1
+ − 1
<?php
+ − 2
/*
+ − 3
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 4
* Version 1.0 (Banshee)
1
+ − 5
* pageprocess.php - intelligent retrieval of pages
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
/**
+ − 16
* Class to handle fetching page text (possibly from a cache) and formatting it.
+ − 17
* @package Enano
+ − 18
* @subpackage UI
+ − 19
* @copyright 2007 Dan Fuhry
+ − 20
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html>
+ − 21
*/
+ − 22
+ − 23
class PageProcessor
+ − 24
{
+ − 25
+ − 26
/**
+ − 27
* Page ID and namespace of the page handled by this instance
+ − 28
* @var string
+ − 29
*/
+ − 30
+ − 31
var $page_id;
+ − 32
var $namespace;
+ − 33
+ − 34
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 35
* The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 36
* @var int
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 37
*/
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 38
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 39
var $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 40
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 41
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 42
* Unsanitized page ID.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 43
* @var string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 44
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 45
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 46
var $page_id_unclean;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 47
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 48
/**
1
+ − 49
* Tracks if the page we're loading exists in the database or not.
+ − 50
* @var bool
+ − 51
*/
+ − 52
+ − 53
var $page_exists = false;
+ − 54
+ − 55
/**
+ − 56
* Permissions!
+ − 57
* @var object
+ − 58
*/
+ − 59
+ − 60
var $perms = null;
+ − 61
+ − 62
/**
+ − 63
* Switch to track if redirects are allowed. Defaults to true.
+ − 64
* @var bool
+ − 65
*/
+ − 66
+ − 67
var $allow_redir = true;
+ − 68
+ − 69
/**
+ − 70
* If this is set to true, this will call the header and footer funcs on $template when render() is called.
+ − 71
* @var bool
+ − 72
*/
+ − 73
+ − 74
var $send_headers = false;
+ − 75
+ − 76
/**
+ − 77
* Cache the fetched text so we don't fetch it from the DB twice.
+ − 78
* @var string
+ − 79
*/
+ − 80
+ − 81
var $text_cache = '';
+ − 82
+ − 83
/**
+ − 84
* Debugging information to track errors. You can set enable to false to disable sending debug information.
+ − 85
* @var array
+ − 86
*/
+ − 87
+ − 88
var $debug = array(
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 89
'enable' => false,
1
+ − 90
'works' => false
+ − 91
);
+ − 92
+ − 93
/**
+ − 94
* Constructor.
+ − 95
* @param string The page ID (urlname) of the page
+ − 96
* @param string The namespace of the page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 97
* @param int Optional. The revision ID to send.
1
+ − 98
*/
+ − 99
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 100
function __construct( $page_id, $namespace, $revision_id = 0 )
1
+ − 101
{
+ − 102
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 103
+ − 104
// See if we can get some debug info
+ − 105
if ( function_exists('debug_backtrace') && $this->debug['enable'] )
+ − 106
{
+ − 107
$this->debug['works'] = true;
+ − 108
$this->debug['backtrace'] = enano_debug_print_backtrace(true);
+ − 109
}
+ − 110
+ − 111
// First things first - check page existence and permissions
+ − 112
+ − 113
if ( !isset($paths->nslist[$namespace]) )
+ − 114
{
+ − 115
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
+ − 116
}
+ − 117
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 118
if ( !is_int($revision_id) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 119
$revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 120
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 121
$this->_setup( $page_id, $namespace, $revision_id );
1
+ − 122
+ − 123
}
+ − 124
+ − 125
/**
+ − 126
* The main method to send the page content. Also responsible for checking permissions.
+ − 127
*/
+ − 128
+ − 129
function send()
+ − 130
{
+ − 131
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 132
if ( !$this->perms->get_permissions('read') )
+ − 133
{
+ − 134
$this->err_access_denied();
+ − 135
return false;
+ − 136
}
24
+ − 137
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 138
$strict_no_headers = false;
+ − 139
if ( isset($paths->pages[$pathskey]) )
+ − 140
{
+ − 141
if ( $paths->pages[$pathskey]['special'] == 1 )
+ − 142
{
+ − 143
$this->send_headers = false;
+ − 144
$strict_no_headers = true;
+ − 145
}
+ − 146
}
1
+ − 147
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' )
+ − 148
{
+ − 149
if ( !$this->page_exists )
+ − 150
{
+ − 151
redirect( makeUrl(getConfig('main_page')), 'Can\'t find special page', 'The special or administration page you requested does not exist. You will now be transferred to the main page.', 2 );
+ − 152
}
+ − 153
$func_name = "page_{$this->namespace}_{$this->page_id}";
+ − 154
if ( function_exists($func_name) )
+ − 155
{
+ − 156
return @call_user_func($func_name);
+ − 157
}
+ − 158
else
+ − 159
{
+ − 160
$title = 'Page backend not found';
+ − 161
$message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 162
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 163
+ − 164
if ( $this->send_headers )
+ − 165
{
+ − 166
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 167
$template->header();
+ − 168
echo "<p>$message</p>";
+ − 169
$template->footer();
+ − 170
}
+ − 171
else
+ − 172
{
+ − 173
echo "<h2>$title</h2>
+ − 174
<p>$message</p>";
+ − 175
}
+ − 176
return false;
+ − 177
}
+ − 178
}
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 179
else if ( $this->namespace == 'User' )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 180
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 181
$this->_handle_userpage();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 182
}
1
+ − 183
else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists )
+ − 184
{
+ − 185
$this->header();
+ − 186
+ − 187
$text = $this->fetch_text();
+ − 188
$text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text);
+ − 189
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text);
+ − 190
+ − 191
$text = RenderMan::render( $text );
+ − 192
+ − 193
echo $text;
+ − 194
+ − 195
$this->footer();
+ − 196
+ − 197
}
+ − 198
else if ( !$this->page_exists )
+ − 199
{
+ − 200
// Perhaps this is hooked?
+ − 201
ob_start();
+ − 202
+ − 203
$code = $plugins->setHook('page_not_found');
+ − 204
foreach ( $code as $cmd )
+ − 205
{
+ − 206
eval($cmd);
+ − 207
}
+ − 208
+ − 209
$ob = ob_get_contents();
+ − 210
+ − 211
if ( empty($ob) )
+ − 212
{
+ − 213
$this->err_page_not_existent();
+ − 214
}
+ − 215
}
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 216
else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 217
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 218
// Send as regular page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 219
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 220
// die($this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 221
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 222
$text = $this->fetch_text();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 223
if ( $text == 'err_no_text_rows' )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 224
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 225
$this->err_no_rows();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 226
return false;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 227
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 228
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 229
{
24
+ − 230
$this->render( (!$strict_no_headers) );
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 231
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 232
}
1
+ − 233
}
+ − 234
+ − 235
/**
+ − 236
* Sets internal variables.
+ − 237
* @access private
+ − 238
*/
+ − 239
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 240
function _setup($page_id, $namespace, $revision_id)
1
+ − 241
{
+ − 242
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 243
+ − 244
$page_id_cleaned = sanitize_page_id($page_id);
+ − 245
+ − 246
$this->page_id = $page_id_cleaned;
+ − 247
$this->namespace = $namespace;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 248
$this->revision_id = $revision_id;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 249
$this->page_id_unclean = dirtify_page_id($page_id);
1
+ − 250
+ − 251
$this->perms = $session->fetch_page_acl( $page_id, $namespace );
+ − 252
+ − 253
// Exception for Admin: pages
+ − 254
if ( $this->namespace == 'Admin' )
+ − 255
{
+ − 256
$fname = "page_Admin_{$this->page_id}";
+ − 257
}
+ − 258
+ − 259
// Does the page "exist"?
4
+ − 260
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
1
+ − 261
{
+ − 262
$this->page_exists = false;
+ − 263
}
+ − 264
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
+ − 265
{
+ − 266
$this->page_exists = false;
+ − 267
}
+ − 268
else
+ − 269
{
+ − 270
$this->page_exists = true;
+ − 271
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 272
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 273
// Compatibility with older databases
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 274
if ( strstr($this->page_id, '.2e') && !$this->page_exists )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 275
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 276
$page_id = str_replace('.2e', '.', $page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 277
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 278
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 279
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 280
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 281
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 282
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 283
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 284
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 285
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 286
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 287
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 288
$this->page_exists = true;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 289
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 290
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 291
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 292
1
+ − 293
}
+ − 294
+ − 295
/**
+ − 296
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
+ − 297
* @access private
+ − 298
*/
+ − 299
24
+ − 300
function render($incl_inner_headers = true)
1
+ − 301
{
+ − 302
$text = $this->fetch_text();
+ − 303
+ − 304
$this->header();
24
+ − 305
if ( $incl_inner_headers )
+ − 306
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 307
display_page_headers();
24
+ − 308
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 309
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 310
if ( $this->revision_id )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 311
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 312
echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on '.date('F d, Y \a\t h:i a', $this->revision_id).'.<br /><a href="'.makeUrlNS($this->namespace, $this->page_id).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrlNS($this->namespace, $this->pageid, 'do=rollback&id='.$this->revision_id).'" onclick="ajaxRollback(\''.$this->revision_id.'\')">Restore this version</a></div><br />';
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 313
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 314
25
+ − 315
if ( $incl_inner_headers )
+ − 316
{
+ − 317
$text = '?>' . RenderMan::render($text);
+ − 318
}
+ − 319
else
+ − 320
{
+ − 321
$text = '?>' . $text;
+ − 322
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 323
// echo('<pre>'.htmlspecialchars($text).'</pre>');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 324
eval ( $text );
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 325
24
+ − 326
if ( $incl_inner_headers )
+ − 327
{
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 328
display_page_footers();
24
+ − 329
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 330
1
+ − 331
$this->footer();
+ − 332
}
+ − 333
+ − 334
/**
+ − 335
* Sends the page header, dependent on, of course, whether we're supposed to.
+ − 336
*/
+ − 337
+ − 338
function header()
+ − 339
{
+ − 340
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 341
if ( $this->send_headers )
+ − 342
$template->header();
+ − 343
}
+ − 344
+ − 345
/**
+ − 346
* Sends the page footer, dependent on, of course, whether we're supposed to.
+ − 347
*/
+ − 348
+ − 349
function footer()
+ − 350
{
+ − 351
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 352
if ( $this->send_headers )
+ − 353
$template->footer();
+ − 354
}
+ − 355
+ − 356
/**
+ − 357
* Fetches the raw, unfiltered page text.
+ − 358
* @access public
+ − 359
*/
+ − 360
+ − 361
function fetch_text()
+ − 362
{
+ − 363
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 364
+ − 365
if ( !empty($this->text_cache) )
+ − 366
{
+ − 367
return $this->text_cache;
+ − 368
}
+ − 369
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 370
if ( $this->revision_id > 0 && is_int($this->revision_id) )
1
+ − 371
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 372
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 373
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 374
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 375
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 376
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 377
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 378
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 379
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 380
// Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 381
if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 382
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 383
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 384
$page_id = str_replace('.2e', '.', $this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 385
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 386
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 387
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 388
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 389
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 390
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 391
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 392
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 393
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 394
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 395
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 396
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 397
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 398
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 399
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 400
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 401
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 402
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 403
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 404
$row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 405
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 406
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 407
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 408
1
+ − 409
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 410
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 411
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 412
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 413
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 414
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 415
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 416
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 417
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 418
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 419
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 420
// Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 421
if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 422
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 423
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 424
$page_id = str_replace('.2e', '.', $this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 425
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 426
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 427
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 428
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 429
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 430
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 431
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 432
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 433
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 434
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 435
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 436
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 437
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 438
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 439
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 440
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 441
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 442
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 443
$row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 444
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 445
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 446
}
1
+ − 447
+ − 448
if ( !empty($row['char_tag']) )
+ − 449
{
+ − 450
// This page text entry uses the old text-escaping format
+ − 451
$from = array(
+ − 452
"{APOS:{$row['char_tag']}}",
+ − 453
"{QUOT:{$row['char_tag']}}",
+ − 454
"{SLASH:{$row['char_tag']}}"
+ − 455
);
+ − 456
$to = array("'", '"', '\\');
+ − 457
$row['page_text'] = str_replace($from, $to, $row['page_text']);
+ − 458
}
+ − 459
+ − 460
$this->text_cache = $row['page_text'];
+ − 461
+ − 462
return $row['page_text'];
+ − 463
+ − 464
}
+ − 465
+ − 466
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 467
* Handles the extra overhead required for user pages.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 468
* @access private
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 469
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 470
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 471
function _handle_userpage()
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 472
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 473
global $db, $session, $paths, $template, $plugins; // Common objects
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 474
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 475
if ( $this->page_id == $paths->cpage['urlname_nons'] && $this->namespace == $paths->namespace )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 476
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 477
$page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 478
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 479
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 480
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 481
$page_name = ( isset($paths->pages[$this->page_id]) ) ? $paths->pages[$this->page_id]['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 482
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 483
22
+ − 484
$target_username = strtr($page_name,
+ − 485
Array(
+ − 486
'_' => ' ',
+ − 487
'<' => '<',
+ − 488
'>' => '>'
+ − 489
));
+ − 490
+ − 491
$target_username = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $target_username);
+ − 492
+ − 493
if ( ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) ) || !$this->page_exists )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 494
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 495
$page_name = "$target_username's user page";
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 496
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 497
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 498
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 499
// User has a custom title for their userpage
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 500
$page_name = $paths->pages[ $paths->nslist[$this->namespace] . $this->page_id ]['name'];
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 501
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 502
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 503
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 504
22
+ − 505
$q = $db->sql_query('SELECT u.username, u.user_id AS authoritative_uid, u.real_name, u.email, u.reg_time, x.*, COUNT(c.comment_id) AS n_comments
+ − 506
FROM '.table_prefix.'users u
+ − 507
LEFT JOIN '.table_prefix.'users_extra AS x
+ − 508
ON ( u.user_id = x.user_id OR x.user_id IS NULL )
+ − 509
LEFT JOIN '.table_prefix.'comments AS c
+ − 510
ON ( ( c.user_id=u.user_id AND c.approved=1 ) OR ( c.comment_id IS NULL AND c.approved IS NULL ) )
+ − 511
WHERE u.username=\'' . $db->escape($target_username) . '\'
+ − 512
GROUP BY u.user_id;');
+ − 513
if ( !$q )
+ − 514
$db->_die();
+ − 515
+ − 516
$user_exists = true;
+ − 517
+ − 518
if ( $db->numrows() < 1 )
+ − 519
{
+ − 520
$user_exists = false;
+ − 521
}
+ − 522
else
+ − 523
{
+ − 524
$userdata = $db->fetchrow();
+ − 525
if ( $userdata['authoritative_uid'] == 1 )
+ − 526
{
+ − 527
// Hide data for anonymous user
+ − 528
$user_exists = false;
+ − 529
unset($userdata);
+ − 530
}
+ − 531
}
+ − 532
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 533
$this->header();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 534
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 535
// if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 536
// {
22
+ − 537
// display_page_headers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 538
// }
16
+ − 539
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 540
// Start left sidebar: basic user info, latest comments
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 541
22
+ − 542
if ( $user_exists ):
+ − 543
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 544
echo '<table border="0" cellspacing="4" cellpadding="0" style="width: 100%;">';
22
+ − 545
echo '<tr><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 546
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 547
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 548
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 549
22
+ − 550
//
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 551
// Main part of sidebar
22
+ − 552
//
+ − 553
+ − 554
// Basic user info
+ − 555
+ − 556
echo '<tr><th class="subhead">All about ' . htmlspecialchars($target_username) . '</th></tr>';
+ − 557
echo '<tr><td class="row3">Joined: ' . date('F d, Y h:i a', $userdata['reg_time']) . '</td></tr>';
+ − 558
echo '<tr><td class="row1">Total comments: ' . $userdata['n_comments'] . '</td></tr>';
+ − 559
+ − 560
if ( !empty($userdata['real_name']) )
+ − 561
{
+ − 562
echo '<tr><td class="row3">Real name: ' . htmlspecialchars($userdata['real_name']) . '</td></tr>';
+ − 563
}
+ − 564
+ − 565
// Comments
+ − 566
+ − 567
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . '\'s latest comments</th></tr>';
+ − 568
$q = $db->sql_query('SELECT page_id, namespace, subject, time FROM '.table_prefix.'comments WHERE name=\'' . $db->escape($target_username) . '\' AND approved=1 ORDER BY time DESC LIMIT 5;');
+ − 569
if ( !$q )
+ − 570
$db->_die();
+ − 571
+ − 572
$comments = Array();
+ − 573
$no_comments = false;
+ − 574
+ − 575
if ( $row = $db->fetchrow() )
+ − 576
{
+ − 577
do
+ − 578
{
+ − 579
$row['time'] = date('F d, Y', $row['time']);
+ − 580
$comments[] = $row;
+ − 581
}
+ − 582
while ( $row = $db->fetchrow() );
+ − 583
}
+ − 584
else
+ − 585
{
+ − 586
$no_comments = true;
+ − 587
}
+ − 588
+ − 589
echo '<tr><td class="row3">';
+ − 590
echo '<div style="border: 1px solid #000000; padding: 0px; margin: 0; max-height: 200px; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: transparent;" class="tblholder">';
+ − 591
+ − 592
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 593
$class = 'row1';
+ − 594
+ − 595
$tpl = '<tr>
+ − 596
<td class="{CLASS}">
+ − 597
<a href="{PAGE_LINK}" <!-- BEGINNOT page_exists -->class="wikilink-nonexistent"<!-- END page_exists -->>{PAGE}</a><br />
+ − 598
<small>Posted {DATE}<br /></small>
+ − 599
<b><a href="{COMMENT_LINK}">{SUBJECT}</a></b>
+ − 600
</td>
+ − 601
</tr>';
+ − 602
$parser = $template->makeParserText($tpl);
+ − 603
+ − 604
if ( count($comments) > 0 )
+ − 605
{
+ − 606
foreach ( $comments as $comment )
+ − 607
{
+ − 608
$c_page_id = $paths->nslist[ $comment['namespace'] ] . sanitize_page_id($comment['page_id']);
+ − 609
if ( isset($paths->pages[ $c_page_id ]) )
+ − 610
{
+ − 611
$parser->assign_bool(array(
+ − 612
'page_exists' => true
+ − 613
));
+ − 614
$page_title = $paths->pages[ $c_page_id ]['name'];
+ − 615
}
+ − 616
else
+ − 617
{
+ − 618
$parser->assign_bool(array(
+ − 619
'page_exists' => false
+ − 620
));
+ − 621
$page_title = htmlspecialchars(dirtify_page_id($c_page_id));
+ − 622
}
+ − 623
$parser->assign_vars(array(
+ − 624
'CLASS' => $class,
+ − 625
'PAGE_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id'])),
+ − 626
'PAGE' => $page_title,
+ − 627
'SUBJECT' => $comment['subject'],
+ − 628
'DATE' => $comment['time'],
+ − 629
'COMMENT_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id']), 'do=comments', true)
+ − 630
));
+ − 631
$class = ( $class == 'row3' ) ? 'row1' : 'row3';
+ − 632
echo $parser->run();
+ − 633
}
+ − 634
}
+ − 635
else
+ − 636
{
+ − 637
echo '<tr><td class="' . $class . '">This user has not posted any comments.</td></tr>';
+ − 638
}
+ − 639
echo '</table>';
+ − 640
+ − 641
echo '</div>';
+ − 642
echo '</td></tr>';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 643
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 644
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 645
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 646
22
+ − 647
echo '</td><td valign="top" style="padding: 0 10px;">';
+ − 648
+ − 649
else:
+ − 650
+ − 651
// Nothing for now
+ − 652
+ − 653
endif;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 654
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 655
// User's own content
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 656
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 657
$send_headers = $this->send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 658
$this->send_headers = false;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 659
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 660
if ( $this->page_exists )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 661
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 662
$this->render();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 663
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 664
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 665
{
22
+ − 666
$this->err_page_not_existent(true);
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 667
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 668
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 669
// Right sidebar
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 670
22
+ − 671
if ( $user_exists ):
+ − 672
+ − 673
echo '</td><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 674
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 675
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 676
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 677
22
+ − 678
//
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 679
// Main part of sidebar
22
+ − 680
//
+ − 681
+ − 682
// Contact information
+ − 683
+ − 684
echo '<tr><th class="subhead">Get in touch</th></tr>';
+ − 685
+ − 686
$class = 'row3';
+ − 687
+ − 688
if ( $userdata['email_public'] == 1 )
+ − 689
{
+ − 690
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 691
global $email;
+ − 692
$email_link = $email->encryptEmail($userdata['email']);
+ − 693
echo '<tr><td class="'.$class.'">E-mail address: ' . $email_link . '</td></tr>';
+ − 694
}
+ − 695
+ − 696
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 697
if ( $session->user_logged_in )
+ − 698
{
+ − 699
echo '<tr><td class="'.$class.'">Send ' . htmlspecialchars($target_username) . ' a <a href="' . makeUrlNS('Special', 'PrivateMessages/Compose/to/' . $this->page_id, false, true) . '">Private Message</a>!</td></tr>';
+ − 700
}
+ − 701
else
+ − 702
{
+ − 703
echo '<tr><td class="'.$class.'">You could send ' . htmlspecialchars($target_username) . ' a private message if you were <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist[$this->namespace] . $this->page_id) . '">logged in</a>.</td></tr>';
+ − 704
}
+ − 705
+ − 706
if ( !empty($userdata['user_aim']) )
+ − 707
{
+ − 708
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 709
echo '<tr><td class="'.$class.'">AIM: ' . htmlspecialchars($userdata['user_aim']) . '</td></tr>';
+ − 710
}
+ − 711
+ − 712
if ( !empty($userdata['user_yahoo']) )
+ − 713
{
+ − 714
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 715
echo '<tr><td class="'.$class.'">Yahoo! IM: ' . htmlspecialchars($userdata['user_yahoo']) . '</td></tr>';
+ − 716
}
+ − 717
+ − 718
if ( !empty($userdata['user_msn']) )
+ − 719
{
+ − 720
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 721
$email_link = $email->encryptEmail($userdata['user_msn']);
+ − 722
echo '<tr><td class="'.$class.'">WLM: ' . $email_link . '</td></tr>';
+ − 723
}
+ − 724
+ − 725
if ( !empty($userdata['user_xmpp']) )
+ − 726
{
+ − 727
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 728
$email_link = $email->encryptEmail($userdata['user_xmpp']);
+ − 729
echo '<tr><td class="'.$class.'">XMPP/Jabber: ' . $email_link . '</td></tr>';
+ − 730
}
+ − 731
+ − 732
// Real life
+ − 733
+ − 734
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . ' in real life</th></tr>';
+ − 735
+ − 736
if ( !empty($userdata['user_location']) )
+ − 737
{
+ − 738
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 739
echo '<tr><td class="'.$class.'">Location: ' . htmlspecialchars($userdata['user_location']) . '</td></tr>';
+ − 740
}
+ − 741
+ − 742
if ( !empty($userdata['user_job']) )
+ − 743
{
+ − 744
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 745
echo '<tr><td class="'.$class.'">Job/occupation: ' . htmlspecialchars($userdata['user_job']) . '</td></tr>';
+ − 746
}
+ − 747
+ − 748
if ( !empty($userdata['user_hobbies']) )
+ − 749
{
+ − 750
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 751
echo '<tr><td class="'.$class.'">Enjoys: ' . htmlspecialchars($userdata['user_hobbies']) . '</td></tr>';
+ − 752
}
+ − 753
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 754
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 755
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 756
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 757
echo '</tr></table>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 758
22
+ − 759
else:
+ − 760
+ − 761
echo '<p>Additional information: user "' . htmlspecialchars($target_username) . '" does not exist.</p>';
+ − 762
+ − 763
endif;
+ − 764
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 765
// if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 766
// {
22
+ − 767
// display_page_footers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 768
// }
16
+ − 769
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 770
$this->send_headers = $send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 771
unset($send_headers);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 772
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 773
$this->footer();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 774
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 775
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 776
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 777
/**
1
+ − 778
* Send the error message to the user that the access to this page is denied.
+ − 779
* @access private
+ − 780
*/
+ − 781
+ − 782
function err_access_denied()
+ − 783
{
+ − 784
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 785
+ − 786
$ob = '';
+ − 787
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 788
+ − 789
if ( $this->send_headers )
+ − 790
{
+ − 791
$ob .= $template->getHeader();
+ − 792
}
+ − 793
+ − 794
$ob .= '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 795
+ − 796
if ( $this->send_headers )
+ − 797
{
+ − 798
$ob .= $template->getFooter();
+ − 799
}
+ − 800
echo $ob;
+ − 801
}
+ − 802
+ − 803
/**
+ − 804
* Send the error message to the user complaining that there weren't any rows.
+ − 805
* @access private
+ − 806
*/
+ − 807
+ − 808
function err_no_rows()
+ − 809
{
+ − 810
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 811
+ − 812
$title = 'No text rows';
+ − 813
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
+ − 814
if ( $this->send_headers )
+ − 815
{
+ − 816
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 817
$template->header();
+ − 818
echo "<p>$message</p>";
+ − 819
$template->footer();
+ − 820
}
+ − 821
else
+ − 822
{
+ − 823
echo "<h2>$title</h2>
+ − 824
<p>$message</p>";
+ − 825
}
+ − 826
}
+ − 827
+ − 828
/**
+ − 829
* Tell the user the page doesn't exist, and present them with their options.
+ − 830
* @access private
+ − 831
*/
+ − 832
22
+ − 833
function err_page_not_existent($userpage = false)
1
+ − 834
{
+ − 835
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 836
+ − 837
$this->header();
+ − 838
header('HTTP/1.1 404 Not Found');
22
+ − 839
if ( $userpage )
+ − 840
{
+ − 841
echo '<h3>There is no page with this title yet.</h3>
+ − 842
<p>This user has not created his or her user page yet.';
+ − 843
}
+ − 844
else
+ − 845
{
+ − 846
echo '<h3>There is no page with this title yet.</h3>
+ − 847
<p>You have requested a page that doesn\'t exist yet.';
+ − 848
}
1
+ − 849
if ( $session->get_permissions('create_page') )
+ − 850
{
+ − 851
echo ' You can <a href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 852
}
+ − 853
else
+ − 854
{
+ − 855
echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
+ − 856
}
+ − 857
if ( $session->get_permissions('history_rollback') )
+ − 858
{
+ − 859
$e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;');
+ − 860
if ( !$e )
+ − 861
{
+ − 862
$db->_die('The deletion log could not be selected.');
+ − 863
}
+ − 864
if ( $db->numrows() > 0 )
+ − 865
{
+ − 866
$r = $db->fetchrow();
+ − 867
echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
+ − 868
}
+ − 869
$db->free_result();
+ − 870
}
+ − 871
echo '<p>
+ − 872
HTTP Error: 404 Not Found
+ − 873
</p>';
+ − 874
$this->footer();
+ − 875
}
+ − 876
+ − 877
/**
+ − 878
* PHP 4 constructor.
+ − 879
* @see PageProcessor::__construct()
+ − 880
*/
+ − 881
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 882
function PageProcessor( $page_id, $namespace, $revision_id = 0 )
1
+ − 883
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 884
$this->__construct($page_id, $namespace, $revision_id);
1
+ − 885
}
+ − 886
+ − 887
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 888
* Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user.
1
+ − 889
* @var string Error message
+ − 890
* @var bool If true, send DBAL's debugging information as well
+ − 891
*/
+ − 892
+ − 893
function send_error($message, $sql = false)
+ − 894
{
+ − 895
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 896
+ − 897
$content = "<p>$message</p>";
+ − 898
$template->tpl_strings['PAGE_NAME'] = 'General error in page fetcher';
+ − 899
+ − 900
if ( $this->debug['works'] )
+ − 901
{
+ − 902
$content .= $this->debug['backtrace'];
+ − 903
}
+ − 904
+ − 905
header('HTTP/1.1 500 Internal Server Error');
+ − 906
+ − 907
$template->header();
+ − 908
echo $content;
+ − 909
$template->footer();
+ − 910
+ − 911
$db->close();
+ − 912
+ − 913
exit;
+ − 914
+ − 915
}
+ − 916
+ − 917
} // class PageProcessor
+ − 918
+ − 919
?>