1
+ − 1 <?php
+ − 2 /*
+ − 3 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 4 * Version 1.0.2 (Coblynau)
1
+ − 5 * Copyright (C) 2006-2007 Dan Fuhry
+ − 6 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
+ − 7 *
+ − 8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10 *
+ − 11 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13 */
+ − 14
+ − 15 class PageUtils {
+ − 16
+ − 17 /**
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 18 * Tell if a username is used or not.
1
+ − 19 * @param $name the name to check for
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 20 * @return string
1
+ − 21 */
+ − 22
+ − 23 function checkusername($name)
+ − 24 {
+ − 25 global $db, $session, $paths, $template, $plugins; // Common objects
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 26 $name = str_replace('_', ' ', $name);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 27 $q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 28 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 29 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 30 die(mysql_error());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 31 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 32 if ( $db->numrows() < 1)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 33 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 34 $db->free_result(); return('good');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 35 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 36 else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 37 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 38 $db->free_result(); return('bad');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 39 }
1
+ − 40 }
+ − 41
+ − 42 /**
+ − 43 * Get the wiki formatting source for a page
+ − 44 * @param $page the full page id (Namespace:Pagename)
+ − 45 * @return string
+ − 46 * @todo (DONE) Make it require a password (just for security purposes)
+ − 47 */
+ − 48
+ − 49 function getsource($page, $password = false)
+ − 50 {
+ − 51 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 52 if(!isset($paths->pages[$page]))
+ − 53 {
+ − 54 return '';
+ − 55 }
+ − 56
+ − 57 if(strlen($paths->pages[$page]['password']) == 40)
+ − 58 {
+ − 59 if(!$password || ( $password != $paths->pages[$page]['password']))
+ − 60 {
+ − 61 return 'invalid_password';
+ − 62 }
+ − 63 }
+ − 64
+ − 65 if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
+ − 66 return 'access_denied';
+ − 67 $pid = RenderMan::strToPageID($page);
+ − 68 if($pid[1] == 'Special' || $pid[1] == 'Admin')
+ − 69 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 70 die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
1
+ − 71 }
+ − 72
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 73 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
1
+ − 74 if ( !$e )
+ − 75 {
+ − 76 $db->_die('The page text could not be selected.');
+ − 77 }
+ − 78 if( $db->numrows() < 1 )
+ − 79 {
+ − 80 return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
+ − 81 }
+ − 82
+ − 83 $r = $db->fetchrow();
+ − 84 $db->free_result();
+ − 85 $message = $r['page_text'];
+ − 86
+ − 87 return htmlspecialchars($message);
+ − 88 }
+ − 89
+ − 90 /**
+ − 91 * Basically a frontend to RenderMan::getPage(), with the ability to send valid data for nonexistent pages
+ − 92 * @param $page the full page id (Namespace:Pagename)
+ − 93 * @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
+ − 94 * @return string
+ − 95 */
+ − 96
+ − 97 function getpage($page, $send_headers = false, $hist_id = false)
+ − 98 {
+ − 99 die('PageUtils->getpage is deprecated.');
+ − 100 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 101 ob_start();
+ − 102 $pid = RenderMan::strToPageID($page);
+ − 103 //die('<pre>'.print_r($pid, true).'</pre>');
+ − 104 if(isset($paths->pages[$page]['password']) && strlen($paths->pages[$page]['password']) == 40)
+ − 105 {
+ − 106 password_prompt($page);
+ − 107 }
+ − 108 if(isset($paths->pages[$page]))
+ − 109 {
+ − 110 doStats($pid[0], $pid[1]);
+ − 111 }
+ − 112 if($paths->custom_page || $pid[1] == 'Special')
+ − 113 {
+ − 114 // If we don't have access to the page, get out and quick!
+ − 115 if(!$session->get_permissions('read') && $pid[0] != 'Login' && $pid[0] != 'Register')
+ − 116 {
+ − 117 $template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 118
+ − 119 if ( $send_headers )
+ − 120 {
+ − 121 $template->header();
+ − 122 }
+ − 123
+ − 124 echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 125
+ − 126 if ( $send_headers )
+ − 127 {
+ − 128 $template->footer();
+ − 129 }
+ − 130
+ − 131 $r = ob_get_contents();
+ − 132 ob_end_clean();
+ − 133 return $r;
+ − 134 }
+ − 135
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136 $fname = 'page_' . $pid[1] . '_' . $paths->pages[$page]['urlname_nons'];
1
+ − 137 @call_user_func($fname);
+ − 138
+ − 139 }
+ − 140 else if ( $pid[1] == 'Admin' )
+ − 141 {
+ − 142 // If we don't have access to the page, get out and quick!
+ − 143 if(!$session->get_permissions('read'))
+ − 144 {
+ − 145 $template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 146 if ( $send_headers )
+ − 147 {
+ − 148 $template->header();
+ − 149 }
+ − 150 echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 151 if ( $send_headers )
+ − 152 {
+ − 153 $template->footer();
+ − 154 }
+ − 155 $r = ob_get_contents();
+ − 156 ob_end_clean();
+ − 157 return $r;
+ − 158 }
+ − 159
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 160 $fname = 'page_' . $pid[1] . '_' . $pid[0];
1
+ − 161 if ( !function_exists($fname) )
+ − 162 {
+ − 163 $title = 'Page backend not found';
+ − 164 $message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 165 (<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 166 if ( $send_headers )
+ − 167 {
+ − 168 die_friendly($title, "<p>$message</p>");
+ − 169 }
+ − 170 else
+ − 171 {
+ − 172 echo "<h2>$title</h2>\n<p>$message</p>";
+ − 173 }
+ − 174 }
+ − 175 @call_user_func($fname);
+ − 176 }
+ − 177 else if ( !isset( $paths->pages[$page] ) )
+ − 178 {
+ − 179 ob_start();
+ − 180 $code = $plugins->setHook('page_not_found');
+ − 181 foreach ( $code as $cmd )
+ − 182 {
+ − 183 eval($cmd);
+ − 184 }
+ − 185 $text = ob_get_contents();
+ − 186 if ( $text != '' )
+ − 187 {
+ − 188 ob_end_clean();
+ − 189 return $text;
+ − 190 }
+ − 191 $template->header();
+ − 192 if($m = $paths->sysmsg('Page_not_found'))
+ − 193 {
+ − 194 eval('?>'.RenderMan::render($m));
+ − 195 }
+ − 196 else
+ − 197 {
+ − 198 header('HTTP/1.1 404 Not Found');
+ − 199 echo '<h3>There is no page with this title yet.</h3>
+ − 200 <p>You have requested a page that doesn\'t exist yet.';
+ − 201 if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 202 else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 203 if ( $session->get_permissions('history_rollback') )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 204 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 205 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'logs WHERE action=\'delete\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' ORDER BY time_id DESC;');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 206 if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 207 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 208 $db->_die('The deletion log could not be selected.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 209 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 210 if ($db->numrows() > 0 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 211 {
1
+ − 212 $r = $db->fetchrow();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 213 echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">roll back</a> the deletion.</p>';
1
+ − 214 }
+ − 215 $db->free_result();
+ − 216 }
+ − 217 echo '<p>
+ − 218 HTTP Error: 404 Not Found
+ − 219 </p>';
+ − 220 }
+ − 221 $template->footer();
+ − 222 }
+ − 223 else
+ − 224 {
+ − 225
+ − 226 // If we don't have access to the page, get out and quick!
+ − 227 if(!$session->get_permissions('read'))
+ − 228 {
+ − 229 $template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 230 if($send_headers) $template->header();
+ − 231 echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 232 if($send_headers) $template->footer();
+ − 233 $r = ob_get_contents();
+ − 234 ob_end_clean();
+ − 235 return $r;
+ − 236 }
+ − 237
+ − 238 ob_start();
+ − 239 $code = $plugins->setHook('page_custom_handler');
+ − 240 foreach ( $code as $cmd )
+ − 241 {
+ − 242 eval($cmd);
+ − 243 }
+ − 244 $text = ob_get_contents();
+ − 245 if ( $text != '' )
+ − 246 {
+ − 247 ob_end_clean();
+ − 248 return $text;
+ − 249 }
+ − 250
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 251 if ( $hist_id )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 252 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 253 $e = $db->sql_query('SELECT page_text,date_string,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $paths->pages[$page]['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' AND log_type=\'page\' AND action=\'edit\' AND time_id=' . $db->escape($hist_id) . '');
1
+ − 254 if($db->numrows() < 1)
+ − 255 {
+ − 256 $db->_die('There were no rows in the text table that matched the page text query.');
+ − 257 }
+ − 258 $r = $db->fetchrow();
+ − 259 $db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 260 $message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on ' . $r['date_string'] . '.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrl($page, 'do=rollback&id=' . $hist_id) . '" onclick="ajaxRollback(\'' . $hist_id . '\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
1
+ − 261
+ − 262 if( !$paths->pages[$page]['special'] )
+ − 263 {
+ − 264 if($send_headers)
+ − 265 {
+ − 266 $template->header();
+ − 267 }
+ − 268 display_page_headers();
+ − 269 }
+ − 270
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 271 eval('?>' . $message);
1
+ − 272
+ − 273 if( !$paths->pages[$page]['special'] )
+ − 274 {
+ − 275 display_page_footers();
+ − 276 if($send_headers)
+ − 277 {
+ − 278 $template->footer();
+ − 279 }
+ − 280 }
+ − 281
+ − 282 } else {
+ − 283 if(!$paths->pages[$page]['special'])
+ − 284 {
+ − 285 $message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1]);
+ − 286 }
+ − 287 else
+ − 288 {
+ − 289 $message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1], 0, false, false, false, false);
+ − 290 }
+ − 291 // This line is used to debug wikiformatted code
+ − 292 // die('<pre>'.htmlspecialchars($message).'</pre>');
+ − 293
+ − 294 if( !$paths->pages[$page]['special'] )
+ − 295 {
+ − 296 if($send_headers)
+ − 297 {
+ − 298 $template->header();
+ − 299 }
+ − 300 display_page_headers();
+ − 301 }
+ − 302
+ − 303 // This is it, this is what all of Enano has been working up to...
+ − 304
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 305 eval('?>' . $message);
1
+ − 306
+ − 307 if( !$paths->pages[$page]['special'] )
+ − 308 {
+ − 309 display_page_footers();
+ − 310 if($send_headers)
+ − 311 {
+ − 312 $template->footer();
+ − 313 }
+ − 314 }
+ − 315 }
+ − 316 }
+ − 317 $ret = ob_get_contents();
+ − 318 ob_end_clean();
+ − 319 return $ret;
+ − 320 }
+ − 321
+ − 322 /**
+ − 323 * Writes page data to the database, after verifying permissions and running the XSS filter
+ − 324 * @param $page_id the page ID
+ − 325 * @param $namespace the namespace
+ − 326 * @param $message the text to save
+ − 327 * @return string
+ − 328 */
+ − 329
+ − 330 function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
+ − 331 {
+ − 332 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 333 $uid = sha1(microtime());
+ − 334 $pname = $paths->nslist[$namespace] . $page_id;
+ − 335
+ − 336 if(!$session->get_permissions('edit_page'))
+ − 337 return 'Access to edit pages is denied.';
+ − 338
+ − 339 if(!isset($paths->pages[$pname]))
+ − 340 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 341 $create = PageUtils::createPage($page_id, $namespace);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 342 if ( $create != 'good' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 343 return 'The page did not exist, and I was not able to create it. The reported error was: ' . $create;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 344 $paths->page_exists = true;
1
+ − 345 }
+ − 346
260
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 347 // Check page protection
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 348
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 349 $is_protected = false;
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 350 $page_data =& $paths->pages[$pname];
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 351 // Is the protection semi?
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 352 if ( $page_data['protected'] == 2 )
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 353 {
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 354 $is_protected = true;
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 355 // Page is semi-protected. Has the user been here for at least 4 days?
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 356 // 345600 seconds = 4 days
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 357 if ( $session->user_logged_in && ( $session->reg_time + 345600 ) <= time() )
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 358 $is_protected = false;
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 359 }
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 360 // Is the protection full?
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 361 else if ( $page_data['protected'] == 1 )
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 362 {
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 363 $is_protected = true;
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 364 }
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 365
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 366 // If it's protected and we DON'T have even_when_protected rights, bail out
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 367 if ( $is_protected && !$session->get_permissions('even_when_protected') )
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 368 {
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 369 return 'You don\'t have the necessary permissions to edit this page.';
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 370 }
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 371
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 372 // We're skipping the wiki mode check here because by default edit_page pemissions are AUTH_WIKIMODE.
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 373 // The exception here is the user's own userpage, which is overridden at the time of account creation.
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 374 // At that point it's set to AUTH_ALLOW, but obviously only for the user's own userpage.
1
+ − 375
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 376 // Strip potentially harmful tags and PHP from the message, dependent upon permissions settings
1
+ − 377 $message = RenderMan::preprocess_text($message, false, false);
+ − 378
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 379 $msg = $db->escape($message);
1
+ − 380
+ − 381 $minor = $minor ? 'true' : 'false';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 382 $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $paths->cpage['urlname_nons'] . '\', \'' . $paths->namespace . '\', \'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');';
1
+ − 383 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 384
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 385 $q = 'UPDATE ' . table_prefix.'page_text SET page_text=\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';';
1
+ − 386 $e = $db->sql_query($q);
+ − 387 if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
+ − 388
+ − 389 $paths->rebuild_page_index($page_id, $namespace);
+ − 390
+ − 391 return 'good';
+ − 392 }
+ − 393
+ − 394 /**
+ − 395 * Creates a page, both in memory and in the database.
+ − 396 * @param string $page_id
+ − 397 * @param string $namespace
+ − 398 * @return bool true on success, false on failure
+ − 399 */
+ − 400
+ − 401 function createPage($page_id, $namespace, $name = false, $visible = 1)
+ − 402 {
+ − 403 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 404 if(in_array($namespace, Array('Special', 'Admin')))
+ − 405 {
+ − 406 // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 407 return 'You can\'t create a special page in the database';
1
+ − 408 }
+ − 409
+ − 410 if(!isset($paths->nslist[$namespace]))
+ − 411 {
+ − 412 // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 413 return 'Couldn\'t look up the namespace';
1
+ − 414 }
+ − 415
+ − 416 $pname = $paths->nslist[$namespace] . $page_id;
+ − 417 if(isset($paths->pages[$pname]))
+ − 418 {
+ − 419 // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 420 return 'Page already exists';
1
+ − 421 }
+ − 422
+ − 423 if(!$session->get_permissions('create_page'))
+ − 424 {
+ − 425 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 426 return 'Not authorized to create pages';
1
+ − 427 }
+ − 428
+ − 429 if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
+ − 430 {
+ − 431 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 432 return 'Not authorized to create system messages';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 433 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 434
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 435 if ( substr($page_id, 0, 8) == 'Project:' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 436 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 437 // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 438 return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
1
+ − 439 }
+ − 440
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 441 $page_id = dirtify_page_id($page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 442
1
+ − 443 if ( !$name )
+ − 444 $name = str_replace('_', ' ', $page_id);
+ − 445 $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
+ − 446 if(!preg_match($regex, $page))
+ − 447 {
+ − 448 //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 449 return 'Name contains invalid characters';
1
+ − 450 }
+ − 451
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 452 $page_id = sanitize_page_id( $page_id );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 453
1
+ − 454 $prot = ( $namespace == 'System' ) ? 1 : 0;
+ − 455
112
+ − 456 $ips = array(
+ − 457 'ip' => array(),
+ − 458 'u' => array()
+ − 459 );
+ − 460
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 461 $page_data = Array(
1
+ − 462 'name'=>$name,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 463 'urlname'=>$page_id,
1
+ − 464 'namespace'=>$namespace,
112
+ − 465 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 466 );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 467
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 468 // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
+ − 469
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 470 $paths->add_page($page_data);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 471
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 472 $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 473 $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 474 $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1
+ − 475
+ − 476 if($qa && $qb && $qc)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 477 return 'good';
1
+ − 478 else
+ − 479 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 480 return $db->get_error();
1
+ − 481 }
+ − 482 }
+ − 483
+ − 484 /**
+ − 485 * Sets the protection level on a page.
+ − 486 * @param $page_id string the page ID
+ − 487 * @param $namespace string the namespace
+ − 488 * @param $level int level of protection - 0 is off, 1 is full, 2 is semi
+ − 489 * @param $reason string why the page is being (un)protected
+ − 490 * @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
+ − 491 */
+ − 492 function protect($page_id, $namespace, $level, $reason)
+ − 493 {
+ − 494 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 495
+ − 496 $pname = $paths->nslist[$namespace] . $page_id;
+ − 497 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 498 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 499
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 500 if ( !$session->get_permissions('protect') )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 501 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 502 return('Insufficient access rights');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 503 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 504 if ( !$wiki )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 505 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 506 return('Page protection only has an effect when Wiki Mode is enabled.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 507 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 508 if ( !preg_match('#^([0-9]+){1}$#', (string)$level) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 509 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 510 return('Invalid $level parameter.');
1
+ − 511 }
+ − 512
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 513 switch($level)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 514 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 515 case 0:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 516 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 517 break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 518 case 1:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 519 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 520 break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 521 case 2:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 522 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 523 break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 524 default:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 525 return 'PageUtils::protect(): Invalid value for $level';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 526 break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 527 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 528 if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 529
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 530 $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 531 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 532 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 533 $db->_die('The pages table was not updated.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 534 }
1
+ − 535
+ − 536 return('good');
+ − 537 }
+ − 538
+ − 539 /**
+ − 540 * Generates an HTML table with history information in it.
+ − 541 * @param $page_id the page ID
+ − 542 * @param $namespace the namespace
+ − 543 * @return string
+ − 544 */
+ − 545
+ − 546 function histlist($page_id, $namespace)
+ − 547 {
+ − 548 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 549
+ − 550 if(!$session->get_permissions('history_view'))
+ − 551 return 'Access denied';
+ − 552
+ − 553 ob_start();
+ − 554
+ − 555 $pname = $paths->nslist[$namespace] . $page_id;
+ − 556 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 557 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 558
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 559 $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' ORDER BY time_id DESC;';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 560 if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
1
+ − 561 echo 'History of edits and actions<h3>Edits:</h3>';
+ − 562 $numrows = $db->numrows();
+ − 563 if($numrows < 1) echo 'No history entries in this category.';
+ − 564 else
+ − 565 {
+ − 566
+ − 567 echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
+ − 568 <input type="submit" value="Compare selected revisions" />
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 569 ' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 570 ' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 571 <input type="hidden" name="do" value="diff" />
1
+ − 572 <br /><span> </span>
+ − 573 <div class="tblholder">
+ − 574 <table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 575 <tr>
+ − 576 <th colspan="2">Diff</th>
+ − 577 <th>Date/time</th>
+ − 578 <th>User</th>
+ − 579 <th>Edit summary</th>
+ − 580 <th>Minor</th>
+ − 581 <th colspan="3">Actions</th>
+ − 582 </tr>'."\n"."\n";
+ − 583 $cls = 'row2';
+ − 584 $ticker = 0;
+ − 585
+ − 586 while($r = $db->fetchrow()) {
+ − 587
+ − 588 $ticker++;
+ − 589
+ − 590 if($cls == 'row2') $cls = 'row1';
+ − 591 else $cls = 'row2';
+ − 592
+ − 593 echo '<tr>'."\n";
+ − 594
+ − 595 // Diff selection
+ − 596 if($ticker == 1)
+ − 597 {
+ − 598 $s1 = '';
+ − 599 $s2 = 'checked="checked" ';
+ − 600 }
+ − 601 elseif($ticker == 2)
+ − 602 {
+ − 603 $s1 = 'checked="checked" ';
+ − 604 $s2 = '';
+ − 605 }
+ − 606 else
+ − 607 {
+ − 608 $s1 = '';
+ − 609 $s2 = '';
+ − 610 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 611 if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 612 if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
1
+ − 613
+ − 614 // Date and time
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 615 echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'."\n";
1
+ − 616
+ − 617 // User
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 618 if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 619 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 620 $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 621 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 622 else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 623 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 624 $rc = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 625 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 626 echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', $r['author']).'" ';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 627 if ( !isPage($paths->nslist['User'] . $r['author']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 628 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 629 echo 'class="wikilink-nonexistent"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 630 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 631 echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";
1
+ − 632
+ − 633 // Edit summary
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 634 echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
1
+ − 635
+ − 636 // Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 637 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
1
+ − 638
+ − 639 // Actions!
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 640 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['time_id']) . '" onclick="ajaxHistView(\'' . $r['time_id'] . '\'); return false;">View revision</a></td>'."\n";
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 641 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>'."\n";
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 642 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert to this revision</a></td>'."\n";
1
+ − 643
+ − 644 echo '</tr>'."\n"."\n";
+ − 645
+ − 646 }
+ − 647 echo '</table>
+ − 648 </div>
+ − 649 <br />
+ − 650 <input type="hidden" name="do" value="diff" />
+ − 651 <input type="submit" value="Compare selected revisions" />
+ − 652 </form>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 653 <script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
+ − 654 }
+ − 655 $db->free_result();
+ − 656 echo '<h3>Other changes:</h3>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 657 $q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 658 if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
1
+ − 659 if($db->numrows() < 1) echo 'No history entries in this category.';
+ − 660 else {
+ − 661
+ − 662 echo '<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th>Date/time</th><th>User</th><th>Minor</th><th>Action taken</th><th>Extra info</th><th colspan="2"></th></tr>';
+ − 663 $cls = 'row2';
+ − 664 while($r = $db->fetchrow()) {
+ − 665
+ − 666 if($cls == 'row2') $cls = 'row1';
+ − 667 else $cls = 'row2';
+ − 668
+ − 669 echo '<tr>';
+ − 670
+ − 671 // Date and time
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 672 echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">';
1
+ − 673
+ − 674 // User
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 675 echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', $r['author']).'" ';
1
+ − 676 if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 677 echo '>' . $r['author'] . '</a></td class="' . $cls . '">';
1
+ − 678
+ − 679
+ − 680 // Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 681 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
1
+ − 682
+ − 683 // Action taken
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 684 echo '<td class="' . $cls . '">';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 685 // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 686 if ($r['action']=='prot') echo 'Protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 687 elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 688 elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 689 elseif($r['action']=='rename') echo 'Renamed page</td><td class="' . $cls . '">Old title: '.htmlspecialchars($r['edit_summary']);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 690 elseif($r['action']=='create') echo 'Created page</td><td class="' . $cls . '">';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 691 elseif($r['action']=='delete') echo 'Deleted page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 692 elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="' . $cls . '">Reason: '.htmlspecialchars($r['edit_summary']);
1
+ − 693 echo '</td>';
+ − 694
+ − 695 // Actions!
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 696 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 697 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert action</a></td>';
1
+ − 698
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 699 //echo '(<a href="#" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">rollback</a>) <i>' . $r['date_string'] . '</i> ' . $r['author'] . ' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">Contrib</a>): ';
1
+ − 700
+ − 701 if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 702 echo '<br />';
+ − 703
+ − 704 echo '</tr>';
+ − 705 }
+ − 706 echo '</table></div>';
+ − 707 }
+ − 708 $db->free_result();
+ − 709 $ret = ob_get_contents();
+ − 710 ob_end_clean();
+ − 711 return $ret;
+ − 712 }
+ − 713
+ − 714 /**
+ − 715 * Rolls back a logged action
+ − 716 * @param $id the time ID, a.k.a. the primary key in the logs table
+ − 717 * @return string
+ − 718 */
+ − 719
+ − 720 function rollback($id)
+ − 721 {
+ − 722 global $db, $session, $paths, $template, $plugins; // Common objects
158
+ − 723 if ( !$session->get_permissions('history_rollback') )
+ − 724 {
+ − 725 return('You are not authorized to perform rollbacks.');
+ − 726 }
+ − 727 if ( !preg_match('#^([0-9]+)$#', (string)$id) )
+ − 728 {
+ − 729 return('The value "id" on the query string must be an integer.');
+ − 730 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 731 $e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id . ';');
158
+ − 732 if ( !$e )
+ − 733 {
+ − 734 $db->_die('The rollback data could not be selected.');
+ − 735 }
1
+ − 736 $rb = $db->fetchrow();
+ − 737 $db->free_result();
158
+ − 738
+ − 739 if ( $rb['log_type'] == 'page' && $rb['action'] != 'delete' )
+ − 740 {
+ − 741 $pagekey = $paths->nslist[$rb['namespace']] . $rb['page_id'];
+ − 742 if ( !isset($paths->pages[$pagekey]) )
+ − 743 {
+ − 744 return "Page doesn't exist";
+ − 745 }
+ − 746 $pagedata =& $paths->pages[$pagekey];
+ − 747 $protected = false;
+ − 748 // Special case: is the page protected? if so, check for even_when_protected permissions
+ − 749 if($pagedata['protected'] == 2)
+ − 750 {
+ − 751 // The page is semi-protected, determine permissions
+ − 752 if($session->user_logged_in && $session->reg_time + 60*60*24*4 < time())
+ − 753 {
+ − 754 $protected = false;
+ − 755 }
+ − 756 else
+ − 757 {
+ − 758 $protected = true;
+ − 759 }
+ − 760 }
+ − 761 else
+ − 762 {
+ − 763 $protected = ( $pagedata['protected'] == 1 );
+ − 764 }
+ − 765
+ − 766 $perms = $session->fetch_page_acl($rb['page_id'], $rb['namespace']);
+ − 767
+ − 768 if ( $protected && !$perms->get_permissions('even_when_protected') )
+ − 769 {
+ − 770 return "Because this page is protected, you need moderator rights to roll back changes.";
+ − 771 }
+ − 772 }
+ − 773 else
+ − 774 {
+ − 775 $perms =& $session;
+ − 776 }
+ − 777
+ − 778 switch($rb['log_type'])
+ − 779 {
1
+ − 780 case "page":
158
+ − 781 switch($rb['action'])
+ − 782 {
1
+ − 783 case "edit":
158
+ − 784 if ( !$perms->get_permissions('edit_page') )
+ − 785 return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
1
+ − 786 $t = $db->escape($rb['page_text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 787 $e = $db->sql_query('UPDATE ' . table_prefix.'page_text SET page_text=\'' . $t . '\',char_tag=\'' . $rb['char_tag'] . '\' WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 788 if ( !$e )
+ − 789 {
+ − 790 return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 791 }
+ − 792 else
+ − 793 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 794 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on ' . $rb['date_string'] . '.';
158
+ − 795 }
1
+ − 796 break;
+ − 797 case "rename":
158
+ − 798 if ( !$perms->get_permissions('rename') )
+ − 799 return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
1
+ − 800 $t = $db->escape($rb['edit_summary']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 801 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $t . '\' WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 802 if ( !$e )
+ − 803 {
+ − 804 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 805 }
+ − 806 else
+ − 807 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 808 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("' . $rb['edit_summary'] . '") before ' . $rb['date_string'] . '.';
158
+ − 809 }
1
+ − 810 break;
+ − 811 case "prot":
158
+ − 812 if ( !$perms->get_permissions('protect') )
+ − 813 return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 814 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 815 if ( !$e )
+ − 816 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 817 else
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 818 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 819 break;
+ − 820 case "semiprot":
158
+ − 821 if ( !$perms->get_permissions('protect') )
+ − 822 return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 823 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 824 if ( !$e )
+ − 825 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 826 else
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 827 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 828 break;
+ − 829 case "unprot":
158
+ − 830 if ( !$perms->get_permissions('protect') )
+ − 831 return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 832 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=1 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 833 if ( !$e )
+ − 834 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 835 else
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 836 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 837 break;
+ − 838 case "delete":
158
+ − 839 if ( !$perms->get_permissions('history_rollback_extra') )
+ − 840 return 'Administrative privileges are required for page undeletion.';
+ − 841 if ( isset($paths->pages[$paths->cpage['urlname']]) )
+ − 842 return 'You cannot raise a dead page that is alive.';
1
+ − 843 $name = str_replace('_', ' ', $rb['page_id']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 844 $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 845 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
1
+ − 846 $r = $db->fetchrow();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 847 $e = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\',\'' . $db->escape($r['page_text']) . '\',\'' . $r['char_tag'] . '\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 848 return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.';
1
+ − 849 break;
+ − 850 case "reupload":
234
d5dff8148dfe
Renaming config.php and .htaccess to *.new to allow tarbombing an Enano installation with no adverse effects; first attempt, may not work right.
Dan
diff
changeset
+ − 851 if ( !$session->get_permissions('history_rollback_extra') )
158
+ − 852 {
+ − 853 return 'Administrative privileges are required for file rollbacks.';
+ − 854 }
1
+ − 855 $newtime = time();
+ − 856 $newdate = date('d M Y h:i a');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 857 if(!$db->sql_query('UPDATE ' . table_prefix.'logs SET time_id=' . $newtime . ',date_string=\'' . $newdate . '\' WHERE time_id=' . $id))
158
+ − 858 return 'Error during query: '.mysql_error();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 859 if(!$db->sql_query('UPDATE ' . table_prefix.'files SET time_id=' . $newtime . ' WHERE time_id=' . $id))
158
+ − 860 return 'Error during query: '.mysql_error();
+ − 861 return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.';
1
+ − 862 break;
+ − 863 default:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 864 return('Rollback of the action "' . $rb['action'] . '" is not yet supported.');
1
+ − 865 break;
+ − 866 }
+ − 867 break;
+ − 868 case "security":
+ − 869 case "login":
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 870 return('A ' . $rb['log_type'] . '-related log entry cannot be rolled back.');
1
+ − 871 break;
+ − 872 default:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 873 return('Unknown log entry type: "' . $rb['log_type'] . '"');
1
+ − 874 }
+ − 875 }
+ − 876
+ − 877 /**
+ − 878 * Posts a comment.
+ − 879 * @param $page_id the page ID
+ − 880 * @param $namespace the namespace
+ − 881 * @param $name the name of the person posting, defaults to current username/IP
+ − 882 * @param $subject the subject line of the comment
+ − 883 * @param $text the comment text
+ − 884 * @return string javascript code
+ − 885 */
+ − 886
+ − 887 function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
+ − 888 {
+ − 889 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 890 $_ob = '';
+ − 891 if(!$session->get_permissions('post_comments'))
+ − 892 return 'Access denied';
+ − 893 if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
+ − 894 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 895 {
+ − 896 if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
+ − 897 $result = $session->get_captcha($captcha_id);
+ − 898 if($captcha_code != $result) _die('The confirmation code you entered was incorrect.');
+ − 899 }
+ − 900 $text = RenderMan::preprocess_text($text);
+ − 901 $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
+ − 902 $subj = RenderMan::preprocess_text($subject);
+ − 903 if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 904 $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
1
+ − 905 $e = $db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 906 if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n' . $q) . '\'))');
1
+ − 907 else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
+ − 908 return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
+ − 909 }
+ − 910
+ − 911 /**
+ − 912 * Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
+ − 913 * @param $page_id the page ID
+ − 914 * @param $namespace the namespace
+ − 915 * @param $action administrative action to perform, default is false
+ − 916 * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 917 * @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 918 * @return array
+ − 919 * @access private
+ − 920 */
+ − 921
+ − 922 function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
+ − 923 {
+ − 924 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 925
+ − 926 $pname = $paths->nslist[$namespace] . $page_id;
+ − 927
+ − 928 ob_start();
+ − 929
+ − 930 if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
+ − 931 {
+ − 932 switch($action) {
+ − 933 case "delete":
+ − 934 if(isset($flags['id']))
+ − 935 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 936 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
1
+ − 937 } else {
+ − 938 $n = $db->escape($flags['name']);
+ − 939 $s = $db->escape($flags['subj']);
+ − 940 $t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 941 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 942 }
+ − 943 $e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 944 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 945 break;
+ − 946 case "approve":
+ − 947 if(isset($flags['id']))
+ − 948 {
+ − 949 $where = 'comment_id='.intval($flags['id']);
+ − 950 } else {
+ − 951 $n = $db->escape($flags['name']);
+ − 952 $s = $db->escape($flags['subj']);
+ − 953 $t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 954 $where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
1
+ − 955 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 956 $q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
1
+ − 957 $e = $db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 958 if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 959 $r = $db->fetchrow();
+ − 960 $db->free_result();
+ − 961 $a = ( $r['approved'] ) ? '0' : '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 962 $q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
1
+ − 963 $e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 964 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 965 if($a=='1') $v = 'Unapprove';
+ − 966 else $v = 'Approve';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 967 echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
1
+ − 968 break;
+ − 969 }
+ − 970 }
+ − 971
+ − 972 if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 973 {
+ − 974 $template->load_theme($session->theme, $session->style);
+ − 975 }
+ − 976
+ − 977 $tpl = $template->makeParser('comment.tpl');
+ − 978
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 979 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
1
+ − 980 if(!$e) $db->_die('The comment text data could not be selected.');
+ − 981 $num_unapp = $db->numrows();
+ − 982 $db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 983 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
1
+ − 984 if(!$e) $db->_die('The comment text data could not be selected.');
+ − 985 $num_app = $db->numrows();
+ − 986 $db->free_result();
+ − 987 $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 988 FROM ' . table_prefix.'comments AS c
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 989 LEFT JOIN ' . table_prefix.'users AS u
1
+ − 990 ON c.user_id=u.user_id
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 991 WHERE page_id=\'' . $page_id . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 992 AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
1
+ − 993 if(!$lq) _die('The comment text data could not be selected. '.mysql_error());
+ − 994 $_ob .= '<h3>Article Comments</h3>';
+ − 995 $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 996 if($n==1) $s = 'is ' . $n . ' comment'; else $s = 'are ' . $n . ' comments';
1
+ − 997 if($n < 1)
+ − 998 {
+ − 999 $_ob .= '<p>There are currently no comments on this '.strtolower($namespace).'';
+ − 1000 if($namespace != 'Article') $_ob .= ' page';
+ − 1001 $_ob .= '.</p>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1002 } else $_ob .= '<p>There ' . $s . ' on this article.';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1003 if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">' . $num_unapp . ' of those are unapproved.</span>';
1
+ − 1004 elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; }
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1005 $_ob .= '</p>';
1
+ − 1006 $list = 'list = { ';
+ − 1007 // _die(htmlspecialchars($ttext));
+ − 1008 $i = -1;
+ − 1009 while($row = $db->fetchrow($lq))
+ − 1010 {
+ − 1011 $i++;
+ − 1012 $strings = Array();
+ − 1013 $bool = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1014 if ( $session->get_permissions('mod_comments') || $row['approved'] )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1015 {
1
+ − 1016 $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
+ − 1017
+ − 1018 // Comment ID (used in the Javascript apps)
+ − 1019 $strings['ID'] = (string)$i;
+ − 1020
+ − 1021 // Determine the name, and whether to link to the user page or not
+ − 1022 $name = '';
+ − 1023 if($row['user_id'] > 0) $name .= '<a href="'.makeUrlNS('User', str_replace(' ', '_', $row['name'])).'">';
+ − 1024 $name .= $row['name'];
+ − 1025 if($row['user_id'] > 0) $name .= '</a>';
+ − 1026 $strings['NAME'] = $name; unset($name);
+ − 1027
+ − 1028 // Subject
+ − 1029 $s = $row['subject'];
+ − 1030 if(!$row['approved']) $s .= ' <span style="color: #D84308">(Unapproved)</span>';
+ − 1031 $strings['SUBJECT'] = $s;
+ − 1032
+ − 1033 // Date and time
+ − 1034 $strings['DATETIME'] = date('F d, Y h:i a', $row['time']);
+ − 1035
+ − 1036 // User level
+ − 1037 switch($row['user_level'])
+ − 1038 {
+ − 1039 default:
+ − 1040 case USER_LEVEL_GUEST:
+ − 1041 $l = 'Guest';
+ − 1042 break;
+ − 1043 case USER_LEVEL_MEMBER:
+ − 1044 $l = 'Member';
+ − 1045 break;
+ − 1046 case USER_LEVEL_MOD:
+ − 1047 $l = 'Moderator';
+ − 1048 break;
+ − 1049 case USER_LEVEL_ADMIN:
+ − 1050 $l = 'Administrator';
+ − 1051 break;
+ − 1052 }
+ − 1053 $strings['USER_LEVEL'] = $l; unset($l);
+ − 1054
+ − 1055 // The actual comment data
+ − 1056 $strings['DATA'] = RenderMan::render($row['comment_data']);
+ − 1057
+ − 1058 if($session->get_permissions('edit_comments'))
+ − 1059 {
+ − 1060 // Edit link
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1061 $strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">edit</a>';
1
+ − 1062
+ − 1063 // Delete link
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1064 $strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id=' . $row['comment_id']) . '">delete</a>';
1
+ − 1065 }
+ − 1066 else
+ − 1067 {
+ − 1068 // Edit link
+ − 1069 $strings['EDIT_LINK'] = '';
+ − 1070
+ − 1071 // Delete link
+ − 1072 $strings['DELETE_LINK'] = '';
+ − 1073 }
+ − 1074
+ − 1075 // Send PM link
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1076 $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">Send private message</a><br />' : '';
1
+ − 1077
+ − 1078 // Add Buddy link
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1079 $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">Add to buddy list</a>' : '';
1
+ − 1080
+ − 1081 // Mod links
+ − 1082 $applink = '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1083 $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
1
+ − 1084 if($row['approved']) $applink .= 'Unapprove';
+ − 1085 else $applink .= 'Approve';
+ − 1086 $applink .= '</a>';
+ − 1087 $strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1088 $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">Delete</a>';
1
+ − 1089
+ − 1090 // Signature
+ − 1091 $strings['SIGNATURE'] = '';
+ − 1092 if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
+ − 1093
+ − 1094 $bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
+ − 1095 $bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
+ − 1096 $bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
+ − 1097
+ − 1098 // Done processing and compiling, now let's cook it into HTML
+ − 1099 $tpl->assign_vars($strings);
+ − 1100 $tpl->assign_bool($bool);
+ − 1101 $_ob .= $tpl->run();
+ − 1102 }
+ − 1103 }
+ − 1104 if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
+ − 1105 {
+ − 1106 if(!$session->get_permissions('post_comments'))
+ − 1107 {
+ − 1108 $_ob .= '<h3>Got something to say?</h3><p>Access to post comments on this page is denied.</p>';
+ − 1109 }
+ − 1110 else
+ − 1111 {
+ − 1112 $_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.';
+ − 1113 if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.';
+ − 1114 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1115 $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
1
+ − 1116 $_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a>
+ − 1117 <div id="mdgCommentForm">
+ − 1118 <h3>Comment form</h3>
+ − 1119 <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
+ − 1120 <table border="0">
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1121 <tr><td>Your name or screen name:</td><td>' . $sn . '</td></tr>
1
+ − 1122 <tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
+ − 1123 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 1124 {
+ − 1125 $session->kill_captcha();
+ − 1126 $captcha = $session->make_captcha();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1127 $_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>';
1
+ − 1128 }
+ − 1129 $_ob .= '
+ − 1130 <tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ − 1131 <tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr>
+ − 1132 </table>
+ − 1133 </form>
+ − 1134 </div>';
+ − 1135 }
+ − 1136 } else {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1137 $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
1
+ − 1138 }
+ − 1139 $list .= '};';
+ − 1140 echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
+ − 1141 ' . $list;
+ − 1142 echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
+ − 1143
+ − 1144 $ret = ob_get_contents();
+ − 1145 ob_end_clean();
+ − 1146 return Array($ret, $_ob);
+ − 1147
+ − 1148 }
+ − 1149
+ − 1150 /**
+ − 1151 * Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
+ − 1152 * @param $page_id the page ID
+ − 1153 * @param $namespace the namespace
+ − 1154 * @param $action administrative action to perform, default is false
+ − 1155 * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1156 * @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1157 * @return string
+ − 1158 */
+ − 1159
+ − 1160 function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1161 {
+ − 1162 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1163 $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1164 return $r[0];
+ − 1165 }
+ − 1166
+ − 1167 /**
+ − 1168 * Generates HTML code for comments - used in browser compatibility mode
+ − 1169 * @param $page_id the page ID
+ − 1170 * @param $namespace the namespace
+ − 1171 * @param $action administrative action to perform, default is false
+ − 1172 * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1173 * @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1174 * @return string
+ − 1175 */
+ − 1176
+ − 1177 function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1178 {
+ − 1179 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1180 $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1181 return $r[1];
+ − 1182 }
+ − 1183
+ − 1184 /**
+ − 1185 * Updates comment data.
+ − 1186 * @param $page_id the page ID
+ − 1187 * @param $namespace the namespace
+ − 1188 * @param $subject new subject
+ − 1189 * @param $text new text
+ − 1190 * @param $old_subject the old subject, unprocessed and identical to the value in the DB
+ − 1191 * @param $old_text the old text, unprocessed and identical to the value in the DB
+ − 1192 * @param $id the javascript list ID, used internally by the client-side app
+ − 1193 * @return string
+ − 1194 */
+ − 1195
+ − 1196 function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
+ − 1197 {
+ − 1198 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1199 if(!$session->get_permissions('edit_comments'))
+ − 1200 return 'result="BAD";error="Access denied"';
+ − 1201 // Avoid SQL injection
+ − 1202 $old_text = $db->escape($old_text);
+ − 1203 $old_subject = $db->escape($old_subject);
+ − 1204 // Safety check - username/login
+ − 1205 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1206 {
+ − 1207 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1208 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1209 $s = $db->sql_query($q);
+ − 1210 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1211 $r = $db->fetchrow($s);
+ − 1212 $db->free_result();
+ − 1213 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1214 }
+ − 1215 $s = RenderMan::preprocess_text($subject);
+ − 1216 $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1217 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1218 $result = $db->sql_query($sql);
+ − 1219 if($result)
+ − 1220 {
+ − 1221 return 'result="GOOD";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1222 list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1223 list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
1
+ − 1224 s = unescape(\''.rawurlencode($s).'\');
+ − 1225 t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
+ − 1226 }
+ − 1227 else
+ − 1228 {
+ − 1229 return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
+ − 1230 Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1231 ' . $sql . '
1
+ − 1232
+ − 1233 Error returned by MySQL: '.mysql_error()).'");';
+ − 1234 }
+ − 1235 }
+ − 1236
+ − 1237 /**
+ − 1238 * Updates comment data using the comment_id column instead of the old, messy way
+ − 1239 * @param $page_id the page ID
+ − 1240 * @param $namespace the namespace
+ − 1241 * @param $subject new subject
+ − 1242 * @param $text new text
+ − 1243 * @param $id the comment ID (primary key in enano_comments table)
+ − 1244 * @return string
+ − 1245 */
+ − 1246
+ − 1247 function savecomment_neater($page_id, $namespace, $subject, $text, $id)
+ − 1248 {
+ − 1249 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1250 if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
+ − 1251 if(!$session->get_permissions('edit_comments'))
+ − 1252 return 'Access denied';
+ − 1253 // Safety check - username/login
+ − 1254 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1255 {
+ − 1256 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1257 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1258 $s = $db->sql_query($q);
+ − 1259 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1260 $r = $db->fetchrow($s);
+ − 1261 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1262 $db->free_result();
+ − 1263 }
+ − 1264 $s = RenderMan::preprocess_text($subject);
+ − 1265 $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1266 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1267 $result = $db->sql_query($sql);
+ − 1268 if($result)
+ − 1269 return 'good';
+ − 1270 else return 'Enano encountered a problem whilst saving the comment.
+ − 1271 Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1272 ' . $sql . '
1
+ − 1273
+ − 1274 Error returned by MySQL: '.mysql_error();
+ − 1275 }
+ − 1276
+ − 1277 /**
+ − 1278 * Deletes a comment.
+ − 1279 * @param $page_id the page ID
+ − 1280 * @param $namespace the namespace
+ − 1281 * @param $name the name the user posted under
+ − 1282 * @param $subj the subject of the comment to be deleted
+ − 1283 * @param $text the text of the comment to be deleted
+ − 1284 * @param $id the javascript list ID, used internally by the client-side app
+ − 1285 * @return string
+ − 1286 */
+ − 1287
+ − 1288 function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
+ − 1289 {
+ − 1290 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1291
+ − 1292 if(!$session->get_permissions('edit_comments'))
+ − 1293 return 'alert("Access to delete/edit comments is denied");';
+ − 1294
+ − 1295 if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1296 $n = $db->escape($name);
+ − 1297 $s = $db->escape($subj);
+ − 1298 $t = $db->escape($text);
+ − 1299
+ − 1300 // Safety check - username/login
+ − 1301 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1302 {
+ − 1303 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1304 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1305 $s = $db->sql_query($q);
+ − 1306 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1307 $r = $db->fetchrow($s);
+ − 1308 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1309 $db->free_result();
+ − 1310 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1311 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 1312 $e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1313 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 1314 return('good');
+ − 1315 }
+ − 1316
+ − 1317 /**
+ − 1318 * Deletes a comment in a cleaner fashion.
+ − 1319 * @param $page_id the page ID
+ − 1320 * @param $namespace the namespace
+ − 1321 * @param $id the comment ID (primary key)
+ − 1322 * @return string
+ − 1323 */
+ − 1324
+ − 1325 function deletecomment_neater($page_id, $namespace, $id)
+ − 1326 {
+ − 1327 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1328
+ − 1329 if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1330
+ − 1331 if(!$session->get_permissions('edit_comments'))
+ − 1332 return 'alert("Access to delete/edit comments is denied");';
+ − 1333
+ − 1334 // Safety check - username/login
+ − 1335 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1336 {
+ − 1337 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1338 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1339 $s = $db->sql_query($q);
+ − 1340 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1341 $r = $db->fetchrow($s);
+ − 1342 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1343 $db->free_result();
+ − 1344 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1345 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
1
+ − 1346 $e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1347 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 1348 return('good');
+ − 1349 }
+ − 1350
+ − 1351 /**
+ − 1352 * Renames a page.
+ − 1353 * @param $page_id the page ID
+ − 1354 * @param $namespace the namespace
+ − 1355 * @param $name the new name for the page
+ − 1356 * @return string error string or success message
+ − 1357 */
+ − 1358
+ − 1359 function rename($page_id, $namespace, $name)
+ − 1360 {
+ − 1361 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1362
+ − 1363 $pname = $paths->nslist[$namespace] . $page_id;
+ − 1364
+ − 1365 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 1366 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 1367
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1368 if( empty($name))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1369 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1370 die('Name is too short');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1371 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1372 if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1373 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1374 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1375 if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1376 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1377 $db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1378 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1379 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1380 if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1381 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1382 $db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1383 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1384 else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1385 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1386 return('The page "' . $paths->pages[$pname]['name'] . '" has been renamed to "' . $name . '". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1387 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1388 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1389 else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1390 {
1
+ − 1391 return('Access is denied.');
+ − 1392 }
+ − 1393 }
+ − 1394
+ − 1395 /**
+ − 1396 * Flushes (clears) the action logs for a given page
+ − 1397 * @param $page_id the page ID
+ − 1398 * @param $namespace the namespace
+ − 1399 * @return string error/success string
+ − 1400 */
+ − 1401
+ − 1402 function flushlogs($page_id, $namespace)
+ − 1403 {
+ − 1404 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1405 if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1406 $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
1
+ − 1407 if(!$e) $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1408
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1409 // If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1410 // If not, the admin's probably deleting a trash page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1411 if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1412 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1413 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1414 if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1415 $row = $db->fetchrow();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1416 $db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1417 $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1418 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1419 }
1
+ − 1420 return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.');
+ − 1421 }
+ − 1422
+ − 1423 /**
+ − 1424 * Deletes a page.
28
+ − 1425 * @param string $page_id the condemned page ID
+ − 1426 * @param string $namespace the condemned namespace
+ − 1427 * @param string The reason for deleting the page in question
1
+ − 1428 * @return string
+ − 1429 */
+ − 1430
28
+ − 1431 function deletepage($page_id, $namespace, $reason)
1
+ − 1432 {
+ − 1433 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1434 $perms = $session->fetch_page_acl($page_id, $namespace);
28
+ − 1435 $x = trim($reason);
+ − 1436 if ( empty($x) )
+ − 1437 {
+ − 1438 return 'Invalid reason for deletion passed';
+ − 1439 }
+ − 1440 if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1441 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
+ − 1442 if(!$e) $db->_die('The page log entry could not be inserted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1443 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1444 if(!$e) $db->_die('The page categorization entries could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1445 $e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1446 if(!$e) $db->_die('The page comments could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1447 $e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1448 if(!$e) $db->_die('The page text entry could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1449 $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1450 if(!$e) $db->_die('The page entry could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1451 $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
1
+ − 1452 if(!$e) $db->_die('The file entry could not be deleted.');
+ − 1453 return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.');
+ − 1454 }
+ − 1455
+ − 1456 /**
+ − 1457 * Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
+ − 1458 * @param $page_id the page ID
+ − 1459 * @param $namespace the namespace
+ − 1460 * @return string
+ − 1461 */
+ − 1462
+ − 1463 function delvote($page_id, $namespace)
+ − 1464 {
+ − 1465 global $db, $session, $paths, $template, $plugins; // Common objects
112
+ − 1466 if ( !$session->get_permissions('vote_delete') )
+ − 1467 {
1
+ − 1468 return 'Access denied';
112
+ − 1469 }
+ − 1470
+ − 1471 if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+ − 1472 {
+ − 1473 return 'Special pages and system messages can\'t be voted for deletion.';
+ − 1474 }
+ − 1475
+ − 1476 $pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+ − 1477
+ − 1478 if ( !isset($paths->pages[$pname]) )
+ − 1479 {
+ − 1480 return 'The page does not exist.';
+ − 1481 }
+ − 1482
+ − 1483 $cv =& $paths->pages[$pname]['delvotes'];
+ − 1484 $ips = $paths->pages[$pname]['delvote_ips'];
+ − 1485
+ − 1486 if ( empty($ips) )
+ − 1487 {
+ − 1488 $ips = array(
+ − 1489 'ip' => array(),
+ − 1490 'u' => array()
+ − 1491 );
+ − 1492 }
+ − 1493 else
+ − 1494 {
+ − 1495 $ips = @unserialize($ips);
+ − 1496 if ( !$ips )
+ − 1497 {
+ − 1498 $ips = array(
+ − 1499 'ip' => array(),
+ − 1500 'u' => array()
+ − 1501 );
+ − 1502 }
+ − 1503 }
+ − 1504
+ − 1505 if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+ − 1506 {
+ − 1507 return 'It appears that you have already voted to have this page deleted.';
+ − 1508 }
+ − 1509
+ − 1510 $ips['u'][] = $session->username;
+ − 1511 $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+ − 1512 $ips = $db->escape( serialize($ips) );
+ − 1513
1
+ − 1514 $cv++;
112
+ − 1515
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1516 $q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1517 $w = $db->sql_query($q);
112
+ − 1518
+ − 1519 return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
1
+ − 1520 }
+ − 1521
+ − 1522 /**
+ − 1523 * Resets the number of votes against a page to 0.
+ − 1524 * @param $page_id the page ID
+ − 1525 * @param $namespace the namespace
+ − 1526 * @return string
+ − 1527 */
+ − 1528
+ − 1529 function resetdelvotes($page_id, $namespace)
+ − 1530 {
+ − 1531 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1532 if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1533 $q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1534 $e = $db->sql_query($q);
+ − 1535 if(!$e) $db->_die('The number of delete votes was not reset.');
+ − 1536 else return('The number of votes for having this page deleted has been reset to zero.');
+ − 1537 }
+ − 1538
+ − 1539 /**
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1540 * Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
+ − 1541 * @param $id the name of the directory for the theme
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1542 * @return string JSON string with an array containing a list of themes
1
+ − 1543 */
+ − 1544
+ − 1545 function getstyles()
+ − 1546 {
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1547 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1548
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1549 if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1550 return $json->encode(false);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1551
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1552 $dir = './themes/' . $_GET['id'] . '/css/';
1
+ − 1553 $list = Array();
+ − 1554 // Open a known directory, and proceed to read its contents
+ − 1555 if (is_dir($dir)) {
+ − 1556 if ($dh = opendir($dir)) {
+ − 1557 while (($file = readdir($dh)) !== false) {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1558 if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1559 { // it should be a copy of the original style, but
1
+ − 1560 // mostly black and white
+ − 1561 // Note to self: document this
+ − 1562 $list[] = substr($file, 0, strlen($file)-4);
+ − 1563 }
+ − 1564 }
+ − 1565 closedir($dh);
+ − 1566 }
+ − 1567 }
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1568 else
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1569 {
39
c83ff194977a
Changed animation on flying message boxes; bugfix for "Array" response in theme changer; added diff CSS to enano-shared; allowed spaces in username during install
Dan
diff
changeset
+ − 1570 return($json->encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1571 }
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1572
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1573 return $json->encode($list);
1
+ − 1574 }
+ − 1575
+ − 1576 /**
+ − 1577 * Assembles a Javascript app with category information
+ − 1578 * @param $page_id the page ID
+ − 1579 * @param $namespace the namespace
+ − 1580 * @return string Javascript code
+ − 1581 */
+ − 1582
+ − 1583 function catedit($page_id, $namespace)
+ − 1584 {
+ − 1585 $d = PageUtils::catedit_raw($page_id, $namespace);
+ − 1586 return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
+ − 1587 }
+ − 1588
+ − 1589 /**
+ − 1590 * Does the actual HTML/javascript generation for cat editing, but returns an array
+ − 1591 * @access private
+ − 1592 */
+ − 1593
+ − 1594 function catedit_raw($page_id, $namespace)
+ − 1595 {
+ − 1596 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1597 ob_start();
+ − 1598 $_ob = '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1599 $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\'');
1
+ − 1600 if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
+ − 1601 $cat_current = Array();
+ − 1602 while($r = $db->fetchrow())
+ − 1603 {
+ − 1604 $cat_current[] = $r;
+ − 1605 }
+ − 1606 $db->free_result();
+ − 1607 $cat_all = Array();
+ − 1608 for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1609 {
+ − 1610 if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1611 }
+ − 1612
+ − 1613 // Make $cat_all an associative array, like $paths->pages
+ − 1614 $sz = sizeof($cat_all);
+ − 1615 for($i=0;$i<$sz;$i++)
+ − 1616 {
+ − 1617 $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1618 }
+ − 1619 // Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
+ − 1620 $cat_info = $cat_all;
+ − 1621 for($i=0;$i<sizeof($cat_current);$i++)
+ − 1622 {
+ − 1623 $un = $cat_current[$i]['category_id'];
+ − 1624 $cat_info[$un]['member'] = true;
+ − 1625 }
+ − 1626 // Now copy the information we just set into the numerically named keys
+ − 1627 for($i=0;$i<sizeof($cat_info)/2;$i++)
+ − 1628 {
+ − 1629 $un = $cat_info[$i]['urlname_nons'];
+ − 1630 $cat_info[$i] = $cat_info[$un];
+ − 1631 }
+ − 1632
+ − 1633 echo 'catlist = new Array();'; // Initialize the client-side category list
+ − 1634 $_ob .= '<h3>Select which categories this page should be included in.</h3>
+ − 1635 <form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
+ − 1636 if ( sizeof($cat_info) < 1 )
+ − 1637 {
+ − 1638 $_ob .= '<p>There are no categories on this site yet.</p>';
+ − 1639 }
+ − 1640 for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
+ − 1641 {
+ − 1642 // Protection code added 1/3/07
+ − 1643 // Updated 3/4/07
+ − 1644 $is_prot = false;
+ − 1645 $perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
+ − 1646 if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1647 ( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
+ − 1648 $is_prot = true;
+ − 1649 $prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
+ − 1650 $prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1651 echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1652 $_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
1
+ − 1653 if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1654 $_ob .= '/> <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
1
+ − 1655 }
+ − 1656
+ − 1657 $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
+ − 1658
+ − 1659 $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="Save changes" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="Cancel" /></div></form>';
+ − 1660
+ − 1661 $cont = ob_get_contents();
+ − 1662 ob_end_clean();
+ − 1663 return Array($cont, $_ob);
+ − 1664 }
+ − 1665
+ − 1666 /**
+ − 1667 * Saves category information
+ − 1668 * WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
+ − 1669 * @param $page_id string the page ID
+ − 1670 * @param $namespace string the namespace
+ − 1671 * @param $which_cats array associative array of categories to put the page in
+ − 1672 * @return string "GOOD" on success, error string on failure
+ − 1673 */
+ − 1674
+ − 1675 function catsave($page_id, $namespace, $which_cats)
+ − 1676 {
+ − 1677 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1678 if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
+ − 1679
+ − 1680 $page_perms = $session->fetch_page_acl($page_id, $namespace);
+ − 1681 $page_data =& $paths->pages[$paths->nslist[$namespace].$page_id];
+ − 1682
+ − 1683 $cat_all = Array();
+ − 1684 for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1685 {
+ − 1686 if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1687 }
+ − 1688
+ − 1689 // Make $cat_all an associative array, like $paths->pages
+ − 1690 $sz = sizeof($cat_all);
+ − 1691 for($i=0;$i<$sz;$i++)
+ − 1692 {
+ − 1693 $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1694 }
+ − 1695
+ − 1696 $rowlist = Array();
+ − 1697
+ − 1698 for($i=0;$i<sizeof($cat_all)/2;$i++)
+ − 1699 {
+ − 1700 $auth = true;
+ − 1701 $perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
+ − 1702 if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1703 ( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
+ − 1704 ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
+ − 1705 $auth = false;
+ − 1706 if(!$auth)
+ − 1707 {
+ − 1708 // Find out if the page is currently in the category
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1709 $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1710 if(!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1711 return 'MySQL error: ' . $db->get_error();
1
+ − 1712 if($db->numrows() > 0)
+ − 1713 {
+ − 1714 $auth = true;
+ − 1715 $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
+ − 1716 }
+ − 1717 $db->free_result();
+ − 1718 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1719 if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
1
+ − 1720 }
+ − 1721 if(sizeof($rowlist) > 0)
+ − 1722 {
+ − 1723 $val = implode(',', $rowlist);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1724 $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1725 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1726 if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1727 $e = $db->sql_query($q);
+ − 1728 if(!$e) $db->_die('The new category data could not be inserted.');
+ − 1729 return('GOOD');
+ − 1730 }
+ − 1731 else
+ − 1732 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1733 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1734 if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1735 return('GOOD');
+ − 1736 }
+ − 1737 }
+ − 1738
+ − 1739 /**
+ − 1740 * Sets the wiki mode level for a page.
+ − 1741 * @param $page_id string the page ID
+ − 1742 * @param $namespace string the namespace
+ − 1743 * @param $level int 0 for off, 1 for on, 2 for use global setting
+ − 1744 * @return string "GOOD" on success, error string on failure
+ − 1745 */
+ − 1746
+ − 1747 function setwikimode($page_id, $namespace, $level)
+ − 1748 {
+ − 1749 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1750 if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1751 if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1752 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1753 return('Invalid mode string');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1754 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1755 $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1756 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1757 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1758 return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1759 }
1
+ − 1760 return('GOOD');
+ − 1761 }
+ − 1762
+ − 1763 /**
+ − 1764 * Sets the access password for a page.
+ − 1765 * @param $page_id string the page ID
+ − 1766 * @param $namespace string the namespace
+ − 1767 * @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
+ − 1768 * @return string
+ − 1769 */
+ − 1770
+ − 1771 function setpass($page_id, $namespace, $pass)
+ − 1772 {
+ − 1773 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1774 // Determine permissions
+ − 1775 if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
+ − 1776 $a = $session->get_permissions('password_reset');
+ − 1777 else
+ − 1778 $a = $session->get_permissions('password_set');
+ − 1779 if(!$a)
+ − 1780 return 'Access is denied';
+ − 1781 if(!isset($pass)) return('Password was not set on URL');
+ − 1782 $p = $pass;
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1783 if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1784 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1785 $p = sha1($p);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1786 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1787 if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1788 // sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1789 $p = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1790 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1791 if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1792 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1793 die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1794 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1795 // Is the new password blank?
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1796 if ( $p == '' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1797 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1798 return('The password for this page has been disabled.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1799 }
1
+ − 1800 else return('The password for this page has been set.');
+ − 1801 }
+ − 1802
+ − 1803 /**
+ − 1804 * Generates some preview HTML
+ − 1805 * @param $text string the wikitext to use
+ − 1806 * @return string
+ − 1807 */
+ − 1808
+ − 1809 function genPreview($text)
+ − 1810 {
102
+ − 1811 $ret = '<div class="info-box"><b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
+ − 1812 $text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+ − 1813 ob_start();
+ − 1814 eval('?>' . $text);
+ − 1815 $text = ob_get_contents();
+ − 1816 ob_end_clean();
+ − 1817 $ret .= $text;
+ − 1818 $ret .= '</div>';
+ − 1819 return $ret;
1
+ − 1820 }
+ − 1821
+ − 1822 /**
+ − 1823 * Makes a scrollable box
+ − 1824 * @param string $text the inner HTML
+ − 1825 * @param int $height Optional - the maximum height. Defaults to 250.
+ − 1826 * @return string
+ − 1827 */
+ − 1828
+ − 1829 function scrollBox($text, $height = 250)
+ − 1830 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1831 return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
1
+ − 1832 }
+ − 1833
+ − 1834 /**
+ − 1835 * Generates a diff summary between two page revisions.
+ − 1836 * @param $page_id the page ID
+ − 1837 * @param $namespace the namespace
+ − 1838 * @param $id1 the time ID of the first revision
+ − 1839 * @param $id2 the time ID of the second revision
+ − 1840 * @return string XHTML-formatted diff
+ − 1841 */
+ − 1842
+ − 1843 function pagediff($page_id, $namespace, $id1, $id2)
+ − 1844 {
+ − 1845 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1846 if(!$session->get_permissions('history_view'))
+ − 1847 return 'Access denied';
+ − 1848 if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
+ − 1849 !preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
+ − 1850 // OK we made it through security
+ − 1851 // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1852 if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1853 if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
1
+ − 1854 $row1 = $db->fetchrow($q1);
+ − 1855 $db->free_result($q1);
+ − 1856 $row2 = $db->fetchrow($q2);
+ − 1857 $db->free_result($q2);
+ − 1858 if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
+ − 1859 $text1 = $row1['page_text'];
+ − 1860 $text2 = $row2['page_text'];
+ − 1861 $time1 = date('F d, Y h:i a', $id1);
+ − 1862 $time2 = date('F d, Y h:i a', $id2);
+ − 1863 $_ob = "
+ − 1864 <p>Comparing revisions: {$time1} → {$time2}</p>
+ − 1865 ";
+ − 1866 // Free some memory
+ − 1867 unset($row1, $row2, $q1, $q2);
+ − 1868
+ − 1869 $_ob .= RenderMan::diff($text1, $text2);
+ − 1870 return $_ob;
+ − 1871 }
+ − 1872
+ − 1873 /**
+ − 1874 * Gets ACL information about the selected page for target type X and target ID Y.
+ − 1875 * @param string $page_id The page ID
+ − 1876 * @param string $namespace The namespace
+ − 1877 * @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
+ − 1878 * @return array
+ − 1879 */
+ − 1880
+ − 1881 function acl_editor($parms = Array())
+ − 1882 {
+ − 1883 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1884 if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
40
+ − 1885 {
+ − 1886 return Array(
+ − 1887 'mode' => 'error',
+ − 1888 'error' => 'You are not authorized to view or edit access control lists.'
+ − 1889 );
+ − 1890 }
1
+ − 1891 $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
+ − 1892 $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
+ − 1893 $page_id =& $parms['page_id'];
+ − 1894 $namespace =& $parms['namespace'];
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1895 $page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1896 $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
1
+ − 1897 //die(print_r($page_id,true));
+ − 1898 $template->load_theme();
+ − 1899 // $perms_obj = $session->fetch_page_acl($page_id, $namespace);
+ − 1900 $perms_obj =& $session;
+ − 1901 $return = Array();
+ − 1902 if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
+ − 1903 {
+ − 1904 return Array(
+ − 1905 'mode' => 'error',
+ − 1906 'error' => 'It seems that (a) the file acledit.tpl is missing from these theme, and (b) the JSON response is working.',
+ − 1907 );
+ − 1908 }
+ − 1909 $return['template'] = $template->extract_vars('acledit.tpl');
+ − 1910 $return['page_id'] = $page_id;
+ − 1911 $return['namespace'] = $namespace;
+ − 1912 if(isset($parms['mode']))
+ − 1913 {
+ − 1914 switch($parms['mode'])
+ − 1915 {
+ − 1916 case 'listgroups':
+ − 1917 $return['groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1918 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
1
+ − 1919 while($row = $db->fetchrow())
+ − 1920 {
+ − 1921 $return['groups'][] = Array(
+ − 1922 'id' => $row['group_id'],
+ − 1923 'name' => $row['group_name'],
+ − 1924 );
+ − 1925 }
+ − 1926 $db->free_result();
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1927 $return['page_groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1928 $q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1929 if ( !$q )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1930 return Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1931 'mode' => 'error',
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1932 'error' => $db->get_error()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1933 );
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1934 while ( $row = $db->fetchrow() )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1935 {
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1936 $return['page_groups'][] = Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1937 'id' => $row['pg_id'],
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1938 'name' => $row['pg_name']
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1939 );
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1940 }
1
+ − 1941 break;
+ − 1942 case 'seltarget':
+ − 1943 $return['mode'] = 'seltarget';
+ − 1944 $return['acl_types'] = $perms_obj->acl_types;
+ − 1945 $return['acl_deps'] = $perms_obj->acl_deps;
+ − 1946 $return['acl_descs'] = $perms_obj->acl_descs;
+ − 1947 $return['target_type'] = $parms['target_type'];
+ − 1948 $return['target_id'] = $parms['target_id'];
+ − 1949 switch($parms['target_type'])
+ − 1950 {
+ − 1951 case ACL_TYPE_USER:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1952 $q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1953 LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1954 ON a.target_id=u.user_id
+ − 1955 WHERE a.target_type='.ACL_TYPE_USER.'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1956 AND u.username=\'' . $db->escape($parms['target_id']) . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1957 ' . $page_where_clause . ';');
1
+ − 1958 if(!$q)
+ − 1959 return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1960 if($db->numrows() < 1)
+ − 1961 {
+ − 1962 $return['type'] = 'new';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1963 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
1
+ − 1964 if(!$q)
+ − 1965 return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1966 if($db->numrows() < 1)
+ − 1967 return Array('mode'=>'error','error'=>'The username you entered was not found.');
+ − 1968 $row = $db->fetchrow();
+ − 1969 $return['target_name'] = $return['target_id'];
+ − 1970 $return['target_id'] = intval($row['user_id']);
+ − 1971 $return['current_perms'] = $session->acl_types;
+ − 1972 }
+ − 1973 else
+ − 1974 {
+ − 1975 $return['type'] = 'edit';
+ − 1976 $row = $db->fetchrow();
+ − 1977 $return['target_name'] = $return['target_id'];
+ − 1978 $return['target_id'] = intval($row['user_id']);
+ − 1979 $return['current_perms'] = $session->acl_merge($perms_obj->acl_types, $session->string_to_perm($row['rules']));
+ − 1980 }
+ − 1981 $db->free_result();
+ − 1982 // Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1983 if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1984 {
+ − 1985 foreach ( $return['current_perms'] AS $i => $perm )
+ − 1986 {
+ − 1987 if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1988 {
+ − 1989 // echo "// SCOPE CONTROL: eliminating: $i\n";
+ − 1990 unset($return['current_perms'][$i]);
+ − 1991 unset($return['acl_types'][$i]);
+ − 1992 unset($return['acl_descs'][$i]);
+ − 1993 unset($return['acl_deps'][$i]);
+ − 1994 }
+ − 1995 }
+ − 1996 }
+ − 1997 break;
+ − 1998 case ACL_TYPE_GROUP:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1999 $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2000 LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 2001 ON a.target_id=g.group_id
+ − 2002 WHERE a.target_type='.ACL_TYPE_GROUP.'
+ − 2003 AND g.group_id=\''.intval($parms['target_id']).'\'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2004 ' . $page_where_clause . ';');
1
+ − 2005 if(!$q)
+ − 2006 return(Array('mode'=>'error','error'=>mysql_error()));
+ − 2007 if($db->numrows() < 1)
+ − 2008 {
+ − 2009 $return['type'] = 'new';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2010 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
1
+ − 2011 if(!$q)
+ − 2012 return(Array('mode'=>'error','error'=>mysql_error()));
+ − 2013 if($db->numrows() < 1)
+ − 2014 return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
+ − 2015 $row = $db->fetchrow();
+ − 2016 $return['target_name'] = $row['group_name'];
+ − 2017 $return['target_id'] = intval($row['group_id']);
+ − 2018 $return['current_perms'] = $session->acl_types;
+ − 2019 }
+ − 2020 else
+ − 2021 {
+ − 2022 $return['type'] = 'edit';
+ − 2023 $row = $db->fetchrow();
+ − 2024 $return['target_name'] = $row['group_name'];
+ − 2025 $return['target_id'] = intval($row['group_id']);
+ − 2026 $return['current_perms'] = $session->acl_merge($session->acl_types, $session->string_to_perm($row['rules']));
+ − 2027 }
+ − 2028 $db->free_result();
+ − 2029 // Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2030 if ( $namespace && $namespace != '__PageGroup' )
1
+ − 2031 {
+ − 2032 foreach ( $return['current_perms'] AS $i => $perm )
+ − 2033 {
+ − 2034 if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 2035 {
+ − 2036 // echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
+ − 2037 unset($return['current_perms'][$i]);
+ − 2038 unset($return['acl_types'][$i]);
+ − 2039 unset($return['acl_descs'][$i]);
+ − 2040 unset($return['acl_deps'][$i]);
+ − 2041 }
+ − 2042 }
+ − 2043 }
+ − 2044 //return Array('mode'=>'debug','text'=>print_r($return, true));
+ − 2045 break;
+ − 2046 default:
+ − 2047 return Array('mode'=>'error','error','Invalid ACL type ID');
+ − 2048 break;
+ − 2049 }
+ − 2050 return $return;
+ − 2051 break;
+ − 2052 case 'save_new':
+ − 2053 case 'save_edit':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2054 if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2055 {
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2056 return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2057 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2058 $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2059 ' . $page_where_clause_lite . ';');
1
+ − 2060 if(!$q)
+ − 2061 return Array('mode'=>'error','error'=>mysql_error());
+ − 2062 $rules = $session->perm_to_string($parms['perms']);
+ − 2063 if ( sizeof ( $rules ) < 1 )
+ − 2064 {
+ − 2065 return array(
+ − 2066 'mode' => 'error',
+ − 2067 'error' => 'Supplied rule list has a length of zero'
+ − 2068 );
+ − 2069 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2070 $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2071 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2072 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2073 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
1
+ − 2074 if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error());
+ − 2075 return Array(
+ − 2076 'mode' => 'success',
+ − 2077 'target_type' => $parms['target_type'],
+ − 2078 'target_id' => $parms['target_id'],
+ − 2079 'target_name' => $parms['target_name'],
+ − 2080 'page_id' => $page_id,
+ − 2081 'namespace' => $namespace,
+ − 2082 );
+ − 2083 break;
+ − 2084 case 'delete':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2085 if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2086 {
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2087 return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2088 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2089 $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2090 ' . $page_where_clause_lite . ';');
1
+ − 2091 if(!$q)
+ − 2092 return Array('mode'=>'error','error'=>mysql_error());
+ − 2093 return Array(
+ − 2094 'mode' => 'delete',
+ − 2095 'target_type' => $parms['target_type'],
+ − 2096 'target_id' => $parms['target_id'],
+ − 2097 'target_name' => $parms['target_name'],
+ − 2098 'page_id' => $page_id,
+ − 2099 'namespace' => $namespace,
+ − 2100 );
+ − 2101 break;
+ − 2102 default:
+ − 2103 return Array('mode'=>'error','error'=>'Hacking attempt');
+ − 2104 break;
+ − 2105 }
+ − 2106 }
+ − 2107 return $return;
+ − 2108 }
+ − 2109
+ − 2110 /**
+ − 2111 * Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
+ − 2112 * @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
+ − 2113 * @return string
+ − 2114 */
+ − 2115
+ − 2116 function acl_json($parms = '{ }')
+ − 2117 {
+ − 2118 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2119 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 2120 $parms = $json->decode($parms);
+ − 2121 $ret = PageUtils::acl_editor($parms);
+ − 2122 $ret = $json->encode($ret);
+ − 2123 return $ret;
+ − 2124 }
+ − 2125
+ − 2126 /**
+ − 2127 * A non-Javascript frontend for the ACL API.
+ − 2128 * @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
+ − 2129 */
+ − 2130
+ − 2131 function aclmanager($parms)
+ − 2132 {
+ − 2133 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2134 ob_start();
+ − 2135 // Convenience
+ − 2136 $formstart = '<form
+ − 2137 action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
+ − 2138 method="post" enctype="multipart/form-data"
+ − 2139 onsubmit="if(!submitAuthorized) return false;"
+ − 2140 >';
+ − 2141 $formend = '</form>';
+ − 2142 $parms = PageUtils::acl_preprocess($parms);
+ − 2143 $response = PageUtils::acl_editor($parms);
+ − 2144 $response = PageUtils::acl_postprocess($response);
+ − 2145
+ − 2146 //die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
+ − 2147
+ − 2148 switch($response['mode'])
+ − 2149 {
+ − 2150 case 'debug':
+ − 2151 echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
+ − 2152 break;
+ − 2153 case 'stage1':
+ − 2154 echo '<h3>Manage page access</h3>
+ − 2155 <p>Please select who should be affected by this access rule.</p>';
+ − 2156 echo $formstart;
+ − 2157 echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> A usergroup</label></p>
+ − 2158 <p><select name="data[target_id_grp]">';
+ − 2159 foreach ( $response['groups'] as $group )
+ − 2160 {
+ − 2161 echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
+ − 2162 }
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2163 // page group selector
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2164 $groupsel = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2165 if ( count($response['page_groups']) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2166 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2167 $groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> A group of pages</label></p>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2168 <p><select name="data[pg_id]">';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2169 foreach ( $response['page_groups'] as $grp )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2170 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2171 $groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2172 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2173 $groupsel .= '</select></p>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2174 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2175
1
+ − 2176 echo '</select></p>
+ − 2177 <p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> A specific user</label></p>
+ − 2178 <p>' . $template->username_field('data[target_id_user]') . '</p>
+ − 2179 <p>What should this access rule control?</p>
+ − 2180 <p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> Only this page</p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2181 ' . $groupsel . '
1
+ − 2182 <p><label><input name="data[scope]" value="entire_site" type="radio" /> The entire site</p>
+ − 2183 <div style="margin: 0 auto 0 0; text-align: right;">
+ − 2184 <input name="data[mode]" value="seltarget" type="hidden" />
+ − 2185 <input type="hidden" name="data[page_id]" value="' . $paths->cpage['urlname_nons'] . '" />
+ − 2186 <input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
+ − 2187 <input type="submit" value="Next >" />
+ − 2188 </div>';
+ − 2189 echo $formend;
+ − 2190 break;
+ − 2191 case 'success':
+ − 2192 echo '<div class="info-box">
+ − 2193 <b>Permissions updated</b><br />
+ − 2194 The permissions for ' . $response['target_name'] . ' on this page have been updated successfully.<br />
+ − 2195 ' . $formstart . '
+ − 2196 <input type="hidden" name="data[mode]" value="seltarget" />
+ − 2197 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2198 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2199 <input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2200 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2201 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2202 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2203 <input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2204 ' . $formend . '
+ − 2205 </div>';
+ − 2206 break;
+ − 2207 case 'delete':
+ − 2208 echo '<div class="info-box">
+ − 2209 <b>Rule deleted</b><br />
+ − 2210 The selected access rule has been successfully deleted.<br />
+ − 2211 ' . $formstart . '
+ − 2212 <input type="hidden" name="data[mode]" value="seltarget" />
+ − 2213 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2214 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2215 <input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2216 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2217 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2218 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2219 <input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2220 ' . $formend . '
+ − 2221 </div>';
+ − 2222 break;
+ − 2223 case 'seltarget':
+ − 2224 if ( $response['type'] == 'edit' )
+ − 2225 {
+ − 2226 echo '<h3>Editing permissions</h3>';
+ − 2227 }
+ − 2228 else
+ − 2229 {
+ − 2230 echo '<h3>Create new rule</h3>';
+ − 2231 }
+ − 2232 $type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? 'group' : 'user';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2233 $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? 'this group of pages' : 'this page' ) : 'this entire site';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2234 echo 'This panel allows you to edit what the ' . $type . ' "' . $response['target_name'] . '" can do on <b>' . $scope . '</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.';
1
+ − 2235 echo $formstart;
+ − 2236 $parser = $template->makeParserText( $response['template']['acl_field_begin'] );
+ − 2237 echo $parser->run();
+ − 2238 $parser = $template->makeParserText( $response['template']['acl_field_item'] );
+ − 2239 $cls = 'row2';
+ − 2240 foreach ( $response['acl_types'] as $acl_type => $value )
+ − 2241 {
+ − 2242 $vars = Array(
+ − 2243 'FIELD_DENY_CHECKED' => '',
+ − 2244 'FIELD_DISALLOW_CHECKED' => '',
+ − 2245 'FIELD_WIKIMODE_CHECKED' => '',
+ − 2246 'FIELD_ALLOW_CHECKED' => '',
+ − 2247 );
+ − 2248 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2249 $vars['ROW_CLASS'] = $cls;
+ − 2250
+ − 2251 switch ( $response['current_perms'][$acl_type] )
+ − 2252 {
+ − 2253 case AUTH_ALLOW:
+ − 2254 $vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
+ − 2255 break;
+ − 2256 case AUTH_WIKIMODE:
+ − 2257 $vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
+ − 2258 break;
+ − 2259 case AUTH_DISALLOW:
+ − 2260 default:
+ − 2261 $vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
+ − 2262 break;
+ − 2263 case AUTH_DENY:
+ − 2264 $vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
+ − 2265 break;
+ − 2266 }
+ − 2267 $vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
+ − 2268 $vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ − 2269 $parser->assign_vars($vars);
+ − 2270 echo $parser->run();
+ − 2271 }
+ − 2272 $parser = $template->makeParserText( $response['template']['acl_field_end'] );
+ − 2273 echo $parser->run();
+ − 2274 echo '<div style="margin: 10px auto 0 0; text-align: right;">
+ − 2275 <input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
+ − 2276 <input type="hidden" name="data[page_id]" value="' . (( $response['page_id'] ) ? $response['page_id'] : 'false') . '" />
+ − 2277 <input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
+ − 2278 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2279 <input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
+ − 2280 <input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2281 ' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="Save changes" /> <input type="submit" name="data[act_delete_rule]" value="Delete rule" style="color: #AA0000;" onclick="return confirm(\'Do you really want to delete this ACL rule?\');" />' : '<input type="submit" value="Create rule" />' ) . '
1
+ − 2282 </div>';
+ − 2283 echo $formend;
+ − 2284 break;
+ − 2285 case 'error':
+ − 2286 ob_end_clean();
+ − 2287 die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
+ − 2288 break;
+ − 2289 }
+ − 2290 $ret = ob_get_contents();
+ − 2291 ob_end_clean();
+ − 2292 echo
+ − 2293 $template->getHeader() .
+ − 2294 $ret .
+ − 2295 $template->getFooter();
+ − 2296 }
+ − 2297
+ − 2298 /**
+ − 2299 * Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
+ − 2300 * @param array The posted data
+ − 2301 * @return array
+ − 2302 * @access private
+ − 2303 */
+ − 2304
+ − 2305 function acl_preprocess($parms)
+ − 2306 {
+ − 2307 if ( !isset($parms['mode']) )
+ − 2308 // Nothing to do
+ − 2309 return $parms;
+ − 2310 switch ( $parms['mode'] )
+ − 2311 {
+ − 2312 case 'seltarget':
+ − 2313
+ − 2314 // Who's affected?
+ − 2315 $parms['target_type'] = intval( $parms['target_type'] );
+ − 2316 $parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
+ − 2317
+ − 2318 case 'save_edit':
+ − 2319 case 'save_new':
+ − 2320 if ( isset($parms['act_delete_rule']) )
+ − 2321 {
+ − 2322 $parms['mode'] = 'delete';
+ − 2323 }
+ − 2324
+ − 2325 // Scope (just this page or entire site?)
+ − 2326 if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
+ − 2327 {
+ − 2328 $parms['page_id'] = false;
+ − 2329 $parms['namespace'] = false;
+ − 2330 }
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2331 else if ( $parms['scope'] == 'page_group' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2332 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2333 $parms['page_id'] = $parms['pg_id'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2334 $parms['namespace'] = '__PageGroup';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2335 }
1
+ − 2336
+ − 2337 break;
+ − 2338 }
+ − 2339
+ − 2340 if ( isset($parms['act_go_stage1']) )
+ − 2341 {
+ − 2342 $parms = array(
+ − 2343 'mode' => 'listgroups'
+ − 2344 );
+ − 2345 }
+ − 2346
+ − 2347 return $parms;
+ − 2348 }
+ − 2349
+ − 2350 function acl_postprocess($response)
+ − 2351 {
+ − 2352 if(!isset($response['mode']))
+ − 2353 {
+ − 2354 if ( isset($response['groups']) )
+ − 2355 $response['mode'] = 'stage1';
+ − 2356 else
+ − 2357 $response = Array(
+ − 2358 'mode' => 'error',
+ − 2359 'error' => 'Invalid action passed by API backend.',
+ − 2360 );
+ − 2361 }
+ − 2362 return $response;
+ − 2363 }
+ − 2364
+ − 2365 }
+ − 2366
+ − 2367 ?>