author | Dan |
Thu, 28 Jun 2007 15:26:40 -0400 | |
changeset 31 | dc8741857bde |
parent 28 | dd2edcdc6c03 |
child 32 | 4d87aad3c4c0 |
permissions | -rw-r--r-- |
1 | 1 |
<?php |
2 |
/* |
|
3 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
4 |
* Version 1.0 (Banshee) |
1 | 5 |
* pageprocess.php - intelligent retrieval of pages |
6 |
* Copyright (C) 2006-2007 Dan Fuhry |
|
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
14 |
||
15 |
/** |
|
16 |
* Class to handle fetching page text (possibly from a cache) and formatting it. |
|
17 |
* @package Enano |
|
18 |
* @subpackage UI |
|
19 |
* @copyright 2007 Dan Fuhry |
|
20 |
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html> |
|
21 |
*/ |
|
22 |
||
23 |
class PageProcessor |
|
24 |
{ |
|
25 |
||
26 |
/** |
|
27 |
* Page ID and namespace of the page handled by this instance |
|
28 |
* @var string |
|
29 |
*/ |
|
30 |
||
31 |
var $page_id; |
|
32 |
var $namespace; |
|
33 |
||
34 |
/** |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
35 |
* The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent. |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
36 |
* @var int |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
37 |
*/ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
38 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
39 |
var $revision_id = 0; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
40 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
41 |
/** |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
42 |
* Unsanitized page ID. |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
43 |
* @var string |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
44 |
*/ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
45 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
46 |
var $page_id_unclean; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
47 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
48 |
/** |
1 | 49 |
* Tracks if the page we're loading exists in the database or not. |
50 |
* @var bool |
|
51 |
*/ |
|
52 |
||
53 |
var $page_exists = false; |
|
54 |
||
55 |
/** |
|
56 |
* Permissions! |
|
57 |
* @var object |
|
58 |
*/ |
|
59 |
||
60 |
var $perms = null; |
|
61 |
||
62 |
/** |
|
63 |
* Switch to track if redirects are allowed. Defaults to true. |
|
64 |
* @var bool |
|
65 |
*/ |
|
66 |
||
67 |
var $allow_redir = true; |
|
68 |
||
69 |
/** |
|
70 |
* If this is set to true, this will call the header and footer funcs on $template when render() is called. |
|
71 |
* @var bool |
|
72 |
*/ |
|
73 |
||
74 |
var $send_headers = false; |
|
75 |
||
76 |
/** |
|
77 |
* Cache the fetched text so we don't fetch it from the DB twice. |
|
78 |
* @var string |
|
79 |
*/ |
|
80 |
||
81 |
var $text_cache = ''; |
|
82 |
||
83 |
/** |
|
84 |
* Debugging information to track errors. You can set enable to false to disable sending debug information. |
|
85 |
* @var array |
|
86 |
*/ |
|
87 |
||
88 |
var $debug = array( |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
89 |
'enable' => false, |
1 | 90 |
'works' => false |
91 |
); |
|
92 |
||
93 |
/** |
|
94 |
* Constructor. |
|
95 |
* @param string The page ID (urlname) of the page |
|
96 |
* @param string The namespace of the page |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
97 |
* @param int Optional. The revision ID to send. |
1 | 98 |
*/ |
99 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
100 |
function __construct( $page_id, $namespace, $revision_id = 0 ) |
1 | 101 |
{ |
102 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
103 |
||
104 |
// See if we can get some debug info |
|
105 |
if ( function_exists('debug_backtrace') && $this->debug['enable'] ) |
|
106 |
{ |
|
107 |
$this->debug['works'] = true; |
|
108 |
$this->debug['backtrace'] = enano_debug_print_backtrace(true); |
|
109 |
} |
|
110 |
||
111 |
// First things first - check page existence and permissions |
|
112 |
||
113 |
if ( !isset($paths->nslist[$namespace]) ) |
|
114 |
{ |
|
115 |
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.'); |
|
116 |
} |
|
117 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
118 |
if ( !is_int($revision_id) ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
119 |
$revision_id = 0; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
120 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
121 |
$this->_setup( $page_id, $namespace, $revision_id ); |
1 | 122 |
|
123 |
} |
|
124 |
||
125 |
/** |
|
126 |
* The main method to send the page content. Also responsible for checking permissions. |
|
127 |
*/ |
|
128 |
||
129 |
function send() |
|
130 |
{ |
|
131 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
132 |
if ( !$this->perms->get_permissions('read') ) |
|
133 |
{ |
|
134 |
$this->err_access_denied(); |
|
135 |
return false; |
|
136 |
} |
|
24 | 137 |
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id; |
138 |
$strict_no_headers = false; |
|
139 |
if ( isset($paths->pages[$pathskey]) ) |
|
140 |
{ |
|
141 |
if ( $paths->pages[$pathskey]['special'] == 1 ) |
|
142 |
{ |
|
143 |
$this->send_headers = false; |
|
144 |
$strict_no_headers = true; |
|
145 |
} |
|
146 |
} |
|
1 | 147 |
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' ) |
148 |
{ |
|
149 |
if ( !$this->page_exists ) |
|
150 |
{ |
|
151 |
redirect( makeUrl(getConfig('main_page')), 'Can\'t find special page', 'The special or administration page you requested does not exist. You will now be transferred to the main page.', 2 ); |
|
152 |
} |
|
153 |
$func_name = "page_{$this->namespace}_{$this->page_id}"; |
|
154 |
if ( function_exists($func_name) ) |
|
155 |
{ |
|
156 |
return @call_user_func($func_name); |
|
157 |
} |
|
158 |
else |
|
159 |
{ |
|
160 |
$title = 'Page backend not found'; |
|
161 |
$message = "The administration page you are looking for was properly registered using the page API, but the backend function |
|
162 |
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin."; |
|
163 |
||
164 |
if ( $this->send_headers ) |
|
165 |
{ |
|
166 |
$template->tpl_strings['PAGE_NAME'] = $title; |
|
167 |
$template->header(); |
|
168 |
echo "<p>$message</p>"; |
|
169 |
$template->footer(); |
|
170 |
} |
|
171 |
else |
|
172 |
{ |
|
173 |
echo "<h2>$title</h2> |
|
174 |
<p>$message</p>"; |
|
175 |
} |
|
176 |
return false; |
|
177 |
} |
|
178 |
} |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
179 |
else if ( $this->namespace == 'User' ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
180 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
181 |
$this->_handle_userpage(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
182 |
} |
1 | 183 |
else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists ) |
184 |
{ |
|
185 |
$this->header(); |
|
186 |
||
187 |
$text = $this->fetch_text(); |
|
188 |
$text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text); |
|
189 |
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text); |
|
190 |
||
191 |
$text = RenderMan::render( $text ); |
|
192 |
||
193 |
echo $text; |
|
194 |
||
195 |
$this->footer(); |
|
196 |
||
197 |
} |
|
198 |
else if ( !$this->page_exists ) |
|
199 |
{ |
|
200 |
// Perhaps this is hooked? |
|
201 |
ob_start(); |
|
202 |
||
203 |
$code = $plugins->setHook('page_not_found'); |
|
204 |
foreach ( $code as $cmd ) |
|
205 |
{ |
|
206 |
eval($cmd); |
|
207 |
} |
|
208 |
||
209 |
$ob = ob_get_contents(); |
|
210 |
||
211 |
if ( empty($ob) ) |
|
212 |
{ |
|
213 |
$this->err_page_not_existent(); |
|
214 |
} |
|
215 |
} |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
216 |
else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists ) |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
217 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
218 |
// Send as regular page |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
219 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
220 |
// die($this->page_id); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
221 |
|
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
222 |
$text = $this->fetch_text(); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
223 |
if ( $text == 'err_no_text_rows' ) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
224 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
225 |
$this->err_no_rows(); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
226 |
return false; |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
227 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
228 |
else |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
229 |
{ |
24 | 230 |
$this->render( (!$strict_no_headers) ); |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
231 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
232 |
} |
1 | 233 |
} |
234 |
||
235 |
/** |
|
236 |
* Sets internal variables. |
|
237 |
* @access private |
|
238 |
*/ |
|
239 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
240 |
function _setup($page_id, $namespace, $revision_id) |
1 | 241 |
{ |
242 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
243 |
||
244 |
$page_id_cleaned = sanitize_page_id($page_id); |
|
245 |
||
246 |
$this->page_id = $page_id_cleaned; |
|
247 |
$this->namespace = $namespace; |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
248 |
$this->revision_id = $revision_id; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
249 |
$this->page_id_unclean = dirtify_page_id($page_id); |
1 | 250 |
|
251 |
$this->perms = $session->fetch_page_acl( $page_id, $namespace ); |
|
252 |
||
253 |
// Exception for Admin: pages |
|
254 |
if ( $this->namespace == 'Admin' ) |
|
255 |
{ |
|
256 |
$fname = "page_Admin_{$this->page_id}"; |
|
257 |
} |
|
258 |
||
259 |
// Does the page "exist"? |
|
4 | 260 |
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) |
1 | 261 |
{ |
262 |
$this->page_exists = false; |
|
263 |
} |
|
264 |
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) ) |
|
265 |
{ |
|
266 |
$this->page_exists = false; |
|
267 |
} |
|
268 |
else |
|
269 |
{ |
|
270 |
$this->page_exists = true; |
|
271 |
} |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
272 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
273 |
// Compatibility with older databases |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
274 |
if ( strstr($this->page_id, '.2e') && !$this->page_exists ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
275 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
276 |
$page_id = str_replace('.2e', '.', $page_id); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
277 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
278 |
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
279 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
280 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
281 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
282 |
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
283 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
284 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
285 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
286 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
287 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
288 |
$this->page_exists = true; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
289 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
290 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
291 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
292 |
|
1 | 293 |
} |
294 |
||
295 |
/** |
|
296 |
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB. |
|
297 |
* @access private |
|
298 |
*/ |
|
299 |
||
24 | 300 |
function render($incl_inner_headers = true) |
1 | 301 |
{ |
302 |
$text = $this->fetch_text(); |
|
303 |
||
304 |
$this->header(); |
|
24 | 305 |
if ( $incl_inner_headers ) |
306 |
{ |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
307 |
display_page_headers(); |
24 | 308 |
} |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
309 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
310 |
if ( $this->revision_id ) |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
311 |
{ |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
312 |
echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on '.date('F d, Y \a\t h:i a', $this->revision_id).'.<br /><a href="'.makeUrlNS($this->namespace, $this->page_id).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrlNS($this->namespace, $this->pageid, 'do=rollback&id='.$this->revision_id).'" onclick="ajaxRollback(\''.$this->revision_id.'\')">Restore this version</a></div><br />'; |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
313 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
314 |
|
25
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
315 |
if ( $incl_inner_headers ) |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
316 |
{ |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
317 |
$text = '?>' . RenderMan::render($text); |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
318 |
} |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
319 |
else |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
320 |
{ |
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
321 |
$text = '?>' . $text; |
26 | 322 |
$text = preg_replace('/<nowiki>(.*?)<\/nowiki>/s', '\\1', $text); |
25
08d027882993
Fixed invalid HTML caused by wikitext processor on non-templated pages
Dan
parents:
24
diff
changeset
|
323 |
} |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
324 |
// echo('<pre>'.htmlspecialchars($text).'</pre>'); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
325 |
eval ( $text ); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
326 |
|
24 | 327 |
if ( $incl_inner_headers ) |
328 |
{ |
|
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
329 |
display_page_footers(); |
24 | 330 |
} |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
331 |
|
1 | 332 |
$this->footer(); |
333 |
} |
|
334 |
||
335 |
/** |
|
336 |
* Sends the page header, dependent on, of course, whether we're supposed to. |
|
337 |
*/ |
|
338 |
||
339 |
function header() |
|
340 |
{ |
|
341 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
342 |
if ( $this->send_headers ) |
|
343 |
$template->header(); |
|
344 |
} |
|
345 |
||
346 |
/** |
|
347 |
* Sends the page footer, dependent on, of course, whether we're supposed to. |
|
348 |
*/ |
|
349 |
||
350 |
function footer() |
|
351 |
{ |
|
352 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
353 |
if ( $this->send_headers ) |
|
354 |
$template->footer(); |
|
355 |
} |
|
356 |
||
357 |
/** |
|
358 |
* Fetches the raw, unfiltered page text. |
|
359 |
* @access public |
|
360 |
*/ |
|
361 |
||
362 |
function fetch_text() |
|
363 |
{ |
|
364 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
365 |
||
366 |
if ( !empty($this->text_cache) ) |
|
367 |
{ |
|
368 |
return $this->text_cache; |
|
369 |
} |
|
370 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
371 |
if ( $this->revision_id > 0 && is_int($this->revision_id) ) |
1 | 372 |
{ |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
373 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
374 |
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';'); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
375 |
if ( !$q ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
376 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
377 |
$this->send_error('Error during SQL query.', true); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
378 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
379 |
if ( $db->numrows() < 1 ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
380 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
381 |
// Compatibility fix for old pages with dots in the page ID |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
382 |
if ( strstr($this->page_id, '.2e') ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
383 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
384 |
$db->free_result(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
385 |
$page_id = str_replace('.2e', '.', $this->page_id); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
386 |
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';'); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
387 |
if ( !$q ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
388 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
389 |
$this->send_error('Error during SQL query.', true); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
390 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
391 |
if ( $db->numrows() < 1 ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
392 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
393 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
394 |
return 'err_no_text_rows'; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
395 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
396 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
397 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
398 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
399 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
400 |
return 'err_no_text_rows'; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
401 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
402 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
403 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
404 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
405 |
$row = $db->fetchrow(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
406 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
407 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
408 |
$db->free_result(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
409 |
|
1 | 410 |
} |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
411 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
412 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
413 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
414 |
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\';'); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
415 |
if ( !$q ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
416 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
417 |
$this->send_error('Error during SQL query.', true); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
418 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
419 |
if ( $db->numrows() < 1 ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
420 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
421 |
// Compatibility fix for old pages with dots in the page ID |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
422 |
if ( strstr($this->page_id, '.2e') ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
423 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
424 |
$db->free_result(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
425 |
$page_id = str_replace('.2e', '.', $this->page_id); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
426 |
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\';'); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
427 |
if ( !$q ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
428 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
429 |
$this->send_error('Error during SQL query.', true); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
430 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
431 |
if ( $db->numrows() < 1 ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
432 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
433 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
434 |
return 'err_no_text_rows'; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
435 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
436 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
437 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
438 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
439 |
$this->page_exists = false; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
440 |
return 'err_no_text_rows'; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
441 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
442 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
443 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
444 |
$row = $db->fetchrow(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
445 |
$db->free_result(); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
446 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
447 |
} |
1 | 448 |
|
449 |
if ( !empty($row['char_tag']) ) |
|
450 |
{ |
|
451 |
// This page text entry uses the old text-escaping format |
|
452 |
$from = array( |
|
453 |
"{APOS:{$row['char_tag']}}", |
|
454 |
"{QUOT:{$row['char_tag']}}", |
|
455 |
"{SLASH:{$row['char_tag']}}" |
|
456 |
); |
|
457 |
$to = array("'", '"', '\\'); |
|
458 |
$row['page_text'] = str_replace($from, $to, $row['page_text']); |
|
459 |
} |
|
460 |
||
461 |
$this->text_cache = $row['page_text']; |
|
462 |
||
463 |
return $row['page_text']; |
|
464 |
||
465 |
} |
|
466 |
||
467 |
/** |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
468 |
* Handles the extra overhead required for user pages. |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
469 |
* @access private |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
470 |
*/ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
471 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
472 |
function _handle_userpage() |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
473 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
474 |
global $db, $session, $paths, $template, $plugins; // Common objects |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
475 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
476 |
if ( $this->page_id == $paths->cpage['urlname_nons'] && $this->namespace == $paths->namespace ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
477 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
478 |
$page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
479 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
480 |
else |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
481 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
482 |
$page_name = ( isset($paths->pages[$this->page_id]) ) ? $paths->pages[$this->page_id]['name'] : $this->page_id; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
483 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
484 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
485 |
$target_username = strtr($page_name, |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
486 |
Array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
487 |
'_' => ' ', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
488 |
'<' => '<', |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
489 |
'>' => '>' |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
490 |
)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
491 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
492 |
$target_username = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $target_username); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
493 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
494 |
if ( ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) ) || !$this->page_exists ) |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
495 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
496 |
$page_name = "$target_username's user page"; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
497 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
498 |
else |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
499 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
500 |
// User has a custom title for their userpage |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
501 |
$page_name = $paths->pages[ $paths->nslist[$this->namespace] . $this->page_id ]['name']; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
502 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
503 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
504 |
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
505 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
506 |
$q = $db->sql_query('SELECT u.username, u.user_id AS authoritative_uid, u.real_name, u.email, u.reg_time, x.*, COUNT(c.comment_id) AS n_comments |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
507 |
FROM '.table_prefix.'users u |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
508 |
LEFT JOIN '.table_prefix.'users_extra AS x |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
509 |
ON ( u.user_id = x.user_id OR x.user_id IS NULL ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
510 |
LEFT JOIN '.table_prefix.'comments AS c |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
511 |
ON ( ( c.user_id=u.user_id AND c.approved=1 ) OR ( c.comment_id IS NULL AND c.approved IS NULL ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
512 |
WHERE u.username=\'' . $db->escape($target_username) . '\' |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
513 |
GROUP BY u.user_id;'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
514 |
if ( !$q ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
515 |
$db->_die(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
516 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
517 |
$user_exists = true; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
518 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
519 |
if ( $db->numrows() < 1 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
520 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
521 |
$user_exists = false; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
522 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
523 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
524 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
525 |
$userdata = $db->fetchrow(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
526 |
if ( $userdata['authoritative_uid'] == 1 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
527 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
528 |
// Hide data for anonymous user |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
529 |
$user_exists = false; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
530 |
unset($userdata); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
531 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
532 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
533 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
534 |
$this->header(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
535 |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
536 |
// if ( $send_headers ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
537 |
// { |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
538 |
// display_page_headers(); |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
539 |
// } |
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
540 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
541 |
// Start left sidebar: basic user info, latest comments |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
542 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
543 |
if ( $user_exists ): |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
544 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
545 |
echo '<table border="0" cellspacing="4" cellpadding="0" style="width: 100%;">'; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
546 |
echo '<tr><td style="width: 150px;" valign="top">'; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
547 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
548 |
echo '<div class="tblholder"> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
549 |
<table border="0" cellspacing="1" cellpadding="4">'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
550 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
551 |
// |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
552 |
// Main part of sidebar |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
553 |
// |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
554 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
555 |
// Basic user info |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
556 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
557 |
echo '<tr><th class="subhead">All about ' . htmlspecialchars($target_username) . '</th></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
558 |
echo '<tr><td class="row3">Joined: ' . date('F d, Y h:i a', $userdata['reg_time']) . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
559 |
echo '<tr><td class="row1">Total comments: ' . $userdata['n_comments'] . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
560 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
561 |
if ( !empty($userdata['real_name']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
562 |
{ |
31
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
28
diff
changeset
|
563 |
echo '<tr><td class="row3">Real name: ' . $userdata['real_name'] . '</td></tr>'; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
564 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
565 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
566 |
// Comments |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
567 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
568 |
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . '\'s latest comments</th></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
569 |
$q = $db->sql_query('SELECT page_id, namespace, subject, time FROM '.table_prefix.'comments WHERE name=\'' . $db->escape($target_username) . '\' AND approved=1 ORDER BY time DESC LIMIT 5;'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
570 |
if ( !$q ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
571 |
$db->_die(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
572 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
573 |
$comments = Array(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
574 |
$no_comments = false; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
575 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
576 |
if ( $row = $db->fetchrow() ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
577 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
578 |
do |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
579 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
580 |
$row['time'] = date('F d, Y', $row['time']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
581 |
$comments[] = $row; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
582 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
583 |
while ( $row = $db->fetchrow() ); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
584 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
585 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
586 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
587 |
$no_comments = true; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
588 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
589 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
590 |
echo '<tr><td class="row3">'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
591 |
echo '<div style="border: 1px solid #000000; padding: 0px; margin: 0; max-height: 200px; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: transparent;" class="tblholder">'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
592 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
593 |
echo '<table border="0" cellspacing="1" cellpadding="4">'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
594 |
$class = 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
595 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
596 |
$tpl = '<tr> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
597 |
<td class="{CLASS}"> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
598 |
<a href="{PAGE_LINK}" <!-- BEGINNOT page_exists -->class="wikilink-nonexistent"<!-- END page_exists -->>{PAGE}</a><br /> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
599 |
<small>Posted {DATE}<br /></small> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
600 |
<b><a href="{COMMENT_LINK}">{SUBJECT}</a></b> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
601 |
</td> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
602 |
</tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
603 |
$parser = $template->makeParserText($tpl); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
604 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
605 |
if ( count($comments) > 0 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
606 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
607 |
foreach ( $comments as $comment ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
608 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
609 |
$c_page_id = $paths->nslist[ $comment['namespace'] ] . sanitize_page_id($comment['page_id']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
610 |
if ( isset($paths->pages[ $c_page_id ]) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
611 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
612 |
$parser->assign_bool(array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
613 |
'page_exists' => true |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
614 |
)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
615 |
$page_title = $paths->pages[ $c_page_id ]['name']; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
616 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
617 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
618 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
619 |
$parser->assign_bool(array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
620 |
'page_exists' => false |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
621 |
)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
622 |
$page_title = htmlspecialchars(dirtify_page_id($c_page_id)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
623 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
624 |
$parser->assign_vars(array( |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
625 |
'CLASS' => $class, |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
626 |
'PAGE_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id'])), |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
627 |
'PAGE' => $page_title, |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
628 |
'SUBJECT' => $comment['subject'], |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
629 |
'DATE' => $comment['time'], |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
630 |
'COMMENT_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id']), 'do=comments', true) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
631 |
)); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
632 |
$class = ( $class == 'row3' ) ? 'row1' : 'row3'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
633 |
echo $parser->run(); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
634 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
635 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
636 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
637 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
638 |
echo '<tr><td class="' . $class . '">This user has not posted any comments.</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
639 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
640 |
echo '</table>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
641 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
642 |
echo '</div>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
643 |
echo '</td></tr>'; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
644 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
645 |
echo ' </table> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
646 |
</div>'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
647 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
648 |
echo '</td><td valign="top" style="padding: 0 10px;">'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
649 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
650 |
else: |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
651 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
652 |
// Nothing for now |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
653 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
654 |
endif; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
655 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
656 |
// User's own content |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
657 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
658 |
$send_headers = $this->send_headers; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
659 |
$this->send_headers = false; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
660 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
661 |
if ( $this->page_exists ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
662 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
663 |
$this->render(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
664 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
665 |
else |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
666 |
{ |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
667 |
$this->err_page_not_existent(true); |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
668 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
669 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
670 |
// Right sidebar |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
671 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
672 |
if ( $user_exists ): |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
673 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
674 |
echo '</td><td style="width: 150px;" valign="top">'; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
675 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
676 |
echo '<div class="tblholder"> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
677 |
<table border="0" cellspacing="1" cellpadding="4">'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
678 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
679 |
// |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
680 |
// Main part of sidebar |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
681 |
// |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
682 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
683 |
// Contact information |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
684 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
685 |
echo '<tr><th class="subhead">Get in touch</th></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
686 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
687 |
$class = 'row3'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
688 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
689 |
if ( $userdata['email_public'] == 1 ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
690 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
691 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
692 |
global $email; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
693 |
$email_link = $email->encryptEmail($userdata['email']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
694 |
echo '<tr><td class="'.$class.'">E-mail address: ' . $email_link . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
695 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
696 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
697 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
698 |
if ( $session->user_logged_in ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
699 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
700 |
echo '<tr><td class="'.$class.'">Send ' . htmlspecialchars($target_username) . ' a <a href="' . makeUrlNS('Special', 'PrivateMessages/Compose/to/' . $this->page_id, false, true) . '">Private Message</a>!</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
701 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
702 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
703 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
704 |
echo '<tr><td class="'.$class.'">You could send ' . htmlspecialchars($target_username) . ' a private message if you were <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist[$this->namespace] . $this->page_id) . '">logged in</a>.</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
705 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
706 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
707 |
if ( !empty($userdata['user_aim']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
708 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
709 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
710 |
echo '<tr><td class="'.$class.'">AIM: ' . htmlspecialchars($userdata['user_aim']) . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
711 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
712 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
713 |
if ( !empty($userdata['user_yahoo']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
714 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
715 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
716 |
echo '<tr><td class="'.$class.'">Yahoo! IM: ' . htmlspecialchars($userdata['user_yahoo']) . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
717 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
718 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
719 |
if ( !empty($userdata['user_msn']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
720 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
721 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
722 |
$email_link = $email->encryptEmail($userdata['user_msn']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
723 |
echo '<tr><td class="'.$class.'">WLM: ' . $email_link . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
724 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
725 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
726 |
if ( !empty($userdata['user_xmpp']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
727 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
728 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
729 |
$email_link = $email->encryptEmail($userdata['user_xmpp']); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
730 |
echo '<tr><td class="'.$class.'">XMPP/Jabber: ' . $email_link . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
731 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
732 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
733 |
// Real life |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
734 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
735 |
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . ' in real life</th></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
736 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
737 |
if ( !empty($userdata['user_location']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
738 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
739 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
740 |
echo '<tr><td class="'.$class.'">Location: ' . htmlspecialchars($userdata['user_location']) . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
741 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
742 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
743 |
if ( !empty($userdata['user_job']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
744 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
745 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
746 |
echo '<tr><td class="'.$class.'">Job/occupation: ' . htmlspecialchars($userdata['user_job']) . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
747 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
748 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
749 |
if ( !empty($userdata['user_hobbies']) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
750 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
751 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
752 |
echo '<tr><td class="'.$class.'">Enjoys: ' . htmlspecialchars($userdata['user_hobbies']) . '</td></tr>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
753 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
754 |
|
28 | 755 |
if ( empty($userdata['user_location']) && empty($userdata['user_job']) && empty($userdata['user_hobbies']) ) |
756 |
{ |
|
757 |
$class = ( $class == 'row1' ) ? 'row3' : 'row1'; |
|
758 |
echo '<tr><td class="'.$class.'">' . htmlspecialchars($target_username) . ' hasn\'t posted any real-life contact information.</td></tr>'; |
|
759 |
} |
|
760 |
||
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
761 |
echo ' </table> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
762 |
</div>'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
763 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
764 |
echo '</tr></table>'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
765 |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
766 |
else: |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
767 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
768 |
echo '<p>Additional information: user "' . htmlspecialchars($target_username) . '" does not exist.</p>'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
769 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
770 |
endif; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
771 |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
772 |
// if ( $send_headers ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
773 |
// { |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
774 |
// display_page_footers(); |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
775 |
// } |
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
776 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
777 |
$this->send_headers = $send_headers; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
778 |
unset($send_headers); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
779 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
780 |
$this->footer(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
781 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
782 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
783 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
784 |
/** |
1 | 785 |
* Send the error message to the user that the access to this page is denied. |
786 |
* @access private |
|
787 |
*/ |
|
788 |
||
789 |
function err_access_denied() |
|
790 |
{ |
|
791 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
792 |
||
793 |
$ob = ''; |
|
794 |
$template->tpl_strings['PAGE_NAME'] = 'Access denied'; |
|
795 |
||
796 |
if ( $this->send_headers ) |
|
797 |
{ |
|
798 |
$ob .= $template->getHeader(); |
|
799 |
} |
|
800 |
||
801 |
$ob .= '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>'; |
|
802 |
||
803 |
if ( $this->send_headers ) |
|
804 |
{ |
|
805 |
$ob .= $template->getFooter(); |
|
806 |
} |
|
807 |
echo $ob; |
|
808 |
} |
|
809 |
||
810 |
/** |
|
811 |
* Send the error message to the user complaining that there weren't any rows. |
|
812 |
* @access private |
|
813 |
*/ |
|
814 |
||
815 |
function err_no_rows() |
|
816 |
{ |
|
817 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
818 |
||
819 |
$title = 'No text rows'; |
|
820 |
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>'; |
|
821 |
if ( $this->send_headers ) |
|
822 |
{ |
|
823 |
$template->tpl_strings['PAGE_NAME'] = $title; |
|
824 |
$template->header(); |
|
825 |
echo "<p>$message</p>"; |
|
826 |
$template->footer(); |
|
827 |
} |
|
828 |
else |
|
829 |
{ |
|
830 |
echo "<h2>$title</h2> |
|
831 |
<p>$message</p>"; |
|
832 |
} |
|
833 |
} |
|
834 |
||
835 |
/** |
|
836 |
* Tell the user the page doesn't exist, and present them with their options. |
|
837 |
* @access private |
|
838 |
*/ |
|
839 |
||
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
840 |
function err_page_not_existent($userpage = false) |
1 | 841 |
{ |
842 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
843 |
||
844 |
$this->header(); |
|
845 |
header('HTTP/1.1 404 Not Found'); |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
846 |
if ( $userpage ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
847 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
848 |
echo '<h3>There is no page with this title yet.</h3> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
849 |
<p>This user has not created his or her user page yet.'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
850 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
851 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
852 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
853 |
echo '<h3>There is no page with this title yet.</h3> |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
854 |
<p>You have requested a page that doesn\'t exist yet.'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
855 |
} |
1 | 856 |
if ( $session->get_permissions('create_page') ) |
857 |
{ |
|
858 |
echo ' You can <a href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.'; |
|
859 |
} |
|
860 |
else |
|
861 |
{ |
|
862 |
echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>'; |
|
863 |
} |
|
864 |
if ( $session->get_permissions('history_rollback') ) |
|
865 |
{ |
|
866 |
$e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;'); |
|
867 |
if ( !$e ) |
|
868 |
{ |
|
869 |
$db->_die('The deletion log could not be selected.'); |
|
870 |
} |
|
871 |
if ( $db->numrows() > 0 ) |
|
872 |
{ |
|
873 |
$r = $db->fetchrow(); |
|
28 | 874 |
echo '<p><b>This page was deleted on ' . $r['date_string'] . '.</b> The stated reason was:</p><blockquote>' . $r['edit_summary'] . '</blockquote><p>You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>'; |
1 | 875 |
} |
876 |
$db->free_result(); |
|
877 |
} |
|
878 |
echo '<p> |
|
879 |
HTTP Error: 404 Not Found |
|
880 |
</p>'; |
|
881 |
$this->footer(); |
|
882 |
} |
|
883 |
||
884 |
/** |
|
885 |
* PHP 4 constructor. |
|
886 |
* @see PageProcessor::__construct() |
|
887 |
*/ |
|
888 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
889 |
function PageProcessor( $page_id, $namespace, $revision_id = 0 ) |
1 | 890 |
{ |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
891 |
$this->__construct($page_id, $namespace, $revision_id); |
1 | 892 |
} |
893 |
||
894 |
/** |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
895 |
* Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user. |
1 | 896 |
* @var string Error message |
897 |
* @var bool If true, send DBAL's debugging information as well |
|
898 |
*/ |
|
899 |
||
900 |
function send_error($message, $sql = false) |
|
901 |
{ |
|
902 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
903 |
||
904 |
$content = "<p>$message</p>"; |
|
905 |
$template->tpl_strings['PAGE_NAME'] = 'General error in page fetcher'; |
|
906 |
||
907 |
if ( $this->debug['works'] ) |
|
908 |
{ |
|
909 |
$content .= $this->debug['backtrace']; |
|
910 |
} |
|
911 |
||
912 |
header('HTTP/1.1 500 Internal Server Error'); |
|
913 |
||
914 |
$template->header(); |
|
915 |
echo $content; |
|
916 |
$template->footer(); |
|
917 |
||
918 |
$db->close(); |
|
919 |
||
920 |
exit; |
|
921 |
||
922 |
} |
|
923 |
||
924 |
} // class PageProcessor |
|
925 |
||
926 |
?> |