Mercurial Mercurial > repos > enano-1.1 / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed php_in_pages out-of-scope error in Special:UploadFile; modified RenderMan::preprocess_text() to take a permissions object for any page
authorDan
Thu, 17 Dec 2009 22:42:32 -0500
changeset 1171 d42d46e13b36
parent 1170 71cb87b7dc3f
child 1172 db6b116b8ea7
Fixed php_in_pages out-of-scope error in Special:UploadFile; modified RenderMan::preprocess_text() to take a permissions object for any page
includes/render.php file | annotate | diff | comparison | revisions
plugins/SpecialUpdownload.php file | annotate | diff | comparison | revisions 
--- a/includes/render.php	Thu Dec 17 04:31:55 2009 -0500
+++ b/includes/render.php	Thu Dec 17 22:42:32 2009 -0500
@@ -917,8 +917,9 @@
    * @param bool $strip_all_php - if true, strips all PHP regardless of user permissions. Else, strips PHP only if user level < USER_LEVEL_ADMIN. Defaults to true.
    * @param bool $sqlescape - if true, sends text through $db->escape(). Otherwise returns unescaped text. Defaults to true.
    * @param bool $reduceheadings - if true, finds HTML headings and replaces them with wikitext. Else, does not touch headings. Defaults to true.
+   * @param Session_ACLPageInfo Optional permissions instance to check against, $session is used if not provided
    */
-  public static function preprocess_text($text, $strip_all_php = true, $sqlescape = true, $reduceheadings = true)
+  public static function preprocess_text($text, $strip_all_php = true, $sqlescape = true, $reduceheadings = true, $perms = false)
   {
     global $db, $session, $paths, $template, $plugins; // Common objects
     $random_id = md5( time() . mt_rand() );
@@ -929,8 +930,18 @@
       eval($cmd);
     }
     
-    $can_do_php = ( !$strip_all_php && $session->get_permissions('php_in_pages') );
-    $can_do_html = $session->check_acl_scope('html_in_pages', $paths->namespace) && $session->get_permissions('html_in_pages');
+    if ( !is_object($perms) )
+    {
+      $namespace = $paths->namespace;
+      $perms =& $session;
+    }
+    else
+    {
+      $namespace = $perms->namespace;
+    }
+    
+    $can_do_php = ( !$strip_all_php && $perms->get_permissions('php_in_pages') );
+    $can_do_html = $session->check_acl_scope('html_in_pages', $namespace) && $perms->get_permissions('html_in_pages');
     
     if ( $can_do_html && !$can_do_php )
     {
--- a/plugins/SpecialUpdownload.php	Thu Dec 17 04:31:55 2009 -0500
+++ b/plugins/SpecialUpdownload.php	Thu Dec 17 22:42:32 2009 -0500
@@ -108,7 +108,8 @@
     $ext = substr($filename, strrpos($filename, '.'), strlen($filename));
     $flen = filesize($file['tmp_name']);
     
-    $comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false));
+    $perms = $session->fetch_page_acl($filename, 'File');
+    $comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false, true, $perms));
     $chartag = sha1(microtime());
     $urln = str_replace(' ', '_', $filename);
Enano CMS (1.1.x)