author | Dan |
Sat, 07 Jul 2007 16:43:38 -0400 | |
changeset 50 | 5e9bb8b7bbdf |
parent 47 | d6361ccbd2bd |
child 61 | e9708657875a |
permissions | -rw-r--r-- |
1 | 1 |
<?php |
2 |
/* |
|
3 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
4 |
* Version 1.0 (Banshee) |
1 | 5 |
* pageprocess.php - intelligent retrieval of pages |
6 |
* Copyright (C) 2006-2007 Dan Fuhry |
|
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
14 |
||
15 |
/** |
|
16 |
* Class to handle fetching page text (possibly from a cache) and formatting it. |
|
17 |
* @package Enano |
|
18 |
* @subpackage UI |
|
19 |
* @copyright 2007 Dan Fuhry |
|
20 |
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html> |
|
21 |
*/ |
|
22 |
||
23 |
class PageProcessor |
|
24 |
{ |
|
25 |
||
26 |
/** |
|
27 |
* Page ID and namespace of the page handled by this instance |
|
28 |
* @var string |
|
29 |
*/ |
|
30 |
||
31 |
var $page_id; |
|
32 |
var $namespace; |
|
33 |
||
34 |
/** |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
35 |
* The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent. |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
36 |
* @var int |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
37 |
*/ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
38 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
39 |
var $revision_id = 0; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
40 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
41 |
/** |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
42 |
* Unsanitized page ID. |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
43 |
* @var string |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
44 |
*/ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
45 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
46 |
var $page_id_unclean; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
47 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
48 |
/** |
1 | 49 |
* Tracks if the page we're loading exists in the database or not. |
50 |
* @var bool |
|
51 |
*/ |
|
52 |
||
53 |
var $page_exists = false; |
|
54 |
||
55 |
/** |
|
56 |
* Permissions! |
|
57 |
* @var object |
|
58 |
*/ |
|
59 |
||
60 |
var $perms = null; |
|
61 |
||
62 |
/** |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
63 |
* The SHA1 hash of the user-inputted password for the page |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
64 |
* @var string |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
65 |
*/ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
66 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
67 |
var $password = ''; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
68 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
69 |
/** |
1 | 70 |
* Switch to track if redirects are allowed. Defaults to true. |
71 |
* @var bool |
|
72 |
*/ |
|
73 |
||
74 |
var $allow_redir = true; |
|
75 |
||
76 |
/** |
|
77 |
* If this is set to true, this will call the header and footer funcs on $template when render() is called. |
|
78 |
* @var bool |
|
79 |
*/ |
|
80 |
||
81 |
var $send_headers = false; |
|
82 |
||
83 |
/** |
|
84 |
* Cache the fetched text so we don't fetch it from the DB twice. |
|
85 |
* @var string |
|
86 |
*/ |
|
87 |
||
88 |
var $text_cache = ''; |
|
89 |
||
90 |
/** |
|
91 |
* Debugging information to track errors. You can set enable to false to disable sending debug information. |
|
92 |
* @var array |
|
93 |
*/ |
|
94 |
||
95 |
var $debug = array( |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
96 |
'enable' => false, |
1 | 97 |
'works' => false |
98 |
); |
|
99 |
||
100 |
/** |
|
101 |
* Constructor. |
|
102 |
* @param string The page ID (urlname) of the page |
|
103 |
* @param string The namespace of the page |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
104 |
* @param int Optional. The revision ID to send. |
1 | 105 |
*/ |
106 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
107 |
function __construct( $page_id, $namespace, $revision_id = 0 ) |
1 | 108 |
{ |
109 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
110 |
||
111 |
// See if we can get some debug info |
|
112 |
if ( function_exists('debug_backtrace') && $this->debug['enable'] ) |
|
113 |
{ |
|
114 |
$this->debug['works'] = true; |
|
115 |
$this->debug['backtrace'] = enano_debug_print_backtrace(true); |
|
116 |
} |
|
117 |
||
118 |
// First things first - check page existence and permissions |
|
119 |
||
120 |
if ( !isset($paths->nslist[$namespace]) ) |
|
121 |
{ |
|
122 |
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.'); |
|
123 |
} |
|
124 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
125 |
if ( !is_int($revision_id) ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
126 |
$revision_id = 0; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
127 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
128 |
$this->_setup( $page_id, $namespace, $revision_id ); |
1 | 129 |
|
130 |
} |
|
131 |
||
132 |
/** |
|
133 |
* The main method to send the page content. Also responsible for checking permissions. |
|
134 |
*/ |
|
135 |
||
136 |
function send() |
|
137 |
{ |
|
138 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
139 |
if ( !$this->perms->get_permissions('read') ) |
|
140 |
{ |
|
141 |
$this->err_access_denied(); |
|
142 |
return false; |
|
143 |
} |
|
24 | 144 |
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id; |
145 |
$strict_no_headers = false; |
|
146 |
if ( isset($paths->pages[$pathskey]) ) |
|
147 |
{ |
|
148 |
if ( $paths->pages[$pathskey]['special'] == 1 ) |
|
149 |
{ |
|
150 |
$this->send_headers = false; |
|
151 |
$strict_no_headers = true; |
|
152 |
} |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
153 |
if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') ) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
154 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
155 |
$password =& $paths->pages[$pathskey]['password']; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
156 |
if ( $this->password != $password ) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
157 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
158 |
$this->err_wrong_password(); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
159 |
return false; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
160 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
161 |
} |
24 | 162 |
} |
1 | 163 |
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' ) |
164 |
{ |
|
165 |
if ( !$this->page_exists ) |
|
166 |
{ |
|
167 |
redirect( makeUrl(getConfig('main_page')), 'Can\'t find special page', 'The special or administration page you requested does not exist. You will now be transferred to the main page.', 2 ); |
|
168 |
} |
|
169 |
$func_name = "page_{$this->namespace}_{$this->page_id}"; |
|
170 |
if ( function_exists($func_name) ) |
|
171 |
{ |
|
172 |
return @call_user_func($func_name); |
|
173 |
} |
|
174 |
else |
|
175 |
{ |
|
176 |
$title = 'Page backend not found'; |
|
177 |
$message = "The administration page you are looking for was properly registered using the page API, but the backend function |
|
178 |
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin."; |
|
179 |
||
180 |
if ( $this->send_headers ) |
|
181 |
{ |
|
182 |
$template->tpl_strings['PAGE_NAME'] = $title; |
|
183 |
$template->header(); |
|
184 |
echo "<p>$message</p>"; |
|
185 |
$template->footer(); |
|
186 |
} |
|
187 |
else |
|
188 |
{ |
|
189 |
echo "<h2>$title</h2> |
|
190 |
<p>$message</p>"; |
|
191 |
} |
|
192 |
return false; |
|
193 |
} |
|
194 |
} |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
195 |
else if ( $this->namespace == 'User' ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
196 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
197 |
$this->_handle_userpage(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
198 |
} |
1 | 199 |
else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists ) |
200 |
{ |
|
201 |
$this->header(); |
|
202 |
||
203 |
$text = $this->fetch_text(); |
|
204 |
$text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text); |
|
205 |
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text); |
|
206 |
||
207 |
$text = RenderMan::render( $text ); |
|
208 |
||
209 |
echo $text; |
|
210 |
||
211 |
$this->footer(); |
|
212 |
||
213 |
} |
|
214 |
else if ( !$this->page_exists ) |
|
215 |
{ |
|
216 |
// Perhaps this is hooked? |
|
217 |
ob_start(); |
|
218 |
||
219 |
$code = $plugins->setHook('page_not_found'); |
|
220 |
foreach ( $code as $cmd ) |
|
221 |
{ |
|
222 |
eval($cmd); |
|
223 |
} |
|
224 |
||
225 |
$ob = ob_get_contents(); |
|
226 |
||
227 |
if ( empty($ob) ) |
|
228 |
{ |
|
229 |
$this->err_page_not_existent(); |
|
230 |
} |
|
231 |
} |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
232 |
else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists ) |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
233 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
234 |
// Send as regular page |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
235 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
236 |
// die($this->page_id); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
237 |
|
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
238 |
$text = $this->fetch_text(); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
239 |
if ( $text == 'err_no_text_rows' ) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
240 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
241 |
$this->err_no_rows(); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
242 |
return false; |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
243 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
244 |
else |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
245 |
{ |
24 | 246 |
$this->render( (!$strict_no_headers) ); |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
247 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
248 |
} |
1 | 249 |
} |
250 |
||
251 |
/** |
|
252 |
* Sets internal variables. |
|
253 |
* @access private |
|
254 |
*/ |
|
255 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
256 |
function _setup($page_id, $namespace, $revision_id) |
1 | 257 |
{ |
258 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
259 |
||
260 |
$page_id_cleaned = sanitize_page_id($page_id); |
|
261 |
||
262 |
$this->page_id = $page_id_cleaned; |
|
263 |
$this->namespace = $namespace; |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
264 |
$this->revision_id = $revision_id; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
265 |
$this->page_id_unclean = dirtify_page_id($page_id); |
1 | 266 |
|
267 |
$this->perms = $session->fetch_page_acl( $page_id, $namespace ); |
|
268 |
||
269 |
// Exception for Admin: pages |
|
270 |
if ( $this->namespace == 'Admin' ) |
|
271 |
{ |
|
272 |
$fname = "page_Admin_{$this->page_id}"; |
|
273 |
} |
|
274 |
||
275 |
// Does the page "exist"? |
|
4 | 276 |
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) |
1 | 277 |
{ |
278 |
$this->page_exists = false; |
|
279 |
} |
|
280 |
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) ) |
|
281 |
{ |
|
282 |
$this->page_exists = false; |
|
283 |
} |
|
284 |
else |
|
285 |
{ |
|
286 |
$this->page_exists = true; |
|
287 |
} |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
288 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
289 |
// Compatibility with older databases |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
290 |
if ( strstr($this->page_id, '.2e') && !$this->page_exists ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
291 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
292 |
$page_id = str_replace('.2e', '.', $page_id); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
293 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
294 |
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
295 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
296 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
297 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
298 |
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
299 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
300 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
301 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
302 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
303 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
304 |
$this->page_exists = true; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
305 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
306 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
307 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
308 |
|
1 | 309 |
} |
310 |
||
311 |
/** |
|
312 |
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB. |
|
313 |
* @access private |
|
314 |
*/ |
|
315 |
||
24 | 316 |
function render($incl_inner_headers = true) |
1 | 317 |
{ |
318 |
$text = $this->fetch_text(); |
|
319 |
||
320 |
$this->header(); |
|
24 | 321 |
if ( $incl_inner_headers ) |
322 |
{ |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
323 |
display_page_headers(); |
24 | 324 |
} |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
325 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
326 |
if ( $this->revision_id ) |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
327 |
{ |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
328 |
echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on '.date('F d, Y \a\t h:i a', $this->revision_id).'.<br /><a href="'.makeUrlNS($this->namespace, $this->page_id).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrlNS($this->namespace, $this->pageid, 'do=rollback&id='.$this->revision_id).'" onclick="ajaxRollback(\''.$this->revision_id.'\')">Restore this version</a></div><br />'; |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
329 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
330 |
|
25
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
331 |
if ( $incl_inner_headers ) |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
332 |
{ |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
333 |
$text = '?>' . RenderMan::render($text); |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
334 |
} |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
335 |
else |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
336 |
{ |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
337 |
$text = '?>' . $text; |
26 | 338 |
$text = preg_replace('/<nowiki>(.*?)<\/nowiki>/s', '\\1', $text); |
25
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
339 |
} |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
340 |
// echo('<pre>'.htmlspecialchars($text).'</pre>'); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
341 |
eval ( $text ); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
342 |
|
24 | 343 |
if ( $incl_inner_headers ) |
344 |
{ |
|
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
345 |
display_page_footers(); |
24 | 346 |
} |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
347 |
|
1 | 348 |
$this->footer(); |
349 |
} |
|
350 |
||
351 |
/** |
|
352 |
* Sends the page header, dependent on, of course, whether we're supposed to. |
|
353 |
*/ |
|
354 |
||
355 |
function header() |
|
356 |
{ |
|
357 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
358 |
if ( $this->send_headers ) |
|
359 |
$template->header(); |
|
360 |
} |
|
361 |
||
362 |
/** |
|
363 |
* Sends the page footer, dependent on, of course, whether we're supposed to. |
|
364 |
*/ |
|
365 |
||
366 |
function footer() |
|
367 |
{ |
|
368 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
369 |
if ( $this->send_headers ) |
|
370 |
$template->footer(); |
|
371 |
} |
|
372 |
||
373 |
/** |
|
374 |
* Fetches the raw, unfiltered page text. |
|
375 |
* @access public |
|
376 |
*/ |
|
377 |
||
378 |
function fetch_text() |
|
379 |
{ |
|
380 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
381 |
||
382 |
if ( !empty($this->text_cache) ) |
|
383 |
{ |
|
384 |
return $this->text_cache; |
|
385 |
} |
|
386 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
387 |
if ( $this->revision_id > 0 && is_int($this->revision_id) ) |
1 | 388 |
{ |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
389 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
390 |
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';'); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
391 |
if ( !$q ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
392 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
393 |
$this->send_error('Error during SQL query.', true); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
394 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
395 |
if ( $db->numrows() < 1 ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
396 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
397 |
// Compatibility fix for old pages with dots in the page ID |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
398 |
if ( strstr($this->page_id, '.2e') ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
399 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
400 |
$db->free_result(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
401 |
$page_id = str_replace('.2e', '.', $this->page_id); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
402 |
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';'); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
403 |
if ( !$q ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
404 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
405 |
$this->send_error('Error during SQL query.', true); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
406 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
407 |
if ( $db->numrows() < 1 ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
408 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
409 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
410 |
return 'err_no_text_rows'; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
411 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
412 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
413 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
414 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
415 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
416 |
return 'err_no_text_rows'; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
417 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
418 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
419 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
420 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
421 |
$row = $db->fetchrow(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
422 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
423 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
424 |
$db->free_result(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
425 |
|
1 | 426 |
} |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
427 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
428 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
429 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
430 |
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\';'); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
431 |
if ( !$q ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
432 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
433 |
$this->send_error('Error during SQL query.', true); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
434 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
435 |
if ( $db->numrows() < 1 ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
436 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
437 |
// Compatibility fix for old pages with dots in the page ID |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
438 |
if ( strstr($this->page_id, '.2e') ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
439 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
440 |
$db->free_result(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
441 |
$page_id = str_replace('.2e', '.', $this->page_id); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
442 |
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\';'); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
443 |
if ( !$q ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
444 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
445 |
$this->send_error('Error during SQL query.', true); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
446 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
447 |
if ( $db->numrows() < 1 ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
448 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
449 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
450 |
return 'err_no_text_rows'; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
451 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
452 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
453 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
454 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
455 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
456 |
return 'err_no_text_rows'; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
457 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
458 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
459 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
460 |
$row = $db->fetchrow(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
461 |
$db->free_result(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
462 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
463 |
} |
1 | 464 |
|
465 |
if ( !empty($row['char_tag']) ) |
|
466 |
{ |
|
467 |
// This page text entry uses the old text-escaping format |
|
468 |
$from = array( |
|
469 |
"{APOS:{$row['char_tag']}}", |
|
470 |
"{QUOT:{$row['char_tag']}}", |
|
471 |
"{SLASH:{$row['char_tag']}}" |
|
472 |
); |
|
473 |
$to = array("'", '"', '\\'); |
|
474 |
$row['page_text'] = str_replace($from, $to, $row['page_text']); |
|
475 |
} |
|
476 |
||
477 |
$this->text_cache = $row['page_text']; |
|
478 |
||
479 |
return $row['page_text']; |
|
480 |
||
481 |
} |
|
482 |
||
483 |
/** |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
484 |
* Handles the extra overhead required for user pages. |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
485 |
* @access private |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
486 |
*/ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
487 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
488 |
function _handle_userpage() |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
489 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
490 |
global $db, $session, $paths, $template, $plugins; // Common objects |
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
491 |
global $email; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
492 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
493 |
if ( $this->page_id == $paths->cpage['urlname_nons'] && $this->namespace == $paths->namespace ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
494 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
495 |
$page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
496 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
497 |
else |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
498 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
499 |
$page_name = ( isset($paths->pages[$this->page_id]) ) ? $paths->pages[$this->page_id]['name'] : $this->page_id; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
500 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
501 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
502 |
$target_username = strtr($page_name, |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
503 |
Array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
504 |
'_' => ' ', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
505 |
'<' => '<', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
506 |
'>' => '>' |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
507 |
)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
508 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
509 |
$target_username = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $target_username); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
510 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
511 |
if ( ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) ) || !$this->page_exists ) |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
512 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
513 |
$page_name = "$target_username's user page"; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
514 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
515 |
else |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
516 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
517 |
// User has a custom title for their userpage |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
518 |
$page_name = $paths->pages[ $paths->nslist[$this->namespace] . $this->page_id ]['name']; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
519 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
520 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
521 |
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
522 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
523 |
$q = $db->sql_query('SELECT u.username, u.user_id AS authoritative_uid, u.real_name, u.email, u.reg_time, x.*, COUNT(c.comment_id) AS n_comments |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
524 |
FROM '.table_prefix.'users u |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
525 |
LEFT JOIN '.table_prefix.'users_extra AS x |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
526 |
ON ( u.user_id = x.user_id OR x.user_id IS NULL ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
527 |
LEFT JOIN '.table_prefix.'comments AS c |
47
d6361ccbd2bd
OK, that last commit only made things worse...it's fixed now.
Dan
parents:
46
diff
changeset
|
528 |
ON ( ( c.user_id=u.user_id AND c.name=u.username AND c.approved=1 ) OR ( c.comment_id IS NULL AND c.approved IS NULL ) ) |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
529 |
WHERE u.username=\'' . $db->escape($target_username) . '\' |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
530 |
GROUP BY u.user_id;'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
531 |
if ( !$q ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
532 |
$db->_die(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
533 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
534 |
$user_exists = true; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
535 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
536 |
if ( $db->numrows() < 1 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
537 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
538 |
$user_exists = false; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
539 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
540 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
541 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
542 |
$userdata = $db->fetchrow(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
543 |
if ( $userdata['authoritative_uid'] == 1 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
544 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
545 |
// Hide data for anonymous user |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
546 |
$user_exists = false; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
547 |
unset($userdata); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
548 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
549 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
550 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
551 |
$this->header(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
552 |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
553 |
// if ( $send_headers ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
554 |
// { |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
555 |
// display_page_headers(); |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
556 |
// } |
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
557 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
558 |
// Start left sidebar: basic user info, latest comments |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
559 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
560 |
if ( $user_exists ): |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
561 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
562 |
echo '<table border="0" cellspacing="4" cellpadding="0" style="width: 100%;">'; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
563 |
echo '<tr><td style="width: 150px;" valign="top">'; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
564 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
565 |
echo '<div class="tblholder"> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
566 |
<table border="0" cellspacing="1" cellpadding="4">'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
567 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
568 |
// |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
569 |
// Main part of sidebar |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
570 |
// |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
571 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
572 |
// Basic user info |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
573 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
574 |
echo '<tr><th class="subhead">All about ' . htmlspecialchars($target_username) . '</th></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
575 |
echo '<tr><td class="row3">Joined: ' . date('F d, Y h:i a', $userdata['reg_time']) . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
576 |
echo '<tr><td class="row1">Total comments: ' . $userdata['n_comments'] . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
577 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
578 |
if ( !empty($userdata['real_name']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
579 |
{ |
31
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
28
diff
changeset
|
580 |
echo '<tr><td class="row3">Real name: ' . $userdata['real_name'] . '</td></tr>'; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
581 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
582 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
583 |
// Comments |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
584 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
585 |
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . '\'s latest comments</th></tr>'; |
47
d6361ccbd2bd
OK, that last commit only made things worse...it's fixed now.
Dan
parents:
46
diff
changeset
|
586 |
$q = $db->sql_query('SELECT page_id, namespace, subject, time FROM '.table_prefix.'comments WHERE name=\'' . $db->escape($target_username) . '\' AND user_id=' . $userdata['authoritative_uid'] . ' AND approved=1 ORDER BY time DESC LIMIT 5;'); |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
587 |
if ( !$q ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
588 |
$db->_die(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
589 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
590 |
$comments = Array(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
591 |
$no_comments = false; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
592 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
593 |
if ( $row = $db->fetchrow() ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
594 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
595 |
do |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
596 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
597 |
$row['time'] = date('F d, Y', $row['time']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
598 |
$comments[] = $row; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
599 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
600 |
while ( $row = $db->fetchrow() ); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
601 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
602 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
603 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
604 |
$no_comments = true; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
605 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
606 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
607 |
echo '<tr><td class="row3">'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
608 |
echo '<div style="border: 1px solid #000000; padding: 0px; margin: 0; max-height: 200px; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: transparent;" class="tblholder">'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
609 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
610 |
echo '<table border="0" cellspacing="1" cellpadding="4">'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
611 |
$class = 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
612 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
613 |
$tpl = '<tr> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
614 |
<td class="{CLASS}"> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
615 |
<a href="{PAGE_LINK}" <!-- BEGINNOT page_exists -->class="wikilink-nonexistent"<!-- END page_exists -->>{PAGE}</a><br /> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
616 |
<small>Posted {DATE}<br /></small> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
617 |
<b><a href="{COMMENT_LINK}">{SUBJECT}</a></b> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
618 |
</td> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
619 |
</tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
620 |
$parser = $template->makeParserText($tpl); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
621 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
622 |
if ( count($comments) > 0 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
623 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
624 |
foreach ( $comments as $comment ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
625 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
626 |
$c_page_id = $paths->nslist[ $comment['namespace'] ] . sanitize_page_id($comment['page_id']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
627 |
if ( isset($paths->pages[ $c_page_id ]) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
628 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
629 |
$parser->assign_bool(array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
630 |
'page_exists' => true |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
631 |
)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
632 |
$page_title = $paths->pages[ $c_page_id ]['name']; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
633 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
634 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
635 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
636 |
$parser->assign_bool(array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
637 |
'page_exists' => false |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
638 |
)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
639 |
$page_title = htmlspecialchars(dirtify_page_id($c_page_id)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
640 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
641 |
$parser->assign_vars(array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
642 |
'CLASS' => $class, |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
643 |
'PAGE_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id'])), |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
644 |
'PAGE' => $page_title, |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
645 |
'SUBJECT' => $comment['subject'], |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
646 |
'DATE' => $comment['time'], |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
647 |
'COMMENT_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id']), 'do=comments', true) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
648 |
)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
649 |
$class = ( $class == 'row3' ) ? 'row1' : 'row3'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
650 |
echo $parser->run(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
651 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
652 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
653 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
654 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
655 |
echo '<tr><td class="' . $class . '">This user has not posted any comments.</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
656 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
657 |
echo '</table>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
658 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
659 |
echo '</div>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
660 |
echo '</td></tr>'; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
661 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
662 |
echo ' </table> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
663 |
</div>'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
664 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
665 |
echo '</td><td valign="top" style="padding: 0 10px;">'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
666 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
667 |
else: |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
668 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
669 |
// Nothing for now |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
670 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
671 |
endif; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
672 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
673 |
// User's own content |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
674 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
675 |
$send_headers = $this->send_headers; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
676 |
$this->send_headers = false; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
677 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
678 |
if ( $this->page_exists ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
679 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
680 |
$this->render(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
681 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
682 |
else |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
683 |
{ |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
684 |
$this->err_page_not_existent(true); |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
685 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
686 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
687 |
// Right sidebar |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
688 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
689 |
if ( $user_exists ): |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
690 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
691 |
echo '</td><td style="width: 150px;" valign="top">'; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
692 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
693 |
echo '<div class="tblholder"> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
694 |
<table border="0" cellspacing="1" cellpadding="4">'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
695 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
696 |
// |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
697 |
// Main part of sidebar |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
698 |
// |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
699 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
700 |
// Contact information |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
701 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
702 |
echo '<tr><th class="subhead">Get in touch</th></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
703 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
704 |
$class = 'row3'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
705 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
706 |
if ( $userdata['email_public'] == 1 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
707 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
708 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
709 |
$email_link = $email->encryptEmail($userdata['email']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
710 |
echo '<tr><td class="'.$class.'">E-mail address: ' . $email_link . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
711 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
712 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
713 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
714 |
if ( $session->user_logged_in ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
715 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
716 |
echo '<tr><td class="'.$class.'">Send ' . htmlspecialchars($target_username) . ' a <a href="' . makeUrlNS('Special', 'PrivateMessages/Compose/to/' . $this->page_id, false, true) . '">Private Message</a>!</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
717 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
718 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
719 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
720 |
echo '<tr><td class="'.$class.'">You could send ' . htmlspecialchars($target_username) . ' a private message if you were <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist[$this->namespace] . $this->page_id) . '">logged in</a>.</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
721 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
722 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
723 |
if ( !empty($userdata['user_aim']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
724 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
725 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
37 | 726 |
echo '<tr><td class="'.$class.'">AIM: ' . $userdata['user_aim'] . '</td></tr>'; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
727 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
728 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
729 |
if ( !empty($userdata['user_yahoo']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
730 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
731 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
37 | 732 |
echo '<tr><td class="'.$class.'">Yahoo! IM: ' . $userdata['user_yahoo'] . '</td></tr>'; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
733 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
734 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
735 |
if ( !empty($userdata['user_msn']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
736 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
737 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
738 |
$email_link = $email->encryptEmail($userdata['user_msn']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
739 |
echo '<tr><td class="'.$class.'">WLM: ' . $email_link . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
740 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
741 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
742 |
if ( !empty($userdata['user_xmpp']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
743 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
744 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
745 |
$email_link = $email->encryptEmail($userdata['user_xmpp']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
746 |
echo '<tr><td class="'.$class.'">XMPP/Jabber: ' . $email_link . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
747 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
748 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
749 |
// Real life |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
750 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
751 |
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . ' in real life</th></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
752 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
753 |
if ( !empty($userdata['user_location']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
754 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
755 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
37 | 756 |
echo '<tr><td class="'.$class.'">Location: ' . $userdata['user_location'] . '</td></tr>'; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
757 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
758 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
759 |
if ( !empty($userdata['user_job']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
760 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
761 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
37 | 762 |
echo '<tr><td class="'.$class.'">Job/occupation: ' . $userdata['user_job'] . '</td></tr>'; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
763 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
764 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
765 |
if ( !empty($userdata['user_hobbies']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
766 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
767 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
37 | 768 |
echo '<tr><td class="'.$class.'">Enjoys: ' . $userdata['user_hobbies'] . '</td></tr>'; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
769 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
770 |
|
28 | 771 |
if ( empty($userdata['user_location']) && empty($userdata['user_job']) && empty($userdata['user_hobbies']) ) |
772 |
{ |
|
773 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
|
774 |
echo '<tr><td class="'.$class.'">' . htmlspecialchars($target_username) . ' hasn\'t posted any real-life contact information.</td></tr>'; |
|
775 |
} |
|
776 |
||
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
777 |
echo ' </table> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
778 |
</div>'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
779 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
780 |
echo '</tr></table>'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
781 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
782 |
else: |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
783 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
784 |
echo '<p>Additional information: user "' . htmlspecialchars($target_username) . '" does not exist.</p>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
785 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
786 |
endif; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
787 |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
788 |
// if ( $send_headers ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
789 |
// { |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
790 |
// display_page_footers(); |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
791 |
// } |
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
792 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
793 |
$this->send_headers = $send_headers; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
794 |
unset($send_headers); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
795 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
796 |
$this->footer(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
797 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
798 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
799 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
800 |
/** |
1 | 801 |
* Send the error message to the user that the access to this page is denied. |
802 |
* @access private |
|
803 |
*/ |
|
804 |
||
805 |
function err_access_denied() |
|
806 |
{ |
|
807 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
808 |
||
809 |
$ob = ''; |
|
810 |
$template->tpl_strings['PAGE_NAME'] = 'Access denied'; |
|
811 |
||
812 |
if ( $this->send_headers ) |
|
813 |
{ |
|
814 |
$ob .= $template->getHeader(); |
|
815 |
} |
|
816 |
||
817 |
$ob .= '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>'; |
|
818 |
||
819 |
if ( $this->send_headers ) |
|
820 |
{ |
|
821 |
$ob .= $template->getFooter(); |
|
822 |
} |
|
823 |
echo $ob; |
|
824 |
} |
|
825 |
||
826 |
/** |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
827 |
* Inform the user of an incorrect or absent password |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
828 |
* @access private |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
829 |
*/ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
830 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
831 |
function err_wrong_password() |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
832 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
833 |
global $db, $session, $paths, $template, $plugins; // Common objects |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
834 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
835 |
$title = 'Password required'; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
836 |
$message = ( empty($this->password) ) ? '<p>Access to this page requires a password. Please enter the password for this page below:</p>' : '<p>The password you entered for this page was incorrect. Please enter the password for this page below:</p>'; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
837 |
$message .= '<form action="' . makeUrlNS($this->namespace, $this->page_id) . '" method="post"> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
838 |
<p> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
839 |
<label>Password: <input name="pagepass" type="password" /></label> <input type="submit" value="Submit" /> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
840 |
</p> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
841 |
</form>'; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
842 |
if ( $this->send_headers ) |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
843 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
844 |
$template->tpl_strings['PAGE_NAME'] = $title; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
845 |
$template->header(); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
846 |
echo "$message"; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
847 |
$template->footer(); |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
848 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
849 |
else |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
850 |
{ |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
851 |
echo "<h2>$title</h2> |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
852 |
$message"; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
853 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
854 |
} |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
855 |
|
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
31
diff
changeset
|
856 |
/** |
1 | 857 |
* Send the error message to the user complaining that there weren't any rows. |
858 |
* @access private |
|
859 |
*/ |
|
860 |
||
861 |
function err_no_rows() |
|
862 |
{ |
|
863 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
864 |
||
865 |
$title = 'No text rows'; |
|
866 |
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>'; |
|
867 |
if ( $this->send_headers ) |
|
868 |
{ |
|
869 |
$template->tpl_strings['PAGE_NAME'] = $title; |
|
870 |
$template->header(); |
|
871 |
echo "<p>$message</p>"; |
|
872 |
$template->footer(); |
|
873 |
} |
|
874 |
else |
|
875 |
{ |
|
876 |
echo "<h2>$title</h2> |
|
877 |
<p>$message</p>"; |
|
878 |
} |
|
879 |
} |
|
880 |
||
881 |
/** |
|
882 |
* Tell the user the page doesn't exist, and present them with their options. |
|
883 |
* @access private |
|
884 |
*/ |
|
885 |
||
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
886 |
function err_page_not_existent($userpage = false) |
1 | 887 |
{ |
888 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
889 |
||
890 |
$this->header(); |
|
891 |
header('HTTP/1.1 404 Not Found'); |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
892 |
if ( $userpage ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
893 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
894 |
echo '<h3>There is no page with this title yet.</h3> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
895 |
<p>This user has not created his or her user page yet.'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
896 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
897 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
898 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
899 |
echo '<h3>There is no page with this title yet.</h3> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
900 |
<p>You have requested a page that doesn\'t exist yet.'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
901 |
} |
1 | 902 |
if ( $session->get_permissions('create_page') ) |
903 |
{ |
|
904 |
echo ' You can <a href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.'; |
|
905 |
} |
|
906 |
else |
|
907 |
{ |
|
908 |
echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>'; |
|
909 |
} |
|
910 |
if ( $session->get_permissions('history_rollback') ) |
|
911 |
{ |
|
912 |
$e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;'); |
|
913 |
if ( !$e ) |
|
914 |
{ |
|
915 |
$db->_die('The deletion log could not be selected.'); |
|
916 |
} |
|
917 |
if ( $db->numrows() > 0 ) |
|
918 |
{ |
|
919 |
$r = $db->fetchrow(); |
|
28 | 920 |
echo '<p><b>This page was deleted on ' . $r['date_string'] . '.</b> The stated reason was:</p><blockquote>' . $r['edit_summary'] . '</blockquote><p>You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>'; |
1 | 921 |
} |
922 |
$db->free_result(); |
|
923 |
} |
|
924 |
echo '<p> |
|
925 |
HTTP Error: 404 Not Found |
|
926 |
</p>'; |
|
927 |
$this->footer(); |
|
928 |
} |
|
929 |
||
930 |
/** |
|
931 |
* PHP 4 constructor. |
|
932 |
* @see PageProcessor::__construct() |
|
933 |
*/ |
|
934 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
935 |
function PageProcessor( $page_id, $namespace, $revision_id = 0 ) |
1 | 936 |
{ |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
937 |
$this->__construct($page_id, $namespace, $revision_id); |
1 | 938 |
} |
939 |
||
940 |
/** |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
941 |
* Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user. |
1 | 942 |
* @var string Error message |
943 |
* @var bool If true, send DBAL's debugging information as well |
|
944 |
*/ |
|
945 |
||
946 |
function send_error($message, $sql = false) |
|
947 |
{ |
|
948 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
949 |
||
950 |
$content = "<p>$message</p>"; |
|
951 |
$template->tpl_strings['PAGE_NAME'] = 'General error in page fetcher'; |
|
952 |
||
953 |
if ( $this->debug['works'] ) |
|
954 |
{ |
|
955 |
$content .= $this->debug['backtrace']; |
|
956 |
} |
|
957 |
||
958 |
header('HTTP/1.1 500 Internal Server Error'); |
|
959 |
||
960 |
$template->header(); |
|
961 |
echo $content; |
|
962 |
$template->footer(); |
|
963 |
||
964 |
$db->close(); |
|
965 |
||
966 |
exit; |
|
967 |
||
968 |
} |
|
969 |
||
970 |
} // class PageProcessor |
|
971 |
||
972 |
?> |