240
$cls = 'row2';
+ − 2241
if ( $start > 0 )
+ − 2242
{
+ − 2243
$url = sprintf($result_url, abs($start - $perpage));
+ − 2244
$link = "<a href=".'"'."$url".'"'." style='text-decoration: none;'>« Prev</a>";
+ − 2245
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2246
$blk->assign_vars(array(
+ − 2247
'CLASS'=>$cls,
+ − 2248
'LINK'=>$link
+ − 2249
));
+ − 2250
$inner .= $blk->run();
+ − 2251
}
+ − 2252
if ( $num_pages < 5 )
+ − 2253
{
+ − 2254
for ( $i = 0; $i < $num_pages; $i++ )
+ − 2255
{
+ − 2256
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2257
$offset = strval($i * $perpage);
76
+ − 2258
$url = htmlspecialchars(sprintf($result_url, $offset));
1
+ − 2259
$j = $i + 1;
+ − 2260
$link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>";
+ − 2261
$blk->assign_vars(array(
+ − 2262
'CLASS'=>$cls,
+ − 2263
'LINK'=>$link
+ − 2264
));
+ − 2265
$inner .= $blk->run();
+ − 2266
}
+ − 2267
}
+ − 2268
else
+ − 2269
{
+ − 2270
if ( $this_page + 5 > $num_pages )
+ − 2271
{
+ − 2272
$list = Array();
+ − 2273
$tp = $this_page;
+ − 2274
if ( $this_page + 0 == $num_pages ) $tp = $tp - 3;
+ − 2275
if ( $this_page + 1 == $num_pages ) $tp = $tp - 2;
+ − 2276
if ( $this_page + 2 == $num_pages ) $tp = $tp - 1;
+ − 2277
for ( $i = $tp - 1; $i <= $tp + 1; $i++ )
+ − 2278
{
+ − 2279
$list[] = $i;
+ − 2280
}
+ − 2281
}
+ − 2282
else
+ − 2283
{
+ − 2284
$list = Array();
+ − 2285
$current = $this_page;
+ − 2286
$lower = ( $current < 3 ) ? 1 : $current - 1;
+ − 2287
for ( $i = 0; $i < 3; $i++ )
+ − 2288
{
+ − 2289
$list[] = $lower + $i;
+ − 2290
}
+ − 2291
}
+ − 2292
$url = sprintf($result_url, '0');
+ − 2293
$link = ( 0 == $start ) ? "<b>First</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>« First</a>";
+ − 2294
$blk->assign_vars(array(
+ − 2295
'CLASS'=>$cls,
+ − 2296
'LINK'=>$link
+ − 2297
));
+ − 2298
$inner .= $blk->run();
76
+ − 2299
1
+ − 2300
// if ( !in_array(1, $list) )
+ − 2301
// {
+ − 2302
// $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2303
// $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...'));
+ − 2304
// $inner .= $blk->run();
+ − 2305
// }
76
+ − 2306
1
+ − 2307
foreach ( $list as $i )
+ − 2308
{
+ − 2309
if ( $i == $num_pages )
+ − 2310
break;
+ − 2311
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2312
$offset = strval($i * $perpage);
+ − 2313
$url = sprintf($result_url, $offset);
+ − 2314
$j = $i + 1;
+ − 2315
$link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>";
+ − 2316
$blk->assign_vars(array(
+ − 2317
'CLASS'=>$cls,
+ − 2318
'LINK'=>$link
+ − 2319
));
+ − 2320
$inner .= $blk->run();
+ − 2321
}
76
+ − 2322
1
+ − 2323
$total = $num_pages * $perpage - $perpage;
76
+ − 2324
1
+ − 2325
if ( $this_page < $num_pages )
+ − 2326
{
+ − 2327
// $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2328
// $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...'));
+ − 2329
// $inner .= $blk->run();
76
+ − 2330
1
+ − 2331
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2332
$offset = strval($total);
+ − 2333
$url = sprintf($result_url, $offset);
+ − 2334
$j = $i + 1;
+ − 2335
$link = ( $offset == strval($start) ) ? "<b>Last</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>Last »</a>";
+ − 2336
$blk->assign_vars(array(
+ − 2337
'CLASS'=>$cls,
+ − 2338
'LINK'=>$link
+ − 2339
));
+ − 2340
$inner .= $blk->run();
+ − 2341
}
76
+ − 2342
1
+ − 2343
}
76
+ − 2344
1
+ − 2345
if ( $start < $total )
+ − 2346
{
+ − 2347
$url = sprintf($result_url, abs($start + $perpage));
+ − 2348
$link = "<a href=".'"'."$url".'"'." style='text-decoration: none;'>Next »</a>";
+ − 2349
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2350
$blk->assign_vars(array(
+ − 2351
'CLASS'=>$cls,
+ − 2352
'LINK'=>$link
+ − 2353
));
+ − 2354
$inner .= $blk->run();
+ − 2355
}
76
+ − 2356
1
+ − 2357
$inner .= '<td class="row2" style="cursor: pointer;" onclick="paginator_goto(this, '.$this_page.', '.$num_pages.', '.$perpage.', unescape(\'' . rawurlencode($result_url) . '\'));">↓</td>';
76
+ − 2358
1
+ − 2359
$paginator = "\n$begin$inner$end\n";
+ − 2360
if ( $total > 1 )
+ − 2361
$out .= $paginator;
76
+ − 2362
1
+ − 2363
$cls = 'row2';
76
+ − 2364
1
+ − 2365
if ( sizeof($q) > 0 )
+ − 2366
{
+ − 2367
$i = 0;
+ − 2368
$out .= $header;
+ − 2369
foreach ( $q as $val ) {
+ − 2370
$i++;
+ − 2371
if ( $i <= $start )
+ − 2372
{
+ − 2373
continue;
+ − 2374
}
+ − 2375
if ( ( $i - $start ) > $perpage )
+ − 2376
{
+ − 2377
break;
+ − 2378
}
+ − 2379
$out .= $val;
+ − 2380
}
+ − 2381
$out .= $footer;
+ − 2382
}
76
+ − 2383
1
+ − 2384
if ( $total > 1 )
+ − 2385
$out .= $paginator;
76
+ − 2386
1
+ − 2387
return $out;
+ − 2388
}
+ − 2389
76
+ − 2390
/**
1
+ − 2391
* Enano version of fputs for debugging
+ − 2392
*/
+ − 2393
+ − 2394
function enano_fputs($socket, $data)
+ − 2395
{
+ − 2396
// echo '<pre>' . htmlspecialchars($data) . '</pre>';
+ − 2397
// flush();
+ − 2398
// ob_flush();
+ − 2399
// ob_end_flush();
+ − 2400
return fputs($socket, $data);
+ − 2401
}
+ − 2402
+ − 2403
/**
+ − 2404
* Sanitizes a page URL string so that it can safely be stored in the database.
+ − 2405
* @param string Page ID to sanitize
+ − 2406
* @return string Cleaned text
+ − 2407
*/
+ − 2408
+ − 2409
function sanitize_page_id($page_id)
+ − 2410
{
76
+ − 2411
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2412
// Remove character escapes
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2413
$page_id = dirtify_page_id($page_id);
76
+ − 2414
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2415
$pid_clean = preg_replace('/[\w\.\/:;\(\)@\[\]_-]/', 'X', $page_id);
1
+ − 2416
$pid_dirty = enano_str_split($pid_clean, 1);
76
+ − 2417
1
+ − 2418
foreach ( $pid_dirty as $id => $char )
+ − 2419
{
+ − 2420
if ( $char == 'X' )
+ − 2421
continue;
+ − 2422
$cid = ord($char);
+ − 2423
$cid = dechex($cid);
+ − 2424
$cid = strval($cid);
+ − 2425
if ( strlen($cid) < 2 )
+ − 2426
{
+ − 2427
$cid = strtoupper("0$cid");
+ − 2428
}
+ − 2429
$pid_dirty[$id] = ".$cid";
+ − 2430
}
76
+ − 2431
1
+ − 2432
$pid_chars = enano_str_split($page_id, 1);
+ − 2433
$page_id_cleaned = '';
76
+ − 2434
1
+ − 2435
foreach ( $pid_chars as $id => $char )
+ − 2436
{
+ − 2437
if ( $pid_dirty[$id] == 'X' )
+ − 2438
$page_id_cleaned .= $char;
+ − 2439
else
+ − 2440
$page_id_cleaned .= $pid_dirty[$id];
+ − 2441
}
76
+ − 2442
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2443
// global $mime_types;
76
+ − 2444
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2445
// $exts = array_keys($mime_types);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2446
// $exts = '(' . implode('|', $exts) . ')';
76
+ − 2447
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2448
// $page_id_cleaned = preg_replace('/\.2e' . $exts . '$/', '.\\1', $page_id_cleaned);
76
+ − 2449
1
+ − 2450
return $page_id_cleaned;
+ − 2451
}
+ − 2452
+ − 2453
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2454
* Removes character escapes in a page ID string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2455
* @param string Page ID string to dirty up
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2456
* @return string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2457
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2458
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2459
function dirtify_page_id($page_id)
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2460
{
38
+ − 2461
global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 2462
// First, replace spaces with underscores
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2463
$page_id = str_replace(' ', '_', $page_id);
76
+ − 2464
38
+ − 2465
// Exception for userpages for IP addresses
+ − 2466
if ( preg_match('/^' . preg_quote($paths->nslist['User']) . '/', $page_id) )
+ − 2467
{
+ − 2468
$ip = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $page_id);
+ − 2469
if ( is_valid_ip($ip) )
+ − 2470
return $page_id;
+ − 2471
}
76
+ − 2472
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2473
preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
76
+ − 2474
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2475
foreach ( $matches[0] as $id => $char )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2476
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2477
$char = substr($char, 1);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2478
$char = strtolower($char);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2479
$char = intval(hexdec($char));
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2480
$char = chr($char);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2481
$page_id = str_replace($matches[0][$id], $char, $page_id);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2482
}
76
+ − 2483
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2484
return $page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2485
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2486
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2487
/**
76
+ − 2488
* Inserts commas into a number to make it more human-readable. Floating point-safe and doesn't flirt with the number like number_format() does.
1
+ − 2489
* @param int The number to process
+ − 2490
* @return string Input number with commas added
+ − 2491
*/
+ − 2492
+ − 2493
function commatize($num)
+ − 2494
{
+ − 2495
$num = (string)$num;
+ − 2496
if ( strpos($num, '.') )
+ − 2497
{
+ − 2498
$whole = explode('.', $num);
+ − 2499
$num = $whole[0];
+ − 2500
$dec = $whole[1];
+ − 2501
}
+ − 2502
else
+ − 2503
{
+ − 2504
$whole = $num;
+ − 2505
}
+ − 2506
$offset = ( strlen($num) ) % 3;
+ − 2507
$len = strlen($num);
+ − 2508
$offset = ( $offset == 0 )
+ − 2509
? 3
+ − 2510
: $offset;
+ − 2511
for ( $i = $offset; $i < $len; $i=$i+3 )
+ − 2512
{
+ − 2513
$num = substr($num, 0, $i) . ',' . substr($num, $i, $len);
+ − 2514
$len = strlen($num);
+ − 2515
$i++;
+ − 2516
}
+ − 2517
if ( isset($dec) )
+ − 2518
{
+ − 2519
return $num . '.' . $dec;
+ − 2520
}
+ − 2521
else
+ − 2522
{
+ − 2523
return $num;
+ − 2524
}
+ − 2525
}
+ − 2526
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2527
/**
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2528
* Injects a string into another string at the specified position.
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2529
* @param string The haystack
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2530
* @param string The needle
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2531
* @param int Position at which to insert the needle
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2532
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2533
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2534
function inject_substr($haystack, $needle, $pos)
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2535
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2536
$str1 = substr($haystack, 0, $pos);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2537
$pos++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2538
$str2 = substr($haystack, $pos);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2539
return "{$str1}{$needle}{$str2}";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2540
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2541
38
+ − 2542
/**
+ − 2543
* Tells if a given IP address is valid.
+ − 2544
* @param string suspected IP address
+ − 2545
* @return bool true if valid, false otherwise
+ − 2546
*/
76
+ − 2547
38
+ − 2548
function is_valid_ip($ip)
+ − 2549
{
+ − 2550
// These came from phpBB3.
+ − 2551
$ipv4 = '(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])';
+ − 2552
$ipv6 = '(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))';
76
+ − 2553
38
+ − 2554
if ( preg_match("/^{$ipv4}$/", $ip) || preg_match("/^{$ipv6}$/", $ip) )
+ − 2555
return true;
+ − 2556
else
+ − 2557
return false;
+ − 2558
}
+ − 2559
48
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2560
/**
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2561
* Replaces the FIRST given occurrence of needle within haystack with thread
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2562
* @param string Needle
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2563
* @param string Thread
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2564
* @param string Haystack
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2565
*/
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2566
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2567
function str_replace_once($needle, $thread, $haystack)
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2568
{
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2569
$needle_len = strlen($needle);
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2570
for ( $i = 0; $i < strlen($haystack); $i++ )
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2571
{
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2572
$test = substr($haystack, $i, $needle_len);
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2573
if ( $test == $needle )
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2574
{
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2575
// Got it!
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2576
$upto = substr($haystack, 0, $i);
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2577
$from = substr($haystack, ( $i + $needle_len ));
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2578
$new_haystack = "{$upto}{$thread}{$from}";
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2579
return $new_haystack;
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2580
}
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2581
}
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2582
return $haystack;
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2583
}
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2584
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2585
/**
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2586
* From http://us2.php.net/urldecode - decode %uXXXX
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2587
* @param string The urlencoded string
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2588
* @return string
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2589
*/
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2590
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2591
function decode_unicode_url($str)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2592
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2593
$res = '';
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2594
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2595
$i = 0;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2596
$max = strlen($str) - 6;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2597
while ($i <= $max)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2598
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2599
$character = $str[$i];
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2600
if ($character == '%' && $str[$i + 1] == 'u')
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2601
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2602
$value = hexdec(substr($str, $i + 2, 4));
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2603
$i += 6;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2604
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2605
if ($value < 0x0080)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2606
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2607
// 1 byte: 0xxxxxxx
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2608
$character = chr($value);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2609
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2610
else if ($value < 0x0800)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2611
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2612
// 2 bytes: 110xxxxx 10xxxxxx
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2613
$character =
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2614
chr((($value & 0x07c0) >> 6) | 0xc0)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2615
. chr(($value & 0x3f) | 0x80);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2616
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2617
else
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2618
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2619
// 3 bytes: 1110xxxx 10xxxxxx 10xxxxxx
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2620
$character =
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2621
chr((($value & 0xf000) >> 12) | 0xe0)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2622
. chr((($value & 0x0fc0) >> 6) | 0x80)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2623
. chr(($value & 0x3f) | 0x80);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2624
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2625
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2626
else
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2627
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2628
$i++;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2629
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2630
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2631
$res .= $character;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2632
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2633
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2634
return $res . substr($str, $i);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2635
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2636
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2637
/**
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2638
* Recursively decodes an array with UTF-8 characters in its strings
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2639
* @param array Can be multi-depth
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2640
* @return array
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2641
*/
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2642
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2643
function decode_unicode_array($array)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2644
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2645
foreach ( $array as $i => $val )
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2646
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2647
if ( is_string($val) )
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2648
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2649
$array[$i] = decode_unicode_url($val);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2650
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2651
else
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2652
{
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2653
$array[$i] = decode_unicode_array($val);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2654
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2655
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2656
return $array;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2657
}
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2658
1
+ − 2659
//die('<pre>Original: 01010101010100101010100101010101011010'."\nProcessed: ".uncompress_bitfield(compress_bitfield('01010101010100101010100101010101011010')).'</pre>');
+ − 2660
+ − 2661
?>