# HG changeset patch # User Dan # Date 1250813011 14400 # Node ID d1c41601ef39c485518302b1327a09eadc70e398 # Parent 745200a9cc2a5d8299ccfd05780aa1044efd779d index: removed that annoying 2-space indent diff -r 745200a9cc2a -r d1c41601ef39 index.php --- a/index.php Thu Aug 20 20:01:55 2009 -0400 +++ b/index.php Thu Aug 20 20:03:31 2009 -0400 @@ -14,690 +14,690 @@ * @subpackage Frontend */ - define('ENANO_INTERFACE_INDEX', ''); - - // start up Enano - require('includes/common.php'); - - // decide on HTML compacting - $aggressive_optimize_html = !defined('ENANO_DEBUG') && !isset($_GET['nocompress']); - - // Set up gzip encoding before any output is sent - global $do_gzip; - // FIXME: make this configurable - $do_gzip = !defined('ENANO_DEBUG'); - - error_reporting(E_ALL); - - if($aggressive_optimize_html || $do_gzip) - { +define('ENANO_INTERFACE_INDEX', ''); + +// start up Enano +require('includes/common.php'); + +// decide on HTML compacting +$aggressive_optimize_html = !defined('ENANO_DEBUG') && !isset($_GET['nocompress']); + +// Set up gzip encoding before any output is sent +global $do_gzip; +// FIXME: make this configurable +$do_gzip = !defined('ENANO_DEBUG'); + +error_reporting(E_ALL); + +if($aggressive_optimize_html || $do_gzip) +{ + ob_start(); +} + +global $db, $session, $paths, $template, $plugins; // Common objects +$page_timestamp = time(); + +if ( !isset($_GET['do']) ) +{ + $_GET['do'] = 'view'; +} +switch($_GET['do']) +{ + default: + $code = $plugins->setHook('page_action'); ob_start(); - } - - global $db, $session, $paths, $template, $plugins; // Common objects - $page_timestamp = time(); - - if ( !isset($_GET['do']) ) - { - $_GET['do'] = 'view'; - } - switch($_GET['do']) - { - default: - $code = $plugins->setHook('page_action'); - ob_start(); - foreach ( $code as $cmd ) - { - eval($cmd); - } - if ( $contents = ob_get_contents() ) - { - ob_end_clean(); - echo $contents; - } - else - { - die_friendly('Invalid action', '
The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to viewing this page\'s text.
'); - } - break; - case 'view': - // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); - $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); - $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); - // Feed this PageProcessor to the template processor. This prevents $template from starting another - // PageProcessor when we already have one going. - $template->set_page($page); - $page->send_headers = true; - $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') ); - $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; - $page->password = $pagepass; - $page->send(true); - $page_timestamp = $page->revision_time; - break; - case 'comments': - $output->header(); - require_once(ENANO_ROOT.'/includes/pageutils.php'); - $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; - switch($sub) - { - case 'admin': - default: - $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; - $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; - echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id)); - break; - case 'postcomment': - if(empty($_POST['name']) || - empty($_POST['subj']) || - empty($_POST['text']) - ) { echo 'Invalid request'; break; } - $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; - $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; - - require_once('includes/comment.php'); - $comments = new Comments($paths->page_id, $paths->namespace); - - $submission = array( - 'mode' => 'submit', - 'captcha_id' => $cid, - 'captcha_code' => $cin, - 'name' => $_POST['name'], - 'subj' => $_POST['subj'], - 'text' => $_POST['text'], - ); - - $result = $comments->process_json($submission); - if ( $result['mode'] == 'error' ) - { - echo 'Invalid comment ID
'; break; } - $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); - if(!$q) $db->_die('The comment data could not be selected.'); - $row = $db->fetchrow(); - $db->free_result(); - $row['subject'] = str_replace('\'', ''', $row['subject']); - echo ''; - break; - case 'savecomment': - if(empty($_POST['subj']) || empty($_POST['text'])) { echo 'Invalid request
'; break; } - $r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); - if($r != 'good') { echo "$r"; break; } - echo PageUtils::comments_html($paths->page_id, $paths->namespace); - break; - case 'deletecomment': - if(!empty($_GET['id'])) - { - PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); - } - echo PageUtils::comments_html($paths->page_id, $paths->namespace); - break; - } - $output->footer(); - break; - case 'edit': - if(isset($_POST['_cancel'])) - { - redirect(makeUrl($paths->page), '', '', 0); + foreach ( $code as $cmd ) + { + eval($cmd); + } + if ( $contents = ob_get_contents() ) + { + ob_end_clean(); + echo $contents; + } + else + { + die_friendly('Invalid action', '
The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to viewing this page\'s text.
'); + } + break; + case 'view': + // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); + $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); + $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); + // Feed this PageProcessor to the template processor. This prevents $template from starting another + // PageProcessor when we already have one going. + $template->set_page($page); + $page->send_headers = true; + $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') ); + $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; + $page->password = $pagepass; + $page->send(true); + $page_timestamp = $page->revision_time; + break; + case 'comments': + $output->header(); + require_once(ENANO_ROOT.'/includes/pageutils.php'); + $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; + switch($sub) + { + case 'admin': + default: + $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; + $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; + echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id)); break; - } - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_save'])) - { - $captcha_valid = true; - if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) - { - $captcha_valid = false; - if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) ) - { - $hash_correct = strtolower($session->get_captcha($_POST['captcha_id'])); - $hash_input = strtolower($_POST['captcha_code']); - if ( $hash_input === $hash_correct ) - $captcha_valid = true; - } - } - if ( $captcha_valid ) + case 'postcomment': + if(empty($_POST['name']) || + empty($_POST['subj']) || + empty($_POST['text']) + ) { echo 'Invalid request'; break; } + $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; + $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; + + require_once('includes/comment.php'); + $comments = new Comments($paths->page_id, $paths->namespace); + + $submission = array( + 'mode' => 'submit', + 'captcha_id' => $cid, + 'captcha_code' => $cin, + 'name' => $_POST['name'], + 'subj' => $_POST['subj'], + 'text' => $_POST['text'], + ); + + $result = $comments->process_json($submission); + if ( $result['mode'] == 'error' ) { - $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor'])); - if ( $e == 'good' ) - { - redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3); - } - } - } - $template->header(); - if ( isset($captcha_valid) ) - { - echo ' '; - } - if(isset($_POST['_preview'])) - { - $text = $_POST['page_text']; - $edsumm = $_POST['edit_summary']; - echo PageUtils::genPreview($_POST['page_text']); - $text = htmlspecialchars($text); - $revid = 0; - } - else - { - $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0; - $page = new PageProcessor($paths->page_id, $paths->namespace, $revid); - $text = $page->fetch_source(); - $edsumm = ''; - // $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); - } - if ( $revid > 0 ) - { - $time = $page->revision_time; - // Retrieve information about this revision and the current one - $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1 - LEFT JOIN ' . table_prefix . 'logs AS l2 - ON ( l2.log_id = ' . $revid . ' - AND l2.log_type = \'page\' - AND l2.action = \'edit\' - AND l2.page_id = \'' . $db->escape($paths->page_id) . '\' - AND l2.namespace = \'' . $db->escape($paths->namespace) . '\' - AND l1.is_draft != 1 - ) - WHERE l1.log_type = \'page\' - AND l1.action = \'edit\' - AND l1.page_id = \'' . $db->escape($paths->page_id) . '\' - AND l1.namespace = \'' . $db->escape($paths->namespace) . '\' - AND l1.time_id > ' . $time . ' - AND l1.is_draft != 1 - ORDER BY l1.time_id DESC;'); - if ( !$q ) - $db->die_json(); - - if ( $db->numrows() > 0 ) - { - echo ' '; - - $rev_count = $db->numrows() - 2; - $row = $db->fetchrow(); - $undo_info = array( - 'old_author' => $row['oldrev_author'], - 'current_author' => $row['currentrev_author'], - 'undo_count' => max($rev_count, 1), - 'last_rev_id' => $revid - ); + echo 'Invalid comment ID
'; break; } + $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); + if(!$q) $db->_die('The comment data could not be selected.'); + $row = $db->fetchrow(); $db->free_result(); - } - echo ' - '; + break; + case 'savecomment': + if(empty($_POST['subj']) || empty($_POST['text'])) { echo 'Invalid request
'; break; } + $r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); + if($r != 'good') { echo "$r"; break; } + echo PageUtils::comments_html($paths->page_id, $paths->namespace); + break; + case 'deletecomment': + if(!empty($_GET['id'])) + { + PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); + } + echo PageUtils::comments_html($paths->page_id, $paths->namespace); + break; + } + $output->footer(); + break; + case 'edit': + if(isset($_POST['_cancel'])) + { + redirect(makeUrl($paths->page), '', '', 0); + break; + } + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_save'])) + { + $captcha_valid = true; if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) { - echo '
';
- echo '' . $lang->get('editor_lbl_field_captcha') . ' ' - . ' ' - . $lang->get('editor_msg_captcha_pleaseenter') . ' ' - . $lang->get('editor_msg_captcha_blind'); - echo ' | ';
- $hash = $session->make_captcha();
- echo ' '; - echo ''; - echo $lang->get('editor_lbl_field_captcha_code') . ' '; - echo ' |
The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.
'); + $revid = 0; + } + else + { + $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0; + $page = new PageProcessor($paths->page_id, $paths->namespace, $revid); + $text = $page->fetch_source(); + $edsumm = ''; + // $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); + } + if ( $revid > 0 ) + { + $time = $page->revision_time; + // Retrieve information about this revision and the current one + $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1 +LEFT JOIN ' . table_prefix . 'logs AS l2 + ON ( l2.log_id = ' . $revid . ' + AND l2.log_type = \'page\' + AND l2.action = \'edit\' + AND l2.page_id = \'' . $db->escape($paths->page_id) . '\' + AND l2.namespace = \'' . $db->escape($paths->namespace) . '\' + AND l1.is_draft != 1 + ) +WHERE l1.log_type = \'page\' + AND l1.action = \'edit\' + AND l1.page_id = \'' . $db->escape($paths->page_id) . '\' + AND l1.namespace = \'' . $db->escape($paths->namespace) . '\' + AND l1.time_id > ' . $time . ' + AND l1.is_draft != 1 +ORDER BY l1.time_id DESC;'); + if ( !$q ) + $db->die_json(); - $id = intval($id); - - $page = new PageProcessor($paths->page_id, $paths->namespace); - $result = $page->rollback_log_entry($id); - - if ( $result['success'] ) + if ( $db->numrows() > 0 ) { - $result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline'])); + echo ' '; + + $rev_count = $db->numrows() - 2; + $row = $db->fetchrow(); + $undo_info = array( + 'old_author' => $row['oldrev_author'], + 'current_author' => $row['currentrev_author'], + 'undo_count' => max($rev_count, 1), + 'last_rev_id' => $revid + ); } else { - $result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action'])); + $revid = 0; } - - $template->header(); - echo ''.$result.' ' . $lang->get('etc_return_to_page') . '
'; - $template->footer(); - break; - case 'catedit': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['__enanoSaveButton'])) - { - unset($_POST['__enanoSaveButton']); - $val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); - if($val == 'GOOD') - { - header('Location: '.makeUrl($paths->page)); echo ''.$val.'
'); - } - } - elseif(isset($_POST['__enanoCatCancel'])) + $db->free_result(); + } + echo ' + + '; + if ( getConfig('wiki_edit_notice', '0') == '1' ) + { + $notice = getConfig('wiki_edit_notice_text'); + echo RenderMan::render($notice); + } + $template->footer(); + break; + case 'viewsource': + $template->header(); + $text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false); + $text = htmlspecialchars($text); + echo ' + + '; + $template->footer(); + break; + case 'history': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + $hist = PageUtils::histlist($paths->page_id, $paths->namespace); + $template->header(); + echo $hist; + $template->footer(); + break; + case 'rollback': + $id = (isset($_GET['id'])) ? $_GET['id'] : false; + if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', 'The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.
'); + + $id = intval($id); + + $page = new PageProcessor($paths->page_id, $paths->namespace); + $result = $page->rollback_log_entry($id); + + if ( $result['success'] ) + { + $result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline'])); + } + else + { + $result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action'])); + } + + $template->header(); + echo ''.$result.' ' . $lang->get('etc_return_to_page') . '
'; + $template->footer(); + break; + case 'catedit': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['__enanoSaveButton'])) + { + unset($_POST['__enanoSaveButton']); + $val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); + if($val == 'GOOD') { header('Location: '.makeUrl($paths->page)); echo ''.$val.'
'); } - $template->header(); - $c = PageUtils::catedit_raw($paths->page_id, $paths->namespace); - echo $c[1]; - $template->footer(); - break; - case 'moreoptions': - $template->header(); - echo ' '; - $template->footer(); - break; - case 'protect': - if ( !$session->sid_super ) + } + elseif(isset($_POST['__enanoCatCancel'])) + { + header('Location: '.makeUrl($paths->page)); echo ''.nl2br($r).' ' . $lang->get('etc_return_to_page') . '.
'); + } + $template->header(); + ?> + + footer(); + break; + case 'flushlogs': + if(!$session->get_permissions('clear_logs')) + { + die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('etc_access_denied') . '
'); + } + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_downthejohn'])) + { + $template->header(); + $result = PageUtils::flushlogs($paths->page_id, $paths->namespace); + echo ''.$result.' ' . $lang->get('etc_return_to_page') . '.
'; + $template->footer(); + break; + } + $template->header(); + ?> + footer(); + break; + case 'delvote': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_ballotbox'])) + { + $template->header(); + $result = PageUtils::delvote($paths->page_id, $paths->namespace); + echo ''.$result.' ' . $lang->get('etc_return_to_page') . '.
'; $template->footer(); break; - case 'rename': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(!empty($_POST['newname'])) - { - $r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']); - die_friendly($lang->get('page_rename_success_title'), ''.nl2br($r).' ' . $lang->get('etc_return_to_page') . '.
'); - } - $template->header(); + } + $template->header(); ?> - footer(); + $template->footer(); + break; + case 'resetvotes': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(!$session->get_permissions('vote_reset')) + { + die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('etc_access_denied') . '
'); + } + if(isset($_POST['_youmaylivealittlelonger'])) + { + $template->header(); + $result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace); + echo ''.$result.' ' . $lang->get('etc_return_to_page') . '.
'; + $template->footer(); break; - case 'flushlogs': - if(!$session->get_permissions('clear_logs')) - { - die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('etc_access_denied') . '
'); - } - if ( !$session->sid_super ) - { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); - } - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_downthejohn'])) + } + $template->header(); + ?> + + footer(); + break; + case 'deletepage': + if(!$session->get_permissions('delete_page')) + { + die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('etc_access_denied') . '
'); + } + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_adiossucker'])) + { + $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; + if ( empty($reason) ) + $error = $lang->get('ajax_delete_prompt_reason'); + else { $template->header(); - $result = PageUtils::flushlogs($paths->page_id, $paths->namespace); + $result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); echo ''.$result.' ' . $lang->get('etc_return_to_page') . '.
'; $template->footer(); break; } - $template->header(); - ?> - - footer(); - break; - case 'delvote': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_ballotbox'])) + } + $template->header(); + ?> + + footer(); + break; + case 'setwikimode': + if(!$session->get_permissions('set_wiki_mode')) + { + die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('etc_access_denied') . '
'); + } + if ( isset($_POST['finish']) ) + { + $level = intval($_POST['level']); + if ( !in_array($level, array(0, 1, 2) ) ) { - $template->header(); - $result = PageUtils::delvote($paths->page_id, $paths->namespace); - echo ''.$result.' ' . $lang->get('etc_return_to_page') . '.
'; - $template->footer(); - break; + die_friendly('Invalid request', 'Level not specified
'); } - $template->header(); - ?> - - footer(); - break; - case 'resetvotes': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(!$session->get_permissions('vote_reset')) - { - die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('etc_access_denied') . '
'); - } - if(isset($_POST['_youmaylivealittlelonger'])) - { - $template->header(); - $result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace); - echo ''.$result.' ' . $lang->get('etc_return_to_page') . '.
'; - $template->footer(); - break; - } + $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); + if ( !$q ) + $db->_die(); + redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2); + } + else + { $template->header(); - ?> - - footer(); - break; - case 'deletepage': - if(!$session->get_permissions('delete_page')) - { - die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('etc_access_denied') . '
'); - } - if ( !$session->sid_super ) - { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); - } - - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_adiossucker'])) - { - $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; - if ( empty($reason) ) - $error = $lang->get('ajax_delete_prompt_reason'); - else - { - $template->header(); - $result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); - echo ''.$result.' ' . $lang->get('etc_return_to_page') . '.
'; - $template->footer(); - break; - } - } - $template->header(); - ?> - - footer(); - break; - case 'setwikimode': - if(!$session->get_permissions('set_wiki_mode')) - { - die_friendly($lang->get('etc_access_denied_short'), '' . $lang->get('etc_access_denied') . '
'); - } - if ( isset($_POST['finish']) ) - { - $level = intval($_POST['level']); + if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', 'Level not specified
'); + $level = intval($_GET['level']); if ( !in_array($level, array(0, 1, 2) ) ) { die_friendly('Invalid request', 'Level not specified
'); } - $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); - if ( !$q ) - $db->_die(); - redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2); - } - else - { - $template->header(); - if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', 'Level not specified
'); - $level = intval($_GET['level']); - if ( !in_array($level, array(0, 1, 2) ) ) - { - die_friendly('Invalid request', 'Level not specified
'); - } - echo '