1
+ − 1 <?php
166
+ − 2
1
+ − 3 /*
+ − 4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 5 * Copyright (C) 2006-2009 Dan Fuhry
1
+ − 6 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
+ − 7 *
+ − 8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10 *
+ − 11 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13 */
+ − 14
+ − 15 class PageUtils {
+ − 16
+ − 17 /**
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 18 * Tell if a username is used or not.
1
+ − 19 * @param $name the name to check for
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 20 * @return string
1
+ − 21 */
+ − 22
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 23 public static function checkusername($name)
1
+ − 24 {
+ − 25 global $db, $session, $paths, $template, $plugins; // Common objects
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 26 $name = str_replace('_', ' ', $name);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 27 $q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 28 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 29 {
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 30 die($db->get_error());
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 31 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 32 if ( $db->numrows() < 1)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 33 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 34 $db->free_result(); return('good');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 35 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 36 else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 37 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 38 $db->free_result(); return('bad');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 39 }
1
+ − 40 }
+ − 41
+ − 42 /**
+ − 43 * Get the wiki formatting source for a page
+ − 44 * @param $page the full page id (Namespace:Pagename)
+ − 45 * @return string
+ − 46 * @todo (DONE) Make it require a password (just for security purposes)
+ − 47 */
+ − 48
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 49 public static function getsource($page, $password = false)
1
+ − 50 {
+ − 51 global $db, $session, $paths, $template, $plugins; // Common objects
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 52 if ( !isPage($page) )
1
+ − 53 {
+ − 54 return '';
+ − 55 }
+ − 56
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 57 list($page_id, $namespace) = RenderMan::strToPageID($page);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 58 $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 59 $cdata = $ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 60
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 61 if ( strlen($cdata['password']) == 40 )
1
+ − 62 {
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 63 if(!$password || ( $password != $cdata['password']))
1
+ − 64 {
+ − 65 return 'invalid_password';
+ − 66 }
+ − 67 }
+ − 68
+ − 69 if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
+ − 70 return 'access_denied';
+ − 71 $pid = RenderMan::strToPageID($page);
+ − 72 if($pid[1] == 'Special' || $pid[1] == 'Admin')
+ − 73 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 74 die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
1
+ − 75 }
+ − 76
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 77 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
1
+ − 78 if ( !$e )
+ − 79 {
+ − 80 $db->_die('The page text could not be selected.');
+ − 81 }
+ − 82 if( $db->numrows() < 1 )
+ − 83 {
+ − 84 return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
+ − 85 }
+ − 86
+ − 87 $r = $db->fetchrow();
+ − 88 $db->free_result();
+ − 89 $message = $r['page_text'];
+ − 90
+ − 91 return htmlspecialchars($message);
+ − 92 }
+ − 93
+ − 94 /**
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
diff
changeset
+ − 95 * DEPRECATED. Previously returned the full rendered contents of a page.
1
+ − 96 * @param $page the full page id (Namespace:Pagename)
+ − 97 * @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
+ − 98 * @return string
+ − 99 */
+ − 100
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 101 public static function getpage($page, $send_headers = false, $hist_id = false)
1
+ − 102 {
+ − 103 die('PageUtils->getpage is deprecated.');
+ − 104 }
+ − 105
+ − 106 /**
+ − 107 * Writes page data to the database, after verifying permissions and running the XSS filter
+ − 108 * @param $page_id the page ID
+ − 109 * @param $namespace the namespace
+ − 110 * @param $message the text to save
+ − 111 * @return string
+ − 112 */
+ − 113
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 114 public static function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
1
+ − 115 {
+ − 116 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 117
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 118 $page = new PageProcessor($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 119 $cdata = $page->ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 120 return $page->update_page($message, $summary, $minor, $cdata['page_format']);
1
+ − 121 }
+ − 122
+ − 123 /**
+ − 124 * Creates a page, both in memory and in the database.
+ − 125 * @param string $page_id
+ − 126 * @param string $namespace
+ − 127 * @return bool true on success, false on failure
+ − 128 */
+ − 129
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 130 public static function createPage($page_id, $namespace, $name = false, $visible = 1)
1
+ − 131 {
+ − 132 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 133 if(in_array($namespace, Array('Special', 'Admin')))
+ − 134 {
+ − 135 // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136 return 'You can\'t create a special page in the database';
1
+ − 137 }
+ − 138
+ − 139 if(!isset($paths->nslist[$namespace]))
+ − 140 {
+ − 141 // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 142 return 'Couldn\'t look up the namespace';
1
+ − 143 }
+ − 144
+ − 145 $pname = $paths->nslist[$namespace] . $page_id;
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 146 if(isPage($pname))
1
+ − 147 {
+ − 148 // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 149 return 'Page already exists';
1
+ − 150 }
+ − 151
+ − 152 if(!$session->get_permissions('create_page'))
+ − 153 {
+ − 154 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 155 return 'Not authorized to create pages';
1
+ − 156 }
+ − 157
+ − 158 if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
+ − 159 {
+ − 160 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 161 return 'Not authorized to create system messages';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 162 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 163
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 164 if ( substr($page_id, 0, 8) == 'Project:' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 165 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 166 // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 167 return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
1
+ − 168 }
+ − 169
361
+ − 170 /*
+ − 171 // Dunno why this was here. Enano can handle more flexible names than this...
1
+ − 172 $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
320
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 173 if(!preg_match($regex, $name))
1
+ − 174 {
+ − 175 //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 176 return 'Name contains invalid characters';
1
+ − 177 }
361
+ − 178 */
+ − 179
+ − 180 $page_id = dirtify_page_id($page_id);
+ − 181
+ − 182 if ( !$name )
+ − 183 $name = str_replace('_', ' ', $page_id);
1
+ − 184
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 185 $page_id = sanitize_page_id( $page_id );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 186
1
+ − 187 $prot = ( $namespace == 'System' ) ? 1 : 0;
+ − 188
112
+ − 189 $ips = array(
+ − 190 'ip' => array(),
+ − 191 'u' => array()
+ − 192 );
+ − 193
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 194 $page_data = Array(
1
+ − 195 'name'=>$name,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 196 'urlname'=>$page_id,
1
+ − 197 'namespace'=>$namespace,
112
+ − 198 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 199 );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 200
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 201 // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
+ − 202
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 203 $paths->add_page($page_data);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 204
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 205 $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 206 $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 207 $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \'DEPRECATED\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1
+ − 208
+ − 209 if($qa && $qb && $qc)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 210 return 'good';
1
+ − 211 else
+ − 212 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 213 return $db->get_error();
1
+ − 214 }
+ − 215 }
+ − 216
+ − 217 /**
+ − 218 * Sets the protection level on a page.
+ − 219 * @param $page_id string the page ID
+ − 220 * @param $namespace string the namespace
+ − 221 * @param $level int level of protection - 0 is off, 1 is full, 2 is semi
+ − 222 * @param $reason string why the page is being (un)protected
+ − 223 * @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
+ − 224 */
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 225 public static function protect($page_id, $namespace, $level, $reason)
1
+ − 226 {
+ − 227 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 228
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 229 $page = new PageProcessor($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 230 return $page->protect_page($level, $reason);
1
+ − 231 }
+ − 232
+ − 233 /**
+ − 234 * Generates an HTML table with history information in it.
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 235 * @param string the page ID
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 236 * @param string the namespace
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 237 * @param string page password
1
+ − 238 * @return string
+ − 239 */
+ − 240
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 241 public static function histlist($page_id, $namespace, $password = false)
1
+ − 242 {
+ − 243 global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 244 global $lang;
1
+ − 245
+ − 246 if(!$session->get_permissions('history_view'))
+ − 247 return 'Access denied';
+ − 248
+ − 249 ob_start();
+ − 250
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 251 $pname = $paths->get_pathskey($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 252 $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 253 $cdata = $ns->get_cdata();
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 254
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 255 if ( !isPage($pname) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 256 {
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 257 return 'DNE';
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 258 }
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 259
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 260 if ( isPage($pname['password']) )
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 261 {
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 262 $password_exists = ( !empty($cdata['password']) && $cdata['password'] !== sha1('') );
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 263 if ( $password_exists && $password !== $cdata['password'] )
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 264 {
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 265 return '<p>' . $lang->get('history_err_wrong_password') . '</p>';
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 266 }
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 267 }
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 268
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 269 $wiki = ( ( $cdata['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $cdata['wiki_mode'] == 1) ? true : false;
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 270 $prot = ( ( $cdata['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $cdata['protected'] == 1) ? true : false;
1
+ − 271
468
+ − 272 $q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND is_draft != 1 ORDER BY time_id DESC;';
980
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 273 if ( !($q = $db->sql_query($q)) )
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 274 $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 275
213
+ − 276 echo $lang->get('history_page_subtitle') . '
+ − 277 <h3>' . $lang->get('history_heading_edits') . '</h3>';
1
+ − 278 $numrows = $db->numrows();
213
+ − 279 if ( $numrows < 1 )
+ − 280 {
+ − 281 echo $lang->get('history_no_entries');
+ − 282 }
1
+ − 283 else
+ − 284 {
+ − 285 echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
213
+ − 286 <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 287 ' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 288 ' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 289 <input type="hidden" name="do" value="diff" />
1
+ − 290 <br /><span> </span>
+ − 291 <div class="tblholder">
+ − 292 <table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 293 <tr>
213
+ − 294 <th colspan="2">' . $lang->get('history_col_diff') . '</th>
+ − 295 <th>' . $lang->get('history_col_datetime') . '</th>
+ − 296 <th>' . $lang->get('history_col_user') . '</th>
+ − 297 <th>' . $lang->get('history_col_summary') . '</th>
+ − 298 <th>' . $lang->get('history_col_minor') . '</th>
+ − 299 <th colspan="3">' . $lang->get('history_col_actions') . '</th>
1
+ − 300 </tr>'."\n"."\n";
+ − 301 $cls = 'row2';
+ − 302 $ticker = 0;
+ − 303
980
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 304 while ( $r = $db->fetchrow($q) )
213
+ − 305 {
1
+ − 306
+ − 307 $ticker++;
+ − 308
+ − 309 if($cls == 'row2') $cls = 'row1';
+ − 310 else $cls = 'row2';
+ − 311
+ − 312 echo '<tr>'."\n";
+ − 313
+ − 314 // Diff selection
+ − 315 if($ticker == 1)
+ − 316 {
+ − 317 $s1 = '';
+ − 318 $s2 = 'checked="checked" ';
+ − 319 }
+ − 320 elseif($ticker == 2)
+ − 321 {
+ − 322 $s1 = 'checked="checked" ';
+ − 323 $s2 = '';
+ − 324 }
+ − 325 else
+ − 326 {
+ − 327 $s1 = '';
+ − 328 $s2 = '';
+ − 329 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 330 if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 331 if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
1
+ − 332
+ − 333 // Date and time
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 334 echo '<td class="' . $cls . '" style="white-space: nowrap;">' . enano_date(ED_DATE | ED_TIME, intval($r['time_id'])) . '</td class="' . $cls . '">'."\n";
1
+ − 335
+ − 336 // User
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 337 if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 338 {
213
+ − 339 $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 340 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 341 else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 342 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 343 $rc = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 344 }
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 345 echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 346 if ( !isPage($paths->nslist['User'] . sanitize_page_id($r['author'])) )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 347 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 348 echo 'class="wikilink-nonexistent"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 349 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 350 echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";
1
+ − 351
+ − 352 // Edit summary
213
+ − 353 if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' )
+ − 354 {
+ − 355 $r['edit_summary'] = $lang->get('history_summary_clearlogs');
+ − 356 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 357 echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
1
+ − 358
+ − 359 // Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 360 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
1
+ − 361
+ − 362 // Actions!
468
+ − 363 echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['log_id']) . '" onclick="ajaxHistView(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_view') . '</a></td>'."\n";
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 364 echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>'."\n";
468
+ − 365 echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=edit&revid=' . $r['log_id']) . '" onclick="ajaxEditor(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_restore') . '</a></td>'."\n";
1
+ − 366
+ − 367 echo '</tr>'."\n"."\n";
+ − 368
+ − 369 }
+ − 370 echo '</table>
+ − 371 </div>
+ − 372 <br />
+ − 373 <input type="hidden" name="do" value="diff" />
213
+ − 374 <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
1
+ − 375 </form>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 376 <script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
+ − 377 }
+ − 378 $db->free_result();
213
+ − 379 echo '<h3>' . $lang->get('history_heading_other') . '</h3>';
1037
+ − 380 $sql = 'SELECT log_id,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';
+ − 381 if ( !( $q = $db->sql_query($sql)) )
213
+ − 382 {
+ − 383 $db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.');
+ − 384 }
+ − 385 if ( $db->numrows() < 1 )
+ − 386 {
+ − 387 echo $lang->get('history_no_entries');
+ − 388 }
+ − 389 else
+ − 390 {
1
+ − 391
213
+ − 392 echo '<div class="tblholder">
+ − 393 <table border="0" width="100%" cellspacing="1" cellpadding="4"><tr>
+ − 394 <th>' . $lang->get('history_col_datetime') . '</th>
+ − 395 <th>' . $lang->get('history_col_user') . '</th>
+ − 396 <th>' . $lang->get('history_col_minor') . '</th>
+ − 397 <th>' . $lang->get('history_col_action_taken') . '</th>
+ − 398 <th>' . $lang->get('history_col_extra') . '</th>
+ − 399 <th colspan="2"></th>
+ − 400 </tr>';
1
+ − 401 $cls = 'row2';
1037
+ − 402 while($r = $db->fetchrow($q)) {
1
+ − 403
+ − 404 if($cls == 'row2') $cls = 'row1';
+ − 405 else $cls = 'row2';
+ − 406
+ − 407 echo '<tr>';
+ − 408
+ − 409 // Date and time
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 410 echo '<td class="' . $cls . '">' . enano_date(ED_DATE | ED_TIME, intval($r['time_id'])) . '</td class="' . $cls . '">';
1
+ − 411
+ − 412 // User
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 413 echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 414 if(!isPage($paths->nslist['User'] . sanitize_page_id($r['author']))) echo 'class="wikilink-nonexistent"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 415 echo '>' . $r['author'] . '</a></td class="' . $cls . '">';
1
+ − 416
+ − 417
+ − 418 // Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 419 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
1
+ − 420
+ − 421 // Action taken
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 422 echo '<td class="' . $cls . '">';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 423 // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
468
+ − 424 if ($r['action']=='prot') echo $lang->get('history_log_protect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
+ − 425 elseif($r['action']=='unprot') echo $lang->get('history_log_unprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
+ − 426 elseif($r['action']=='semiprot') echo $lang->get('history_log_semiprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
213
+ − 427 elseif($r['action']=='rename') echo $lang->get('history_log_rename') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' '.htmlspecialchars($r['edit_summary']);
+ − 428 elseif($r['action']=='create') echo $lang->get('history_log_create') . '</td><td class="' . $cls . '">';
+ − 429 elseif($r['action']=='delete') echo $lang->get('history_log_delete') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
481
+ − 430 elseif($r['action']=='reupload') echo $lang->get('history_log_uploadnew') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__ROLLBACK__' ? $lang->get('history_extra_upload_reversion') : htmlspecialchars($r['edit_summary']) );
913
+ − 431 elseif($r['action']=='votereset')echo $lang->get('history_log_votereset') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_numvotes') . ' ' . $r['edit_summary'];
1
+ − 432 echo '</td>';
+ − 433
+ − 434 // Actions!
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 435 echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>';
468
+ − 436 echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['log_id']) . '" onclick="ajaxRollback(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_revert') . '</a></td>';
1
+ − 437
+ − 438 echo '</tr>';
+ − 439 }
+ − 440 echo '</table></div>';
+ − 441 }
+ − 442 $db->free_result();
+ − 443 $ret = ob_get_contents();
+ − 444 ob_end_clean();
+ − 445 return $ret;
+ − 446 }
+ − 447
+ − 448 /**
+ − 449 * Rolls back a logged action
+ − 450 * @param $id the time ID, a.k.a. the primary key in the logs table
+ − 451 * @return string
+ − 452 */
+ − 453
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 454 public static function rollback($id)
1
+ − 455 {
+ − 456 global $db, $session, $paths, $template, $plugins; // Common objects
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 457 global $lang;
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 458
481
+ − 459 // placeholder
+ − 460 return 'PageUtils->rollback() is deprecated - use PageProcessor instead.';
1
+ − 461 }
+ − 462
+ − 463 /**
+ − 464 * Posts a comment.
+ − 465 * @param $page_id the page ID
+ − 466 * @param $namespace the namespace
+ − 467 * @param $name the name of the person posting, defaults to current username/IP
+ − 468 * @param $subject the subject line of the comment
+ − 469 * @param $text the comment text
+ − 470 * @return string javascript code
+ − 471 */
+ − 472
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 473 public static function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
1
+ − 474 {
+ − 475 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 476 $_ob = '';
+ − 477 if(!$session->get_permissions('post_comments'))
+ − 478 return 'Access denied';
+ − 479 if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
+ − 480 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 481 {
+ − 482 if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
+ − 483 $result = $session->get_captcha($captcha_id);
456
+ − 484 if(strtolower($captcha_code) != strtolower($result)) _die('The confirmation code you entered was incorrect.');
1
+ − 485 }
+ − 486 $text = RenderMan::preprocess_text($text);
+ − 487 $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
+ − 488 $subj = RenderMan::preprocess_text($subject);
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 489 if(getConfig('approve_comments', '0')=='1') $appr = '0'; else $appr = '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 490 $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
1
+ − 491 $e = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 492 if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'))');
1
+ − 493 else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
+ − 494 return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
+ − 495 }
+ − 496
+ − 497 /**
+ − 498 * Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
+ − 499 * @param $page_id the page ID
+ − 500 * @param $namespace the namespace
+ − 501 * @param $action administrative action to perform, default is false
+ − 502 * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 503 * @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 504 * @return array
+ − 505 * @access private
+ − 506 */
+ − 507
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 508 public static function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
1
+ − 509 {
+ − 510 global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 511 global $lang;
1
+ − 512
+ − 513 $pname = $paths->nslist[$namespace] . $page_id;
1016
6d32d80b2192
Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
diff
changeset
+ − 514 $template->init_vars();
1
+ − 515
+ − 516 ob_start();
+ − 517
+ − 518 if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
+ − 519 {
+ − 520 switch($action) {
+ − 521 case "delete":
+ − 522 if(isset($flags['id']))
+ − 523 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 524 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
1
+ − 525 } else {
+ − 526 $n = $db->escape($flags['name']);
+ − 527 $s = $db->escape($flags['subj']);
+ − 528 $t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 529 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 530 }
+ − 531 $e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 532 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 533 break;
+ − 534 case "approve":
+ − 535 if(isset($flags['id']))
+ − 536 {
+ − 537 $where = 'comment_id='.intval($flags['id']);
+ − 538 } else {
+ − 539 $n = $db->escape($flags['name']);
+ − 540 $s = $db->escape($flags['subj']);
+ − 541 $t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 542 $where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
1
+ − 543 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 544 $q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
1
+ − 545 $e = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 546 if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 547 $r = $db->fetchrow();
+ − 548 $db->free_result();
+ − 549 $a = ( $r['approved'] ) ? '0' : '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 550 $q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
1
+ − 551 $e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 552 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
213
+ − 553 if($a=='1') $v = $lang->get('comment_btn_mod_unapprove');
+ − 554 else $v = $lang->get('comment_btn_mod_approve');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 555 echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
1
+ − 556 break;
+ − 557 }
+ − 558 }
+ − 559
+ − 560 if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 561 {
+ − 562 $template->load_theme($session->theme, $session->style);
+ − 563 }
+ − 564
+ − 565 $tpl = $template->makeParser('comment.tpl');
+ − 566
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 567 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
1
+ − 568 if(!$e) $db->_die('The comment text data could not be selected.');
+ − 569 $num_unapp = $db->numrows();
+ − 570 $db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 571 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
1
+ − 572 if(!$e) $db->_die('The comment text data could not be selected.');
+ − 573 $num_app = $db->numrows();
+ − 574 $db->free_result();
621
+ − 575 $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,c.ip_address,u.user_level,u.email,u.signature,u.user_has_avatar,u.avatar_type
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 576 FROM ' . table_prefix.'comments AS c
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 577 LEFT JOIN ' . table_prefix.'users AS u
1
+ − 578 ON c.user_id=u.user_id
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 579 WHERE page_id=\'' . $page_id . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 580 AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 581 if(!$lq) _die('The comment text data could not be selected. '.$db->get_error());
213
+ − 582 $_ob .= '<h3>' . $lang->get('comment_heading') . '</h3>';
+ − 583
1
+ − 584 $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
213
+ − 585
+ − 586 $subst = array(
+ − 587 'num_comments' => $n,
226
0e6478521004
Fixed the one FIXME in PageUtils regarding static HTML comment system's greeting line; fixed parsing of external links in template->tplWikiFormat
Dan
diff
changeset
+ − 588 'page_type' => $template->namespace_string
213
+ − 589 );
+ − 590
+ − 591 $_ob .= '<p>';
+ − 592 $_ob .= ( $n == 0 ) ? $lang->get('comment_msg_count_zero', $subst) : ( $n == 1 ? $lang->get('comment_msg_count_one', $subst) : $lang->get('comment_msg_count_plural', $subst) );
+ − 593
+ − 594 if ( $session->get_permissions('mod_comments') && $num_unapp > 0 )
1
+ − 595 {
213
+ − 596 $_ob .= ' <span style="color: #D84308">' . $lang->get('comment_msg_count_unapp_mod', array( 'num_unapp' => $num_unapp )) . '</span>';
+ − 597 }
+ − 598 else if ( !$session->get_permissions('mod_comments') && $num_unapp > 0 )
+ − 599 {
+ − 600 $ls = ( $num_unapp == 1 ) ? 'comment_msg_count_unapp_one' : 'comment_msg_count_unapp_plural';
+ − 601 $_ob .= ' <span>' . $lang->get($ls, array( 'num_unapp' => $num_unapp )) . '</span>';
+ − 602 }
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 603 $_ob .= '</p>';
1
+ − 604 $list = 'list = { ';
+ − 605 // _die(htmlspecialchars($ttext));
+ − 606 $i = -1;
213
+ − 607 while ( $row = $db->fetchrow($lq) )
1
+ − 608 {
+ − 609 $i++;
+ − 610 $strings = Array();
+ − 611 $bool = Array();
825
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 612 if ( $session->get_permissions('mod_comments') || $row['approved'] == COMMENT_APPROVED )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 613 {
1
+ − 614 $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
+ − 615
+ − 616 // Comment ID (used in the Javascript apps)
+ − 617 $strings['ID'] = (string)$i;
+ − 618
+ − 619 // Determine the name, and whether to link to the user page or not
+ − 620 $name = '';
304
+ − 621 if($row['user_id'] > 1) $name .= '<a href="'.makeUrlNS('User', sanitize_page_id(' ', '_', $row['name'])).'">';
1
+ − 622 $name .= $row['name'];
213
+ − 623 if($row['user_id'] > 1) $name .= '</a>';
1
+ − 624 $strings['NAME'] = $name; unset($name);
+ − 625
+ − 626 // Subject
+ − 627 $s = $row['subject'];
213
+ − 628 if(!$row['approved']) $s .= ' <span style="color: #D84308">' . $lang->get('comment_msg_note_unapp') . '</span>';
1
+ − 629 $strings['SUBJECT'] = $s;
+ − 630
+ − 631 // Date and time
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 632 $strings['DATETIME'] = enano_date(ED_DATE | ED_TIME, $row['time']);
1
+ − 633
+ − 634 // User level
+ − 635 switch($row['user_level'])
+ − 636 {
+ − 637 default:
+ − 638 case USER_LEVEL_GUEST:
213
+ − 639 $l = $lang->get('user_type_guest');
1
+ − 640 break;
+ − 641 case USER_LEVEL_MEMBER:
213
+ − 642 case USER_LEVEL_CHPREF:
+ − 643 $l = $lang->get('user_type_member');
1
+ − 644 break;
+ − 645 case USER_LEVEL_MOD:
213
+ − 646 $l = $lang->get('user_type_mod');
1
+ − 647 break;
+ − 648 case USER_LEVEL_ADMIN:
213
+ − 649 $l = $lang->get('user_type_admin');
1
+ − 650 break;
+ − 651 }
+ − 652 $strings['USER_LEVEL'] = $l; unset($l);
+ − 653
+ − 654 // The actual comment data
+ − 655 $strings['DATA'] = RenderMan::render($row['comment_data']);
+ − 656
+ − 657 if($session->get_permissions('edit_comments'))
+ − 658 {
+ − 659 // Edit link
213
+ − 660 $strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">' . $lang->get('comment_btn_edit') . '</a>';
1
+ − 661
+ − 662 // Delete link
213
+ − 663 $strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_delete') . '</a>';
1
+ − 664 }
+ − 665 else
+ − 666 {
+ − 667 // Edit link
+ − 668 $strings['EDIT_LINK'] = '';
+ − 669
+ − 670 // Delete link
+ − 671 $strings['DELETE_LINK'] = '';
+ − 672 }
+ − 673
+ − 674 // Send PM link
213
+ − 675 $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">' . $lang->get('comment_btn_send_privmsg') . '</a><br />' : '';
1
+ − 676
+ − 677 // Add Buddy link
213
+ − 678 $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">' . $lang->get('comment_btn_add_buddy') . '</a>' : '';
1
+ − 679
+ − 680 // Mod links
+ − 681 $applink = '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 682 $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
213
+ − 683 if($row['approved']) $applink .= $lang->get('comment_btn_mod_unapprove');
+ − 684 else $applink .= $lang->get('comment_btn_mod_approve');
1
+ − 685 $applink .= '</a>';
+ − 686 $strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
213
+ − 687 $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_mod_delete') . '</a>';
360
+ − 688 $strings['MOD_IP_LINK'] = '<span style="opacity: 0.5; filter: alpha(opacity=50);">' . ( ( empty($row['ip_address']) ) ? $lang->get('comment_btn_mod_ip_missing') : $lang->get('comment_btn_mod_ip_notimplemented') ) . '</span>';
1
+ − 689
+ − 690 // Signature
+ − 691 $strings['SIGNATURE'] = '';
+ − 692 if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
+ − 693
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 694 // Avatar
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 695 if ( $row['user_has_avatar'] == 1 )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 696 {
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 697 $bool['user_has_avatar'] = true;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 698 $strings['AVATAR_ALT'] = $lang->get('usercp_avatar_image_alt', array('username' => $row['name']));
621
+ − 699 $strings['AVATAR_URL'] = make_avatar_url(intval($row['user_id']), $row['avatar_type'], $row['email']);
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 700 $strings['USERPAGE_LINK'] = makeUrlNS('User', $row['name']);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 701 }
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 702
1
+ − 703 $bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
+ − 704 $bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
+ − 705 $bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
+ − 706
+ − 707 // Done processing and compiling, now let's cook it into HTML
+ − 708 $tpl->assign_vars($strings);
+ − 709 $tpl->assign_bool($bool);
+ − 710 $_ob .= $tpl->run();
+ − 711 }
+ − 712 }
+ − 713 if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
+ − 714 {
213
+ − 715 if($session->get_permissions('post_comments'))
1
+ − 716 {
213
+ − 717 $_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3>';
+ − 718 $_ob .= $lang->get('comment_postform_blurb');
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 719 if(getConfig('approve_comments', '0')=='1') $_ob .= ' ' . $lang->get('comment_postform_blurb_unapp');
213
+ − 720 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 721 {
+ − 722 $_ob .= ' ' . $lang->get('comment_postform_blurb_captcha');
+ − 723 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 724 $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
213
+ − 725 $_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">' . $lang->get('comment_postform_blurb_link') . '</a>
1
+ − 726 <div id="mdgCommentForm">
+ − 727 <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
+ − 728 <table border="0">
213
+ − 729 <tr><td>' . $lang->get('comment_postform_field_name') . '</td><td>' . $sn . '</td></tr>
+ − 730 <tr><td>' . $lang->get('comment_postform_field_subject') . '</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
1
+ − 731 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 732 {
+ − 733 $session->kill_captcha();
+ − 734 $captcha = $session->make_captcha();
213
+ − 735 $_ob .= '<tr><td>' . $lang->get('comment_postform_field_captcha_title') . '<br /><small>' . $lang->get('comment_postform_field_captcha_blurb') . '</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />' . $lang->get('comment_postform_field_captcha_label') . ' <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("' . $lang->get('comment_postform_field_captcha_cantread_js') . '");</script><noscript>' . $lang->get('comment_postform_field_captcha_cantread_nojs') . '</noscript></small></td></tr>';
1
+ − 736 }
+ − 737 $_ob .= '
213
+ − 738 <tr><td valign="top">' . $lang->get('comment_postform_field_comment') . '</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ − 739 <tr><td colspan="2" style="text-align: center;"><input type="submit" value="' . $lang->get('comment_postform_btn_submit') . '" /></td></tr>
1
+ − 740 </table>
+ − 741 </form>
+ − 742 </div>';
+ − 743 }
+ − 744 } else {
1016
6d32d80b2192
Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
diff
changeset
+ − 745 // FIXME: l10n
6d32d80b2192
Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
diff
changeset
+ − 746 $_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
1
+ − 747 }
+ − 748 $list .= '};';
+ − 749 echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
+ − 750 ' . $list;
+ − 751 echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
+ − 752
+ − 753 $ret = ob_get_contents();
+ − 754 ob_end_clean();
+ − 755 return Array($ret, $_ob);
+ − 756
+ − 757 }
+ − 758
+ − 759 /**
+ − 760 * Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
+ − 761 * @param $page_id the page ID
+ − 762 * @param $namespace the namespace
+ − 763 * @param $action administrative action to perform, default is false
+ − 764 * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 765 * @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 766 * @return string
+ − 767 */
+ − 768
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 769 public static function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
1
+ − 770 {
+ − 771 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 772 $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 773 return $r[0];
+ − 774 }
+ − 775
+ − 776 /**
+ − 777 * Generates HTML code for comments - used in browser compatibility mode
+ − 778 * @param $page_id the page ID
+ − 779 * @param $namespace the namespace
+ − 780 * @param $action administrative action to perform, default is false
+ − 781 * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 782 * @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 783 * @return string
+ − 784 */
+ − 785
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 786 public static function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
1
+ − 787 {
+ − 788 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 789 $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 790 return $r[1];
+ − 791 }
+ − 792
+ − 793 /**
+ − 794 * Updates comment data.
+ − 795 * @param $page_id the page ID
+ − 796 * @param $namespace the namespace
+ − 797 * @param $subject new subject
+ − 798 * @param $text new text
+ − 799 * @param $old_subject the old subject, unprocessed and identical to the value in the DB
+ − 800 * @param $old_text the old text, unprocessed and identical to the value in the DB
+ − 801 * @param $id the javascript list ID, used internally by the client-side app
+ − 802 * @return string
+ − 803 */
+ − 804
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 805 public static function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
1
+ − 806 {
+ − 807 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 808 if(!$session->get_permissions('edit_comments'))
+ − 809 return 'result="BAD";error="Access denied"';
+ − 810 // Avoid SQL injection
+ − 811 $old_text = $db->escape($old_text);
+ − 812 $old_subject = $db->escape($old_subject);
+ − 813 // Safety check - username/login
+ − 814 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 815 {
+ − 816 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 817 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 818 $s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 819 if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 820 $r = $db->fetchrow($s);
+ − 821 $db->free_result();
+ − 822 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 823 }
+ − 824 $s = RenderMan::preprocess_text($subject);
+ − 825 $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 826 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 827 $result = $db->sql_query($sql);
+ − 828 if($result)
+ − 829 {
+ − 830 return 'result="GOOD";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 831 list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 832 list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
1
+ − 833 s = unescape(\''.rawurlencode($s).'\');
+ − 834 t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
+ − 835 }
+ − 836 else
+ − 837 {
+ − 838 return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
+ − 839 Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 840 ' . $sql . '
1
+ − 841
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 842 Error returned by MySQL: '.$db->get_error()).'");';
1
+ − 843 }
+ − 844 }
+ − 845
+ − 846 /**
+ − 847 * Updates comment data using the comment_id column instead of the old, messy way
+ − 848 * @param $page_id the page ID
+ − 849 * @param $namespace the namespace
+ − 850 * @param $subject new subject
+ − 851 * @param $text new text
+ − 852 * @param $id the comment ID (primary key in enano_comments table)
+ − 853 * @return string
+ − 854 */
+ − 855
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 856 public static function savecomment_neater($page_id, $namespace, $subject, $text, $id)
1
+ − 857 {
+ − 858 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 859 if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
+ − 860 if(!$session->get_permissions('edit_comments'))
+ − 861 return 'Access denied';
+ − 862 // Safety check - username/login
+ − 863 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 864 {
+ − 865 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 866 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 867 $s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 868 if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 869 $r = $db->fetchrow($s);
+ − 870 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 871 $db->free_result();
+ − 872 }
+ − 873 $s = RenderMan::preprocess_text($subject);
+ − 874 $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 875 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 876 $result = $db->sql_query($sql);
+ − 877 if($result)
+ − 878 return 'good';
+ − 879 else return 'Enano encountered a problem whilst saving the comment.
+ − 880 Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 881 ' . $sql . '
1
+ − 882
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 883 Error returned by MySQL: '.$db->get_error();
1
+ − 884 }
+ − 885
+ − 886 /**
+ − 887 * Deletes a comment.
+ − 888 * @param $page_id the page ID
+ − 889 * @param $namespace the namespace
+ − 890 * @param $name the name the user posted under
+ − 891 * @param $subj the subject of the comment to be deleted
+ − 892 * @param $text the text of the comment to be deleted
+ − 893 * @param $id the javascript list ID, used internally by the client-side app
+ − 894 * @return string
+ − 895 */
+ − 896
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 897 public static function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
1
+ − 898 {
+ − 899 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 900
+ − 901 if(!$session->get_permissions('edit_comments'))
+ − 902 return 'alert("Access to delete/edit comments is denied");';
+ − 903
+ − 904 if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 905 $n = $db->escape($name);
+ − 906 $s = $db->escape($subj);
+ − 907 $t = $db->escape($text);
+ − 908
+ − 909 // Safety check - username/login
+ − 910 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 911 {
+ − 912 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 913 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 914 $s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 915 if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 916 $r = $db->fetchrow($s);
+ − 917 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 918 $db->free_result();
+ − 919 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 920 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 921 $e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 922 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 923 return('good');
+ − 924 }
+ − 925
+ − 926 /**
+ − 927 * Deletes a comment in a cleaner fashion.
+ − 928 * @param $page_id the page ID
+ − 929 * @param $namespace the namespace
+ − 930 * @param $id the comment ID (primary key)
+ − 931 * @return string
+ − 932 */
+ − 933
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 934 public static function deletecomment_neater($page_id, $namespace, $id)
1
+ − 935 {
+ − 936 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 937
+ − 938 if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 939
+ − 940 if(!$session->get_permissions('edit_comments'))
+ − 941 return 'alert("Access to delete/edit comments is denied");';
+ − 942
+ − 943 // Safety check - username/login
+ − 944 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 945 {
+ − 946 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 947 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 948 $s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 949 if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 950 $r = $db->fetchrow($s);
+ − 951 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 952 $db->free_result();
+ − 953 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 954 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
1
+ − 955 $e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 956 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 957 return('good');
+ − 958 }
+ − 959
+ − 960 /**
+ − 961 * Renames a page.
+ − 962 * @param $page_id the page ID
+ − 963 * @param $namespace the namespace
+ − 964 * @param $name the new name for the page
+ − 965 * @return string error string or success message
+ − 966 */
+ − 967
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 968 public static function rename($page_id, $namespace, $name)
1
+ − 969 {
+ − 970 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 971 global $lang;
1
+ − 972
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 973 $page = new PageProcessor($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 974 return $page->rename_page($name);
1
+ − 975 }
+ − 976
+ − 977 /**
+ − 978 * Flushes (clears) the action logs for a given page
+ − 979 * @param $page_id the page ID
+ − 980 * @param $namespace the namespace
+ − 981 * @return string error/success string
+ − 982 */
+ − 983
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 984 public static function flushlogs($page_id, $namespace)
1
+ − 985 {
+ − 986 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 987 global $lang;
240
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 988 if ( !is_object($lang) && defined('IN_ENANO_INSTALL') )
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 989 {
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 990 // This is a special exception for the Enano installer, which doesn't init languages yet.
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 991 $lang = new Language('eng');
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 992 }
351
+ − 993 if(!$session->get_permissions('clear_logs') && !defined('IN_ENANO_INSTALL'))
214
+ − 994 {
+ − 995 return $lang->get('etc_access_denied');
+ − 996 }
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 997 if ( !$session->sid_super )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 998 {
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 999 return $lang->get('etc_access_denied_need_reauth');
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1000 }
1114
+ − 1001
+ − 1002 $page_id_db = $db->escape($page_id);
+ − 1003 $namespace_db = $db->escape($namespace);
+ − 1004
+ − 1005 // If we're flushing a file, also clear all revisions before the current
+ − 1006 if ( $namespace == 'File' )
+ − 1007 {
+ − 1008 $q = $db->sql_query('SELECT file_id FROM ' . table_prefix . "files WHERE page_id='$page_id_db' ORDER BY time_id DESC;");
+ − 1009 if ( !$q )
+ − 1010 $db->_die();
+ − 1011 // discard first row (current revision)
+ − 1012 $db->fetchrow();
+ − 1013 $id_list = array();
+ − 1014 while ( $row = $db->fetchrow() )
+ − 1015 $id_list[] = $row['file_id'];
+ − 1016
+ − 1017 require_once(ENANO_ROOT . '/includes/namespaces/file.php');
+ − 1018
+ − 1019 // clear out each file
+ − 1020 foreach ( $id_list as $id )
+ − 1021 Namespace_File::delete_file($id);
+ − 1022 }
+ − 1023
+ − 1024 $q = $db->sql_query('DELETE FROM ' . table_prefix . "logs WHERE page_id='$page_id_db' AND namespace='$namespace';");
+ − 1025 if ( !$q )
+ − 1026 $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1027
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1028 // If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1029 // If not, the admin's probably deleting a trash page
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1030 if ( isPage($paths->get_pathskey($page_id, $namespace)) )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1031 {
1114
+ − 1032 $q = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix . "page_text WHERE page_id='$page_id_db' AND namespace='$namespace_db';");
+ − 1033 if ( !$q )
+ − 1034 $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1035 $row = $db->fetchrow();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1036 $db->free_result();
320
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 1037 $minor_edit = ( ENANO_DBLAYER == 'MYSQL' ) ? 'false' : '0';
1114
+ − 1038 $username = $db->escape($session->username);
+ − 1039 $q = 'INSERT INTO ' . table_prefix . "logs ( log_type, action, time_id, date_string, page_id, namespace, page_text, char_tag, author, edit_summary, minor_edit ) VALUES\n"
+ − 1040 . " ('page', 'edit', " . time() . ", 'DEPRECATED', '$page_id', '$namespace', '" . $db->escape($row['page_text']) . "', '', '{$username}', '" . $lang->get('page_flushlogs_backup_summary') . "', $minor_edit);";
+ − 1041 if ( !$db->sql_query($q) )
+ − 1042 $db->_die('The history (log) entry could not be inserted into the logs table.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1043 }
1114
+ − 1044
214
+ − 1045 return $lang->get('ajax_clearlogs_success');
1
+ − 1046 }
+ − 1047
+ − 1048 /**
+ − 1049 * Deletes a page.
28
+ − 1050 * @param string $page_id the condemned page ID
+ − 1051 * @param string $namespace the condemned namespace
+ − 1052 * @param string The reason for deleting the page in question
1
+ − 1053 * @return string
+ − 1054 */
+ − 1055
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1056 public static function deletepage($page_id, $namespace, $reason)
1
+ − 1057 {
+ − 1058 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1059 global $lang;
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1060 global $cache;
1
+ − 1061 $perms = $session->fetch_page_acl($page_id, $namespace);
28
+ − 1062 $x = trim($reason);
+ − 1063 if ( empty($x) )
+ − 1064 {
214
+ − 1065 return $lang->get('ajax_delete_need_reason');
28
+ − 1066 }
+ − 1067 if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1068
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1069 if ( !$session->sid_super )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1070 {
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1071 return $lang->get('etc_access_denied_need_reauth');
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1072 }
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1073
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 1074 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
+ − 1075 if(!$e) $db->_die('The page log entry could not be inserted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1076 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1077 if(!$e) $db->_die('The page categorization entries could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1078 $e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1079 if(!$e) $db->_die('The page comments could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1080 $e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1081 if(!$e) $db->_die('The page text entry could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1082 $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1083 if(!$e) $db->_die('The page entry could not be deleted.');
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1084 if ( $namespace == 'File' )
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1085 {
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1086 $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1087 if(!$e) $db->_die('The file entry could not be deleted.');
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1088 }
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1089 $cache->purge('page_meta');
214
+ − 1090 return $lang->get('ajax_delete_success');
1
+ − 1091 }
+ − 1092
+ − 1093 /**
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1094 * Deletes files associated with a File page.
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1095 * @param string Page ID
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1096 */
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1097
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1098 public static function delete_page_files($page_id)
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1099 {
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1100 global $db, $session, $paths, $template, $plugins; // Common objects
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1101
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1102 $q = $db->sql_query('SELECT file_id, filename, file_key, time_id, file_extension FROM ' . table_prefix . "files WHERE page_id = '{$db->escape($page_id)}';");
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1103 if ( !$q )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1104 $db->_die();
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1105
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1106 while ( $row = $db->fetchrow() )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1107 {
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1108 // wipe original file
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1109 foreach ( array(
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1110 ENANO_ROOT . "/files/{$row['file_key']}_{$row['time_id']}{$row['file_extension']}",
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1111 ENANO_ROOT . "/files/{$row['file_key']}{$row['file_extension']}"
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1112 ) as $orig_file )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1113 {
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1114 if ( file_exists($orig_file) )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1115 @unlink($orig_file);
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1116 }
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1117
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1118 // wipe cached files
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1119 if ( $dr = @opendir(ENANO_ROOT . '/cache/') )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1120 {
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1121 // lol404.jpg-1217958283-200x320.jpg
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1122 while ( $dh = @readdir($dr) )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1123 {
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1124 $regexp = ':^' . preg_quote("{$row['filename']}-{$row['time_id']}-") . '[0-9]+x[0-9]+\.' . ltrim($row['file_extension'], '.') . '$:';
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1125 if ( preg_match($regexp, $dh) )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1126 {
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1127 @unlink(ENANO_ROOT . "/cache/$dh");
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1128 }
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1129 }
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1130 @closedir($dr);
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1131 }
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1132 }
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1133
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1134 $q = $db->sql_query('DELETE FROM ' . table_prefix . "files WHERE page_id = '{$db->escape($page_id)}';");
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1135 if ( !$q )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1136 $db->die();
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1137
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1138 return true;
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1139 }
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1140
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1141 /**
1
+ − 1142 * Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
+ − 1143 * @param $page_id the page ID
+ − 1144 * @param $namespace the namespace
+ − 1145 * @return string
+ − 1146 */
+ − 1147
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1148 public static function delvote($page_id, $namespace)
1
+ − 1149 {
+ − 1150 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1151 global $lang;
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1152 global $cache;
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1153
112
+ − 1154 if ( !$session->get_permissions('vote_delete') )
+ − 1155 {
214
+ − 1156 return $lang->get('etc_access_denied');
112
+ − 1157 }
+ − 1158
+ − 1159 if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+ − 1160 {
+ − 1161 return 'Special pages and system messages can\'t be voted for deletion.';
+ − 1162 }
+ − 1163
+ − 1164 $pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+ − 1165
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 1166 if ( !isPage($pname) )
112
+ − 1167 {
+ − 1168 return 'The page does not exist.';
+ − 1169 }
+ − 1170
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1171 $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1172 $cdata = $ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1173
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1174 $cv =& $cdata['delvotes'];
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1175 $ips =& $cdata['delvote_ips'];
112
+ − 1176
+ − 1177 if ( empty($ips) )
+ − 1178 {
+ − 1179 $ips = array(
+ − 1180 'ip' => array(),
+ − 1181 'u' => array()
+ − 1182 );
+ − 1183 }
+ − 1184 else
+ − 1185 {
+ − 1186 $ips = @unserialize($ips);
+ − 1187 if ( !$ips )
+ − 1188 {
+ − 1189 $ips = array(
+ − 1190 'ip' => array(),
+ − 1191 'u' => array()
+ − 1192 );
+ − 1193 }
+ − 1194 }
+ − 1195
+ − 1196 if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+ − 1197 {
214
+ − 1198 return $lang->get('ajax_delvote_already_voted');
112
+ − 1199 }
+ − 1200
+ − 1201 $ips['u'][] = $session->username;
+ − 1202 $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+ − 1203 $ips = $db->escape( serialize($ips) );
+ − 1204
1
+ − 1205 $cv++;
112
+ − 1206
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1207 $q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1208 $w = $db->sql_query($q);
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1209 if ( !$w )
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1210 $db->_die();
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1211
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1212 // all done, flush page cache to mark it up
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1213 $cache->purge('page_meta');
112
+ − 1214
214
+ − 1215 return $lang->get('ajax_delvote_success');
1
+ − 1216 }
+ − 1217
+ − 1218 /**
+ − 1219 * Resets the number of votes against a page to 0.
+ − 1220 * @param $page_id the page ID
+ − 1221 * @param $namespace the namespace
+ − 1222 * @return string
+ − 1223 */
+ − 1224
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1225 public static function resetdelvotes($page_id, $namespace)
1
+ − 1226 {
+ − 1227 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1228 global $lang;
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1229 global $cache;
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1230
913
+ − 1231 if ( !$session->get_permissions('vote_reset') )
214
+ − 1232 {
+ − 1233 return $lang->get('etc_access_denied');
+ − 1234 }
913
+ − 1235
+ − 1236 $page_id = $db->escape($page_id);
+ − 1237 $namespace = $db->escape($namespace);
+ − 1238
+ − 1239 // pull existing info
+ − 1240 $q = $db->sql_query('SELECT delvotes, delvote_ips FROM ' . table_prefix . "pages WHERE urlname = '$page_id' AND namespace = '$namespace'");
+ − 1241 if ( !$q )
+ − 1242 $db->_die();
+ − 1243 if ( $db->numrows() < 1 )
+ − 1244 return $lang->get('page_err_page_not_exist');
+ − 1245
+ − 1246 list($delvotes, $delvote_ips) = $db->fetchrow_num();
+ − 1247 $db->free_result();
+ − 1248 $delvote_ips = $db->escape($delvote_ips);
+ − 1249 $username = $db->escape($session->username);
+ − 1250
+ − 1251 // log action
+ − 1252 $time = time();
+ − 1253 $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs (time_id, log_type, action, edit_summary, page_text, author, page_id, namespace) VALUES\n"
+ − 1254 . " ( $time, 'page', 'votereset', '$delvotes', '$delvote_ips', '$username', '$page_id', '$namespace' )");
+ − 1255 if ( !$q )
+ − 1256 $db->_die();
+ − 1257
+ − 1258 // reset votes
+ − 1259 $empty_vote_record = $db->escape(serialize(array('ip'=>array(),'u'=>array())));
+ − 1260 $q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $empty_vote_record . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1261 $e = $db->sql_query($q);
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1262 if ( !$e )
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1263 {
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1264 $db->_die('The number of delete votes was not reset.');
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1265 }
214
+ − 1266 else
+ − 1267 {
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1268 $cache->purge('page_meta');
214
+ − 1269 return $lang->get('ajax_delvote_reset_success');
+ − 1270 }
1
+ − 1271 }
+ − 1272
+ − 1273 /**
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1274 * Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
+ − 1275 * @param $id the name of the directory for the theme
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1276 * @return string JSON string with an array containing a list of themes
1
+ − 1277 */
+ − 1278
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1279 public static function getstyles()
1
+ − 1280 {
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1281
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1282 if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 1283 return enano_json_encode(false);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1284
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1285 $dir = './themes/' . $_GET['id'] . '/css/';
1
+ − 1286 $list = Array();
+ − 1287 // Open a known directory, and proceed to read its contents
+ − 1288 if (is_dir($dir)) {
+ − 1289 if ($dh = opendir($dir)) {
+ − 1290 while (($file = readdir($dh)) !== false) {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1291 if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1292 { // it should be a copy of the original style, but
1
+ − 1293 // mostly black and white
+ − 1294 // Note to self: document this
+ − 1295 $list[] = substr($file, 0, strlen($file)-4);
+ − 1296 }
+ − 1297 }
+ − 1298 closedir($dh);
+ − 1299 }
+ − 1300 }
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1301 else
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1302 {
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 1303 return(enano_json_encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1304 }
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1305
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 1306 return enano_json_encode($list);
1
+ − 1307 }
+ − 1308
+ − 1309 /**
+ − 1310 * Assembles a Javascript app with category information
+ − 1311 * @param $page_id the page ID
+ − 1312 * @param $namespace the namespace
+ − 1313 * @return string Javascript code
+ − 1314 */
+ − 1315
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1316 public static function catedit($page_id, $namespace)
1
+ − 1317 {
+ − 1318 $d = PageUtils::catedit_raw($page_id, $namespace);
+ − 1319 return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
+ − 1320 }
+ − 1321
+ − 1322 /**
+ − 1323 * Does the actual HTML/javascript generation for cat editing, but returns an array
+ − 1324 * @access private
+ − 1325 */
+ − 1326
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1327 public static function catedit_raw($page_id, $namespace)
1
+ − 1328 {
+ − 1329 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1330 global $lang;
+ − 1331
1
+ − 1332 ob_start();
+ − 1333 $_ob = '';
322
+ − 1334 $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\'');
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1335 if(!$e) jsdie('Error selecting category information for current page: '.$db->get_error());
1
+ − 1336 $cat_current = Array();
+ − 1337 while($r = $db->fetchrow())
+ − 1338 {
+ − 1339 $cat_current[] = $r;
+ − 1340 }
+ − 1341 $db->free_result();
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1342
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1343 $cat_all = array();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1344 $q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';');
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1345 if ( !$q )
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1346 $db->_die();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1347
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1348 while ( $row = $db->fetchrow() )
1
+ − 1349 {
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1350 $cat_all[] = Namespace_Default::bake_cdata($row);
1
+ − 1351 }
+ − 1352
+ − 1353 // Make $cat_all an associative array, like $paths->pages
+ − 1354 $sz = sizeof($cat_all);
+ − 1355 for($i=0;$i<$sz;$i++)
+ − 1356 {
+ − 1357 $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1358 }
+ − 1359 // Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
+ − 1360 $cat_info = $cat_all;
+ − 1361 for($i=0;$i<sizeof($cat_current);$i++)
+ − 1362 {
+ − 1363 $un = $cat_current[$i]['category_id'];
+ − 1364 $cat_info[$un]['member'] = true;
+ − 1365 }
+ − 1366 // Now copy the information we just set into the numerically named keys
+ − 1367 for($i=0;$i<sizeof($cat_info)/2;$i++)
+ − 1368 {
+ − 1369 $un = $cat_info[$i]['urlname_nons'];
+ − 1370 $cat_info[$i] = $cat_info[$un];
+ − 1371 }
+ − 1372
+ − 1373 echo 'catlist = new Array();'; // Initialize the client-side category list
214
+ − 1374 $_ob .= '<h3>' . $lang->get('catedit_title') . '</h3>
1
+ − 1375 <form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
+ − 1376 if ( sizeof($cat_info) < 1 )
+ − 1377 {
214
+ − 1378 $_ob .= '<p>' . $lang->get('catedit_no_categories') . '</p>';
1
+ − 1379 }
+ − 1380 for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
+ − 1381 {
+ − 1382 // Protection code added 1/3/07
+ − 1383 // Updated 3/4/07
+ − 1384 $is_prot = false;
+ − 1385 $perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
+ − 1386 if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1387 ( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
+ − 1388 $is_prot = true;
+ − 1389 $prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
+ − 1390 $prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1391 echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1392 $_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
1
+ − 1393 if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1394 $_ob .= '/> <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
1
+ − 1395 }
+ − 1396
+ − 1397 $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
+ − 1398
214
+ − 1399 $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="' . $lang->get('etc_save_changes') . '" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="' . $lang->get('etc_cancel') . '" /></div></form>';
1
+ − 1400
+ − 1401 $cont = ob_get_contents();
+ − 1402 ob_end_clean();
+ − 1403 return Array($cont, $_ob);
+ − 1404 }
+ − 1405
+ − 1406 /**
+ − 1407 * Saves category information
+ − 1408 * WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
+ − 1409 * @param $page_id string the page ID
+ − 1410 * @param $namespace string the namespace
+ − 1411 * @param $which_cats array associative array of categories to put the page in
+ − 1412 * @return string "GOOD" on success, error string on failure
+ − 1413 */
+ − 1414
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1415 public static function catsave($page_id, $namespace, $which_cats)
1
+ − 1416 {
+ − 1417 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1418 if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
+ − 1419
+ − 1420 $page_perms = $session->fetch_page_acl($page_id, $namespace);
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1421 $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1422 $page_data = $ns->get_cdata();
1
+ − 1423
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1424 $cat_all = array();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1425 $q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';');
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1426 if ( !$q )
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1427 $db->_die();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1428
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1429 while ( $row = $db->fetchrow() )
1
+ − 1430 {
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1431 $cat_all[] = Namespace_Default::bake_cdata($row);
1
+ − 1432 }
+ − 1433
+ − 1434 // Make $cat_all an associative array, like $paths->pages
+ − 1435 $sz = sizeof($cat_all);
+ − 1436 for($i=0;$i<$sz;$i++)
+ − 1437 {
+ − 1438 $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1439 }
+ − 1440
+ − 1441 $rowlist = Array();
+ − 1442
+ − 1443 for($i=0;$i<sizeof($cat_all)/2;$i++)
+ − 1444 {
+ − 1445 $auth = true;
+ − 1446 $perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
+ − 1447 if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1448 ( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
+ − 1449 ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
+ − 1450 $auth = false;
+ − 1451 if(!$auth)
+ − 1452 {
+ − 1453 // Find out if the page is currently in the category
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1454 $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1455 if(!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1456 return 'MySQL error: ' . $db->get_error();
1
+ − 1457 if($db->numrows() > 0)
+ − 1458 {
+ − 1459 $auth = true;
+ − 1460 $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
+ − 1461 }
+ − 1462 $db->free_result();
+ − 1463 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1464 if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
1
+ − 1465 }
+ − 1466 if(sizeof($rowlist) > 0)
+ − 1467 {
+ − 1468 $val = implode(',', $rowlist);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1469 $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1470 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1471 if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1472 $e = $db->sql_query($q);
+ − 1473 if(!$e) $db->_die('The new category data could not be inserted.');
+ − 1474 return('GOOD');
+ − 1475 }
+ − 1476 else
+ − 1477 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1478 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1479 if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1480 return('GOOD');
+ − 1481 }
+ − 1482 }
+ − 1483
+ − 1484 /**
+ − 1485 * Sets the wiki mode level for a page.
+ − 1486 * @param $page_id string the page ID
+ − 1487 * @param $namespace string the namespace
+ − 1488 * @param $level int 0 for off, 1 for on, 2 for use global setting
+ − 1489 * @return string "GOOD" on success, error string on failure
+ − 1490 */
+ − 1491
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1492 public static function setwikimode($page_id, $namespace, $level)
1
+ − 1493 {
+ − 1494 global $db, $session, $paths, $template, $plugins; // Common objects
913
+ − 1495 global $cache;
+ − 1496
1
+ − 1497 if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1498 if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1499 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1500 return('Invalid mode string');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1501 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1502 $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1503 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1504 {
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1505 return('Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1506 }
913
+ − 1507
+ − 1508 $cache->purge('page_meta');
1
+ − 1509 return('GOOD');
+ − 1510 }
+ − 1511
+ − 1512 /**
+ − 1513 * Sets the access password for a page.
+ − 1514 * @param $page_id string the page ID
+ − 1515 * @param $namespace string the namespace
+ − 1516 * @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
+ − 1517 * @return string
+ − 1518 */
+ − 1519
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1520 public static function setpass($page_id, $namespace, $pass)
1
+ − 1521 {
+ − 1522 global $db, $session, $paths, $template, $plugins; // Common objects
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1523 global $lang, $cache;
1
+ − 1524 // Determine permissions
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1525 $ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1526 $cdata = $ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1527 if ( $cdata['password'] != '' )
1
+ − 1528 $a = $session->get_permissions('password_reset');
+ − 1529 else
+ − 1530 $a = $session->get_permissions('password_set');
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1531 if ( !$a )
214
+ − 1532 return $lang->get('etc_access_denied');
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1533 if ( !isset($pass) )
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1534 return('Password was not set on URL');
1
+ − 1535 $p = $pass;
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1536 if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1537 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1538 $p = sha1($p);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1539 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1540 if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1541 // sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1542 $p = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1543 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1544 if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1545 {
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1546 die('PageUtils::setpass(): Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1547 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1548 // Is the new password blank?
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1549 if ( $p == '' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1550 {
214
+ − 1551 return $lang->get('ajax_password_disable_success');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1552 }
214
+ − 1553 else
+ − 1554 {
+ − 1555 return $lang->get('ajax_password_success');
+ − 1556 }
1
+ − 1557 }
+ − 1558
+ − 1559 /**
+ − 1560 * Generates some preview HTML
+ − 1561 * @param $text string the wikitext to use
+ − 1562 * @return string
+ − 1563 */
+ − 1564
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1565 public static function genPreview($text)
1
+ − 1566 {
214
+ − 1567 global $lang;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1568 $ret = '<div class="info-box">' . $lang->get('editor_preview_blurb') . '</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 10px 0;">';
102
+ − 1569 $text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+ − 1570 ob_start();
+ − 1571 eval('?>' . $text);
+ − 1572 $text = ob_get_contents();
+ − 1573 ob_end_clean();
+ − 1574 $ret .= $text;
+ − 1575 $ret .= '</div>';
+ − 1576 return $ret;
1
+ − 1577 }
+ − 1578
+ − 1579 /**
+ − 1580 * Makes a scrollable box
+ − 1581 * @param string $text the inner HTML
+ − 1582 * @param int $height Optional - the maximum height. Defaults to 250.
+ − 1583 * @return string
+ − 1584 */
+ − 1585
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1586 public static function scrollBox($text, $height = 250)
1
+ − 1587 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1588 return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
1
+ − 1589 }
+ − 1590
+ − 1591 /**
+ − 1592 * Generates a diff summary between two page revisions.
+ − 1593 * @param $page_id the page ID
+ − 1594 * @param $namespace the namespace
+ − 1595 * @param $id1 the time ID of the first revision
+ − 1596 * @param $id2 the time ID of the second revision
+ − 1597 * @return string XHTML-formatted diff
+ − 1598 */
+ − 1599
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1600 public static function pagediff($page_id, $namespace, $id1, $id2)
1
+ − 1601 {
+ − 1602 global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 1603 global $lang;
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1604
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1605 if ( !$session->get_permissions('history_view') )
214
+ − 1606 return $lang->get('etc_access_denied');
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1607
1
+ − 1608 if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
+ − 1609 !preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
+ − 1610 // OK we made it through security
+ − 1611 // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1612 if ( !$q1 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE log_id = ' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1613 if ( !$q2 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE log_id = ' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
1
+ − 1614 $row1 = $db->fetchrow($q1);
+ − 1615 $db->free_result($q1);
+ − 1616 $row2 = $db->fetchrow($q2);
+ − 1617 $db->free_result($q2);
909
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1618 if(sizeof($row1) < 1 || sizeof($row2) < 2)
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1619 {
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1620 if ( !$q1 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id = ' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1621 if ( !$q2 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id = ' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1622 $row1 = $db->fetchrow($q1);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1623 $db->free_result($q1);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1624 $row2 = $db->fetchrow($q2);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1625 $db->free_result($q2);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1626 if(sizeof($row1) < 1 || sizeof($row2) < 2)
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1627 return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1628 }
1
+ − 1629 $text1 = $row1['page_text'];
+ − 1630 $text2 = $row2['page_text'];
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 1631 $time1 = enano_date(ED_DATE | ED_TIME, $row1['time_id']);
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 1632 $time2 = enano_date(ED_DATE | ED_TIME, $row2['time_id']);
1
+ − 1633 $_ob = "
213
+ − 1634 <p>" . $lang->get('history_lbl_comparingrevisions') . " {$time1} → {$time2}</p>
1
+ − 1635 ";
+ − 1636 // Free some memory
+ − 1637 unset($row1, $row2, $q1, $q2);
+ − 1638
+ − 1639 $_ob .= RenderMan::diff($text1, $text2);
+ − 1640 return $_ob;
+ − 1641 }
+ − 1642
+ − 1643 /**
+ − 1644 * Gets ACL information about the selected page for target type X and target ID Y.
+ − 1645 * @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
+ − 1646 * @return array
+ − 1647 */
+ − 1648
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1649 public static function acl_editor($parms = Array())
1
+ − 1650 {
+ − 1651 global $db, $session, $paths, $template, $plugins; // Common objects
218
+ − 1652 global $lang;
+ − 1653
511
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 1654 if(!$session->get_permissions('edit_acl') && ( $session->user_level < USER_LEVEL_ADMIN || !defined('ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL')) )
40
+ − 1655 {
+ − 1656 return Array(
+ − 1657 'mode' => 'error',
218
+ − 1658 'error' => $lang->get('acl_err_access_denied')
40
+ − 1659 );
+ − 1660 }
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1661 if ( !$session->sid_super )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1662 {
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1663 return Array(
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1664 'mode' => 'error',
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1665 'error' => $lang->get('etc_access_denied_need_reauth')
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1666 );
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1667 }
1
+ − 1668 $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
+ − 1669 $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
+ − 1670 $page_id =& $parms['page_id'];
+ − 1671 $namespace =& $parms['namespace'];
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1672 $page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1673 $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
1
+ − 1674 //die(print_r($page_id,true));
+ − 1675 $template->load_theme();
+ − 1676 // $perms_obj = $session->fetch_page_acl($page_id, $namespace);
+ − 1677 $perms_obj =& $session;
+ − 1678 $return = Array();
+ − 1679 if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
+ − 1680 {
+ − 1681 return Array(
+ − 1682 'mode' => 'error',
218
+ − 1683 'error' => $lang->get('acl_err_missing_template'),
1
+ − 1684 );
+ − 1685 }
+ − 1686 $return['template'] = $template->extract_vars('acledit.tpl');
+ − 1687 $return['page_id'] = $page_id;
+ − 1688 $return['namespace'] = $namespace;
+ − 1689 if(isset($parms['mode']))
+ − 1690 {
+ − 1691 switch($parms['mode'])
+ − 1692 {
+ − 1693 case 'listgroups':
+ − 1694 $return['groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1695 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
1
+ − 1696 while($row = $db->fetchrow())
+ − 1697 {
+ − 1698 $return['groups'][] = Array(
+ − 1699 'id' => $row['group_id'],
+ − 1700 'name' => $row['group_name'],
+ − 1701 );
+ − 1702 }
+ − 1703 $db->free_result();
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1704 $return['page_groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1705 $q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1706 if ( !$q )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1707 return Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1708 'mode' => 'error',
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1709 'error' => $db->get_error()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1710 );
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1711 while ( $row = $db->fetchrow() )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1712 {
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1713 $return['page_groups'][] = Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1714 'id' => $row['pg_id'],
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1715 'name' => $row['pg_name']
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1716 );
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1717 }
1
+ − 1718 break;
512
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1719 case 'seltarget_id':
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1720 if ( !is_int($parms['target_id']) )
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1721 {
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1722 return Array(
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1723 'mode' => 'error',
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1724 'error' => 'Expected parameter target_id type int'
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1725 );
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1726 }
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1727 $q = $db->sql_query('SELECT target_id, target_type, page_id, namespace, rules FROM ' . table_prefix . "acl WHERE rule_id = {$parms['target_id']};");
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1728 if ( !$q )
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1729 return Array(
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1730 'mode' => 'error',
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1731 'error' => $db->get_error()
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1732 );
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1733 if ( $db->numrows() < 1 )
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1734 return Array(
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1735 'mode' => 'error',
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1736 'error' => "No rule with ID {$parms['target_id']} found"
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1737 );
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1738 $parms = $db->fetchrow();
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1739 $db->free_result();
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1740
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1741 // regenerate page selection
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1742 $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1743 $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
513
+ − 1744 $parms['mode'] = 'seltarget_id';
512
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1745 $page_id =& $parms['page_id'];
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1746 $namespace =& $parms['namespace'];
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1747 $page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1748 $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1749
513
+ − 1750 $return['page_id'] = $parms['page_id'];
+ − 1751 $return['namespace'] = $parms['namespace'];
+ − 1752
512
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1753 // From here, let the seltarget handler take over
1
+ − 1754 case 'seltarget':
+ − 1755 $return['mode'] = 'seltarget';
+ − 1756 $return['acl_types'] = $perms_obj->acl_types;
+ − 1757 $return['acl_deps'] = $perms_obj->acl_deps;
+ − 1758 $return['acl_descs'] = $perms_obj->acl_descs;
+ − 1759 $return['target_type'] = $parms['target_type'];
+ − 1760 $return['target_id'] = $parms['target_id'];
+ − 1761 switch($parms['target_type'])
+ − 1762 {
+ − 1763 case ACL_TYPE_USER:
513
+ − 1764 $user_col = ( $parms['mode'] == 'seltarget_id' ) ? 'user_id' : 'username';
+ − 1765 $q = $db->sql_query('SELECT a.rules,u.user_id,u.username FROM ' . table_prefix.'users AS u
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1766 LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1767 ON a.target_id=u.user_id
+ − 1768 WHERE a.target_type='.ACL_TYPE_USER.'
513
+ − 1769 AND u.' . $user_col . ' = \'' . $db->escape($parms['target_id']) . '\'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1770 ' . $page_where_clause . ';');
1
+ − 1771 if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1772 return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1773 if($db->numrows() < 1)
+ − 1774 {
+ − 1775 $return['type'] = 'new';
513
+ − 1776 $q = $db->sql_query('SELECT user_id,username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
1
+ − 1777 if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1778 return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1779 if($db->numrows() < 1)
513
+ − 1780 return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'),'debug' => $db->sql_backtrace());
1
+ − 1781 $row = $db->fetchrow();
513
+ − 1782 $return['target_name'] = $row['username'];
1
+ − 1783 $return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1784 $return['current_perms'] = array();
1
+ − 1785 }
+ − 1786 else
+ − 1787 {
+ − 1788 $return['type'] = 'edit';
+ − 1789 $row = $db->fetchrow();
513
+ − 1790 $return['target_name'] = $row['username'];
1
+ − 1791 $return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1792 $return['current_perms'] = $session->string_to_perm($row['rules']);
1
+ − 1793 }
+ − 1794 $db->free_result();
+ − 1795 // Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1796 if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1797 {
+ − 1798 foreach ( $return['current_perms'] AS $i => $perm )
+ − 1799 {
+ − 1800 if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1801 {
+ − 1802 // echo "// SCOPE CONTROL: eliminating: $i\n";
+ − 1803 unset($return['current_perms'][$i]);
+ − 1804 unset($return['acl_types'][$i]);
+ − 1805 unset($return['acl_descs'][$i]);
+ − 1806 unset($return['acl_deps'][$i]);
+ − 1807 }
+ − 1808 }
+ − 1809 }
+ − 1810 break;
+ − 1811 case ACL_TYPE_GROUP:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1812 $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1813 LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1814 ON a.target_id=g.group_id
+ − 1815 WHERE a.target_type='.ACL_TYPE_GROUP.'
+ − 1816 AND g.group_id=\''.intval($parms['target_id']).'\'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1817 ' . $page_where_clause . ';');
1
+ − 1818 if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1819 return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1820 if($db->numrows() < 1)
+ − 1821 {
+ − 1822 $return['type'] = 'new';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1823 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
1
+ − 1824 if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1825 return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1826 if($db->numrows() < 1)
218
+ − 1827 return Array('mode'=>'error','error'=>$lang->get('acl_err_bad_group_id'));
1
+ − 1828 $row = $db->fetchrow();
+ − 1829 $return['target_name'] = $row['group_name'];
+ − 1830 $return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1831 $return['current_perms'] = array();
1
+ − 1832 }
+ − 1833 else
+ − 1834 {
+ − 1835 $return['type'] = 'edit';
+ − 1836 $row = $db->fetchrow();
+ − 1837 $return['target_name'] = $row['group_name'];
+ − 1838 $return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1839 $return['current_perms'] = $session->string_to_perm($row['rules']);
1
+ − 1840 }
+ − 1841 $db->free_result();
+ − 1842 // Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1843 if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1844 {
+ − 1845 foreach ( $return['current_perms'] AS $i => $perm )
+ − 1846 {
+ − 1847 if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1848 {
+ − 1849 // echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
+ − 1850 unset($return['current_perms'][$i]);
+ − 1851 unset($return['acl_types'][$i]);
+ − 1852 unset($return['acl_descs'][$i]);
+ − 1853 unset($return['acl_deps'][$i]);
+ − 1854 }
+ − 1855 }
+ − 1856 }
+ − 1857 //return Array('mode'=>'debug','text'=>print_r($return, true));
+ − 1858 break;
+ − 1859 default:
+ − 1860 return Array('mode'=>'error','error','Invalid ACL type ID');
+ − 1861 break;
+ − 1862 }
+ − 1863 return $return;
+ − 1864 break;
+ − 1865 case 'save_new':
+ − 1866 case 'save_edit':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1867 if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1868 {
218
+ − 1869 return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1870 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1871 $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1872 ' . $page_where_clause_lite . ';');
1
+ − 1873 if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1874 return Array('mode'=>'error','error'=>$db->get_error());
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1875 if ( sizeof ( $parms['perms'] ) < 1 )
1
+ − 1876 {
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1877 // As of 1.1.x, this returns success because the rule length is zero if the user selected "inherit" in all columns
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1878 return Array(
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1879 'mode' => 'success',
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1880 'target_type' => $parms['target_type'],
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1881 'target_id' => $parms['target_id'],
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1882 'target_name' => $parms['target_name'],
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1883 'page_id' => $page_id,
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1884 'namespace' => $namespace,
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1885 );
1
+ − 1886 }
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1887 $rules = $session->perm_to_string($parms['perms']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1888 $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1889 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1890 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1891 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1892 if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>$db->get_error());
1
+ − 1893 return Array(
+ − 1894 'mode' => 'success',
+ − 1895 'target_type' => $parms['target_type'],
+ − 1896 'target_id' => $parms['target_id'],
+ − 1897 'target_name' => $parms['target_name'],
+ − 1898 'page_id' => $page_id,
+ − 1899 'namespace' => $namespace,
+ − 1900 );
+ − 1901 break;
+ − 1902 case 'delete':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1903 if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1904 {
218
+ − 1905 return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1906 }
513
+ − 1907 $sql = 'DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
+ − 1908 ' . $page_where_clause_lite . ';';
+ − 1909 $q = $db->sql_query($sql);
1
+ − 1910 if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1911 return Array('mode'=>'error','error'=>$db->get_error());
1
+ − 1912 return Array(
+ − 1913 'mode' => 'delete',
+ − 1914 'target_type' => $parms['target_type'],
+ − 1915 'target_id' => $parms['target_id'],
+ − 1916 'target_name' => $parms['target_name'],
+ − 1917 'page_id' => $page_id,
+ − 1918 'namespace' => $namespace,
+ − 1919 );
+ − 1920 break;
513
+ − 1921 case 'list_existing':
+ − 1922
+ − 1923 $return = array(
+ − 1924 'mode' => 'list_existing',
+ − 1925 'key' => acl_list_draw_key(),
+ − 1926 'rules' => array()
+ − 1927 );
+ − 1928
+ − 1929 $q = $db->sql_query("SELECT a.rule_id, u.username, g.group_name, a.target_type, a.target_id, a.page_id, a.namespace, a.rules, p.pg_name\n"
+ − 1930 . " FROM " . table_prefix . "acl AS a\n"
+ − 1931 . " LEFT JOIN " . table_prefix . "users AS u\n"
+ − 1932 . " ON ( (a.target_type = " . ACL_TYPE_USER . " AND a.target_id = u.user_id) OR (u.user_id IS NULL) )\n"
+ − 1933 . " LEFT JOIN " . table_prefix . "groups AS g\n"
+ − 1934 . " ON ( (a.target_type = " . ACL_TYPE_GROUP . " AND a.target_id = g.group_id) OR (g.group_id IS NULL) )\n"
+ − 1935 . " LEFT JOIN " . table_prefix . "page_groups as p\n"
+ − 1936 . " ON ( (a.namespace = '__PageGroup' AND a.page_id = p.pg_id) OR (p.pg_id IS NULL) )\n"
690
+ − 1937 . " WHERE ( a.target_type = " . ACL_TYPE_USER . " OR a.target_type = " . ACL_TYPE_GROUP . " )\n"
513
+ − 1938 . " GROUP BY a.rule_id\n"
+ − 1939 . " ORDER BY a.target_type ASC, a.rule_id ASC;"
+ − 1940 );
+ − 1941
+ − 1942 if ( !$q )
+ − 1943 $db->_die();
+ − 1944
+ − 1945 while ( $row = $db->fetchrow($q) )
+ − 1946 {
+ − 1947 if ( $row['target_type'] == ACL_TYPE_USER && empty($row['username']) )
+ − 1948 {
+ − 1949 // This is only done if we have an ACL affecting a user that doesn't exist.
+ − 1950 // Nice little bit of maintenance to have.
+ − 1951 if ( !$db->sql_query("DELETE FROM " . table_prefix . "acl WHERE rule_id = {$row['rule_id']};") )
+ − 1952 $db->_die();
+ − 1953 continue;
+ − 1954 }
+ − 1955 $score = get_acl_rule_score($row['rules']);
+ − 1956 $deep_limit = ACL_SCALE_MINIMAL_SHADE;
+ − 1957 // Determine background color of cell by score
+ − 1958 if ( $score > 5 )
+ − 1959 {
+ − 1960 // high score, show in green
+ − 1961 $color = 2.5 * $score;
+ − 1962 if ( $color > 255 )
+ − 1963 $color = 255;
+ − 1964 $color = round($color);
+ − 1965 // blend with the colordepth limit
+ − 1966 $color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) );
+ − 1967 $color = dechex($color);
+ − 1968 $color = "{$color}ff{$color}";
+ − 1969 }
+ − 1970 else if ( $score < -5 )
+ − 1971 {
+ − 1972 // low score, show in red
+ − 1973 $color = 0 - $score;
+ − 1974 $color = 2.5 * $color;
+ − 1975 if ( $color > 255 )
+ − 1976 $color = 255;
+ − 1977 $color = round($color);
+ − 1978 // blend with the colordepth limit
+ − 1979 $color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) );
+ − 1980 $color = dechex($color);
+ − 1981 $color = "ff{$color}{$color}";
+ − 1982 }
+ − 1983 else
+ − 1984 {
+ − 1985 $color = 'efefef';
+ − 1986 }
+ − 1987
+ − 1988 // Rate rule textually based on its score
+ − 1989 if ( $score >= 70 )
+ − 1990 $desc = $lang->get('acl_msg_scale_allow');
+ − 1991 else if ( $score >= 50 )
+ − 1992 $desc = $lang->get('acl_msg_scale_mostly_allow');
+ − 1993 else if ( $score >= 25 )
+ − 1994 $desc = $lang->get('acl_msg_scale_some_allow');
+ − 1995 else if ( $score >= -25 )
+ − 1996 $desc = $lang->get('acl_msg_scale_mixed');
+ − 1997 else if ( $score <= -70 )
+ − 1998 $desc = $lang->get('acl_msg_scale_deny');
+ − 1999 else if ( $score <= -50 )
+ − 2000 $desc = $lang->get('acl_msg_scale_mostly_deny');
+ − 2001 else if ( $score <= -25 )
+ − 2002 $desc = $lang->get('acl_msg_scale_some_deny');
+ − 2003
+ − 2004 // group and user target info
+ − 2005 $info = '';
+ − 2006 if ( $row['target_type'] == ACL_TYPE_USER )
+ − 2007 $info = $lang->get('acl_msg_list_user', array( 'username' => $row['username'] )); // "(User: {$row['username']})";
+ − 2008 else if ( $row['target_type'] == ACL_TYPE_GROUP )
+ − 2009 $info = $lang->get('acl_msg_list_group', array( 'group' => $row['group_name'] ));
+ − 2010
+ − 2011 // affected pages info
+ − 2012 if ( $row['page_id'] && $row['namespace'] && $row['namespace'] != '__PageGroup' )
+ − 2013 $info .= $lang->get('acl_msg_list_on_page', array( 'page_name' => "{$row['namespace']}:{$row['page_id']}" ));
+ − 2014 else if ( $row['page_id'] && $row['namespace'] && $row['namespace'] == '__PageGroup' )
+ − 2015 $info .= $lang->get('acl_msg_list_on_page_group', array( 'page_group' => $row['pg_name'] ));
+ − 2016 else
+ − 2017 $info .= $lang->get('acl_msg_list_entire_site');
+ − 2018
+ − 2019 $score_string = $lang->get('acl_msg_list_score', array
+ − 2020 (
+ − 2021 'score' => $score,
+ − 2022 'desc' => $desc,
+ − 2023 'info' => $info
+ − 2024 ));
+ − 2025 $return['rules'][] = array(
+ − 2026 'score_string' => $score_string,
+ − 2027 'rule_id' => $row['rule_id'],
+ − 2028 'color' => $color
+ − 2029 );
+ − 2030 }
+ − 2031
+ − 2032 break;
679
+ − 2033 case 'list_presets':
+ − 2034 $presets = array();
+ − 2035 $q = $db->sql_query('SELECT page_id AS preset_name, rule_id, rules FROM ' . table_prefix . "acl WHERE target_type = " . ACL_TYPE_PRESET . ";");
+ − 2036 if ( !$q )
+ − 2037 $db->die_json();
+ − 2038
+ − 2039 while ( $row = $db->fetchrow() )
+ − 2040 {
+ − 2041 $row['rules'] = $session->string_to_perm($row['rules']);
+ − 2042 $presets[] = $row;
+ − 2043 }
+ − 2044
+ − 2045 return array(
+ − 2046 'mode' => 'list_existing',
+ − 2047 'presets' => $presets
+ − 2048 );
+ − 2049 break;
+ − 2050 case 'save_preset':
+ − 2051 if ( empty($parms['preset_name']) )
+ − 2052 {
+ − 2053 return array(
+ − 2054 'mode' => 'error',
+ − 2055 'error' => $lang->get('acl_err_preset_name_empty')
+ − 2056 );
+ − 2057 }
+ − 2058 $preset_name = $db->escape($parms['preset_name']);
+ − 2059 $q = $db->sql_query('DELETE FROM ' . table_prefix . "acl WHERE target_type = " . ACL_TYPE_PRESET . " AND page_id = '$preset_name';");
+ − 2060 if ( !$q )
+ − 2061 $db->die_json();
+ − 2062
+ − 2063 $perms = $session->perm_to_string($parms['perms']);
+ − 2064 if ( !$perms )
+ − 2065 {
+ − 2066 return array(
+ − 2067 'mode' => 'error',
+ − 2068 'error' => $lang->get('acl_err_preset_is_blank')
+ − 2069 );
+ − 2070 }
+ − 2071
+ − 2072 $perms = $db->escape($perms);
+ − 2073 $q = $db->sql_query('INSERT INTO ' . table_prefix . "acl(page_id, target_type, rules) VALUES\n"
+ − 2074 . " ( '$preset_name', " . ACL_TYPE_PRESET . ", '$perms' );");
+ − 2075 if ( !$q )
+ − 2076 $db->die_json();
+ − 2077
+ − 2078 return array(
+ − 2079 'mode' => 'success'
+ − 2080 );
+ − 2081 break;
729
+ − 2082 case 'trace':
+ − 2083 list($targetpid, $targetns) = RenderMan::strToPageID($parms['page']);
737
+ − 2084 try
+ − 2085 {
+ − 2086 $perms = $session->fetch_page_acl_user($parms['user'], $targetpid, $targetns);
+ − 2087 $perm_table = array(
+ − 2088 AUTH_ALLOW => 'acl_lbl_field_allow',
+ − 2089 AUTH_WIKIMODE => 'acl_lbl_field_wikimode',
+ − 2090 AUTH_DISALLOW => 'acl_lbl_field_disallow',
+ − 2091 AUTH_DENY => 'acl_lbl_field_deny'
+ − 2092 );
+ − 2093
+ − 2094 $return = array(
+ − 2095 'mode' => 'trace',
+ − 2096 'perms' => array()
729
+ − 2097 );
+ − 2098
737
+ − 2099 foreach ( $perms->perm_resolve_table as $perm_type => $lookup_data )
+ − 2100 {
+ − 2101 if ( !$session->check_acl_scope($perm_type, $targetns) )
+ − 2102 continue;
+ − 2103
+ − 2104 $src_l10n = $lang->get($session->acl_inherit_lang_table[$lookup_data['src']], $lookup_data);
+ − 2105 $divclass = preg_replace('/^acl_inherit_/', '', $session->acl_inherit_lang_table[$lookup_data['src']]);
+ − 2106 $perm_string = $lang->get($perm_table[$perms->perms[$perm_type]]);
+ − 2107 $perm_name = $lang->get($session->acl_descs[$perm_type]);
+ − 2108
+ − 2109 $return['perms'][$perm_type] = array(
+ − 2110 'divclass' => "acl_inherit acl_$divclass",
+ − 2111 'perm_type' => $perm_type,
+ − 2112 'perm_name' => $perm_name,
+ − 2113 'perm_value' => $perm_string,
+ − 2114 'perm_src' => $src_l10n,
749
+ − 2115 'rule_id' => intval($lookup_data['rule_id']),
+ − 2116 'bad_deps' => $perms->acl_check_deps($perm_type, true)
737
+ − 2117 );
+ − 2118 }
729
+ − 2119
737
+ − 2120 // group rules if possible
+ − 2121 $return['groups'] = array();
+ − 2122 foreach ( $return['perms'] as $rule )
+ − 2123 {
+ − 2124 if ( !isset($return['groups'][$rule['rule_id']]) )
+ − 2125 {
+ − 2126 $return['groups'][$rule['rule_id']] = array();
+ − 2127 }
+ − 2128 $return['groups'][$rule['rule_id']][] = $rule['perm_type'];
+ − 2129 }
729
+ − 2130 }
737
+ − 2131 catch ( Exception $e )
729
+ − 2132 {
737
+ − 2133 $return = array(
+ − 2134 'mode' => 'error',
+ − 2135 'error' => $e->getMessage()
+ − 2136 );
729
+ − 2137 }
+ − 2138
+ − 2139 break;
1
+ − 2140 default:
+ − 2141 return Array('mode'=>'error','error'=>'Hacking attempt');
+ − 2142 break;
+ − 2143 }
+ − 2144 }
+ − 2145 return $return;
+ − 2146 }
+ − 2147
+ − 2148 /**
+ − 2149 * Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
+ − 2150 * @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
+ − 2151 * @return string
+ − 2152 */
+ − 2153
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2154 public static function acl_json($parms = '{ }')
1
+ − 2155 {
+ − 2156 global $db, $session, $paths, $template, $plugins; // Common objects
582
+ − 2157 try
+ − 2158 {
+ − 2159 $parms = enano_json_decode($parms);
+ − 2160 }
+ − 2161 catch ( Zend_Json_Exception $e )
+ − 2162 {
+ − 2163 $parms = array();
+ − 2164 }
1
+ − 2165 $ret = PageUtils::acl_editor($parms);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 2166 $ret = enano_json_encode($ret);
1
+ − 2167 return $ret;
+ − 2168 }
+ − 2169
+ − 2170 /**
+ − 2171 * A non-Javascript frontend for the ACL API.
+ − 2172 * @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
+ − 2173 */
+ − 2174
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2175 public static function aclmanager($parms)
1
+ − 2176 {
+ − 2177 global $db, $session, $paths, $template, $plugins; // Common objects
219
+ − 2178 global $lang;
1
+ − 2179 ob_start();
+ − 2180 // Convenience
+ − 2181 $formstart = '<form
+ − 2182 action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
+ − 2183 method="post" enctype="multipart/form-data"
+ − 2184 onsubmit="if(!submitAuthorized) return false;"
+ − 2185 >';
+ − 2186 $formend = '</form>';
+ − 2187 $parms = PageUtils::acl_preprocess($parms);
+ − 2188 $response = PageUtils::acl_editor($parms);
+ − 2189 $response = PageUtils::acl_postprocess($response);
+ − 2190
+ − 2191 //die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
+ − 2192
+ − 2193 switch($response['mode'])
+ − 2194 {
+ − 2195 case 'debug':
+ − 2196 echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
+ − 2197 break;
+ − 2198 case 'stage1':
219
+ − 2199 echo '<h3>' . $lang->get('acl_lbl_welcome_title') . '</h3>
+ − 2200 <p>' . $lang->get('acl_lbl_welcome_body') . '</p>';
1
+ − 2201 echo $formstart;
219
+ − 2202 echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> ' . $lang->get('acl_radio_usergroup') . '</label></p>
1
+ − 2203 <p><select name="data[target_id_grp]">';
+ − 2204 foreach ( $response['groups'] as $group )
+ − 2205 {
+ − 2206 echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
+ − 2207 }
219
+ − 2208
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2209 // page group selector
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2210 $groupsel = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2211 if ( count($response['page_groups']) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2212 {
219
+ − 2213 $groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> ' . $lang->get('acl_radio_scope_pagegroup') . '</label></p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2214 <p><select name="data[pg_id]">';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2215 foreach ( $response['page_groups'] as $grp )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2216 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2217 $groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2218 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2219 $groupsel .= '</select></p>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2220 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2221
1
+ − 2222 echo '</select></p>
219
+ − 2223 <p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> ' . $lang->get('acl_radio_user') . '</label></p>
1
+ − 2224 <p>' . $template->username_field('data[target_id_user]') . '</p>
219
+ − 2225 <p>' . $lang->get('acl_lbl_scope') . '</p>
+ − 2226 <p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> ' . $lang->get('acl_radio_scope_thispage') . '</p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2227 ' . $groupsel . '
219
+ − 2228 <p><label><input name="data[scope]" value="entire_site" type="radio" /> ' . $lang->get('acl_radio_scope_wholesite') . '</p>
1
+ − 2229 <div style="margin: 0 auto 0 0; text-align: right;">
+ − 2230 <input name="data[mode]" value="seltarget" type="hidden" />
322
+ − 2231 <input type="hidden" name="data[page_id]" value="' . $paths->page_id . '" />
1
+ − 2232 <input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
219
+ − 2233 <input type="submit" value="' . htmlspecialchars($lang->get('etc_wizard_next')) . '" />
1
+ − 2234 </div>';
+ − 2235 echo $formend;
+ − 2236 break;
+ − 2237 case 'success':
+ − 2238 echo '<div class="info-box">
219
+ − 2239 <b>' . $lang->get('acl_lbl_save_success_title') . '</b><br />
+ − 2240 ' . $lang->get('acl_lbl_save_success_body', array( 'target_name' => $response['target_name'] )) . '<br />
1
+ − 2241 ' . $formstart . '
+ − 2242 <input type="hidden" name="data[mode]" value="seltarget" />
+ − 2243 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2244 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2245 <input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2246 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2247 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2248 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
+ − 2249 <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
+ − 2250 ' . $formend . '
+ − 2251 </div>';
+ − 2252 break;
+ − 2253 case 'delete':
+ − 2254 echo '<div class="info-box">
219
+ − 2255 <b>' . $lang->get('acl_lbl_delete_success_title') . '</b><br />
+ − 2256 ' . $lang->get('acl_lbl_delete_success_body', array('target_name' => $response['target_name'])) . '<br />
1
+ − 2257 ' . $formstart . '
+ − 2258 <input type="hidden" name="data[mode]" value="seltarget" />
+ − 2259 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2260 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2261 <input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2262 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2263 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2264 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
+ − 2265 <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
+ − 2266 ' . $formend . '
+ − 2267 </div>';
+ − 2268 break;
+ − 2269 case 'seltarget':
+ − 2270 if ( $response['type'] == 'edit' )
+ − 2271 {
219
+ − 2272 echo '<h3>' . $lang->get('acl_lbl_editwin_title_edit') . '</h3>';
1
+ − 2273 }
+ − 2274 else
+ − 2275 {
219
+ − 2276 echo '<h3>' . $lang->get('acl_lbl_editwin_title_create') . '</h3>';
1
+ − 2277 }
219
+ − 2278 $type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? $lang->get('acl_target_type_group') : $lang->get('acl_target_type_user');
+ − 2279 $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? $lang->get('acl_scope_type_pagegroup') : $lang->get('acl_scope_type_thispage') ) : $lang->get('acl_scope_type_wholesite');
+ − 2280 $subs = array(
+ − 2281 'target_type' => $type,
+ − 2282 'target' => $response['target_name'],
+ − 2283 'scope_type' => $scope
+ − 2284 );
+ − 2285 echo $lang->get('acl_lbl_editwin_body', $subs);
1
+ − 2286 echo $formstart;
+ − 2287 $parser = $template->makeParserText( $response['template']['acl_field_begin'] );
+ − 2288 echo $parser->run();
+ − 2289 $parser = $template->makeParserText( $response['template']['acl_field_item'] );
+ − 2290 $cls = 'row2';
+ − 2291 foreach ( $response['acl_types'] as $acl_type => $value )
+ − 2292 {
+ − 2293 $vars = Array(
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2294 'FIELD_INHERIT_CHECKED' => '',
1
+ − 2295 'FIELD_DENY_CHECKED' => '',
+ − 2296 'FIELD_DISALLOW_CHECKED' => '',
+ − 2297 'FIELD_WIKIMODE_CHECKED' => '',
+ − 2298 'FIELD_ALLOW_CHECKED' => '',
+ − 2299 );
+ − 2300 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2301 $vars['ROW_CLASS'] = $cls;
+ − 2302
+ − 2303 switch ( $response['current_perms'][$acl_type] )
+ − 2304 {
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2305 case 'i':
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2306 default:
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2307 $vars['FIELD_INHERIT_CHECKED'] = 'checked="checked"';
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2308 break;
1
+ − 2309 case AUTH_ALLOW:
+ − 2310 $vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
+ − 2311 break;
+ − 2312 case AUTH_WIKIMODE:
+ − 2313 $vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
+ − 2314 break;
+ − 2315 case AUTH_DISALLOW:
+ − 2316 $vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
+ − 2317 break;
+ − 2318 case AUTH_DENY:
+ − 2319 $vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
+ − 2320 break;
+ − 2321 }
+ − 2322 $vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
219
+ − 2323 if ( preg_match('/^([a-z0-9_]+)$/', $response['acl_descs'][$acl_type]) )
+ − 2324 {
+ − 2325 $vars['FIELD_DESC'] = $lang->get($response['acl_descs'][$acl_type]);
+ − 2326 }
+ − 2327 else
+ − 2328 {
+ − 2329 $vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ − 2330 }
1
+ − 2331 $parser->assign_vars($vars);
+ − 2332 echo $parser->run();
+ − 2333 }
+ − 2334 $parser = $template->makeParserText( $response['template']['acl_field_end'] );
+ − 2335 echo $parser->run();
+ − 2336 echo '<div style="margin: 10px auto 0 0; text-align: right;">
+ − 2337 <input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
+ − 2338 <input type="hidden" name="data[page_id]" value="' . (( $response['page_id'] ) ? $response['page_id'] : 'false') . '" />
+ − 2339 <input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
+ − 2340 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2341 <input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
+ − 2342 <input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
219
+ − 2343 ' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="' . $lang->get('etc_save_changes') . '" /> <input type="submit" name="data[act_delete_rule]" value="' . $lang->get('acl_btn_deleterule') . '" style="color: #AA0000;" onclick="return confirm(\'' . addslashes($lang->get('acl_msg_deleterule_confirm')) . '\');" />' : '<input type="submit" value="' . $lang->get('acl_btn_createrule') . '" />' ) . '
1
+ − 2344 </div>';
+ − 2345 echo $formend;
+ − 2346 break;
+ − 2347 case 'error':
+ − 2348 ob_end_clean();
+ − 2349 die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
+ − 2350 break;
+ − 2351 }
+ − 2352 $ret = ob_get_contents();
+ − 2353 ob_end_clean();
+ − 2354 echo
+ − 2355 $template->getHeader() .
+ − 2356 $ret .
+ − 2357 $template->getFooter();
+ − 2358 }
+ − 2359
+ − 2360 /**
+ − 2361 * Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
+ − 2362 * @param array The posted data
+ − 2363 * @return array
+ − 2364 * @access private
+ − 2365 */
+ − 2366
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2367 public static function acl_preprocess($parms)
1
+ − 2368 {
+ − 2369 if ( !isset($parms['mode']) )
+ − 2370 // Nothing to do
+ − 2371 return $parms;
+ − 2372 switch ( $parms['mode'] )
+ − 2373 {
+ − 2374 case 'seltarget':
+ − 2375
+ − 2376 // Who's affected?
+ − 2377 $parms['target_type'] = intval( $parms['target_type'] );
+ − 2378 $parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
+ − 2379
+ − 2380 case 'save_edit':
+ − 2381 case 'save_new':
+ − 2382 if ( isset($parms['act_delete_rule']) )
+ − 2383 {
+ − 2384 $parms['mode'] = 'delete';
+ − 2385 }
+ − 2386
+ − 2387 // Scope (just this page or entire site?)
+ − 2388 if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
+ − 2389 {
+ − 2390 $parms['page_id'] = false;
+ − 2391 $parms['namespace'] = false;
+ − 2392 }
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2393 else if ( $parms['scope'] == 'page_group' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2394 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2395 $parms['page_id'] = $parms['pg_id'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2396 $parms['namespace'] = '__PageGroup';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2397 }
1
+ − 2398
+ − 2399 break;
+ − 2400 }
+ − 2401
+ − 2402 if ( isset($parms['act_go_stage1']) )
+ − 2403 {
+ − 2404 $parms = array(
+ − 2405 'mode' => 'listgroups'
+ − 2406 );
+ − 2407 }
+ − 2408
+ − 2409 return $parms;
+ − 2410 }
+ − 2411
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2412 public static function acl_postprocess($response)
1
+ − 2413 {
+ − 2414 if(!isset($response['mode']))
+ − 2415 {
+ − 2416 if ( isset($response['groups']) )
+ − 2417 $response['mode'] = 'stage1';
+ − 2418 else
+ − 2419 $response = Array(
+ − 2420 'mode' => 'error',
+ − 2421 'error' => 'Invalid action passed by API backend.',
+ − 2422 );
+ − 2423 }
+ − 2424 return $response;
+ − 2425 }
+ − 2426
+ − 2427 }
+ − 2428
513
+ − 2429 /**
+ − 2430 * Generates a graphical key showing how the ACL rule list works.
+ − 2431 * @return string
+ − 2432 */
+ − 2433
+ − 2434 function acl_list_draw_key()
+ − 2435 {
+ − 2436 $out = '<div style="width: 460px; margin: 0 auto; text-align: center; margin-bottom: 10px;">';
+ − 2437 $out .= '<div style="float: left;">← Deny</div>';
+ − 2438 $out .= '<div style="float: right;">Allow →</div>';
+ − 2439 $out .= 'Neutral';
+ − 2440 $out .= '<div style="clear: both;"></div>';
+ − 2441 // 11 boxes on each side of the center
+ − 2442 $inc = ceil ( ( 0xFF - ACL_SCALE_MINIMAL_SHADE ) / 11 );
+ − 2443 for ( $i = ACL_SCALE_MINIMAL_SHADE; $i <= 0xFF; $i+= $inc )
+ − 2444 {
+ − 2445 $octet = dechex($i);
+ − 2446 $color = "ff$octet$octet";
+ − 2447 $out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;"> </div>';
+ − 2448 }
+ − 2449 $out .= '<div style="background-color: #efefef; float: left; width: 20px;"> </div>';
+ − 2450 for ( $i = 0xFF; $i >= ACL_SCALE_MINIMAL_SHADE; $i-= $inc )
+ − 2451 {
+ − 2452 $octet = dechex($i);
+ − 2453 $color = "{$octet}ff{$octet}";
+ − 2454 $out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;"> </div>';
+ − 2455 }
+ − 2456 $out .= '<div style="clear: both;"></div>';
+ − 2457 $out .= '<div style="float: left;">-100</div>';
+ − 2458 $out .= '<div style="float: right;">+100</div>';
+ − 2459 $out .= '0';
+ − 2460 $out .= '</div>';
+ − 2461 return $out;
+ − 2462 }
+ − 2463
+ − 2464 /**
+ − 2465 * Gets the numerical score for the serialized form of an ACL rule
+ − 2466 */
+ − 2467
+ − 2468 function get_acl_rule_score($perms)
+ − 2469 {
+ − 2470 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2471 if ( is_string($perms) )
+ − 2472 $perms = $session->string_to_perm($perms);
+ − 2473 else if ( !is_array($perms) )
+ − 2474 return false;
+ − 2475 $score = 0;
+ − 2476 foreach ( $perms as $item )
+ − 2477 {
+ − 2478 switch ( $item )
+ − 2479 {
+ − 2480 case AUTH_ALLOW :
+ − 2481 $inc = 2;
+ − 2482 break;
+ − 2483 case AUTH_WIKIMODE:
+ − 2484 $inc = 1;
+ − 2485 break;
+ − 2486 case AUTH_DISALLOW:
+ − 2487 $inc = -1;
+ − 2488 break;
+ − 2489 case AUTH_DENY:
+ − 2490 $inc = -2;
+ − 2491 break;
+ − 2492 default:
+ − 2493 $inc = 0;
+ − 2494 break;
+ − 2495 }
+ − 2496 $score += $inc;
+ − 2497 }
+ − 2498 // this is different from the beta; calculate highest score and
+ − 2499 // get percentage to be fairer to smaller/less broad rules
+ − 2500 $divisor = count($perms) * 2;
+ − 2501 if ( $divisor == 0 )
+ − 2502 {
+ − 2503 return 0;
+ − 2504 }
+ − 2505 $score = 100 * ( $score / $divisor );
+ − 2506 return round($score);
+ − 2507 }
+ − 2508
1
+ − 2509 ?>