1
+ − 1 <?php
+ − 2
+ − 3 /*
+ − 4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 5 * Version 1.0.1 (Loch Ness)
1
+ − 6 * Copyright (C) 2006-2007 Dan Fuhry
+ − 7 *
+ − 8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10 *
+ − 11 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13 */
22
+ − 14
+ − 15 /**
+ − 16 * Fetch a value from the site configuration.
+ − 17 * @param string The identifier of the value ("site_name" etc.)
+ − 18 * @return string Configuration value, or bool(false) if the value is not set
+ − 19 */
+ − 20
+ − 21 function getConfig($n)
+ − 22 {
1
+ − 23 global $enano_config;
22
+ − 24 if ( isset( $enano_config[ $n ] ) )
+ − 25 {
+ − 26 return $enano_config[$n];
+ − 27 }
+ − 28 else
+ − 29 {
+ − 30 return false;
+ − 31 }
1
+ − 32 }
+ − 33
22
+ − 34 /**
+ − 35 * Update or change a configuration value.
+ − 36 * @param string The identifier of the value ("site_name" etc.)
+ − 37 * @param string The new value
+ − 38 * @return null
+ − 39 */
+ − 40
+ − 41 function setConfig($n, $v)
+ − 42 {
76
+ − 43
1
+ − 44 global $enano_config, $db;
+ − 45 $enano_config[$n] = $v;
+ − 46 $v = $db->escape($v);
76
+ − 47
22
+ − 48 $e = $db->sql_query('DELETE FROM '.table_prefix.'config WHERE config_name=\''.$n.'\';');
+ − 49 if ( !$e )
+ − 50 {
+ − 51 $db->_die('Error during generic setConfig() call row deletion.');
+ − 52 }
76
+ − 53
22
+ − 54 $e = $db->sql_query('INSERT INTO '.table_prefix.'config(config_name, config_value) VALUES(\''.$n.'\', \''.$v.'\')');
+ − 55 if ( !$e )
+ − 56 {
+ − 57 $db->_die('Error during generic setConfig() call row insertion.');
+ − 58 }
1
+ − 59 }
+ − 60
22
+ − 61 /**
+ − 62 * Create a URI for an internal link.
+ − 63 * @param string The full identifier of the page to link to (Special:Administration)
+ − 64 * @param string The GET query string to append
+ − 65 * @param bool If true, perform htmlspecialchars() on the return value to make it HTML-safe
+ − 66 * @return string
+ − 67 */
+ − 68
1
+ − 69 function makeUrl($t, $query = false, $escape = false)
+ − 70 {
+ − 71 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 72 $flags = '';
+ − 73 $sep = urlSeparator;
22
+ − 74 if ( isset($_GET['printable'] ) )
+ − 75 {
+ − 76 $flags .= $sep . 'printable=yes';
+ − 77 $sep = '&';
+ − 78 }
+ − 79 if ( isset($_GET['theme'] ) )
+ − 80 {
+ − 81 $flags .= $sep . 'theme='.$session->theme;
+ − 82 $sep = '&';
+ − 83 }
+ − 84 if ( isset($_GET['style'] ) ) {
76
+ − 85 $flags .= $sep . 'style='.$session->style;
22
+ − 86 $sep = '&';
+ − 87 }
76
+ − 88
1
+ − 89 $url = $session->append_sid(contentPath.$t.$flags);
+ − 90 if($query)
+ − 91 {
+ − 92 $sep = strstr($url, '?') ? '&' : '?';
+ − 93 $url = $url . $sep . $query;
+ − 94 }
76
+ − 95
1
+ − 96 return ($escape) ? htmlspecialchars($url) : $url;
+ − 97 }
+ − 98
22
+ − 99 /**
+ − 100 * Create a URI for an internal link, and be namespace-friendly. Watch out for this one because it's different from most other Enano functions, in that the namespace is the first parameter.
+ − 101 * @param string The namespace ID
+ − 102 * @param string The page ID
+ − 103 * @param string The GET query string to append
+ − 104 * @param bool If true, perform htmlspecialchars() on the return value to make it HTML-safe
+ − 105 * @return string
+ − 106 */
+ − 107
1
+ − 108 function makeUrlNS($n, $t, $query = false, $escape = false)
+ − 109 {
+ − 110 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 111 $flags = '';
76
+ − 112
1
+ − 113 if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 114 {
22
+ − 115 $sep = urlSeparator;
1
+ − 116 }
+ − 117 else
+ − 118 {
22
+ − 119 $sep = (strstr($_SERVER['REQUEST_URI'], '?')) ? '&' : '?';
+ − 120 }
+ − 121 if ( isset( $_GET['printable'] ) ) {
+ − 122 $flags .= $sep . 'printable';
+ − 123 $sep = '&';
+ − 124 }
76
+ − 125 if ( isset( $_GET['theme'] ) )
22
+ − 126 {
+ − 127 $flags .= $sep . 'theme='.$session->theme;
+ − 128 $sep = '&';
+ − 129 }
+ − 130 if ( isset( $_GET['style'] ) )
+ − 131 {
+ − 132 $flags .= $sep . 'style='.$session->style;
+ − 133 $sep = '&';
+ − 134 }
76
+ − 135
22
+ − 136 if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 137 {
+ − 138 $url = contentPath . $paths->nslist[$n] . $t . $flags;
+ − 139 }
+ − 140 else
+ − 141 {
+ − 142 // If the path manager hasn't been initted yet, take an educated guess at what the URI should be
+ − 143 $url = contentPath . $n . ':' . $t . $flags;
1
+ − 144 }
76
+ − 145
1
+ − 146 if($query)
+ − 147 {
76
+ − 148 if(strstr($url, '?'))
22
+ − 149 {
+ − 150 $sep = '&';
+ − 151 }
+ − 152 else
+ − 153 {
+ − 154 $sep = '?';
+ − 155 }
1
+ − 156 $url = $url . $sep . $query . $flags;
+ − 157 }
76
+ − 158
1
+ − 159 if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 160 {
+ − 161 $url = $session->append_sid($url);
+ − 162 }
76
+ − 163
1
+ − 164 return ($escape) ? htmlspecialchars($url) : $url;
+ − 165 }
+ − 166
22
+ − 167 /**
+ − 168 * Create a URI for an internal link, be namespace-friendly, and add http://hostname/scriptpath to the beginning if possible. Watch out for this one because it's different from most other Enano functions, in that the namespace is the first parameter.
+ − 169 * @param string The namespace ID
+ − 170 * @param string The page ID
+ − 171 * @param string The GET query string to append
+ − 172 * @param bool If true, perform htmlspecialchars() on the return value to make it HTML-safe
+ − 173 * @return string
+ − 174 */
+ − 175
1
+ − 176 function makeUrlComplete($n, $t, $query = false, $escape = false)
+ − 177 {
+ − 178 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 179 $flags = '';
76
+ − 180
22
+ − 181 if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 182 {
+ − 183 $sep = urlSeparator;
+ − 184 }
+ − 185 else
+ − 186 {
+ − 187 $sep = (strstr($_SERVER['REQUEST_URI'], '?')) ? '&' : '?';
+ − 188 }
+ − 189 if ( isset( $_GET['printable'] ) ) {
+ − 190 $flags .= $sep . 'printable';
+ − 191 $sep = '&';
+ − 192 }
76
+ − 193 if ( isset( $_GET['theme'] ) )
22
+ − 194 {
+ − 195 $flags .= $sep . 'theme='.$session->theme;
+ − 196 $sep = '&';
+ − 197 }
+ − 198 if ( isset( $_GET['style'] ) )
+ − 199 {
+ − 200 $flags .= $sep . 'style='.$session->style;
+ − 201 $sep = '&';
+ − 202 }
76
+ − 203
22
+ − 204 if(defined('ENANO_BASE_CLASSES_INITIALIZED'))
+ − 205 {
+ − 206 $url = $session->append_sid(contentPath . $paths->nslist[$n] . $t . $flags);
+ − 207 }
+ − 208 else
+ − 209 {
+ − 210 // If the path manager hasn't been initted yet, take an educated guess at what the URI should be
+ − 211 $url = contentPath . $n . ':' . $t . $flags;
+ − 212 }
1
+ − 213 if($query)
+ − 214 {
+ − 215 if(strstr($url, '?')) $sep = '&';
+ − 216 else $sep = '?';
+ − 217 $url = $url . $sep . $query . $flags;
+ − 218 }
76
+ − 219
1
+ − 220 $baseprot = 'http' . ( isset($_SERVER['HTTPS']) ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'];
+ − 221 $url = $baseprot . $url;
76
+ − 222
1
+ − 223 return ($escape) ? htmlspecialchars($url) : $url;
+ − 224 }
+ − 225
+ − 226 /**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 227 * Tells you the title for the given page ID string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 228 * @param string Page ID string (ex: Special:Administration)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 229 * @return string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 230 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 231
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 232 function get_page_title($page_id)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 233 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 234 global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 235
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 236 $idata = RenderMan::strToPageID($page_id);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 237 $page_id_key = $paths->nslist[ $idata[1] ] . $idata[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 238 $page_data = $paths->pages[$page_id_key];
76
+ − 239 $title = ( isset($page_data['name']) ) ? ( $page_data['namespace'] == 'Article' ? '' : $paths->nslist[ $idata[1] ] ) . $page_data['name'] : $paths->nslist[$idata[1]] . str_replace('_', ' ', dirtify_page_id( $idata[0] ) );
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 240 return $title;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 241 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 242
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 243 /**
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 244 * Tells you the title for the given page ID and namespace
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 245 * @param string Page ID
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 246 * @param string Namespace
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 247 * @return string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 248 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 249
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 250 function get_page_title_ns($page_id, $namespace)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 251 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 252 global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 253
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 254 $page_id_key = $paths->nslist[ $namespace ] . $page_id;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 255 $page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 256 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$namespace] . str_replace('_', ' ', dirtify_page_id( $page_id ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 257 return $title;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 258 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 259
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 260 /**
1
+ − 261 * Redirect the user to the specified URL.
+ − 262 * @param string $url The URL, either relative or absolute.
+ − 263 * @param string $title The title of the message
+ − 264 * @param string $message A short message to show to the user
+ − 265 * @param string $timeout Timeout, in seconds, to delay the redirect. Defaults to 3.
+ − 266 */
76
+ − 267
1
+ − 268 function redirect($url, $title = 'Redirecting...', $message = 'Please wait while you are redirected.', $timeout = 3)
+ − 269 {
+ − 270 global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 271
1
+ − 272 if ( $timeout == 0 )
+ − 273 {
+ − 274 header('Location: ' . $url);
+ − 275 header('HTTP/1.1 307 Temporary Redirect');
+ − 276 }
76
+ − 277
1
+ − 278 $template->add_header('<meta http-equiv="refresh" content="' . $timeout . '; url=' . str_replace('"', '\\"', $url) . '" />');
+ − 279 $template->add_header('<script type="text/javascript">
+ − 280 function __r() {
+ − 281 // FUNCTION AUTOMATICALLY GENERATED
+ − 282 window.location="' . str_replace('"', '\\"', $url) . '";
+ − 283 }
+ − 284 setTimeout(\'__r();\', ' . $timeout . '000);
+ − 285 </script>
+ − 286 ');
76
+ − 287
1
+ − 288 $template->tpl_strings['PAGE_NAME'] = $title;
+ − 289 $template->header(true);
+ − 290 echo '<p>' . $message . '</p><p>If you are not redirected within ' . ( $timeout + 1 ) . ' seconds, <a href="' . str_replace('"', '\\"', $url) . '">please click here</a>.</p>';
+ − 291 $template->footer(true);
76
+ − 292
1
+ − 293 $db->close();
+ − 294 exit(0);
76
+ − 295
1
+ − 296 }
+ − 297
+ − 298 // Removed wikiFormat() from here, replaced with RenderMan::render
+ − 299
22
+ − 300 /**
+ − 301 * Tell me if the page exists or not.
+ − 302 * @param string the full page ID (Special:Administration) of the page to check for
+ − 303 * @return bool True if the page exists, false otherwise
+ − 304 */
+ − 305
1
+ − 306 function isPage($p) {
+ − 307 global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 308
22
+ − 309 // Try the easy way first ;-)
+ − 310 if ( isset( $paths->pages[ $p ] ) )
+ − 311 {
+ − 312 return true;
+ − 313 }
76
+ − 314
22
+ − 315 // Special case for Special, Template, and Admin pages that can't have slashes in their URIs
+ − 316 $ns_test = RenderMan::strToPageID( $p );
76
+ − 317
22
+ − 318 if($ns_test[1] != 'Special' && $ns_test[1] != 'Template' && $ns_test[1] != 'Admin')
+ − 319 {
+ − 320 return false;
+ − 321 }
76
+ − 322
22
+ − 323 $particles = explode('/', $p);
+ − 324 if ( isset ( $paths->pages[ $particles[ 0 ] ] ) )
+ − 325 {
+ − 326 return true;
+ − 327 }
+ − 328 else
+ − 329 {
+ − 330 return false;
+ − 331 }
1
+ − 332 }
+ − 333
76
+ − 334 /**
+ − 335 * These are some old functions that were used with the Midget codebase. They are deprecated and should not be used any more.
+ − 336 */
+ − 337
1
+ − 338 function arrayItemUp($arr, $keyname) {
+ − 339 $keylist = array_keys($arr);
+ − 340 $keyflop = array_flip($keylist);
+ − 341 $idx = $keyflop[$keyname];
+ − 342 $idxm = $idx - 1;
+ − 343 $temp = $arr[$keylist[$idxm]];
+ − 344 if($arr[$keylist[0]] == $arr[$keyname]) return $arr;
+ − 345 $arr[$keylist[$idxm]] = $arr[$keylist[$idx]];
+ − 346 $arr[$keylist[$idx]] = $temp;
+ − 347 return $arr;
+ − 348 }
+ − 349
+ − 350 function arrayItemDown($arr, $keyname) {
+ − 351 $keylist = array_keys($arr);
+ − 352 $keyflop = array_flip($keylist);
+ − 353 $idx = $keyflop[$keyname];
+ − 354 $idxm = $idx + 1;
+ − 355 $temp = $arr[$keylist[$idxm]];
+ − 356 $sz = sizeof($arr); $sz--;
+ − 357 if($arr[$keylist[$sz]] == $arr[$keyname]) return $arr;
+ − 358 $arr[$keylist[$idxm]] = $arr[$keylist[$idx]];
+ − 359 $arr[$keylist[$idx]] = $temp;
+ − 360 return $arr;
+ − 361 }
+ − 362
+ − 363 function arrayItemTop($arr, $keyname) {
+ − 364 $keylist = array_keys($arr);
+ − 365 $keyflop = array_flip($keylist);
+ − 366 $idx = $keyflop[$keyname];
+ − 367 while( $orig != $arr[$keylist[0]] ) {
+ − 368 // echo 'Keyname: '.$keylist[$idx] . '<br />'; flush(); ob_flush(); // Debugger
+ − 369 if($idx < 0) return $arr;
+ − 370 if($keylist[$idx] == '' || $keylist[$idx] < 0 || !$keylist[$idx]) {
+ − 371 /* echo 'Infinite loop caught in arrayItemTop(<br /><pre>';
+ − 372 print_r($arr);
+ − 373 echo '</pre><br />, '.$keyname.');<br /><br />EnanoCMS: Critical error during function call, exiting to prevent excessive server load.';
+ − 374 exit; */
+ − 375 return $arr;
+ − 376 }
+ − 377 $arr = arrayItemUp($arr, $keylist[$idx]);
+ − 378 $idx--;
+ − 379 }
+ − 380 return $arr;
+ − 381 }
+ − 382
+ − 383 function arrayItemBottom($arr, $keyname) {
+ − 384 $keylist = array_keys($arr);
+ − 385 $keyflop = array_flip($keylist);
+ − 386 $idx = $keyflop[$keyname];
+ − 387 $sz = sizeof($arr); $sz--;
+ − 388 while( $orig != $arr[$keylist[$sz]] ) {
+ − 389 // echo 'Keyname: '.$keylist[$idx] . '<br />'; flush(); ob_flush(); // Debugger
+ − 390 if($idx > $sz) return $arr;
+ − 391 if($keylist[$idx] == '' || $keylist[$idx] < 0 || !$keylist[$idx]) {
+ − 392 echo 'Infinite loop caught in arrayItemBottom(<br /><pre>';
+ − 393 print_r($arr);
+ − 394 echo '</pre><br />, '.$keyname.');<br /><br />EnanoCMS: Critical error during function call, exiting to prevent excessive server load.';
+ − 395 exit;
+ − 396 }
+ − 397 $arr = arrayItemDown($arr, $keylist[$idx]);
+ − 398 $idx++;
+ − 399 }
+ − 400 return $arr;
+ − 401 }
+ − 402
+ − 403 // Convert IP address to hex string
+ − 404 // Input: 127.0.0.1 (string)
+ − 405 // Output: 0x7f000001 (string)
+ − 406 // Updated 12/8/06 to work with PHP4 and not use eval() (blech)
+ − 407 function ip2hex($ip) {
+ − 408 if ( preg_match('/^([0-9a-f:]+)$/', $ip) )
+ − 409 {
+ − 410 // this is an ipv6 address
+ − 411 return str_replace(':', '', $ip);
+ − 412 }
+ − 413 $nums = explode('.', $ip);
+ − 414 if(sizeof($nums) != 4) return false;
+ − 415 $str = '0x';
+ − 416 foreach($nums as $n)
+ − 417 {
+ − 418 $str .= (string)dechex($n);
+ − 419 }
+ − 420 return $str;
+ − 421 }
+ − 422
+ − 423 // Convert DWord to IP address
+ − 424 // Input: 0x7f000001
+ − 425 // Output: 127.0.0.1
+ − 426 // Updated 12/8/06 to work with PHP4 and not use eval() (blech)
+ − 427 function hex2ip($in) {
+ − 428 if(substr($in, 0, 2) == '0x') $ip = substr($in, 2, 8);
+ − 429 else $ip = substr($in, 0, 8);
+ − 430 $octets = enano_str_split($ip, 2);
+ − 431 $str = '';
+ − 432 $newoct = Array();
+ − 433 foreach($octets as $o)
+ − 434 {
+ − 435 $o = (int)hexdec($o);
+ − 436 $newoct[] = $o;
+ − 437 }
+ − 438 return implode('.', $newoct);
+ − 439 }
+ − 440
+ − 441 // Function strip_php moved to RenderMan class
+ − 442
76
+ − 443 /**
+ − 444 * Immediately brings the site to a halt with an error message. Unlike grinding_halt() this can only be called after the config has been
+ − 445 * fetched (plugin developers don't even need to worry since plugins are always loaded after the config) and shows the site name and
+ − 446 * description.
+ − 447 * @param string The title of the error message
+ − 448 * @param string The body of the message, this can be HTML, and should be separated into paragraphs using the <p> tag
+ − 449 */
+ − 450
1
+ − 451 function die_semicritical($t, $p)
+ − 452 {
+ − 453 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 454 $db->close();
76
+ − 455
1
+ − 456 if ( ob_get_status() )
+ − 457 ob_end_clean();
76
+ − 458
1
+ − 459 dc_here('functions: <span style="color: red">calling die_semicritical</span>');
76
+ − 460
1
+ − 461 $tpl = new template_nodb();
+ − 462 $tpl->load_theme('oxygen', 'bleu');
+ − 463 $tpl->tpl_strings['SITE_NAME'] = getConfig('site_name');
+ − 464 $tpl->tpl_strings['SITE_DESC'] = getConfig('site_desc');
+ − 465 $tpl->tpl_strings['COPYRIGHT'] = getConfig('copyright_notice');
+ − 466 $tpl->tpl_strings['PAGE_NAME'] = $t;
+ − 467 $tpl->header();
+ − 468 echo $p;
+ − 469 $tpl->footer();
76
+ − 470
1
+ − 471 exit;
+ − 472 }
+ − 473
76
+ − 474 /**
+ − 475 * Halts Enano execution with a message. This doesn't have to be an error message, it's sometimes used to indicate success at an operation.
+ − 476 * @param string The title of the message
+ − 477 * @param string The body of the message, this can be HTML, and should be separated into paragraphs using the <p> tag
+ − 478 */
+ − 479
1
+ − 480 function die_friendly($t, $p)
+ − 481 {
+ − 482 global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 483
1
+ − 484 if ( ob_get_status() )
+ − 485 ob_end_clean();
76
+ − 486
1
+ − 487 dc_here('functions: <span style="color: red">calling die_friendly</span>');
+ − 488 $paths->cpage['name'] = $t;
+ − 489 $template->tpl_strings['PAGE_NAME'] = $t;
+ − 490 $template->header();
+ − 491 echo $p;
+ − 492 $template->footer();
+ − 493 $db->close();
76
+ − 494
1
+ − 495 exit;
+ − 496 }
+ − 497
76
+ − 498 /**
+ − 499 * Immediately brings the site to a halt with an error message, and focuses on immediately closing the database connection and shutting down Enano in the event that an attack may happen. This should only be used very early on to indicate very severe errors, or if the site may be under attack (like if the DBAL detects a malicious query). In the vast majority of cases, die_semicritical() is more appropriate.
+ − 500 * @param string The title of the error message
+ − 501 * @param string The body of the message, this can be HTML, and should be separated into paragraphs using the <p> tag
+ − 502 */
+ − 503
1
+ − 504 function grinding_halt($t, $p)
+ − 505 {
+ − 506 global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 507
1
+ − 508 $db->close();
76
+ − 509
1
+ − 510 if ( ob_get_status() )
+ − 511 ob_end_clean();
76
+ − 512
1
+ − 513 dc_here('functions: <span style="color: red">calling grinding_halt</span>');
+ − 514 $tpl = new template_nodb();
+ − 515 $tpl->load_theme('oxygen', 'bleu');
+ − 516 $tpl->tpl_strings['SITE_NAME'] = 'Critical error';
+ − 517 $tpl->tpl_strings['SITE_DESC'] = 'This website is experiencing a serious error and cannot load.';
+ − 518 $tpl->tpl_strings['COPYRIGHT'] = 'Unable to retrieve copyright information';
+ − 519 $tpl->tpl_strings['PAGE_NAME'] = $t;
+ − 520 $tpl->header();
+ − 521 echo $p;
+ − 522 $tpl->footer();
+ − 523 exit;
+ − 524 }
+ − 525
76
+ − 526 /**
+ − 527 * Prints out the categorization box found on most regular pages. Doesn't take or return anything, but assumes that the page information is already set in $paths.
+ − 528 */
+ − 529
+ − 530 /*
+ − 531 function show_category_info()
+ − 532 {
1
+ − 533 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 534 dc_here('functions: showing category info');
76
+ − 535 // if($template->no_headers && !strpos($_SERVER['REQUEST_URI'], 'ajax.php')) return '';
+ − 536 if ( $paths->namespace == 'Category' )
1
+ − 537 {
+ − 538 $q = $db->sql_query('SELECT page_id,namespace FROM '.table_prefix.'categories WHERE category_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\'Category\' ORDER BY page_id;');
+ − 539 if(!$q) $db->_die('The category information could not be selected.');
+ − 540 $ticker = -1;
+ − 541 echo '<h3>Subcategories</h3>';
+ − 542 if($db->numrows() < 1) echo '<p>There are no subcategories in this category.</p>';
+ − 543 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 544 while($row = $db->fetchrow())
+ − 545 {
76
+ − 546 $ticker++;
+ − 547 if ( $ticker == 3 )
+ − 548 {
+ − 549 $ticker = 0;
+ − 550 }
+ − 551 if ( $ticker == 0 )
+ − 552 {
+ − 553 echo '<tr>';
+ − 554 }
+ − 555 echo '<td style="width: 200px;"><a href="' . makeUrlNS($row['namespace'], $row['page_id']) . '">' . htmlspecialchars($paths->pages[$paths->nslist[$row['namespace']].$row['page_id']]['name']) . '</a></td>';
+ − 556 if ( $ticker == 2 )
+ − 557 {
+ − 558 echo '</tr>';
+ − 559 }
1
+ − 560 }
+ − 561 $db->free_result();
+ − 562 if($ticker) echo '</tr>';
+ − 563 echo '</table>';
76
+ − 564
1
+ − 565 $q = $db->sql_query('SELECT page_id,namespace FROM '.table_prefix.'categories WHERE category_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace!=\'Category\' ORDER BY page_id;');
76
+ − 566 if ( !$q )
+ − 567 {
+ − 568 $db->_die('The category information could not be selected.');
+ − 569 }
1
+ − 570 $ticker = -1;
+ − 571 echo '<h3>Pages</h3>';
76
+ − 572 if ( $db->numrows() < 1 )
+ − 573 {
+ − 574 echo '<p>There are no pages in this category.</p>';
+ − 575 }
1
+ − 576 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 577 while($row = $db->fetchrow())
+ − 578 {
76
+ − 579 $ticker += ( $ticker == 3 ) ? -3 : 1;
+ − 580 if ( $ticker == 0 )
+ − 581 {
+ − 582 echo '<tr>';
+ − 583 }
+ − 584 echo '<td style="width: 200px;"><a href="'.makeUrlNS($row['namespace'], $row['page_id']).'">'.htmlspecialchars($paths->pages[$paths->nslist[$row['namespace']].$row['page_id']]['name']).'</a></td>';
+ − 585 if ( $ticker == 2 )
+ − 586 {
+ − 587 echo '</tr>';
+ − 588 }
1
+ − 589 }
+ − 590 $db->free_result();
+ − 591 if($ticker) echo '</tr>';
+ − 592 echo '</table><br /><br />';
+ − 593 }
+ − 594 $q = $db->sql_query('SELECT category_id FROM '.table_prefix.'categories WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\'');
+ − 595 if(!$q) $db->_die('The error seems to have occurred during selection of category data.');
+ − 596 if($db->numrows() > 0) {
+ − 597 echo '<div class="mdg-comment" style="margin-left: 0;">Categories: ';
+ − 598 $i=0;
+ − 599 while($r = $db->fetchrow())
+ − 600 {
+ − 601 if($i>0) echo ', ';
+ − 602 $i++;
+ − 603 echo '<a href="'.makeUrlNS('Category', $r['category_id']).'">'.$paths->pages[$paths->nslist['Category'].$r['category_id']]['name'].'</a>';
+ − 604 }
+ − 605 if( ( $paths->wiki_mode && !$paths->page_protected ) || ( $session->get_permissions('edit_cat') && $session->get_permissions('even_when_protected') ) ) echo ' [ <a href="'.makeUrl($paths->page, 'do=catedit', true).'" onclick="ajaxCatEdit(); return false;">edit categorization</a> ]</div>';
76
+ − 606 }
+ − 607 else
+ − 608 {
1
+ − 609 echo '<div class="mdg-comment" style="margin-left: 0;">Categories: ';
+ − 610 echo '(Uncategorized)';
+ − 611 if( ( $paths->wiki_mode && !$paths->page_protected ) || ( $session->get_permissions('edit_cat') && $session->get_permissions('even_when_protected') ) ) echo ' [ <a href="'.makeUrl($paths->page, 'do=catedit', true).'" onclick="ajaxCatEdit(); return false;">edit categorization</a> ]</div>';
+ − 612 else echo '</div>';
+ − 613 }
+ − 614 $db->free_result();
+ − 615 }
76
+ − 616 */
+ − 617
+ − 618 function show_category_info()
+ − 619 {
+ − 620 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 621
+ − 622 if ( $paths->namespace == 'Category' )
+ − 623 {
+ − 624 // Show member pages and subcategories
+ − 625 $q = $db->sql_query('SELECT p.urlname, p.namespace, p.name, p.namespace=\'Category\' AS is_category FROM '.table_prefix.'categories AS c
+ − 626 LEFT JOIN '.table_prefix.'pages AS p
+ − 627 ON ( p.urlname = c.page_id AND p.namespace = c.namespace )
+ − 628 WHERE c.category_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\'
+ − 629 ORDER BY is_category DESC, p.name ASC;');
+ − 630 if ( !$q )
+ − 631 {
+ − 632 $db->_die();
+ − 633 }
+ − 634 echo '<h3>Subcategories</h3>';
+ − 635 echo '<div class="tblholder">';
+ − 636 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 637 echo '<tr>';
+ − 638 $ticker = 0;
+ − 639 $counter = 0;
+ − 640 $switched = false;
+ − 641 $class = 'row1';
+ − 642 while ( $row = $db->fetchrow() )
+ − 643 {
+ − 644 if ( $row['is_category'] == 0 && !$switched )
+ − 645 {
+ − 646 if ( $counter > 0 )
+ − 647 {
+ − 648 // Fill-in
+ − 649 while ( $ticker < 3 )
+ − 650 {
+ − 651 $ticker++;
+ − 652 echo '<td class="' . $class . '" style="width: 33.3%;"></td>';
+ − 653 }
+ − 654 }
+ − 655 else
+ − 656 {
+ − 657 echo '<td class="' . $class . '">No subcategories.</td>';
+ − 658 }
+ − 659 echo '</tr></table></div>' . "\n\n";
+ − 660 echo '<h3>Pages</h3>';
+ − 661 echo '<div class="tblholder">';
+ − 662 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 663 echo '<tr>';
+ − 664 $counter = 0;
+ − 665 $ticker = 0;
+ − 666 $switched = true;
+ − 667 }
+ − 668 $counter++;
+ − 669 $ticker++;
+ − 670 if ( $ticker == 3 )
+ − 671 {
+ − 672 echo '</tr><tr>';
+ − 673 $ticker = 0;
+ − 674 $class = ( $class == 'row3' ) ? 'row1' : 'row3';
+ − 675 }
+ − 676 echo "<td class=\"{$class}\" style=\"width: 33.3%;\">"; // " to workaround stupid jEdit bug
+ − 677
+ − 678 $link = makeUrlNS($row['namespace'], sanitize_page_id($row['urlname']));
+ − 679 echo '<a href="' . $link . '"';
+ − 680 $key = $paths->nslist[$row['namespace']] . sanitize_page_id($row['urlname']);
+ − 681 if ( !isPage( $key ) )
+ − 682 {
+ − 683 echo ' class="wikilink-nonexistent"';
+ − 684 }
+ − 685 echo '>';
+ − 686 $title = get_page_title_ns($row['urlname'], $row['namespace']);
+ − 687 echo htmlspecialchars($title);
+ − 688 echo '</a>';
+ − 689
+ − 690 echo "</td>";
+ − 691 }
+ − 692 if ( !$switched )
+ − 693 {
+ − 694 if ( $counter > 0 )
+ − 695 {
+ − 696 // Fill-in
+ − 697 while ( $ticker < 3 )
+ − 698 {
+ − 699 $ticker++;
+ − 700 echo '<td class="' . $class . '" style="width: 33.3%;"></td>';
+ − 701 }
+ − 702 }
+ − 703 else
+ − 704 {
+ − 705 echo '<td class="' . $class . '">No subcategories.</td>';
+ − 706 }
+ − 707 echo '</tr></table></div>' . "\n\n";
+ − 708 echo '<h3>Pages</h3>';
+ − 709 echo '<div class="tblholder">';
+ − 710 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 711 echo '<tr>';
+ − 712 $counter = 0;
+ − 713 $ticker = 0;
+ − 714 $switched = true;
+ − 715 }
+ − 716 if ( $counter > 0 )
+ − 717 {
+ − 718 // Fill-in
+ − 719 while ( $ticker < 3 )
+ − 720 {
+ − 721 $ticker++;
+ − 722 echo '<td class="' . $class . '" style="width: 33.3%;"></td>';
+ − 723 }
+ − 724 }
+ − 725 else
+ − 726 {
+ − 727 echo '<td class="' . $class . '">No pages in this category.</td>';
+ − 728 }
+ − 729 echo '</tr></table></div>' . "\n\n";
+ − 730 }
+ − 731
+ − 732 if ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' )
+ − 733 {
+ − 734 echo '<div class="mdg-comment" style="margin: 10px 0 0 0;">';
+ − 735 if ( $session->user_level >= USER_LEVEL_ADMIN )
+ − 736 {
+ − 737 echo '<div style="float: right;">';
+ − 738 echo '(<a href="#" onclick="ajaxCatToTag(); return false;">show page tags</a>)';
+ − 739 echo '</div>';
+ − 740 }
+ − 741 echo '<div id="mdgCatBox">Categories: ';
+ − 742
+ − 743 $where = '( c.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND c.namespace=\'' . $db->escape($paths->namespace) . '\' )';
+ − 744 $prefix = table_prefix;
+ − 745 $sql = <<<EOF
+ − 746 SELECT c.category_id FROM {$prefix}categories AS c
+ − 747 LEFT JOIN {$prefix}pages AS p
+ − 748 ON ( ( p.urlname = c.page_id AND p.namespace = c.namespace ) OR ( p.urlname IS NULL AND p.namespace IS NULL ) )
+ − 749 WHERE $where
+ − 750 ORDER BY p.name ASC, c.page_id ASC;
+ − 751 EOF;
+ − 752 $q = $db->sql_query($sql);
+ − 753 if ( !$q )
+ − 754 $db->_die();
+ − 755
+ − 756 if ( $row = $db->fetchrow() )
+ − 757 {
+ − 758 $list = array();
+ − 759 do
+ − 760 {
+ − 761 $cid = sanitize_page_id($row['category_id']);
+ − 762 $title = get_page_title_ns($cid, 'Category');
+ − 763 $link = makeUrlNS('Category', $cid);
+ − 764 $list[] = '<a href="' . $link . '">' . htmlspecialchars($title) . '</a>';
+ − 765 }
+ − 766 while ( $row = $db->fetchrow() );
+ − 767 echo implode(', ', $list);
+ − 768 }
+ − 769 else
+ − 770 {
+ − 771 echo '(Uncategorized)';
+ − 772 }
+ − 773
+ − 774 $can_edit = ( $session->get_permissions('edit_cat') && ( !$paths->page_protected || $session->get_permissions('even_when_protected') ) );
+ − 775 if ( $can_edit )
+ − 776 {
+ − 777 $edit_link = '<a href="' . makeUrl($paths->page, 'do=catedit', true) . '" onclick="ajaxCatEdit(); return false;">edit categorization</a>';
+ − 778 echo ' [ ' . $edit_link . ' ]';
+ − 779 }
+ − 780
+ − 781 echo '</div></div>';
+ − 782
+ − 783 }
+ − 784
+ − 785 }
+ − 786
+ − 787 /**
+ − 788 * Prints out the file information box seen on File: pages. Doesn't take or return anything, but assumes that the page information is already set in $paths, and expects $paths->namespace to be File.
+ − 789 */
1
+ − 790
+ − 791 function show_file_info()
+ − 792 {
+ − 793 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 794 if($paths->namespace != 'File') return null; // Prevent unnecessary work
+ − 795 $selfn = $paths->cpage['urlname_nons']; // substr($paths->page, strlen($paths->nslist['File']), strlen($paths->cpage));
+ − 796 if(substr($paths->cpage['name'], 0, strlen($paths->nslist['File']))==$paths->nslist['File']) $selfn = substr($paths->cpage['urlname_nons'], strlen($paths->nslist['File']), strlen($paths->cpage['urlname_nons']));
+ − 797 $q = $db->sql_query('SELECT mimetype,time_id,size FROM '.table_prefix.'files WHERE page_id=\''.$selfn.'\' ORDER BY time_id DESC;');
+ − 798 if(!$q) $db->_die('The file type could not be fetched.');
+ − 799 if($db->numrows() < 1) { echo '<div class="mdg-comment" style="margin-left: 0;"><h3>Uploaded file</h3><p>There are no files uploaded with this name yet. <a href="'.makeUrlNS('Special', 'UploadFile/'.$paths->cpage['urlname_nons']).'">Upload a file...</a></p></div><br />'; return; }
+ − 800 $r = $db->fetchrow();
+ − 801 $mimetype = $r['mimetype'];
+ − 802 $datestring = date('F d, Y h:i a', (int)$r['time_id']);
+ − 803 echo '<div class="mdg-comment" style="margin-left: 0;"><p><h3>Uploaded file</h3></p><p>Type: '.$r['mimetype'].'<br />Size: ';
+ − 804 $fs = $r['size'];
+ − 805 echo $fs.' bytes';
+ − 806 $fs = (int)$fs;
+ − 807 if($fs >= 1048576)
+ − 808 {
+ − 809 $fs = round($fs / 1048576, 1);
+ − 810 echo ' ('.$fs.' MB)';
+ − 811 } elseif($fs >= 1024) {
+ − 812 $fs = round($fs / 1024, 1);
+ − 813 echo ' ('.$fs.' KB)';
+ − 814 }
+ − 815 echo '<br />Uploaded: '.$datestring.'</p>';
+ − 816 if(substr($mimetype, 0, 6)!='image/' && ( substr($mimetype, 0, 5) != 'text/' || $mimetype == 'text/html' || $mimetype == 'text/javascript' ))
+ − 817 {
+ − 818 echo '<div class="warning-box">This file type may contain viruses or other code that could harm your computer. You should exercise caution if you download it.</div>';
+ − 819 }
+ − 820 if(substr($mimetype, 0, 6)=='image/')
+ − 821 {
+ − 822 echo '<p><a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn).'"><img style="border: 0;" alt="'.$paths->page.'" src="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.htmlspecialchars(urlSeparator).'preview').'" /></a></p>';
+ − 823 }
+ − 824 echo '<p><a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.'/'.$r['time_id'].htmlspecialchars(urlSeparator).'download').'">Download this file</a>';
+ − 825 if(!$paths->page_protected && ( $paths->wiki_mode || $session->get_permissions('upload_new_version') ))
+ − 826 {
+ − 827 echo ' | <a href="'.makeUrlNS('Special', 'UploadFile'.'/'.$selfn).'">Upload new version</a>';
+ − 828 }
+ − 829 echo '</p>';
+ − 830 if($db->numrows() > 1)
+ − 831 {
+ − 832 echo '<h3>File history</h3><p>';
+ − 833 while($r = $db->fetchrow())
+ − 834 {
+ − 835 echo '(<a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.'/'.$r['time_id'].htmlspecialchars(urlSeparator).'download').'">this ver</a>) ';
+ − 836 if($session->get_permissions('history_rollback'))
+ − 837 echo ' (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert</a>) ';
+ − 838 $mimetype = $r['mimetype'];
+ − 839 $datestring = date('F d, Y h:i a', (int)$r['time_id']);
+ − 840 echo $datestring.': '.$r['mimetype'].', ';
+ − 841 $fs = $r['size'];
+ − 842 $fs = (int)$fs;
+ − 843 if($fs >= 1048576)
+ − 844 {
+ − 845 $fs = round($fs / 1048576, 1);
+ − 846 echo ' '.$fs.' MB';
+ − 847 } elseif($fs >= 1024) {
+ − 848 $fs = round($fs / 1024, 1);
+ − 849 echo ' '.$fs.' KB';
+ − 850 } else {
+ − 851 echo ' '.$fs.' bytes';
+ − 852 }
+ − 853 echo '<br />';
+ − 854 }
+ − 855 echo '</p>';
+ − 856 }
+ − 857 $db->free_result();
+ − 858 echo '</div><br />';
+ − 859 }
+ − 860
76
+ − 861 /**
+ − 862 * Shows header information on the current page. Currently this is only the delete-vote feature. Doesn't take or return anything, but assumes that the page information is already set in $paths.
+ − 863 */
+ − 864
1
+ − 865 function display_page_headers()
+ − 866 {
+ − 867 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 868 if($session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0)
+ − 869 {
+ − 870 $hr = implode(', ', explode('|', $paths->cpage['delvote_ips']));
+ − 871 $is = 'is';
+ − 872 $s = '';
+ − 873 $s2 = 's';
+ − 874 if ( $paths->cpage['delvotes'] > 1)
+ − 875 {
+ − 876 $is = 'are';
+ − 877 $s = 's';
+ − 878 $s2 = '';
+ − 879 }
+ − 880 echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;" id="mdgDeleteVoteNoticeBox">
+ − 881 <b>Notice:</b> There '.$is.' '.$paths->cpage['delvotes'].' user'.$s.' that think'.$s2.' this page should be deleted.<br />
+ − 882 <b>Users that voted:</b> ' . $hr . '<br />
+ − 883 <a href="'.makeUrl($paths->page, 'do=deletepage').'" onclick="ajaxDeletePage(); return false;">Delete page</a> | <a href="'.makeUrl($paths->page, 'do=resetvotes').'" onclick="ajaxResetDelVotes(); return false;">Reset votes</a>
+ − 884 </div>';
+ − 885 }
+ − 886 }
+ − 887
76
+ − 888 /**
+ − 889 * Displays page footer information including file and category info. This also has the send_page_footers hook. Doesn't take or return anything, but assumes that the page information is already set in $paths.
+ − 890 */
+ − 891
1
+ − 892 function display_page_footers()
+ − 893 {
+ − 894 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 895 if(isset($_GET['nofooters'])) return;
+ − 896 $code = $plugins->setHook('send_page_footers');
+ − 897 foreach ( $code as $cmd )
+ − 898 {
+ − 899 eval($cmd);
+ − 900 }
+ − 901 show_file_info();
+ − 902 show_category_info();
+ − 903 }
+ − 904
76
+ − 905 /**
+ − 906 * Deprecated, do not use.
+ − 907 */
+ − 908
1
+ − 909 function password_prompt($id = false)
+ − 910 {
+ − 911 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 912 if(!$id) $id = $paths->page;
+ − 913 if(isset($paths->pages[$id]['password']) && strlen($paths->pages[$id]['password']) == 40 && !isset($_REQUEST['pagepass']))
+ − 914 {
+ − 915 die_friendly('Password required', '<p>You must supply a password to access this page.</p><form action="'.makeUrl($paths->pages[$id]['urlname']).'" method="post"><p>Password: <input name="pagepass" type="password" /></p><p><input type="submit" value="Submit" /></p>');
+ − 916 } elseif(isset($_REQUEST['pagepass'])) {
+ − 917 $p = (preg_match('#^([a-f0-9]*){40}$#', $_REQUEST['pagepass'])) ? $_REQUEST['pagepass'] : sha1($_REQUEST['pagepass']);
+ − 918 if($p != $paths->pages[$id]['password']) die_friendly('Password required', '<p style="color: red;">The password you entered is incorrect.</p><form action="'.makeUrl($paths->page).'" method="post"><p>Password: <input name="pagepass" type="password" /></p><p><input type="submit" value="Submit" /></p>');
+ − 919 }
+ − 920 }
+ − 921
76
+ − 922 /**
+ − 923 * Some sort of primitive hex converter from back in the day. Deprecated, do not use.
+ − 924 * @param string Text to encode
+ − 925 * @return string
+ − 926 */
+ − 927
1
+ − 928 function str_hex($string){
+ − 929 $hex='';
+ − 930 for ($i=0; $i < strlen($string); $i++){
+ − 931 $hex .= ' '.dechex(ord($string[$i]));
+ − 932 }
+ − 933 return substr($hex, 1, strlen($hex));
+ − 934 }
+ − 935
76
+ − 936 /**
+ − 937 * Essentially an return code reader for a socket. Don't use this unless you're writing mail code and smtp_send_email doesn't cut it. Ported from phpBB's smtp.php.
+ − 938 * @param socket A socket resource
+ − 939 * @param string The expected response from the server, this needs to be exactly three characters.
+ − 940 */
+ − 941
+ − 942 function smtp_get_response($socket, $response, $line = __LINE__)
1
+ − 943 {
76
+ − 944 $server_response = '';
+ − 945 while (substr($server_response, 3, 1) != ' ')
+ − 946 {
+ − 947 if (!($server_response = fgets($socket, 256)))
+ − 948 {
1
+ − 949 die_friendly('SMTP Error', "<p>Couldn't get mail server response codes</p>");
76
+ − 950 }
+ − 951 }
1
+ − 952
76
+ − 953 if (!(substr($server_response, 0, 3) == $response))
+ − 954 {
1
+ − 955 die_friendly('SMTP Error', "<p>Ran into problems sending mail. Response: $server_response</p>");
76
+ − 956 }
1
+ − 957 }
+ − 958
76
+ − 959 /**
+ − 960 * Wrapper for smtp_send_email_core that takes the sender as the fourth parameter instead of additional headers.
+ − 961 * @param string E-mail address to send to
+ − 962 * @param string Subject line
+ − 963 * @param string The body of the message
+ − 964 * @param string Address of the sender
+ − 965 */
+ − 966
1
+ − 967 function smtp_send_email($to, $subject, $message, $from)
+ − 968 {
+ − 969 return smtp_send_email_core($to, $subject, $message, "From: <$from>\n");
+ − 970 }
+ − 971
76
+ − 972 /**
+ − 973 * Replacement or substitute for PHP's mail() builtin function.
+ − 974 * @param string E-mail address to send to
+ − 975 * @param string Subject line
+ − 976 * @param string The body of the message
+ − 977 * @param string Message headers, separated by a single newline ("\n")
+ − 978 * @copyright (C) phpBB Group
+ − 979 * @license GPL
+ − 980 */
+ − 981
1
+ − 982 function smtp_send_email_core($mail_to, $subject, $message, $headers = '')
+ − 983 {
76
+ − 984 // Fix any bare linefeeds in the message to make it RFC821 Compliant.
+ − 985 $message = preg_replace("#(?<!\r)\n#si", "\r\n", $message);
1
+ − 986
76
+ − 987 if ($headers != '')
+ − 988 {
+ − 989 if (is_array($headers))
+ − 990 {
+ − 991 if (sizeof($headers) > 1)
+ − 992 {
+ − 993 $headers = join("\n", $headers);
+ − 994 }
+ − 995 else
+ − 996 {
+ − 997 $headers = $headers[0];
+ − 998 }
+ − 999 }
+ − 1000 $headers = chop($headers);
1
+ − 1001
76
+ − 1002 // Make sure there are no bare linefeeds in the headers
+ − 1003 $headers = preg_replace('#(?<!\r)\n#si', "\r\n", $headers);
1
+ − 1004
76
+ − 1005 // Ok this is rather confusing all things considered,
+ − 1006 // but we have to grab bcc and cc headers and treat them differently
+ − 1007 // Something we really didn't take into consideration originally
+ − 1008 $header_array = explode("\r\n", $headers);
+ − 1009 @reset($header_array);
1
+ − 1010
76
+ − 1011 $headers = '';
+ − 1012 while(list(, $header) = each($header_array))
+ − 1013 {
+ − 1014 if (preg_match('#^cc:#si', $header))
+ − 1015 {
+ − 1016 $cc = preg_replace('#^cc:(.*)#si', '\1', $header);
+ − 1017 }
+ − 1018 else if (preg_match('#^bcc:#si', $header))
+ − 1019 {
+ − 1020 $bcc = preg_replace('#^bcc:(.*)#si', '\1', $header);
+ − 1021 $header = '';
+ − 1022 }
+ − 1023 $headers .= ($header != '') ? $header . "\r\n" : '';
+ − 1024 }
1
+ − 1025
76
+ − 1026 $headers = chop($headers);
+ − 1027 $cc = explode(', ', $cc);
+ − 1028 $bcc = explode(', ', $bcc);
+ − 1029 }
1
+ − 1030
76
+ − 1031 if (trim($subject) == '')
+ − 1032 {
+ − 1033 die_friendly(GENERAL_ERROR, "No email Subject specified");
+ − 1034 }
1
+ − 1035
76
+ − 1036 if (trim($message) == '')
+ − 1037 {
+ − 1038 die_friendly(GENERAL_ERROR, "Email message was blank");
+ − 1039 }
+ − 1040
1
+ − 1041 // setup SMTP
+ − 1042 $host = getConfig('smtp_server');
+ − 1043 if ( empty($host) )
+ − 1044 return 'No smtp_host in config';
+ − 1045 if ( strstr($host, ':' ) )
+ − 1046 {
+ − 1047 $n = explode(':', $host);
+ − 1048 $smtp_host = $n[0];
+ − 1049 $port = intval($n[1]);
+ − 1050 }
+ − 1051 else
+ − 1052 {
+ − 1053 $smtp_host = $host;
+ − 1054 $port = 25;
+ − 1055 }
76
+ − 1056
1
+ − 1057 $smtp_user = getConfig('smtp_user');
+ − 1058 $smtp_pass = getConfig('smtp_password');
+ − 1059
76
+ − 1060 // Ok we have error checked as much as we can to this point let's get on
+ − 1061 // it already.
+ − 1062 if( !$socket = @fsockopen($smtp_host, $port, $errno, $errstr, 20) )
+ − 1063 {
+ − 1064 die_friendly(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr");
+ − 1065 }
+ − 1066
+ − 1067 // Wait for reply
+ − 1068 smtp_get_response($socket, "220", __LINE__);
1
+ − 1069
76
+ − 1070 // Do we want to use AUTH?, send RFC2554 EHLO, else send RFC821 HELO
+ − 1071 // This improved as provided by SirSir to accomodate
+ − 1072 if( !empty($smtp_user) && !empty($smtp_pass) )
+ − 1073 {
+ − 1074 enano_fputs($socket, "EHLO " . $smtp_host . "\r\n");
+ − 1075 smtp_get_response($socket, "250", __LINE__);
1
+ − 1076
76
+ − 1077 enano_fputs($socket, "AUTH LOGIN\r\n");
+ − 1078 smtp_get_response($socket, "334", __LINE__);
1
+ − 1079
76
+ − 1080 enano_fputs($socket, base64_encode($smtp_user) . "\r\n");
+ − 1081 smtp_get_response($socket, "334", __LINE__);
1
+ − 1082
76
+ − 1083 enano_fputs($socket, base64_encode($smtp_pass) . "\r\n");
+ − 1084 smtp_get_response($socket, "235", __LINE__);
+ − 1085 }
+ − 1086 else
+ − 1087 {
+ − 1088 enano_fputs($socket, "HELO " . $smtp_host . "\r\n");
+ − 1089 smtp_get_response($socket, "250", __LINE__);
+ − 1090 }
1
+ − 1091
76
+ − 1092 // From this point onward most server response codes should be 250
+ − 1093 // Specify who the mail is from....
+ − 1094 enano_fputs($socket, "MAIL FROM: <" . getConfig('contact_email') . ">\r\n");
+ − 1095 smtp_get_response($socket, "250", __LINE__);
1
+ − 1096
76
+ − 1097 // Specify each user to send to and build to header.
+ − 1098 $to_header = '';
1
+ − 1099
76
+ − 1100 // Add an additional bit of error checking to the To field.
+ − 1101 $mail_to = (trim($mail_to) == '') ? 'Undisclosed-recipients:;' : trim($mail_to);
+ − 1102 if (preg_match('#[^ ]+\@[^ ]+#', $mail_to))
+ − 1103 {
+ − 1104 enano_fputs($socket, "RCPT TO: <$mail_to>\r\n");
+ − 1105 smtp_get_response($socket, "250", __LINE__);
+ − 1106 }
1
+ − 1107
76
+ − 1108 // Ok now do the CC and BCC fields...
+ − 1109 @reset($bcc);
+ − 1110 while(list(, $bcc_address) = each($bcc))
+ − 1111 {
+ − 1112 // Add an additional bit of error checking to bcc header...
+ − 1113 $bcc_address = trim($bcc_address);
+ − 1114 if (preg_match('#[^ ]+\@[^ ]+#', $bcc_address))
+ − 1115 {
+ − 1116 enano_fputs($socket, "RCPT TO: <$bcc_address>\r\n");
+ − 1117 smtp_get_response($socket, "250", __LINE__);
+ − 1118 }
+ − 1119 }
1
+ − 1120
76
+ − 1121 @reset($cc);
+ − 1122 while(list(, $cc_address) = each($cc))
+ − 1123 {
+ − 1124 // Add an additional bit of error checking to cc header
+ − 1125 $cc_address = trim($cc_address);
+ − 1126 if (preg_match('#[^ ]+\@[^ ]+#', $cc_address))
+ − 1127 {
+ − 1128 enano_fputs($socket, "RCPT TO: <$cc_address>\r\n");
+ − 1129 smtp_get_response($socket, "250", __LINE__);
+ − 1130 }
+ − 1131 }
1
+ − 1132
76
+ − 1133 // Ok now we tell the server we are ready to start sending data
+ − 1134 enano_fputs($socket, "DATA\r\n");
1
+ − 1135
76
+ − 1136 // This is the last response code we look for until the end of the message.
+ − 1137 smtp_get_response($socket, "354", __LINE__);
1
+ − 1138
76
+ − 1139 // Send the Subject Line...
+ − 1140 enano_fputs($socket, "Subject: $subject\r\n");
1
+ − 1141
76
+ − 1142 // Now the To Header.
+ − 1143 enano_fputs($socket, "To: $mail_to\r\n");
1
+ − 1144
76
+ − 1145 // Now any custom headers....
+ − 1146 enano_fputs($socket, "$headers\r\n\r\n");
1
+ − 1147
76
+ − 1148 // Ok now we are ready for the message...
+ − 1149 enano_fputs($socket, "$message\r\n");
1
+ − 1150
76
+ − 1151 // Ok the all the ingredients are mixed in let's cook this puppy...
+ − 1152 enano_fputs($socket, ".\r\n");
+ − 1153 smtp_get_response($socket, "250", __LINE__);
1
+ − 1154
76
+ − 1155 // Now tell the server we are done and close the socket...
+ − 1156 enano_fputs($socket, "QUIT\r\n");
+ − 1157 fclose($socket);
1
+ − 1158
76
+ − 1159 return TRUE;
1
+ − 1160 }
+ − 1161
+ − 1162 /**
+ − 1163 * Tell which version of Enano we're running.
+ − 1164 * @param bool $long if true, uses English version names (e.g. alpha, beta, release candidate). If false (default) uses abbreviations (1.0a1, 1.0b3, 1.0RC2, etc.)
+ − 1165 * @return string
+ − 1166 */
+ − 1167
+ − 1168 function enano_version($long = false, $no_nightly = false)
+ − 1169 {
+ − 1170 $r = getConfig('enano_version');
+ − 1171 $rc = ( $long ) ? ' release candidate ' : 'RC';
+ − 1172 $b = ( $long ) ? ' beta ' : 'b';
+ − 1173 $a = ( $long ) ? ' alpha ' : 'a';
+ − 1174 if($v = getConfig('enano_rc_version')) $r .= $rc.$v;
+ − 1175 if($v = getConfig('enano_beta_version')) $r .= $b.$v;
+ − 1176 if($v = getConfig('enano_alpha_version')) $r .= $a.$v;
+ − 1177 if ( defined('ENANO_NIGHTLY') && !$no_nightly )
+ − 1178 {
+ − 1179 $nightlytag = ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR;
+ − 1180 $nightlylong = ' nightly; build date: ' . ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR;
+ − 1181 $r = ( $long ) ? $r . $nightlylong : $r . '-nightly-' . $nightlytag;
+ − 1182 }
+ − 1183 return $r;
+ − 1184 }
+ − 1185
76
+ − 1186 /**
+ − 1187 * What kinda sh** was I thinking when I wrote this. Deprecated.
+ − 1188 */
+ − 1189
1
+ − 1190 function _dualurlenc($t) {
+ − 1191 return rawurlencode(rawurlencode($t));
+ − 1192 }
76
+ − 1193
+ − 1194 /**
+ − 1195 * Badly named function to send back eval'able Javascript code with an error message. Deprecated, use JSON instead.
+ − 1196 * @param string Message to send
+ − 1197 */
+ − 1198
1
+ − 1199 function _die($t) {
+ − 1200 $_ob = 'document.getElementById("ajaxEditContainer").innerHTML = unescape(\'' . rawurlencode('' . $t . '') . '\')';
+ − 1201 die($_ob);
+ − 1202 }
+ − 1203
76
+ − 1204 /**
+ − 1205 * Same as _die(), but sends an SQL backtrace with the error message, and doesn't halt execution.
+ − 1206 * @param string Message to send
+ − 1207 */
+ − 1208
1
+ − 1209 function jsdie($text) {
+ − 1210 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1211 $text = rawurlencode($text . "\n\nSQL Backtrace:\n" . $db->sql_backtrace());
+ − 1212 echo 'document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.$text.'\');';
+ − 1213 }
+ − 1214
+ − 1215 /**
+ − 1216 * Capitalizes the first letter of a string
+ − 1217 * @param $text string the text to be transformed
+ − 1218 * @return string
+ − 1219 */
76
+ − 1220
1
+ − 1221 function capitalize_first_letter($text)
+ − 1222 {
+ − 1223 return strtoupper(substr($text, 0, 1)) . substr($text, 1);
+ − 1224 }
+ − 1225
+ − 1226 /**
+ − 1227 * Checks if a value in a bitfield is on or off
+ − 1228 * @param $bitfield int the bit-field value
+ − 1229 * @param $value int the value to switch off
+ − 1230 * @return bool
+ − 1231 */
76
+ − 1232
1
+ − 1233 function is_bit($bitfield, $value)
+ − 1234 {
+ − 1235 return ( $bitfield & $value ) ? true : false;
+ − 1236 }
+ − 1237
+ − 1238 /**
+ − 1239 * Trims spaces/newlines from the beginning and end of a string
+ − 1240 * @param $text the text to process
+ − 1241 * @return string
+ − 1242 */
76
+ − 1243
1
+ − 1244 function trim_spaces($text)
+ − 1245 {
+ − 1246 $d = true;
+ − 1247 while($d)
+ − 1248 {
+ − 1249 $c = substr($text, 0, 1);
+ − 1250 $a = substr($text, strlen($text)-1, strlen($text));
+ − 1251 if($c == "\n" || $c == "\r" || $c == "\t" || $c == ' ') $text = substr($text, 1, strlen($text));
+ − 1252 elseif($a == "\n" || $a == "\r" || $a == "\t" || $a == ' ') $text = substr($text, 0, strlen($text)-1);
+ − 1253 else $d = false;
+ − 1254 }
+ − 1255 return $text;
+ − 1256 }
+ − 1257
+ − 1258 /**
+ − 1259 * Enano-ese equivalent of str_split() which is only found in PHP5
+ − 1260 * @param $text string the text to split
+ − 1261 * @param $inc int size of each block
+ − 1262 * @return array
+ − 1263 */
76
+ − 1264
1
+ − 1265 function enano_str_split($text, $inc = 1)
+ − 1266 {
76
+ − 1267 if($inc < 1)
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1268 {
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1269 return false;
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1270 }
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1271 if($inc >= strlen($text))
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1272 {
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1273 return Array($text);
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1274 }
1
+ − 1275 $len = ceil(strlen($text) / $inc);
+ − 1276 $ret = Array();
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1277 for ( $i = 0; $i < strlen($text); $i = $i + $inc )
1
+ − 1278 {
+ − 1279 $ret[] = substr($text, $i, $inc);
+ − 1280 }
+ − 1281 return $ret;
+ − 1282 }
+ − 1283
+ − 1284 /**
+ − 1285 * Converts a hexadecimal number to a binary string.
+ − 1286 * @param text string hexadecimal number
+ − 1287 * @return string
+ − 1288 */
+ − 1289 function hex2bin($text)
+ − 1290 {
+ − 1291 $arr = enano_str_split($text, 2);
+ − 1292 $ret = '';
+ − 1293 for ($i=0; $i<sizeof($arr); $i++)
+ − 1294 {
+ − 1295 $ret .= chr(hexdec($arr[$i]));
+ − 1296 }
+ − 1297 return $ret;
+ − 1298 }
+ − 1299
+ − 1300 /**
+ − 1301 * Generates and/or prints a human-readable backtrace
76
+ − 1302 * @param bool $return - if true, this function returns a string, otherwise returns null and prints the backtrace
1
+ − 1303 * @return mixed
+ − 1304 */
76
+ − 1305
1
+ − 1306 function enano_debug_print_backtrace($return = false)
+ − 1307 {
+ − 1308 ob_start();
+ − 1309 echo '<pre>';
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1310 if ( function_exists('debug_print_backtrace') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1311 {
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1312 debug_print_backtrace();
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1313 }
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1314 else
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1315 {
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1316 echo '<b>Warning:</b> No debug_print_backtrace() support!';
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1317 }
1
+ − 1318 echo '</pre>';
+ − 1319 $c = ob_get_contents();
+ − 1320 ob_end_clean();
+ − 1321 if($return) return $c;
+ − 1322 else echo $c;
+ − 1323 return null;
+ − 1324 }
+ − 1325
+ − 1326 /**
+ − 1327 * Like rawurlencode(), but encodes all characters
+ − 1328 * @param string $text the text to encode
+ − 1329 * @param optional string $prefix text before each hex character
+ − 1330 * @param optional string $suffix text after each hex character
+ − 1331 * @return string
+ − 1332 */
76
+ − 1333
1
+ − 1334 function hexencode($text, $prefix = '%', $suffix = '')
+ − 1335 {
+ − 1336 $arr = enano_str_split($text);
+ − 1337 $r = '';
+ − 1338 foreach($arr as $a)
+ − 1339 {
+ − 1340 $nibble = (string)dechex(ord($a));
+ − 1341 if(strlen($nibble) == 1) $nibble = '0' . $nibble;
+ − 1342 $r .= $prefix . $nibble . $suffix;
+ − 1343 }
+ − 1344 return $r;
+ − 1345 }
+ − 1346
+ − 1347 /**
+ − 1348 * Enano-ese equivalent of get_magic_quotes_gpc()
+ − 1349 * @return bool
+ − 1350 */
76
+ − 1351
1
+ − 1352 function enano_get_magic_quotes_gpc()
+ − 1353 {
+ − 1354 if(function_exists('get_magic_quotes_gpc'))
+ − 1355 {
+ − 1356 return ( get_magic_quotes_gpc() == 1 );
+ − 1357 }
+ − 1358 else
+ − 1359 {
+ − 1360 return ( strtolower(@ini_get('magic_quotes_gpc')) == '1' );
+ − 1361 }
+ − 1362 }
+ − 1363
+ − 1364 /**
+ − 1365 * Recursive stripslashes()
+ − 1366 * @param array
+ − 1367 * @return array
+ − 1368 */
76
+ − 1369
1
+ − 1370 function stripslashes_recurse($arr)
+ − 1371 {
+ − 1372 foreach($arr as $k => $xxxx)
+ − 1373 {
+ − 1374 $val =& $arr[$k];
+ − 1375 if(is_string($val))
+ − 1376 $val = stripslashes($val);
+ − 1377 elseif(is_array($val))
+ − 1378 $val = stripslashes_recurse($val);
+ − 1379 }
+ − 1380 return $arr;
+ − 1381 }
+ − 1382
+ − 1383 /**
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1384 * Recursive function to remove all NUL bytes from a string
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1385 * @param array
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1386 * @return array
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1387 */
76
+ − 1388
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1389 function strip_nul_chars($arr)
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1390 {
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1391 foreach($arr as $k => $xxxx_unused)
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1392 {
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1393 $val =& $arr[$k];
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1394 if(is_string($val))
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1395 $val = str_replace("\000", '', $val);
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1396 elseif(is_array($val))
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1397 $val = strip_nul_chars($val);
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1398 }
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1399 return $arr;
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1400 }
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1401
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1402 /**
76
+ − 1403 * If magic_quotes_gpc is on, calls stripslashes() on everything in $_GET/$_POST/$_COOKIE. Also strips any NUL characters from incoming requests, as these are typically malicious.
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
diff
changeset
+ − 1404 * @ignore - this doesn't work too well in my tests
1
+ − 1405 * @todo port version from the PHP manual
+ − 1406 * @return void
+ − 1407 */
+ − 1408 function strip_magic_quotes_gpc()
+ − 1409 {
+ − 1410 if(enano_get_magic_quotes_gpc())
+ − 1411 {
40
+ − 1412 $_POST = stripslashes_recurse($_POST);
+ − 1413 $_GET = stripslashes_recurse($_GET);
+ − 1414 $_COOKIE = stripslashes_recurse($_COOKIE);
+ − 1415 $_REQUEST = stripslashes_recurse($_REQUEST);
1
+ − 1416 }
40
+ − 1417 $_POST = strip_nul_chars($_POST);
+ − 1418 $_GET = strip_nul_chars($_GET);
+ − 1419 $_COOKIE = strip_nul_chars($_COOKIE);
+ − 1420 $_REQUEST = strip_nul_chars($_REQUEST);
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1421 $_POST = decode_unicode_array($_POST);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1422 $_GET = decode_unicode_array($_GET);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1423 $_COOKIE = decode_unicode_array($_COOKIE);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1424 $_REQUEST = decode_unicode_array($_REQUEST);
1
+ − 1425 }
+ − 1426
+ − 1427 /**
+ − 1428 * A very basic single-character compression algorithm for binary strings/bitfields
76
+ − 1429 * @param string $bits the text to compress, should be only 1s and 0s
1
+ − 1430 * @return string
+ − 1431 */
76
+ − 1432
1
+ − 1433 function compress_bitfield($bits)
+ − 1434 {
+ − 1435 $crc32 = crc32($bits);
+ − 1436 $bits .= '0';
+ − 1437 $start_pos = 0;
+ − 1438 $current = substr($bits, 1, 1);
+ − 1439 $last = substr($bits, 0, 1);
+ − 1440 $chunk_size = 1;
+ − 1441 $len = strlen($bits);
+ − 1442 $crc = $len;
+ − 1443 $crcval = 0;
+ − 1444 for ( $i = 1; $i < $len; $i++ )
+ − 1445 {
+ − 1446 $current = substr($bits, $i, 1);
+ − 1447 $last = substr($bits, $i - 1, 1);
+ − 1448 $next = substr($bits, $i + 1, 1);
+ − 1449 // Are we on the last character?
+ − 1450 if($current == $last && $i+1 < $len)
+ − 1451 $chunk_size++;
+ − 1452 else
+ − 1453 {
+ − 1454 if($i+1 == $len && $current == $next)
+ − 1455 {
+ − 1456 // This character completes a chunk
+ − 1457 $chunk_size++;
+ − 1458 $i++;
+ − 1459 $chunk = substr($bits, $start_pos, $chunk_size);
+ − 1460 $chunklen = strlen($chunk);
+ − 1461 $newchunk = $last . '[' . $chunklen . ']';
+ − 1462 $newlen = strlen($newchunk);
+ − 1463 $bits = substr($bits, 0, $start_pos) . $newchunk . substr($bits, $i, $len);
+ − 1464 $chunk_size = 1;
+ − 1465 $i = $start_pos + $newlen;
+ − 1466 $start_pos = $i;
+ − 1467 $len = strlen($bits);
+ − 1468 $crcval = $crcval + $chunklen;
+ − 1469 }
+ − 1470 else
+ − 1471 {
+ − 1472 // Last character completed a chunk
+ − 1473 $chunk = substr($bits, $start_pos, $chunk_size);
+ − 1474 $chunklen = strlen($chunk);
+ − 1475 $newchunk = $last . '[' . $chunklen . '],';
+ − 1476 $newlen = strlen($newchunk);
+ − 1477 $bits = substr($bits, 0, $start_pos) . $newchunk . substr($bits, $i, $len);
+ − 1478 $chunk_size = 1;
+ − 1479 $i = $start_pos + $newlen;
+ − 1480 $start_pos = $i;
+ − 1481 $len = strlen($bits);
+ − 1482 $crcval = $crcval + $chunklen;
+ − 1483 }
+ − 1484 }
+ − 1485 }
+ − 1486 if($crc != $crcval)
+ − 1487 {
+ − 1488 echo __FUNCTION__.'(): ERROR: length check failed, this is a bug in the algorithm<br />Debug info: aiming for a CRC val of '.$crc.', got '.$crcval;
+ − 1489 return false;
+ − 1490 }
+ − 1491 $compressed = 'cbf:len='.$crc.';crc='.dechex($crc32).';data='.$bits.'|end';
+ − 1492 return $compressed;
+ − 1493 }
+ − 1494
+ − 1495 /**
+ − 1496 * Uncompresses a bitfield compressed with compress_bitfield()
+ − 1497 * @param string $bits the compressed bitfield
+ − 1498 * @return string the uncompressed, original (we hope) bitfield OR bool false on error
+ − 1499 */
76
+ − 1500
1
+ − 1501 function uncompress_bitfield($bits)
+ − 1502 {
+ − 1503 if(substr($bits, 0, 4) != 'cbf:')
+ − 1504 {
+ − 1505 echo __FUNCTION__.'(): ERROR: Invalid stream';
+ − 1506 return false;
+ − 1507 }
+ − 1508 $len = intval(substr($bits, strpos($bits, 'len=')+4, strpos($bits, ';')-strpos($bits, 'len=')-4));
+ − 1509 $crc = substr($bits, strpos($bits, 'crc=')+4, 8);
+ − 1510 $data = substr($bits, strpos($bits, 'data=')+5, strpos($bits, '|end')-strpos($bits, 'data=')-5);
+ − 1511 $data = explode(',', $data);
+ − 1512 foreach($data as $a => $b)
+ − 1513 {
+ − 1514 $d =& $data[$a];
+ − 1515 $char = substr($d, 0, 1);
+ − 1516 $dlen = intval(substr($d, 2, strlen($d)-1));
+ − 1517 $s = '';
+ − 1518 for($i=0;$i<$dlen;$i++,$s.=$char);
+ − 1519 $d = $s;
+ − 1520 unset($s, $dlen, $char);
+ − 1521 }
+ − 1522 $decompressed = implode('', $data);
+ − 1523 $decompressed = substr($decompressed, 0, -1);
+ − 1524 $dcrc = (string)dechex(crc32($decompressed));
+ − 1525 if($dcrc != $crc)
+ − 1526 {
+ − 1527 echo __FUNCTION__.'(): ERROR: CRC check failed<br />debug info:<br />original crc: '.$crc.'<br />decomp\'ed crc: '.$dcrc.'<br />';
+ − 1528 return false;
+ − 1529 }
+ − 1530 return $decompressed;
+ − 1531 }
+ − 1532
+ − 1533 /**
+ − 1534 * Exports a MySQL table into a SQL string.
+ − 1535 * @param string $table The name of the table to export
+ − 1536 * @param bool $structure If true, include a CREATE TABLE command
+ − 1537 * @param bool $data If true, include the contents of the table
+ − 1538 * @param bool $compact If true, omits newlines between parts of SQL statements, use in Enano database exporter
+ − 1539 * @return string
+ − 1540 */
+ − 1541
+ − 1542 function export_table($table, $structure = true, $data = true, $compact = false)
+ − 1543 {
+ − 1544 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1545 $struct_keys = '';
+ − 1546 $divider = (!$compact) ? "\n" : "\n";
+ − 1547 $spacer1 = (!$compact) ? "\n" : " ";
+ − 1548 $spacer2 = (!$compact) ? " " : " ";
+ − 1549 $rowspacer = (!$compact) ? "\n " : " ";
+ − 1550 $index_list = Array();
+ − 1551 $cols = $db->sql_query('SHOW COLUMNS IN '.$table.';');
+ − 1552 if(!$cols)
+ − 1553 {
+ − 1554 echo 'export_table(): Error getting column list: '.$db->get_error_text().'<br />';
+ − 1555 return false;
+ − 1556 }
+ − 1557 $col = Array();
+ − 1558 $sqlcol = Array();
+ − 1559 $collist = Array();
+ − 1560 $pri_keys = Array();
+ − 1561 // Using fetchrow_num() here to compensate for MySQL l10n
+ − 1562 while( $row = $db->fetchrow_num() )
+ − 1563 {
+ − 1564 $field =& $row[0];
+ − 1565 $type =& $row[1];
+ − 1566 $null =& $row[2];
+ − 1567 $key =& $row[3];
+ − 1568 $def =& $row[4];
+ − 1569 $extra =& $row[5];
+ − 1570 $col[] = Array(
+ − 1571 'name'=>$field,
+ − 1572 'type'=>$type,
+ − 1573 'null'=>$null,
+ − 1574 'key'=>$key,
+ − 1575 'default'=>$def,
+ − 1576 'extra'=>$extra,
+ − 1577 );
+ − 1578 $collist[] = $field;
+ − 1579 }
76
+ − 1580
1
+ − 1581 if ( $structure )
+ − 1582 {
+ − 1583 $db->sql_query('SET SQL_QUOTE_SHOW_CREATE = 0;');
+ − 1584 $struct = $db->sql_query('SHOW CREATE TABLE '.$table.';');
+ − 1585 if ( !$struct )
+ − 1586 $db->_die();
+ − 1587 $row = $db->fetchrow_num();
+ − 1588 $db->free_result();
+ − 1589 $struct = $row[1];
+ − 1590 $struct = preg_replace("/\n\) ENGINE=(.+)$/", "\n);", $struct);
+ − 1591 unset($row);
+ − 1592 if ( $compact )
+ − 1593 {
+ − 1594 $struct_arr = explode("\n", $struct);
+ − 1595 foreach ( $struct_arr as $i => $leg )
+ − 1596 {
+ − 1597 if ( $i == 0 )
+ − 1598 continue;
+ − 1599 $test = trim($leg);
+ − 1600 if ( empty($test) )
+ − 1601 {
+ − 1602 unset($struct_arr[$i]);
+ − 1603 continue;
+ − 1604 }
+ − 1605 $struct_arr[$i] = preg_replace('/^([\s]*)/', ' ', $leg);
+ − 1606 }
+ − 1607 $struct = implode("", $struct_arr);
+ − 1608 }
+ − 1609 }
76
+ − 1610
1
+ − 1611 // Structuring complete
+ − 1612 if($data)
+ − 1613 {
+ − 1614 $datq = $db->sql_query('SELECT * FROM '.$table.';');
+ − 1615 if(!$datq)
+ − 1616 {
+ − 1617 echo 'export_table(): Error getting column list: '.$db->get_error_text().'<br />';
+ − 1618 return false;
+ − 1619 }
+ − 1620 if($db->numrows() < 1)
+ − 1621 {
+ − 1622 if($structure) return $struct;
+ − 1623 else return '';
+ − 1624 }
+ − 1625 $rowdata = Array();
+ − 1626 $dataqs = Array();
+ − 1627 $insert_strings = Array();
+ − 1628 $z = false;
+ − 1629 while($row = $db->fetchrow_num())
+ − 1630 {
+ − 1631 $z = false;
+ − 1632 foreach($row as $i => $cell)
+ − 1633 {
+ − 1634 $str = mysql_encode_column($cell, $col[$i]['type']);
+ − 1635 $rowdata[] = $str;
+ − 1636 }
+ − 1637 $dataqs2 = implode(",$rowspacer", $dataqs) . ",$rowspacer" . '( ' . implode(', ', $rowdata) . ' )';
+ − 1638 $ins = 'INSERT INTO '.$table.'( '.implode(',', $collist).' ) VALUES' . $dataqs2 . ";";
+ − 1639 if ( strlen( $ins ) > MYSQL_MAX_PACKET_SIZE )
+ − 1640 {
+ − 1641 // We've exceeded the maximum allowed packet size for MySQL - separate this into a different query
+ − 1642 $insert_strings[] = 'INSERT INTO '.$table.'( '.implode(',', $collist).' ) VALUES' . implode(",$rowspacer", $dataqs) . ";";;
+ − 1643 $dataqs = Array('( ' . implode(', ', $rowdata) . ' )');
+ − 1644 $z = true;
+ − 1645 }
+ − 1646 else
+ − 1647 {
+ − 1648 $dataqs[] = '( ' . implode(', ', $rowdata) . ' )';
+ − 1649 }
+ − 1650 $rowdata = Array();
+ − 1651 }
+ − 1652 if ( !$z )
+ − 1653 {
+ − 1654 $insert_strings[] = 'INSERT INTO '.$table.'( '.implode(',', $collist).' ) VALUES' . implode(",$rowspacer", $dataqs) . ";";;
+ − 1655 $dataqs = Array();
+ − 1656 }
+ − 1657 $datstring = implode($divider, $insert_strings);
+ − 1658 }
+ − 1659 if($structure && !$data) return $struct;
+ − 1660 elseif(!$structure && $data) return $datstring;
+ − 1661 elseif($structure && $data) return $struct . $divider . $datstring;
+ − 1662 elseif(!$structure && !$data) return '';
+ − 1663 }
+ − 1664
+ − 1665 /**
+ − 1666 * Encodes a string value for use in an INSERT statement for given column type $type.
+ − 1667 * @access private
+ − 1668 */
76
+ − 1669
1
+ − 1670 function mysql_encode_column($input, $type)
+ − 1671 {
+ − 1672 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1673 // Decide whether to quote the string or not
+ − 1674 if(substr($type, 0, 7) == 'varchar' || $type == 'datetime' || $type == 'text' || $type == 'tinytext' || $type == 'smalltext' || $type == 'longtext' || substr($type, 0, 4) == 'char')
+ − 1675 {
+ − 1676 $str = "'" . $db->escape($input) . "'";
+ − 1677 }
+ − 1678 elseif(in_array($type, Array('blob', 'longblob', 'mediumblob', 'smallblob')) || substr($type, 0, 6) == 'binary' || substr($type, 0, 9) == 'varbinary')
+ − 1679 {
+ − 1680 $str = '0x' . hexencode($input, '', '');
+ − 1681 }
+ − 1682 elseif(is_null($input))
+ − 1683 {
+ − 1684 $str = 'NULL';
+ − 1685 }
+ − 1686 else
+ − 1687 {
+ − 1688 $str = (string)$input;
+ − 1689 }
+ − 1690 return $str;
+ − 1691 }
+ − 1692
+ − 1693 /**
+ − 1694 * Creates an associative array defining which file extensions are allowed and which ones aren't
+ − 1695 * @return array keyname will be a file extension, value will be true or false
+ − 1696 */
+ − 1697
+ − 1698 function fetch_allowed_extensions()
+ − 1699 {
+ − 1700 global $mime_types;
+ − 1701 $bits = getConfig('allowed_mime_types');
+ − 1702 if(!$bits) return Array(false);
+ − 1703 $bits = uncompress_bitfield($bits);
+ − 1704 if(!$bits) return Array(false);
+ − 1705 $bits = enano_str_split($bits, 1);
+ − 1706 $ret = Array();
+ − 1707 $mt = array_keys($mime_types);
+ − 1708 foreach($bits as $i => $b)
+ − 1709 {
+ − 1710 $ret[$mt[$i]] = ( $b == '1' ) ? true : false;
+ − 1711 }
+ − 1712 return $ret;
+ − 1713 }
+ − 1714
+ − 1715 /**
+ − 1716 * Generates a random key suitable for encryption
+ − 1717 * @param int $len the length of the key
+ − 1718 * @return string a BINARY key
+ − 1719 */
+ − 1720
+ − 1721 function randkey($len = 32)
+ − 1722 {
+ − 1723 $key = '';
+ − 1724 for($i=0;$i<$len;$i++)
+ − 1725 {
+ − 1726 $key .= chr(mt_rand(0, 255));
+ − 1727 }
+ − 1728 return $key;
+ − 1729 }
+ − 1730
+ − 1731 /**
+ − 1732 * Decodes a hex string.
+ − 1733 * @param string $hex The hex code to decode
+ − 1734 * @return string
+ − 1735 */
+ − 1736
+ − 1737 function hexdecode($hex)
+ − 1738 {
+ − 1739 $hex = enano_str_split($hex, 2);
+ − 1740 $bin_key = '';
+ − 1741 foreach($hex as $nibble)
+ − 1742 {
+ − 1743 $byte = chr(hexdec($nibble));
+ − 1744 $bin_key .= $byte;
+ − 1745 }
+ − 1746 return $bin_key;
+ − 1747 }
+ − 1748
+ − 1749 /**
+ − 1750 * Enano's own (almost) bulletproof HTML sanitizer.
+ − 1751 * @param string $html The input HTML
+ − 1752 * @return string cleaned HTML
+ − 1753 */
+ − 1754
+ − 1755 function sanitize_html($html, $filter_php = true)
+ − 1756 {
76
+ − 1757
1
+ − 1758 $html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>(.*?)</\\1>#is', '<\\1\\2\\3javascript:\\59>\\60</\\1>', $html);
+ − 1759 $html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>#is', '<\\1\\2\\3javascript:\\59>', $html);
76
+ − 1760
1
+ − 1761 if($filter_php)
+ − 1762 $html = str_replace(
+ − 1763 Array('<?php', '<?', '<%', '?>', '%>'),
+ − 1764 Array('<?php', '<?', '<%', '?>', '%>'),
+ − 1765 $html);
76
+ − 1766
1
+ − 1767 $tag_whitelist = array_keys ( setupAttributeWhitelist() );
+ − 1768 if ( !$filter_php )
+ − 1769 $tag_whitelist[] = '?php';
+ − 1770 $len = strlen($html);
+ − 1771 $in_quote = false;
+ − 1772 $quote_char = '';
+ − 1773 $tag_start = 0;
+ − 1774 $tag_name = '';
+ − 1775 $in_tag = false;
+ − 1776 $trk_name = false;
+ − 1777 for ( $i = 0; $i < $len; $i++ )
+ − 1778 {
+ − 1779 $chr = $html{$i};
+ − 1780 $prev = ( $i == 0 ) ? '' : $html{ $i - 1 };
+ − 1781 $next = ( ( $i + 1 ) == $len ) ? '' : $html { $i + 1 };
+ − 1782 if ( $in_quote && $in_tag )
+ − 1783 {
+ − 1784 if ( $quote_char == $chr && $prev != '\\' )
+ − 1785 $in_quote = false;
+ − 1786 }
+ − 1787 elseif ( ( $chr == '"' || $chr == "'" ) && $prev != '\\' && $in_tag )
+ − 1788 {
+ − 1789 $in_quote = true;
+ − 1790 $quote_char = $chr;
+ − 1791 }
+ − 1792 if ( $chr == '<' && !$in_tag && $next != '/' )
76
+ − 1793 {
1
+ − 1794 // start of a tag
+ − 1795 $tag_start = $i;
+ − 1796 $in_tag = true;
+ − 1797 $trk_name = true;
+ − 1798 }
+ − 1799 elseif ( !$in_quote && $in_tag && $chr == '>' )
+ − 1800 {
+ − 1801 $full_tag = substr($html, $tag_start, ( $i - $tag_start ) + 1 );
+ − 1802 $l = strlen($tag_name) + 2;
+ − 1803 $attribs_only = trim( substr($full_tag, $l, ( strlen($full_tag) - $l - 1 ) ) );
76
+ − 1804
1
+ − 1805 // Debugging message
+ − 1806 // echo htmlspecialchars($full_tag) . '<br />';
76
+ − 1807
1
+ − 1808 if ( !in_array($tag_name, $tag_whitelist) )
+ − 1809 {
+ − 1810 // Illegal tag
+ − 1811 //echo $tag_name . ' ';
76
+ − 1812
1
+ − 1813 $s = ( empty($attribs_only) ) ? '' : ' ';
76
+ − 1814
1
+ − 1815 $sanitized = '<' . $tag_name . $s . $attribs_only . '>';
76
+ − 1816
1
+ − 1817 $html = substr($html, 0, $tag_start) . $sanitized . substr($html, $i + 1);
+ − 1818 $html = str_replace('</' . $tag_name . '>', '</' . $tag_name . '>', $html);
+ − 1819 $new_i = $tag_start + strlen($sanitized);
76
+ − 1820
1
+ − 1821 $len = strlen($html);
+ − 1822 $i = $new_i;
76
+ − 1823
1
+ − 1824 $in_tag = false;
+ − 1825 $tag_name = '';
+ − 1826 continue;
+ − 1827 }
+ − 1828 else
+ − 1829 {
+ − 1830 if ( $tag_name == '?php' && !$filter_php )
+ − 1831 continue;
+ − 1832 $f = fixTagAttributes( $attribs_only, $tag_name );
+ − 1833 $s = ( empty($f) ) ? '' : ' ';
76
+ − 1834
1
+ − 1835 $sanitized = '<' . $tag_name . $f . '>';
+ − 1836 $new_i = $tag_start + strlen($sanitized);
76
+ − 1837
1
+ − 1838 $html = substr($html, 0, $tag_start) . $sanitized . substr($html, $i + 1);
+ − 1839 $len = strlen($html);
+ − 1840 $i = $new_i;
76
+ − 1841
1
+ − 1842 $in_tag = false;
+ − 1843 $tag_name = '';
+ − 1844 continue;
+ − 1845 }
+ − 1846 }
+ − 1847 elseif ( $in_tag && $trk_name )
+ − 1848 {
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1849 $is_alphabetical = ( strtolower($chr) != strtoupper($chr) || in_array($chr, array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9')) || $chr == '?' || $chr == '!' || $chr == '-' );
1
+ − 1850 if ( $is_alphabetical )
+ − 1851 $tag_name .= $chr;
+ − 1852 else
+ − 1853 {
+ − 1854 $trk_name = false;
+ − 1855 }
+ − 1856 }
76
+ − 1857
1
+ − 1858 }
76
+ − 1859
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1860 // Vulnerability from ha.ckers.org/xss.html:
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1861 // <script src="http://foo.com/xss.js"
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1862 // <
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1863 // The rule is so specific because everything else will have been filtered by now
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1864 $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html);
76
+ − 1865
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1866 // Unstrip comments
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1867 $html = preg_replace('/<!--([^>]*?)-->/i', '', $html);
76
+ − 1868
1
+ − 1869 return $html;
76
+ − 1870
1
+ − 1871 }
+ − 1872
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1873 /**
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1874 * Using the same parsing code as sanitize_html(), this function adds <litewiki> tags around certain block-level elements
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1875 * @param string $html The input HTML
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1876 * @return string formatted HTML
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1877 */
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1878
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1879 function wikiformat_process_block($html)
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1880 {
76
+ − 1881
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1882 $tok1 = "<litewiki>";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1883 $tok2 = "</litewiki>";
76
+ − 1884
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1885 $block_tags = array('div', 'p', 'table', 'blockquote', 'pre');
76
+ − 1886
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1887 $len = strlen($html);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1888 $in_quote = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1889 $quote_char = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1890 $tag_start = 0;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1891 $tag_name = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1892 $in_tag = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1893 $trk_name = false;
76
+ − 1894
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1895 $diag = 0;
76
+ − 1896
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1897 $block_tagname = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1898 $in_blocksec = 0;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1899 $block_start = 0;
76
+ − 1900
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1901 for ( $i = 0; $i < $len; $i++ )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1902 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1903 $chr = $html{$i};
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1904 $prev = ( $i == 0 ) ? '' : $html{ $i - 1 };
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1905 $next = ( ( $i + 1 ) == $len ) ? '' : $html { $i + 1 };
76
+ − 1906
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1907 // Are we inside of a quoted section?
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1908 if ( $in_quote && $in_tag )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1909 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1910 if ( $quote_char == $chr && $prev != '\\' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1911 $in_quote = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1912 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1913 elseif ( ( $chr == '"' || $chr == "'" ) && $prev != '\\' && $in_tag )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1914 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1915 $in_quote = true;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1916 $quote_char = $chr;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1917 }
76
+ − 1918
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1919 if ( $chr == '<' && !$in_tag && $next == '/' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1920 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1921 // Iterate through until we've got a tag name
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1922 $tag_name = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1923 $i++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1924 while(true)
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1925 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1926 $i++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1927 // echo $i . ' ';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1928 $chr = $html{$i};
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1929 $prev = ( $i == 0 ) ? '' : $html{ $i - 1 };
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1930 $next = ( ( $i + 1 ) == $len ) ? '' : $html { $i + 1 };
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1931 $tag_name .= $chr;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1932 if ( $next == '>' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1933 break;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1934 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1935 // echo '<br />';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1936 if ( in_array($tag_name, $block_tags) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1937 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1938 if ( $block_tagname == $tag_name )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1939 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1940 $in_blocksec -= 1;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1941 if ( $in_blocksec == 0 )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1942 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1943 $block_tagname = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1944 $i += 2;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1945 // echo 'Finished wiki litewiki wraparound calc at pos: ' . $i;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1946 $full_litewiki = substr($html, $block_start, ( $i - $block_start ));
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1947 $new_text = "{$tok1}{$full_litewiki}{$tok2}";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1948 $html = substr($html, 0, $block_start) . $new_text . substr($html, $i);
76
+ − 1949
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1950 $i += ( strlen($tok1) + strlen($tok2) ) - 1;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1951 $len = strlen($html);
76
+ − 1952
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1953 //die('<pre>' . htmlspecialchars($html) . '</pre>');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1954 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1955 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1956 }
76
+ − 1957
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1958 $in_tag = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1959 $in_quote = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1960 $tag_name = '';
76
+ − 1961
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1962 continue;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1963 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1964 else if ( $chr == '<' && !$in_tag && $next != '/' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1965 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1966 // start of a tag
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1967 $tag_start = $i;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1968 $in_tag = true;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1969 $trk_name = true;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1970 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1971 else if ( !$in_quote && $in_tag && $chr == '>' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1972 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1973 if ( !in_array($tag_name, $block_tags) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1974 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1975 // Inline tag - reset and go to the next one
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1976 // echo '<inline ' . $tag_name . '> ';
76
+ − 1977
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1978 $in_tag = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1979 $tag_name = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1980 continue;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1981 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1982 else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1983 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1984 // echo '<block: ' . $tag_name . ' @ ' . $i . '><br/>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1985 if ( $in_blocksec == 0 )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1986 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1987 //die('Found a starting tag for a block element: ' . $tag_name . ' at pos ' . $tag_start);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1988 $block_tagname = $tag_name;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1989 $block_start = $tag_start;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1990 $in_blocksec++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1991 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1992 else if ( $block_tagname == $tag_name )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1993 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1994 $in_blocksec++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1995 }
76
+ − 1996
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1997 $in_tag = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1998 $tag_name = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1999 continue;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2000 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2001 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2002 elseif ( $in_tag && $trk_name )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2003 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2004 $is_alphabetical = ( strtolower($chr) != strtoupper($chr) || in_array($chr, array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9')) || $chr == '?' || $chr == '!' || $chr == '-' );
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2005 if ( $is_alphabetical )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2006 $tag_name .= $chr;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2007 else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2008 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2009 $trk_name = false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2010 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2011 }
76
+ − 2012
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2013 // Tokenization complete
76
+ − 2014
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2015 }
76
+ − 2016
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2017 $regex = '/' . str_replace('/', '\\/', preg_quote($tok2)) . '([\s]*)' . preg_quote($tok1) . '/is';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2018 // die(htmlspecialchars($regex));
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2019 $html = preg_replace($regex, '\\1', $html);
76
+ − 2020
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2021 return $html;
76
+ − 2022
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2023 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2024
1
+ − 2025 function htmlalternatives($string)
+ − 2026 {
+ − 2027 $ret = '';
+ − 2028 for ( $i = 0; $i < strlen($string); $i++ )
+ − 2029 {
+ − 2030 $chr = $string{$i};
+ − 2031 $ch1 = ord($chr);
+ − 2032 $ch2 = dechex($ch1);
+ − 2033 $byte = '(&\\#([0]*){0,7}' . $ch1 . ';|\\\\([0]*){0,7}' . $ch1 . ';|\\\\([0]*){0,7}' . $ch2 . ';|&\\#x([0]*){0,7}' . $ch2 . ';|%([0]*){0,7}' . $ch2 . '|' . preg_quote($chr) . ')';
+ − 2034 $ret .= $byte;
+ − 2035 $ret .= '([\s]){0,2}';
+ − 2036 }
+ − 2037 return $ret;
+ − 2038 }
+ − 2039
+ − 2040 /**
+ − 2041 * Paginates (breaks into multiple pages) a MySQL result resource, which is treated as unbuffered.
+ − 2042 * @param resource The MySQL result resource. This should preferably be an unbuffered query.
+ − 2043 * @param string A template, with variables being named after the column name
+ − 2044 * @param int The number of total results. This should be determined by a second query.
+ − 2045 * @param string sprintf-style formatting string for URLs for result pages. First parameter will be start offset.
+ − 2046 * @param int Optional. Start offset in individual results. Defaults to 0.
+ − 2047 * @param int Optional. The number of results per page. Defualts to 10.
+ − 2048 * @param int Optional. An associative array of functions to call, with key names being column names, and values being function names. Values can also be an array with key 0 being either an object or a string(class name) and key 1 being a [static] method.
+ − 2049 * @param string Optional. The text to be sent before the result list, only if there are any results. Possibly the start of a table.
+ − 2050 * @param string Optional. The text to be sent after the result list, only if there are any results. Possibly the end of a table.
+ − 2051 * @return string
+ − 2052 */
+ − 2053
+ − 2054 function paginate($q, $tpl_text, $num_results, $result_url, $start = 0, $perpage = 10, $callers = Array(), $header = '', $footer = '')
+ − 2055 {
+ − 2056 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2057 $parser = $template->makeParserText($tpl_text);
+ − 2058 $num_pages = ceil ( $num_results / $perpage );
+ − 2059 $out = '';
+ − 2060 $i = 0;
+ − 2061 $this_page = ceil ( $start / $perpage );
76
+ − 2062
1
+ − 2063 // Build paginator
+ − 2064 $begin = '<div class="tblholder" style="display: table; margin: 10px 0 0 auto;">
+ − 2065 <table border="0" cellspacing="1" cellpadding="4">
+ − 2066 <tr><th>Page:</th>';
+ − 2067 $block = '<td class="row1" style="text-align: center;">{LINK}</td>';
+ − 2068 $end = '</tr></table></div>';
+ − 2069 $blk = $template->makeParserText($block);
+ − 2070 $inner = '';
+ − 2071 $cls = 'row2';
+ − 2072 if ( $num_pages < 5 )
+ − 2073 {
+ − 2074 for ( $i = 0; $i < $num_pages; $i++ )
+ − 2075 {
+ − 2076 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2077 $offset = strval($i * $perpage);
76
+ − 2078 $url = htmlspecialchars(sprintf($result_url, $offset));
1
+ − 2079 $j = $i + 1;
+ − 2080 $link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>";
+ − 2081 $blk->assign_vars(array(
+ − 2082 'CLASS'=>$cls,
+ − 2083 'LINK'=>$link
+ − 2084 ));
+ − 2085 $inner .= $blk->run();
+ − 2086 }
+ − 2087 }
+ − 2088 else
+ − 2089 {
+ − 2090 if ( $this_page + 5 > $num_pages )
+ − 2091 {
+ − 2092 $list = Array();
+ − 2093 $tp = $this_page;
+ − 2094 if ( $this_page + 0 == $num_pages ) $tp = $tp - 3;
+ − 2095 if ( $this_page + 1 == $num_pages ) $tp = $tp - 2;
+ − 2096 if ( $this_page + 2 == $num_pages ) $tp = $tp - 1;
+ − 2097 for ( $i = $tp - 1; $i <= $tp + 1; $i++ )
+ − 2098 {
+ − 2099 $list[] = $i;
+ − 2100 }
+ − 2101 }
+ − 2102 else
+ − 2103 {
+ − 2104 $list = Array();
+ − 2105 $current = $this_page;
+ − 2106 $lower = ( $current < 3 ) ? 1 : $current - 1;
+ − 2107 for ( $i = 0; $i < 3; $i++ )
+ − 2108 {
+ − 2109 $list[] = $lower + $i;
+ − 2110 }
+ − 2111 }
+ − 2112 $url = sprintf($result_url, '0');
+ − 2113 $link = ( 0 == $start ) ? "<b>First</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>« First</a>";
+ − 2114 $blk->assign_vars(array(
+ − 2115 'CLASS'=>$cls,
+ − 2116 'LINK'=>$link
+ − 2117 ));
+ − 2118 $inner .= $blk->run();
76
+ − 2119
1
+ − 2120 // if ( !in_array(1, $list) )
+ − 2121 // {
+ − 2122 // $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2123 // $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...'));
+ − 2124 // $inner .= $blk->run();
+ − 2125 // }
76
+ − 2126
1
+ − 2127 foreach ( $list as $i )
+ − 2128 {
+ − 2129 if ( $i == $num_pages )
+ − 2130 break;
+ − 2131 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2132 $offset = strval($i * $perpage);
+ − 2133 $url = sprintf($result_url, $offset);
+ − 2134 $j = $i + 1;
+ − 2135 $link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>";
+ − 2136 $blk->assign_vars(array(
+ − 2137 'CLASS'=>$cls,
+ − 2138 'LINK'=>$link
+ − 2139 ));
+ − 2140 $inner .= $blk->run();
+ − 2141 }
76
+ − 2142
1
+ − 2143 $total = $num_pages * $perpage - $perpage;
76
+ − 2144
1
+ − 2145 if ( $this_page < $num_pages )
+ − 2146 {
+ − 2147 // $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2148 // $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...'));
+ − 2149 // $inner .= $blk->run();
76
+ − 2150
1
+ − 2151 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2152 $offset = strval($total);
+ − 2153 $url = sprintf($result_url, $offset);
+ − 2154 $j = $i + 1;
+ − 2155 $link = ( $offset == strval($start) ) ? "<b>Last</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>Last »</a>";
+ − 2156 $blk->assign_vars(array(
+ − 2157 'CLASS'=>$cls,
+ − 2158 'LINK'=>$link
+ − 2159 ));
+ − 2160 $inner .= $blk->run();
+ − 2161 }
76
+ − 2162
1
+ − 2163 }
76
+ − 2164
1
+ − 2165 $inner .= '<td class="row2" style="cursor: pointer;" onclick="paginator_goto(this, '.$this_page.', '.$num_pages.', '.$perpage.', unescape(\'' . rawurlencode($result_url) . '\'));">↓</td>';
76
+ − 2166
1
+ − 2167 $paginator = "\n$begin$inner$end\n";
+ − 2168 $out .= $paginator;
76
+ − 2169
1
+ − 2170 $cls = 'row2';
76
+ − 2171
1
+ − 2172 if ( $row = $db->fetchrow($q) )
+ − 2173 {
+ − 2174 $i = 0;
+ − 2175 $out .= $header;
+ − 2176 do {
+ − 2177 $i++;
+ − 2178 if ( $i <= $start )
+ − 2179 {
+ − 2180 continue;
+ − 2181 }
+ − 2182 if ( ( $i - $start ) > $perpage )
+ − 2183 {
+ − 2184 break;
+ − 2185 }
+ − 2186 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2187 foreach ( $row as $j => $val )
+ − 2188 {
+ − 2189 if ( isset($callers[$j]) )
+ − 2190 {
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 2191 $tmp = ( is_callable($callers[$j]) ) ? @call_user_func($callers[$j], $val, $row) : $val;
76
+ − 2192
1
+ − 2193 if ( $tmp )
+ − 2194 {
+ − 2195 $row[$j] = $tmp;
+ − 2196 }
+ − 2197 }
+ − 2198 }
+ − 2199 $parser->assign_vars($row);
+ − 2200 $parser->assign_vars(array('_css_class' => $cls));
+ − 2201 $out .= $parser->run();
+ − 2202 } while ( $row = $db->fetchrow($q) );
+ − 2203 $out .= $footer;
+ − 2204 }
76
+ − 2205
1
+ − 2206 $out .= $paginator;
76
+ − 2207
1
+ − 2208 return $out;
+ − 2209 }
+ − 2210
+ − 2211 /**
+ − 2212 * This is the same as paginate(), but it processes an array instead of a MySQL result resource.
+ − 2213 * @param array The results. Each value is simply echoed.
+ − 2214 * @param int The number of total results. This should be determined by a second query.
+ − 2215 * @param string sprintf-style formatting string for URLs for result pages. First parameter will be start offset.
+ − 2216 * @param int Optional. Start offset in individual results. Defaults to 0.
+ − 2217 * @param int Optional. The number of results per page. Defualts to 10.
+ − 2218 * @param string Optional. The text to be sent before the result list, only if there are any results. Possibly the start of a table.
+ − 2219 * @param string Optional. The text to be sent after the result list, only if there are any results. Possibly the end of a table.
+ − 2220 * @return string
+ − 2221 */
+ − 2222
+ − 2223 function paginate_array($q, $num_results, $result_url, $start = 0, $perpage = 10, $header = '', $footer = '')
+ − 2224 {
+ − 2225 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2226 $parser = $template->makeParserText($tpl_text);
+ − 2227 $num_pages = ceil ( $num_results / $perpage );
+ − 2228 $out = '';
+ − 2229 $i = 0;
+ − 2230 $this_page = ceil ( $start / $perpage );
76
+ − 2231
1
+ − 2232 // Build paginator
+ − 2233 $begin = '<div class="tblholder" style="display: table; margin: 10px 0 0 auto;">
+ − 2234 <table border="0" cellspacing="1" cellpadding="4">
+ − 2235 <tr><th>Page:</th>';
+ − 2236 $block = '<td class="row1" style="text-align: center;">{LINK}</td>';
+ − 2237 $end = '</tr></table></div>';
+ − 2238 $blk = $template->makeParserText($block);
+ − 2239 $inner = '';
+ − 2240 $cls = 'row2';
+ − 2241 if ( $start > 0 )
+ − 2242 {
+ − 2243 $url = sprintf($result_url, abs($start - $perpage));
+ − 2244 $link = "<a href=".'"'."$url".'"'." style='text-decoration: none;'>« Prev</a>";
+ − 2245 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2246 $blk->assign_vars(array(
+ − 2247 'CLASS'=>$cls,
+ − 2248 'LINK'=>$link
+ − 2249 ));
+ − 2250 $inner .= $blk->run();
+ − 2251 }
+ − 2252 if ( $num_pages < 5 )
+ − 2253 {
+ − 2254 for ( $i = 0; $i < $num_pages; $i++ )
+ − 2255 {
+ − 2256 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2257 $offset = strval($i * $perpage);
76
+ − 2258 $url = htmlspecialchars(sprintf($result_url, $offset));
1
+ − 2259 $j = $i + 1;
+ − 2260 $link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>";
+ − 2261 $blk->assign_vars(array(
+ − 2262 'CLASS'=>$cls,
+ − 2263 'LINK'=>$link
+ − 2264 ));
+ − 2265 $inner .= $blk->run();
+ − 2266 }
+ − 2267 }
+ − 2268 else
+ − 2269 {
+ − 2270 if ( $this_page + 5 > $num_pages )
+ − 2271 {
+ − 2272 $list = Array();
+ − 2273 $tp = $this_page;
+ − 2274 if ( $this_page + 0 == $num_pages ) $tp = $tp - 3;
+ − 2275 if ( $this_page + 1 == $num_pages ) $tp = $tp - 2;
+ − 2276 if ( $this_page + 2 == $num_pages ) $tp = $tp - 1;
+ − 2277 for ( $i = $tp - 1; $i <= $tp + 1; $i++ )
+ − 2278 {
+ − 2279 $list[] = $i;
+ − 2280 }
+ − 2281 }
+ − 2282 else
+ − 2283 {
+ − 2284 $list = Array();
+ − 2285 $current = $this_page;
+ − 2286 $lower = ( $current < 3 ) ? 1 : $current - 1;
+ − 2287 for ( $i = 0; $i < 3; $i++ )
+ − 2288 {
+ − 2289 $list[] = $lower + $i;
+ − 2290 }
+ − 2291 }
+ − 2292 $url = sprintf($result_url, '0');
+ − 2293 $link = ( 0 == $start ) ? "<b>First</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>« First</a>";
+ − 2294 $blk->assign_vars(array(
+ − 2295 'CLASS'=>$cls,
+ − 2296 'LINK'=>$link
+ − 2297 ));
+ − 2298 $inner .= $blk->run();
76
+ − 2299
1
+ − 2300 // if ( !in_array(1, $list) )
+ − 2301 // {
+ − 2302 // $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2303 // $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...'));
+ − 2304 // $inner .= $blk->run();
+ − 2305 // }
76
+ − 2306
1
+ − 2307 foreach ( $list as $i )
+ − 2308 {
+ − 2309 if ( $i == $num_pages )
+ − 2310 break;
+ − 2311 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2312 $offset = strval($i * $perpage);
+ − 2313 $url = sprintf($result_url, $offset);
+ − 2314 $j = $i + 1;
+ − 2315 $link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>";
+ − 2316 $blk->assign_vars(array(
+ − 2317 'CLASS'=>$cls,
+ − 2318 'LINK'=>$link
+ − 2319 ));
+ − 2320 $inner .= $blk->run();
+ − 2321 }
76
+ − 2322
1
+ − 2323 $total = $num_pages * $perpage - $perpage;
76
+ − 2324
1
+ − 2325 if ( $this_page < $num_pages )
+ − 2326 {
+ − 2327 // $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2328 // $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...'));
+ − 2329 // $inner .= $blk->run();
76
+ − 2330
1
+ − 2331 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2332 $offset = strval($total);
+ − 2333 $url = sprintf($result_url, $offset);
+ − 2334 $j = $i + 1;
+ − 2335 $link = ( $offset == strval($start) ) ? "<b>Last</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>Last »</a>";
+ − 2336 $blk->assign_vars(array(
+ − 2337 'CLASS'=>$cls,
+ − 2338 'LINK'=>$link
+ − 2339 ));
+ − 2340 $inner .= $blk->run();
+ − 2341 }
76
+ − 2342
1
+ − 2343 }
76
+ − 2344
1
+ − 2345 if ( $start < $total )
+ − 2346 {
+ − 2347 $url = sprintf($result_url, abs($start + $perpage));
+ − 2348 $link = "<a href=".'"'."$url".'"'." style='text-decoration: none;'>Next »</a>";
+ − 2349 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2350 $blk->assign_vars(array(
+ − 2351 'CLASS'=>$cls,
+ − 2352 'LINK'=>$link
+ − 2353 ));
+ − 2354 $inner .= $blk->run();
+ − 2355 }
76
+ − 2356
1
+ − 2357 $inner .= '<td class="row2" style="cursor: pointer;" onclick="paginator_goto(this, '.$this_page.', '.$num_pages.', '.$perpage.', unescape(\'' . rawurlencode($result_url) . '\'));">↓</td>';
76
+ − 2358
1
+ − 2359 $paginator = "\n$begin$inner$end\n";
+ − 2360 if ( $total > 1 )
+ − 2361 $out .= $paginator;
76
+ − 2362
1
+ − 2363 $cls = 'row2';
76
+ − 2364
1
+ − 2365 if ( sizeof($q) > 0 )
+ − 2366 {
+ − 2367 $i = 0;
+ − 2368 $out .= $header;
+ − 2369 foreach ( $q as $val ) {
+ − 2370 $i++;
+ − 2371 if ( $i <= $start )
+ − 2372 {
+ − 2373 continue;
+ − 2374 }
+ − 2375 if ( ( $i - $start ) > $perpage )
+ − 2376 {
+ − 2377 break;
+ − 2378 }
+ − 2379 $out .= $val;
+ − 2380 }
+ − 2381 $out .= $footer;
+ − 2382 }
76
+ − 2383
1
+ − 2384 if ( $total > 1 )
+ − 2385 $out .= $paginator;
76
+ − 2386
1
+ − 2387 return $out;
+ − 2388 }
+ − 2389
76
+ − 2390 /**
1
+ − 2391 * Enano version of fputs for debugging
+ − 2392 */
+ − 2393
+ − 2394 function enano_fputs($socket, $data)
+ − 2395 {
+ − 2396 // echo '<pre>' . htmlspecialchars($data) . '</pre>';
+ − 2397 // flush();
+ − 2398 // ob_flush();
+ − 2399 // ob_end_flush();
+ − 2400 return fputs($socket, $data);
+ − 2401 }
+ − 2402
+ − 2403 /**
+ − 2404 * Sanitizes a page URL string so that it can safely be stored in the database.
+ − 2405 * @param string Page ID to sanitize
+ − 2406 * @return string Cleaned text
+ − 2407 */
+ − 2408
+ − 2409 function sanitize_page_id($page_id)
+ − 2410 {
76
+ − 2411
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2412 // Remove character escapes
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2413 $page_id = dirtify_page_id($page_id);
76
+ − 2414
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2415 $pid_clean = preg_replace('/[\w\.\/:;\(\)@\[\]_-]/', 'X', $page_id);
1
+ − 2416 $pid_dirty = enano_str_split($pid_clean, 1);
76
+ − 2417
1
+ − 2418 foreach ( $pid_dirty as $id => $char )
+ − 2419 {
+ − 2420 if ( $char == 'X' )
+ − 2421 continue;
+ − 2422 $cid = ord($char);
+ − 2423 $cid = dechex($cid);
+ − 2424 $cid = strval($cid);
+ − 2425 if ( strlen($cid) < 2 )
+ − 2426 {
+ − 2427 $cid = strtoupper("0$cid");
+ − 2428 }
+ − 2429 $pid_dirty[$id] = ".$cid";
+ − 2430 }
76
+ − 2431
1
+ − 2432 $pid_chars = enano_str_split($page_id, 1);
+ − 2433 $page_id_cleaned = '';
76
+ − 2434
1
+ − 2435 foreach ( $pid_chars as $id => $char )
+ − 2436 {
+ − 2437 if ( $pid_dirty[$id] == 'X' )
+ − 2438 $page_id_cleaned .= $char;
+ − 2439 else
+ − 2440 $page_id_cleaned .= $pid_dirty[$id];
+ − 2441 }
76
+ − 2442
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2443 // global $mime_types;
76
+ − 2444
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2445 // $exts = array_keys($mime_types);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2446 // $exts = '(' . implode('|', $exts) . ')';
76
+ − 2447
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 2448 // $page_id_cleaned = preg_replace('/\.2e' . $exts . '$/', '.\\1', $page_id_cleaned);
76
+ − 2449
1
+ − 2450 return $page_id_cleaned;
+ − 2451 }
+ − 2452
+ − 2453 /**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2454 * Removes character escapes in a page ID string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2455 * @param string Page ID string to dirty up
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2456 * @return string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2457 */
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2458
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2459 function dirtify_page_id($page_id)
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2460 {
38
+ − 2461 global $db, $session, $paths, $template, $plugins; // Common objects
76
+ − 2462 // First, replace spaces with underscores
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2463 $page_id = str_replace(' ', '_', $page_id);
76
+ − 2464
38
+ − 2465 // Exception for userpages for IP addresses
+ − 2466 if ( preg_match('/^' . preg_quote($paths->nslist['User']) . '/', $page_id) )
+ − 2467 {
+ − 2468 $ip = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $page_id);
+ − 2469 if ( is_valid_ip($ip) )
+ − 2470 return $page_id;
+ − 2471 }
76
+ − 2472
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2473 preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
76
+ − 2474
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2475 foreach ( $matches[0] as $id => $char )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2476 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2477 $char = substr($char, 1);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2478 $char = strtolower($char);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2479 $char = intval(hexdec($char));
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2480 $char = chr($char);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2481 $page_id = str_replace($matches[0][$id], $char, $page_id);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2482 }
76
+ − 2483
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2484 return $page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2485 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2486
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 2487 /**
76
+ − 2488 * Inserts commas into a number to make it more human-readable. Floating point-safe and doesn't flirt with the number like number_format() does.
1
+ − 2489 * @param int The number to process
+ − 2490 * @return string Input number with commas added
+ − 2491 */
+ − 2492
+ − 2493 function commatize($num)
+ − 2494 {
+ − 2495 $num = (string)$num;
+ − 2496 if ( strpos($num, '.') )
+ − 2497 {
+ − 2498 $whole = explode('.', $num);
+ − 2499 $num = $whole[0];
+ − 2500 $dec = $whole[1];
+ − 2501 }
+ − 2502 else
+ − 2503 {
+ − 2504 $whole = $num;
+ − 2505 }
+ − 2506 $offset = ( strlen($num) ) % 3;
+ − 2507 $len = strlen($num);
+ − 2508 $offset = ( $offset == 0 )
+ − 2509 ? 3
+ − 2510 : $offset;
+ − 2511 for ( $i = $offset; $i < $len; $i=$i+3 )
+ − 2512 {
+ − 2513 $num = substr($num, 0, $i) . ',' . substr($num, $i, $len);
+ − 2514 $len = strlen($num);
+ − 2515 $i++;
+ − 2516 }
+ − 2517 if ( isset($dec) )
+ − 2518 {
+ − 2519 return $num . '.' . $dec;
+ − 2520 }
+ − 2521 else
+ − 2522 {
+ − 2523 return $num;
+ − 2524 }
+ − 2525 }
+ − 2526
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2527 /**
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2528 * Injects a string into another string at the specified position.
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2529 * @param string The haystack
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2530 * @param string The needle
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2531 * @param int Position at which to insert the needle
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2532 */
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2533
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2534 function inject_substr($haystack, $needle, $pos)
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2535 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2536 $str1 = substr($haystack, 0, $pos);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2537 $pos++;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2538 $str2 = substr($haystack, $pos);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2539 return "{$str1}{$needle}{$str2}";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2540 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 2541
38
+ − 2542 /**
+ − 2543 * Tells if a given IP address is valid.
+ − 2544 * @param string suspected IP address
+ − 2545 * @return bool true if valid, false otherwise
+ − 2546 */
76
+ − 2547
38
+ − 2548 function is_valid_ip($ip)
+ − 2549 {
+ − 2550 // These came from phpBB3.
+ − 2551 $ipv4 = '(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])';
+ − 2552 $ipv6 = '(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))';
76
+ − 2553
38
+ − 2554 if ( preg_match("/^{$ipv4}$/", $ip) || preg_match("/^{$ipv6}$/", $ip) )
+ − 2555 return true;
+ − 2556 else
+ − 2557 return false;
+ − 2558 }
+ − 2559
48
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2560 /**
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2561 * Replaces the FIRST given occurrence of needle within haystack with thread
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2562 * @param string Needle
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2563 * @param string Thread
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2564 * @param string Haystack
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2565 */
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2566
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2567 function str_replace_once($needle, $thread, $haystack)
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2568 {
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2569 $needle_len = strlen($needle);
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2570 for ( $i = 0; $i < strlen($haystack); $i++ )
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2571 {
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2572 $test = substr($haystack, $i, $needle_len);
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2573 if ( $test == $needle )
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2574 {
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2575 // Got it!
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2576 $upto = substr($haystack, 0, $i);
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2577 $from = substr($haystack, ( $i + $needle_len ));
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2578 $new_haystack = "{$upto}{$thread}{$from}";
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2579 return $new_haystack;
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2580 }
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2581 }
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2582 return $haystack;
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2583 }
fc9762553a3c
E-mail address mask engine non-Javascript fallback now picks random substitutions for @ and . to make address more unreadable by bots
Dan
diff
changeset
+ − 2584
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2585 /**
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2586 * From http://us2.php.net/urldecode - decode %uXXXX
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2587 * @param string The urlencoded string
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2588 * @return string
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2589 */
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2590
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2591 function decode_unicode_url($str)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2592 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2593 $res = '';
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2594
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2595 $i = 0;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2596 $max = strlen($str) - 6;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2597 while ($i <= $max)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2598 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2599 $character = $str[$i];
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2600 if ($character == '%' && $str[$i + 1] == 'u')
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2601 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2602 $value = hexdec(substr($str, $i + 2, 4));
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2603 $i += 6;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2604
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2605 if ($value < 0x0080)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2606 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2607 // 1 byte: 0xxxxxxx
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2608 $character = chr($value);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2609 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2610 else if ($value < 0x0800)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2611 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2612 // 2 bytes: 110xxxxx 10xxxxxx
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2613 $character =
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2614 chr((($value & 0x07c0) >> 6) | 0xc0)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2615 . chr(($value & 0x3f) | 0x80);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2616 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2617 else
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2618 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2619 // 3 bytes: 1110xxxx 10xxxxxx 10xxxxxx
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2620 $character =
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2621 chr((($value & 0xf000) >> 12) | 0xe0)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2622 . chr((($value & 0x0fc0) >> 6) | 0x80)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2623 . chr(($value & 0x3f) | 0x80);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2624 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2625 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2626 else
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2627 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2628 $i++;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2629 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2630
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2631 $res .= $character;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2632 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2633
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2634 return $res . substr($str, $i);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2635 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2636
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2637 /**
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2638 * Recursively decodes an array with UTF-8 characters in its strings
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2639 * @param array Can be multi-depth
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2640 * @return array
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2641 */
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2642
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2643 function decode_unicode_array($array)
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2644 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2645 foreach ( $array as $i => $val )
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2646 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2647 if ( is_string($val) )
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2648 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2649 $array[$i] = decode_unicode_url($val);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2650 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2651 else
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2652 {
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2653 $array[$i] = decode_unicode_array($val);
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2654 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2655 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2656 return $array;
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2657 }
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 2658
1
+ − 2659 //die('<pre>Original: 01010101010100101010100101010101011010'."\nProcessed: ".uncompress_bitfield(compress_bitfield('01010101010100101010100101010101011010')).'</pre>');
+ − 2660
+ − 2661 ?>