1
+ − 1
<?php
+ − 2
/*
+ − 3
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 4
* Version 1.0.2 (Coblynau)
1
+ − 5
* Copyright (C) 2006-2007 Dan Fuhry
+ − 6
* pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
class PageUtils {
+ − 16
+ − 17
/**
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 18
* Tell if a username is used or not.
1
+ − 19
* @param $name the name to check for
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 20
* @return string
1
+ − 21
*/
+ − 22
+ − 23
function checkusername($name)
+ − 24
{
+ − 25
global $db, $session, $paths, $template, $plugins; // Common objects
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 26
$q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 27
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 28
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 29
die(mysql_error());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 30
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 31
if ( $db->numrows() < 1)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 32
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 33
$db->free_result(); return('good');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 34
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 35
else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 36
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 37
$db->free_result(); return('bad');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 38
}
1
+ − 39
}
+ − 40
+ − 41
/**
+ − 42
* Get the wiki formatting source for a page
+ − 43
* @param $page the full page id (Namespace:Pagename)
+ − 44
* @return string
+ − 45
* @todo (DONE) Make it require a password (just for security purposes)
+ − 46
*/
+ − 47
+ − 48
function getsource($page, $password = false)
+ − 49
{
+ − 50
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 51
if(!isset($paths->pages[$page]))
+ − 52
{
+ − 53
return '';
+ − 54
}
+ − 55
+ − 56
if(strlen($paths->pages[$page]['password']) == 40)
+ − 57
{
+ − 58
if(!$password || ( $password != $paths->pages[$page]['password']))
+ − 59
{
+ − 60
return 'invalid_password';
+ − 61
}
+ − 62
}
+ − 63
+ − 64
if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
+ − 65
return 'access_denied';
+ − 66
$pid = RenderMan::strToPageID($page);
+ − 67
if($pid[1] == 'Special' || $pid[1] == 'Admin')
+ − 68
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 69
die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
1
+ − 70
}
+ − 71
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 72
$e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
1
+ − 73
if ( !$e )
+ − 74
{
+ − 75
$db->_die('The page text could not be selected.');
+ − 76
}
+ − 77
if( $db->numrows() < 1 )
+ − 78
{
+ − 79
return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
+ − 80
}
+ − 81
+ − 82
$r = $db->fetchrow();
+ − 83
$db->free_result();
+ − 84
$message = $r['page_text'];
+ − 85
+ − 86
return htmlspecialchars($message);
+ − 87
}
+ − 88
+ − 89
/**
+ − 90
* Basically a frontend to RenderMan::getPage(), with the ability to send valid data for nonexistent pages
+ − 91
* @param $page the full page id (Namespace:Pagename)
+ − 92
* @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
+ − 93
* @return string
+ − 94
*/
+ − 95
+ − 96
function getpage($page, $send_headers = false, $hist_id = false)
+ − 97
{
+ − 98
die('PageUtils->getpage is deprecated.');
+ − 99
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 100
ob_start();
+ − 101
$pid = RenderMan::strToPageID($page);
+ − 102
//die('<pre>'.print_r($pid, true).'</pre>');
+ − 103
if(isset($paths->pages[$page]['password']) && strlen($paths->pages[$page]['password']) == 40)
+ − 104
{
+ − 105
password_prompt($page);
+ − 106
}
+ − 107
if(isset($paths->pages[$page]))
+ − 108
{
+ − 109
doStats($pid[0], $pid[1]);
+ − 110
}
+ − 111
if($paths->custom_page || $pid[1] == 'Special')
+ − 112
{
+ − 113
// If we don't have access to the page, get out and quick!
+ − 114
if(!$session->get_permissions('read') && $pid[0] != 'Login' && $pid[0] != 'Register')
+ − 115
{
+ − 116
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 117
+ − 118
if ( $send_headers )
+ − 119
{
+ − 120
$template->header();
+ − 121
}
+ − 122
+ − 123
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 124
+ − 125
if ( $send_headers )
+ − 126
{
+ − 127
$template->footer();
+ − 128
}
+ − 129
+ − 130
$r = ob_get_contents();
+ − 131
ob_end_clean();
+ − 132
return $r;
+ − 133
}
+ − 134
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 135
$fname = 'page_' . $pid[1] . '_' . $paths->pages[$page]['urlname_nons'];
1
+ − 136
@call_user_func($fname);
+ − 137
+ − 138
}
+ − 139
else if ( $pid[1] == 'Admin' )
+ − 140
{
+ − 141
// If we don't have access to the page, get out and quick!
+ − 142
if(!$session->get_permissions('read'))
+ − 143
{
+ − 144
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 145
if ( $send_headers )
+ − 146
{
+ − 147
$template->header();
+ − 148
}
+ − 149
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 150
if ( $send_headers )
+ − 151
{
+ − 152
$template->footer();
+ − 153
}
+ − 154
$r = ob_get_contents();
+ − 155
ob_end_clean();
+ − 156
return $r;
+ − 157
}
+ − 158
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 159
$fname = 'page_' . $pid[1] . '_' . $pid[0];
1
+ − 160
if ( !function_exists($fname) )
+ − 161
{
+ − 162
$title = 'Page backend not found';
+ − 163
$message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 164
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 165
if ( $send_headers )
+ − 166
{
+ − 167
die_friendly($title, "<p>$message</p>");
+ − 168
}
+ − 169
else
+ − 170
{
+ − 171
echo "<h2>$title</h2>\n<p>$message</p>";
+ − 172
}
+ − 173
}
+ − 174
@call_user_func($fname);
+ − 175
}
+ − 176
else if ( !isset( $paths->pages[$page] ) )
+ − 177
{
+ − 178
ob_start();
+ − 179
$code = $plugins->setHook('page_not_found');
+ − 180
foreach ( $code as $cmd )
+ − 181
{
+ − 182
eval($cmd);
+ − 183
}
+ − 184
$text = ob_get_contents();
+ − 185
if ( $text != '' )
+ − 186
{
+ − 187
ob_end_clean();
+ − 188
return $text;
+ − 189
}
+ − 190
$template->header();
+ − 191
if($m = $paths->sysmsg('Page_not_found'))
+ − 192
{
+ − 193
eval('?>'.RenderMan::render($m));
+ − 194
}
+ − 195
else
+ − 196
{
+ − 197
header('HTTP/1.1 404 Not Found');
+ − 198
echo '<h3>There is no page with this title yet.</h3>
+ − 199
<p>You have requested a page that doesn\'t exist yet.';
+ − 200
if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 201
else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 202
if ( $session->get_permissions('history_rollback') )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 203
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 204
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'logs WHERE action=\'delete\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' ORDER BY time_id DESC;');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 205
if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 206
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 207
$db->_die('The deletion log could not be selected.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 208
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 209
if ($db->numrows() > 0 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 210
{
1
+ − 211
$r = $db->fetchrow();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 212
echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">roll back</a> the deletion.</p>';
1
+ − 213
}
+ − 214
$db->free_result();
+ − 215
}
+ − 216
echo '<p>
+ − 217
HTTP Error: 404 Not Found
+ − 218
</p>';
+ − 219
}
+ − 220
$template->footer();
+ − 221
}
+ − 222
else
+ − 223
{
+ − 224
+ − 225
// If we don't have access to the page, get out and quick!
+ − 226
if(!$session->get_permissions('read'))
+ − 227
{
+ − 228
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 229
if($send_headers) $template->header();
+ − 230
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 231
if($send_headers) $template->footer();
+ − 232
$r = ob_get_contents();
+ − 233
ob_end_clean();
+ − 234
return $r;
+ − 235
}
+ − 236
+ − 237
ob_start();
+ − 238
$code = $plugins->setHook('page_custom_handler');
+ − 239
foreach ( $code as $cmd )
+ − 240
{
+ − 241
eval($cmd);
+ − 242
}
+ − 243
$text = ob_get_contents();
+ − 244
if ( $text != '' )
+ − 245
{
+ − 246
ob_end_clean();
+ − 247
return $text;
+ − 248
}
+ − 249
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 250
if ( $hist_id )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 251
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 252
$e = $db->sql_query('SELECT page_text,date_string,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $paths->pages[$page]['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' AND log_type=\'page\' AND action=\'edit\' AND time_id=' . $db->escape($hist_id) . '');
1
+ − 253
if($db->numrows() < 1)
+ − 254
{
+ − 255
$db->_die('There were no rows in the text table that matched the page text query.');
+ − 256
}
+ − 257
$r = $db->fetchrow();
+ − 258
$db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 259
$message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on ' . $r['date_string'] . '.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrl($page, 'do=rollback&id=' . $hist_id) . '" onclick="ajaxRollback(\'' . $hist_id . '\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
1
+ − 260
+ − 261
if( !$paths->pages[$page]['special'] )
+ − 262
{
+ − 263
if($send_headers)
+ − 264
{
+ − 265
$template->header();
+ − 266
}
+ − 267
display_page_headers();
+ − 268
}
+ − 269
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 270
eval('?>' . $message);
1
+ − 271
+ − 272
if( !$paths->pages[$page]['special'] )
+ − 273
{
+ − 274
display_page_footers();
+ − 275
if($send_headers)
+ − 276
{
+ − 277
$template->footer();
+ − 278
}
+ − 279
}
+ − 280
+ − 281
} else {
+ − 282
if(!$paths->pages[$page]['special'])
+ − 283
{
+ − 284
$message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1]);
+ − 285
}
+ − 286
else
+ − 287
{
+ − 288
$message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1], 0, false, false, false, false);
+ − 289
}
+ − 290
// This line is used to debug wikiformatted code
+ − 291
// die('<pre>'.htmlspecialchars($message).'</pre>');
+ − 292
+ − 293
if( !$paths->pages[$page]['special'] )
+ − 294
{
+ − 295
if($send_headers)
+ − 296
{
+ − 297
$template->header();
+ − 298
}
+ − 299
display_page_headers();
+ − 300
}
+ − 301
+ − 302
// This is it, this is what all of Enano has been working up to...
+ − 303
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 304
eval('?>' . $message);
1
+ − 305
+ − 306
if( !$paths->pages[$page]['special'] )
+ − 307
{
+ − 308
display_page_footers();
+ − 309
if($send_headers)
+ − 310
{
+ − 311
$template->footer();
+ − 312
}
+ − 313
}
+ − 314
}
+ − 315
}
+ − 316
$ret = ob_get_contents();
+ − 317
ob_end_clean();
+ − 318
return $ret;
+ − 319
}
+ − 320
+ − 321
/**
+ − 322
* Writes page data to the database, after verifying permissions and running the XSS filter
+ − 323
* @param $page_id the page ID
+ − 324
* @param $namespace the namespace
+ − 325
* @param $message the text to save
+ − 326
* @return string
+ − 327
*/
+ − 328
+ − 329
function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
+ − 330
{
+ − 331
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 332
$uid = sha1(microtime());
+ − 333
$pname = $paths->nslist[$namespace] . $page_id;
+ − 334
+ − 335
if(!$session->get_permissions('edit_page'))
+ − 336
return 'Access to edit pages is denied.';
+ − 337
+ − 338
if(!isset($paths->pages[$pname]))
+ − 339
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 340
$create = PageUtils::createPage($page_id, $namespace);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 341
if ( $create != 'good' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 342
return 'The page did not exist, and I was not able to create it. The reported error was: ' . $create;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 343
$paths->page_exists = true;
1
+ − 344
}
+ − 345
+ − 346
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 347
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 348
if(($prot || !$wiki) && $session->user_level < USER_LEVEL_ADMIN ) return('You are not authorized to edit this page.');
+ − 349
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 350
// Strip potentially harmful tags and PHP from the message, dependent upon permissions settings
1
+ − 351
$message = RenderMan::preprocess_text($message, false, false);
+ − 352
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 353
$msg = $db->escape($message);
1
+ − 354
+ − 355
$minor = $minor ? 'true' : 'false';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 356
$q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $paths->cpage['urlname_nons'] . '\', \'' . $paths->namespace . '\', \'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');';
1
+ − 357
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 358
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 359
$q = 'UPDATE ' . table_prefix.'page_text SET page_text=\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';';
1
+ − 360
$e = $db->sql_query($q);
+ − 361
if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
+ − 362
+ − 363
$paths->rebuild_page_index($page_id, $namespace);
+ − 364
+ − 365
return 'good';
+ − 366
}
+ − 367
+ − 368
/**
+ − 369
* Creates a page, both in memory and in the database.
+ − 370
* @param string $page_id
+ − 371
* @param string $namespace
+ − 372
* @return bool true on success, false on failure
+ − 373
*/
+ − 374
+ − 375
function createPage($page_id, $namespace, $name = false, $visible = 1)
+ − 376
{
+ − 377
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 378
if(in_array($namespace, Array('Special', 'Admin')))
+ − 379
{
+ − 380
// echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 381
return 'You can\'t create a special page in the database';
1
+ − 382
}
+ − 383
+ − 384
if(!isset($paths->nslist[$namespace]))
+ − 385
{
+ − 386
// echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 387
return 'Couldn\'t look up the namespace';
1
+ − 388
}
+ − 389
+ − 390
$pname = $paths->nslist[$namespace] . $page_id;
+ − 391
if(isset($paths->pages[$pname]))
+ − 392
{
+ − 393
// echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 394
return 'Page already exists';
1
+ − 395
}
+ − 396
+ − 397
if(!$session->get_permissions('create_page'))
+ − 398
{
+ − 399
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 400
return 'Not authorized to create pages';
1
+ − 401
}
+ − 402
+ − 403
if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
+ − 404
{
+ − 405
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 406
return 'Not authorized to create system messages';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 407
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 408
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 409
if ( substr($page_id, 0, 8) == 'Project:' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 410
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 411
// echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 412
return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
1
+ − 413
}
+ − 414
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 415
$page_id = dirtify_page_id($page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 416
1
+ − 417
if ( !$name )
+ − 418
$name = str_replace('_', ' ', $page_id);
+ − 419
$regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
+ − 420
if(!preg_match($regex, $page))
+ − 421
{
+ − 422
//echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 423
return 'Name contains invalid characters';
1
+ − 424
}
+ − 425
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 426
$page_id = sanitize_page_id( $page_id );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 427
1
+ − 428
$prot = ( $namespace == 'System' ) ? 1 : 0;
+ − 429
112
+ − 430
$ips = array(
+ − 431
'ip' => array(),
+ − 432
'u' => array()
+ − 433
);
+ − 434
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 435
$page_data = Array(
1
+ − 436
'name'=>$name,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 437
'urlname'=>$page_id,
1
+ − 438
'namespace'=>$namespace,
112
+ − 439
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 440
);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 441
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 442
// die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
+ − 443
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 444
$paths->add_page($page_data);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 445
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 446
$qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 447
$qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 448
$qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1
+ − 449
+ − 450
if($qa && $qb && $qc)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 451
return 'good';
1
+ − 452
else
+ − 453
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 454
return $db->get_error();
1
+ − 455
}
+ − 456
}
+ − 457
+ − 458
/**
+ − 459
* Sets the protection level on a page.
+ − 460
* @param $page_id string the page ID
+ − 461
* @param $namespace string the namespace
+ − 462
* @param $level int level of protection - 0 is off, 1 is full, 2 is semi
+ − 463
* @param $reason string why the page is being (un)protected
+ − 464
* @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
+ − 465
*/
+ − 466
function protect($page_id, $namespace, $level, $reason)
+ − 467
{
+ − 468
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 469
+ − 470
$pname = $paths->nslist[$namespace] . $page_id;
+ − 471
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 472
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 473
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 474
if ( !$session->get_permissions('protect') )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 475
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 476
return('Insufficient access rights');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 477
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 478
if ( !$wiki )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 479
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 480
return('Page protection only has an effect when Wiki Mode is enabled.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 481
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 482
if ( !preg_match('#^([0-9]+){1}$#', (string)$level) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 483
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 484
return('Invalid $level parameter.');
1
+ − 485
}
+ − 486
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 487
switch($level)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 488
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 489
case 0:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 490
$q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 491
break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 492
case 1:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 493
$q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 494
break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 495
case 2:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 496
$q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 497
break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 498
default:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 499
return 'PageUtils::protect(): Invalid value for $level';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 500
break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 501
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 502
if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 503
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 504
$q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 505
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 506
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 507
$db->_die('The pages table was not updated.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 508
}
1
+ − 509
+ − 510
return('good');
+ − 511
}
+ − 512
+ − 513
/**
+ − 514
* Generates an HTML table with history information in it.
+ − 515
* @param $page_id the page ID
+ − 516
* @param $namespace the namespace
+ − 517
* @return string
+ − 518
*/
+ − 519
+ − 520
function histlist($page_id, $namespace)
+ − 521
{
+ − 522
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 523
+ − 524
if(!$session->get_permissions('history_view'))
+ − 525
return 'Access denied';
+ − 526
+ − 527
ob_start();
+ − 528
+ − 529
$pname = $paths->nslist[$namespace] . $page_id;
+ − 530
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 531
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 532
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 533
$q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' ORDER BY time_id DESC;';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 534
if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
1
+ − 535
echo 'History of edits and actions<h3>Edits:</h3>';
+ − 536
$numrows = $db->numrows();
+ − 537
if($numrows < 1) echo 'No history entries in this category.';
+ − 538
else
+ − 539
{
+ − 540
+ − 541
echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
+ − 542
<input type="submit" value="Compare selected revisions" />
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 543
' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 544
' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 545
<input type="hidden" name="do" value="diff" />
1
+ − 546
<br /><span> </span>
+ − 547
<div class="tblholder">
+ − 548
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 549
<tr>
+ − 550
<th colspan="2">Diff</th>
+ − 551
<th>Date/time</th>
+ − 552
<th>User</th>
+ − 553
<th>Edit summary</th>
+ − 554
<th>Minor</th>
+ − 555
<th colspan="3">Actions</th>
+ − 556
</tr>'."\n"."\n";
+ − 557
$cls = 'row2';
+ − 558
$ticker = 0;
+ − 559
+ − 560
while($r = $db->fetchrow()) {
+ − 561
+ − 562
$ticker++;
+ − 563
+ − 564
if($cls == 'row2') $cls = 'row1';
+ − 565
else $cls = 'row2';
+ − 566
+ − 567
echo '<tr>'."\n";
+ − 568
+ − 569
// Diff selection
+ − 570
if($ticker == 1)
+ − 571
{
+ − 572
$s1 = '';
+ − 573
$s2 = 'checked="checked" ';
+ − 574
}
+ − 575
elseif($ticker == 2)
+ − 576
{
+ − 577
$s1 = 'checked="checked" ';
+ − 578
$s2 = '';
+ − 579
}
+ − 580
else
+ − 581
{
+ − 582
$s1 = '';
+ − 583
$s2 = '';
+ − 584
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 585
if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 586
if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
1
+ − 587
+ − 588
// Date and time
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 589
echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'."\n";
1
+ − 590
+ − 591
// User
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 592
if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 593
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 594
$rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 595
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 596
else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 597
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 598
$rc = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 599
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 600
echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', $r['author']).'" ';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 601
if ( !isPage($paths->nslist['User'] . $r['author']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 602
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 603
echo 'class="wikilink-nonexistent"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 604
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 605
echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";
1
+ − 606
+ − 607
// Edit summary
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 608
echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
1
+ − 609
+ − 610
// Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 611
echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
1
+ − 612
+ − 613
// Actions!
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 614
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['time_id']) . '" onclick="ajaxHistView(\'' . $r['time_id'] . '\'); return false;">View revision</a></td>'."\n";
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 615
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>'."\n";
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 616
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert to this revision</a></td>'."\n";
1
+ − 617
+ − 618
echo '</tr>'."\n"."\n";
+ − 619
+ − 620
}
+ − 621
echo '</table>
+ − 622
</div>
+ − 623
<br />
+ − 624
<input type="hidden" name="do" value="diff" />
+ − 625
<input type="submit" value="Compare selected revisions" />
+ − 626
</form>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 627
<script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
+ − 628
}
+ − 629
$db->free_result();
+ − 630
echo '<h3>Other changes:</h3>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 631
$q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 632
if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
1
+ − 633
if($db->numrows() < 1) echo 'No history entries in this category.';
+ − 634
else {
+ − 635
+ − 636
echo '<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th>Date/time</th><th>User</th><th>Minor</th><th>Action taken</th><th>Extra info</th><th colspan="2"></th></tr>';
+ − 637
$cls = 'row2';
+ − 638
while($r = $db->fetchrow()) {
+ − 639
+ − 640
if($cls == 'row2') $cls = 'row1';
+ − 641
else $cls = 'row2';
+ − 642
+ − 643
echo '<tr>';
+ − 644
+ − 645
// Date and time
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 646
echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">';
1
+ − 647
+ − 648
// User
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 649
echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', $r['author']).'" ';
1
+ − 650
if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 651
echo '>' . $r['author'] . '</a></td class="' . $cls . '">';
1
+ − 652
+ − 653
+ − 654
// Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 655
echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
1
+ − 656
+ − 657
// Action taken
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 658
echo '<td class="' . $cls . '">';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 659
// Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 660
if ($r['action']=='prot') echo 'Protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 661
elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 662
elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 663
elseif($r['action']=='rename') echo 'Renamed page</td><td class="' . $cls . '">Old title: '.htmlspecialchars($r['edit_summary']);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 664
elseif($r['action']=='create') echo 'Created page</td><td class="' . $cls . '">';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 665
elseif($r['action']=='delete') echo 'Deleted page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 666
elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="' . $cls . '">Reason: '.htmlspecialchars($r['edit_summary']);
1
+ − 667
echo '</td>';
+ − 668
+ − 669
// Actions!
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 670
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 671
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert action</a></td>';
1
+ − 672
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 673
//echo '(<a href="#" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">rollback</a>) <i>' . $r['date_string'] . '</i> ' . $r['author'] . ' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">Contrib</a>): ';
1
+ − 674
+ − 675
if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 676
echo '<br />';
+ − 677
+ − 678
echo '</tr>';
+ − 679
}
+ − 680
echo '</table></div>';
+ − 681
}
+ − 682
$db->free_result();
+ − 683
$ret = ob_get_contents();
+ − 684
ob_end_clean();
+ − 685
return $ret;
+ − 686
}
+ − 687
+ − 688
/**
+ − 689
* Rolls back a logged action
+ − 690
* @param $id the time ID, a.k.a. the primary key in the logs table
+ − 691
* @return string
+ − 692
*/
+ − 693
+ − 694
function rollback($id)
+ − 695
{
+ − 696
global $db, $session, $paths, $template, $plugins; // Common objects
158
+ − 697
if ( !$session->get_permissions('history_rollback') )
+ − 698
{
+ − 699
return('You are not authorized to perform rollbacks.');
+ − 700
}
+ − 701
if ( !preg_match('#^([0-9]+)$#', (string)$id) )
+ − 702
{
+ − 703
return('The value "id" on the query string must be an integer.');
+ − 704
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 705
$e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id . ';');
158
+ − 706
if ( !$e )
+ − 707
{
+ − 708
$db->_die('The rollback data could not be selected.');
+ − 709
}
1
+ − 710
$rb = $db->fetchrow();
+ − 711
$db->free_result();
158
+ − 712
+ − 713
if ( $rb['log_type'] == 'page' && $rb['action'] != 'delete' )
+ − 714
{
+ − 715
$pagekey = $paths->nslist[$rb['namespace']] . $rb['page_id'];
+ − 716
if ( !isset($paths->pages[$pagekey]) )
+ − 717
{
+ − 718
return "Page doesn't exist";
+ − 719
}
+ − 720
$pagedata =& $paths->pages[$pagekey];
+ − 721
$protected = false;
+ − 722
// Special case: is the page protected? if so, check for even_when_protected permissions
+ − 723
if($pagedata['protected'] == 2)
+ − 724
{
+ − 725
// The page is semi-protected, determine permissions
+ − 726
if($session->user_logged_in && $session->reg_time + 60*60*24*4 < time())
+ − 727
{
+ − 728
$protected = false;
+ − 729
}
+ − 730
else
+ − 731
{
+ − 732
$protected = true;
+ − 733
}
+ − 734
}
+ − 735
else
+ − 736
{
+ − 737
$protected = ( $pagedata['protected'] == 1 );
+ − 738
}
+ − 739
+ − 740
$perms = $session->fetch_page_acl($rb['page_id'], $rb['namespace']);
+ − 741
+ − 742
if ( $protected && !$perms->get_permissions('even_when_protected') )
+ − 743
{
+ − 744
return "Because this page is protected, you need moderator rights to roll back changes.";
+ − 745
}
+ − 746
}
+ − 747
else
+ − 748
{
+ − 749
$perms =& $session;
+ − 750
}
+ − 751
+ − 752
switch($rb['log_type'])
+ − 753
{
1
+ − 754
case "page":
158
+ − 755
switch($rb['action'])
+ − 756
{
1
+ − 757
case "edit":
158
+ − 758
if ( !$perms->get_permissions('edit_page') )
+ − 759
return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
1
+ − 760
$t = $db->escape($rb['page_text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 761
$e = $db->sql_query('UPDATE ' . table_prefix.'page_text SET page_text=\'' . $t . '\',char_tag=\'' . $rb['char_tag'] . '\' WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 762
if ( !$e )
+ − 763
{
+ − 764
return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 765
}
+ − 766
else
+ − 767
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 768
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on ' . $rb['date_string'] . '.';
158
+ − 769
}
1
+ − 770
break;
+ − 771
case "rename":
158
+ − 772
if ( !$perms->get_permissions('rename') )
+ − 773
return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
1
+ − 774
$t = $db->escape($rb['edit_summary']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 775
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $t . '\' WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 776
if ( !$e )
+ − 777
{
+ − 778
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 779
}
+ − 780
else
+ − 781
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 782
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("' . $rb['edit_summary'] . '") before ' . $rb['date_string'] . '.';
158
+ − 783
}
1
+ − 784
break;
+ − 785
case "prot":
158
+ − 786
if ( !$perms->get_permissions('protect') )
+ − 787
return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 788
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 789
if ( !$e )
+ − 790
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 791
else
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 792
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 793
break;
+ − 794
case "semiprot":
158
+ − 795
if ( !$perms->get_permissions('protect') )
+ − 796
return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 797
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 798
if ( !$e )
+ − 799
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 800
else
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 801
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 802
break;
+ − 803
case "unprot":
158
+ − 804
if ( !$perms->get_permissions('protect') )
+ − 805
return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 806
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=1 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 807
if ( !$e )
+ − 808
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 809
else
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 810
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 811
break;
+ − 812
case "delete":
158
+ − 813
if ( !$perms->get_permissions('history_rollback_extra') )
+ − 814
return 'Administrative privileges are required for page undeletion.';
+ − 815
if ( isset($paths->pages[$paths->cpage['urlname']]) )
+ − 816
return 'You cannot raise a dead page that is alive.';
1
+ − 817
$name = str_replace('_', ' ', $rb['page_id']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 818
$e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 819
$e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
1
+ − 820
$r = $db->fetchrow();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 821
$e = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\',\'' . $db->escape($r['page_text']) . '\',\'' . $r['char_tag'] . '\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 822
return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.';
1
+ − 823
break;
+ − 824
case "reupload":
158
+ − 825
if ( !$session->get_permissions('history_rollbacks_extra') )
+ − 826
{
+ − 827
return 'Administrative privileges are required for file rollbacks.';
+ − 828
}
1
+ − 829
$newtime = time();
+ − 830
$newdate = date('d M Y h:i a');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 831
if(!$db->sql_query('UPDATE ' . table_prefix.'logs SET time_id=' . $newtime . ',date_string=\'' . $newdate . '\' WHERE time_id=' . $id))
158
+ − 832
return 'Error during query: '.mysql_error();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 833
if(!$db->sql_query('UPDATE ' . table_prefix.'files SET time_id=' . $newtime . ' WHERE time_id=' . $id))
158
+ − 834
return 'Error during query: '.mysql_error();
+ − 835
return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.';
1
+ − 836
break;
+ − 837
default:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 838
return('Rollback of the action "' . $rb['action'] . '" is not yet supported.');
1
+ − 839
break;
+ − 840
}
+ − 841
break;
+ − 842
case "security":
+ − 843
case "login":
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 844
return('A ' . $rb['log_type'] . '-related log entry cannot be rolled back.');
1
+ − 845
break;
+ − 846
default:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 847
return('Unknown log entry type: "' . $rb['log_type'] . '"');
1
+ − 848
}
+ − 849
}
+ − 850
+ − 851
/**
+ − 852
* Posts a comment.
+ − 853
* @param $page_id the page ID
+ − 854
* @param $namespace the namespace
+ − 855
* @param $name the name of the person posting, defaults to current username/IP
+ − 856
* @param $subject the subject line of the comment
+ − 857
* @param $text the comment text
+ − 858
* @return string javascript code
+ − 859
*/
+ − 860
+ − 861
function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
+ − 862
{
+ − 863
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 864
$_ob = '';
+ − 865
if(!$session->get_permissions('post_comments'))
+ − 866
return 'Access denied';
+ − 867
if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
+ − 868
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 869
{
+ − 870
if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
+ − 871
$result = $session->get_captcha($captcha_id);
+ − 872
if($captcha_code != $result) _die('The confirmation code you entered was incorrect.');
+ − 873
}
+ − 874
$text = RenderMan::preprocess_text($text);
+ − 875
$name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
+ − 876
$subj = RenderMan::preprocess_text($subject);
+ − 877
if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 878
$q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
1
+ − 879
$e = $db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 880
if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n' . $q) . '\'))');
1
+ − 881
else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
+ − 882
return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
+ − 883
}
+ − 884
+ − 885
/**
+ − 886
* Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
+ − 887
* @param $page_id the page ID
+ − 888
* @param $namespace the namespace
+ − 889
* @param $action administrative action to perform, default is false
+ − 890
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 891
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 892
* @return array
+ − 893
* @access private
+ − 894
*/
+ − 895
+ − 896
function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
+ − 897
{
+ − 898
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 899
+ − 900
$pname = $paths->nslist[$namespace] . $page_id;
+ − 901
+ − 902
ob_start();
+ − 903
+ − 904
if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
+ − 905
{
+ − 906
switch($action) {
+ − 907
case "delete":
+ − 908
if(isset($flags['id']))
+ − 909
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 910
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
1
+ − 911
} else {
+ − 912
$n = $db->escape($flags['name']);
+ − 913
$s = $db->escape($flags['subj']);
+ − 914
$t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 915
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 916
}
+ − 917
$e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 918
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 919
break;
+ − 920
case "approve":
+ − 921
if(isset($flags['id']))
+ − 922
{
+ − 923
$where = 'comment_id='.intval($flags['id']);
+ − 924
} else {
+ − 925
$n = $db->escape($flags['name']);
+ − 926
$s = $db->escape($flags['subj']);
+ − 927
$t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 928
$where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
1
+ − 929
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 930
$q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
1
+ − 931
$e = $db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 932
if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 933
$r = $db->fetchrow();
+ − 934
$db->free_result();
+ − 935
$a = ( $r['approved'] ) ? '0' : '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 936
$q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
1
+ − 937
$e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 938
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 939
if($a=='1') $v = 'Unapprove';
+ − 940
else $v = 'Approve';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 941
echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
1
+ − 942
break;
+ − 943
}
+ − 944
}
+ − 945
+ − 946
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 947
{
+ − 948
$template->load_theme($session->theme, $session->style);
+ − 949
}
+ − 950
+ − 951
$tpl = $template->makeParser('comment.tpl');
+ − 952
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 953
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
1
+ − 954
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 955
$num_unapp = $db->numrows();
+ − 956
$db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 957
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
1
+ − 958
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 959
$num_app = $db->numrows();
+ − 960
$db->free_result();
+ − 961
$lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 962
FROM ' . table_prefix.'comments AS c
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 963
LEFT JOIN ' . table_prefix.'users AS u
1
+ − 964
ON c.user_id=u.user_id
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 965
WHERE page_id=\'' . $page_id . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 966
AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
1
+ − 967
if(!$lq) _die('The comment text data could not be selected. '.mysql_error());
+ − 968
$_ob .= '<h3>Article Comments</h3>';
+ − 969
$n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 970
if($n==1) $s = 'is ' . $n . ' comment'; else $s = 'are ' . $n . ' comments';
1
+ − 971
if($n < 1)
+ − 972
{
+ − 973
$_ob .= '<p>There are currently no comments on this '.strtolower($namespace).'';
+ − 974
if($namespace != 'Article') $_ob .= ' page';
+ − 975
$_ob .= '.</p>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 976
} else $_ob .= '<p>There ' . $s . ' on this article.';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 977
if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">' . $num_unapp . ' of those are unapproved.</span>';
1
+ − 978
elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; }
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 979
$_ob .= '</p>';
1
+ − 980
$list = 'list = { ';
+ − 981
// _die(htmlspecialchars($ttext));
+ − 982
$i = -1;
+ − 983
while($row = $db->fetchrow($lq))
+ − 984
{
+ − 985
$i++;
+ − 986
$strings = Array();
+ − 987
$bool = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 988
if ( $session->get_permissions('mod_comments') || $row['approved'] )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 989
{
1
+ − 990
$list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
+ − 991
+ − 992
// Comment ID (used in the Javascript apps)
+ − 993
$strings['ID'] = (string)$i;
+ − 994
+ − 995
// Determine the name, and whether to link to the user page or not
+ − 996
$name = '';
+ − 997
if($row['user_id'] > 0) $name .= '<a href="'.makeUrlNS('User', str_replace(' ', '_', $row['name'])).'">';
+ − 998
$name .= $row['name'];
+ − 999
if($row['user_id'] > 0) $name .= '</a>';
+ − 1000
$strings['NAME'] = $name; unset($name);
+ − 1001
+ − 1002
// Subject
+ − 1003
$s = $row['subject'];
+ − 1004
if(!$row['approved']) $s .= ' <span style="color: #D84308">(Unapproved)</span>';
+ − 1005
$strings['SUBJECT'] = $s;
+ − 1006
+ − 1007
// Date and time
+ − 1008
$strings['DATETIME'] = date('F d, Y h:i a', $row['time']);
+ − 1009
+ − 1010
// User level
+ − 1011
switch($row['user_level'])
+ − 1012
{
+ − 1013
default:
+ − 1014
case USER_LEVEL_GUEST:
+ − 1015
$l = 'Guest';
+ − 1016
break;
+ − 1017
case USER_LEVEL_MEMBER:
+ − 1018
$l = 'Member';
+ − 1019
break;
+ − 1020
case USER_LEVEL_MOD:
+ − 1021
$l = 'Moderator';
+ − 1022
break;
+ − 1023
case USER_LEVEL_ADMIN:
+ − 1024
$l = 'Administrator';
+ − 1025
break;
+ − 1026
}
+ − 1027
$strings['USER_LEVEL'] = $l; unset($l);
+ − 1028
+ − 1029
// The actual comment data
+ − 1030
$strings['DATA'] = RenderMan::render($row['comment_data']);
+ − 1031
+ − 1032
if($session->get_permissions('edit_comments'))
+ − 1033
{
+ − 1034
// Edit link
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1035
$strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">edit</a>';
1
+ − 1036
+ − 1037
// Delete link
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1038
$strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id=' . $row['comment_id']) . '">delete</a>';
1
+ − 1039
}
+ − 1040
else
+ − 1041
{
+ − 1042
// Edit link
+ − 1043
$strings['EDIT_LINK'] = '';
+ − 1044
+ − 1045
// Delete link
+ − 1046
$strings['DELETE_LINK'] = '';
+ − 1047
}
+ − 1048
+ − 1049
// Send PM link
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1050
$strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">Send private message</a><br />' : '';
1
+ − 1051
+ − 1052
// Add Buddy link
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1053
$strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">Add to buddy list</a>' : '';
1
+ − 1054
+ − 1055
// Mod links
+ − 1056
$applink = '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1057
$applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
1
+ − 1058
if($row['approved']) $applink .= 'Unapprove';
+ − 1059
else $applink .= 'Approve';
+ − 1060
$applink .= '</a>';
+ − 1061
$strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1062
$strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">Delete</a>';
1
+ − 1063
+ − 1064
// Signature
+ − 1065
$strings['SIGNATURE'] = '';
+ − 1066
if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
+ − 1067
+ − 1068
$bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
+ − 1069
$bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
+ − 1070
$bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
+ − 1071
+ − 1072
// Done processing and compiling, now let's cook it into HTML
+ − 1073
$tpl->assign_vars($strings);
+ − 1074
$tpl->assign_bool($bool);
+ − 1075
$_ob .= $tpl->run();
+ − 1076
}
+ − 1077
}
+ − 1078
if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
+ − 1079
{
+ − 1080
if(!$session->get_permissions('post_comments'))
+ − 1081
{
+ − 1082
$_ob .= '<h3>Got something to say?</h3><p>Access to post comments on this page is denied.</p>';
+ − 1083
}
+ − 1084
else
+ − 1085
{
+ − 1086
$_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.';
+ − 1087
if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.';
+ − 1088
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1089
$sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
1
+ − 1090
$_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a>
+ − 1091
<div id="mdgCommentForm">
+ − 1092
<h3>Comment form</h3>
+ − 1093
<form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
+ − 1094
<table border="0">
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1095
<tr><td>Your name or screen name:</td><td>' . $sn . '</td></tr>
1
+ − 1096
<tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
+ − 1097
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 1098
{
+ − 1099
$session->kill_captcha();
+ − 1100
$captcha = $session->make_captcha();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1101
$_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>';
1
+ − 1102
}
+ − 1103
$_ob .= '
+ − 1104
<tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ − 1105
<tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr>
+ − 1106
</table>
+ − 1107
</form>
+ − 1108
</div>';
+ − 1109
}
+ − 1110
} else {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1111
$_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
1
+ − 1112
}
+ − 1113
$list .= '};';
+ − 1114
echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
+ − 1115
' . $list;
+ − 1116
echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
+ − 1117
+ − 1118
$ret = ob_get_contents();
+ − 1119
ob_end_clean();
+ − 1120
return Array($ret, $_ob);
+ − 1121
+ − 1122
}
+ − 1123
+ − 1124
/**
+ − 1125
* Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
+ − 1126
* @param $page_id the page ID
+ − 1127
* @param $namespace the namespace
+ − 1128
* @param $action administrative action to perform, default is false
+ − 1129
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1130
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1131
* @return string
+ − 1132
*/
+ − 1133
+ − 1134
function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1135
{
+ − 1136
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1137
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1138
return $r[0];
+ − 1139
}
+ − 1140
+ − 1141
/**
+ − 1142
* Generates HTML code for comments - used in browser compatibility mode
+ − 1143
* @param $page_id the page ID
+ − 1144
* @param $namespace the namespace
+ − 1145
* @param $action administrative action to perform, default is false
+ − 1146
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1147
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1148
* @return string
+ − 1149
*/
+ − 1150
+ − 1151
function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1152
{
+ − 1153
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1154
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1155
return $r[1];
+ − 1156
}
+ − 1157
+ − 1158
/**
+ − 1159
* Updates comment data.
+ − 1160
* @param $page_id the page ID
+ − 1161
* @param $namespace the namespace
+ − 1162
* @param $subject new subject
+ − 1163
* @param $text new text
+ − 1164
* @param $old_subject the old subject, unprocessed and identical to the value in the DB
+ − 1165
* @param $old_text the old text, unprocessed and identical to the value in the DB
+ − 1166
* @param $id the javascript list ID, used internally by the client-side app
+ − 1167
* @return string
+ − 1168
*/
+ − 1169
+ − 1170
function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
+ − 1171
{
+ − 1172
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1173
if(!$session->get_permissions('edit_comments'))
+ − 1174
return 'result="BAD";error="Access denied"';
+ − 1175
// Avoid SQL injection
+ − 1176
$old_text = $db->escape($old_text);
+ − 1177
$old_subject = $db->escape($old_subject);
+ − 1178
// Safety check - username/login
+ − 1179
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1180
{
+ − 1181
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1182
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1183
$s = $db->sql_query($q);
+ − 1184
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1185
$r = $db->fetchrow($s);
+ − 1186
$db->free_result();
+ − 1187
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1188
}
+ − 1189
$s = RenderMan::preprocess_text($subject);
+ − 1190
$t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1191
$sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1192
$result = $db->sql_query($sql);
+ − 1193
if($result)
+ − 1194
{
+ − 1195
return 'result="GOOD";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1196
list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1197
list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
1
+ − 1198
s = unescape(\''.rawurlencode($s).'\');
+ − 1199
t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
+ − 1200
}
+ − 1201
else
+ − 1202
{
+ − 1203
return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
+ − 1204
Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1205
' . $sql . '
1
+ − 1206
+ − 1207
Error returned by MySQL: '.mysql_error()).'");';
+ − 1208
}
+ − 1209
}
+ − 1210
+ − 1211
/**
+ − 1212
* Updates comment data using the comment_id column instead of the old, messy way
+ − 1213
* @param $page_id the page ID
+ − 1214
* @param $namespace the namespace
+ − 1215
* @param $subject new subject
+ − 1216
* @param $text new text
+ − 1217
* @param $id the comment ID (primary key in enano_comments table)
+ − 1218
* @return string
+ − 1219
*/
+ − 1220
+ − 1221
function savecomment_neater($page_id, $namespace, $subject, $text, $id)
+ − 1222
{
+ − 1223
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1224
if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
+ − 1225
if(!$session->get_permissions('edit_comments'))
+ − 1226
return 'Access denied';
+ − 1227
// Safety check - username/login
+ − 1228
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1229
{
+ − 1230
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1231
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1232
$s = $db->sql_query($q);
+ − 1233
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1234
$r = $db->fetchrow($s);
+ − 1235
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1236
$db->free_result();
+ − 1237
}
+ − 1238
$s = RenderMan::preprocess_text($subject);
+ − 1239
$t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1240
$sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1241
$result = $db->sql_query($sql);
+ − 1242
if($result)
+ − 1243
return 'good';
+ − 1244
else return 'Enano encountered a problem whilst saving the comment.
+ − 1245
Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1246
' . $sql . '
1
+ − 1247
+ − 1248
Error returned by MySQL: '.mysql_error();
+ − 1249
}
+ − 1250
+ − 1251
/**
+ − 1252
* Deletes a comment.
+ − 1253
* @param $page_id the page ID
+ − 1254
* @param $namespace the namespace
+ − 1255
* @param $name the name the user posted under
+ − 1256
* @param $subj the subject of the comment to be deleted
+ − 1257
* @param $text the text of the comment to be deleted
+ − 1258
* @param $id the javascript list ID, used internally by the client-side app
+ − 1259
* @return string
+ − 1260
*/
+ − 1261
+ − 1262
function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
+ − 1263
{
+ − 1264
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1265
+ − 1266
if(!$session->get_permissions('edit_comments'))
+ − 1267
return 'alert("Access to delete/edit comments is denied");';
+ − 1268
+ − 1269
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1270
$n = $db->escape($name);
+ − 1271
$s = $db->escape($subj);
+ − 1272
$t = $db->escape($text);
+ − 1273
+ − 1274
// Safety check - username/login
+ − 1275
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1276
{
+ − 1277
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1278
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1279
$s = $db->sql_query($q);
+ − 1280
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1281
$r = $db->fetchrow($s);
+ − 1282
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1283
$db->free_result();
+ − 1284
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1285
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 1286
$e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1287
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 1288
return('good');
+ − 1289
}
+ − 1290
+ − 1291
/**
+ − 1292
* Deletes a comment in a cleaner fashion.
+ − 1293
* @param $page_id the page ID
+ − 1294
* @param $namespace the namespace
+ − 1295
* @param $id the comment ID (primary key)
+ − 1296
* @return string
+ − 1297
*/
+ − 1298
+ − 1299
function deletecomment_neater($page_id, $namespace, $id)
+ − 1300
{
+ − 1301
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1302
+ − 1303
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1304
+ − 1305
if(!$session->get_permissions('edit_comments'))
+ − 1306
return 'alert("Access to delete/edit comments is denied");';
+ − 1307
+ − 1308
// Safety check - username/login
+ − 1309
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1310
{
+ − 1311
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1312
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1313
$s = $db->sql_query($q);
+ − 1314
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1315
$r = $db->fetchrow($s);
+ − 1316
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1317
$db->free_result();
+ − 1318
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1319
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
1
+ − 1320
$e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1321
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 1322
return('good');
+ − 1323
}
+ − 1324
+ − 1325
/**
+ − 1326
* Renames a page.
+ − 1327
* @param $page_id the page ID
+ − 1328
* @param $namespace the namespace
+ − 1329
* @param $name the new name for the page
+ − 1330
* @return string error string or success message
+ − 1331
*/
+ − 1332
+ − 1333
function rename($page_id, $namespace, $name)
+ − 1334
{
+ − 1335
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1336
+ − 1337
$pname = $paths->nslist[$namespace] . $page_id;
+ − 1338
+ − 1339
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 1340
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 1341
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1342
if( empty($name))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1343
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1344
die('Name is too short');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1345
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1346
if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1347
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1348
$e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1349
if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1350
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1351
$db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1352
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1353
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1354
if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1355
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1356
$db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1357
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1358
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1359
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1360
return('The page "' . $paths->pages[$pname]['name'] . '" has been renamed to "' . $name . '". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1361
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1362
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1363
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1364
{
1
+ − 1365
return('Access is denied.');
+ − 1366
}
+ − 1367
}
+ − 1368
+ − 1369
/**
+ − 1370
* Flushes (clears) the action logs for a given page
+ − 1371
* @param $page_id the page ID
+ − 1372
* @param $namespace the namespace
+ − 1373
* @return string error/success string
+ − 1374
*/
+ − 1375
+ − 1376
function flushlogs($page_id, $namespace)
+ − 1377
{
+ − 1378
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1379
if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1380
$e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
1
+ − 1381
if(!$e) $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1382
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1383
// If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1384
// If not, the admin's probably deleting a trash page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1385
if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1386
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1387
$e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1388
if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1389
$row = $db->fetchrow();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1390
$db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1391
$q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1392
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1393
}
1
+ − 1394
return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.');
+ − 1395
}
+ − 1396
+ − 1397
/**
+ − 1398
* Deletes a page.
28
+ − 1399
* @param string $page_id the condemned page ID
+ − 1400
* @param string $namespace the condemned namespace
+ − 1401
* @param string The reason for deleting the page in question
1
+ − 1402
* @return string
+ − 1403
*/
+ − 1404
28
+ − 1405
function deletepage($page_id, $namespace, $reason)
1
+ − 1406
{
+ − 1407
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1408
$perms = $session->fetch_page_acl($page_id, $namespace);
28
+ − 1409
$x = trim($reason);
+ − 1410
if ( empty($x) )
+ − 1411
{
+ − 1412
return 'Invalid reason for deletion passed';
+ − 1413
}
+ − 1414
if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1415
$e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
+ − 1416
if(!$e) $db->_die('The page log entry could not be inserted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1417
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1418
if(!$e) $db->_die('The page categorization entries could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1419
$e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1420
if(!$e) $db->_die('The page comments could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1421
$e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1422
if(!$e) $db->_die('The page text entry could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1423
$e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1424
if(!$e) $db->_die('The page entry could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1425
$e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
1
+ − 1426
if(!$e) $db->_die('The file entry could not be deleted.');
+ − 1427
return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.');
+ − 1428
}
+ − 1429
+ − 1430
/**
+ − 1431
* Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
+ − 1432
* @param $page_id the page ID
+ − 1433
* @param $namespace the namespace
+ − 1434
* @return string
+ − 1435
*/
+ − 1436
+ − 1437
function delvote($page_id, $namespace)
+ − 1438
{
+ − 1439
global $db, $session, $paths, $template, $plugins; // Common objects
112
+ − 1440
if ( !$session->get_permissions('vote_delete') )
+ − 1441
{
1
+ − 1442
return 'Access denied';
112
+ − 1443
}
+ − 1444
+ − 1445
if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+ − 1446
{
+ − 1447
return 'Special pages and system messages can\'t be voted for deletion.';
+ − 1448
}
+ − 1449
+ − 1450
$pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+ − 1451
+ − 1452
if ( !isset($paths->pages[$pname]) )
+ − 1453
{
+ − 1454
return 'The page does not exist.';
+ − 1455
}
+ − 1456
+ − 1457
$cv =& $paths->pages[$pname]['delvotes'];
+ − 1458
$ips = $paths->pages[$pname]['delvote_ips'];
+ − 1459
+ − 1460
if ( empty($ips) )
+ − 1461
{
+ − 1462
$ips = array(
+ − 1463
'ip' => array(),
+ − 1464
'u' => array()
+ − 1465
);
+ − 1466
}
+ − 1467
else
+ − 1468
{
+ − 1469
$ips = @unserialize($ips);
+ − 1470
if ( !$ips )
+ − 1471
{
+ − 1472
$ips = array(
+ − 1473
'ip' => array(),
+ − 1474
'u' => array()
+ − 1475
);
+ − 1476
}
+ − 1477
}
+ − 1478
+ − 1479
if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+ − 1480
{
+ − 1481
return 'It appears that you have already voted to have this page deleted.';
+ − 1482
}
+ − 1483
+ − 1484
$ips['u'][] = $session->username;
+ − 1485
$ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+ − 1486
$ips = $db->escape( serialize($ips) );
+ − 1487
1
+ − 1488
$cv++;
112
+ − 1489
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1490
$q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1491
$w = $db->sql_query($q);
112
+ − 1492
+ − 1493
return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
1
+ − 1494
}
+ − 1495
+ − 1496
/**
+ − 1497
* Resets the number of votes against a page to 0.
+ − 1498
* @param $page_id the page ID
+ − 1499
* @param $namespace the namespace
+ − 1500
* @return string
+ − 1501
*/
+ − 1502
+ − 1503
function resetdelvotes($page_id, $namespace)
+ − 1504
{
+ − 1505
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1506
if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1507
$q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1508
$e = $db->sql_query($q);
+ − 1509
if(!$e) $db->_die('The number of delete votes was not reset.');
+ − 1510
else return('The number of votes for having this page deleted has been reset to zero.');
+ − 1511
}
+ − 1512
+ − 1513
/**
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1514
* Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
+ − 1515
* @param $id the name of the directory for the theme
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1516
* @return string JSON string with an array containing a list of themes
1
+ − 1517
*/
+ − 1518
+ − 1519
function getstyles()
+ − 1520
{
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1521
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1522
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1523
if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1524
return $json->encode(false);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1525
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1526
$dir = './themes/' . $_GET['id'] . '/css/';
1
+ − 1527
$list = Array();
+ − 1528
// Open a known directory, and proceed to read its contents
+ − 1529
if (is_dir($dir)) {
+ − 1530
if ($dh = opendir($dir)) {
+ − 1531
while (($file = readdir($dh)) !== false) {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1532
if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1533
{ // it should be a copy of the original style, but
1
+ − 1534
// mostly black and white
+ − 1535
// Note to self: document this
+ − 1536
$list[] = substr($file, 0, strlen($file)-4);
+ − 1537
}
+ − 1538
}
+ − 1539
closedir($dh);
+ − 1540
}
+ − 1541
}
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1542
else
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1543
{
39
c83ff194977a
Changed animation on flying message boxes; bugfix for "Array" response in theme changer; added diff CSS to enano-shared; allowed spaces in username during install
Dan
diff
changeset
+ − 1544
return($json->encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1545
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1546
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1547
return $json->encode($list);
1
+ − 1548
}
+ − 1549
+ − 1550
/**
+ − 1551
* Assembles a Javascript app with category information
+ − 1552
* @param $page_id the page ID
+ − 1553
* @param $namespace the namespace
+ − 1554
* @return string Javascript code
+ − 1555
*/
+ − 1556
+ − 1557
function catedit($page_id, $namespace)
+ − 1558
{
+ − 1559
$d = PageUtils::catedit_raw($page_id, $namespace);
+ − 1560
return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
+ − 1561
}
+ − 1562
+ − 1563
/**
+ − 1564
* Does the actual HTML/javascript generation for cat editing, but returns an array
+ − 1565
* @access private
+ − 1566
*/
+ − 1567
+ − 1568
function catedit_raw($page_id, $namespace)
+ − 1569
{
+ − 1570
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1571
ob_start();
+ − 1572
$_ob = '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1573
$e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\'');
1
+ − 1574
if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
+ − 1575
$cat_current = Array();
+ − 1576
while($r = $db->fetchrow())
+ − 1577
{
+ − 1578
$cat_current[] = $r;
+ − 1579
}
+ − 1580
$db->free_result();
+ − 1581
$cat_all = Array();
+ − 1582
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1583
{
+ − 1584
if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1585
}
+ − 1586
+ − 1587
// Make $cat_all an associative array, like $paths->pages
+ − 1588
$sz = sizeof($cat_all);
+ − 1589
for($i=0;$i<$sz;$i++)
+ − 1590
{
+ − 1591
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1592
}
+ − 1593
// Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
+ − 1594
$cat_info = $cat_all;
+ − 1595
for($i=0;$i<sizeof($cat_current);$i++)
+ − 1596
{
+ − 1597
$un = $cat_current[$i]['category_id'];
+ − 1598
$cat_info[$un]['member'] = true;
+ − 1599
}
+ − 1600
// Now copy the information we just set into the numerically named keys
+ − 1601
for($i=0;$i<sizeof($cat_info)/2;$i++)
+ − 1602
{
+ − 1603
$un = $cat_info[$i]['urlname_nons'];
+ − 1604
$cat_info[$i] = $cat_info[$un];
+ − 1605
}
+ − 1606
+ − 1607
echo 'catlist = new Array();'; // Initialize the client-side category list
+ − 1608
$_ob .= '<h3>Select which categories this page should be included in.</h3>
+ − 1609
<form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
+ − 1610
if ( sizeof($cat_info) < 1 )
+ − 1611
{
+ − 1612
$_ob .= '<p>There are no categories on this site yet.</p>';
+ − 1613
}
+ − 1614
for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
+ − 1615
{
+ − 1616
// Protection code added 1/3/07
+ − 1617
// Updated 3/4/07
+ − 1618
$is_prot = false;
+ − 1619
$perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
+ − 1620
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1621
( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
+ − 1622
$is_prot = true;
+ − 1623
$prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
+ − 1624
$prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1625
echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1626
$_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
1
+ − 1627
if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1628
$_ob .= '/> <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
1
+ − 1629
}
+ − 1630
+ − 1631
$disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
+ − 1632
+ − 1633
$_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="Save changes" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="Cancel" /></div></form>';
+ − 1634
+ − 1635
$cont = ob_get_contents();
+ − 1636
ob_end_clean();
+ − 1637
return Array($cont, $_ob);
+ − 1638
}
+ − 1639
+ − 1640
/**
+ − 1641
* Saves category information
+ − 1642
* WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
+ − 1643
* @param $page_id string the page ID
+ − 1644
* @param $namespace string the namespace
+ − 1645
* @param $which_cats array associative array of categories to put the page in
+ − 1646
* @return string "GOOD" on success, error string on failure
+ − 1647
*/
+ − 1648
+ − 1649
function catsave($page_id, $namespace, $which_cats)
+ − 1650
{
+ − 1651
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1652
if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
+ − 1653
+ − 1654
$page_perms = $session->fetch_page_acl($page_id, $namespace);
+ − 1655
$page_data =& $paths->pages[$paths->nslist[$namespace].$page_id];
+ − 1656
+ − 1657
$cat_all = Array();
+ − 1658
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1659
{
+ − 1660
if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1661
}
+ − 1662
+ − 1663
// Make $cat_all an associative array, like $paths->pages
+ − 1664
$sz = sizeof($cat_all);
+ − 1665
for($i=0;$i<$sz;$i++)
+ − 1666
{
+ − 1667
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1668
}
+ − 1669
+ − 1670
$rowlist = Array();
+ − 1671
+ − 1672
for($i=0;$i<sizeof($cat_all)/2;$i++)
+ − 1673
{
+ − 1674
$auth = true;
+ − 1675
$perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
+ − 1676
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1677
( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
+ − 1678
( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
+ − 1679
$auth = false;
+ − 1680
if(!$auth)
+ − 1681
{
+ − 1682
// Find out if the page is currently in the category
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1683
$q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1684
if(!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1685
return 'MySQL error: ' . $db->get_error();
1
+ − 1686
if($db->numrows() > 0)
+ − 1687
{
+ − 1688
$auth = true;
+ − 1689
$which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
+ − 1690
}
+ − 1691
$db->free_result();
+ − 1692
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1693
if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
1
+ − 1694
}
+ − 1695
if(sizeof($rowlist) > 0)
+ − 1696
{
+ − 1697
$val = implode(',', $rowlist);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1698
$q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1699
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1700
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1701
$e = $db->sql_query($q);
+ − 1702
if(!$e) $db->_die('The new category data could not be inserted.');
+ − 1703
return('GOOD');
+ − 1704
}
+ − 1705
else
+ − 1706
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1707
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1708
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1709
return('GOOD');
+ − 1710
}
+ − 1711
}
+ − 1712
+ − 1713
/**
+ − 1714
* Sets the wiki mode level for a page.
+ − 1715
* @param $page_id string the page ID
+ − 1716
* @param $namespace string the namespace
+ − 1717
* @param $level int 0 for off, 1 for on, 2 for use global setting
+ − 1718
* @return string "GOOD" on success, error string on failure
+ − 1719
*/
+ − 1720
+ − 1721
function setwikimode($page_id, $namespace, $level)
+ − 1722
{
+ − 1723
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1724
if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1725
if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1726
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1727
return('Invalid mode string');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1728
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1729
$q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1730
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1731
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1732
return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1733
}
1
+ − 1734
return('GOOD');
+ − 1735
}
+ − 1736
+ − 1737
/**
+ − 1738
* Sets the access password for a page.
+ − 1739
* @param $page_id string the page ID
+ − 1740
* @param $namespace string the namespace
+ − 1741
* @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
+ − 1742
* @return string
+ − 1743
*/
+ − 1744
+ − 1745
function setpass($page_id, $namespace, $pass)
+ − 1746
{
+ − 1747
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1748
// Determine permissions
+ − 1749
if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
+ − 1750
$a = $session->get_permissions('password_reset');
+ − 1751
else
+ − 1752
$a = $session->get_permissions('password_set');
+ − 1753
if(!$a)
+ − 1754
return 'Access is denied';
+ − 1755
if(!isset($pass)) return('Password was not set on URL');
+ − 1756
$p = $pass;
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1757
if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1758
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1759
$p = sha1($p);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1760
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1761
if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1762
// sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1763
$p = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1764
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1765
if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1766
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1767
die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1768
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1769
// Is the new password blank?
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1770
if ( $p == '' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1771
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1772
return('The password for this page has been disabled.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1773
}
1
+ − 1774
else return('The password for this page has been set.');
+ − 1775
}
+ − 1776
+ − 1777
/**
+ − 1778
* Generates some preview HTML
+ − 1779
* @param $text string the wikitext to use
+ − 1780
* @return string
+ − 1781
*/
+ − 1782
+ − 1783
function genPreview($text)
+ − 1784
{
102
+ − 1785
$ret = '<div class="info-box"><b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
+ − 1786
$text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+ − 1787
ob_start();
+ − 1788
eval('?>' . $text);
+ − 1789
$text = ob_get_contents();
+ − 1790
ob_end_clean();
+ − 1791
$ret .= $text;
+ − 1792
$ret .= '</div>';
+ − 1793
return $ret;
1
+ − 1794
}
+ − 1795
+ − 1796
/**
+ − 1797
* Makes a scrollable box
+ − 1798
* @param string $text the inner HTML
+ − 1799
* @param int $height Optional - the maximum height. Defaults to 250.
+ − 1800
* @return string
+ − 1801
*/
+ − 1802
+ − 1803
function scrollBox($text, $height = 250)
+ − 1804
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1805
return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
1
+ − 1806
}
+ − 1807
+ − 1808
/**
+ − 1809
* Generates a diff summary between two page revisions.
+ − 1810
* @param $page_id the page ID
+ − 1811
* @param $namespace the namespace
+ − 1812
* @param $id1 the time ID of the first revision
+ − 1813
* @param $id2 the time ID of the second revision
+ − 1814
* @return string XHTML-formatted diff
+ − 1815
*/
+ − 1816
+ − 1817
function pagediff($page_id, $namespace, $id1, $id2)
+ − 1818
{
+ − 1819
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1820
if(!$session->get_permissions('history_view'))
+ − 1821
return 'Access denied';
+ − 1822
if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
+ − 1823
!preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
+ − 1824
// OK we made it through security
+ − 1825
// Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1826
if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1827
if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
1
+ − 1828
$row1 = $db->fetchrow($q1);
+ − 1829
$db->free_result($q1);
+ − 1830
$row2 = $db->fetchrow($q2);
+ − 1831
$db->free_result($q2);
+ − 1832
if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
+ − 1833
$text1 = $row1['page_text'];
+ − 1834
$text2 = $row2['page_text'];
+ − 1835
$time1 = date('F d, Y h:i a', $id1);
+ − 1836
$time2 = date('F d, Y h:i a', $id2);
+ − 1837
$_ob = "
+ − 1838
<p>Comparing revisions: {$time1} → {$time2}</p>
+ − 1839
";
+ − 1840
// Free some memory
+ − 1841
unset($row1, $row2, $q1, $q2);
+ − 1842
+ − 1843
$_ob .= RenderMan::diff($text1, $text2);
+ − 1844
return $_ob;
+ − 1845
}
+ − 1846
+ − 1847
/**
+ − 1848
* Gets ACL information about the selected page for target type X and target ID Y.
+ − 1849
* @param string $page_id The page ID
+ − 1850
* @param string $namespace The namespace
+ − 1851
* @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
+ − 1852
* @return array
+ − 1853
*/
+ − 1854
+ − 1855
function acl_editor($parms = Array())
+ − 1856
{
+ − 1857
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1858
if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
40
+ − 1859
{
+ − 1860
return Array(
+ − 1861
'mode' => 'error',
+ − 1862
'error' => 'You are not authorized to view or edit access control lists.'
+ − 1863
);
+ − 1864
}
1
+ − 1865
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
+ − 1866
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
+ − 1867
$page_id =& $parms['page_id'];
+ − 1868
$namespace =& $parms['namespace'];
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1869
$page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1870
$page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
1
+ − 1871
//die(print_r($page_id,true));
+ − 1872
$template->load_theme();
+ − 1873
// $perms_obj = $session->fetch_page_acl($page_id, $namespace);
+ − 1874
$perms_obj =& $session;
+ − 1875
$return = Array();
+ − 1876
if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
+ − 1877
{
+ − 1878
return Array(
+ − 1879
'mode' => 'error',
+ − 1880
'error' => 'It seems that (a) the file acledit.tpl is missing from these theme, and (b) the JSON response is working.',
+ − 1881
);
+ − 1882
}
+ − 1883
$return['template'] = $template->extract_vars('acledit.tpl');
+ − 1884
$return['page_id'] = $page_id;
+ − 1885
$return['namespace'] = $namespace;
+ − 1886
if(isset($parms['mode']))
+ − 1887
{
+ − 1888
switch($parms['mode'])
+ − 1889
{
+ − 1890
case 'listgroups':
+ − 1891
$return['groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1892
$q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
1
+ − 1893
while($row = $db->fetchrow())
+ − 1894
{
+ − 1895
$return['groups'][] = Array(
+ − 1896
'id' => $row['group_id'],
+ − 1897
'name' => $row['group_name'],
+ − 1898
);
+ − 1899
}
+ − 1900
$db->free_result();
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1901
$return['page_groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1902
$q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1903
if ( !$q )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1904
return Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1905
'mode' => 'error',
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1906
'error' => $db->get_error()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1907
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1908
while ( $row = $db->fetchrow() )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1909
{
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1910
$return['page_groups'][] = Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1911
'id' => $row['pg_id'],
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1912
'name' => $row['pg_name']
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1913
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1914
}
1
+ − 1915
break;
+ − 1916
case 'seltarget':
+ − 1917
$return['mode'] = 'seltarget';
+ − 1918
$return['acl_types'] = $perms_obj->acl_types;
+ − 1919
$return['acl_deps'] = $perms_obj->acl_deps;
+ − 1920
$return['acl_descs'] = $perms_obj->acl_descs;
+ − 1921
$return['target_type'] = $parms['target_type'];
+ − 1922
$return['target_id'] = $parms['target_id'];
+ − 1923
switch($parms['target_type'])
+ − 1924
{
+ − 1925
case ACL_TYPE_USER:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1926
$q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1927
LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1928
ON a.target_id=u.user_id
+ − 1929
WHERE a.target_type='.ACL_TYPE_USER.'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1930
AND u.username=\'' . $db->escape($parms['target_id']) . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1931
' . $page_where_clause . ';');
1
+ − 1932
if(!$q)
+ − 1933
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1934
if($db->numrows() < 1)
+ − 1935
{
+ − 1936
$return['type'] = 'new';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1937
$q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
1
+ − 1938
if(!$q)
+ − 1939
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1940
if($db->numrows() < 1)
+ − 1941
return Array('mode'=>'error','error'=>'The username you entered was not found.');
+ − 1942
$row = $db->fetchrow();
+ − 1943
$return['target_name'] = $return['target_id'];
+ − 1944
$return['target_id'] = intval($row['user_id']);
+ − 1945
$return['current_perms'] = $session->acl_types;
+ − 1946
}
+ − 1947
else
+ − 1948
{
+ − 1949
$return['type'] = 'edit';
+ − 1950
$row = $db->fetchrow();
+ − 1951
$return['target_name'] = $return['target_id'];
+ − 1952
$return['target_id'] = intval($row['user_id']);
+ − 1953
$return['current_perms'] = $session->acl_merge($perms_obj->acl_types, $session->string_to_perm($row['rules']));
+ − 1954
}
+ − 1955
$db->free_result();
+ − 1956
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1957
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1958
{
+ − 1959
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1960
{
+ − 1961
if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1962
{
+ − 1963
// echo "// SCOPE CONTROL: eliminating: $i\n";
+ − 1964
unset($return['current_perms'][$i]);
+ − 1965
unset($return['acl_types'][$i]);
+ − 1966
unset($return['acl_descs'][$i]);
+ − 1967
unset($return['acl_deps'][$i]);
+ − 1968
}
+ − 1969
}
+ − 1970
}
+ − 1971
break;
+ − 1972
case ACL_TYPE_GROUP:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1973
$q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1974
LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1975
ON a.target_id=g.group_id
+ − 1976
WHERE a.target_type='.ACL_TYPE_GROUP.'
+ − 1977
AND g.group_id=\''.intval($parms['target_id']).'\'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1978
' . $page_where_clause . ';');
1
+ − 1979
if(!$q)
+ − 1980
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1981
if($db->numrows() < 1)
+ − 1982
{
+ − 1983
$return['type'] = 'new';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1984
$q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
1
+ − 1985
if(!$q)
+ − 1986
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1987
if($db->numrows() < 1)
+ − 1988
return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
+ − 1989
$row = $db->fetchrow();
+ − 1990
$return['target_name'] = $row['group_name'];
+ − 1991
$return['target_id'] = intval($row['group_id']);
+ − 1992
$return['current_perms'] = $session->acl_types;
+ − 1993
}
+ − 1994
else
+ − 1995
{
+ − 1996
$return['type'] = 'edit';
+ − 1997
$row = $db->fetchrow();
+ − 1998
$return['target_name'] = $row['group_name'];
+ − 1999
$return['target_id'] = intval($row['group_id']);
+ − 2000
$return['current_perms'] = $session->acl_merge($session->acl_types, $session->string_to_perm($row['rules']));
+ − 2001
}
+ − 2002
$db->free_result();
+ − 2003
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2004
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 2005
{
+ − 2006
foreach ( $return['current_perms'] AS $i => $perm )
+ − 2007
{
+ − 2008
if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 2009
{
+ − 2010
// echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
+ − 2011
unset($return['current_perms'][$i]);
+ − 2012
unset($return['acl_types'][$i]);
+ − 2013
unset($return['acl_descs'][$i]);
+ − 2014
unset($return['acl_deps'][$i]);
+ − 2015
}
+ − 2016
}
+ − 2017
}
+ − 2018
//return Array('mode'=>'debug','text'=>print_r($return, true));
+ − 2019
break;
+ − 2020
default:
+ − 2021
return Array('mode'=>'error','error','Invalid ACL type ID');
+ − 2022
break;
+ − 2023
}
+ − 2024
return $return;
+ − 2025
break;
+ − 2026
case 'save_new':
+ − 2027
case 'save_edit':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2028
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2029
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2030
return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2031
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2032
$q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2033
' . $page_where_clause_lite . ';');
1
+ − 2034
if(!$q)
+ − 2035
return Array('mode'=>'error','error'=>mysql_error());
+ − 2036
$rules = $session->perm_to_string($parms['perms']);
+ − 2037
if ( sizeof ( $rules ) < 1 )
+ − 2038
{
+ − 2039
return array(
+ − 2040
'mode' => 'error',
+ − 2041
'error' => 'Supplied rule list has a length of zero'
+ − 2042
);
+ − 2043
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2044
$q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2045
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2046
'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2047
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
1
+ − 2048
if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error());
+ − 2049
return Array(
+ − 2050
'mode' => 'success',
+ − 2051
'target_type' => $parms['target_type'],
+ − 2052
'target_id' => $parms['target_id'],
+ − 2053
'target_name' => $parms['target_name'],
+ − 2054
'page_id' => $page_id,
+ − 2055
'namespace' => $namespace,
+ − 2056
);
+ − 2057
break;
+ − 2058
case 'delete':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2059
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2060
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2061
return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2062
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2063
$q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2064
' . $page_where_clause_lite . ';');
1
+ − 2065
if(!$q)
+ − 2066
return Array('mode'=>'error','error'=>mysql_error());
+ − 2067
return Array(
+ − 2068
'mode' => 'delete',
+ − 2069
'target_type' => $parms['target_type'],
+ − 2070
'target_id' => $parms['target_id'],
+ − 2071
'target_name' => $parms['target_name'],
+ − 2072
'page_id' => $page_id,
+ − 2073
'namespace' => $namespace,
+ − 2074
);
+ − 2075
break;
+ − 2076
default:
+ − 2077
return Array('mode'=>'error','error'=>'Hacking attempt');
+ − 2078
break;
+ − 2079
}
+ − 2080
}
+ − 2081
return $return;
+ − 2082
}
+ − 2083
+ − 2084
/**
+ − 2085
* Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
+ − 2086
* @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
+ − 2087
* @return string
+ − 2088
*/
+ − 2089
+ − 2090
function acl_json($parms = '{ }')
+ − 2091
{
+ − 2092
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2093
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 2094
$parms = $json->decode($parms);
+ − 2095
$ret = PageUtils::acl_editor($parms);
+ − 2096
$ret = $json->encode($ret);
+ − 2097
return $ret;
+ − 2098
}
+ − 2099
+ − 2100
/**
+ − 2101
* A non-Javascript frontend for the ACL API.
+ − 2102
* @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
+ − 2103
*/
+ − 2104
+ − 2105
function aclmanager($parms)
+ − 2106
{
+ − 2107
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2108
ob_start();
+ − 2109
// Convenience
+ − 2110
$formstart = '<form
+ − 2111
action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
+ − 2112
method="post" enctype="multipart/form-data"
+ − 2113
onsubmit="if(!submitAuthorized) return false;"
+ − 2114
>';
+ − 2115
$formend = '</form>';
+ − 2116
$parms = PageUtils::acl_preprocess($parms);
+ − 2117
$response = PageUtils::acl_editor($parms);
+ − 2118
$response = PageUtils::acl_postprocess($response);
+ − 2119
+ − 2120
//die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
+ − 2121
+ − 2122
switch($response['mode'])
+ − 2123
{
+ − 2124
case 'debug':
+ − 2125
echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
+ − 2126
break;
+ − 2127
case 'stage1':
+ − 2128
echo '<h3>Manage page access</h3>
+ − 2129
<p>Please select who should be affected by this access rule.</p>';
+ − 2130
echo $formstart;
+ − 2131
echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> A usergroup</label></p>
+ − 2132
<p><select name="data[target_id_grp]">';
+ − 2133
foreach ( $response['groups'] as $group )
+ − 2134
{
+ − 2135
echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
+ − 2136
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2137
// page group selector
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2138
$groupsel = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2139
if ( count($response['page_groups']) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2140
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2141
$groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> A group of pages</label></p>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2142
<p><select name="data[pg_id]">';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2143
foreach ( $response['page_groups'] as $grp )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2144
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2145
$groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2146
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2147
$groupsel .= '</select></p>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2148
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2149
1
+ − 2150
echo '</select></p>
+ − 2151
<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> A specific user</label></p>
+ − 2152
<p>' . $template->username_field('data[target_id_user]') . '</p>
+ − 2153
<p>What should this access rule control?</p>
+ − 2154
<p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> Only this page</p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2155
' . $groupsel . '
1
+ − 2156
<p><label><input name="data[scope]" value="entire_site" type="radio" /> The entire site</p>
+ − 2157
<div style="margin: 0 auto 0 0; text-align: right;">
+ − 2158
<input name="data[mode]" value="seltarget" type="hidden" />
+ − 2159
<input type="hidden" name="data[page_id]" value="' . $paths->cpage['urlname_nons'] . '" />
+ − 2160
<input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
+ − 2161
<input type="submit" value="Next >" />
+ − 2162
</div>';
+ − 2163
echo $formend;
+ − 2164
break;
+ − 2165
case 'success':
+ − 2166
echo '<div class="info-box">
+ − 2167
<b>Permissions updated</b><br />
+ − 2168
The permissions for ' . $response['target_name'] . ' on this page have been updated successfully.<br />
+ − 2169
' . $formstart . '
+ − 2170
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2171
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2172
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2173
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2174
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2175
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2176
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2177
<input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2178
' . $formend . '
+ − 2179
</div>';
+ − 2180
break;
+ − 2181
case 'delete':
+ − 2182
echo '<div class="info-box">
+ − 2183
<b>Rule deleted</b><br />
+ − 2184
The selected access rule has been successfully deleted.<br />
+ − 2185
' . $formstart . '
+ − 2186
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2187
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2188
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2189
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2190
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2191
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2192
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2193
<input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2194
' . $formend . '
+ − 2195
</div>';
+ − 2196
break;
+ − 2197
case 'seltarget':
+ − 2198
if ( $response['type'] == 'edit' )
+ − 2199
{
+ − 2200
echo '<h3>Editing permissions</h3>';
+ − 2201
}
+ − 2202
else
+ − 2203
{
+ − 2204
echo '<h3>Create new rule</h3>';
+ − 2205
}
+ − 2206
$type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? 'group' : 'user';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2207
$scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? 'this group of pages' : 'this page' ) : 'this entire site';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2208
echo 'This panel allows you to edit what the ' . $type . ' "' . $response['target_name'] . '" can do on <b>' . $scope . '</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.';
1
+ − 2209
echo $formstart;
+ − 2210
$parser = $template->makeParserText( $response['template']['acl_field_begin'] );
+ − 2211
echo $parser->run();
+ − 2212
$parser = $template->makeParserText( $response['template']['acl_field_item'] );
+ − 2213
$cls = 'row2';
+ − 2214
foreach ( $response['acl_types'] as $acl_type => $value )
+ − 2215
{
+ − 2216
$vars = Array(
+ − 2217
'FIELD_DENY_CHECKED' => '',
+ − 2218
'FIELD_DISALLOW_CHECKED' => '',
+ − 2219
'FIELD_WIKIMODE_CHECKED' => '',
+ − 2220
'FIELD_ALLOW_CHECKED' => '',
+ − 2221
);
+ − 2222
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2223
$vars['ROW_CLASS'] = $cls;
+ − 2224
+ − 2225
switch ( $response['current_perms'][$acl_type] )
+ − 2226
{
+ − 2227
case AUTH_ALLOW:
+ − 2228
$vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
+ − 2229
break;
+ − 2230
case AUTH_WIKIMODE:
+ − 2231
$vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
+ − 2232
break;
+ − 2233
case AUTH_DISALLOW:
+ − 2234
default:
+ − 2235
$vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
+ − 2236
break;
+ − 2237
case AUTH_DENY:
+ − 2238
$vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
+ − 2239
break;
+ − 2240
}
+ − 2241
$vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
+ − 2242
$vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ − 2243
$parser->assign_vars($vars);
+ − 2244
echo $parser->run();
+ − 2245
}
+ − 2246
$parser = $template->makeParserText( $response['template']['acl_field_end'] );
+ − 2247
echo $parser->run();
+ − 2248
echo '<div style="margin: 10px auto 0 0; text-align: right;">
+ − 2249
<input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
+ − 2250
<input type="hidden" name="data[page_id]" value="' . (( $response['page_id'] ) ? $response['page_id'] : 'false') . '" />
+ − 2251
<input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
+ − 2252
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2253
<input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
+ − 2254
<input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2255
' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="Save changes" /> <input type="submit" name="data[act_delete_rule]" value="Delete rule" style="color: #AA0000;" onclick="return confirm(\'Do you really want to delete this ACL rule?\');" />' : '<input type="submit" value="Create rule" />' ) . '
1
+ − 2256
</div>';
+ − 2257
echo $formend;
+ − 2258
break;
+ − 2259
case 'error':
+ − 2260
ob_end_clean();
+ − 2261
die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
+ − 2262
break;
+ − 2263
}
+ − 2264
$ret = ob_get_contents();
+ − 2265
ob_end_clean();
+ − 2266
echo
+ − 2267
$template->getHeader() .
+ − 2268
$ret .
+ − 2269
$template->getFooter();
+ − 2270
}
+ − 2271
+ − 2272
/**
+ − 2273
* Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
+ − 2274
* @param array The posted data
+ − 2275
* @return array
+ − 2276
* @access private
+ − 2277
*/
+ − 2278
+ − 2279
function acl_preprocess($parms)
+ − 2280
{
+ − 2281
if ( !isset($parms['mode']) )
+ − 2282
// Nothing to do
+ − 2283
return $parms;
+ − 2284
switch ( $parms['mode'] )
+ − 2285
{
+ − 2286
case 'seltarget':
+ − 2287
+ − 2288
// Who's affected?
+ − 2289
$parms['target_type'] = intval( $parms['target_type'] );
+ − 2290
$parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
+ − 2291
+ − 2292
case 'save_edit':
+ − 2293
case 'save_new':
+ − 2294
if ( isset($parms['act_delete_rule']) )
+ − 2295
{
+ − 2296
$parms['mode'] = 'delete';
+ − 2297
}
+ − 2298
+ − 2299
// Scope (just this page or entire site?)
+ − 2300
if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
+ − 2301
{
+ − 2302
$parms['page_id'] = false;
+ − 2303
$parms['namespace'] = false;
+ − 2304
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2305
else if ( $parms['scope'] == 'page_group' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2306
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2307
$parms['page_id'] = $parms['pg_id'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2308
$parms['namespace'] = '__PageGroup';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2309
}
1
+ − 2310
+ − 2311
break;
+ − 2312
}
+ − 2313
+ − 2314
if ( isset($parms['act_go_stage1']) )
+ − 2315
{
+ − 2316
$parms = array(
+ − 2317
'mode' => 'listgroups'
+ − 2318
);
+ − 2319
}
+ − 2320
+ − 2321
return $parms;
+ − 2322
}
+ − 2323
+ − 2324
function acl_postprocess($response)
+ − 2325
{
+ − 2326
if(!isset($response['mode']))
+ − 2327
{
+ − 2328
if ( isset($response['groups']) )
+ − 2329
$response['mode'] = 'stage1';
+ − 2330
else
+ − 2331
$response = Array(
+ − 2332
'mode' => 'error',
+ − 2333
'error' => 'Invalid action passed by API backend.',
+ − 2334
);
+ − 2335
}
+ − 2336
return $response;
+ − 2337
}
+ − 2338
+ − 2339
}
+ − 2340
+ − 2341
?>